Skip to content

Commit

Permalink
test: patch vulnerability scan
Browse files Browse the repository at this point in the history
  • Loading branch information
@clay-lake
clay-lake committed Nov 29, 2024
1 parent b041c46 commit 78d9c57
Show file tree
Hide file tree
Showing 6 changed files with 229 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .github/workflows/Continuous-Testing.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ name: Continuous image testing
on:
schedule:
- cron: "0 1 * * *"
workflow_dispatch:


jobs:
prepare-test-matrix:
Expand All @@ -20,7 +22,7 @@ jobs:

- name: Prepare test matrix
id: prepare-test-matrix
run: ./src/tests/get_released_revisions.py --oci-images-path $PWD/oci
run: ./src/tests/get_released_revisions.py --oci-images-path $PWD/test-oci

- name: Infer date of last scan
id: last-scan
Expand Down
8 changes: 8 additions & 0 deletions test-oci/traefik/.trivyignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Upstream CVEs

# github.com/docker/docker - Encrypted overlay network may be unauthenticated
CVE-2023-28840
# golang.org/x/net - golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)
CVE-2023-39325
# google.golang.org/grpc - gRPC-Go HTTP/2 Rapid Reset vulnerability
GHSA-m425-mq94-257g
122 changes: 122 additions & 0 deletions test-oci/traefik/_releases.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
{
"2.10.4-22.04": {
"stable": {
"target": "44"
},
"candidate": {
"target": "2.10.4-22.04_stable"
},
"beta": {
"target": "2.10.4-22.04_candidate"
},
"edge": {
"target": "2.10.4-22.04_beta"
},
"end-of-life": "2025-03-14T00:00:00Z"
},
"2.10-22.04": {
"stable": {
"target": "47"
},
"candidate": {
"target": "2.10-22.04_stable"
},
"beta": {
"target": "2.10-22.04_candidate"
},
"edge": {
"target": "2.10-22.04_beta"
},
"end-of-life": "2025-03-14T00:00:00Z"
},
"2-22.04": {
"stable": {
"target": "43"
},
"candidate": {
"target": "2-22.04_stable"
},
"beta": {
"target": "2-22.04_candidate"
},
"edge": {
"target": "2-22.04_beta"
},
"end-of-life": "2025-03-14T00:00:00Z"
},
"2.10.6-22.04": {
"stable": {
"target": "46"
},
"candidate": {
"target": "2.10.6-22.04_stable"
},
"beta": {
"target": "2.10.6-22.04_candidate"
},
"edge": {
"target": "2.10.6-22.04_beta"
},
"end-of-life": "2025-03-14T00:00:00Z"
},
"2.10.7-22.04": {
"stable": {
"target": "47"
},
"candidate": {
"target": "2.10.7-22.04_stable"
},
"beta": {
"target": "2.10.7-22.04_candidate"
},
"edge": {
"target": "2.10.7-22.04_beta"
},
"end-of-life": "2025-03-14T00:00:00Z"
},
"2.10.5-22.04": {
"stable": {
"target": "45"
},
"candidate": {
"target": "2.10.5-22.04_stable"
},
"beta": {
"target": "2.10.5-22.04_candidate"
},
"edge": {
"target": "2.10.5-22.04_beta"
},
"end-of-life": "2025-03-14T00:00:00Z"
},
"2.11.0-22.04": {
"end-of-life": "2025-03-14T00:00:00Z",
"stable": {
"target": "43"
},
"candidate": {
"target": "2.11.0-22.04_stable"
},
"beta": {
"target": "2.11.0-22.04_candidate"
},
"edge": {
"target": "2.11.0-22.04_beta"
}
},
"2.11-22.04": {
"end-of-life": "2025-03-14T00:00:00Z",
"stable": {
"target": "43"
},
"candidate": {
"target": "2.11-22.04_stable"
},
"beta": {
"target": "2.11-22.04_candidate"
},
"edge": {
"target": "2.11-22.04_beta"
}
}
}
5 changes: 5 additions & 0 deletions test-oci/traefik/contacts.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
notify:
emails:
- [email protected]
mattermost-channels:
- 1ayd5kim67bbing34i3h1x9uac
37 changes: 37 additions & 0 deletions test-oci/traefik/documentation.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
version: 1
# --- OVERVIEW INFORMATION ---
application: traefik
description: >
Traefik is a modern HTTP reverse proxy and load balancer that makes deploying
microservices easy. Traefik integrates with your existing infrastructure
components (Docker, Swarm mode, Kubernetes, Consul, Etcd, Rancher v2, Amazon
ECS, ...) and configures itself automatically and dynamically.
Read more on the [official website](https://traefik.io/)
# --- USAGE INFORMATION ---
docker:
parameters:
- -p 80:80
access: Access your Traefik instance at `http://localhost:80`.
parameters:
- type: -e
value: "TZ=UTC"
description: Timezone.
- type: -p
value: "80:80"
description: >
Expose Traefik on `localhost:80`. For TLS, you should port 443.
- type: -v
value: "/path/to/traefik.yml:/etc/traefik/prometheus.yml"
description: Local configuration file `traefik.yml`.
debug:
text: |
### Debugging
To debug the container:
```bash
docker logs -f traefik-container
```
To get an interactive shell:
```bash
docker exec -it traefik-container /bin/bash
```
54 changes: 54 additions & 0 deletions test-oci/traefik/image.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
version: 1
upload:
- source: canonical/traefik-rock
commit: ea0e9420276193c05513d24efbc9a8eb39575b5e
directory: 2.11.0
release:
2.11.0-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
2.11-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
2-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
- source: canonical/traefik-rock
commit: ea0e9420276193c05513d24efbc9a8eb39575b5e
directory: 2.10.4
release:
2.10.4-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
- source: canonical/traefik-rock
commit: ea0e9420276193c05513d24efbc9a8eb39575b5e
directory: 2.10.5
release:
2.10.5-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
- source: canonical/traefik-rock
commit: ea0e9420276193c05513d24efbc9a8eb39575b5e
directory: 2.10.6
release:
2.10.6-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
- source: canonical/traefik-rock
commit: ea0e9420276193c05513d24efbc9a8eb39575b5e
directory: 2.10.7
release:
2.10.7-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable
2.10-22.04:
end-of-life: "2025-03-14T00:00:00Z"
risks:
- stable

0 comments on commit 78d9c57

Please sign in to comment.