Skip to content

Instantly share code, notes, and snippets.


Renato Mefi renatomefi

Block or report user

Report or block renatomefi

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
$ chmod +x ./
$ ./ ./ alpine-app        
Starting a container for 'alpine-app'
=============== test session starts =======================================================
platform linux2 -- Python 2.7.15, pytest-4.3.0, py-1.8.0, pluggy-0.9.0 -- /usr/bin/python2
rootdir: /tests, inifile:
plugins: testinfra-1.19.0
collected 1 item                                                                                                                                                                            
# A simple script to start a Docker container
# and run Testinfra in it
# Original script:
# Author: @renatomefi
set -eEuo pipefail

Let's update from 3.8 to 3.9

FROM alpine:3.9

RUN addgroup -g 1000 app \
    && adduser -u 1000 -D -G app app

Build it again


Let's first build and run our newly image with a sleep time, thus pytest will have time to execute the test in it, no worries, this won't be the final solution

$ docker build -t alpine-app .
$ docker run --rm -d alpine-app sleep 60

We want now to copy the running container ID, and let's put it in the Testinfra command so it knows what container we want to test



def test_user_is_present(host):
    user_name = 'app'
    group_name = 'app'
    home_dir = '/home/app'
    shell = '/sbin/halt'
$ docker build -t alpine-app -f - . <<Dockerfile 
FROM alpine:3.8
RUN addgroup -g 1000 app \
    && adduser -u 1000 -D -G app app
Sending build context to Docker daemon  69.68kB
Step 1/2 : FROM alpine:3.8
 ---> 491e0ff7a8d5
Step 2/2 : RUN addgroup -g 1000 app     && adduser -u 1000 -D -G app app


FROM alpine:3.8

RUN addgroup -g 1000 app \
    && adduser -u 1000 -D -G app app
renatomefi / Dockerfile
Created Sep 20, 2018
A mongo Dockerfile with SSL support out of the box
View Dockerfile
FROM mongo:4.0
# Works with Mongo 3.2 till 4.0
WORKDIR /etc/ssl
# If you want to validate the certifacate you should have it somewhere else an copy here, otherwise you won't be able to
RUN set -xe \
&& openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=Me/OU=Somewhere/CN=mongo" \
&& cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
ENTRYPOINT ["mongod", "--sslMode", "requireSSL", "--sslPEMKeyFile", "/etc/ssl/mongodb.pem"]

Global whitelist

This will allow this CVEs to be ignored in any image, format is: CVE:Package name

  CVE-2016-9843: zlib
  CVE-2017-1000158: python
$ clair-scanner --ip
2018/09/17 20:15:31 [INFO] ▶ Start clair-scanner
2018/09/17 20:15:35 [INFO] ▶ Server listening on port 9279
2018/09/17 20:15:35 [INFO] ▶ Analyzing 30784cae2b30e82860239f7de81fc755f69bc58a77d52c2d8318ac1162247f66
2018/09/17 20:15:35 [INFO] ▶ Analyzing 858cb12d7179e8919fe9eb4d9235f3c6c5b42a3a990b4bc4d98b7d065cd6d410
2018/09/17 20:15:35 [INFO] ▶ Analyzing dcb049bb3bf0b86e0066e3aed414200c380d6d5ca00fd583ed958b2ac897596c
2018/09/17 20:15:35 [INFO] ▶ Analyzing 8c676d6c9c7d6b0b5d635bda83b80bea5ee2464ef7c5f22540c541d6345f7713
2018/09/17 20:15:35 [INFO] ▶ Analyzing 97d0cd0812dcf22015d9ffb01bc8d634765aab9774a134daedd75456abc3490a
2018/09/17 20:15:35 [INFO] ▶ Analyzing ea9c1b92c10ef25434adf1a68b87bd82830286fca881dcef5d11df9ce84847b3
You can’t perform that action at this time.