This will allow this CVEs to be ignored in any image, format is: CVE:Package name
generalwhitelist:
CVE-2016-9843: zlib
CVE-2017-1000158: python
renatomefi
/ git-mirror-update.sh
Created
March 15, 2015 22:49
Simple script to update your git mirrors, with different ssh keys and paths
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/ssh-agent bash | |
| # Script for updating git mirror repositories | |
| # $1 repository | |
| # $2 ssh key | |
| echo "$(date +'%F %H:%M:%S') Start updating the mirror repository: " $1 | |
| ssh-add $2 | |
| echo "Key added: " $2 |
renatomefi
/ php-alternatives-install.sh
Last active
December 11, 2018 14:08
Alternatives install for PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ------------------------------------------------------------------ | |
| # [Author] Renato Mefi <gh@mefi.in> | |
| # https://github.com/renatomefi | |
| # | |
| # [Desc] Configure alternatives for PHP Installations | |
| # Very usefull when you are building your PHP and don't want to use | |
| # more sofsticated softwares like 'phpbrew', 'php-build', 'php-env' ... | |
| # | |
| # [Usage] ./php-alternatives-install.sh /path/for/php/installation 200 |
renatomefi
/ Dockerfile
Created
September 20, 2018 10:54
A mongo Dockerfile with SSL support out of the box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM mongo:4.0 | |
| # Works with Mongo 3.2 till 4.0 | |
| WORKDIR /etc/ssl | |
| # If you want to validate the certifacate you should have it somewhere else an copy here, otherwise you won't be able to | |
| RUN set -xe \ | |
| && openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key -subj "/C=NL/ST=Noord Holland/L=Amsterdam/O=Me/OU=Somewhere/CN=mongo" \ | |
| && cat mongodb-cert.key mongodb-cert.crt > mongodb.pem | |
| ENTRYPOINT ["mongod", "--sslMode", "requireSSL", "--sslPEMKeyFile", "/etc/ssl/mongodb.pem"] |
renatomefi
/ Article-dockerfile-security-scan-clair-whitelist.md
Created
September 17, 2018 18:27
renatomefi
/ Article-dockerfile-security-scan-clair-v2.0.0.md
Created
September 17, 2018 18:19
$ clair-scanner --ip 172.17.0.1 quay.io/coreos/clair:v2.0.0
2018/09/17 20:15:31 [INFO] ▶ Start clair-scanner
2018/09/17 20:15:35 [INFO] ▶ Server listening on port 9279
2018/09/17 20:15:35 [INFO] ▶ Analyzing 30784cae2b30e82860239f7de81fc755f69bc58a77d52c2d8318ac1162247f66
2018/09/17 20:15:35 [INFO] ▶ Analyzing 858cb12d7179e8919fe9eb4d9235f3c6c5b42a3a990b4bc4d98b7d065cd6d410
2018/09/17 20:15:35 [INFO] ▶ Analyzing dcb049bb3bf0b86e0066e3aed414200c380d6d5ca00fd583ed958b2ac897596c
2018/09/17 20:15:35 [INFO] ▶ Analyzing 8c676d6c9c7d6b0b5d635bda83b80bea5ee2464ef7c5f22540c541d6345f7713
2018/09/17 20:15:35 [INFO] ▶ Analyzing 97d0cd0812dcf22015d9ffb01bc8d634765aab9774a134daedd75456abc3490a
2018/09/17 20:15:35 [INFO] ▶ Analyzing ea9c1b92c10ef25434adf1a68b87bd82830286fca881dcef5d11df9ce84847b3
renatomefi
/ docker-compose.yml
Created
September 17, 2018 16:54
A docker-compose file for CoreOS Clair Scanner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.2' | |
| services: | |
| postgres: | |
| container_name: clair_postgres | |
| image: arminc/clair-db:latest | |
| restart: unless-stopped | |
| environment: | |
| POSTGRES_PASSWORD: password | |
| clair: |
renatomefi
/ Article-dockerfile-linting-alpine-fix.md
Created
September 4, 2018 19:36
FROM alpine:latest
$ docker run --rm -i hadolint/hadolint hadolint -f json - < ./Dockerfile
[{"line":1,"code":"DL3007","message":"Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag","column":1,"file":"/dev/stdin","level":"warning"}]
renatomefi
/ Article-dockerfile-linting.md
Last active
September 4, 2018 19:32
All code used on the article https://medium.com/@renatomefi/9fd8c620174
renatomefi
/ Article-dockerfile-linting_fix-alpine-version.md
Last active
September 4, 2018 19:32
renatomefi
/ Article-dockerfile-linting-hadolint-shellcheck-ignore.md
Created
September 4, 2018 19:25
ignored:
- DL3007 # this was here before...
- SC1068