Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USAGOV-2163 - docker-bench-security #2183

Open
wants to merge 15 commits into
base: dev
Choose a base branch
from
Open

USAGOV-2163 - docker-bench-security #2183

wants to merge 15 commits into from
+27 −0

Conversation

DaleMHFrey
Copy link
Contributor

https://cm-jira.usa.gov/browse/USAGOV-2163

Description

Made the container-build script run the Docker containers after building them. This allows the docker-bench-security run as expected. Additional logic was added in toe shut down the containers after the docker-bench-security scan is done.

Type of Changes

  • New Feature
  • Bugfix
  • Frontend (Twig, Sass, JS)
  • Drupal Config (requires "drush cim")
  • New Modules (requires rebuild)
  • Documentation
  • Infrastructure
  • Other

Testing Instructions

Merge into Dev, approve the build-and-push-container process in CircleCI. When that build-and-push-container task is completed, the Check CMS CIS Benchmarks sub-task inside build-and-push-container - it should no longer say "No containers running" and have a much longer list of things it has checked (in comparison to this older one here)

Post PR Approval Instructions

Follow these steps as soon as you merge the new changes.

  1. Go to the USAGov Circle CI project.
  2. Find the commit of this pull request.
  3. Build and deploy the changes.
  4. Update the Jira ticket by changing the ticket status to Review in Test and add a comment. State whether the change is already visible on cms-dev.usa.gov and beta-dev.usa.gov, or if the deployment is still in process.

akf
akf requested changes Jan 30, 2025
View reviewed changes
Copy link
Member

@akf akf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great. I think I've identified a bug, though. It looks like you're starting up a container from the cms image three times and not starting containers for the www or waf images.

bin/cloudgov/container-build Outdated Show resolved Hide resolved
@DaleMHFrey DaleMHFrey requested a review from akf February 3, 2025 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akf akf Awaiting requested review from akf

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DaleMHFrey @akf