[2.x] Updated platforms & testing #27
Conversation
Updated workflows
Made best possible cleanup;
![bridgecrew[bot]](https://avatars.githubusercontent.com/in/52968?s=60&v=4){kind=small}
| @@ -0,0 +1,61 @@ | |||
| ARG OCTANE_TAG=octane-a65874dd8e099759ebdd6271caff2ae2513cc65f-4.8-php8.1-alpine | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /examples/laravel/Dockerfile.octane. | ID: BC_DKR_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
Dockerfile.openswoole
Outdated
| @@ -0,0 +1,60 @@ | |||
| ARG BASE_TAG=4.11-php8.1-alpine | |||
There was a problem hiding this comment.
Ensure healthcheck instructions have been added to container images
Resource: /Dockerfile.openswoole. | ID: BC_DKR_2
Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.
Benchmarks
- CIS DOCKER V1.2 4.6
🎉 Fixed by commit 44e4d8e - Added mixes for swoole and openswoole
Dockerfile.octane
Outdated
| @@ -1,56 +1,57 @@ | |||
| ARG BASE_TAG=4.6-php8.1-alpine | |||
| ARG BASE_TAG=4.8-php8.1-alpine | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /Dockerfile.octane. | ID: BC_DKR_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
🎉 Fixed by commit 44e4d8e - Added mixes for swoole and openswoole
Dockerfile.fpm
Outdated
| @@ -1,54 +1,57 @@ | |||
| ARG BASE_TAG=8.1-fpm-alpine | |||
There was a problem hiding this comment.
Ensure healthcheck instructions have been added to container images
Resource: /Dockerfile.fpm. | ID: BC_DKR_2
Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.
Benchmarks
- CIS DOCKER V1.2 4.6
Dockerfile.octane
Outdated
| @@ -1,56 +1,57 @@ | |||
| ARG BASE_TAG=4.6-php8.1-alpine | |||
| ARG BASE_TAG=4.8-php8.1-alpine | |||
There was a problem hiding this comment.
Ensure healthcheck instructions have been added to container images
Resource: /Dockerfile.octane. | ID: BC_DKR_2
Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.
Benchmarks
- CIS DOCKER V1.2 4.6
🎉 Fixed by commit 44e4d8e - Added mixes for swoole and openswoole
Dockerfile.worker
Outdated
| @@ -1,55 +1,56 @@ | |||
| ARG BASE_TAG=8.1-cli-alpine | |||
There was a problem hiding this comment.
Ensure healthcheck instructions have been added to container images
Resource: /Dockerfile.worker. | ID: BC_DKR_2
Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.
Benchmarks
- CIS DOCKER V1.2 4.6
Dockerfile.worker
Outdated
| @@ -1,55 +1,56 @@ | |||
| ARG BASE_TAG=8.1-cli-alpine | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /Dockerfile.worker. | ID: BC_DKR_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
Dockerfile.openswoole
Outdated
| @@ -0,0 +1,60 @@ | |||
| ARG BASE_TAG=4.11-php8.1-alpine | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /Dockerfile.openswoole. | ID: BC_DKR_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
🎉 Fixed by commit 44e4d8e - Added mixes for swoole and openswoole
Dockerfile.fpm
Outdated
| @@ -1,54 +1,57 @@ | |||
| ARG BASE_TAG=8.1-fpm-alpine | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /Dockerfile.fpm. | ID: BC_DKR_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
| @@ -0,0 +1,61 @@ | |||
| ARG OCTANE_TAG=octane-a65874dd8e099759ebdd6271caff2ae2513cc65f-4.8-php8.1-alpine | |||
There was a problem hiding this comment.
Ensure healthcheck instructions have been added to container images
Resource: /examples/laravel/Dockerfile.octane. | ID: BC_DKR_2
Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.
Benchmarks
- CIS DOCKER V1.2 4.6
There was a problem hiding this comment.
Change details
-
Error ID Change Path Resource BC_DKR_2 Added /Dockerfile.openswoole /Dockerfile.openswoole. BC_DKR_2 Added /Dockerfile.worker /Dockerfile.worker. BC_DKR_2 Added /Dockerfile.octane /Dockerfile.octane. BC_DKR_2 Added /Dockerfile.fpm /Dockerfile.fpm. BC_DKR_2 Added /examples/laravel/Dockerfile.octane /examples/laravel/Dockerfile.octane. BC_DKR_3 Added /Dockerfile.openswoole /Dockerfile.openswoole. BC_DKR_3 Added /Dockerfile.worker /Dockerfile.worker. BC_DKR_3 Added /Dockerfile.octane /Dockerfile.octane. BC_DKR_3 Added /Dockerfile.fpm /Dockerfile.fpm. BC_DKR_3 Added /examples/laravel/Dockerfile.octane /examples/laravel/Dockerfile.octane.
Dockerfile.swoole
Outdated
| @@ -0,0 +1,92 @@ | |||
| ARG PHP_TAG=php8.1-cli-alpine3.15 | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /Dockerfile.swoole. | ID: BC_DKR_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
Dockerfile.swoole
Outdated
| @@ -0,0 +1,92 @@ | |||
| ARG PHP_TAG=php8.1-cli-alpine3.15 | |||
There was a problem hiding this comment.
Ensure healthcheck instructions have been added to container images
Resource: /Dockerfile.swoole. | ID: BC_DKR_2
Description
We recommend that you add the HEALTHCHECK instruction to your Docker container images to ensure that health checks are executed against running containers.An important security control is that of availability. Adding the HEALTHCHECK instruction to your container image ensures that the Docker engine periodically checks the running container instances against that instruction to ensure that containers are still operational.
Based on the results of the health check, the Docker engine could terminate containers which are not responding correctly, and instantiate new ones.
Benchmarks
- CIS DOCKER V1.2 4.6
There was a problem hiding this comment.
Change details
-
Error ID Change Path Resource BC_DKR_2 Added /Dockerfile.swoole /Dockerfile.swoole. BC_DKR_3 Added /Dockerfile.swoole /Dockerfile.swoole. BC_DKR_2 Fixed /Dockerfile.octane /Dockerfile.octane. BC_DKR_3 Fixed /Dockerfile.octane /Dockerfile.octane. BC_DKR_2 Fixed /Dockerfile.openswoole /Dockerfile.openswoole. BC_DKR_3 Fixed /Dockerfile.openswoole /Dockerfile.openswoole.
|
|
||
| COPY docker-php-cleanup docker-extract-apt /usr/local/bin/ | ||
|
|
||
| RUN set -eux ; \ |
There was a problem hiding this comment.
Ensure Docker APT is not used
Resource: /Dockerfile.worker.RUN | ID: BC_DKR_NETWORKING_1
|
|
||
| COPY docker-php-cleanup docker-extract-apt /usr/local/bin/ | ||
|
|
||
| RUN set -eux ; \ |
There was a problem hiding this comment.
Ensure Docker APT is not used
Resource: /Dockerfile.swoole.RUN | ID: BC_DKR_NETWORKING_1
|
|
||
| COPY docker-php-cleanup docker-extract-apt /usr/local/bin/ | ||
|
|
||
| RUN set -eux ; \ |
There was a problem hiding this comment.
Ensure Docker APT is not used
Resource: /Dockerfile.fpm.RUN | ID: BC_DKR_NETWORKING_1
There was a problem hiding this comment.
Change details
-
Error ID Change Path Resource BC_DKR_NETWORKING_1 Added /Dockerfile.fpm /Dockerfile.fpm.RUN BC_DKR_NETWORKING_1 Added /Dockerfile.worker /Dockerfile.worker.RUN BC_DKR_NETWORKING_1 Added /Dockerfile.swoole /Dockerfile.swoole.RUN
No description provided.