bellyjay1005
/ user-defined-policy.json
Created
October 31, 2019 04:53
user defined anchore engine policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "blacklisted_images": [], | |
| "comment": "Custom bundle", | |
| "id": "2c53a13c-1765-11e8-82ef-23527761d060", | |
| "mappings": [ | |
| { | |
| "id": "c4f9bf74-dc38-4ddf-b5cf-00e9c0074611", | |
| "image": { | |
| "type": "tag", | |
| "value": "*" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| make teardown |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| make deploy ACCOUNT_ID=<your-aws-account-id> |
bellyjay1005
/ buildspec-post-build.yml
Created
October 31, 2019 04:49
sample buildspec post build step
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| post_build: | |
| commands: | |
| - echo "Tag image to Docker Hub" | |
| - docker tag ${STAGE_REPO_NAME}:${TAG} ${ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${STAGE_REPO_NAME}:${TAG} | |
| - echo "Pushing image to Docker Hub" | |
| - docker push ${ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${STAGE_REPO_NAME}:${TAG} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| build: | |
| commands: | |
| - echo Deployment started on `date` | |
| - echo Testing... | |
| - anchore-cli --version | |
| - anchore-cli --debug system status | |
| - anchore-cli policy add user-policy/bundle.json | |
| - anchore-cli --debug image add postgres:9 | |
| - echo 'Waiting for image to finish analysis' | |
| - anchore-cli image wait postgres:9 |
bellyjay1005
/ buildspec-pre-build.yml
Created
October 31, 2019 04:48
sample buildspec pre-build step
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pre_build: | |
| commands: | |
| - echo Image repository setup started on `date` | |
| - echo ECR Setup... | |
| - echo Logging into AWS ECR... | |
| - $(aws ecr get-login --no-include-email --region ${AWS_DEFAULT_REGION}) | |
| - echo Configure Anchore Client... | |
| - export ANCHORE_CLI_PASS=foobar | |
| - export ANCHORE_CLI_USER=admin | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| phases: | |
| install: | |
| runtime-versions: | |
| python: 3.7 | |
| docker: 18 | |
| commands: | |
| - nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2& | |
| - timeout 15 sh -c "until docker info; do echo .; sleep 1; done" | |
| - echo Entering the install phase..... | |
| - apt-get update -y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Test Anchore Engine scanning functionality within a pipeline stage | |
| version: 0.2 | |
| env: | |
| variables: | |
| TAG: latest | |
| STAGE_REPO_NAME: tested/nginx | |
| TESTED_SAMPLE_IMAGE: ${ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${STAGE_REPO_NAME} | |
bellyjay1005
/ sample-buildspec.yml
Last active
December 20, 2019 03:33
anchore scan sample buildspec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Test Anchore Engine scanning functionality within a pipeline stage | |
| version: 0.2 | |
| env: | |
| variables: | |
| TAG: latest | |
| SOURCE_IMAGE: nginx:latest | |
| STAGE_REPO_NAME: tested/nginx | |
| TESTED_SAMPLE_IMAGE: ${ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${STAGE_REPO_NAME} |
NewerOlder