Skip to content

Use Multi-Stage-Build For Nikto #642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nigthknight merged 3 commits into from
Sep 14, 2021
Merged

Use Multi-Stage-Build For Nikto #642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
55fc5f3
Use Multi-Stage-Build For Nikto
nigthknight Sep 13, 2021
5be6d7b
Add Nikto To Matrix Build
nigthknight Sep 13, 2021
e18e2e5
Specify UID And GID For Nikto User
nigthknight Sep 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 2 additions & 84 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -565,6 +565,7 @@ jobs:
- ncrack
- nmap
- whatweb
- nikto
steps:
- name: Checkout
uses: actions/checkout@v2
Expand Down Expand Up @@ -678,89 +679,7 @@ jobs:
repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }}
readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md

scanner-nikto:
# This Scanner has to be build seperately because the official image is only on GitHub but not on DockerHub
name: "Build | Scanner | Nikto"
needs:
- unit-python
- unit-javascript
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Checkout secureCodeBox
uses: actions/checkout/@v2
with:
path: scb

- name: "Checkout Nikto"
uses: actions/checkout/@v2
with:
repository: "sullo/nikto"
path: nikto

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver-opts: network=host

- name: Build and Push Nikto to Local Registry
uses: docker/build-push-action@v2
with:
context: ./nikto/
file: ./nikto/Dockerfile
push: true
tags: localhost:5000/sullo/nikto:latest

- name: Docker Meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ env.DOCKER_NAMESPACE }}/scanner-nikto
tag-sha: true
tag-custom: 2.1.6
tag-semver: |
{{ version }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
driver-opts: network=host

- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}

- name: Set baseImageTag to commit hash
run: |
echo "baseImageTag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV

- name: Build and Push
uses: docker/build-push-action@v2
with:
context: ./scb/scanners/nikto/scanner
file: ./scb/scanners/nikto/scanner/Dockerfile
build-args: |
baseImageTag=${{ env.baseImageTag }}
platforms: linux/amd64
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}

- name: Update Docker Hub Description
uses: peter-evans/dockerhub-description@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: ${{ env.DOCKER_NAMESPACE }}/scanner-nikto
readme-filepath: ./scb/scanners/nikto/docs/README.DockerHub-Scanner.md

# ---- Integration Tests ----
# ---- Integration Tests ----

Integration-tests:
name: Integration Tests | k8s ${{ matrix.k8sVersion }}
Expand All @@ -770,7 +689,6 @@ jobs:
- parsers
- scanners-third-party
- scanners-custom
- scanner-nikto
runs-on: ubuntu-latest
strategy:
matrix:
Expand Down
21 changes: 20 additions & 1 deletion scanners/nikto/scanner/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,25 @@
#
# SPDX-License-Identifier: Apache-2.0

FROM localhost:5000/sullo/nikto
FROM alpine:3.14 as build
ARG scannerVersion
RUN apk add git
RUN git clone --depth 1 --branch "nikto-$scannerVersion" https://github.com/sullo/nikto.git /nikto

FROM alpine:3.14

ENV PATH=${PATH}:/nikto

COPY wrapper.sh /wrapper.sh

RUN apk add --update --no-cache --virtual .build-deps \
perl \
perl-net-ssleay \
&& addgroup -g 1001 nikto \
&& adduser -G nikto -s /bin/sh -D -u 1001 nikto

COPY --from=build --chown=nikto:nikto /nikto/program /nikto

USER 1001

ENTRYPOINT [ "sh", "/wrapper.sh" ]