Merge pull request #7 from ShreyasSubhedar/Anchore

ANCHORE | Adding Tests
ShreyasSubhedar · Nov 12, 2020 · 094c148 · 094c148
2 parents 3ae0e72 + 413f614
commit 094c148
Show file tree

Hide file tree

Showing 3 changed files with 227 additions and 0 deletions.
diff --git a/Anchore/Dockerfile b/Anchore/Dockerfile
@@ -0,0 +1,28 @@
+FROM mattrayner/lamp:latest-1804
+MAINTAINER XO <shreyassubhedar@gmail.com>
+#update repo
+RUN apt-get update -y
+RUN apt-get upgrade -y
+
+#install php module
+RUN apt-get install -y php7.0 libapache2-mod-php7.0 php7.0-cli php7.0-common php7.0-mbstring php7.0-gd php7.0-intl php7.0-xml php7.0-mysql php7.0-mysql php7.0-mcrypt php7.0-zip
+
+#install 
+RUN apt-get install mysql-server
+#copy application file
+RUN rm -rf /var/www/html/*
+ADD . /var/www/html
+
+#configure apache2
+RUN chown -R www-data:www-data /var/www
+RUN chmod 775 -R /var/www/
+ENV APACHE_RUN_USER www-data
+ENV APACHE_RUN_GROUP www-data
+ENV APACHE_LOG_DIR /var/log/apache2
+
+
+#Open port 80
+EXPOSE 80
+
+#start 
+CMD ["/usr/sbin/apache2ctl","-D","FOREGROUND"]
diff --git a/Anchore/anchore-policy.json b/Anchore/anchore-policy.json
@@ -0,0 +1,53 @@
+{
+    "id": "testPolicy",
+    "version": "1_0",
+    "name": "Test Policy bundle",
+    "comment": "Fail on medium, exclude unwanted CVE issues",
+    "whitelisted_images": [],
+    "blacklisted_images": [],
+    "mappings": [
+      {
+        "name": "default", 
+        "registry": "*",
+        "repository": "*",
+        "image": { "type": "tag", "value": "*" },
+        "policy_ids": [ "policy1" ],
+        "whitelist_ids": [ "whitelist1" ]
+      }
+    ],
+    "whitelists": [
+      {
+        "id": "whitelist1",
+        "name": "Whitelist trigger id",
+        "version": "1_0",
+        "items": [
+          { "id": "item1", "gate": "vulnerabilities", "trigger": "package", "trigger_id": "CVE-2020-26935" },
+          { "id": "item2", "gate": "vulnerabilities", "trigger": "package", "trigger_id": "CVE-xyz-xyz" },
+          { "id": "item2", "gate": "vulnerabilities", "trigger": "package", "trigger_id": "CVE-xyz-xyz" },
+          { "id": "item2", "gate": "vulnerabilities", "trigger": "package", "trigger_id": "CVE-xyz-xyz" },
+          { "id": "item2", "gate": "vulnerabilities", "trigger": "package", "trigger_id": "CVE-xyz-xyz" }
+        ]
+      }
+    ],
+    "policies": [
+      {
+        "name": "DefaultPolicy",
+        "version": "1_0",
+        "comment": "Policy for medium severity checks",
+        "id": "policy1",
+        "rules": [
+          {
+            "action": "WARN",
+            "gate": "vulnerabilities",
+            "trigger": "package",
+            "id": "rule1",
+            "params": [
+              { "name": "package_type", "value": "all" },
+              { "name": "severity_comparison", "value": ">=" },
+              { "name": "severity", "value": "medium" }
+            ]
+          }
+        ]
+      }
+    ]
+  }
diff --git a/Anchore/docker-compose.yaml b/Anchore/docker-compose.yaml
@@ -0,0 +1,146 @@
+# This is a docker-compose file for development purposes. It refereneces unstable developer builds from the HEAD of master branch in https://github.com/anchore/anchore-engine
+# For a compose file intended for use with a released version, see https://docs.anchore.com/current/docs/engine/quickstart/
+#
+---
+version: '2.1'
+volumes:
+  anchore-db-volume:
+    # Set this to 'true' to use an external volume. In which case, it must be created manually with "docker volume create anchore-db-volume"
+    external: false
+
+services:
+  # The primary API endpoint service
+  api:
+    image: anchore/anchore-engine:v0.8.2
+    depends_on:
+      - db
+      - catalog
+    ports:
+      - "8228:8228"
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+    environment:
+      - ANCHORE_ENDPOINT_HOSTNAME=api
+      - ANCHORE_DB_HOST=db
+      - ANCHORE_DB_PASSWORD=mysecretpassword
+    command: ["anchore-manager", "service", "start", "apiext"]
+
+  # Catalog is the primary persistence and state manager of the system
+  catalog:
+    image: anchore/anchore-engine:v0.8.2
+    depends_on:
+      - db
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+    expose:
+      - 8228
+    environment:
+      - ANCHORE_ENDPOINT_HOSTNAME=catalog
+      - ANCHORE_DB_HOST=db
+      - ANCHORE_DB_PASSWORD=mysecretpassword
+    command: ["anchore-manager", "service", "start", "catalog"]
+  queue:
+    image: anchore/anchore-engine:v0.8.2
+    depends_on:
+      - db
+      - catalog
+    expose:
+      - 8228
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+    environment:
+      - ANCHORE_ENDPOINT_HOSTNAME=queue
+      - ANCHORE_DB_HOST=db
+      - ANCHORE_DB_PASSWORD=mysecretpassword
+    command: ["anchore-manager", "service", "start", "simplequeue"]
+  policy-engine:
+    image: anchore/anchore-engine:v0.8.2
+    depends_on:
+      - db
+      - catalog
+    expose:
+      - 8228
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+    environment:
+      - ANCHORE_ENDPOINT_HOSTNAME=policy-engine
+      - ANCHORE_DB_HOST=db
+      - ANCHORE_DB_PASSWORD=mysecretpassword
+    command: ["anchore-manager", "service", "start", "policy_engine"]
+  analyzer:
+    image: anchore/anchore-engine:v0.8.2
+    depends_on:
+      - db
+      - catalog
+    expose:
+      - 8228
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+    environment:
+      - ANCHORE_ENDPOINT_HOSTNAME=analyzer
+      - ANCHORE_DB_HOST=db
+      - ANCHORE_DB_PASSWORD=mysecretpassword
+    volumes:
+      - /analysis_scratch
+    command: ["anchore-manager", "service", "start", "analyzer"]
+  db:
+    image: "postgres:9"
+    volumes:
+      - anchore-db-volume:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=mysecretpassword
+    expose:
+      - 5432
+    logging:
+      driver: "json-file"
+      options:
+        max-size: 100m
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+#  # Uncomment this section to add a prometheus instance to gather metrics. This is mostly for quickstart to demonstrate prometheus metrics exported
+#  prometheus:
+#    image: docker.io/prom/prometheus:latest
+#    depends_on:
+#      - api
+#    volumes:
+#      - ./anchore-prometheus.yml:/etc/prometheus/prometheus.yml:z
+#    logging:
+#      driver: "json-file"
+#      options:
+#        max-size: 100m
+#    ports:
+#      - "9090:9090"
+#
+#  # Uncomment this section to run a swagger UI service, for inspecting and interacting with the anchore engine API via a browser (http://localhost:8080 by default, change if needed in both sections below)
+#  swagger-ui-nginx:
+#    image: docker.io/nginx:latest
+#    depends_on:
+#      - api
+#      - swagger-ui
+#    ports:
+#      - "8080:8080"
+#    volumes:
+#      - ./anchore-swaggerui-nginx.conf:/etc/nginx/nginx.conf:z
+#    logging:
+#      driver: "json-file"
+#      options:
+#        max-size: 100m
+#  swagger-ui:
+#    image: docker.io/swaggerapi/swagger-ui
+#    environment:
+#      - URL=http://localhost:8080/v1/swagger.json
+#    logging:
+#      driver: "json-file"
+#      options:
+#        max-size: 100m
+#