ravilach/DockerComposeInstall.sh

## DockerComposeInstall.sh
#Docker Compose Install
 sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 sudo chmod +x /usr/local/bin/docker-compose
 sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
 docker-compose --version

## DockerComposeStart.sh
sudo docker-compose up --build --detach

## InstallDockerCE.sh
#Install Docker
 https://docs.docker.com/engine/install/centos/
 sudo yum install -y yum-utils
 sudo yum-config-manager \
     --add-repo \
     https://download.docker.com/linux/centos/docker-ce.repo
 sudo yum install docker-ce docker-ce-cli containerd.io
 sudo systemctl start docker

## InterpretScan.sh
#Change Folder
cd ~/stackhawk-scans

#Parse Results
export TotalHighViolations=$(grep  -i '\<Risk' scanresults.txt | grep -c -i 'High')
echo "Total High Violations: " $TotalHighViolations

#Deployment Logic
#Exit if High Violations Match
if [[ $TotalHighViolations -gt 0 ]] ; then
  echo "High Violations Preventing Deployment"
  exit 1
else
  echo "Moving Forward with Deployment"
  exit 0
fi

## StackHawkScan.sh
#Make DIR and CD
mkdir -p ~/stackhawk-scans
cd ~/stackhawk-scans

#Docker Run if Needed
sudo docker run --rm --publish 3000:3000 --name nodeexpressvulny rlachhman/demos:stackHawk

#Create StackHawk.yaml
cat > stackhawk.yml << 'EOF'
# stackhawk configuration for Node App
app:
  # An applicationId obtained from the StackHawk platform.
  applicationId: ${workflow.variables.stackhawkappid} # (required)
  # The environment for the applicationId defined in the StackHawk platform.
  env: Production # (required)
  # The url of your application to scan
  host: ${workflow.variables.stackhawkhost} # (required)
EOF

#Run Scan
sudo docker run --rm -v $(pwd):/hawk:rw -e API_KEY=${secrets.getValue("stackhawkapikey")} -i stackhawk/hawkscan:latest stackhawk.yml 2>&1 | tee scanresults.txt

## StartHarnessDelegate.sh
#Install SSH Delegate
tar xfvz harness*.tar.gz
cd harness-delegate
./start.sh

## UnzipExample.sh
#Get Files
sudo yum install unzip
wget https://github.com/ravilach/vuln_node_express/archive/refs/heads/main.zip
unzip main.zip
	#Docker Compose Install
	sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	sudo chmod +x /usr/local/bin/docker-compose
	sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
	docker-compose --version
	#Install Docker
	https://docs.docker.com/engine/install/centos/
	sudo yum install -y yum-utils
	sudo yum-config-manager \
	--add-repo \
	https://download.docker.com/linux/centos/docker-ce.repo
	sudo yum install docker-ce docker-ce-cli containerd.io
	sudo systemctl start docker
	#Change Folder
	cd ~/stackhawk-scans

	#Parse Results
	export TotalHighViolations=$(grep -i '\<Risk' scanresults.txt \| grep -c -i 'High')
	echo "Total High Violations: " $TotalHighViolations

	#Deployment Logic
	#Exit if High Violations Match
	if [[ $TotalHighViolations -gt 0 ]] ; then
	echo "High Violations Preventing Deployment"
	exit 1
	else
	echo "Moving Forward with Deployment"
	exit 0
	fi
	#Make DIR and CD
	mkdir -p ~/stackhawk-scans
	cd ~/stackhawk-scans

	#Docker Run if Needed
	sudo docker run --rm --publish 3000:3000 --name nodeexpressvulny rlachhman/demos:stackHawk

	#Create StackHawk.yaml
	cat > stackhawk.yml << 'EOF'
	# stackhawk configuration for Node App
	app:
	# An applicationId obtained from the StackHawk platform.
	applicationId: ${workflow.variables.stackhawkappid} # (required)
	# The environment for the applicationId defined in the StackHawk platform.
	env: Production # (required)
	# The url of your application to scan
	host: ${workflow.variables.stackhawkhost} # (required)
	EOF

	#Run Scan
	sudo docker run --rm -v $(pwd):/hawk:rw -e API_KEY=${secrets.getValue("stackhawkapikey")} -i stackhawk/hawkscan:latest stackhawk.yml 2>&1 \| tee scanresults.txt
	#Install SSH Delegate
	tar xfvz harness*.tar.gz
	cd harness-delegate
	./start.sh
	#Get Files
	sudo yum install unzip
	wget https://github.com/ravilach/vuln_node_express/archive/refs/heads/main.zip
	unzip main.zip