From bc18ce69e0c0405f3d8d6197b941688661865433 Mon Sep 17 00:00:00 2001 From: XeniaP Date: Wed, 21 Apr 2021 01:09:14 -0500 Subject: [PATCH 001/162] Commit All --- .gitignore | 2 + jenkinsfile | 75 +++++++----- legacyApiDS.js | 33 ++++++ package-lock.json | 19 +++ scAPI.py | 23 ++-- scan.py | 294 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 409 insertions(+), 37 deletions(-) create mode 100644 .gitignore create mode 100644 legacyApiDS.js create mode 100644 package-lock.json create mode 100644 scan.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0c389d8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ + +node_modules/* \ No newline at end of file diff --git a/jenkinsfile b/jenkinsfile index 4a2181d..f30ccd4 100644 --- a/jenkinsfile +++ b/jenkinsfile @@ -1,29 +1,48 @@ pipeline { -agent any - stages { - stage('Smartcheck') { - steps { - script { - $FLAG = sh([ script: 'python scAPI.py', returnStdout: true ]).trim() - if ($FLAG == '1') { - sh 'docker tag test/keyfinding 786395520305.dkr.ecr.us-west-2.amazonaws.com/test/keyfinding' - docker.withRegistry('https://786395520305.dkr.ecr.us-west-2.amazonws.com', 'ecr:us-west-2:xenia-ecr') { - docker.image('786395520305.dkr.ecr.us-west-2.amazonaws.com/test/keyfinding').push(env.IMAGETAG+'-'+env.BUILD_ID) } - } - sh 'docker rmi $(docker images -q) -f 2> /dev/null' - } - - } - } - } - environment { - IMAGETAG = 'tomcat' - HIGH = '1' - MEDIUM = '5' - LOW = '5' - NEGLIGIBLE = '5' - UNKNOWN = '5' - USER = 'administrator' - PASSWORD = 'Trendmicr0!' - } - } + agent any + stages { + stage('Checkout') { + steps { + git 'https://github.com/XeniaP/scExample.git' + } + } + stage('Docker build') { + steps { + script { + docker.build('tm-demo:latest') + } + } + } + stage('ECR push') { + steps { + script { + docker.withRegistry('registry_host'+'/tm-demo', 'ecr:us-east-1:ecr_id') { + docker.image('tm-demo:latest').push()} + } + } + } + stage('Scan') { + steps { + withCredentials([ + [$class: 'AmazonWebServicesCredentialsBinding', + accessKeyVariable: 'AWS_ACCESS_KEY_ID', + credentialsId: 'ecr_id', + secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) { + smartcheckScan([ + imageName: 'registry_host'+"/tm-demo:latest", + smartcheckHost: "SMARTCHECK_HOST", + smartcheckCredentialsId: "dssc_id", + insecureSkipTLSVerify: true, + imagePullAuth: new groovy.json.JsonBuilder([ + aws: [ + "region":"us-east-1", + "accessKeyID": AWS_ACCESS_KEY_ID, + "secretAccessKey": AWS_SECRET_ACCESS_KEY + ] + ]).toString(), + ]) + } + } + } + } +} diff --git a/legacyApiDS.js b/legacyApiDS.js new file mode 100644 index 0000000..5ab7875 --- /dev/null +++ b/legacyApiDS.js @@ -0,0 +1,33 @@ +var https = require('follow-redirects').https; +var fs = require('fs'); + +var options = { + 'method': 'GET', + 'hostname': 'app.deepsecurity.trendmicro.com', + 'port': 443, + 'path': '/rest/events/antimalware?sID=2DD4C7E0-55CD-9839-3206-F945F0B013EF_85A2C05E202DD68C08FD6935C7513FBC', + 'headers': { + 'api-version': 'v1', + 'Content-Type': 'application/json' + }, + 'maxRedirects': 20 +}; + +var req = https.request(options, function (res) { + var chunks = []; + + res.on("data", function (chunk) { + chunks.push(chunk); + }); + + res.on("end", function (chunk) { + var body = Buffer.concat(chunks); + console.log(body.toString()); + }); + + res.on("error", function (error) { + console.error(error); + }); +}); + +req.end(); \ No newline at end of file diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..a4adb8e --- /dev/null +++ b/package-lock.json @@ -0,0 +1,19 @@ +{ + "requires": true, + "lockfileVersion": 1, + "dependencies": { + "axios": { + "version": "0.21.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz", + "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==", + "requires": { + "follow-redirects": "^1.10.0" + } + }, + "follow-redirects": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.2.tgz", + "integrity": "sha512-6mPTgLxYm3r6Bkkg0vNM0HTjfGrOEtsfbhagQvbxDEsEkpNhw582upBaoRZylzen6krEmxXJgt9Ju6HiI4O7BA==" + } + } +} diff --git a/scAPI.py b/scAPI.py index 32baf20..05adbc4 100644 --- a/scAPI.py +++ b/scAPI.py @@ -16,10 +16,15 @@ unknown_t=os.environ.get("UNKNOWN") user=os.environ.get("USER") password=os.environ.get("PASSWORD") +registry= os.environ.get("REGISTRY") +repository = os.environ.get("REPO") -smartCheckLB = "" -userSC = "Administrator" -passSC = "93Xeniat." +aws_access_key = os.environ.get("AWS_KEY") +aws_secret_key = os.environ.get("AWS_SECRET") + +smartCheckLB = os.environ.get("SC_HOSTNAME") +userSC = os.environ.get("USER") +passSC = os.environ.get("PASSWORD") def requestToken(): requests.packages.urllib3.disable_warnings() @@ -27,7 +32,7 @@ def requestToken(): url = "https://"+smartCheckLB+"/api/sessions" headers = {'Content-Type': 'application/json', 'X-API-Version': '2018-05-01' } - data = {'user': {'userID': "administrator", 'password': "93Xeniat." }} + data = {'user': {'userID': userSC, 'password': passSC }} try: response = requests.request("POST", url, json=data, headers=headers, verify=False) @@ -44,7 +49,7 @@ def listSessions(): url = "https://"+smartCheckLB+"/api/sessions" headers = {'Content-Type': 'application/json', 'X-API-Version': '2018-05-01' } - data = {'user': {'userID': "administrator", 'password': "93Xeniat." },'expand': 'all', 'limit':'25'} + data = {'user': {'userID': userSC, 'password': passSC },'expand': 'all', 'limit':'25'} try: response = requests.request("POST", url, json=data, headers=headers, verify=False) @@ -59,8 +64,8 @@ def requestScan(): url = "https://"+smartCheckLB+"/api/scans" data = {"source": { "type": "docker", - "registry": "", - "repository": "test/apachestruts", + "registry": registry, + "repository": repository+imagetag, "tag": 'latest', "credentials": {"aws": {"region": "us-east-2"}}}, "webhooks": [{ @@ -186,6 +191,6 @@ def requestReport(): data = {"text": "!!! Scan results !!! \n"+"Image: "+imagetag+'-'+buildid+"\n"+message} - sendToSlack(message) + sendToSlack(message, data) -listSessions() +requestReport() diff --git a/scan.py b/scan.py new file mode 100644 index 0000000..0deb0e1 --- /dev/null +++ b/scan.py @@ -0,0 +1,294 @@ +#!/usr/bin/env python3 +# +# Copyright 2019 Trend Micro and contributors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from __future__ import print_function + +import argparse +import base64 +import os +import sys +import json +import time + +import requests + +from docker_image import reference + + +class SlightlyImprovedSession(requests.Session): + """ + A SlightlyImprovedSession keeps track of the base URL and any kwargs that + should be passed to requests. + + When you make a `get` or `post` request, the URL you provide will be + `urljoin`'d with the base URL, so relative URLs will work pretty well. + + Technically, this is totally broken, because relative URLs should be + evaluated relative to the resource that provided the URL, but for our + purposes this works perfectly and really simplifies life, so we're + going to ignore the pedants. + """ + + def __init__(self, base, **kwargs): + super(SlightlyImprovedSession, self).__init__() + self.base = base + self.kwargs = kwargs + + def post(self, url, **kwargs): + for k in self.kwargs: + if not k in kwargs: + kwargs[k] = self.kwargs[k] + + return super(SlightlyImprovedSession, self).post( + requests.compat.urljoin(self.base, url), + **kwargs + ) + + def get(self, url, **kwargs): + for k in self.kwargs: + if not k in kwargs: + kwargs[k] = self.kwargs[k] + + return super(SlightlyImprovedSession, self).get( + requests.compat.urljoin(self.base, url), + **kwargs + ) + + +def get_session(base, user, password, **kwargs): + """Authenticate with the service and return a session.""" + + session = SlightlyImprovedSession(base, **kwargs) + + response = session.post('/api/sessions', json={ + 'user': { + 'userID': user, + 'password': password + } + }) + + if not response.ok: + raise Exception(f'could not start session: {response}') + + token = response.json()['token'] + + session.headers.update({'Authorization': f'Bearer {token}'}) + return session + +def eprint(*args, **kwargs): + """print a message to stderr""" + print(*args, file=sys.stderr, **kwargs) + + +def start_scan(session, ref, + image_pull_auth=None, + registry_root_cas=None, + webhook_teams=None, + insecure_skip_registry_tls_verify=False, + wait=True): + """Start a scan.""" + + ref = reference.Reference.parse(ref) + + hostname, name = ref.split_hostname() + + if isinstance(image_pull_auth, str): + try: + image_pull_auth = json.loads(image_pull_auth) + except json.decoder.JSONDecodeError as err: + eprint('Unable to parse image-pull-auth value:', err) + sys.exit(1) + + if registry_root_cas is not None: + with open(registry_root_cas) as file: + registry_root_cas = base64.b64encode( + file.read().encode() + ).decode('utf-8') + + registry_aux = session.get('/api/registries') + + for registry in registry_aux.json()["registries"]: + if(registry["host"] == hostname): + registry_id = registry["id"] + + if(image_pull_auth == "None"): + response = session.post('/api/scans', + json={ + 'name': name, + 'source': { + 'type': 'docker', + 'registry': hostname, + 'repository': name, + 'tag': ref['tag'], + 'digest': ref['digest'], + 'credentials': image_pull_auth, + 'rootCAs': registry_root_cas, + 'insecureSkipVerify': insecure_skip_registry_tls_verify, + } + }) + else: + response = session.post("/api/registries/"+registry_id+"/scans", + json={ + "name": name, + "source": { + "repository": name, + "tag": ref["tag"], + } + }) + + if not response.ok: + eprint('could not create scan', response) + sys.exit(1) + + scan = response.json() + + if wait: + while scan['status'] in ['pending', 'in-progress']: + print('waiting for scan to complete...', file=sys.stderr) + time.sleep(10) + + response = session.get(scan['href']) + + if not response.ok: + eprint('could not check scan progress', response) + sys.exit(1) + + scan = response.json() + if(webhook_teams != "None"): + sendToTeams(webhook_teams, scan, ref, hostname, name) + + print(json.dumps(scan, indent=' ')) + +def sendToTeams(webhook_teams, scan, ref, hostname, name): + + if(scan['status'] == "completed-with-findings" ): + findings = scan["details"]['results'][0]['findings'] + vulnerabilities = findings['vulnerabilities'] + + dataVuln = "Vulnerabilities found: \n" + dataMalw = "" + + for value in vulnerabilities['total']: + if value == 'high': + high = vulnerabilities['total']['high'] + dataVuln = dataVuln+"High: "+str(high)+"\n" + if value == 'medium': + medium = vulnerabilities['total']['medium'] + dataVuln = dataVuln+"Medium: "+str(medium)+"\n" + if value == 'low': + low = vulnerabilities['total']['low'] + dataVuln = dataVuln+"Low: "+str(low)+"\n" + if value == 'negligible': + negligible = vulnerabilities['total']['negligible'] + dataVuln = dataVuln+"Negligible: "+str(negligible)+"\n" + if value == 'unknown': + unknown = vulnerabilities['total']['unknown'] + dataVuln = dataVuln+"Unknown: "+str(unknown)+"\n" + + if dataVuln == "Vulnerabilities found: \n": dataVuln="" + + for value in findings: + if value == 'malware': + malware = findings['malware'] + dataMalw = "Malware found: "+str(malware) + + message = dataVuln+dataMalw + + data = {"text": "
!!! Trend Micro - Smart Check Scan results !!! \n"+"
Image: "+name+':'+ref["tag"]+"\n"+message+"
"} + + url = webhook_teams + headers = {'Content-Type': 'application/json'} + + try: + response = requests.request("POST", url, json=data, headers=headers) + print(response) + except requests.exceptions.RequestException as e: + print (e) + sys.exit(1) + +def main(): + """Mainline""" + + parser = argparse.ArgumentParser( + description='Start a scan', + ) + + parser.add_argument('--smartcheck-host', action='store', + default=os.environ.get('DSSC_SMARTCHECK_HOST', None), + help='The hostname of the Deep Security Smart Check deployment. Example: smartcheck.example.com') + parser.add_argument('--smartcheck-user', action='store', + default=os.environ.get('DSSC_SMARTCHECK_USER', None), + help='The userid for connecting to Deep Security Smart Check') + parser.add_argument('--smartcheck-password', action='store', + default=os.environ.get( + 'DSSC_SMARTCHECK_PASSWORD', None), + help='The password for connecting to Deep Security Smart Check') + parser.add_argument('--insecure-skip-tls-verify', action='store_true', + default=os.environ.get( + 'DSSC_INSECURE_SKIP_TLS_VERIFY', False), + help='Ignore certificate errors when connecting to Deep Security Smart Check') + parser.add_argument('--image-pull-auth', action='store', + default=os.environ.get('DSSC_IMAGE_PULL_AUTH', None), + help='A JSON object of credentials for authenticating with the registry to pull the image from') + parser.add_argument('--registry-root-cas', action='store', + default=os.environ.get('DSSC_REGISTRY_ROOT_CAS', None), + help='A file containing the root CAs (in PEM format) to trust when connecting to the registry') + parser.add_argument('--insecure-skip-registry-tls-verify', action='store_true', + default=os.environ.get( + 'DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY', False), + help='Ignore certificate errors from the image registry') + parser.add_argument('--no-wait', action='store_false', + default=os.environ.get('DSSC_NO_WAIT', True), + help='Exit after requesting the scan') + parser.add_argument('--webhook-teams', action='store', + default=os.environ.get('DSSC_SMARTCHECK_WEBHOOK_TEAMS', None), + help='WebHook Teams Ds Smartcheck') + parser.add_argument( + 'image', help='The image to scan. Example: registry.example.com/project/image:latest') + + args = parser.parse_args() + + if args.smartcheck_host is None: + eprint('smartcheck_host is required') + sys.exit(1) + + if args.insecure_skip_tls_verify: + import urllib3 + urllib3.disable_warnings() + + if not args.smartcheck_host.startswith('http'): + args.smartcheck_host = 'https://' + args.smartcheck_host + + with get_session( + base=args.smartcheck_host, + user=args.smartcheck_user, + password=args.smartcheck_password, + verify=(not args.insecure_skip_tls_verify), + ) as session: + start_scan( + session, + args.image, + image_pull_auth=args.image_pull_auth, + registry_root_cas=args.registry_root_cas, + insecure_skip_registry_tls_verify=args.insecure_skip_registry_tls_verify, + webhook_teams=args.webhook_teams, + wait=args.no_wait, + ) + + +if __name__ == '__main__': + main() \ No newline at end of file From 45d24894ee7c306e1446da73651bb9a7afc074de Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Wed, 21 Apr 2021 12:24:13 -0500 Subject: [PATCH 002/162] Update test.txt --- test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test.txt b/test.txt index 0adad1e..8b13789 100644 --- a/test.txt +++ b/test.txt @@ -1 +1 @@ -{"scans": [{"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test/apachestruts:latest", "findings": {"vulnerabilities": {"total": {"medium": 98, "unknown": 5, "high": 22, "critical": 3, "negligible": 4, "low": 21}, "unresolved": {"medium": 98, "unknown": 5, "high": 22, "critical": 3, "negligible": 4, "low": 21}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-17T19:31:24Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 1}, "unresolved": {"high": 1}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "latest", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test/apachestruts"}, "href": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a", "details": {"requested": "2019-12-17T19:18:09Z", "updated": "2019-12-17T20:00:46Z", "started": "2019-12-17T19:47:56Z", "completed": "2019-12-17T20:00:46Z", "results": [{"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-11-22T00:10:47Z", "id": "sha256:39c7890be01d245a783d8ffa3cb214984f366b9760b83720e32e0c2e546ed136", "createdBy": "/bin/sh -c set -ex \t&& rm -rf /usr/local/tomcat/webapps/* \t&& chmod a+x /usr/local/tomcat/bin/*.sh"}, {"vulnerabilities": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a/layers/sha256:6ef14aff1139e1065ec0928ae1c07f2cff8c2b35e760f4b463df5c64e6ea1101/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 25, "unknown": 5, "high": 2, "critical": 1, "negligible": 3, "low": 2}, "unresolved": {"medium": 25, "unknown": 5, "high": 2, "critical": 1, "negligible": 3, "low": 2}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-17T04:12:17Z", "id": "sha256:6ef14aff1139e1065ec0928ae1c07f2cff8c2b35e760f4b463df5c64e6ea1101", "createdBy": "/bin/sh -c apt-get update && apt-get install -y --no-install-recommends \t\tbzr \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t&& rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-19T02:28:48Z", "id": "sha256:e1417b6fbaf55caa13ae206f2a02bf2c8643e275c36ba49f6c620df17175b54a", "createdBy": "/bin/sh -c set -e \t&& nativeLines=\"$(catalina.sh configtest 2>&1)\" \t&& nativeLines=\"$(echo \"$nativeLines\" | grep 'Apache Tomcat Native')\" \t&& nativeLines=\"$(echo \"$nativeLines\" | sort -u)\" \t&& if ! echo \"$nativeLines\" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then \t\techo >&2 \"$nativeLines\"; \t\texit 1; \tfi"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-11-22T00:10:47Z", "id": "sha256:62ccc28c25b794eb7e3a74b60e1e5f2d66ee18d0aca5cfe4004557bc7c9b601b", "createdBy": "/bin/sh -c #(nop) COPY file:7afc778ac7f21ca1f8723a84c16115a03c635d7c2c853174d3be7fd63fe64a1a in /usr/local/tomcat/webapps/ROOT.war "}, {"vulnerabilities": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a/layers/sha256:962785d3b7f9bd4442aa6df1862d8ad64e0ee1d57ec02d7d82aeecc0a8b0f4d2/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 1, "medium": 4}, "unresolved": {"high": 1, "medium": 4}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-17T08:29:24Z", "id": "sha256:962785d3b7f9bd4442aa6df1862d8ad64e0ee1d57ec02d7d82aeecc0a8b0f4d2", "createdBy": "/bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tbzip2 \t\tunzip \t\txz-utils \t\t\t\tca-certificates p11-kit \t\t\t\tfontconfig libfreetype6 \t; \trm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {"high": 1}, "unresolved": {"high": 1}}}, "createdAt": "2019-11-22T00:34:27Z", "id": "sha256:f7ce29f7df02a3917315e4b2a3b0124c3c94e4266b8e3d45a90d317312ad6949", "createdBy": "/bin/sh -c #(nop) COPY file:b690fc277657cf2968caf9b00fee227fe0e087153ed6964fd71818c9bdefd286 in /usr/local/tomcat/webapps/key.pem ", "contents": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a/layers/sha256:f7ce29f7df02a3917315e4b2a3b0124c3c94e4266b8e3d45a90d317312ad6949/contents"}, {"vulnerabilities": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a/layers/sha256:9a0b0ce99936ce4861d44ce1f193e881e5b40b5bf1847627061205b092fa7f1d/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 12, "medium": 44, "critical": 2, "negligible": 1, "low": 12}, "unresolved": {"high": 12, "medium": 44, "critical": 2, "negligible": 1, "low": 12}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-16T23:29:01Z", "id": "sha256:9a0b0ce99936ce4861d44ce1f193e881e5b40b5bf1847627061205b092fa7f1d", "createdBy": "/bin/sh -c #(nop) ADD file:fdf0128645db4c8b990073dc4fe3fabad50411032c9aa4f86538d46e0e8f158f in / "}, {"vulnerabilities": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a/layers/sha256:db3b6004c61a0e86fbf910b9b4a6611ae79e238a336011a1b5f9b177d85cbf9d/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 5, "medium": 15, "low": 6}, "unresolved": {"high": 5, "medium": 15, "low": 6}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-17T04:11:35Z", "id": "sha256:db3b6004c61a0e86fbf910b9b4a6611ae79e238a336011a1b5f9b177d85cbf9d", "createdBy": "/bin/sh -c apt-get update && apt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\tnetbase \t\twget \t&& rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-17T08:30:57Z", "id": "sha256:631589572f9b44b8d0b6c2c6c1fc656fc4ae1669367888bfe622bbea1ca9cc83", "createdBy": "/bin/sh -c { echo '#/bin/sh'; echo 'echo \"$JAVA_HOME\"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ \"$JAVA_HOME\" = \"$(docker-java-home)\" ]"}, {"vulnerabilities": "/api/scans/ac6794f5-6179-4996-aef8-b42c6e5e757a/layers/sha256:f8f0759202953be4b156f44bba90b682b61f985f9bbc60e7262b216f70dabb96/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 2, "medium": 10, "low": 1}, "unresolved": {"high": 2, "medium": 10, "low": 1}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-17T04:11:44Z", "id": "sha256:f8f0759202953be4b156f44bba90b682b61f985f9bbc60e7262b216f70dabb96", "createdBy": "/bin/sh -c set -ex; \tif ! command -v gpg > /dev/null; then \t\tapt-get update; \t\tapt-get install -y --no-install-recommends \t\t\tgnupg \t\t\tdirmngr \t\t; \t\trm -rf /var/lib/apt/lists/*; \tfi"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-19T02:18:55Z", "id": "sha256:379605d88e88b03820ef61d475cfbe79f7a8ad66e9141ecf42725bdef40c580f", "createdBy": "/bin/sh -c mkdir -p \"$CATALINA_HOME\""}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-19T02:28:46Z", "id": "sha256:831e6e9c3029594cfdf2235a126679262ec10e04154291160743edbaa07bea2e", "createdBy": "/bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tgnupg dirmngr \t\twget ca-certificates \t; \t\tddist() { \t\tlocal f=\"$1\"; shift; \t\tlocal distFile=\"$1\"; shift; \t\tlocal success=; \t\tlocal distUrl=; \t\tfor distUrl in \t\t\t'https://www.apache.org/dyn/closer.cgi?action=download&filename=' \t\t\thttps://www-us.apache.org/dist/ \t\t\thttps://www.apache.org/dist/ \t\t\thttps://archive.apache.org/dist/ \t\t; do \t\t\tif wget -O \"$f\" \"$distUrl$distFile\" && [ -s \"$f\" ]; then \t\t\t\tsuccess=1; \t\t\t\tbreak; \t\t\tfi; \t\tdone; \t\t[ -n \"$success\" ]; \t}; \t\tddist 'tomcat.tar.gz' \"tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz\"; \techo \"$TOMCAT_SHA512 *tomcat.tar.gz\" | sha512sum --strict --check -; \tddist 'tomcat.tar.gz.asc' \"tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc\"; \texport GNUPGHOME=\"$(mktemp -d)\"; \tfor key in $GPG_KEYS; do \t\tgpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys \"$key\"; \tdone; \tgpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz; \ttar -xf tomcat.tar.gz --strip-components=1; \trm bin/*.bat; \trm tomcat.tar.gz*; \tcommand -v gpgconf && gpgconf --kill all || :; \trm -rf \"$GNUPGHOME\"; \t\tnativeBuildDir=\"$(mktemp -d)\"; \ttar -xf bin/tomcat-native.tar.gz -C \"$nativeBuildDir\" --strip-components=1; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tlibapr1-dev \t\tlibssl-dev \t\tmake \t; \t( \t\texport CATALINA_HOME=\"$PWD\"; \t\tcd \"$nativeBuildDir/native\"; \t\tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t\taprConfig=\"$(command -v apr-1-config)\"; \t\t./configure \t\t\t--build=\"$gnuArch\" \t\t\t--libdir=\"$TOMCAT_NATIVE_LIBDIR\" \t\t\t--prefix=\"$CATALINA_HOME\" \t\t\t--with-apr=\"$aprConfig\" \t\t\t--with-java-home=\"$JAVA_HOME\" \t\t\t--with-ssl=yes; \t\tmake -j \"$(nproc)\"; \t\tmake install; \t); \trm -rf \"$nativeBuildDir\"; \trm bin/tomcat-native.tar.gz; \t\tapt-mark auto '.*' > /dev/null; \t[ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark > /dev/null; \tfind \"$TOMCAT_NATIVE_LIBDIR\" -type f -executable -exec ldd '{}' ';' \t\t| awk '/=>/ { print $(NF-1) }' \t\t| sort -u \t\t| xargs -r dpkg-query --search \t\t| cut -d: -f1 \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \trm -rf /var/lib/apt/lists/*; \t\tfind ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' +; \t\tchmod -R +rX .; \tchmod 777 logs temp work"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-18T23:40:58Z", "id": "sha256:c55a0c6f4c7b3d24524aa43520898369ae5b6b671f7b2768c92236c1c990ba95", "createdBy": "/bin/sh -c set -eux; \t\tdpkgArch=\"$(dpkg --print-architecture)\"; \tcase \"$dpkgArch\" in \t\tamd64) upstreamArch='x64' ;; \t\tarm64) upstreamArch='aarch64' ;; \t\t*) echo >&2 \"error: unsupported architecture: $dpkgArch\" ;; \tesac; \t\twget -O openjdk.tgz.asc \"${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz.sign\"; \twget -O openjdk.tgz \"${JAVA_BASE_URL}${upstreamArch}_linux_${JAVA_URL_VERSION}.tar.gz\" --progress=dot:giga; \t\texport GNUPGHOME=\"$(mktemp -d)\"; \tgpg --batch --keyserver ha.pool.sks-keyservers.net --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; \tgpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; \tgpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F \t\t| tee /dev/stderr \t\t| grep '0xA5CD6035332FA671' \t\t| grep 'Andrew Haley'; \tgpg --batch --verify openjdk.tgz.asc openjdk.tgz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\"; \t\tmkdir -p \"$JAVA_HOME\"; \ttar --extract \t\t--file openjdk.tgz \t\t--directory \"$JAVA_HOME\" \t\t--strip-components 1 \t\t--no-same-owner \t; \trm openjdk.tgz*; \t\t\t{ \t\techo '#!/usr/bin/env bash'; \t\techo 'set -Eeuo pipefail'; \t\techo 'if ! [ -d \"$JAVA_HOME\" ]; then echo >&2 \"error: missing JAVA_HOME environment variable\"; exit 1; fi'; \t\techo 'cacertsFile=; for f in \"$JAVA_HOME/lib/security/cacerts\" \"$JAVA_HOME/jre/lib/security/cacerts\"; do if [ -e \"$f\" ]; then cacertsFile=\"$f\"; break; fi; done'; \t\techo 'if [ -z \"$cacertsFile\" ] || ! [ -f \"$cacertsFile\" ]; then echo >&2 \"error: failed to find cacerts file in $JAVA_HOME\"; exit 1; fi'; \t\techo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth \"$cacertsFile\"'; \t} > /etc/ca-certificates/update.d/docker-openjdk; \tchmod +x /etc/ca-certificates/update.d/docker-openjdk; \t/etc/ca-certificates/update.d/docker-openjdk; \t\tfind \"$JAVA_HOME/lib\" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \tldconfig; \t\tjavac -version; \tjava -version"}], "architecture": "amd64", "os": "linux", "digest": "sha256:ce4f3c8d1974465a0560c3d9e904be0badcb068c32c0d2b151bd6430cb292153"}, "id": "ac6794f5-6179-4996-aef8-b42c6e5e757a"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:1794", "findings": {"vulnerabilities": {"total": {"medium": 521, "unknown": 8, "high": 208, "critical": 24, "negligible": 4, "low": 115}, "unresolved": {"medium": 521, "unknown": 8, "high": 208, "critical": 24, "negligible": 4, "low": 115}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-17T19:31:24Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 10}, "unresolved": {"high": 10}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "1794", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/b22d4dcc-e285-4414-aa92-f78ef1de0dba", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T20:00:21Z", "started": "2019-12-17T19:46:59Z", "completed": "2019-12-17T20:00:21Z", "labels": {"maintainer": "opsxcq@strm.sh"}, "results": [{"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-31T17:03:36Z", "id": "sha256:ad8d7dd9f1b2a8f13716ec084c2c93edb525839cceff97707b4eace3ebc3cbc0", "createdBy": "/bin/sh -c addgroup -gid 666 pwned && (sleep 1;echo \"nosambanocry\"; sleep 1;echo \"nosambanocry\") |adduser --gid 666 --uid 666 sambacry && (sleep 1;echo \"nosambanocry\"; sleep 1;echo \"nosambanocry\") | /usr/local/samba/bin/smbpasswd -a -s -c /smb.conf sambacry && mkdir /data && chown 666:666 /data"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {"high": 6}, "unresolved": {"high": 6}}}, "createdAt": "2017-10-31T16:28:50Z", "id": "sha256:9cdb466847d0b75d4910a07e4af88494e0758531905755d54199eefd43df3baa", "createdBy": "/bin/sh -c #(nop) COPY dir:855d955a1ea5ccc6f43f7842a2a902670ec06b6ccbd5080c8a6c4360f53e28c1 in /src ", "contents": "/api/scans/b22d4dcc-e285-4414-aa92-f78ef1de0dba/layers/sha256:9cdb466847d0b75d4910a07e4af88494e0758531905755d54199eefd43df3baa/contents"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-31T17:03:29Z", "id": "sha256:073f262054415dd73573a42ff2d620091b867bc7b66898c0555b663f0eb3c92e", "createdBy": "/bin/sh -c cd /src && ./configure && make && make install"}, {"findings": {"vulnerabilities": {"total": {"medium": 451, "unknown": 8, "high": 180, "critical": 20, "negligible": 3, "low": 99}, "unresolved": {"medium": 451, "unknown": 8, "high": 180, "critical": 20, "negligible": 3, "low": 99}}, "contents": {"total": {"high": 4}, "unresolved": {"high": 4}}}, "vulnerabilities": "/api/scans/b22d4dcc-e285-4414-aa92-f78ef1de0dba/layers/sha256:5bd0b35df9ef922c2be994c130df52201cbb76ab9caf63c54f8b1118e3115abc/vulnerabilities", "contents": "/api/scans/b22d4dcc-e285-4414-aa92-f78ef1de0dba/layers/sha256:5bd0b35df9ef922c2be994c130df52201cbb76ab9caf63c54f8b1118e3115abc/contents", "createdBy": "/bin/sh -c apt-get update && apt-get upgrade -y && DEBIAN_FRONTEND=noninteractive apt-get install -y acl attr autoconf bison build-essential debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev libcap-dev libcups2-dev libgnutls28-dev libjson-perl libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl libpopt-dev libreadline-dev perl perl-modules pkg-config python-all-dev python-dev python-dnspython python-crypto xsltproc zlib1g-dev&& apt-get clean && rm -rf /var/lib/apt/lists/*", "id": "sha256:5bd0b35df9ef922c2be994c130df52201cbb76ab9caf63c54f8b1118e3115abc", "createdAt": "2017-10-31T16:28:35Z"}, {"vulnerabilities": "/api/scans/b22d4dcc-e285-4414-aa92-f78ef1de0dba/layers/sha256:85b1f47fba49da65256f07c8790542a3880e9216f9c491965040f35ce2c6ca7a/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 28, "medium": 70, "critical": 4, "negligible": 1, "low": 16}, "unresolved": {"high": 28, "medium": 70, "critical": 4, "negligible": 1, "low": 16}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-09T21:30:05Z", "id": "sha256:85b1f47fba49da65256f07c8790542a3880e9216f9c491965040f35ce2c6ca7a", "createdBy": "/bin/sh -c #(nop) ADD file:55b071e2cfc3ea2f4bbf048d7d676e3c06a77a9a98d63f7af291f3decb495ec8 in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-31T17:03:31Z", "id": "sha256:1c753f87c7103f469aff523c7fb600c472150e1ec66e472b9096b93281391df4", "createdBy": "/bin/sh -c #(nop) COPY file:d7ef8d157aa26d93145dc74e0d47cc05154c784be361594f991c635601ebe1b9 in / "}], "architecture": "amd64", "os": "linux", "digest": "sha256:fdc4b2a97e4f777b95bcf0306fc3d6bb7ac1e025f4f7edd718762907d4ae5b42"}, "id": "b22d4dcc-e285-4414-aa92-f78ef1de0dba"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:17353", "findings": {"vulnerabilities": {"total": {"medium": 437, "unknown": 10, "high": 99, "critical": 18, "negligible": 4, "low": 44}, "unresolved": {"medium": 436, "unknown": 10, "high": 99, "critical": 18, "negligible": 4, "low": 44}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-17T19:31:24Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {}, "unresolved": {}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "17353", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:47:54Z", "started": "2019-12-17T19:39:03Z", "completed": "2019-12-17T19:47:54Z", "results": [{"vulnerabilities": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149/layers/sha256:d08a2c3112d431c43e02458a285501d289333380438e760962619c8672bcbe0b/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 29, "medium": 76, "critical": 4, "negligible": 1, "low": 16}, "unresolved": {"high": 29, "medium": 76, "critical": 4, "negligible": 1, "low": 16}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-24T19:20:41Z", "id": "sha256:d08a2c3112d431c43e02458a285501d289333380438e760962619c8672bcbe0b", "createdBy": "/bin/sh -c #(nop) ADD file:712c48086043553b85ffb031d8f6c5de857a2e53974df30cdfbc1e85c1b00a25 in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:36:24Z", "id": "sha256:4807c1746af632c7279b487ab9a6d8eff266e51695cda4de3c59baa94793cd5c", "createdBy": "/bin/sh -c set -ex && [ -e /usr/share/jenkins ] || mkdir -p /usr/share/jenkins && [ -e /usr/share/jenkins/ref ] || mkdir -p /usr/share/jenkins/ref && wget http://mirrors.jenkins.io/war-stable/${JENKINS_VERSION}/jenkins.war -O /usr/share/jenkins/jenkins.war && chown -R jenkins \"$JENKINS_HOME\" /usr/share/jenkins/ref"}, {"vulnerabilities": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149/layers/sha256:25de13746f419f7f3bc902a458424d7bfca99340689ab3206765d9d3fe6c0df9/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 18, "medium": 60, "critical": 4, "low": 12}, "unresolved": {"high": 18, "medium": 59, "critical": 4, "low": 12}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-24T19:54:25Z", "id": "sha256:25de13746f419f7f3bc902a458424d7bfca99340689ab3206765d9d3fe6c0df9", "createdBy": "/bin/sh -c apt-get update && apt-get install -y --no-install-recommends \t\tca-certificates \t\tcurl \t\twget \t&& rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-26T23:10:00Z", "id": "sha256:12a563564bc00df419eaea432befa9231b9fbe3da8e6ae2521605e876480c597", "createdBy": "/bin/sh -c /var/lib/dpkg/info/ca-certificates-java.postinst configure"}, {"vulnerabilities": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149/layers/sha256:34a279a4928ddfb0e3c893b02af8f53708ce55b2e5dda1a6ea0284513de570b0/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 54, "unknown": 5, "high": 23, "critical": 5, "negligible": 3, "low": 6}, "unresolved": {"medium": 54, "unknown": 5, "high": 23, "critical": 5, "negligible": 3, "low": 6}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-24T19:55:32Z", "id": "sha256:34a279a4928ddfb0e3c893b02af8f53708ce55b2e5dda1a6ea0284513de570b0", "createdBy": "/bin/sh -c apt-get update && apt-get install -y --no-install-recommends \t\tbzr \t\tgit \t\tmercurial \t\topenssh-client \t\tsubversion \t\t\t\tprocps \t&& rm -rf /var/lib/apt/lists/*"}, {"vulnerabilities": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149/layers/sha256:d46a4532ccb23e0247f5f12c66000efa046624ca504d2906909a4807a3aa535a/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 1, "medium": 2, "critical": 2}, "unresolved": {"high": 1, "medium": 2, "critical": 2}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:35:41Z", "id": "sha256:d46a4532ccb23e0247f5f12c66000efa046624ca504d2906909a4807a3aa535a", "createdBy": "/bin/sh -c apt-get update && apt-get install -y git curl wget && rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:36:35Z", "id": "sha256:2d488f0c183052741ffea14feb865f5821aa55e822a6f745c35acb17d6a38ca9", "createdBy": "/bin/sh -c #(nop) COPY file:78af1b33c67798de6c352599d24682470274d2927f36fefdb65f2fe59db0ae54 in /usr/local/bin/jenkins.sh "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:35:56Z", "id": "sha256:abccc8f4e54e95245c751168e1de4735f3548d84eab60ffd5852242d555b7767", "createdBy": "/bin/sh -c groupadd -g 1000 jenkins && useradd -d \"$JENKINS_HOME\" -u 1000 -g 1000 -m -s /bin/bash jenkins"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:36:40Z", "id": "sha256:9db82a19afe99706bed896179781021b89be336f0354f51222e52e26fe0b90c7", "createdBy": "/bin/sh -c chmod +x /usr/local/bin/jenkins.sh"}, {"vulnerabilities": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149/layers/sha256:13bece0db804b4cebe3b0a12b6c981147ef4aff98c468da33354948440da7186/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 2, "low": 2}, "unresolved": {"medium": 2, "low": 2}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-25T00:38:26Z", "id": "sha256:13bece0db804b4cebe3b0a12b6c981147ef4aff98c468da33354948440da7186", "createdBy": "/bin/sh -c apt-get update && apt-get install -y --no-install-recommends \t\tbzip2 \t\tunzip \t\txz-utils \t&& rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-25T00:41:07Z", "id": "sha256:c6e013082552ea3a357691374f87938c6e958714c6f62d8b80f6412a2c323537", "createdBy": "/bin/sh -c echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list"}, {"vulnerabilities": "/api/scans/e87d02e5-00df-4b20-b2af-8c6a34101149/layers/sha256:d390f33bb9b7bde7a6ce08750da599ec1e1948bbd4eaaaaa9fd3033650ed4a3f/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 28, "unknown": 5, "medium": 243, "critical": 3, "low": 8}, "unresolved": {"high": 28, "unknown": 5, "medium": 243, "critical": 3, "low": 8}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-26T23:09:58Z", "id": "sha256:d390f33bb9b7bde7a6ce08750da599ec1e1948bbd4eaaaaa9fd3033650ed4a3f", "createdBy": "/bin/sh -c set -ex; \t\tapt-get update; \tapt-get install -y \t\topenjdk-8-jdk=\"$JAVA_DEBIAN_VERSION\" \t\tca-certificates-java=\"$CA_CERTIFICATES_JAVA_VERSION\" \t; \trm -rf /var/lib/apt/lists/*; \t\t[ \"$JAVA_HOME\" = \"$(docker-java-home)\" ]; \t\tupdate-alternatives --get-selections | awk -v home=\"$JAVA_HOME\" 'index($3, home) == 1 { $2 = \"manual\"; print | \"update-alternatives --set-selections\" }'; \tupdate-alternatives --query java | grep -q 'Status: manual'"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:36:06Z", "id": "sha256:9791f97a4f11090536bdb6bcb96965692129fdbcf5e7a70c53e61aa856f5521e", "createdBy": "/bin/sh -c #(nop) ADD tarsum.v1+sha256:85c4b30c56225992fab6502ef4662ef12847c7c5137d48e28e6186788b8f914f in /bin/tini "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-04-25T00:41:09Z", "id": "sha256:07daf1b985ceb53fc7cbb1c7e202917b4d6348bfef11e8280997950f7199aecd", "createdBy": "/bin/sh -c { \t\techo '#!/bin/sh'; \t\techo 'set -e'; \t\techo; \t\techo 'dirname \"$(dirname \"$(readlink -f \"$(which javac || which java)\")\")\"'; \t} > /usr/local/bin/docker-java-home \t&& chmod +x /usr/local/bin/docker-java-home"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-05-09T12:36:11Z", "id": "sha256:470ed9f6eee22f215900ab1840650412aa32e667f0373900c2767ae7ef551f7e", "createdBy": "/bin/sh -c chmod +x /bin/tini"}], "architecture": "amd64", "os": "linux", "digest": "sha256:dbfca464b4fee22d26693c0f00fb0e2421baa3fb1a27f1d7d52b1c18d6c5bfe5"}, "id": "e87d02e5-00df-4b20-b2af-8c6a34101149"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:1633", "findings": {"vulnerabilities": {"total": {"high": 73, "medium": 217, "critical": 8, "negligible": 1, "low": 36}, "unresolved": {"high": 73, "medium": 217, "critical": 8, "negligible": 1, "low": 36}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-17T19:31:24Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 2}, "unresolved": {"high": 2}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "1633", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/14b355d4-567f-4bd5-8acd-3d818d868955", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:39:02Z", "started": "2019-12-17T19:36:12Z", "completed": "2019-12-17T19:39:02Z", "labels": {"maintainer": "opsxcq@strm.sh"}, "results": [{"vulnerabilities": "/api/scans/14b355d4-567f-4bd5-8acd-3d818d868955/layers/sha256:85b1f47fba49da65256f07c8790542a3880e9216f9c491965040f35ce2c6ca7a/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 28, "medium": 70, "critical": 4, "negligible": 1, "low": 16}, "unresolved": {"high": 28, "medium": 70, "critical": 4, "negligible": 1, "low": 16}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-09T21:30:05Z", "id": "sha256:85b1f47fba49da65256f07c8790542a3880e9216f9c491965040f35ce2c6ca7a", "createdBy": "/bin/sh -c #(nop) ADD file:55b071e2cfc3ea2f4bbf048d7d676e3c06a77a9a98d63f7af291f3decb495ec8 in / "}, {"findings": {"vulnerabilities": {"total": {"high": 45, "medium": 147, "critical": 4, "low": 20}, "unresolved": {"high": 45, "medium": 147, "critical": 4, "low": 20}}, "contents": {"total": {"high": 2}, "unresolved": {"high": 2}}}, "vulnerabilities": "/api/scans/14b355d4-567f-4bd5-8acd-3d818d868955/layers/sha256:fd1b7848a24fd9d883147446760ae71f68336a61d9dff831f0efa21f819d2fcb/vulnerabilities", "contents": "/api/scans/14b355d4-567f-4bd5-8acd-3d818d868955/layers/sha256:fd1b7848a24fd9d883147446760ae71f68336a61d9dff831f0efa21f819d2fcb/contents", "createdBy": "/bin/sh -c apt-get update && apt-get upgrade -y && DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 php5 python sendmail && apt-get clean && rm -rf /var/lib/apt/lists/*", "id": "sha256:fd1b7848a24fd9d883147446760ae71f68336a61d9dff831f0efa21f819d2fcb", "createdAt": "2017-10-30T22:09:20Z"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:09:22Z", "id": "sha256:958cfd44407115aaba6a5cb9fddf4733cfdb8e129c95b6018e2e8601ed5bd942", "createdBy": "/bin/sh -c #(nop) COPY dir:112329eee82e94ef738d069a2891243d5cafdb08b5df5d218dc840bb82f609a3 in /www "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:09:22Z", "id": "sha256:1bce47ee484d1ff8f771dd1446356095d7f763c0d92cba8e75cef10a88545bec", "createdBy": "/bin/sh -c #(nop) COPY dir:0d83906bb3fba9b9c9b769d6035d6e60da220cd9eabdc422184389a64ff9aa58 in /www/vulnerable/ "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:09:23Z", "id": "sha256:b0d2bcaaa617eeb9cc505f363781c47049c328bccc16d4be7fe553995aac0b26", "createdBy": "/bin/sh -c chmod 777 -R /www"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:09:23Z", "id": "sha256:401c3f47975fc644024ac7d84ed6eb45237fc0eff6954058ca72e7aee73c67c8", "createdBy": "/bin/sh -c #(nop) COPY file:57a0dc4a61a910f5638fdd93fbb2ca0b368e7f0581cd4d7428570b07da649f1c in /etc/apache2/sites-enabled/000-default.conf "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:09:24Z", "id": "sha256:52c46abb054adac8f841dcb998d659541b82a5a54b89fd5338db76464bda27aa", "createdBy": "/bin/sh -c #(nop) COPY file:094657626a5a7d0e2af6ecfbee810ce687e3ffac42906eae79da7b46aeb7fb0d in / "}], "architecture": "amd64", "os": "linux", "digest": "sha256:271282ecaa7728ceb618515e389ce92bc884ee24f03ba65bf134d85f72a86279"}, "id": "14b355d4-567f-4bd5-8acd-3d818d868955"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:1634", "findings": {"vulnerabilities": {"total": {"medium": 488, "unknown": 7, "high": 205, "critical": 23, "negligible": 4, "low": 104}, "unresolved": {"medium": 488, "unknown": 7, "high": 205, "critical": 23, "negligible": 4, "low": 104}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {}, "unresolved": {}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "1634", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/5f22441e-d3d2-4f49-8d43-1284059f1eb7", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:36:11Z", "started": "2019-12-17T19:31:12Z", "completed": "2019-12-17T19:36:11Z", "labels": {"maintainer": "opsxcq@strm.sh"}, "results": [{"vulnerabilities": "/api/scans/5f22441e-d3d2-4f49-8d43-1284059f1eb7/layers/sha256:d93a2d7cc901177e87182b2003d50fb3ffd5be3eb698f39f5c862264efe6ee99/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 28, "medium": 72, "critical": 4, "negligible": 1, "low": 16}, "unresolved": {"high": 28, "medium": 72, "critical": 4, "negligible": 1, "low": 16}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-09-07T23:04:40Z", "id": "sha256:d93a2d7cc901177e87182b2003d50fb3ffd5be3eb698f39f5c862264efe6ee99", "createdBy": "/bin/sh -c #(nop) ADD file:d7333b3e0bc6479d2faed32e06d85f1975e5b23e13e75555aeed0f639770413b in / "}, {"vulnerabilities": "/api/scans/5f22441e-d3d2-4f49-8d43-1284059f1eb7/layers/sha256:9bf6a3c6e9ae08454b5bf9f49631c096110355d29fda373e5cf91d51805e622e/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 416, "unknown": 7, "high": 177, "critical": 19, "negligible": 3, "low": 88}, "unresolved": {"medium": 416, "unknown": 7, "high": 177, "critical": 19, "negligible": 3, "low": 88}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-09-11T23:22:12Z", "id": "sha256:9bf6a3c6e9ae08454b5bf9f49631c096110355d29fda373e5cf91d51805e622e", "createdBy": "/bin/sh -c apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential ruby valgrind && apt-get clean && rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-09-11T23:22:16Z", "id": "sha256:f19dc1f92ea8c2e92c52b0fefba435e24db577215f9fb16bcd7855fd7f0584fa", "createdBy": "/bin/sh -c #(nop) COPY dir:82926ea74722b1ba6709c37ae7690dc8f2ad2e45f5bd971b310541d35aaf656f in /src/ "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-09-11T23:22:16Z", "id": "sha256:a48d201455f990372101913059f64ab659cdd34dfecceac84d1052568282993b", "createdBy": "/bin/sh -c #(nop) COPY file:68c036b568daa3b910bb9f9ec70bbb6dcd1321e246422eb2d84c7b4824457dfc in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-09-11T23:25:20Z", "id": "sha256:6788ade0013236d2a92727c4e3d8cfbab5b9d7113413cf4d608de24c7690dcea", "createdBy": "/bin/sh -c cd /src && chmod +x configure && sync && ./configure && make"}], "architecture": "amd64", "os": "linux", "digest": "sha256:0d1ce2ac683623b93ba55576f8ca81bc00382dd213b952be76c9eda52a0cacef"}, "id": "5f22441e-d3d2-4f49-8d43-1284059f1eb7"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:web-app", "findings": {"vulnerabilities": {"total": {"high": 1}, "unresolved": {"high": 1}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 10}, "unresolved": {"high": 10}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "web-app", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/53d9a40c-6eb4-4d9c-a583-35c128beb4ab", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:46:58Z", "started": "2019-12-17T19:23:25Z", "completed": "2019-12-17T19:46:58Z", "results": [{"vulnerabilities": "/api/scans/53d9a40c-6eb4-4d9c-a583-35c128beb4ab/layers/sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 1}, "unresolved": {"high": 1}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-05-11T00:07:03Z", "id": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "createdBy": "/bin/sh -c #(nop) ADD file:a86aea1f3a7d68f6ae03397b99ea77f2e9ee901c5c59e59f76f93adbb4035913 in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {"high": 5}, "unresolved": {"high": 5}}}, "createdAt": "2019-09-19T09:17:01Z", "id": "sha256:5c3362402290de306a6d5e862c3f8f8a7ce013a977a5279a29b7418acd51adb4", "createdBy": "/bin/sh -c npm install react-scripts@3.0.1 -g --silent", "contents": "/api/scans/53d9a40c-6eb4-4d9c-a583-35c128beb4ab/layers/sha256:5c3362402290de306a6d5e862c3f8f8a7ce013a977a5279a29b7418acd51adb4/contents"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {"high": 5}, "unresolved": {"high": 5}}}, "createdAt": "2019-09-19T09:15:53Z", "id": "sha256:6a55800a2146dc1afcffe69cd49e3401835a564d825789d51565fe686ce60b8c", "createdBy": "/bin/sh -c npm install --silent", "contents": "/api/scans/53d9a40c-6eb4-4d9c-a583-35c128beb4ab/layers/sha256:6a55800a2146dc1afcffe69cd49e3401835a564d825789d51565fe686ce60b8c/contents"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-05-11T01:52:54Z", "id": "sha256:3bcb5e14be535bd6a0d2366436d93d11b56bf9340365d25eb98f1397aec23470", "createdBy": "/bin/sh -c apk add --no-cache --virtual .build-deps-yarn curl gnupg tar && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys \"$key\" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys \"$key\" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys \"$key\" ; done && curl -fsSLO --compressed \"https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz\" && curl -fsSLO --compressed \"https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc\" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apk del .build-deps-yarn"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-08-13T11:24:29Z", "id": "sha256:c91a6ed9b3615b803ae58aa629b6e14274a3a17fdaaff616a585037c9776145b", "createdBy": "/bin/sh -c #(nop) WORKDIR /app"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-19T09:14:49Z", "id": "sha256:8381428c3b6864e203205cfc3b29fbbedee1020e3d3b15012a266189996c9dd1", "createdBy": "/bin/sh -c #(nop) COPY file:6a9a61abe58d0a0289c12ea16f2d2f49a03d7690c5a15c4d7891f30b63824b1a in /app/package.json "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-05-11T01:52:51Z", "id": "sha256:a9b145f64bbe7efacd482b8576a2098dd7054c7d612a9ab0ab06570b4ae2bb0d", "createdBy": "/bin/sh -c addgroup -g 1000 node && adduser -u 1000 -G node -s /bin/sh -D node && apk add --no-cache libstdc++ && apk add --no-cache --virtual .build-deps binutils-gold curl g++ gcc gnupg libgcc linux-headers make python && for key in 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 FD3A5288F042B6850C66B31F09FE44734EB7990E 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 DD8F2338BAE7501E3DD5AC78C273792F7D83545D C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 B9AE9905FFD7803F25714661B63B535A4C206CA9 77984A986EBC2AA786BC0F66B01FBB92821C587A 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 4ED778F539E3634C779C87C6D7062848A1AB005C A48C2BEE680E841632CD4E44F07496B3EB3C1762 B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys \"$key\" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys \"$key\" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys \"$key\" ; done && curl -fsSLO --compressed \"https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz\" && curl -fsSLO --compressed \"https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc\" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep \" node-v$NODE_VERSION.tar.xz\\$\" SHASUMS256.txt | sha256sum -c - && tar -xf \"node-v$NODE_VERSION.tar.xz\" && cd \"node-v$NODE_VERSION\" && ./configure && make -j$(getconf _NPROCESSORS_ONLN) V= && make install && apk del .build-deps && cd .. && rm -Rf \"node-v$NODE_VERSION\" && rm \"node-v$NODE_VERSION.tar.xz\" SHASUMS256.txt.asc SHASUMS256.txt"}], "architecture": "amd64", "os": "linux", "digest": "sha256:857925aded5d944e48ecafd2d05e4287cac75e18cb40741a31fdfe193564e341"}, "id": "53d9a40c-6eb4-4d9c-a583-35c128beb4ab"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:17638", "findings": {"vulnerabilities": {"total": {"medium": 128, "unknown": 7, "high": 38, "critical": 6, "negligible": 78, "low": 65}, "unresolved": {"medium": 128, "unknown": 7, "high": 38, "critical": 6, "negligible": 78, "low": 65}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {}, "unresolved": {}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "17638", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/4efbee8a-8d37-4944-8b2d-cd73abb7c8a3", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:31:11Z", "started": "2019-12-17T19:18:09Z", "completed": "2019-12-17T19:31:11Z", "results": [{"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:23Z", "id": "sha256:9e82cd5292136a02da8a9fc435c5f053db10054e094bf906741750768591e737", "createdBy": "|4 BASE_URL=https://apache.osuosl.org/maven/maven-3/3.5.2/binaries MAVEN_VERSION=3.5.2 SHA=707b1f6e390a65bde4af4cdaf2a24d45fc19a6ded00fff02e91626e3e42ceaff USER_HOME_DIR=/root /bin/sh -c mkdir -p /usr/share/maven /usr/share/maven/ref && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz && echo \"${SHA} /tmp/apache-maven.tar.gz\" | sha256sum -c - && tar -xzf /tmp/apache-maven.tar.gz -C /usr/share/maven --strip-components=1 && rm -f /tmp/apache-maven.tar.gz && ln -s /usr/share/maven/bin/mvn /usr/bin/mvn"}, {"vulnerabilities": "/api/scans/4efbee8a-8d37-4944-8b2d-cd73abb7c8a3/layers/sha256:d15dc9fb2f8df99118e9e8eceb86659ba965e431a2938ca3b7edf7f909932463/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 91, "unknown": 7, "high": 13, "critical": 3, "negligible": 36, "low": 46}, "unresolved": {"medium": 91, "unknown": 7, "high": 13, "critical": 3, "negligible": 36, "low": 46}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:00:20Z", "id": "sha256:d15dc9fb2f8df99118e9e8eceb86659ba965e431a2938ca3b7edf7f909932463", "createdBy": "/bin/sh -c set -ex; \t\tif [ ! -d /usr/share/man/man1 ]; then \t\tmkdir -p /usr/share/man/man1; \tfi; \t\tapt-get update; \tapt-get install -y \t\tcurl \t\topenjdk-8-jdk-headless=\"$JAVA_DEBIAN_VERSION\" \t\tca-certificates-java=\"$CA_CERTIFICATES_JAVA_VERSION\" \t; \trm -rf /var/lib/apt/lists/*; \t\t[ \"$(readlink -f \"$JAVA_HOME\")\" = \"$(docker-java-home)\" ]; \t\tupdate-alternatives --get-selections | awk -v home=\"$(readlink -f \"$JAVA_HOME\")\" 'index($3, home) == 1 { $2 = \"manual\"; print | \"update-alternatives --set-selections\" }'; \tupdate-alternatives --query java | grep -q 'Status: manual'"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:00:22Z", "id": "sha256:35da807c5d51d2e88247a45cb594dee370b024bd12daadc0f54ba0720c3986b7", "createdBy": "/bin/sh -c /var/lib/dpkg/info/ca-certificates-java.postinst configure"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:26Z", "id": "sha256:7b88c3540da3bdfc81d560f601792bdd2a861908c3e58e9751d1f7acaf68353c", "createdBy": "/bin/sh -c #(nop) COPY file:21d953874d701690e1fff4b0a77f3a9462181c63e4181d51adc4c4601ec3d00e in /usr/local/bin/mvn-entrypoint.sh "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T09:53:01Z", "id": "sha256:f0e56426316d8653c64aeb17d79a8a637e8d7620a4c2ed5d40bf258352b57ec8", "createdBy": "/bin/sh -c ln -svT \"/usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture)\" /docker-java-home"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:27Z", "id": "sha256:1333b5f4d8a480440df6ed14e66cd5bc90036403bf889b8531f994229516c42c", "createdBy": "/bin/sh -c #(nop) COPY file:032052af42b6154c5b49c5a6fff95b46f6aa90c0c2f2869963f516f33e677edb in /usr/share/maven/ref/ "}, {"vulnerabilities": "/api/scans/4efbee8a-8d37-4944-8b2d-cd73abb7c8a3/layers/sha256:bc95e04b23c06ba1b9bf092d07d1493177b218e0340bd2ed49dac351c1e34313/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 12, "medium": 18, "critical": 3, "negligible": 41, "low": 19}, "unresolved": {"high": 12, "medium": 18, "critical": 3, "negligible": 41, "low": 19}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-04T05:26:48Z", "id": "sha256:bc95e04b23c06ba1b9bf092d07d1493177b218e0340bd2ed49dac351c1e34313", "createdBy": "/bin/sh -c #(nop) ADD file:45233d6b5c9b91e9437065d3e7c332d1c4eb4bce8e1079a4c1af342c450abe67 in / "}, {"vulnerabilities": "/api/scans/4efbee8a-8d37-4944-8b2d-cd73abb7c8a3/layers/sha256:154549a6039be172f1d1b529b8add27e6b62a5be1a2bd9bba9e9ba5a3f00ff57/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 1, "negligible": 1}, "unresolved": {"medium": 1, "negligible": 1}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T09:52:59Z", "id": "sha256:154549a6039be172f1d1b529b8add27e6b62a5be1a2bd9bba9e9ba5a3f00ff57", "createdBy": "/bin/sh -c apt-get update && apt-get install -y --no-install-recommends \t\tbzip2 \t\tunzip \t\txz-utils \t&& rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T09:53:00Z", "id": "sha256:47ea48679fe4f872e3d6bc7d038ce849515d760e57c132eb29dec586dafb626d", "createdBy": "/bin/sh -c { \t\techo '#!/bin/sh'; \t\techo 'set -e'; \t\techo; \t\techo 'dirname \"$(dirname \"$(readlink -f \"$(which javac || which java)\")\")\"'; \t} > /usr/local/bin/docker-java-home \t&& chmod +x /usr/local/bin/docker-java-home"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:28Z", "id": "sha256:18c3ce6e9e59148d5141ec66816e85f1412e1da0d85efc3f805c34fdafc2ff72", "createdBy": "|4 BASE_URL=https://apache.osuosl.org/maven/maven-3/3.5.2/binaries MAVEN_VERSION=3.5.2 SHA=707b1f6e390a65bde4af4cdaf2a24d45fc19a6ded00fff02e91626e3e42ceaff USER_HOME_DIR=/root /bin/sh -c mkdir -p /cve-2017-538/exploit && mkdir -p /usr/src/cve-2017-538"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:30Z", "id": "sha256:ae913c47883e9780234b19fc3731da43eef56c111f721123d68faccd80d48a19", "createdBy": "/bin/sh -c #(nop) ADD file:af1be9b4bd886f2ba17c7db8d118000f5867e70b280ed23209a92c0d566f3d5d in /usr/src/cve-2017-538/pom.xml "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:31Z", "id": "sha256:a5db6e4416f0a8450a0bab7f9f52305d02fae766d32aae6997f54af9bce02da9", "createdBy": "/bin/sh -c #(nop) ADD dir:690f022cd065f5f01d3025be0c224085ea5c7e67d9c7e21c41a863cd2077f0c0 in /usr/src/cve-2017-538/src "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:32Z", "id": "sha256:34f394b8b251466389fada0e0abbf483780a01cb22985961b4a2d70f9b58ee1b", "createdBy": "/bin/sh -c #(nop) ADD file:18169adf3debc49ae8a5f147809e2914f2d1a2a973b63b0ba2c3e8f2a4c8c4da in /cve-2017-538/entry-point.sh "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:03:33Z", "id": "sha256:567c31589ef85ad6a46e5efcfa7f801a4ff003ddf198cc31e03acf0aae0ec9b4", "createdBy": "/bin/sh -c #(nop) ADD file:1ddbbb3818d6365676a72eebe4edb86af95ae945a0260d13760aaff82d44b0d6 in /cve-2017-538/exploit/exploit.py "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-11-28T10:07:01Z", "id": "sha256:e00cb361922bc78dfef5d3d8a62e8d55f7613b155b7aecb354972eda0671e923", "createdBy": "|4 BASE_URL=https://apache.osuosl.org/maven/maven-3/3.5.2/binaries MAVEN_VERSION=3.5.2 SHA=707b1f6e390a65bde4af4cdaf2a24d45fc19a6ded00fff02e91626e3e42ceaff USER_HOME_DIR=/root /bin/sh -c chmod +x /cve-2017-538/entry-point.sh && sync && cd /usr/src/cve-2017-538 && mvn package && cp /usr/src/cve-2017-538/target/*.jar /cve-2017-538/cve-2017-538-example.jar && rm -Rf /usr/src/cve-2017-538"}, {"vulnerabilities": "/api/scans/4efbee8a-8d37-4944-8b2d-cd73abb7c8a3/layers/_image/vulnerabilities", "id": "_image", "findings": {"vulnerabilities": {"total": {"high": 13, "medium": 18}, "unresolved": {"high": 13, "medium": 18}}, "contents": {"total": {}, "unresolved": {}}}}], "architecture": "amd64", "os": "linux", "digest": "sha256:9460c621a1901c806f018fdb89695b67b78f2765e27fedff1e5b2396aa191f4e"}, "id": "4efbee8a-8d37-4944-8b2d-cd73abb7c8a3"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:1999", "findings": {"vulnerabilities": {"total": {"high": 2, "medium": 31, "negligible": 34, "low": 83}, "unresolved": {"high": 2, "medium": 31, "negligible": 34, "low": 83}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 8}, "unresolved": {"high": 8}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "1999", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/bcc6125a-a24a-4315-bdc4-45732b4380c4", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:48:48Z", "started": "2019-12-17T19:18:09Z", "completed": "2019-12-17T19:48:48Z", "results": [{"vulnerabilities": "/api/scans/bcc6125a-a24a-4315-bdc4-45732b4380c4/layers/sha256:16c48d79e9cc2d6cdb79a91e9c410250c1a44102ed4c971fbf24692cc09f2351/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 9, "negligible": 21, "low": 25}, "unresolved": {"medium": 9, "negligible": 21, "low": 25}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:10Z", "id": "sha256:16c48d79e9cc2d6cdb79a91e9c410250c1a44102ed4c971fbf24692cc09f2351", "createdBy": "/bin/sh -c #(nop) ADD file:a5b5bea2fa5358461649feb68a28ec3e9ec4547164744e8eb7f4112c1969f64f in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:10Z", "id": "sha256:3c654ad3ed7d66e3caa5ab60bee1b166359d066be7e9edca6161b72ac06f2008", "createdBy": "/bin/sh -c rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:11Z", "id": "sha256:6276f4f9c29df0a2fc8019e3c9929e6c3391967cb1f610f57a3c5f8044c8c2b6", "createdBy": "/bin/sh -c set -xe \t\t&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \t&& echo 'exit 101' >> /usr/sbin/policy-rc.d \t&& chmod +x /usr/sbin/policy-rc.d \t\t&& dpkg-divert --local --rename --add /sbin/initctl \t&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \t&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t&& echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' > /etc/apt/apt.conf.d/docker-clean \t&& echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' >> /etc/apt/apt.conf.d/docker-clean \t&& echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' >> /etc/apt/apt.conf.d/docker-clean \t\t&& echo 'Acquire::Languages \"none\";' > /etc/apt/apt.conf.d/docker-no-languages \t\t&& echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' > /etc/apt/apt.conf.d/docker-gzip-indexes \t\t&& echo 'Apt::AutoRemove::SuggestsImportant \"false\";' > /etc/apt/apt.conf.d/docker-autoremove-suggests"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:12Z", "id": "sha256:a4bd43ad48cebce2cad4207b823fe1693e10c440504ce72f48643772e3c98d7a", "createdBy": "/bin/sh -c mkdir -p /run/systemd && echo 'docker' > /run/systemd/container"}, {"findings": {"vulnerabilities": {"total": {"medium": 16, "negligible": 13, "low": 58}, "unresolved": {"medium": 16, "negligible": 13, "low": 58}}, "contents": {"total": {"high": 8}, "unresolved": {"high": 8}}}, "vulnerabilities": "/api/scans/bcc6125a-a24a-4315-bdc4-45732b4380c4/layers/sha256:96f6221c53662c418d192b44224034e1a2701d8ae039bc1fbb10cb762e9f7962/vulnerabilities", "contents": "/api/scans/bcc6125a-a24a-4315-bdc4-45732b4380c4/layers/sha256:96f6221c53662c418d192b44224034e1a2701d8ae039bc1fbb10cb762e9f7962/contents", "createdBy": "bash", "id": "sha256:96f6221c53662c418d192b44224034e1a2701d8ae039bc1fbb10cb762e9f7962", "createdAt": "2019-09-30T03:27:12Z"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-01T04:41:24Z", "id": "sha256:c1ce3c3682769fcfb01fb213b908447f56c73d3e7d661b7bd24b625f931d4d94", "createdBy": "sh /home/startup.sh"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-01T04:39:47Z", "id": "sha256:e883c99ef10234568ed3cd6be44773bdb54f99dc1a77506e8c42490122493a89", "createdBy": "/bin/sh -c echo \"cd /opt/vuls/spring-cloud-config/spring-cloud-config-server && ../mvnw spring-boot:run\" >/home/startup.sh"}, {"vulnerabilities": "/api/scans/bcc6125a-a24a-4315-bdc4-45732b4380c4/layers/_image/vulnerabilities", "id": "_image", "findings": {"vulnerabilities": {"total": {"high": 2, "medium": 6}, "unresolved": {"high": 2, "medium": 6}}, "contents": {"total": {}, "unresolved": {}}}}], "architecture": "amd64", "os": "linux", "digest": "sha256:c018d73062b1906ed5d1e3fb2e7d789f4cbfda11edb234486a0e8d36167a08d7"}, "id": "bcc6125a-a24a-4315-bdc4-45732b4380c4"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:19799", "findings": {"vulnerabilities": {"total": {"high": 2, "medium": 31, "negligible": 34, "low": 83}, "unresolved": {"high": 2, "medium": 31, "negligible": 34, "low": 83}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 8}, "unresolved": {"high": 8}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "19799", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/8a7e9d6e-1f03-483c-8132-f532491867a1", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:48:52Z", "started": "2019-12-17T19:18:08Z", "completed": "2019-12-17T19:48:52Z", "results": [{"vulnerabilities": "/api/scans/8a7e9d6e-1f03-483c-8132-f532491867a1/layers/sha256:16c48d79e9cc2d6cdb79a91e9c410250c1a44102ed4c971fbf24692cc09f2351/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 9, "negligible": 21, "low": 25}, "unresolved": {"medium": 9, "negligible": 21, "low": 25}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:10Z", "id": "sha256:16c48d79e9cc2d6cdb79a91e9c410250c1a44102ed4c971fbf24692cc09f2351", "createdBy": "/bin/sh -c #(nop) ADD file:a5b5bea2fa5358461649feb68a28ec3e9ec4547164744e8eb7f4112c1969f64f in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:10Z", "id": "sha256:3c654ad3ed7d66e3caa5ab60bee1b166359d066be7e9edca6161b72ac06f2008", "createdBy": "/bin/sh -c rm -rf /var/lib/apt/lists/*"}, {"vulnerabilities": "/api/scans/8a7e9d6e-1f03-483c-8132-f532491867a1/layers/_image/vulnerabilities", "id": "_image", "findings": {"vulnerabilities": {"total": {"high": 2, "medium": 6}, "unresolved": {"high": 2, "medium": 6}}, "contents": {"total": {}, "unresolved": {}}}}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:12Z", "id": "sha256:a4bd43ad48cebce2cad4207b823fe1693e10c440504ce72f48643772e3c98d7a", "createdBy": "/bin/sh -c mkdir -p /run/systemd && echo 'docker' > /run/systemd/container"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-01T04:41:24Z", "id": "sha256:c1ce3c3682769fcfb01fb213b908447f56c73d3e7d661b7bd24b625f931d4d94", "createdBy": "sh /home/startup.sh"}, {"findings": {"vulnerabilities": {"total": {"medium": 16, "negligible": 13, "low": 58}, "unresolved": {"medium": 16, "negligible": 13, "low": 58}}, "contents": {"total": {"high": 8}, "unresolved": {"high": 8}}}, "vulnerabilities": "/api/scans/8a7e9d6e-1f03-483c-8132-f532491867a1/layers/sha256:96f6221c53662c418d192b44224034e1a2701d8ae039bc1fbb10cb762e9f7962/vulnerabilities", "contents": "/api/scans/8a7e9d6e-1f03-483c-8132-f532491867a1/layers/sha256:96f6221c53662c418d192b44224034e1a2701d8ae039bc1fbb10cb762e9f7962/contents", "createdBy": "bash", "id": "sha256:96f6221c53662c418d192b44224034e1a2701d8ae039bc1fbb10cb762e9f7962", "createdAt": "2019-09-30T03:27:12Z"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-10-01T04:39:47Z", "id": "sha256:e883c99ef10234568ed3cd6be44773bdb54f99dc1a77506e8c42490122493a89", "createdBy": "/bin/sh -c echo \"cd /opt/vuls/spring-cloud-config/spring-cloud-config-server && ../mvnw spring-boot:run\" >/home/startup.sh"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-09-18T23:21:11Z", "id": "sha256:6276f4f9c29df0a2fc8019e3c9929e6c3391967cb1f610f57a3c5f8044c8c2b6", "createdBy": "/bin/sh -c set -xe \t\t&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \t&& echo 'exit 101' >> /usr/sbin/policy-rc.d \t&& chmod +x /usr/sbin/policy-rc.d \t\t&& dpkg-divert --local --rename --add /sbin/initctl \t&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \t&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t&& echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' > /etc/apt/apt.conf.d/docker-clean \t&& echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' >> /etc/apt/apt.conf.d/docker-clean \t&& echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' >> /etc/apt/apt.conf.d/docker-clean \t\t&& echo 'Acquire::Languages \"none\";' > /etc/apt/apt.conf.d/docker-no-languages \t\t&& echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' > /etc/apt/apt.conf.d/docker-gzip-indexes \t\t&& echo 'Apt::AutoRemove::SuggestsImportant \"false\";' > /etc/apt/apt.conf.d/docker-autoremove-suggests"}], "architecture": "amd64", "os": "linux", "digest": "sha256:ee6bef4290bd6248a4799241d9aad8d7ff64a07377d70574299702002119b0a9"}, "id": "8a7e9d6e-1f03-483c-8132-f532491867a1"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:1471", "findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {"high": 1}, "unresolved": {"high": 1}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "1471", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/d0d3c7c0-e101-47dd-94a5-51c7fa75bc51", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T19:23:24Z", "started": "2019-12-17T19:18:08Z", "completed": "2019-12-17T19:23:24Z", "labels": {"maintainer": "opsxcq@strm.sh"}, "results": [{"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-09T21:34:51Z", "id": "sha256:39e552a2b1f74a9985244528219d26fc1c27f1447a3d04e64b63bd70a4e68e2c", "createdBy": "/bin/sh -c #(nop) ADD file:4a0b4ab0f637224302bf3f7a7eedc5b75a404bc1188499ef2f98edb7ce44d0ed in / "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {"high": 1}, "unresolved": {"high": 1}}}, "createdAt": "2017-10-30T22:47:40Z", "id": "sha256:24d8e3df4c08f935c5fc57c8c4cf0ccae798cfee7a1dfb6842602d4fa98aad5b", "createdBy": "/bin/sh -c apt-get update && apt-get upgrade -y && DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 && apt-get clean && rm -rf /var/lib/apt/lists/*", "contents": "/api/scans/d0d3c7c0-e101-47dd-94a5-51c7fa75bc51/layers/sha256:24d8e3df4c08f935c5fc57c8c4cf0ccae798cfee7a1dfb6842602d4fa98aad5b/contents"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:47:41Z", "id": "sha256:1aef146d4e401357b8a115682184f2ecc32a3c420d8bae59f79b0a17b87dabe8", "createdBy": "/bin/sh -c #(nop) COPY dir:70a4d821a223ee20a9d79beef4a844624d430e083fc0008cfb50db760b891a97 in /packages "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:47:43Z", "id": "sha256:342a14b47e491865e31932ef8b05eeb8d3e949850c7417e32df672b7c23a26d1", "createdBy": "/bin/sh -c dpkg -i /packages/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:47:44Z", "id": "sha256:8649b463e0f5008a7379743f9d2c53c3d0efe41cc87f88ba75f47429fb749da8", "createdBy": "/bin/sh -c #(nop) COPY file:9e764a7b3433192400897e392af022200417409cb121b6c23fa2f0e5eccca290 in /usr/lib/cgi-bin/ "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:47:45Z", "id": "sha256:475ded304254530e4100c586e760699517d79c4b2170ae8794cb8b9d3dd2dee2", "createdBy": "/bin/sh -c #(nop) COPY file:eb61067b5a8d87429c9531541b3cf0603056926ca7a786c663578c5cd1b650b2 in /var/www "}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:47:45Z", "id": "sha256:d4f4bb77bcb1ed5a569052394769bc63c7f978550b52e54c40c9f91246b1d121", "createdBy": "/bin/sh -c chown www-data:www-data /var/www/index.html"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2017-10-30T22:47:46Z", "id": "sha256:cb1d9d28476d14bf0506b0701bec8627f94ccc6858b8498787cc659d93379d01", "createdBy": "/bin/sh -c #(nop) COPY file:a5df79b3b85403cd60f9c0035c82589fb7d5ff68f0e1a927cb0f5407b76a74a5 in / "}], "architecture": "amd64", "os": "linux", "digest": "sha256:bdac8529e22931c1d99bf4907e12df3c2df0214070635a0b076fb11e66409883"}, "id": "d0d3c7c0-e101-47dd-94a5-51c7fa75bc51"}, {"status": "completed-with-findings", "name": "786395520305.dkr.ecr.us-east-2.amazonaws.com/test:17271", "findings": {"vulnerabilities": {"total": {"high": 7, "medium": 109, "negligible": 33, "low": 118}, "unresolved": {"high": 7, "medium": 109, "negligible": 33, "low": 118}}, "scanners": {"vulnerabilities": {"status": "ok", "updated": "2019-12-13T05:16:58Z"}, "malware": {"status": "ok", "updated": "2019-11-11T18:01:55Z", "versions": {"blacklist": "25100", "icrc": "1548700", "trendX": "111200"}}, "vulnerabilityPatterns": {"status": "ok"}}, "contents": {"total": {}, "unresolved": {}}, "checklists": {"total": {}, "unresolved": {}}}, "source": {"insecureSkipVerify": false, "tag": "17271", "type": "docker", "registry": "786395520305.dkr.ecr.us-east-2.amazonaws.com", "repository": "test"}, "href": "/api/scans/8eae004a-33c6-493d-b8c3-4fb02fe4c4a0", "details": {"requested": "2019-12-17T19:18:08Z", "updated": "2019-12-17T20:15:33Z", "started": "2019-12-17T19:18:08Z", "completed": "2019-12-17T20:15:33Z", "labels": {"maintainer": "cved (cved@protonmail.com)", "author": "Henry Zhao (532256580@qq.com)"}, "results": [{"vulnerabilities": "/api/scans/8eae004a-33c6-493d-b8c3-4fb02fe4c4a0/layers/sha256:c314617ce3f190fe3a442f76abca66ef5f1df02bfe6614af8e244e066ce54a67/vulnerabilities", "findings": {"vulnerabilities": {"total": {"high": 7, "medium": 92, "negligible": 33, "low": 113}, "unresolved": {"high": 7, "medium": 92, "negligible": 33, "low": 113}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-03T23:10:55Z", "id": "sha256:c314617ce3f190fe3a442f76abca66ef5f1df02bfe6614af8e244e066ce54a67", "createdBy": "/bin/sh -c #(nop) ADD file:b64f702c5b33d12426b57d1e25d5c6de0f2331d390d78b6dff16289914ad6098 in /"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T02:50:24Z", "id": "sha256:bc652b3177fa6d78aad8ee5c3712e6e1b1221e35235b717ba9ba06fe449808b8", "createdBy": "/bin/sh -c ./jdk-6u45-linux-x64.bin && rm jdk-6u45-linux-x64.bin && mv jdk1.6.0_45 /root/jdk"}, {"vulnerabilities": "/api/scans/8eae004a-33c6-493d-b8c3-4fb02fe4c4a0/layers/sha256:f20398cebefd007bca067f3628e40f3b67196ffcb1dab296af7b472ea150ee3c/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 9, "low": 4}, "unresolved": {"medium": 9, "low": 4}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T02:50:00Z", "id": "sha256:f20398cebefd007bca067f3628e40f3b67196ffcb1dab296af7b472ea150ee3c", "createdBy": "/bin/sh -c apt-get update && apt-get install -y wget && apt-get clean"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T02:50:00Z", "id": "sha256:9f2224dd77cbc6ec01bf3b0881836e4aee5f51031b3f3e79162648a87c838111", "createdBy": "/bin/sh -c wget --no-check-certificate 'https://docs.google.com/uc?export=download&id=0B-NEimEr29WddlFEbmhqTUVOZm8' -O gdown.pl"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T04:23:45Z", "id": "sha256:fc6380348c4873acf9657e5102d974b4f405b4fcfbab6ac165939cf592466a07", "createdBy": "/bin/sh -c perl gdown.pl 'https://docs.google.com/uc?export=download&id=0B-NEimEr29WdbURhaE16NElXbjA' 'wls1036_generic.jar'"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T02:50:05Z", "id": "sha256:d5d8920e4aed3e61b7fbecf374b75a50ee722b5fc57db6c29e0c634fa6490713", "createdBy": "/bin/sh -c perl gdown.pl 'https://docs.google.com/uc?export=download&id=0B-NEimEr29WddXo1X1hma0pTTXM' 'jdk-6u45-linux-x64.bin'"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T04:23:52Z", "id": "sha256:27a3ad27c11cea5a9710e1aeb81bfc9dce4efff1df1ea0ab261ccc893d331710", "createdBy": "/bin/sh -c wget --no-check-certificate 'https://docs.google.com/uc?export=download&id=0B-NEimEr29WdRXNoMndCMUllMGs' -O wls-silent.xml"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T02:50:06Z", "id": "sha256:b6183c9977f38c4c20ee0edf8a12958bac7c6a01c3474fb2f95b42236e15f639", "createdBy": "/bin/sh -c mkdir /root/jdk"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T02:50:08Z", "id": "sha256:4858d8e4448777001686564112164a8ab338bde2233665d066889e6ae50b178d", "createdBy": "/bin/sh -c chmod +x jdk-6u45-linux-x64.bin"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-16T04:26:47Z", "id": "sha256:647ffbbe9acd371b1654f948c3660cac2dbbea7e2d1a3551ceee715481c3dd33", "createdBy": "/bin/sh -c /root/jdk/jdk1.6.0_45/bin/java -jar wls1036_generic.jar -mode=silent -silent_xml=/wls-silent.xml && \trm /wls1036_generic.jar /wls-silent.xml"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2018-05-28T08:10:27Z", "id": "sha256:16c66ad361969591de9724e7845927f1d7056c66c7e9cd3a00373f7f3f9d2bf2", "createdBy": "/bin/sh -c wget --no-check-certificate 'https://docs.google.com/uc?export=download&id=0B-NEimEr29WdQThnYjVnRmUwd2c' -O create-wls-domain.py"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2018-05-28T08:10:28Z", "id": "sha256:8af8809bd48088afeb8d9147f3a170985db69d0770e5333b2618a49f0d210142", "createdBy": "/bin/sh -c mv create-wls-domain.py /root/Oracle && chmod +x /root/Oracle/create-wls-domain.py"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2018-05-28T08:11:39Z", "id": "sha256:d42fddf5bdeb82985be7f8a75c4f10a4ffa561265be3c7fa88b9bf07d6d18a42", "createdBy": "/bin/sh -c /root/Oracle/Middleware/wlserver_10.3/common/bin/wlst.sh -skipWLSModuleScanning /root/Oracle/create-wls-domain.py"}, {"vulnerabilities": "/api/scans/8eae004a-33c6-493d-b8c3-4fb02fe4c4a0/layers/sha256:cff6a4bfb7751712eb268e9474de9976cf3b2692f6a1abf59fd5639b93b342e2/vulnerabilities", "findings": {"vulnerabilities": {"total": {"medium": 8, "low": 1}, "unresolved": {"medium": 8, "low": 1}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2019-01-11T22:23:33Z", "id": "sha256:cff6a4bfb7751712eb268e9474de9976cf3b2692f6a1abf59fd5639b93b342e2", "createdBy": "|1 DEBIAN_FRONTEND=noninteractive /bin/sh -c apt-get -y update && apt-get -y install python && apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-03T23:11:04Z", "id": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "createdBy": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-03T23:11:02Z", "id": "sha256:e97b6d94bca0b869312a237da7fd46d46c5cf93161dffce0a1b25ef34b4e1bb4", "createdBy": "/bin/sh -c rm -rf /var/lib/apt/lists/*"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-03T23:11:03Z", "id": "sha256:e597f798b336e3c87d689997a3df08c1738bd3e934edd198b8890135463199d6", "createdBy": "/bin/sh -c sed -i 's/^#\\s*\\(deb.*universe\\)$/\\1/g' /etc/apt/sources.list"}, {"findings": {"vulnerabilities": {"total": {}, "unresolved": {}}, "contents": {"total": {}, "unresolved": {}}}, "createdAt": "2016-05-03T23:11:00Z", "id": "sha256:2389af727e430c4bfff7861b1be4c2c4f75fb4ca14f380c3b8b92000ec39d4f5", "createdBy": "/bin/sh -c set -xe \t\t&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \t&& echo 'exit 101' >> /usr/sbin/policy-rc.d \t&& chmod +x /usr/sbin/policy-rc.d \t\t&& dpkg-divert --local --rename --add /sbin/initctl \t&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \t&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t&& echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' > /etc/apt/apt.conf.d/docker-clean \t&& echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' >> /etc/apt/apt.conf.d/docker-clean \t&& echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' >> /etc/apt/apt.conf.d/docker-clean \t\t&& echo 'Acquire::Languages \"none\";' > /etc/apt/apt.conf.d/docker-no-languages \t\t&& echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' > /etc/apt/apt.conf.d/docker-gzip-indexes"}], "architecture": "amd64", "os": "linux", "digest": "sha256:da8b26b5f9db6a74570aad251104fb6591893dcbdd39448c9032aa8e21fe94ee"}, "id": "8eae004a-33c6-493d-b8c3-4fb02fe4c4a0"}]} \ No newline at end of file + From 83c45d1f919247fe9ac76924eedd51ff57cd8567 Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Wed, 21 Apr 2021 15:13:57 -0500 Subject: [PATCH 003/162] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 82d28fc..25872a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER piesecurity RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ && chmod a+x /usr/local/tomcat/bin/*.sh -ADD https://secure.eicar.org/eicar.com.txt /root/ +#ADD https://secure.eicar.org/eicar.com.txt /root/ COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war COPY key.pem /usr/local/tomcat/webapps/key.pem EXPOSE 8080 From 47cdb24e944f6d173ac03e733c75052e799de1ed Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Wed, 21 Apr 2021 15:15:41 -0500 Subject: [PATCH 004/162] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 25872a4..82d28fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER piesecurity RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ && chmod a+x /usr/local/tomcat/bin/*.sh -#ADD https://secure.eicar.org/eicar.com.txt /root/ +ADD https://secure.eicar.org/eicar.com.txt /root/ COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war COPY key.pem /usr/local/tomcat/webapps/key.pem EXPOSE 8080 From 36771614124afecece31a4f935020d0c5260a6ea Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Fri, 23 Apr 2021 17:11:31 -0500 Subject: [PATCH 005/162] Update test.txt --- test.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/test.txt b/test.txt index 8b13789..295cb16 100644 --- a/test.txt +++ b/test.txt @@ -1 +1,2 @@ +qw12312 From 342293167b986abd0df9ccc1042b48b3df147861 Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Fri, 23 Apr 2021 17:13:11 -0500 Subject: [PATCH 006/162] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 82d28fc..25872a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER piesecurity RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ && chmod a+x /usr/local/tomcat/bin/*.sh -ADD https://secure.eicar.org/eicar.com.txt /root/ +#ADD https://secure.eicar.org/eicar.com.txt /root/ COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war COPY key.pem /usr/local/tomcat/webapps/key.pem EXPOSE 8080 From 976a87f6bc4a71a0904b3aa030c6d8608676460e Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Fri, 23 Apr 2021 17:17:29 -0500 Subject: [PATCH 007/162] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 25872a4..82d28fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER piesecurity RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ && chmod a+x /usr/local/tomcat/bin/*.sh -#ADD https://secure.eicar.org/eicar.com.txt /root/ +ADD https://secure.eicar.org/eicar.com.txt /root/ COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war COPY key.pem /usr/local/tomcat/webapps/key.pem EXPOSE 8080 From eeb6dc783803f351a55ab49d851afd9b7bb2ebf5 Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Fri, 23 Apr 2021 17:25:02 -0500 Subject: [PATCH 008/162] wtf --- test.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test.txt b/test.txt index 295cb16..5c8b7ea 100644 --- a/test.txt +++ b/test.txt @@ -1,2 +1 @@ - -qw12312 +WTF From 191b3181868c4760e4732f332a6d588d13b1f63f Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Fri, 23 Apr 2021 17:29:12 -0500 Subject: [PATCH 009/162] WTF --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 82d28fc..25872a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER piesecurity RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ && chmod a+x /usr/local/tomcat/bin/*.sh -ADD https://secure.eicar.org/eicar.com.txt /root/ +#ADD https://secure.eicar.org/eicar.com.txt /root/ COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war COPY key.pem /usr/local/tomcat/webapps/key.pem EXPOSE 8080 From 710e025f0c82486349c49a7ba217fbb4f0582000 Mon Sep 17 00:00:00 2001 From: Yessenia Becerra Date: Fri, 23 Apr 2021 17:31:06 -0500 Subject: [PATCH 010/162] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 25872a4..82d28fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER piesecurity RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ && chmod a+x /usr/local/tomcat/bin/*.sh -#ADD https://secure.eicar.org/eicar.com.txt /root/ +ADD https://secure.eicar.org/eicar.com.txt /root/ COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war COPY key.pem /usr/local/tomcat/webapps/key.pem EXPOSE 8080 From eb8625160bbeea8e3dce391e4f6eb113ce449e1c Mon Sep 17 00:00:00 2001 From: XeniaP Date: Tue, 4 May 2021 20:33:09 -0500 Subject: [PATCH 011/162] Fixed to Public --- CCTemplate.yml | 154 -------------------- Dockerfile | 15 +- ImportantFile.txt | 7 + README.md | 40 ++++- jenkinsfile | 4 +- legacyApiDS.js | 33 ----- package-lock.json | 19 --- requirements.txt | 3 - scAPI.py | 196 ------------------------- scan.py | 364 ---------------------------------------------- test.txt | 1 - 11 files changed, 60 insertions(+), 776 deletions(-) delete mode 100644 CCTemplate.yml create mode 100644 ImportantFile.txt delete mode 100644 legacyApiDS.js delete mode 100644 package-lock.json delete mode 100644 requirements.txt delete mode 100644 scAPI.py delete mode 100644 scan.py delete mode 100644 test.txt diff --git a/CCTemplate.yml b/CCTemplate.yml deleted file mode 100644 index d2388b5..0000000 --- a/CCTemplate.yml +++ /dev/null @@ -1,154 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: Template to automatically setup AWS EC2 AWS for Asset Scanning -Metadata: - Author: "" - Version: "1.0" - Updated: "" - Version Comments: "" -Parameters: - UserName: - Default: empty - Description: User Authorized to Create a Virtual Scanner - Type: String - Password: - Default: empty - Description: Password of the User Authorized to Create an Virtual Scanner - Type: String - NoEcho: true - SCANNERNAME: - Default: Empty - Description: (Optional) name you want to give to your scanner appliance - Type: String - InstanceType: - Description: Scanner instance size - Type: String - Default: t2.medium - AllowedValues: - - t2.medium - - t2.large - - m4.large - - m4.xlarge - - m3.large - - m3.xlarge - - c4.large - - c4.xlarge - - c4.2xlarge - - c3.large - - c3.xlarge - - c3.2xlarge - - r3.large - Subnets: - Description: Select subnet to launch scanner in - Type: AWS::EC2::Subnet::Id - -Resources: - AWSFunction: - DependsOn: LambdaExecutionRole - Type: AWS::Lambda::Function - Properties: - Environment: - Variables: - SCANNERNAME: !Ref SCANNERNAME - USERNAME: !Ref UserName - PASSWORD: !Ref Password - Code: - ZipFile: !Sub | - def lambda_handler(event, context): - import boto3 - import xml.etree.ElementTree as ET - import cfnresponse - import os - import sys - region = context.invoked_function_arn.split(":")[3] - accountId = context.invoked_function_arn.split(":")[4] - SCANNERNAME = os.getenv('SCANNERNAME') - username = os.getenv('USERNAME') - password = os.getenv('PASSWORD') - ec2 = boto3.client('ec2') - filters = [{'Name': 'name', 'Values': ['*1b8af947-aa54-4852-9da6-282428ba2f46*']}] - images = ec2.describe_images(Filters=filters) - a = images['Images'] - c = images['Images'][0]['CreationDate'] - for i in range (len(a)-1): - j = 0 - if c < images['Images'][i]['CreationDate']: - c= images['Images'][i]['CreationDate'] - j = i - AMIID = images['Images'][j]['ImageId'] - qurl = 'curl -u {}:{} -H "X-Requested-With:Curl" -X "POST" -d "action=create&echo_request=1&name={}" "{}/api/2.0/fo/appliance/"'.format(username, password,SCANNERNAME) - result = os.popen(qurl).read() - tree = ET.fromstring(result) - PERS = tree.find('RESPONSE/APPLIANCE/ACTIVATION_CODE').text - responseData = {} - responseData['PERS'] = PERS - responseData['AMIID'] = AMIID - cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData) - Description: Lambda Function to create a Virtual Scanner in QCP - Handler: index.lambda_handler - Role: !GetAtt 'LambdaExecutionRole.Arn' - Runtime: python2.7 - Timeout: '120' - LambdaExecutionRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Version: '2012-10-17' - Statement: - - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - Action: - - sts:AssumeRole - Path: / - Policies: - - PolicyName: root - PolicyDocument: - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - Resource: arn:aws:logs:*:*:* - - Effect: Allow - Action: - - iam:CreateRole - Resource: '*' - - Effect: Allow - Action: - - ec2:Describe* - Resource: '*' - MyEC2: - DependsOn: AWSFunction - Type: "AWS::EC2::Instance" - Properties: - ImageId: !GetAtt 'CustomResource.AMIID' - SubnetId: !Ref Subnets - InstanceType: !Ref InstanceType - Tenancy: Dedicated - SecurityGroupIds: - - !GetAtt ExampleSG.GroupId - UserData: - Fn::Base64: !Sub | - PERSCODE=${CustomResource.PERS} - - ExampleSG: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: allow connections from specified CIDR ranges - SecurityGroupIngress: - - CidrIp: 0.0.0.0/0 - FromPort: All - IpProtocol: tcp - ToPort: All - - CustomResource: - Type: Custom::CustomResource - Properties: - ServiceToken: !GetAtt 'AWSFunction.Arn' -Outputs: - PERS: - Description: Personalization Code. - Value: !GetAtt 'CustomResource.PERS' diff --git a/Dockerfile b/Dockerfile index 82d28fc..618b2bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,18 @@ +# Base Image FROM tomcat:7 -MAINTAINER piesecurity +# Configuration of Application Environment RUN set -ex \ && rm -rf /usr/local/tomcat/webapps/* \ - && chmod a+x /usr/local/tomcat/bin/*.sh + && chmod a+x /usr/local/tomcat/bin/*.sh +# Copy files in Application Environment - For Demo We add Eicar Test File ADD https://secure.eicar.org/eicar.com.txt /root/ +# Create Malware in Build +RUN echo "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" > eicar.file +CMD ["chmod +x eicar.file", "./eicar.file"] +#Add Application Files .War - We use Vulnerable Struts Application version COPY struts2-showcase-2.3.12.war /usr/local/tomcat/webapps/ROOT.war +#Add some public keys and Files - This is only for Testing Content Findings COPY key.pem /usr/local/tomcat/webapps/key.pem -EXPOSE 8080 +COPY ImportantFile.txt /usr/local/tomcat/webapps/ImportantFile.txt +#Expose the Service +EXPOSE 8080 \ No newline at end of file diff --git a/ImportantFile.txt b/ImportantFile.txt new file mode 100644 index 0000000..e1bea2c --- /dev/null +++ b/ImportantFile.txt @@ -0,0 +1,7 @@ +Card Number Card Type Issuing Country Expiry Date CVV2/CVC3 +4035 5010 0000 0008 Visa Debit / Cartes Bancaires FR 03/2030 737 +4360 0000 0100 0005 Cartes Bancaires FR 03/2030 737 +8171 9999 2766 0000 10/2030 737 CN +8171 9999 0000 0000 021 10/2030 737 CN +6243 0300 0000 0001 12/2029 737 CN +6250946000000016 12/2033 123 111111 +85211112222 \ No newline at end of file diff --git a/README.md b/README.md index 6a1e4b1..164cae7 100644 --- a/README.md +++ b/README.md @@ -1 +1,39 @@ -# scExample +# Trend Micro Smart Check Demo Image Example + +This is a Docker Image used Only for Demostration - NOT USE IN PRODUCTION ENVIRONMENT + +The main objective is to demonstrate the detection of Vulnerabilities, Malware and Some additional elements within a Pipeline. + +How-to-use +1) Copy the project in your local environment +´´´ +git clone https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git +cd Trend-Micro-Smart-Check-Demo-Image +´´´ + +2) Build image +docker build -t demo-app:v1 . + +3) Push your image in your Registry (ECR, ACR, GCR) - For this Example we use DockerHub [DockerHub](https://hub.docker.com/) +> you need to be logged into the Docker Registry, you can use the following commanand. $ docker login + +``` +# tag your image +docker tag /demo-app:v1 demo-app:v1 +# push your image +docker push /demo-app:v1 +``` + +4) Perfect!, now you can scan this image with [Deep Security Smart Check](https://cloudone.trendmicro.com/docs/container-security/sc-about/) + +---------------------------------------- + +## TO-DO + +- [x] how-to build/upload image to registry +- [ ] how-to deploy Kubernetes +- [ ] how-to deploy Trend Micro Smart Check + +## Contributing +If you encounter a bug, think of a useful feature, or find something confusing in the docs, please create a new issue! +We ❤️ pull requests. \ No newline at end of file diff --git a/jenkinsfile b/jenkinsfile index 38b9d10..5cd00fd 100644 --- a/jenkinsfile +++ b/jenkinsfile @@ -6,7 +6,7 @@ pipeline { stage('Checkout Source') { steps { - git url:'https://github.com/vamsijakkula/hellowhale.git', branch:'master' + git url:'', branch:'master' } } @@ -21,7 +21,7 @@ pipeline { stage("Push image") { steps { script { - docker.withRegistry('https://registry.hub.docker.com', 'dockerhub') { + docker.withRegistry('', 'dockerhub') { myapp.push("latest") myapp.push("${env.BUILD_ID}") } diff --git a/legacyApiDS.js b/legacyApiDS.js deleted file mode 100644 index 5ab7875..0000000 --- a/legacyApiDS.js +++ /dev/null @@ -1,33 +0,0 @@ -var https = require('follow-redirects').https; -var fs = require('fs'); - -var options = { - 'method': 'GET', - 'hostname': 'app.deepsecurity.trendmicro.com', - 'port': 443, - 'path': '/rest/events/antimalware?sID=2DD4C7E0-55CD-9839-3206-F945F0B013EF_85A2C05E202DD68C08FD6935C7513FBC', - 'headers': { - 'api-version': 'v1', - 'Content-Type': 'application/json' - }, - 'maxRedirects': 20 -}; - -var req = https.request(options, function (res) { - var chunks = []; - - res.on("data", function (chunk) { - chunks.push(chunk); - }); - - res.on("end", function (chunk) { - var body = Buffer.concat(chunks); - console.log(body.toString()); - }); - - res.on("error", function (error) { - console.error(error); - }); -}); - -req.end(); \ No newline at end of file diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index a4adb8e..0000000 --- a/package-lock.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "requires": true, - "lockfileVersion": 1, - "dependencies": { - "axios": { - "version": "0.21.1", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz", - "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==", - "requires": { - "follow-redirects": "^1.10.0" - } - }, - "follow-redirects": { - "version": "1.13.2", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.2.tgz", - "integrity": "sha512-6mPTgLxYm3r6Bkkg0vNM0HTjfGrOEtsfbhagQvbxDEsEkpNhw582upBaoRZylzen6krEmxXJgt9Ju6HiI4O7BA==" - } - } -} diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 0096907..0000000 --- a/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -requests -docker-image-py -curlify diff --git a/scAPI.py b/scAPI.py deleted file mode 100644 index 05adbc4..0000000 --- a/scAPI.py +++ /dev/null @@ -1,196 +0,0 @@ -""" Script Simple """ -import requests -import json -import os -import sys -import urllib3 -import curlify - -#environmental variables -imagetag=os.environ.get("IMAGETAG") -buildid=os.environ.get("BUILD_ID") -high_t=os.environ.get("HIGH") -medium_t=os.environ.get("MEDIUM") -low_t=os.environ.get("LOW") -negligible_t=os.environ.get("NEGLIGIBLE") -unknown_t=os.environ.get("UNKNOWN") -user=os.environ.get("USER") -password=os.environ.get("PASSWORD") -registry= os.environ.get("REGISTRY") -repository = os.environ.get("REPO") - -aws_access_key = os.environ.get("AWS_KEY") -aws_secret_key = os.environ.get("AWS_SECRET") - -smartCheckLB = os.environ.get("SC_HOSTNAME") -userSC = os.environ.get("USER") -passSC = os.environ.get("PASSWORD") - -def requestToken(): - requests.packages.urllib3.disable_warnings() - """ Request Session Token this is necesary for User Autentication """ - - url = "https://"+smartCheckLB+"/api/sessions" - headers = {'Content-Type': 'application/json', 'X-API-Version': '2018-05-01' } - data = {'user': {'userID': userSC, 'password': passSC }} - - try: - response = requests.request("POST", url, json=data, headers=headers, verify=False) - print(curlify.to_curl(response.request)) - print(requests.request("POST", url, json=data, headers=headers, verify=False)) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - return response.json()['token'] - -def listSessions(): - requests.packages.urllib3.disable_warnings() - """ Request Session Token this is necesary for User Autentication """ - - url = "https://"+smartCheckLB+"/api/sessions" - headers = {'Content-Type': 'application/json', 'X-API-Version': '2018-05-01' } - data = {'user': {'userID': userSC, 'password': passSC },'expand': 'all', 'limit':'25'} - - try: - response = requests.request("POST", url, json=data, headers=headers, verify=False) - print(curlify.to_curl(response.request)) - print(response.json()) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - -def requestScan(): - requests.packages.urllib3.disable_warnings() - url = "https://"+smartCheckLB+"/api/scans" - data = {"source": { - "type": "docker", - "registry": registry, - "repository": repository+imagetag, - "tag": 'latest', - "credentials": {"aws": {"region": "us-east-2"}}}, - "webhooks": [{ - "hookURL": createWebHook()}]} - headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer'+requestToken(), 'X-API-Version': '2018-05-01'} - try: - response = requests.request("POST", url, json=data, headers=headers, verify=False) - print(curlify.to_curl(response.request)) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - return response.json()['id'] - -def listScan(): - requests.packages.urllib3.disable_warnings() - url = "https://"+smartCheckLB+"/api/scans/" - headers = {'Authorization': 'Bearer'+requestToken(), 'X-API-Version': '2018-05-01'} - querystring = {"expand":"all", "status":"completed-with-findings"} - - try: - response=requests.request("GET", url, headers=headers,params=querystring,verify=False) - data = response.json() - obj = open("test.txt", "wb") - obj.write(json.dumps(data)) - obj.close() - print (json.dumps(data)) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - - -def sendToSlack(message, data): - url = 'https://hooks.slack.com/services/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' - headers = {'Content-Type': 'application/json'} - - try: - response = requests.request("POST", url, json=data, headers=headers) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - -def createWebHook(): - requests.packages.urllib3.disable_warnings() - url = "https://"+smartCheckLB+"/api/webhooks" - data = { "name": "Test WebHook descriptive string", - "hookURL": "https://"+smartCheckLB+"/", - "secret": "tHiSiSaBaDsEcReT", - "events": [ - "scan-requested" - ] - } - headers = {'Content-Type': 'application/json', 'Authorization': 'Bearer'+requestToken()} - try: - response = requests.request("POST", url, json=data, headers=headers, verify=False) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - return response.json()['hookUrl'] - -def requestReport(): - urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) - high, medium, low, negligible, unknown = 0, 0, 0, 0, 0 - status='pending' - - url = "https://"+smartCheckLB+"/api/scans/" - headers = {'Authorization': 'Bearer'+requestToken(), 'X-API-Version': '2018-05-01'} - querystring = {"id": requestScan(),"expand":"none"} - - while status != "completed-with-findings": - try: - response=requests.request("GET", url, headers=headers,params=querystring,verify=False) - except requests.exceptions.RequestException as e: - print (e) - sys.exit(1) - - status = response.json()['scans'][0]['status'] - - if (status == "completed-no-findings"): - break - - if status == 'failed': - print("Scan failed!") - sys.exit(1) - - data = response.json() - - if(status == "completed-with-findings" ): - findings = data['scans'][0]['findings'] - vulnerabilities = findings['vulnerabilities'] - - dataVuln = "Vulnerabilities found: \n" - dataMalw = "" - - for value in vulnerabilities['total']: - if value == 'high': - high = vulnerabilities['total']['high'] - dataVuln = dataVuln+"High: "+str(high)+"\n" - if value == 'medium': - medium = vulnerabilities['total']['medium'] - dataVuln = dataVuln+"Medium: "+str(medium)+"\n" - if value == 'low': - low = vulnerabilities['total']['low'] - dataVuln = dataVuln+"Low: "+str(low)+"\n" - if value == 'negligible': - negligible = vulnerabilities['total']['negligible'] - dataVuln = dataVuln+"Negligible: "+str(negligible)+"\n" - if value == 'unknown': - unknown = vulnerabilities['total']['unknown'] - dataVuln = dataVuln+"Unknown: "+str(unknown)+"\n" - - if dataVuln == "Vulnerabilities found: \n": dataVuln="" - - for value in findings: - if value == 'malware': - malware = findings['malware'] - dataMalw = "Malware found: "+str(malware) - - message = dataVuln+dataMalw - - if (high <= int(high_t)) and (medium <= int(medium_t)) and (low <= int(low_t)) and (negligible <= int(negligible_t)) and (unknown <= int(unknown_t) and (malware < 1)): - sys.stdout.write('1') - message = "Image is clean and ready to be deployed!" - - data = {"text": "!!! Scan results !!! \n"+"Image: "+imagetag+'-'+buildid+"\n"+message} - - sendToSlack(message, data) - -requestReport() diff --git a/scan.py b/scan.py deleted file mode 100644 index 79c3da4..0000000 --- a/scan.py +++ /dev/null @@ -1,364 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright 2019 Trend Micro and contributors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -from __future__ import print_function - -import argparse -import base64 -import os -import sys -import json -import time - -import requests - -from docker_image import reference - -#environmental variables -imagetag=os.environ.get("IMAGETAG") -buildid=os.environ.get("BUILD_ID") -high_t=os.environ.get("HIGH") -medium_t=os.environ.get("MEDIUM") -low_t=os.environ.get("LOW") -negligible_t=os.environ.get("NEGLIGIBLE") -unknown_t=os.environ.get("UNKNOWN") -user=os.environ.get("USER") -password=os.environ.get("PASSWORD") - - -class SlightlyImprovedSession(requests.Session): - """ - A SlightlyImprovedSession keeps track of the base URL and any kwargs that - should be passed to requests. - - When you make a `get` or `post` request, the URL you provide will be - `urljoin`'d with the base URL, so relative URLs will work pretty well. - - Technically, this is totally broken, because relative URLs should be - evaluated relative to the resource that provided the URL, but for our - purposes this works perfectly and really simplifies life, so we're - going to ignore the pedants. - """ - - def __init__(self, base, **kwargs): - super(SlightlyImprovedSession, self).__init__() - self.base = base - self.kwargs = kwargs - - def post(self, url, **kwargs): - for k in self.kwargs: - if not k in kwargs: - kwargs[k] = self.kwargs[k] - - return super(SlightlyImprovedSession, self).post( - requests.compat.urljoin(self.base, url), - **kwargs - ) - - def get(self, url, **kwargs): - for k in self.kwargs: - if not k in kwargs: - kwargs[k] = self.kwargs[k] - - return super(SlightlyImprovedSession, self).get( - requests.compat.urljoin(self.base, url), - **kwargs - ) - - -def get_session(base, user, password, **kwargs): - """Authenticate with the service and return a session.""" - - session = SlightlyImprovedSession(base, **kwargs) - - response = session.post('/api/sessions', json={ - 'user': { - 'userID': user, - 'password': password - } - }) - - if not response.ok: - raise Exception(f'could not start session: {response}') - - token = response.json()['token'] - - session.headers.update({'Authorization': f'Bearer {token}'}) - return session - -def eprint(*args, **kwargs): - """print a message to stderr""" - print(*args, file=sys.stderr, **kwargs) - - -def start_scan(session, ref, - image_pull_auth=None, - registry_root_cas=None, - webhook_teams=None, - insecure_skip_registry_tls_verify=False, - wait=True): - """Start a scan.""" - - ref = reference.Reference.parse(ref) - - hostname, name = ref.split_hostname() - print (ref) - print (session) - print(hostname) - print(name) - - if isinstance(image_pull_auth, str): - try: - image_pull_auth = json.loads(image_pull_auth) - except json.decoder.JSONDecodeError as err: - eprint('Unable to parse image-pull-auth value:', err) - sys.exit(1) - - if registry_root_cas is not None: - with open(registry_root_cas) as file: - registry_root_cas = base64.b64encode( - file.read().encode() - ).decode('utf-8') - - registry_aux = session.get('/api/registries') - - print ("registries") - - for registry in registry_aux.json()["registries"]: - if(registry["host"] == hostname): - registry_id = registry["id"] - - if(image_pull_auth == "None"): - response = session.post('/api/scans', - json={ - 'name': name, - 'source': { - 'type': 'docker', - 'registry': hostname, - 'repository': name, - 'tag': ref['tag'], - 'digest': ref['digest'], - 'credentials': image_pull_auth, - 'rootCAs': registry_root_cas, - 'insecureSkipVerify': insecure_skip_registry_tls_verify, - } - }) - else: - print(registry_id) - response = session.post("/api/registries/"+registry_id+"/scans", - json={ - "name": name, - "source": { - "repository": name, - "tag": ref["tag"], - } - }) - - if not response.ok: - eprint('could not create scan', response) - sys.exit(1) - - scan = response.json() - if wait: - while scan['status'] in ['pending', 'in-progress']: - print('waiting for scan to complete...', file=sys.stderr) - time.sleep(10) - - response = session.get(scan['href']) - - if not response.ok: - eprint('could not check scan progress', response) - sys.exit(1) - - scan = response.json() - if(webhook_teams != "None"): - sendToTeams(webhook_teams, scan, ref, hostname, name) - - print(json.dumps(scan, indent=' ')) - -def sendToTeams(webhook_teams, scan, ref, hostname, name): - print(scan['status']) - if(scan['status'] == "completed-with-findings" ): - print("Content-with-findings") - - """ Summary """ - - findings = scan["findings"] - print(findings) - summaryMessage= "Summary \n" - for value in findings: - if(value == "malware"): - summaryMessage += "Malware: "+str(findings["malware"])+"\n" - malware = findings["malware"] - else: - malware=0 - - if(findings["vulnerabilities"]["total"]): - auxValue = findings["vulnerabilities"]["total"] - summaryMessage += "Vulnerabilities:\n"+"Critical: "+str(auxValue["critical"])+"\n"+"High: "+str(auxValue["high"])+"\n"+"Medium: "+str(auxValue["medium"])+"\n"+"Low: "+str(auxValue["low"])+"\n"+"Negligible: "+str(auxValue["negligible"])+"\n"+"Unknow: "+str(auxValue["unknown"]) - - findings = scan["details"]['results'] - completeMessage="" - - for find in findings: - print("FIND") - vulnerabilities = find["findings"]['vulnerabilities'] - print(find["findings"]['vulnerabilities']) - - dataVuln = "Vulnerabilities found: \n" - dataMalw = "" - - for value in vulnerabilities['total']: - if value == 'defcon1': - defcon1 = vulnerabilities['total']['defcon1'] - dataVuln = dataVuln+"Defcon1: "+str(defcon1)+"\n" - if value == 'critical': - critical = vulnerabilities['total']['critical'] - dataVuln = dataVuln+"Critical: "+str(critical)+"\n" - if value == 'high': - high = vulnerabilities['total']['high'] - dataVuln = dataVuln+"High: "+str(high)+"\n" - if value == 'medium': - medium = vulnerabilities['total']['medium'] - dataVuln = dataVuln+"Medium: "+str(medium)+"\n" - if value == 'low': - low = vulnerabilities['total']['low'] - dataVuln = dataVuln+"Low: "+str(low)+"\n" - if value == 'negligible': - negligible = vulnerabilities['total']['negligible'] - dataVuln = dataVuln+"Negligible: "+str(negligible)+"\n" - if value == 'unknown': - unknown = vulnerabilities['total']['unknown'] - dataVuln = dataVuln+"Unknown: "+str(unknown)+"\n" - - if dataVuln == "Vulnerabilities found: \n": dataVuln="" - - print("len") - print(len(dataVuln)) - - if(len(dataVuln)<1): - message="" - else: - message ="\nLayer ID:"+find["id"]+"\n"+dataVuln+dataMalw - detailsFinfings = scan["details"]['results'] - completeMessage+=message - print("***********************COMPLETE FINDINGS**********************************") - print(completeMessage) - print("**************************************************************************") - - if (malware >= 1): - print("clean") - sys.stdout.write('1') - message = "Image is clean and ready to be deployed!" - - data = { - "title": "!!! Trend Micro - Smart Check Scan results !!!", - "text": "
\n"+"
Image: "+name+':'+ref["tag"]+"\n"+summaryMessage+"\nMore Information: "+hostname+scan["href"]
-        }
-
-        url = webhook_teams
-        headers = {'Content-Type': 'application/json'}
-        try:
-            response = requests.request("POST", url, json=data, headers=headers)
-        except requests.exceptions.RequestException as e:
-            print (e)
-            sys.exit(1)
-            
-    else:
-        data = {"text": "
!!! Trend Micro - Smart Check Scan results !!! \n"+"
Image: "+name+':'+ref["tag"]+"\n"+scan['status']+"
"}
-        url = webhook_teams
-        headers = {'Content-Type': 'application/json'}
-
-        try:
-            response = requests.request("POST", url, json=data, headers=headers)
-        except requests.exceptions.RequestException as e:
-            print (e)
-            sys.exit(1)
-       
-
-def main():
-    """Mainline"""
-
-    parser = argparse.ArgumentParser(
-        description='Start a scan',
-    )
-
-    parser.add_argument('--smartcheck-host', action='store',
-                        default=os.environ.get('DSSC_SMARTCHECK_HOST', None),
-                        help='The hostname of the Deep Security Smart Check deployment. Example: smartcheck.example.com')
-    parser.add_argument('--smartcheck-user', action='store',
-                        default=os.environ.get('DSSC_SMARTCHECK_USER', None),
-                        help='The userid for connecting to Deep Security Smart Check')
-    parser.add_argument('--smartcheck-password', action='store',
-                        default=os.environ.get(
-                            'DSSC_SMARTCHECK_PASSWORD', None),
-                        help='The password for connecting to Deep Security Smart Check')
-    parser.add_argument('--insecure-skip-tls-verify', action='store_true',
-                        default=os.environ.get(
-                            'DSSC_INSECURE_SKIP_TLS_VERIFY', False),
-                        help='Ignore certificate errors when connecting to Deep Security Smart Check')
-    parser.add_argument('--image-pull-auth', action='store',
-                        default=os.environ.get('DSSC_IMAGE_PULL_AUTH', None),
-                        help='A JSON object of credentials for authenticating with the registry to pull the image from')
-    parser.add_argument('--registry-root-cas', action='store',
-                        default=os.environ.get('DSSC_REGISTRY_ROOT_CAS', None),
-                        help='A file containing the root CAs (in PEM format) to trust when connecting to the registry')
-    parser.add_argument('--insecure-skip-registry-tls-verify', action='store_true',
-                        default=os.environ.get(
-                            'DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY', False),
-                        help='Ignore certificate errors from the image registry')
-    parser.add_argument('--no-wait', action='store_false',
-                        default=os.environ.get('DSSC_NO_WAIT', True),
-                        help='Exit after requesting the scan')
-    parser.add_argument('--webhook-teams', action='store',
-                        default=os.environ.get('DSSC_SMARTCHECK_WEBHOOK_TEAMS', None),
-                        help='WebHook Teams Ds Smartcheck')
-    parser.add_argument(
-        'image', help='The image to scan. Example: registry.example.com/project/image:latest')
-
-    args = parser.parse_args()
-
-    if args.smartcheck_host is None:
-        eprint('smartcheck_host is required')
-        sys.exit(1)
-
-    if args.insecure_skip_tls_verify:
-        import urllib3
-        urllib3.disable_warnings()
-
-    if not args.smartcheck_host.startswith('http'):
-        args.smartcheck_host = 'https://' + args.smartcheck_host
-
-    with get_session(
-        base=args.smartcheck_host,
-        user=args.smartcheck_user,
-        password=args.smartcheck_password,
-        verify=(not args.insecure_skip_tls_verify),
-    ) as session:
-        start_scan(
-            session,
-            args.image,
-            image_pull_auth=args.image_pull_auth,
-            registry_root_cas=args.registry_root_cas,
-            insecure_skip_registry_tls_verify=args.insecure_skip_registry_tls_verify,
-            webhook_teams=args.webhook_teams,
-            wait=args.no_wait,
-        )
-
-
-if __name__ == '__main__':
-    main()
diff --git a/test.txt b/test.txt
deleted file mode 100644
index 8b13789..0000000
--- a/test.txt
+++ /dev/null
@@ -1 +0,0 @@
-

From 3ff133c199642e90e0a915732678878276911799 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 16 Feb 2022 21:33:45 -0600
Subject: [PATCH 012/162] Create dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/dssc-workload.yml

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
new file mode 100644
index 0000000..38e7b1b
--- /dev/null
+++ b/.github/workflows/dssc-workload.yml
@@ -0,0 +1,26 @@
+name: Deep Security Smart Check
+
+on: 
+  push:
+    branches: 
+      - master
+
+jobs:      
+    SmartCheck-Scan-Action:
+       runs-on: ubuntu-latest
+       environment: DockerRegistry
+       steps:
+       # AWS Example:
+        - name: Deep Security Smart Check Scan ECR
+          # Be sure to specify the latest version of smartcheck-scan-action
+          uses: deep-security/smartcheck-scan-action@v1.1.0
+          with:
+            DSSC_IMAGE_NAME: 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest
+            DSSC_SMARTCHECK_HOST: ${{ secrets.DSSC_SMARTCHECK_HOST }}
+            DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
+            DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
+            # You will need to generate an access key and secret for your AWS user
+            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"$ACCESS_KEY","secretAccessKey":"$SECRET_KEY"}}'
+            DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
+            DSSC_INSECURE_SKIP_TLS_VERIFY: true
+            DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From 2ef8d5473d5ccfebcc1fa7b519f463bf72d924aa Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 17 Feb 2022 11:47:10 -0600
Subject: [PATCH 013/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 38e7b1b..4f48165 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -20,7 +20,7 @@ jobs:
             DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
-            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"$ACCESS_KEY","secretAccessKey":"$SECRET_KEY"}}'
+            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":$ACCESS_KEY,"secretAccessKey":$SECRET_KEY}}'
             DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From 0a7a60b59c6739024c7c5cf4ab5f2e146e483207 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 17 Feb 2022 12:53:46 -0600
Subject: [PATCH 014/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 4f48165..950d4b8 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -4,7 +4,9 @@ on:
   push:
     branches: 
       - master
-
+env:
+  ACCESS_KEY: ${{ secrets.ACCESS_KEY }}
+  SECRET_KEY: ${{ secrets.SECRET_KEY }}
 jobs:      
     SmartCheck-Scan-Action:
        runs-on: ubuntu-latest

From 28830f898eb3ba05e2715deb29ed7776be424b38 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 17 Feb 2022 12:55:02 -0600
Subject: [PATCH 015/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 950d4b8..11606a5 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -22,7 +22,7 @@ jobs:
             DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
-            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":$ACCESS_KEY,"secretAccessKey":$SECRET_KEY}}'
+            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"$ACCESS_KEY","secretAccessKey":"$SECRET_KEY"}}'
             DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From cf2e12beea75e2fef5715c8d43b19e6661328312 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Mon, 18 Apr 2022 23:06:58 -0500
Subject: [PATCH 016/162] Update jenkinsfile

---
 jenkinsfile | 33 ++++++++++++---------------------
 1 file changed, 12 insertions(+), 21 deletions(-)

diff --git a/jenkinsfile b/jenkinsfile
index 5cd00fd..0e74106 100644
--- a/jenkinsfile
+++ b/jenkinsfile
@@ -1,35 +1,28 @@
 pipeline {
-
   agent any
-
   stages {
-
     stage('Checkout Source') {
       steps {
         git url:'', branch:'master'
       }
     }
-    
-      stage("Build image") {
-            steps {
-                script {
-                    myapp = docker.build("vamsijakkula/hellowhale:${env.BUILD_ID}")
-                }
+    stage("Build image") {
+        steps {
+            script {
+                myapp = docker.build("vamsijakkula/hellowhale:${env.BUILD_ID}")
             }
         }
-    
-      stage("Push image") {
-            steps {
-                script {
-                    docker.withRegistry('', 'dockerhub') {
-                            myapp.push("latest")
-                            myapp.push("${env.BUILD_ID}")
-                    }
+    }
+    stage("Push image") {
+        steps {
+            script {
+                docker.withRegistry('', 'dockerhub') {
+                        myapp.push("latest")
+                        myapp.push("${env.BUILD_ID}")
                 }
             }
         }
-
-    
+    }
     stage('Deploy App') {
       steps {
         script {
@@ -37,7 +30,5 @@ pipeline {
         }
       }
     }
-
   }
-
 }

From 9c69fedc8451989b89cb98f93caab42e87a8b302 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Mon, 18 Apr 2022 23:08:51 -0500
Subject: [PATCH 017/162] Update jenkinsfile

---
 jenkinsfile | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/jenkinsfile b/jenkinsfile
index 0e74106..8f6c547 100644
--- a/jenkinsfile
+++ b/jenkinsfile
@@ -3,13 +3,13 @@ pipeline {
   stages {
     stage('Checkout Source') {
       steps {
-        git url:'', branch:'master'
+        git url:'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git', branch:'master'
       }
     }
     stage("Build image") {
         steps {
             script {
-                myapp = docker.build("vamsijakkula/hellowhale:${env.BUILD_ID}")
+                demo-app = docker.build("demo-env/demo-app:${env.BUILD_ID}")
             }
         }
     }
@@ -23,12 +23,5 @@ pipeline {
             }
         }
     }
-    stage('Deploy App') {
-      steps {
-        script {
-          kubernetesDeploy(configs: "hellowhale.yml", kubeconfigId: "mykubeconfig")
-        }
-      }
-    }
   }
 }

From c76c25ba721707404565d8dfac3aba029ce27dab Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 5 Jul 2022 08:36:53 -0500
Subject: [PATCH 018/162] Update README.md

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 164cae7..32ff819 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Trend Micro Smart Check Demo Image Example
 
+[![Deep Security Smart Check](https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image/actions/workflows/dssc-workload.yml/badge.svg)](https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image/actions/workflows/dssc-workload.yml)
+
 This is a Docker Image used Only for Demostration - NOT USE IN PRODUCTION ENVIRONMENT
 
 The main objective is to demonstrate the detection of Vulnerabilities, Malware and Some additional elements within a Pipeline.
@@ -36,4 +38,4 @@ docker push /demo-app:v1
 
 ## Contributing
 If you encounter a bug, think of a useful feature, or find something confusing in the docs, please create a new issue!
-We ❤️ pull requests.
\ No newline at end of file
+We ❤️ pull requests.

From 990692f1bc131de227a9ba53c927a089217cad05 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 5 Jul 2022 08:43:59 -0500
Subject: [PATCH 019/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 11606a5..d19706d 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -22,7 +22,7 @@ jobs:
             DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
-            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"$ACCESS_KEY","secretAccessKey":"$SECRET_KEY"}}'
+            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
             DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From 2cb8a8e99468fde0f2e9396346ff55063445d28a Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 14:20:50 -0500
Subject: [PATCH 020/162] Update jenkinsfile

---
 jenkinsfile | 49 ++++++++++++++++++++++++++++---------------------
 1 file changed, 28 insertions(+), 21 deletions(-)

diff --git a/jenkinsfile b/jenkinsfile
index 8f6c547..f01861c 100644
--- a/jenkinsfile
+++ b/jenkinsfile
@@ -1,27 +1,34 @@
 pipeline {
-  agent any
-  stages {
-    stage('Checkout Source') {
-      steps {
-        git url:'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git', branch:'master'
-      }
+  node {  
+    stage ('Checkout') {
+      git 'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git'  
     }
-    stage("Build image") {
-        steps {
-            script {
-                demo-app = docker.build("demo-env/demo-app:${env.BUILD_ID}")
-            }
-        }
+    stage ('Docker build'){  
+      docker.build('demo-app')  
     }
-    stage("Push image") {
-        steps {
-            script {
-                docker.withRegistry('', 'dockerhub') {
-                        myapp.push("latest")
-                        myapp.push("${env.BUILD_ID}")
-                }
-            }
-        }
+    stage ('Docker push'){
+      docker.withRegistry('https://846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo', 'ECR') {    
+        docker.image('demo-app').push('latest')
+      }
+    } 
+    stage ('Deep Security Smart Check scan'){ 
+      withCredentials([
+        usernamePassword([
+            credentialsId: "registry-auth",
+            usernameVariable: "REGISTRY_USER",
+            passwordVariable: "REGISTRY_PASSWORD",
+        ])
+      ]){
+          smartcheckScan([
+              imageName: "846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo",
+              smartcheckHost: "smartcheck.example.com",
+              smartcheckCredentialsId: "smartcheck-auth",
+              imagePullAuth: new groovy.json.JsonBuilder([
+                  username: REGISTRY_USER,
+                  password: REGISTRY_PASSWORD,
+              ]).toString(),
+          ])
+      }
     }
   }
 }

From b38bf94fe483ca49b705db4f066689d459a785fa Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 14:21:31 -0500
Subject: [PATCH 021/162] Rename jenkinsfile to Jenkinsfile

---
 jenkinsfile => Jenkinsfile | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename jenkinsfile => Jenkinsfile (100%)

diff --git a/jenkinsfile b/Jenkinsfile
similarity index 100%
rename from jenkinsfile
rename to Jenkinsfile

From e28bc3624f96e3a71ab1380fa558c7b990cbc120 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 14:22:47 -0500
Subject: [PATCH 022/162] Update Jenkinsfile

---
 Jenkinsfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Jenkinsfile b/Jenkinsfile
index f01861c..08b1520 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,4 +1,5 @@
 pipeline {
+  agent any
   node {  
     stage ('Checkout') {
       git 'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git'  

From 21a42247de1002885791b7875c0c096194e27a58 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 14:23:35 -0500
Subject: [PATCH 023/162] Update Jenkinsfile

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 08b1520..3ac7d92 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,6 +1,6 @@
 pipeline {
   agent any
-  node {  
+  stages {  
     stage ('Checkout') {
       git 'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git'  
     }

From d7ca6d56ddd4f589d5ae42aadc941658d75a807d Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 14:27:04 -0500
Subject: [PATCH 024/162] Update Jenkinsfile

---
 Jenkinsfile | 48 ++++++++++++++++++++++++++++--------------------
 1 file changed, 28 insertions(+), 20 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 3ac7d92..a8d3a8b 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -2,33 +2,41 @@ pipeline {
   agent any
   stages {  
     stage ('Checkout') {
-      git 'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git'  
+      steps {
+        git 'https://github.com/XeniaP/Trend-Micro-Smart-Check-Demo-Image.git'
+      } 
     }
     stage ('Docker build'){  
-      docker.build('demo-app')  
+      steps {
+        docker.build('demo-app')  
+      }
     }
     stage ('Docker push'){
-      docker.withRegistry('https://846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo', 'ECR') {    
-        docker.image('demo-app').push('latest')
+      steps {
+        docker.withRegistry('https://846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo', 'ECR') {    
+          docker.image('demo-app').push('latest')
+        }
       }
     } 
-    stage ('Deep Security Smart Check scan'){ 
-      withCredentials([
-        usernamePassword([
-            credentialsId: "registry-auth",
-            usernameVariable: "REGISTRY_USER",
-            passwordVariable: "REGISTRY_PASSWORD",
-        ])
-      ]){
-          smartcheckScan([
-              imageName: "846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo",
-              smartcheckHost: "smartcheck.example.com",
-              smartcheckCredentialsId: "smartcheck-auth",
-              imagePullAuth: new groovy.json.JsonBuilder([
-                  username: REGISTRY_USER,
-                  password: REGISTRY_PASSWORD,
-              ]).toString(),
+    stage ('Deep Security Smart Check scan'){
+      steps { 
+        withCredentials([
+          usernamePassword([
+              credentialsId: "registry-auth",
+              usernameVariable: "REGISTRY_USER",
+              passwordVariable: "REGISTRY_PASSWORD",
           ])
+        ]){
+            smartcheckScan([
+                imageName: "846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo",
+                smartcheckHost: "smartcheck.example.com",
+                smartcheckCredentialsId: "smartcheck-auth",
+                imagePullAuth: new groovy.json.JsonBuilder([
+                    username: REGISTRY_USER,
+                    password: REGISTRY_PASSWORD,
+                ]).toString(),
+            ])
+        }
       }
     }
   }

From 2cd67a9e0157fdff0c703426d82ae9c094aac8a0 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 15:45:05 -0500
Subject: [PATCH 025/162] Update Jenkinsfile

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index a8d3a8b..969b838 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -8,7 +8,7 @@ pipeline {
     }
     stage ('Docker build'){  
       steps {
-        docker.build('demo-app')  
+        sh 'docker build -t 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest .'
       }
     }
     stage ('Docker push'){

From e06b2af3d99d63fec1a62e2fd7fc8a5e0fab8109 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 15:50:13 -0500
Subject: [PATCH 026/162] Update Jenkinsfile

---
 Jenkinsfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 969b838..59fd4bf 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -13,9 +13,8 @@ pipeline {
     }
     stage ('Docker push'){
       steps {
-        docker.withRegistry('https://846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo', 'ECR') {    
-          docker.image('demo-app').push('latest')
-        }
+        sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 846753579733.dkr.ecr.us-east-1.amazonaws.com'
+        sh 'docker push 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest'
       }
     } 
     stage ('Deep Security Smart Check scan'){

From 09a1354bc87fdadfcaab1f3a3a04bb38ce925ba6 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 15:52:45 -0500
Subject: [PATCH 027/162] Update Jenkinsfile

---
 Jenkinsfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 59fd4bf..828eaf4 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -13,8 +13,9 @@ pipeline {
     }
     stage ('Docker push'){
       steps {
-        sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 846753579733.dkr.ecr.us-east-1.amazonaws.com'
-        sh 'docker push 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest'
+        docker.withRegistry('https://846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo', 'ecr:us-east-1:ECR') {    
+          docker.image('demo-app').push('latest')
+        }
       }
     } 
     stage ('Deep Security Smart Check scan'){

From 3c7626fec261899a3f73a5a88350be964f21d878 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 17 Jul 2022 15:54:05 -0500
Subject: [PATCH 028/162] Update Jenkinsfile

---
 Jenkinsfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 828eaf4..59fd4bf 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -13,9 +13,8 @@ pipeline {
     }
     stage ('Docker push'){
       steps {
-        docker.withRegistry('https://846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo', 'ecr:us-east-1:ECR') {    
-          docker.image('demo-app').push('latest')
-        }
+        sh 'aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 846753579733.dkr.ecr.us-east-1.amazonaws.com'
+        sh 'docker push 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest'
       }
     } 
     stage ('Deep Security Smart Check scan'){

From 0c7934e983b04a79043dbfe20efa7269028b46f7 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 19 Jul 2022 00:29:10 -0500
Subject: [PATCH 029/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d19706d..d121faf 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -23,6 +23,6 @@ jobs:
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
             DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
-            DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
+            #DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From 6697334d55d69927e90b7fb7856c5482c08a21eb Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 19 Jul 2022 09:02:44 -0500
Subject: [PATCH 030/162] Update Jenkinsfile

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 59fd4bf..7792d33 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -28,7 +28,7 @@ pipeline {
         ]){
             smartcheckScan([
                 imageName: "846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo",
-                smartcheckHost: "smartcheck.example.com",
+                smartcheckHost: "ec2-54-159-74-184.compute-1.amazonaws.com:31820",
                 smartcheckCredentialsId: "smartcheck-auth",
                 imagePullAuth: new groovy.json.JsonBuilder([
                     username: REGISTRY_USER,

From 41dc878c34783e1adb5479ebc282b2a582897f12 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 19 Jul 2022 12:52:58 -0500
Subject: [PATCH 031/162] Update Jenkinsfile

---
 Jenkinsfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Jenkinsfile b/Jenkinsfile
index 7792d33..99bb481 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -9,6 +9,7 @@ pipeline {
     stage ('Docker build'){  
       steps {
         sh 'docker build -t 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest .'
+        sh 'docker build -t 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest .'
       }
     }
     stage ('Docker push'){

From 335b7644e5d0d69b307ed986fcf7d0f45a0f7a82 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 19 Jul 2022 12:56:30 -0500
Subject: [PATCH 032/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d121faf..d19706d 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -23,6 +23,6 @@ jobs:
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
             DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
-            #DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
+            DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From eb1c1644e6d3021009c26fc4929c1f6bfc2b5f48 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 20 Jul 2022 11:06:48 -0500
Subject: [PATCH 033/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d19706d..d121faf 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -23,6 +23,6 @@ jobs:
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
             DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
-            DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
+            #DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From 86c04651ede541cf339dc8d0b156d8706ccc0d22 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 21 Jul 2022 00:52:58 -0500
Subject: [PATCH 034/162] Update dssc-workload.yml

Add docker build/push step
---
 .github/workflows/dssc-workload.yml | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d121faf..563f451 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -7,7 +7,28 @@ on:
 env:
   ACCESS_KEY: ${{ secrets.ACCESS_KEY }}
   SECRET_KEY: ${{ secrets.SECRET_KEY }}
-jobs:      
+jobs:
+    docker:
+      runs-on: ubuntu-latest
+      steps:
+        -
+          name: Set up QEMU
+          uses: docker/setup-qemu-action@v2
+        -
+          name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v2
+        -
+          name: Login to DockerHub
+          uses: docker/login-action@v2
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        -
+          name: Build and push
+          uses: docker/build-push-action@v3
+          with:
+            push: true
+            tags: xniapdev/tm-demo:latest
     SmartCheck-Scan-Action:
        runs-on: ubuntu-latest
        environment: DockerRegistry

From da378805937104c7d274d9e5de1fbc1af288c9b2 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 21 Jul 2022 00:58:01 -0500
Subject: [PATCH 035/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 41 +++++++++++++++--------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 563f451..d48ba79 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -4,31 +4,32 @@ on:
   push:
     branches: 
       - master
-env:
-  ACCESS_KEY: ${{ secrets.ACCESS_KEY }}
-  SECRET_KEY: ${{ secrets.SECRET_KEY }}
 jobs:
     docker:
       runs-on: ubuntu-latest
       steps:
-        -
-          name: Set up QEMU
-          uses: docker/setup-qemu-action@v2
-        -
-          name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v2
-        -
-          name: Login to DockerHub
-          uses: docker/login-action@v2
-          with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        -
-          name: Build and push
-          uses: docker/build-push-action@v3
+        - name: Check out code
+          uses: actions/checkout@v2
+
+        - name: Configure AWS credentials
+          uses: aws-actions/configure-aws-credentials@v1
           with:
-            push: true
-            tags: xniapdev/tm-demo:latest
+            aws-access-key-id: ${{ secrets.ACCESS_KEY }}
+            aws-secret-access-key: ${{ secrets.SECRET_KEY }}
+            aws-region: us-east-1
+
+        - name: Login to Amazon ECR
+          id: login-ecr
+          uses: aws-actions/amazon-ecr-login@v1
+
+        - name: Build, tag, and push image to Amazon ECR
+          env:
+            ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+            ECR_REPOSITORY: tm-demo
+            IMAGE_TAG: latest
+          run: |
+            docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+            docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
     SmartCheck-Scan-Action:
        runs-on: ubuntu-latest
        environment: DockerRegistry

From fc36f937b9f86ffdd6cd926892f49f200f2d5ce4 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-MX)" 
Date: Sun, 23 Apr 2023 21:02:11 -0600
Subject: [PATCH 036/162] add ScanScript

---
 SmartcheckScan.py | 331 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 331 insertions(+)
 create mode 100644 SmartcheckScan.py

diff --git a/SmartcheckScan.py b/SmartcheckScan.py
new file mode 100644
index 0000000..6063957
--- /dev/null
+++ b/SmartcheckScan.py
@@ -0,0 +1,331 @@
+#!/usr/bin/env python3
+#
+# Copyright 2019 Trend Micro and contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+from __future__ import print_function
+
+import argparse
+import base64
+import os
+import sys
+import json
+import time
+
+import requests
+
+from docker_image import reference
+
+
+class SlightlyImprovedSession(requests.Session):
+    def __init__(self, base, **kwargs):
+        super(SlightlyImprovedSession, self).__init__()
+        self.base = base
+        self.kwargs = kwargs
+
+    def post(self, url, **kwargs):
+        for k in self.kwargs:
+            if not k in kwargs:
+                kwargs[k] = self.kwargs[k]
+
+        return super(SlightlyImprovedSession, self).post(
+            requests.compat.urljoin(self.base, url),
+            **kwargs
+        )
+
+    def get(self, url, **kwargs):
+        for k in self.kwargs:
+            if not k in kwargs:
+                kwargs[k] = self.kwargs[k]
+
+        return super(SlightlyImprovedSession, self).get(
+            requests.compat.urljoin(self.base, url),
+            **kwargs
+        )
+
+
+def get_session(base, user, password, **kwargs):
+    """Authenticate with the service and return a session."""
+
+    session = SlightlyImprovedSession(base, **kwargs)
+
+    response = session.post('/api/sessions', json={
+        'user': {
+            'userID': user,
+            'password': password
+        }
+    })
+
+    if not response.ok:
+        raise Exception(f'could not start session: {response}')
+
+    token = response.json()['token']
+
+    session.headers.update({'Authorization': f'Bearer {token}'})
+    return session
+
+def eprint(*args, **kwargs):
+    """print a message to stderr"""
+    print(*args, file=sys.stderr, **kwargs)
+
+
+def start_scan(session, ref,
+               image_pull_auth=None,
+               registry_root_cas=None,
+               webhook_teams=None,
+               insecure_skip_registry_tls_verify=False,
+               wait=True):
+    """Start a scan."""
+
+    ref = reference.Reference.parse(ref)
+
+    hostname, name = ref.split_hostname()
+
+    if isinstance(image_pull_auth, str):
+        try:
+            image_pull_auth = json.loads(image_pull_auth)
+        except json.decoder.JSONDecodeError as err:
+            eprint('Unable to parse image-pull-auth value:', err)
+            sys.exit(1)
+
+    if registry_root_cas is not None:
+        with open(registry_root_cas) as file:
+            registry_root_cas = base64.b64encode(
+                file.read().encode()
+            ).decode('utf-8')
+    
+    registry_aux = session.get('/api/registries')
+    
+    for registry in registry_aux.json()["registries"]:
+        if(registry["host"] == hostname):
+            registry_id = registry["id"]
+
+    if(image_pull_auth == "None"):
+        response = session.post('/api/scans',
+                                json={
+                                    'name': name,
+                                    'source': {
+                                        'type': 'docker',
+                                        'registry': hostname,
+                                        'repository': name,
+                                        'tag': ref['tag'],
+                                        'digest': ref['digest'],
+                                        'credentials': image_pull_auth,
+                                        'rootCAs': registry_root_cas,
+                                        'insecureSkipVerify': insecure_skip_registry_tls_verify,
+                                    }
+                                })
+    else:
+        response = session.post("/api/registries/"+registry_id+"/scans",
+                                json={
+                                    "name": name,
+                                    "source": {
+                                        "repository": name,
+                                        "tag": ref["tag"],
+                                    }
+                                })
+        
+    if not response.ok:
+        eprint('could not create scan', response)
+        sys.exit(1)
+
+    scan = response.json()
+
+    if wait:
+        while scan['status'] in ['pending', 'in-progress']:
+            print('waiting for scan to complete...', file=sys.stderr)
+            time.sleep(10)
+
+            response = session.get(scan['href'])
+
+            if not response.ok:
+                eprint('could not check scan progress', response)
+                sys.exit(1)
+
+            scan = response.json()
+    if(webhook_teams != "None"):
+        sendToTeams(webhook_teams, scan, ref, hostname, name)
+
+    print(json.dumps(scan, indent='  '))
+
+def sendToTeams(webhook_teams, scan, ref, hostname, name):
+    
+    if(scan['status'] == "completed-with-findings" ):
+        findings = scan["details"]['results'][0]['findings']
+        vulnerabilities = findings['vulnerabilities']
+        dataVuln = "Vulnerabilities found: \n"
+        dataMalw = ""
+
+        for value in vulnerabilities['total']:
+            if value == 'high':
+                high = vulnerabilities['total']['high']
+                dataVuln = dataVuln+"High: "+str(high)+"\n"
+            if value == 'medium':
+                medium = vulnerabilities['total']['medium']
+                dataVuln = dataVuln+"Medium: "+str(medium)+"\n"
+            if value == 'low':
+                low = vulnerabilities['total']['low']
+                dataVuln = dataVuln+"Low: "+str(low)+"\n"
+            if value == 'negligible':
+                negligible = vulnerabilities['total']['negligible']
+                dataVuln = dataVuln+"Negligible: "+str(negligible)+"\n"
+            if value == 'unknown':
+                unknown = vulnerabilities['total']['unknown']
+                dataVuln = dataVuln+"Unknown: "+str(unknown)+"\n"
+
+        if dataVuln == "Vulnerabilities found: \n": dataVuln=""
+
+        for value in findings:
+            if value == 'malware':
+                malware = findings['malware']
+                dataMalw = "Malware found: "+str(malware)
+
+        message = dataVuln+dataMalw
+            
+        data = {"text": "
!!! Trend Micro - Smart Check Scan results !!! \n"+"
Image: "+name+':'+ref["tag"]+"\n"+message+"
"}
+
+        adaptiveCard = json.dumps({
+            "type": "message",
+            "attachments": [
+            {
+                "type": "AdaptiveCard",
+                "body": [
+                {
+                    "type": "ColumnSet",
+                    "columns": [
+                        {
+                        "type": "Column",
+                        "items": [
+                            {"type": "Container", "backgroundImage": "https://messagecardplayground.azurewebsites.net/assets/TxP_Background.png","items": [{ "type": "Image", "horizontalAlignment": "Center", "url": "https://www.docker.com/wp-content/uploads/2022/03/Moby-logo.png", "altText": "Docker", "isVisible": false, "width": "80px"}],"bleed": true},
+                            {"type": "Container","spacing": "none","style": "emphasis","items": [{"type": "TextBlock", "size": "extraLarge","weight": "lighter","color": "accent","text": "Image Name: {}"format(name+":"+ref["tag"]), "wrap": true}],"bleed": true,"height": "stretch"}
+                        ],
+                        "width": 45,"height": "stretch"
+                        },
+                        {
+                            "type": "Column",
+                            "items": [
+                                {
+                                    "type": "Container","height": "stretch",
+                                    "items": [
+                                        {
+                                            "type": "ColumnSet",
+                                            "columns": [
+                                                {
+                                                    "type": "Column",
+                                                    "items": [
+                                                        {"type": "RichTextBlock","inlines": [{"type": "TextRun", "text": "Summary Findings"} ]},
+                                                        {"type": "RichTextBlock", "horizontalAlignment": "Left", "inlines": [{"type": "TextRun","size": "Medium","text": "High","wrap": true}]},
+                                                        {"type": "RichTextBlock","horizontalAlignment": "Left","inlines": [{"type": "TextRun","size": "Medium","text": "Medium","wrap": true}]},
+                                                        {"type": "RichTextBlock", "horizontalAlignment": "Left", "inlines": [ { "type": "TextRun", "size": "Medium","text": "Low:","wrap": true }]}
+                                                    ],
+                                                    "width": 1
+                                                }
+                                            ]
+                                        }
+                                    ]
+                                }
+                            ],
+                            "width": 55
+                        }
+                    ],
+                    "height": "stretch"
+                }],
+                "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
+                "version": "1.4"
+            }]
+        })
+
+        url = webhook_teams
+        headers = {'Content-Type': 'application/json'}
+
+        try:
+            response = requests.request("POST", url, json=data, headers=headers)
+            print(response)
+        except requests.exceptions.RequestException as e:
+            print (e)
+            sys.exit(1)
+
+def main():
+    """Mainline"""
+
+    parser = argparse.ArgumentParser(
+        description='Start a scan',
+    )
+
+    parser.add_argument('--smartcheck-host', action='store',
+                        default=os.environ.get('DSSC_SMARTCHECK_HOST', None),
+                        help='The hostname of the Deep Security Smart Check deployment. Example: smartcheck.example.com')
+    parser.add_argument('--smartcheck-user', action='store',
+                        default=os.environ.get('DSSC_SMARTCHECK_USER', None),
+                        help='The userid for connecting to Deep Security Smart Check')
+    parser.add_argument('--smartcheck-password', action='store',
+                        default=os.environ.get(
+                            'DSSC_SMARTCHECK_PASSWORD', None),
+                        help='The password for connecting to Deep Security Smart Check')
+    parser.add_argument('--insecure-skip-tls-verify', action='store_true',
+                        default=os.environ.get(
+                            'DSSC_INSECURE_SKIP_TLS_VERIFY', False),
+                        help='Ignore certificate errors when connecting to Deep Security Smart Check')
+    parser.add_argument('--image-pull-auth', action='store',
+                        default=os.environ.get('DSSC_IMAGE_PULL_AUTH', None),
+                        help='A JSON object of credentials for authenticating with the registry to pull the image from')
+    parser.add_argument('--registry-root-cas', action='store',
+                        default=os.environ.get('DSSC_REGISTRY_ROOT_CAS', None),
+                        help='A file containing the root CAs (in PEM format) to trust when connecting to the registry')
+    parser.add_argument('--insecure-skip-registry-tls-verify', action='store_true',
+                        default=os.environ.get(
+                            'DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY', False),
+                        help='Ignore certificate errors from the image registry')
+    parser.add_argument('--no-wait', action='store_false',
+                        default=os.environ.get('DSSC_NO_WAIT', True),
+                        help='Exit after requesting the scan')
+    parser.add_argument('--webhook-teams', action='store',
+                        default=os.environ.get('DSSC_SMARTCHECK_WEBHOOK_TEAMS', None),
+                        help='WebHook Teams Ds Smartcheck')
+    parser.add_argument(
+        'image', help='The image to scan. Example: registry.example.com/project/image:latest')
+
+    args = parser.parse_args()
+
+    if args.smartcheck_host is None:
+        eprint('smartcheck_host is required')
+        sys.exit(1)
+
+    if args.insecure_skip_tls_verify:
+        import urllib3
+        urllib3.disable_warnings()
+
+    if not args.smartcheck_host.startswith('http'):
+        args.smartcheck_host = 'https://' + args.smartcheck_host
+
+    with get_session(
+        base=args.smartcheck_host,
+        user=args.smartcheck_user,
+        password=args.smartcheck_password,
+        verify=(not args.insecure_skip_tls_verify),
+    ) as session:
+        start_scan(
+            session,
+            args.image,
+            image_pull_auth=args.image_pull_auth,
+            registry_root_cas=args.registry_root_cas,
+            insecure_skip_registry_tls_verify=args.insecure_skip_registry_tls_verify,
+            webhook_teams=args.webhook_teams,
+            wait=args.no_wait,
+        )
+
+
+if __name__ == '__main__':
+    main()
\ No newline at end of file

From c630c724721e84d1a306b25d43cf71ed5b60e5dc Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Mon, 24 Apr 2023 12:17:37 -0500
Subject: [PATCH 037/162] Update SmartcheckScan.py

---
 SmartcheckScan.py | 45 ++++++++++++++++++---------------------------
 1 file changed, 18 insertions(+), 27 deletions(-)

diff --git a/SmartcheckScan.py b/SmartcheckScan.py
index 6063957..c4bc45d 100644
--- a/SmartcheckScan.py
+++ b/SmartcheckScan.py
@@ -14,7 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
 from __future__ import print_function
 
 import argparse
@@ -209,7 +208,7 @@ def sendToTeams(webhook_teams, scan, ref, hostname, name):
                         "type": "Column",
                         "items": [
                             {"type": "Container", "backgroundImage": "https://messagecardplayground.azurewebsites.net/assets/TxP_Background.png","items": [{ "type": "Image", "horizontalAlignment": "Center", "url": "https://www.docker.com/wp-content/uploads/2022/03/Moby-logo.png", "altText": "Docker", "isVisible": false, "width": "80px"}],"bleed": true},
-                            {"type": "Container","spacing": "none","style": "emphasis","items": [{"type": "TextBlock", "size": "extraLarge","weight": "lighter","color": "accent","text": "Image Name: {}"format(name+":"+ref["tag"]), "wrap": true}],"bleed": true,"height": "stretch"}
+                            {"type": "Container","spacing": "none","style": "emphasis","items": [{"type": "TextBlock", "size": "extraLarge","weight": "lighter","color": "accent","text": "Image Name: {}".format(name+":"+ref["tag"]), "wrap": true}],"bleed": true,"height": "stretch"}
                         ],
                         "width": 45,"height": "stretch"
                         },
@@ -264,33 +263,27 @@ def main():
         description='Start a scan',
     )
 
-    parser.add_argument('--smartcheck-host', action='store',
+    parser.add_argument('--dssc-host', action='store',
                         default=os.environ.get('DSSC_SMARTCHECK_HOST', None),
                         help='The hostname of the Deep Security Smart Check deployment. Example: smartcheck.example.com')
-    parser.add_argument('--smartcheck-user', action='store',
+    parser.add_argument('--dssc-user', action='store',
                         default=os.environ.get('DSSC_SMARTCHECK_USER', None),
                         help='The userid for connecting to Deep Security Smart Check')
-    parser.add_argument('--smartcheck-password', action='store',
+    parser.add_argument('--dssc-password', action='store',
                         default=os.environ.get(
                             'DSSC_SMARTCHECK_PASSWORD', None),
                         help='The password for connecting to Deep Security Smart Check')
-    parser.add_argument('--insecure-skip-tls-verify', action='store_true',
+    parser.add_argument('--skip-tls-verify', action='store_true',
                         default=os.environ.get(
                             'DSSC_INSECURE_SKIP_TLS_VERIFY', False),
                         help='Ignore certificate errors when connecting to Deep Security Smart Check')
     parser.add_argument('--image-pull-auth', action='store',
                         default=os.environ.get('DSSC_IMAGE_PULL_AUTH', None),
                         help='A JSON object of credentials for authenticating with the registry to pull the image from')
-    parser.add_argument('--registry-root-cas', action='store',
-                        default=os.environ.get('DSSC_REGISTRY_ROOT_CAS', None),
-                        help='A file containing the root CAs (in PEM format) to trust when connecting to the registry')
-    parser.add_argument('--insecure-skip-registry-tls-verify', action='store_true',
+    parser.add_argument('--skip-registry-tls-verify', action='store_true',
                         default=os.environ.get(
                             'DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY', False),
                         help='Ignore certificate errors from the image registry')
-    parser.add_argument('--no-wait', action='store_false',
-                        default=os.environ.get('DSSC_NO_WAIT', True),
-                        help='Exit after requesting the scan')
     parser.add_argument('--webhook-teams', action='store',
                         default=os.environ.get('DSSC_SMARTCHECK_WEBHOOK_TEAMS', None),
                         help='WebHook Teams Ds Smartcheck')
@@ -299,33 +292,31 @@ def main():
 
     args = parser.parse_args()
 
-    if args.smartcheck_host is None:
-        eprint('smartcheck_host is required')
+    if args.dssc_host is None:
+        eprint('dssc_host is required')
         sys.exit(1)
 
-    if args.insecure_skip_tls_verify:
+    if args.skip_tls_verify:
         import urllib3
         urllib3.disable_warnings()
 
-    if not args.smartcheck_host.startswith('http'):
-        args.smartcheck_host = 'https://' + args.smartcheck_host
+    if not args.dssc_host.startswith('http'):
+        args.dssc_host = 'https://' + args.dssc_host
 
     with get_session(
-        base=args.smartcheck_host,
-        user=args.smartcheck_user,
-        password=args.smartcheck_password,
-        verify=(not args.insecure_skip_tls_verify),
+        base=args.dssc_host,
+        user=args.dssc_user,
+        password=args.dssc_password,
+        verify=(not args.skip_tls_verify),
     ) as session:
         start_scan(
             session,
             args.image,
             image_pull_auth=args.image_pull_auth,
-            registry_root_cas=args.registry_root_cas,
-            insecure_skip_registry_tls_verify=args.insecure_skip_registry_tls_verify,
-            webhook_teams=args.webhook_teams,
-            wait=args.no_wait,
+            insecure_skip_registry_tls_verify=args.skip_registry_tls_verify,
+            webhook_teams=args.webhook_teams
         )
 
 
 if __name__ == '__main__':
-    main()
\ No newline at end of file
+    main()

From cb512abfb6b1659207e750fe05f9d1e189e9aa2c Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Mon, 24 Apr 2023 12:18:29 -0500
Subject: [PATCH 038/162] Create requirements.txt

---
 requirements.txt | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 requirements.txt

diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..90aa5e9
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+requests
+docker-image-py

From d918bcc9adfa71a9779c637e0b3b67f774edaa29 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Mon, 24 Apr 2023 12:19:02 -0500
Subject: [PATCH 039/162] Create azure-pipelines.yml

---
 azure-pipelines.yml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 azure-pipelines.yml

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
new file mode 100644
index 0000000..5bd38f0
--- /dev/null
+++ b/azure-pipelines.yml
@@ -0,0 +1,44 @@
+# Docker
+# Build a Docker image
+# https://docs.microsoft.com/azure/devops/pipelines/languages/docker
+
+trigger:
+- master
+
+resources:
+- repo: self
+
+variables:
+  imageName: 'oc_registry'
+  tag: '$(Build.BuildId)'
+
+stages:
+- stage: Build
+  displayName: Build image
+  jobs:
+  - job: Build
+    displayName: Build
+    pool:
+      vmImage: ubuntu-latest
+    steps:
+    - task: Docker@2
+      displayName: Build an image
+      inputs:
+        command: build
+        dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
+        buildContext: '$(Build.SourcesDirectory)'
+        repository: $(imageName)
+    - task: UsePythonVersion@0
+      inputs:
+        versionSpec: '3.x'
+        addToPath: true
+        architecture: 'x64'
+    - script: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+      displayName: 'Install dependencies'
+    - task: PythonScript@0
+      inputs:
+        scriptSource: 'filePath'
+        scriptPath: 'SmartcheckScan.py'
+        arguments: '--dssc-host "$(SC_Host)" --dssc-user "$(SC_User)"  --dssc-password "$(SC_Pass)" --webhook-teams "$(SC_Teams_Weekhook)" --skip-tls-verify "$(imageName)":"$(tag)"'

From 94df3928b4a8a9b1d7ff3ce89749d5f9cd44ec25 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 7 May 2023 12:03:49 -0500
Subject: [PATCH 040/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d48ba79..d899f1a 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -25,7 +25,7 @@ jobs:
         - name: Build, tag, and push image to Amazon ECR
           env:
             ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-            ECR_REPOSITORY: tm-demo
+            ECR_REPOSITORY: oc_registry
             IMAGE_TAG: latest
           run: |
             docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
@@ -39,7 +39,7 @@ jobs:
           # Be sure to specify the latest version of smartcheck-scan-action
           uses: deep-security/smartcheck-scan-action@v1.1.0
           with:
-            DSSC_IMAGE_NAME: 846753579733.dkr.ecr.us-east-1.amazonaws.com/tm-demo:latest
+            DSSC_IMAGE_NAME: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
             DSSC_SMARTCHECK_HOST: ${{ secrets.DSSC_SMARTCHECK_HOST }}
             DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}

From 479763dc308ead4ee5e76ca8392bd15a4ed84e64 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 7 May 2023 12:07:08 -0500
Subject: [PATCH 041/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 49 ++++++++++++++---------------
 1 file changed, 23 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d899f1a..6ff9162 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -5,31 +5,28 @@ on:
     branches: 
       - master
 jobs:
-    docker:
-      runs-on: ubuntu-latest
-      steps:
-        - name: Check out code
-          uses: actions/checkout@v2
-
-        - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v1
-          with:
-            aws-access-key-id: ${{ secrets.ACCESS_KEY }}
-            aws-secret-access-key: ${{ secrets.SECRET_KEY }}
-            aws-region: us-east-1
-
-        - name: Login to Amazon ECR
-          id: login-ecr
-          uses: aws-actions/amazon-ecr-login@v1
-
-        - name: Build, tag, and push image to Amazon ECR
-          env:
-            ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-            ECR_REPOSITORY: oc_registry
-            IMAGE_TAG: latest
-          run: |
-            docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-            docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+    #docker:
+    #  runs-on: ubuntu-latest
+    #  steps:
+    #    - name: Check out code
+    #      uses: actions/checkout@v2
+    #    - name: Configure AWS credentials
+    #      uses: aws-actions/configure-aws-credentials@v1
+    #      with:
+    #        aws-access-key-id: ${{ secrets.ACCESS_KEY }}
+    #        aws-secret-access-key: ${{ secrets.SECRET_KEY }}
+    #        aws-region: us-east-1
+    #    - name: Login to Amazon ECR
+    #      id: login-ecr
+    #      uses: aws-actions/amazon-ecr-login@v1
+    #    - name: Build, tag, and push image to Amazon ECR
+    #      env:
+    #        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+    #        ECR_REPOSITORY: oc_registry
+    #        IMAGE_TAG: latest
+    #      run: |
+    #        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+    #        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
     SmartCheck-Scan-Action:
        runs-on: ubuntu-latest
        environment: DockerRegistry
@@ -39,7 +36,7 @@ jobs:
           # Be sure to specify the latest version of smartcheck-scan-action
           uses: deep-security/smartcheck-scan-action@v1.1.0
           with:
-            DSSC_IMAGE_NAME: $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+            DSSC_IMAGE_NAME: 904737956763.dkr.ecr.us-east-1.amazonaws.com/oc_registry:java-goof
             DSSC_SMARTCHECK_HOST: ${{ secrets.DSSC_SMARTCHECK_HOST }}
             DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}

From 6a8ea1d937bf225f190b0b6235072d86ee823ef3 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 7 May 2023 12:23:10 -0500
Subject: [PATCH 042/162] Update dssc-workload.yml

---
 .github/workflows/dssc-workload.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 6ff9162..95c0c18 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -42,6 +42,7 @@ jobs:
             DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
             # You will need to generate an access key and secret for your AWS user
             DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
-            #DSSC_FINDINGS_THRESHOLD: '{"malware": 100, "vulnerabilities": { "defcon1": 100, "critical": 100, "high": 100 }, "contents": { "defcon1": 100, "critical": 100, "high": 100 }, "checklists": { "defcon1": 100, "critical": 100, "high": 100 }}'
+            DSSC_FINDINGS_THRESHOLD: '{"malware": 1, "vulnerabilities": { "defcon1": 1, "critical": 42, "high": 128, "medium": 106, "low":5}, "contents": { "defcon1": 1, "critical": 11, "high": 3, "medium":1 }, "checklists": { "defcon1": 1, "critical": 11, "high": 3, "medium":1 }}'
+            #DSSC_FINDINGS_THRESHOLD: '{"malware": 10, "vulnerabilities": { "defcon1": 10, "critical": 100, "high": 200, "medium": 200, "low":200}, "contents": { "defcon1": 10, "critical": 50, "high": 100, "medium":100 }, "checklists": { "defcon1": 10, "critical": 500, "high": 100, "medium":100 }}'
             DSSC_INSECURE_SKIP_TLS_VERIFY: true
             DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true

From 89b0c7cb9c58500e1171c6109a131b9de71aea81 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 13:00:52 -0600
Subject: [PATCH 043/162] add Artifact Scanner

---
 .github/workflows/dssc-workload.yml | 69 +++++++++++++++++++++--------
 1 file changed, 51 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 95c0c18..291d903 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -27,22 +27,55 @@ jobs:
     #      run: |
     #        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
     #        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-    SmartCheck-Scan-Action:
-       runs-on: ubuntu-latest
-       environment: DockerRegistry
-       steps:
-       # AWS Example:
-        - name: Deep Security Smart Check Scan ECR
-          # Be sure to specify the latest version of smartcheck-scan-action
-          uses: deep-security/smartcheck-scan-action@v1.1.0
+    #SmartCheck-Scan-Action:
+    #   runs-on: ubuntu-latest
+    #   environment: DockerRegistry
+    #   steps:
+    #   # AWS Example:
+    #    - name: Deep Security Smart Check Scan ECR
+    #      # Be sure to specify the latest version of smartcheck-scan-action
+    #      uses: deep-security/smartcheck-scan-action@v1.1.0
+    #      with:
+    #        DSSC_IMAGE_NAME: 904737956763.dkr.ecr.us-east-1.amazonaws.com/oc_registry:java-goof
+    #        DSSC_SMARTCHECK_HOST: ${{ secrets.DSSC_SMARTCHECK_HOST }}
+    #        DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
+    #        DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
+    #        # You will need to generate an access key and secret for your AWS user
+    #        DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
+    #        DSSC_FINDINGS_THRESHOLD: '{"malware": 1, "vulnerabilities": { "defcon1": 1, "critical": 42, "high": 128, "medium": 106, "low":5}, "contents": { "defcon1": 1, "critical": 11, "high": 3, "medium":1 }, "checklists": { "defcon1": 1, "critical": 11, "high": 3, "medium":1 }}'
+    #        #DSSC_FINDINGS_THRESHOLD: '{"malware": 10, "vulnerabilities": { "defcon1": 10, "critical": 100, "high": 200, "medium": 200, "low":200}, "contents": { "defcon1": 10, "critical": 50, "high": 100, "medium":100 }, "checklists": { "defcon1": 10, "critical": 500, "high": 100, "medium":100 }}'
+    #        DSSC_INSECURE_SKIP_TLS_VERIFY: true
+    #        DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true
+    ArtifactScanner:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Check out code
+          uses: actions/checkout@v2
+        - name: Configure AWS credentials
+          uses: aws-actions/configure-aws-credentials@v1
+          with:
+            aws-access-key-id: ${{ secrets.ACCESS_KEY }}
+            aws-secret-access-key: ${{ secrets.SECRET_KEY }}
+            aws-region: us-east-1
+        - name: Login to Amazon ECR
+          id: login-ecr
+          uses: aws-actions/amazon-ecr-login@v1
+        - name: Trend Cloud One Container Security Scan Action
+          uses: trendmicro/cloudone-container-security-github-action@version*
           with:
-            DSSC_IMAGE_NAME: 904737956763.dkr.ecr.us-east-1.amazonaws.com/oc_registry:java-goof
-            DSSC_SMARTCHECK_HOST: ${{ secrets.DSSC_SMARTCHECK_HOST }}
-            DSSC_SMARTCHECK_USER: ${{ secrets.DSSC_SMARTCHECK_USER }}
-            DSSC_SMARTCHECK_PASSWORD: ${{ secrets.DSSC_SMARTCHECK_PASSWORD }}
-            # You will need to generate an access key and secret for your AWS user
-            DSSC_IMAGE_PULL_AUTH: '{"aws":{"region":"us-east-1","accessKeyID":"${{ secrets.ACCESS_KEY }}","secretAccessKey":"${{ secrets.SECRET_KEY }}"}}'
-            DSSC_FINDINGS_THRESHOLD: '{"malware": 1, "vulnerabilities": { "defcon1": 1, "critical": 42, "high": 128, "medium": 106, "low":5}, "contents": { "defcon1": 1, "critical": 11, "high": 3, "medium":1 }, "checklists": { "defcon1": 1, "critical": 11, "high": 3, "medium":1 }}'
-            #DSSC_FINDINGS_THRESHOLD: '{"malware": 10, "vulnerabilities": { "defcon1": 10, "critical": 100, "high": 200, "medium": 200, "low":200}, "contents": { "defcon1": 10, "critical": 50, "high": 100, "medium":100 }, "checklists": { "defcon1": 10, "critical": 500, "high": 100, "medium":100 }}'
-            DSSC_INSECURE_SKIP_TLS_VERIFY: true
-            DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true
+              # Mandatory
+              CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
+              REGION: us-1
+              # Optional
+              SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
+              IMAGE: alpine # The image need to be public or the pipeline need to have access to the private image of choice.
+              LOCAL_IMAGE_TARBALL: image.tar
+              # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
+              MAX_TOTAL: 0
+              MAX_CRITICAL: 0
+              MAX_HIGH: 0
+              MAX_MEDIUM: 0
+              MAX_LOW: 0
+              MAX_NEGLIGIBLE: 0
+              MAX_UNKNOWN: 0
+              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
\ No newline at end of file

From b44cdb2a6f6d2eb131d04394e4266afb1f0208a1 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 13:02:40 -0600
Subject: [PATCH 044/162] update Arifact Scanner Version

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 291d903..94d3ad9 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -61,7 +61,7 @@ jobs:
           id: login-ecr
           uses: aws-actions/amazon-ecr-login@v1
         - name: Trend Cloud One Container Security Scan Action
-          uses: trendmicro/cloudone-container-security-github-action@version*
+          uses: trendmicro/cloudone-container-security-github-action@1.0.8
           with:
               # Mandatory
               CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}

From dc316a621d0aa4970913ba079fd4959bcc87a942 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 13:03:48 -0600
Subject: [PATCH 045/162] Delete AWS ECR Steps

---
 .github/workflows/dssc-workload.yml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 94d3ad9..604d37b 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -49,17 +49,6 @@ jobs:
     ArtifactScanner:
       runs-on: ubuntu-latest
       steps:
-        - name: Check out code
-          uses: actions/checkout@v2
-        - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v1
-          with:
-            aws-access-key-id: ${{ secrets.ACCESS_KEY }}
-            aws-secret-access-key: ${{ secrets.SECRET_KEY }}
-            aws-region: us-east-1
-        - name: Login to Amazon ECR
-          id: login-ecr
-          uses: aws-actions/amazon-ecr-login@v1
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.8
           with:

From c8fed2583b1133b61dd33e4391122152daa6796d Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 13:09:04 -0600
Subject: [PATCH 046/162] Add Action Variable Configuration

---
 .github/workflows/dssc-workload.yml | 65 +++++++++++++++++++++++++----
 1 file changed, 58 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 604d37b..a0a84d7 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -1,5 +1,56 @@
 name: Deep Security Smart Check
 
+inputs:
+  CLOUD_ONE_API_KEY:
+    description: "Cloud One API Key"
+    required: true
+  IMAGE:
+    description: "Image URI to scan. Not required if you are doing pre-registry scanning. See LOCAL_IMAGE_TARBALL."
+    required: false
+  REGION:
+    description: "Cloud One Region"
+    required: true
+    default: "us-1"
+  SBOM:
+    description: "Decide if you want to save the SBOM file for the image. Default is true."
+    required: false
+    default: "true"
+  MAX_TOTAL:
+    description: "Max total of vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  MAX_CRITICAL:
+    description: "Max critical vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  MAX_HIGH:
+    description: "Max high vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  MAX_MEDIUM:
+    description: "Max medium vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  MAX_LOW:
+    description: "Max low vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  MAX_NEGLIGIBLE:
+    description: "Max negligible vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  MAX_UNKNOWN:
+    description: "Max unknown vulnerabilities acceptable in a images"
+    required: false
+    default: "0"
+  SCAN_RESULT_ARTIFACT:
+    description: "Name for the artifact generated by the scan in case you want to archive it."
+    required: false
+    default: "scan-result.json"
+  LOCAL_IMAGE_TARBALL:
+    description: "Name for the locally available image tarball in case you are doing pre-registry scanning."
+    required: false
+
 on: 
   push:
     branches: 
@@ -60,11 +111,11 @@ jobs:
               IMAGE: alpine # The image need to be public or the pipeline need to have access to the private image of choice.
               LOCAL_IMAGE_TARBALL: image.tar
               # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
-              MAX_TOTAL: 0
-              MAX_CRITICAL: 0
-              MAX_HIGH: 0
-              MAX_MEDIUM: 0
-              MAX_LOW: 0
-              MAX_NEGLIGIBLE: 0
-              MAX_UNKNOWN: 0
+              #MAX_TOTAL: 0
+              #MAX_CRITICAL: 0
+              #MAX_HIGH: 0
+              #MAX_MEDIUM: 0
+              #MAX_LOW: 0
+              #MAX_NEGLIGIBLE: 0
+              #MAX_UNKNOWN: 0
               SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
\ No newline at end of file

From be08ced6328f65908f59300e37473e5aa12b3d48 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 13:10:28 -0600
Subject: [PATCH 047/162] Update

---
 .github/workflows/dssc-workload.yml | 52 -----------------------------
 1 file changed, 52 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index a0a84d7..a0603a6 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -1,56 +1,4 @@
 name: Deep Security Smart Check
-
-inputs:
-  CLOUD_ONE_API_KEY:
-    description: "Cloud One API Key"
-    required: true
-  IMAGE:
-    description: "Image URI to scan. Not required if you are doing pre-registry scanning. See LOCAL_IMAGE_TARBALL."
-    required: false
-  REGION:
-    description: "Cloud One Region"
-    required: true
-    default: "us-1"
-  SBOM:
-    description: "Decide if you want to save the SBOM file for the image. Default is true."
-    required: false
-    default: "true"
-  MAX_TOTAL:
-    description: "Max total of vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  MAX_CRITICAL:
-    description: "Max critical vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  MAX_HIGH:
-    description: "Max high vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  MAX_MEDIUM:
-    description: "Max medium vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  MAX_LOW:
-    description: "Max low vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  MAX_NEGLIGIBLE:
-    description: "Max negligible vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  MAX_UNKNOWN:
-    description: "Max unknown vulnerabilities acceptable in a images"
-    required: false
-    default: "0"
-  SCAN_RESULT_ARTIFACT:
-    description: "Name for the artifact generated by the scan in case you want to archive it."
-    required: false
-    default: "scan-result.json"
-  LOCAL_IMAGE_TARBALL:
-    description: "Name for the locally available image tarball in case you are doing pre-registry scanning."
-    required: false
-
 on: 
   push:
     branches: 

From f0bf4fdc3dbb109e1d8982ce5e9a2a6b9e752482 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 13:14:07 -0600
Subject: [PATCH 048/162] Addding environment for GithubActions ENV Variab

---
 .github/workflows/dssc-workload.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index a0603a6..d2ec8f4 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -47,6 +47,7 @@ jobs:
     #        DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY: true
     ArtifactScanner:
       runs-on: ubuntu-latest
+      environment: DockerRegistry
       steps:
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.8

From c90ea4dca15ee682b206e15cc3c96b6f164ccfd5 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 14:45:58 -0600
Subject: [PATCH 049/162] add Env variables

---
 .github/workflows/dssc-workload.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index d2ec8f4..7c4e2d1 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -49,6 +49,24 @@ jobs:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
+        - name: Check out code
+          uses: actions/checkout@v2
+        - name: Configure AWS credentials
+          uses: aws-actions/configure-aws-credentials@v1
+          with:
+            role-to-assume: ${{ secrets.XAR }}
+            aws-region: ${{ secrets.REGION }}
+        - name: Login to Amazon ECR
+          id: login-ecr
+          uses: aws-actions/amazon-ecr-login@v1
+        - name: Build, tag, and push image to Amazon ECR
+          env:
+            ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+            ECR_REPOSITORY: oc_registry
+            IMAGE_TAG: latest
+          run: |
+            docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+            docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.8
           with:

From d92cb0919c239bf653ba4c994bf151b4486228d7 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 14:50:26 -0600
Subject: [PATCH 050/162] update version of aws actions

---
 .github/workflows/dssc-workload.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 7c4e2d1..bb0d10e 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -49,13 +49,17 @@ jobs:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
-        - name: Check out code
-          uses: actions/checkout@v2
+        - name: Git clone the repository
+          uses: actions/checkout@v3
         - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v1
+          uses: aws-actions/configure-aws-credentials@v1.7.0
           with:
             role-to-assume: ${{ secrets.XAR }}
+            role-session-name: GitHub_to_AWS_via_FederatedOIDC
             aws-region: ${{ secrets.REGION }}
+        - name: Sts GetCallerIdentity
+          run: |
+            aws sts get-caller-identity
         - name: Login to Amazon ECR
           id: login-ecr
           uses: aws-actions/amazon-ecr-login@v1

From 8474066967f7a34cbfd806d75d2b6bd88b023c99 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 14:55:19 -0600
Subject: [PATCH 051/162] Update Permmisions

---
 .github/workflows/dssc-workload.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index bb0d10e..6b2206a 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -3,6 +3,9 @@ on:
   push:
     branches: 
       - master
+permissions:
+  id-token: write
+  contents: read
 jobs:
     #docker:
     #  runs-on: ubuntu-latest

From 18aa9742fb0bfb77e47f8241ae5c522f8b6eee68 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 14:58:35 -0600
Subject: [PATCH 052/162] Update AWS Actions Version for Support Nodejs ver

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 6b2206a..0d05063 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -55,7 +55,7 @@ jobs:
         - name: Git clone the repository
           uses: actions/checkout@v3
         - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v1.7.0
+          uses: aws-actions/configure-aws-credentials@v2.2.0
           with:
             role-to-assume: ${{ secrets.XAR }}
             role-session-name: GitHub_to_AWS_via_FederatedOIDC

From a01b0ba7324a1edfaaaea6225900926fc94be988 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 15:01:04 -0600
Subject: [PATCH 053/162] update version

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 0d05063..3c25905 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -55,7 +55,7 @@ jobs:
         - name: Git clone the repository
           uses: actions/checkout@v3
         - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v2.2.0
+          uses: aws-actions/configure-aws-credentials@v2
           with:
             role-to-assume: ${{ secrets.XAR }}
             role-session-name: GitHub_to_AWS_via_FederatedOIDC

From 2ddba6058ccc63153f6263f830298a81047f2654 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 15:04:28 -0600
Subject: [PATCH 054/162] up

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 3c25905..db1098f 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -55,7 +55,7 @@ jobs:
         - name: Git clone the repository
           uses: actions/checkout@v3
         - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v2
+          uses: aws-actions/configure-aws-credentials@v2.0.0
           with:
             role-to-assume: ${{ secrets.XAR }}
             role-session-name: GitHub_to_AWS_via_FederatedOIDC

From 672279be8ea96c78edb960ff9fc23e2b039f81d3 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 15:05:32 -0600
Subject: [PATCH 055/162] aws-actions/configure-aws-credentials@v2.2.0

---
 .github/workflows/dssc-workload.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index db1098f..0d05063 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -55,7 +55,7 @@ jobs:
         - name: Git clone the repository
           uses: actions/checkout@v3
         - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v2.0.0
+          uses: aws-actions/configure-aws-credentials@v2.2.0
           with:
             role-to-assume: ${{ secrets.XAR }}
             role-session-name: GitHub_to_AWS_via_FederatedOIDC

From bc348ce9e4e27dc558175ace99bcd8505634309f Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 16:13:07 -0600
Subject: [PATCH 056/162] image

---
 .github/workflows/dssc-workload.yml | 46 ++++++++++++++---------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 0d05063..f83565a 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -52,28 +52,28 @@ jobs:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
-        - name: Git clone the repository
-          uses: actions/checkout@v3
-        - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v2.2.0
-          with:
-            role-to-assume: ${{ secrets.XAR }}
-            role-session-name: GitHub_to_AWS_via_FederatedOIDC
-            aws-region: ${{ secrets.REGION }}
-        - name: Sts GetCallerIdentity
-          run: |
-            aws sts get-caller-identity
-        - name: Login to Amazon ECR
-          id: login-ecr
-          uses: aws-actions/amazon-ecr-login@v1
-        - name: Build, tag, and push image to Amazon ECR
-          env:
-            ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-            ECR_REPOSITORY: oc_registry
-            IMAGE_TAG: latest
-          run: |
-            docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-            docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        #- name: Git clone the repository
+        #  uses: actions/checkout@v3
+        #- name: Configure AWS credentials
+        #  uses: aws-actions/configure-aws-credentials@v2.2.0
+        #  with:
+        #    role-to-assume: ${{ secrets.XAR }}
+        #    role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        #    aws-region: ${{ secrets.REGION }}
+        #- name: Sts GetCallerIdentity
+        #  run: |
+        #    aws sts get-caller-identity
+        #- name: Login to Amazon ECR
+        #  id: login-ecr
+        #  uses: aws-actions/amazon-ecr-login@v1
+        #- name: Build, tag, and push image to Amazon ECR
+        #  env:
+        #    ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        #    ECR_REPOSITORY: oc_registry
+        #    IMAGE_TAG: latest
+        #  run: |
+        #    docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+        #    docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.8
           with:
@@ -82,7 +82,7 @@ jobs:
               REGION: us-1
               # Optional
               SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
-              IMAGE: alpine # The image need to be public or the pipeline need to have access to the private image of choice.
+              IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
               LOCAL_IMAGE_TARBALL: image.tar
               # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
               #MAX_TOTAL: 0

From bdc3fcc1dac5f1ad3f8127af29feafb4686ce5b4 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 16:20:21 -0600
Subject: [PATCH 057/162] update Image information

---
 .github/workflows/dssc-workload.yml | 31 ++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index f83565a..70bf36d 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -52,14 +52,28 @@ jobs:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
-        #- name: Git clone the repository
-        #  uses: actions/checkout@v3
-        #- name: Configure AWS credentials
-        #  uses: aws-actions/configure-aws-credentials@v2.2.0
-        #  with:
-        #    role-to-assume: ${{ secrets.XAR }}
-        #    role-session-name: GitHub_to_AWS_via_FederatedOIDC
-        #    aws-region: ${{ secrets.REGION }}
+        - name: Git clone the repository
+          uses: actions/checkout@v3
+        - name: Configure AWS credentials
+          uses: aws-actions/configure-aws-credentials@v2.2.0
+          with:
+            role-to-assume: ${{ secrets.XAR }}
+            role-session-name: GitHub_to_AWS_via_FederatedOIDC
+            aws-region: ${{ secrets.REGION }}
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@v2
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v2
+        - name: Login to Docker Hub
+          uses: docker/login-action@v2
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        - name: Build and push
+          uses: docker/build-push-action@v4
+          with:
+            push: true
+            tags: xniapdev/django-app:45
         #- name: Sts GetCallerIdentity
         #  run: |
         #    aws sts get-caller-identity
@@ -83,7 +97,6 @@ jobs:
               # Optional
               SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
               IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
-              LOCAL_IMAGE_TARBALL: image.tar
               # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
               #MAX_TOTAL: 0
               #MAX_CRITICAL: 0

From e55f55670dd5807f550f5f07f5de2f6195a11b29 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 16:21:35 -0600
Subject: [PATCH 058/162] comment aws configuration

---
 .github/workflows/dssc-workload.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 70bf36d..9b32e1e 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -54,12 +54,12 @@ jobs:
       steps:
         - name: Git clone the repository
           uses: actions/checkout@v3
-        - name: Configure AWS credentials
-          uses: aws-actions/configure-aws-credentials@v2.2.0
-          with:
-            role-to-assume: ${{ secrets.XAR }}
-            role-session-name: GitHub_to_AWS_via_FederatedOIDC
-            aws-region: ${{ secrets.REGION }}
+        #- name: Configure AWS credentials
+        #  uses: aws-actions/configure-aws-credentials@v2.2.0
+        #  with:
+        #    role-to-assume: ${{ secrets.XAR }}
+        #    role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        #    aws-region: ${{ secrets.REGION }}
         - name: Set up QEMU
           uses: docker/setup-qemu-action@v2
         - name: Set up Docker Buildx

From a328a83d06e32788846f718bce66098c4d9908d2 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 16:30:20 -0600
Subject: [PATCH 059/162] add code for save scanning result

---
 .github/workflows/dssc-workload.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 9b32e1e..7ed6736 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -74,6 +74,7 @@ jobs:
           with:
             push: true
             tags: xniapdev/django-app:45
+          - name: 'Upload Scan Result Artifact'
         #- name: Sts GetCallerIdentity
         #  run: |
         #    aws sts get-caller-identity
@@ -105,4 +106,15 @@ jobs:
               #MAX_LOW: 0
               #MAX_NEGLIGIBLE: 0
               #MAX_UNKNOWN: 0
-              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
\ No newline at end of file
+              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
+        - uses: actions/upload-artifact@v3
+          with:
+            name: scan-result
+            path: result.json
+            retention-days: 30
+        - name: 'Upload SBOM Artifact'
+          uses: actions/upload-artifact@v3
+          with:
+            name: sbom
+            path: SBOM.json
+            retention-days: 30
\ No newline at end of file

From 01a267d893dd58b1d65c1bfac4de801c5fc149b1 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 16:33:11 -0600
Subject: [PATCH 060/162] add threshold

---
 .github/workflows/dssc-workload.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index 7ed6736..e476d5a 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -74,7 +74,6 @@ jobs:
           with:
             push: true
             tags: xniapdev/django-app:45
-          - name: 'Upload Scan Result Artifact'
         #- name: Sts GetCallerIdentity
         #  run: |
         #    aws sts get-caller-identity
@@ -99,15 +98,16 @@ jobs:
               SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
               IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
               # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
-              #MAX_TOTAL: 0
-              #MAX_CRITICAL: 0
-              #MAX_HIGH: 0
-              #MAX_MEDIUM: 0
-              #MAX_LOW: 0
-              #MAX_NEGLIGIBLE: 0
-              #MAX_UNKNOWN: 0
+              MAX_TOTAL: 300
+              MAX_CRITICAL: 100
+              MAX_HIGH: 100
+              MAX_MEDIUM: 100
+              MAX_LOW: 100
+              MAX_NEGLIGIBLE: 100
+              MAX_UNKNOWN: 100
               SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
-        - uses: actions/upload-artifact@v3
+        - name: 'Upload Scan Result Artifact'
+          uses: actions/upload-artifact@v3
           with:
             name: scan-result
             path: result.json

From 839324696d01a67a1d933246c3f2d595f295388c Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 22 Jul 2023 16:36:17 -0600
Subject: [PATCH 061/162] .

---
 .github/workflows/dssc-workload.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/dssc-workload.yml b/.github/workflows/dssc-workload.yml
index e476d5a..db21971 100644
--- a/.github/workflows/dssc-workload.yml
+++ b/.github/workflows/dssc-workload.yml
@@ -98,13 +98,13 @@ jobs:
               SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
               IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
               # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
-              MAX_TOTAL: 300
-              MAX_CRITICAL: 100
-              MAX_HIGH: 100
-              MAX_MEDIUM: 100
-              MAX_LOW: 100
-              MAX_NEGLIGIBLE: 100
-              MAX_UNKNOWN: 100
+              MAX_TOTAL: 1000
+              MAX_CRITICAL: 500
+              MAX_HIGH: 500
+              MAX_MEDIUM: 500
+              MAX_LOW: 500
+              MAX_NEGLIGIBLE: 500
+              MAX_UNKNOWN: 500
               SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
         - name: 'Upload Scan Result Artifact'
           uses: actions/upload-artifact@v3

From add3c40dc8ea8002357196d6566d2153d95e4bf9 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 21 Oct 2023 13:18:20 -0600
Subject: [PATCH 062/162] Update requirements.txt

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 90aa5e9..b396682 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,3 @@
 requests
 docker-image-py
+#test

From ecba876a68d924171549e1e000200a422985e970 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sat, 21 Oct 2023 13:19:05 -0600
Subject: [PATCH 063/162] Update requirements.txt

---
 requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b396682..90aa5e9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,2 @@
 requests
 docker-image-py
-#test

From b9d2034ec7c1f457ce733296fd57329fcb8ed1fb Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:20:34 -0800
Subject: [PATCH 064/162] Set up CI with Azure Pipelines

[skip ci]
---
 azure-pipelines.yml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 5bd38f0..ff5c046 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -28,17 +28,3 @@ stages:
         dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
         buildContext: '$(Build.SourcesDirectory)'
         repository: $(imageName)
-    - task: UsePythonVersion@0
-      inputs:
-        versionSpec: '3.x'
-        addToPath: true
-        architecture: 'x64'
-    - script: |
-        python -m pip install --upgrade pip
-        pip install -r requirements.txt
-      displayName: 'Install dependencies'
-    - task: PythonScript@0
-      inputs:
-        scriptSource: 'filePath'
-        scriptPath: 'SmartcheckScan.py'
-        arguments: '--dssc-host "$(SC_Host)" --dssc-user "$(SC_User)"  --dssc-password "$(SC_Pass)" --webhook-teams "$(SC_Teams_Weekhook)" --skip-tls-verify "$(imageName)":"$(tag)"'

From c09b96ca1bee8773a2cf436bbb007edfc893d4bb Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:38:39 -0800
Subject: [PATCH 065/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index ff5c046..63d3a92 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -28,3 +28,18 @@ stages:
         dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
         buildContext: '$(Build.SourcesDirectory)'
         repository: $(imageName)
+- stage: Trend Micro Artifact Scanner
+  displayName: Trend Micro Artifact Scanner
+  jobs:
+    - job: Image Scan
+      displayName: Image Scan
+      pool:
+        vmImage: ubuntu-latest
+      steps:
+      - script: |
+          curl -L -o tmas-cli.zip https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+          unzip tmas-cli.zip -d tmas-cli
+          chmod +x tmas-cli/tmas
+        displayName: Get Latest Version of TMAS
+      - script: |
+          ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM

From 5e622ac602caf363dc264549727bfc8ba9aaa69b Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:39:07 -0800
Subject: [PATCH 066/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 63d3a92..2b93e9a 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -31,7 +31,7 @@ stages:
 - stage: Trend Micro Artifact Scanner
   displayName: Trend Micro Artifact Scanner
   jobs:
-    - job: Image Scan
+    - job: Image_Scan
       displayName: Image Scan
       pool:
         vmImage: ubuntu-latest

From cc439c2c457adb4a4fc59eea08ed0f7e2e84eb8d Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:39:59 -0800
Subject: [PATCH 067/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 2b93e9a..2b197db 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -28,7 +28,7 @@ stages:
         dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
         buildContext: '$(Build.SourcesDirectory)'
         repository: $(imageName)
-- stage: Trend Micro Artifact Scanner
+- stage: Scan
   displayName: Trend Micro Artifact Scanner
   jobs:
     - job: Image_Scan

From efd86d0e0a761ba8e6c95dc45d91aae7878cef89 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:46:46 -0800
Subject: [PATCH 068/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 2b197db..22dc15f 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -37,8 +37,9 @@ stages:
         vmImage: ubuntu-latest
       steps:
       - script: |
-          curl -L -o tmas-cli.zip https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
-          unzip tmas-cli.zip -d tmas-cli
+          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+          ls -la
+          tar -xzvf tmas-cli.tar.gz -C tmas-cli/
           chmod +x tmas-cli/tmas
         displayName: Get Latest Version of TMAS
       - script: |

From 306e9599e4115992dbd6b67beb80eec2d1979a20 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:50:10 -0800
Subject: [PATCH 069/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 22dc15f..a99e725 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -37,7 +37,7 @@ stages:
         vmImage: ubuntu-latest
       steps:
       - script: |
-          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+          curl -L -o tmas-cli.zip https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
           ls -la
           tar -xzvf tmas-cli.tar.gz -C tmas-cli/
           chmod +x tmas-cli/tmas

From a2a3e7763b098457d462f7b83b200ee46071978e Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:52:37 -0800
Subject: [PATCH 070/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index a99e725..4616add 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -38,8 +38,8 @@ stages:
       steps:
       - script: |
           curl -L -o tmas-cli.zip https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+          unzip tmas-cli.zip
           ls -la
-          tar -xzvf tmas-cli.tar.gz -C tmas-cli/
           chmod +x tmas-cli/tmas
         displayName: Get Latest Version of TMAS
       - script: |

From c2ee2da6ca3feafc038c652a8b12951b91fb2816 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:56:39 -0800
Subject: [PATCH 071/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 4616add..00b8651 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -37,8 +37,8 @@ stages:
         vmImage: ubuntu-latest
       steps:
       - script: |
-          curl -L -o tmas-cli.zip https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
-          unzip tmas-cli.zip
+          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+          tar -xzvf tmas-cli.tar.gz -C tmas-cli
           ls -la
           chmod +x tmas-cli/tmas
         displayName: Get Latest Version of TMAS

From bc844e57ceb3d373c8cfec41c0279f38e579d5d9 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 18:59:31 -0800
Subject: [PATCH 072/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 00b8651..453cc54 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -38,7 +38,7 @@ stages:
       steps:
       - script: |
           curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
-          tar -xzvf tmas-cli.tar.gz -C tmas-cli
+          tar -xzvf ./tmas-cli.tar.gz -C tmas-cli
           ls -la
           chmod +x tmas-cli/tmas
         displayName: Get Latest Version of TMAS

From 4c04ee4c4b2b165945bc604f8f72c510cecd272f Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:02:23 -0800
Subject: [PATCH 073/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 453cc54..a358f8f 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -37,8 +37,9 @@ stages:
         vmImage: ubuntu-latest
       steps:
       - script: |
+          tar --version
           curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
-          tar -xzvf ./tmas-cli.tar.gz -C tmas-cli
+          sudo tar -xzvf ./tmas-cli.tar.gz -C tmas-cli
           ls -la
           chmod +x tmas-cli/tmas
         displayName: Get Latest Version of TMAS

From 97a602936c800d818f3641e2f1627f68dd2bc783 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:14:11 -0800
Subject: [PATCH 074/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index a358f8f..ff60e98 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -38,10 +38,14 @@ stages:
       steps:
       - script: |
           tar --version
-          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
-          sudo tar -xzvf ./tmas-cli.tar.gz -C tmas-cli
-          ls -la
-          chmod +x tmas-cli/tmas
+          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/- task: ExtractFiles@1
         displayName: Get Latest Version of TMAS
+      - task: ExtractFiles@1
+        inputs:
+          archiveFilePatterns: '**/tmas-cli_Linux_x86_64.tar.gz'
+          destinationFolder: 'tmas-cli'
+          cleanDestinationFolder: true
+          overwriteExistingFiles: true
+      
       - script: |
           ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM

From 0881d660027883984de0ce19cf9ade0b30c231b5 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:15:15 -0800
Subject: [PATCH 075/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index ff60e98..e3ecb64 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -48,4 +48,5 @@ stages:
           overwriteExistingFiles: true
       
       - script: |
+          ls -la 
           ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM

From dd9ccedbf150ebf1ab69313e31947f6b5d4a8140 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:23:31 -0800
Subject: [PATCH 076/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index e3ecb64..b5ca9b2 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -38,7 +38,7 @@ stages:
       steps:
       - script: |
           tar --version
-          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/- task: ExtractFiles@1
+          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
         displayName: Get Latest Version of TMAS
       - task: ExtractFiles@1
         inputs:

From a8c716b2f1c39dc713360774ba80c2b862631915 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:27:35 -0800
Subject: [PATCH 077/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index b5ca9b2..d62c438 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -48,5 +48,5 @@ stages:
           overwriteExistingFiles: true
       
       - script: |
-          ls -la 
+          ls -la tmas-cli
           ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM

From bd2f2507c3717a3cc28cbc791053fa6046fd519c Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:32:56 -0800
Subject: [PATCH 078/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index d62c438..7dcb42a 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -42,7 +42,7 @@ stages:
         displayName: Get Latest Version of TMAS
       - task: ExtractFiles@1
         inputs:
-          archiveFilePatterns: '**/tmas-cli_Linux_x86_64.tar.gz'
+          archiveFilePatterns: 'tmas-cli_Linux_x86_64.tar.gz'
           destinationFolder: 'tmas-cli'
           cleanDestinationFolder: true
           overwriteExistingFiles: true

From e3942badf86d4b900276503832f4513de51fec07 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:35:43 -0800
Subject: [PATCH 079/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 7dcb42a..c451941 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -38,11 +38,11 @@ stages:
       steps:
       - script: |
           tar --version
-          curl -L -o tmas-cli.tar.gz https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+          wget https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
         displayName: Get Latest Version of TMAS
       - task: ExtractFiles@1
         inputs:
-          archiveFilePatterns: 'tmas-cli_Linux_x86_64.tar.gz'
+          archiveFilePatterns: '**/tmas-cli_Linux_x86_64.tar.gz'
           destinationFolder: 'tmas-cli'
           cleanDestinationFolder: true
           overwriteExistingFiles: true

From 3d32af83db3f9dab84ee5ed498f5a93198f50229 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:43:22 -0800
Subject: [PATCH 080/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index c451941..1eac515 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -46,7 +46,8 @@ stages:
           destinationFolder: 'tmas-cli'
           cleanDestinationFolder: true
           overwriteExistingFiles: true
-      
       - script: |
           ls -la tmas-cli
+          echo $(imageName):$(tag)
+          export TMAS_API_KEY=${{ variables.v1apikey }}
           ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM

From b2e75b938aa563bbd9d7af85cba8425d6dc90d34 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:51:22 -0800
Subject: [PATCH 081/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 1eac515..38af25c 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -35,6 +35,8 @@ stages:
       displayName: Image Scan
       pool:
         vmImage: ubuntu-latest
+      variables:
+        TMAS_API_KEY: ${{ variables.v1apikey }}
       steps:
       - script: |
           tar --version
@@ -49,5 +51,5 @@ stages:
       - script: |
           ls -la tmas-cli
           echo $(imageName):$(tag)
-          export TMAS_API_KEY=${{ variables.v1apikey }}
-          ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM
+          echo $(TMAS_API_KEY)
+          ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM
\ No newline at end of file

From 6e50a36615283c13fb063441ca10d7f014256d5f Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 19:55:06 -0800
Subject: [PATCH 082/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 38af25c..a11a792 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -22,12 +22,11 @@ stages:
       vmImage: ubuntu-latest
     steps:
     - task: Docker@2
-      displayName: Build an image
       inputs:
-        command: build
-        dockerfile: '$(Build.SourcesDirectory)/Dockerfile'
-        buildContext: '$(Build.SourcesDirectory)'
-        repository: $(imageName)
+        containerRegistry: 'Trendbrregistry'
+        repository: 'v1cs-demo'
+        command: 'buildAndPush'
+        Dockerfile: '**/Dockerfile'
 - stage: Scan
   displayName: Trend Micro Artifact Scanner
   jobs:

From eb8e80630653461fd03196bdfeb9735280fbb6e7 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:03:10 -0800
Subject: [PATCH 083/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index a11a792..180474b 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -9,7 +9,7 @@ resources:
 - repo: self
 
 variables:
-  imageName: 'oc_registry'
+  imageName: 'xniapdev/django-app'
   tag: '$(Build.BuildId)'
 
 stages:
@@ -23,8 +23,8 @@ stages:
     steps:
     - task: Docker@2
       inputs:
-        containerRegistry: 'Trendbrregistry'
-        repository: 'v1cs-demo'
+        containerRegistry: 'dockerhub'
+        repository: 'xniapdev/django-app'
         command: 'buildAndPush'
         Dockerfile: '**/Dockerfile'
 - stage: Scan

From 3e1f18ddeb8cbbcd9a22764ca7966ac035191aee Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:12:54 -0800
Subject: [PATCH 084/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 180474b..c97b131 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -11,6 +11,7 @@ resources:
 variables:
   imageName: 'xniapdev/django-app'
   tag: '$(Build.BuildId)'
+  TMAS_API_KEY: '$(v1apikey)'
 
 stages:
 - stage: Build
@@ -34,8 +35,6 @@ stages:
       displayName: Image Scan
       pool:
         vmImage: ubuntu-latest
-      variables:
-        TMAS_API_KEY: ${{ variables.v1apikey }}
       steps:
       - script: |
           tar --version
@@ -49,6 +48,11 @@ stages:
           overwriteExistingFiles: true
       - script: |
           ls -la tmas-cli
-          echo $(imageName):$(tag)
           echo $(TMAS_API_KEY)
-          ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM
\ No newline at end of file
+      - task: Bash@3
+        inputs:
+          targetType: 'inline'
+          script: echo $MYSECRET
+        env:
+          TMAS_API_KEY: $(TMAS_API_KEY)
+      
\ No newline at end of file

From 8f22fb4c8403722ca6bcd544c6eaec313e4465f4 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:20:04 -0800
Subject: [PATCH 085/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index c97b131..42ba6d1 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -11,7 +11,7 @@ resources:
 variables:
   imageName: 'xniapdev/django-app'
   tag: '$(Build.BuildId)'
-  TMAS_API_KEY: '$(v1apikey)'
+  apikey: '$(v1apikey)'
 
 stages:
 - stage: Build
@@ -25,7 +25,7 @@ stages:
     - task: Docker@2
       inputs:
         containerRegistry: 'dockerhub'
-        repository: 'xniapdev/django-app'
+        repository: $(imageName)
         command: 'buildAndPush'
         Dockerfile: '**/Dockerfile'
 - stage: Scan
@@ -52,7 +52,11 @@ stages:
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: echo $MYSECRET
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM >> result.json
         env:
-          TMAS_API_KEY: $(TMAS_API_KEY)
+          TMAS_API_KEY: $(apikey)
+
+      - publish: '$(Build.ArtifactStagingDirectory)/*.json'
+        displayName: 'Publish results'
+        artifact: drop
       
\ No newline at end of file

From 79c8facc628075597079381be5eb15c75dbfb4a9 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:27:10 -0800
Subject: [PATCH 086/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 42ba6d1..7ee99df 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -46,17 +46,15 @@ stages:
           destinationFolder: 'tmas-cli'
           cleanDestinationFolder: true
           overwriteExistingFiles: true
-      - script: |
-          ls -la tmas-cli
-          echo $(TMAS_API_KEY)
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM >> result.json
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 >> result.json
         env:
           TMAS_API_KEY: $(apikey)
-
-      - publish: '$(Build.ArtifactStagingDirectory)/*.json'
+      - script: |
+          ls -la tmas-cli
+      - publish: './tmas-cli/*.json'
         displayName: 'Publish results'
         artifact: drop
       
\ No newline at end of file

From d67903ca67d121db4ee3a2086ce73b1415820274 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:36:26 -0800
Subject: [PATCH 087/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 7ee99df..e8bbce7 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -53,8 +53,8 @@ stages:
         env:
           TMAS_API_KEY: $(apikey)
       - script: |
-          ls -la tmas-cli
-      - publish: './tmas-cli/*.json'
+          ls -la 
+      - publish: './*.json'
         displayName: 'Publish results'
         artifact: drop
       
\ No newline at end of file

From a5e7ea2f0cf8fdaca263ecf9368c8dd4c37eadec Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:41:04 -0800
Subject: [PATCH 088/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index e8bbce7..d475f04 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -54,7 +54,9 @@ stages:
           TMAS_API_KEY: $(apikey)
       - script: |
           ls -la 
-      - publish: './*.json'
+      - publish: 'SBOM_OciRegistry_django-app_*.json'
         displayName: 'Publish results'
         artifact: drop
-      
\ No newline at end of file
+      - publish: 'result.json'
+        displayName: 'Publish results'
+        artifact: drop
\ No newline at end of file

From fc12d56d511321821a9b722aa042cad148872dfc Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 20:45:57 -0800
Subject: [PATCH 089/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index d475f04..366b484 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -52,11 +52,14 @@ stages:
           script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 >> result.json
         env:
           TMAS_API_KEY: $(apikey)
-      - script: |
-          ls -la 
-      - publish: 'SBOM_OciRegistry_django-app_*.json'
-        displayName: 'Publish results'
-        artifact: drop
+
       - publish: 'result.json'
         displayName: 'Publish results'
-        artifact: drop
\ No newline at end of file
+        artifact: drop
+      
+      - task: PublishBuildArtifacts@1
+        inputs:
+          PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+          ArtifactName: 'drop'
+          publishLocation: 'FilePath'
+          TargetPath: 'result.json'
\ No newline at end of file

From 197874d531c113ffd5840c8767c59263b5039900 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 23:49:43 -0600
Subject: [PATCH 090/162] Create ArtifactScannerReport.py

---
 ArtifactScannerReport.py | 80 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 ArtifactScannerReport.py

diff --git a/ArtifactScannerReport.py b/ArtifactScannerReport.py
new file mode 100644
index 0000000..f465292
--- /dev/null
+++ b/ArtifactScannerReport.py
@@ -0,0 +1,80 @@
+import sys
+import pandas as pd
+import json
+
+
+def format_related_vulnerabilities(related_vulns):
+    """Formatea las vulnerabilidades relacionadas en una cadena de texto."""
+    formatted_vulns = []
+    for vuln in related_vulns:
+        summary = "; ".join([f"{summary['cvssVersion']}: {summary['cvssAttackVector']}/{summary['cvssAttackComplexity']}/{summary['cvssAvailabilityImpact']}" for summary in vuln.get('cvssSummaries', [])])
+        formatted_vulns.append(f"{vuln['id']} (Severidad: {vuln['severity']}, Resumen CVSS: {summary})")
+    return ", ".join(formatted_vulns)
+
+# Función para aplanar y extraer los datos de la sección 'vulnerability'
+def format_summary_vulnerabilities(vulnerability_data):
+    resumen_vulnerabilidades = {
+        "Total Vulnerabilidades":  vulnerability_data["totalVulnCount"],
+        "Críticas": vulnerability_data["criticalCount"],
+        "Altas": vulnerability_data["highCount"],
+        "Medias": vulnerability_data["mediumCount"],
+        "Bajas": vulnerability_data["lowCount"],
+        "Negligibles": vulnerability_data["negligibleCount"],
+        "Desconocidas": vulnerability_data["unknownCount"]
+    }
+
+    # Convertir el resumen en un DataFrame
+    df_resumen = pd.DataFrame([resumen_vulnerabilidades])
+
+    # Preparar detalles de los hallazgos
+    detalles_vulnerabilidades = []
+    for severity, findings in vulnerability_data["findings"].items():
+        for finding in findings:
+            finding["relatedVulnerabilities"] = format_related_vulnerabilities(finding.get("relatedVulnerabilities", []))
+            finding["severity"] = severity  # Añadir la severidad a cada hallazgo
+            detalles_vulnerabilidades.append(finding)
+
+    df_detalles = pd.json_normalize(detalles_vulnerabilidades)
+
+    return df_resumen, df_detalles
+
+def export_file(df_resumen, df_detalles, nombre_imagen):
+    with pd.ExcelWriter(f"reporte_vulnerabilidades-{nombre_imagen}.xlsx", engine="xlsxwriter") as writer:
+        df_resumen.to_excel(writer, sheet_name="Resumen", index=False)
+        df_detalles.to_excel(writer, sheet_name="Detalles", index=False)
+        workbook  = writer.book
+        worksheet_resumen = writer.sheets['Resumen']
+        worksheet_detalles = writer.sheets['Detalles']
+
+        # Estilos personalizados
+        header_format = workbook.add_format({
+            'bold': True,
+            'text_wrap': True,
+            'valign': 'top',
+            'fg_color': '#95b6fc',
+            'border': 1})
+
+        # Aplicar estilos a los encabezados
+        for col_num, value in enumerate(df_resumen.columns.values):
+            worksheet_resumen.write(0, col_num, value, header_format)
+        for col_num, value in enumerate(df_detalles.columns.values):
+            worksheet_detalles.write(0, col_num, value, header_format)
+
+        # Ajustar el ancho de las columnas
+        worksheet_resumen.set_column('A:H', 20)
+        worksheet_detalles.set_column('A:I', 20)
+    print(f"Reporte generado: reporte_vulnerabilidades-{nombre_imagen}.xlsx")
+
+def main():
+    # Leer desde stdin
+    if len(sys.argv) < 2:
+        print("Uso: python report.py [nombre_imagen] [archivo_entrada]")
+        sys.exit(1)
+    nombre_imagen = sys.argv[1]
+    json_data = json.load(sys.stdin)
+    # Procesar los datos de 'vulnerability'
+    df_resumen, df_detalles = format_summary_vulnerabilities(json_data)
+    export_file(df_resumen, df_detalles, nombre_imagen)
+
+if __name__ == "__main__":
+    main()

From 454349c56dfd92d79a78c7bcc6a240737b0181e0 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 23:52:25 -0600
Subject: [PATCH 091/162] Update azure-pipelines.yml

---
 azure-pipelines.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 366b484..2376135 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -49,7 +49,7 @@ stages:
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 >> result.json
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python report.py $(imageName)
         env:
           TMAS_API_KEY: $(apikey)
 
@@ -62,4 +62,4 @@ stages:
           PathtoPublish: '$(Build.ArtifactStagingDirectory)'
           ArtifactName: 'drop'
           publishLocation: 'FilePath'
-          TargetPath: 'result.json'
\ No newline at end of file
+          TargetPath: 'result.json'

From fbd6614fb5991b4a83bb32aceb3aad8b74c27c0a Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 21:56:43 -0800
Subject: [PATCH 092/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 2376135..f073f20 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -49,7 +49,7 @@ stages:
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python report.py $(imageName)
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
         env:
           TMAS_API_KEY: $(apikey)
 

From f0fa436b0ab1c32b2ff4913ddfbf39a2793b36e5 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 22:00:37 -0800
Subject: [PATCH 093/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index f073f20..ffb4bf0 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -49,7 +49,9 @@ stages:
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
+          script: |
+            pip install pandas
+            ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
         env:
           TMAS_API_KEY: $(apikey)
 

From 95c577f950cbda4b9fa536a3cbd5725e39825208 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 13 Dec 2023 00:18:28 -0600
Subject: [PATCH 094/162] Update azure-pipelines.yml

---
 azure-pipelines.yml | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index ffb4bf0..6a1e36f 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -49,14 +49,30 @@ stages:
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: |
-            pip install pandas
-            ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
+          script: pip install pandas
+      #- task: Bash@3
+      #  inputs:
+      #    targetType: 'inline'
+      #    script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
+      #  env:
+      #    TMAS_API_KEY: $(apikey)
+      - task: Bash@3
+        inputs:
+          targetType: 'inline'
+          script: ./tmas-cli/tmas scan $(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
         env:
           TMAS_API_KEY: $(apikey)
+      - task: Bash@3
+        inputs:
+          targetType: 'inline'
+          script: python ArtifactScannerReport.py $(imageName) result.json
 
       - publish: 'result.json'
-        displayName: 'Publish results'
+        displayName: 'Publish json'
+        artifact: drop
+        
+      - publish: 'reporte_vulnerabilidades-$(imageName).xlsx'
+        displayName: 'Publish Excel'
         artifact: drop
       
       - task: PublishBuildArtifacts@1

From 4fcd1682e735b608aa271927d08a10b5fb34ff2c Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 12 Dec 2023 23:59:55 -0800
Subject: [PATCH 095/162] Update azure-pipelines.yml

---
 azure-pipelines.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 6a1e36f..49403d7 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -12,6 +12,7 @@ variables:
   imageName: 'xniapdev/django-app'
   tag: '$(Build.BuildId)'
   apikey: '$(v1apikey)'
+  nombre-reporte: 'reporte_vulnerabilidades-$(imageName).xlsx'
 
 stages:
 - stage: Build
@@ -59,7 +60,7 @@ stages:
       - task: Bash@3
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan $(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
         env:
           TMAS_API_KEY: $(apikey)
       - task: Bash@3

From a10abc0aae225cc0d6d809449ec6aa72eada69b1 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 13 Dec 2023 11:40:02 -0800
Subject: [PATCH 096/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 49403d7..145b6be 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -51,31 +51,27 @@ stages:
         inputs:
           targetType: 'inline'
           script: pip install pandas
-      #- task: Bash@3
-      #  inputs:
-      #    targetType: 'inline'
-      #    script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
-      #  env:
-      #    TMAS_API_KEY: $(apikey)
       - task: Bash@3
+        displayName: "Scan from Registry to Excel"
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
         env:
           TMAS_API_KEY: $(apikey)
       - task: Bash@3
+        displayName: "Scan from Registry to Json"
         inputs:
           targetType: 'inline'
-          script: python ArtifactScannerReport.py $(imageName) result.json
-
-      - publish: 'result.json'
-        displayName: 'Publish json'
-        artifact: drop
-        
-      - publish: 'reporte_vulnerabilidades-$(imageName).xlsx'
-        displayName: 'Publish Excel'
-        artifact: drop
+          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
+        env:
+          TMAS_API_KEY: $(apikey)
       
+      - task: PublishBuildArtifacts@1
+        inputs:
+          PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+          ArtifactName: 'drop'
+          publishLocation: 'FilePath'
+          TargetPath: 'reporte_vulnerabilidades-$(imageName).xlsx'
       - task: PublishBuildArtifacts@1
         inputs:
           PathtoPublish: '$(Build.ArtifactStagingDirectory)'

From 60b929963cda1e0e71bc11546b69ac6a4c8e00f4 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 13 Dec 2023 13:09:44 -0800
Subject: [PATCH 097/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 145b6be..eefa2e7 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -47,17 +47,6 @@ stages:
           destinationFolder: 'tmas-cli'
           cleanDestinationFolder: true
           overwriteExistingFiles: true
-      - task: Bash@3
-        inputs:
-          targetType: 'inline'
-          script: pip install pandas
-      - task: Bash@3
-        displayName: "Scan from Registry to Excel"
-        inputs:
-          targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 | python ArtifactScannerReport.py $(imageName)
-        env:
-          TMAS_API_KEY: $(apikey)
       - task: Bash@3
         displayName: "Scan from Registry to Json"
         inputs:
@@ -65,13 +54,6 @@ stages:
           script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
         env:
           TMAS_API_KEY: $(apikey)
-      
-      - task: PublishBuildArtifacts@1
-        inputs:
-          PathtoPublish: '$(Build.ArtifactStagingDirectory)'
-          ArtifactName: 'drop'
-          publishLocation: 'FilePath'
-          TargetPath: 'reporte_vulnerabilidades-$(imageName).xlsx'
       - task: PublishBuildArtifacts@1
         inputs:
           PathtoPublish: '$(Build.ArtifactStagingDirectory)'

From 1b82d9be3b955cf8619ddb717d95dc8609297681 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 13 Dec 2023 14:02:21 -0800
Subject: [PATCH 098/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index eefa2e7..aec1f72 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -54,9 +54,7 @@ stages:
           script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
         env:
           TMAS_API_KEY: $(apikey)
-      - task: PublishBuildArtifacts@1
-        inputs:
-          PathtoPublish: '$(Build.ArtifactStagingDirectory)'
-          ArtifactName: 'drop'
-          publishLocation: 'FilePath'
-          TargetPath: 'result.json'
+      
+      - publish: 'result.json'
+        displayName: 'Publish json'
+        artifact: drop

From 894eb99e206a0486da5c37e6c3ae3714169a2beb Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Wed, 13 Dec 2023 14:02:27 -0800
Subject: [PATCH 099/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index aec1f72..559f201 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -57,4 +57,4 @@ stages:
       
       - publish: 'result.json'
         displayName: 'Publish json'
-        artifact: drop
+        artifact: drop
\ No newline at end of file

From 758640ccf22651b18a800d434e541b07a95cc970 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Mon, 8 Jan 2024 13:43:33 -0600
Subject: [PATCH 100/162] Create tmas_workflow

---
 .github/workflows/tmas_workflow | 73 +++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 .github/workflows/tmas_workflow

diff --git a/.github/workflows/tmas_workflow b/.github/workflows/tmas_workflow
new file mode 100644
index 0000000..65e7290
--- /dev/null
+++ b/.github/workflows/tmas_workflow
@@ -0,0 +1,73 @@
+name: Trend Vision Artifact Scanner
+on: 
+  push:
+    branches: 
+      - master
+permissions:
+  id-token: write
+  contents: read
+jobs:
+    ArtifactScanner:
+      runs-on: ubuntu-latest
+      environment: DockerRegistry
+      steps:
+        - name: Git clone the repository
+          uses: actions/checkout@v3
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@v2
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v2
+        - name: Login to Docker Hub
+          uses: docker/login-action@v2
+          with:
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        - name: Build and push
+          uses: docker/build-push-action@v4
+          with:
+            push: true
+            tags: xniapdev/django-app:45
+        #- name: Sts GetCallerIdentity
+        #  run: |
+        #    aws sts get-caller-identity
+        #- name: Login to Amazon ECR
+        #  id: login-ecr
+        #  uses: aws-actions/amazon-ecr-login@v1
+        #- name: Build, tag, and push image to Amazon ECR
+        #  env:
+        #    ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        #    ECR_REPOSITORY: oc_registry
+        #    IMAGE_TAG: latest
+        #  run: |
+        #    docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+        #    docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        - name: Trend Cloud One Container Security Scan Action
+          uses: trendmicro/cloudone-container-security-github-action@1.0.8
+          with:
+              # Mandatory
+              CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
+              REGION: us-1
+              # Optional
+              SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
+              IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
+              # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
+              MAX_TOTAL: 1000
+              MAX_CRITICAL: 500
+              MAX_HIGH: 500
+              MAX_MEDIUM: 500
+              MAX_LOW: 500
+              MAX_NEGLIGIBLE: 500
+              MAX_UNKNOWN: 500
+              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
+        - name: 'Upload Scan Result Artifact'
+          uses: actions/upload-artifact@v3
+          with:
+            name: scan-result
+            path: result.json
+            retention-days: 30
+        - name: 'Upload SBOM Artifact'
+          uses: actions/upload-artifact@v3
+          with:
+            name: sbom
+            path: SBOM.json
+            retention-days: 30

From b0e45feb29ceb4d709b6dbae4e4f1ea2000b15c0 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 14:07:25 -0600
Subject: [PATCH 101/162] newPipeline

---
 .github/workflows/tmas_workflow | 67 +++++++++++++++++++++------------
 1 file changed, 42 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/tmas_workflow b/.github/workflows/tmas_workflow
index 65e7290..ca49122 100644
--- a/.github/workflows/tmas_workflow
+++ b/.github/workflows/tmas_workflow
@@ -6,8 +6,13 @@ on:
 permissions:
   id-token: write
   contents: read
+
+env:
+  IMAGE_NAME: ${{ github.repository }}
+  
+
 jobs:
-    ArtifactScanner:
+    BuildImage:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
@@ -17,37 +22,49 @@ jobs:
           uses: docker/setup-qemu-action@v2
         - name: Set up Docker Buildx
           uses: docker/setup-buildx-action@v2
-        - name: Login to Docker Hub
-          uses: docker/login-action@v2
+        - name: Docker meta
+          id: meta
+          uses: docker/metadata-action@v5
           with:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
+            images: |
+              demo-app/app
+              ghcr.io/xeniap/demo-app            
+            # generate Docker tags based on the following events/attributes
+            tags: |
+              type=schedule
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern={{version}}
+              type=semver,pattern={{major}}.{{minor}}
+              type=semver,pattern={{major}}
+              type=sha 
+    PushImagetoRegistry:
+      runs-on: ubuntu-latest
+      environment: DockerRegistry
+      steps:
+        - name: Login to GitHub Container Registry
+          uses: docker/login-action@v3
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
         - name: Build and push
-          uses: docker/build-push-action@v4
+          uses: docker/build-push-action@v5
           with:
+            context: .
             push: true
-            tags: xniapdev/django-app:45
-        #- name: Sts GetCallerIdentity
-        #  run: |
-        #    aws sts get-caller-identity
-        #- name: Login to Amazon ECR
-        #  id: login-ecr
-        #  uses: aws-actions/amazon-ecr-login@v1
-        #- name: Build, tag, and push image to Amazon ECR
-        #  env:
-        #    ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        #    ECR_REPOSITORY: oc_registry
-        #    IMAGE_TAG: latest
-        #  run: |
-        #    docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-        #    docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+            tags: ${{ steps.meta.outputs.tags }}
+            labels: ${{ steps.meta.outputs.labels }}
+    TrendMicroArtifactScan:
+      runs-on: ubuntu-latest
+      environment: DockerRegistry
+      steps:
         - name: Trend Cloud One Container Security Scan Action
-          uses: trendmicro/cloudone-container-security-github-action@1.0.8
+          uses: trendmicro/cloudone-container-security-github-action@1.0.10
           with:
               # Mandatory
-              CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
-              REGION: us-1
-              # Optional
+              TMAS_API_KEY: ${{ secrets.API_KEY }}
+              REGION: us-east-1
               SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
               IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
               # For each threshold below, select the maximum number of vulnerabilities that are acceptable.

From 208dcda5d13c1f6be3868bd55bc2644563bb0b31 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 14:09:35 -0600
Subject: [PATCH 102/162] newPipeline

---
 {.github/workflows => backup}/dssc-workload.yml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename {.github/workflows => backup}/dssc-workload.yml (100%)

diff --git a/.github/workflows/dssc-workload.yml b/backup/dssc-workload.yml
similarity index 100%
rename from .github/workflows/dssc-workload.yml
rename to backup/dssc-workload.yml

From e3c23f162dbf8166f621153d4b1ddf816eac24a1 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 14:11:53 -0600
Subject: [PATCH 103/162] newPipeline

---
 .github/workflows/{tmas_workflow => tmas_workflow.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{tmas_workflow => tmas_workflow.yml} (100%)

diff --git a/.github/workflows/tmas_workflow b/.github/workflows/tmas_workflow.yml
similarity index 100%
rename from .github/workflows/tmas_workflow
rename to .github/workflows/tmas_workflow.yml

From 15db2b82c00653b8de49a1488c430965a3c843c4 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 14:13:47 -0600
Subject: [PATCH 104/162] newPipeline

---
 .github/workflows/tmas_workflow.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index ca49122..578ca14 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -18,10 +18,6 @@ jobs:
       steps:
         - name: Git clone the repository
           uses: actions/checkout@v3
-        - name: Set up QEMU
-          uses: docker/setup-qemu-action@v2
-        - name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v2
         - name: Docker meta
           id: meta
           uses: docker/metadata-action@v5
@@ -37,7 +33,11 @@ jobs:
               type=semver,pattern={{version}}
               type=semver,pattern={{major}}.{{minor}}
               type=semver,pattern={{major}}
-              type=sha 
+              type=sha
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@v2
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v2 
     PushImagetoRegistry:
       runs-on: ubuntu-latest
       environment: DockerRegistry

From e7813829db8966696d26070a6265748fe1d1425d Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 15:10:38 -0600
Subject: [PATCH 105/162] newPipeline

---
 .github/workflows/tmas_workflow.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 578ca14..2424695 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -41,6 +41,7 @@ jobs:
     PushImagetoRegistry:
       runs-on: ubuntu-latest
       environment: DockerRegistry
+      needs: [BuildImage]
       steps:
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v3
@@ -58,6 +59,7 @@ jobs:
     TrendMicroArtifactScan:
       runs-on: ubuntu-latest
       environment: DockerRegistry
+      needs: [PushImagetoRegistry]
       steps:
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.10

From 893d5b9390ceb10388f1fd28c6a25539ca88fffd Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 15:13:34 -0600
Subject: [PATCH 106/162] newPipeline

---
 .github/workflows/tmas_workflow.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 2424695..c48b48f 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -17,14 +17,14 @@ jobs:
       environment: DockerRegistry
       steps:
         - name: Git clone the repository
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
         - name: Docker meta
           id: meta
           uses: docker/metadata-action@v5
           with:
             images: |
-              demo-app/app
-              ghcr.io/xeniap/demo-app            
+              name/app
+              ghcr.io/username/app    
             # generate Docker tags based on the following events/attributes
             tags: |
               type=schedule
@@ -35,9 +35,9 @@ jobs:
               type=semver,pattern={{major}}
               type=sha
         - name: Set up QEMU
-          uses: docker/setup-qemu-action@v2
+          uses: docker/setup-qemu-action@v3
         - name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v2 
+          uses: docker/setup-buildx-action@v3 
     PushImagetoRegistry:
       runs-on: ubuntu-latest
       environment: DockerRegistry

From cc2b7036ef4966ced33c651c3bdccf483d6ad1be Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Mon, 8 Jan 2024 15:17:16 -0600
Subject: [PATCH 107/162] newPipeline

---
 .github/workflows/tmas_workflow.yml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index c48b48f..81980b6 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -12,7 +12,7 @@ env:
   
 
 jobs:
-    BuildImage:
+    BuildPushImage:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
@@ -37,12 +37,7 @@ jobs:
         - name: Set up QEMU
           uses: docker/setup-qemu-action@v3
         - name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v3 
-    PushImagetoRegistry:
-      runs-on: ubuntu-latest
-      environment: DockerRegistry
-      needs: [BuildImage]
-      steps:
+          uses: docker/setup-buildx-action@v3
         - name: Login to GitHub Container Registry
           uses: docker/login-action@v3
           with:
@@ -59,7 +54,7 @@ jobs:
     TrendMicroArtifactScan:
       runs-on: ubuntu-latest
       environment: DockerRegistry
-      needs: [PushImagetoRegistry]
+      needs: [BuildPushImage]
       steps:
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.10

From 3cb64302d50d215e9e1e12c0f04d90743abca716 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 16:51:45 -0600
Subject: [PATCH 108/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 81980b6..caf71c3 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -49,8 +49,8 @@ jobs:
           with:
             context: .
             push: true
-            tags: ${{ steps.meta.outputs.tags }}
-            labels: ${{ steps.meta.outputs.labels }}
+            tags: ghcr.io/${{ github.repository_owner }}
+            #labels: ${{ steps.meta.outputs.labels }}
     TrendMicroArtifactScan:
       runs-on: ubuntu-latest
       environment: DockerRegistry

From 25d83ecb4fd268a914c514ba0a9d586e640fb6bc Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 16:54:53 -0600
Subject: [PATCH 109/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 63 +++++++++++++----------------
 1 file changed, 28 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index caf71c3..779bb0b 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -16,41 +16,34 @@ jobs:
       runs-on: ubuntu-latest
       environment: DockerRegistry
       steps:
-        - name: Git clone the repository
-          uses: actions/checkout@v4
-        - name: Docker meta
-          id: meta
-          uses: docker/metadata-action@v5
-          with:
-            images: |
-              name/app
-              ghcr.io/username/app    
-            # generate Docker tags based on the following events/attributes
-            tags: |
-              type=schedule
-              type=ref,event=branch
-              type=ref,event=pr
-              type=semver,pattern={{version}}
-              type=semver,pattern={{major}}.{{minor}}
-              type=semver,pattern={{major}}
-              type=sha
-        - name: Set up QEMU
-          uses: docker/setup-qemu-action@v3
-        - name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v3
-        - name: Login to GitHub Container Registry
-          uses: docker/login-action@v3
-          with:
-            registry: ghcr.io
-            username: ${{ github.repository_owner }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-        - name: Build and push
-          uses: docker/build-push-action@v5
-          with:
-            context: .
-            push: true
-            tags: ghcr.io/${{ github.repository_owner }}
-            #labels: ${{ steps.meta.outputs.labels }}
+        - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: |
+            my-docker-hub-namespace/my-docker-hub-repository
+            ghcr.io/${{ github.repository }}
+      
+      - name: Build and push Docker images
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
     TrendMicroArtifactScan:
       runs-on: ubuntu-latest
       environment: DockerRegistry

From 44149fe38f206a1c6f2e8098b55e3e3787aad527 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 16:56:57 -0600
Subject: [PATCH 110/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 49 +++++++++++++----------------
 1 file changed, 22 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 779bb0b..f124b39 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -22,33 +22,28 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: |
-            my-docker-hub-namespace/my-docker-hub-repository
-            ghcr.io/${{ github.repository }}
-      
-      - name: Build and push Docker images
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-    TrendMicroArtifactScan:
-      runs-on: ubuntu-latest
-      environment: DockerRegistry
-      needs: [BuildPushImage]
-      steps:
+        - name: Log in to the Container registry
+          uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+          with:
+            registry: ghcr.io
+            username: ${{ github.actor }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        
+        - name: Extract metadata (tags, labels) for Docker
+          id: meta
+          uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+          with:
+            images: |
+              my-docker-hub-namespace/my-docker-hub-repository
+              ghcr.io/${{ github.repository }}
+        
+        - name: Build and push Docker images
+          uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+          with:
+            context: .
+            push: true
+            tags: ${{ steps.meta.outputs.tags }}
+            labels: ${{ steps.meta.outputs.labels }}
         - name: Trend Cloud One Container Security Scan Action
           uses: trendmicro/cloudone-container-security-github-action@1.0.10
           with:

From 80e26d418c6640060422b77a88dc2e59b1ec4401 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 16:57:55 -0600
Subject: [PATCH 111/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index f124b39..58b8151 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -17,10 +17,10 @@ jobs:
       environment: DockerRegistry
       steps:
         - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+          with:
+            username: ${{ secrets.DOCKER_USERNAME }}
+            password: ${{ secrets.DOCKER_PASSWORD }}
       
         - name: Log in to the Container registry
           uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1

From 0e22ca77e9046d81cca1005b6346b0c897360b29 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 16:59:58 -0600
Subject: [PATCH 112/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 121 ++++++++++++----------------
 1 file changed, 50 insertions(+), 71 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 58b8151..79f7191 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -1,75 +1,54 @@
-name: Trend Vision Artifact Scanner
-on: 
-  push:
-    branches: 
-      - master
-permissions:
-  id-token: write
-  contents: read
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
 
-env:
-  IMAGE_NAME: ${{ github.repository }}
-  
+# GitHub recommends pinning actions to a commit SHA.
+# To get a newer version, you will need to update the SHA.
+# You can also reference a tag or branch, but the action may change without warning.
+
+name: Publish Docker image
+
+on:
+  release:
+    types: [published]
 
 jobs:
-    BuildPushImage:
-      runs-on: ubuntu-latest
-      environment: DockerRegistry
-      steps:
-        - name: Log in to Docker Hub
-          uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
-          with:
-            username: ${{ secrets.DOCKER_USERNAME }}
-            password: ${{ secrets.DOCKER_PASSWORD }}
+  push_to_registries:
+    name: Push Docker image to multiple registries
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: |
+            my-docker-hub-namespace/my-docker-hub-repository
+            ghcr.io/${{ github.repository }}
       
-        - name: Log in to the Container registry
-          uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-          with:
-            registry: ghcr.io
-            username: ${{ github.actor }}
-            password: ${{ secrets.GITHUB_TOKEN }}
-        
-        - name: Extract metadata (tags, labels) for Docker
-          id: meta
-          uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-          with:
-            images: |
-              my-docker-hub-namespace/my-docker-hub-repository
-              ghcr.io/${{ github.repository }}
-        
-        - name: Build and push Docker images
-          uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
-          with:
-            context: .
-            push: true
-            tags: ${{ steps.meta.outputs.tags }}
-            labels: ${{ steps.meta.outputs.labels }}
-        - name: Trend Cloud One Container Security Scan Action
-          uses: trendmicro/cloudone-container-security-github-action@1.0.10
-          with:
-              # Mandatory
-              TMAS_API_KEY: ${{ secrets.API_KEY }}
-              REGION: us-east-1
-              SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
-              IMAGE: xniapdev/django-app:45 # The image need to be public or the pipeline need to have access to the private image of choice.
-              # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
-              MAX_TOTAL: 1000
-              MAX_CRITICAL: 500
-              MAX_HIGH: 500
-              MAX_MEDIUM: 500
-              MAX_LOW: 500
-              MAX_NEGLIGIBLE: 500
-              MAX_UNKNOWN: 500
-              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
-        - name: 'Upload Scan Result Artifact'
-          uses: actions/upload-artifact@v3
-          with:
-            name: scan-result
-            path: result.json
-            retention-days: 30
-        - name: 'Upload SBOM Artifact'
-          uses: actions/upload-artifact@v3
-          with:
-            name: sbom
-            path: SBOM.json
-            retention-days: 30
+      - name: Build and push Docker images
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

From 92511d658f83dd6049f8434b58c32f8b4cc5993b Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 17:02:44 -0600
Subject: [PATCH 113/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 79f7191..3fb7410 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -27,8 +27,8 @@ jobs:
       - name: Log in to Docker Hub
         uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
@@ -42,7 +42,6 @@ jobs:
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: |
-            my-docker-hub-namespace/my-docker-hub-repository
             ghcr.io/${{ github.repository }}
       
       - name: Build and push Docker images

From 47b3aeb6397c1b4d99cea29a420bc17ff6307007 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:24:26 -0600
Subject: [PATCH 114/162] Test

---
 .github/workflows/tmas_workflow.yml | 35 ++++++-----------------------
 1 file changed, 7 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 3fb7410..b731335 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -21,33 +21,12 @@ jobs:
       packages: write
       contents: read
     steps:
-      - name: Check out the repo
-        uses: actions/checkout@v4
-      
-      - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@main
+
+      - name: 'Login to GitHub Container Registry'
+        uses: docker/login-action@v1
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: |
-            ghcr.io/${{ github.repository }}
-      
-      - name: Build and push Docker images
-        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}

From 6faa8e50e02d1cf7366d0034a525c8ec8f97c22f Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:25:36 -0600
Subject: [PATCH 115/162] Test

---
 .github/workflows/tmas_workflow.yml | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index b731335..06b0b1f 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -1,17 +1,9 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# GitHub recommends pinning actions to a commit SHA.
-# To get a newer version, you will need to update the SHA.
-# You can also reference a tag or branch, but the action may change without warning.
-
 name: Publish Docker image
 
-on:
-  release:
-    types: [published]
+on: 
+  push:
+    branches: 
+      - master
 
 jobs:
   push_to_registries:

From d61185084ad042767b13a6f1ae0d6bb8ab1c3140 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:28:06 -0600
Subject: [PATCH 116/162] Test

---
 .github/workflows/tmas_workflow.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 06b0b1f..6fa4157 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -17,8 +17,14 @@ jobs:
         uses: actions/checkout@main
 
       - name: 'Login to GitHub Container Registry'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{github.actor}}
           password: ${{secrets.GITHUB_TOKEN}}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          context: image/
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/texlive:latest

From f330fa7cc80a61f63a2070b2e0cd9a4fb7c26d27 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:30:55 -0600
Subject: [PATCH 117/162] Test

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 6fa4157..5ba58f5 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -27,4 +27,4 @@ jobs:
         with:
           context: image/
           push: true
-          tags: ghcr.io/${{ github.repository_owner }}/texlive:latest
+          tags: ghcr.io/user/texlive:latest

From c31cee0b80ccd274e7c9b6e0ba7a6cfac060d379 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:33:51 -0600
Subject: [PATCH 118/162] Test

---
 .github/workflows/tmas_workflow.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 5ba58f5..ca883d9 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -22,9 +22,14 @@ jobs:
           registry: ghcr.io
           username: ${{github.actor}}
           password: ${{secrets.GITHUB_TOKEN}}
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v5
         with:
-          context: image/
+          context: .
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: ghcr.io/user/texlive:latest
+          tags: |
+            user/app:latest
+            user/app:1.0.0
+            ghcr.io/user/app:latest
+            ghcr.io/user/app:1.0.0 

From ce134db59c776c8eee54391750d25dbff3c17593 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:35:05 -0600
Subject: [PATCH 119/162] Test

---
 .github/workflows/tmas_workflow.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index ca883d9..52294b8 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -26,7 +26,6 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
           push: true
           tags: |
             user/app:latest

From cae18db600d20f9ff6154aa522d4b02690aeab16 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:38:52 -0600
Subject: [PATCH 120/162] Test

---
 .github/workflows/tmas_workflow.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 52294b8..888ceb4 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -28,7 +28,5 @@ jobs:
           context: .
           push: true
           tags: |
-            user/app:latest
-            user/app:1.0.0
             ghcr.io/user/app:latest
             ghcr.io/user/app:1.0.0 

From f8904c78e86e1ac647a80ceefb10f1736e4a744c Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 16 Jan 2024 17:40:02 -0600
Subject: [PATCH 121/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index ca883d9..888ceb4 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -26,10 +26,7 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
           push: true
           tags: |
-            user/app:latest
-            user/app:1.0.0
             ghcr.io/user/app:latest
             ghcr.io/user/app:1.0.0 

From 05ea926769965826466a445b368fbc8c0df257d5 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:47:35 -0600
Subject: [PATCH 122/162] Test

---
 .github/workflows/tmas_workflow.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 888ceb4..604ac67 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -22,11 +22,15 @@ jobs:
           registry: ghcr.io
           username: ${{github.actor}}
           password: ${{secrets.GITHUB_TOKEN}}
-      - name: Build and push
-        uses: docker/build-push-action@v5
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
         with:
           context: .
           push: true
-          tags: |
-            ghcr.io/user/app:latest
-            ghcr.io/user/app:1.0.0 
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

From 46daaa335339513dc8219a3fee19b5ac315e4dfa Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:52:34 -0600
Subject: [PATCH 123/162] Test

---
 .github/workflows/tmas_workflow.yml | 33 +++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 6b8a838..aa5e9e1 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -17,7 +17,6 @@ jobs:
     steps:
       - name: 'Checkout GitHub Action'
         uses: actions/checkout@main
-
       - name: 'Login to GitHub Container Registry'
         uses: docker/login-action@v3
         with:
@@ -35,4 +34,34 @@ jobs:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Trend Cloud One Container Security Scan Action
+          uses: trendmicro/cloudone-container-security-github-action@1.0.8
+          with:
+              # Mandatory
+              CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
+              REGION: us-1
+              # Optional
+              SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
+              IMAGE: ${{ steps.meta.outputs.tags }} # The image need to be public or the pipeline need to have access to the private image of choice.
+              # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
+              MAX_TOTAL: 1000
+              MAX_CRITICAL: 500
+              MAX_HIGH: 500
+              MAX_MEDIUM: 500
+              MAX_LOW: 500
+              MAX_NEGLIGIBLE: 500
+              MAX_UNKNOWN: 500
+              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
+      - name: 'Upload Scan Result Artifact'
+        uses: actions/upload-artifact@v3
+        with:
+          name: scan-result
+          path: result.json
+          retention-days: 30
+      - name: 'Upload SBOM Artifact'
+        uses: actions/upload-artifact@v3
+        with:
+          name: sbom
+          path: SBOM.json
+          retention-days: 30
\ No newline at end of file

From b9c64af13b5b10b0a253f4c347d701e7f9ef264e Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:53:18 -0600
Subject: [PATCH 124/162] Test

---
 .github/workflows/tmas_workflow.yml | 34 ++++++++++++++---------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index aa5e9e1..813219b 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -36,23 +36,23 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Trend Cloud One Container Security Scan Action
-          uses: trendmicro/cloudone-container-security-github-action@1.0.8
-          with:
-              # Mandatory
-              CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
-              REGION: us-1
-              # Optional
-              SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
-              IMAGE: ${{ steps.meta.outputs.tags }} # The image need to be public or the pipeline need to have access to the private image of choice.
-              # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
-              MAX_TOTAL: 1000
-              MAX_CRITICAL: 500
-              MAX_HIGH: 500
-              MAX_MEDIUM: 500
-              MAX_LOW: 500
-              MAX_NEGLIGIBLE: 500
-              MAX_UNKNOWN: 500
-              SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
+        uses: trendmicro/cloudone-container-security-github-action@1.0.8
+        with:
+            # Mandatory
+            CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
+            REGION: us-1
+            # Optional
+            SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
+            IMAGE: ${{ steps.meta.outputs.tags }} # The image need to be public or the pipeline need to have access to the private image of choice.
+            # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
+            MAX_TOTAL: 1000
+            MAX_CRITICAL: 500
+            MAX_HIGH: 500
+            MAX_MEDIUM: 500
+            MAX_LOW: 500
+            MAX_NEGLIGIBLE: 500
+            MAX_UNKNOWN: 500
+            SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v3
         with:

From d5259304ce68738439ef7d5f74aa42aab37dcb46 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:55:29 -0600
Subject: [PATCH 125/162] Test

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 813219b..f15b0d9 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -36,7 +36,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Trend Cloud One Container Security Scan Action
-        uses: trendmicro/cloudone-container-security-github-action@1.0.8
+        uses: trendmicro/tmas-scan-action@1.0.10
         with:
             # Mandatory
             CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}

From de148687533b4bc773a7a9c05cbad5f275ef157e Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 17:58:20 -0600
Subject: [PATCH 126/162] Test

---
 .github/workflows/tmas_workflow.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index f15b0d9..0bb8c26 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -39,12 +39,13 @@ jobs:
         uses: trendmicro/tmas-scan-action@1.0.10
         with:
             # Mandatory
-            CLOUD_ONE_API_KEY: ${{ secrets.API_KEY }}
+            TMAS_API_KEY: ${{ secrets.API_KEY }}
             REGION: us-1
             # Optional
             SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
             IMAGE: ${{ steps.meta.outputs.tags }} # The image need to be public or the pipeline need to have access to the private image of choice.
             # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
+            MALWARE_SCAN: true
             MAX_TOTAL: 1000
             MAX_CRITICAL: 500
             MAX_HIGH: 500

From 442611c0984ad093b0510a260dcd79aabddaf603 Mon Sep 17 00:00:00 2001
From: "Yessenia Becerra (SE-NA)" 
Date: Tue, 16 Jan 2024 18:01:36 -0600
Subject: [PATCH 127/162] Test

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 0bb8c26..1769ddf 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -44,7 +44,7 @@ jobs:
             # Optional
             SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
             IMAGE: ${{ steps.meta.outputs.tags }} # The image need to be public or the pipeline need to have access to the private image of choice.
-            # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
+            LOCAL_IMAGE_TARBALL: image.tar # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
             MALWARE_SCAN: true
             MAX_TOTAL: 1000
             MAX_CRITICAL: 500

From efa37bbca269200ecdc03b828c4a887752abef24 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 23 Jan 2024 11:25:41 -0600
Subject: [PATCH 128/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 559f201..fa5f956 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -47,11 +47,17 @@ stages:
           destinationFolder: 'tmas-cli'
           cleanDestinationFolder: true
           overwriteExistingFiles: true
+      - task: Bash@3
+        displayName: Save Docker Image
+        inputs:
+          targetType: 'inline'
+          script: |
+            docker save $(imageName):$(tag) -o $(Pipeline.Workspace)/image.tar
       - task: Bash@3
         displayName: "Scan from Registry to Json"
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan registry:$(imageName):$(tag) --malwareScan --saveSBOM --platform linux/amd64 > result.json
+          script: ./tmas-cli/tmas scan docker-archive:$(Pipeline.Workspace)/image.tar --malwareScan --saveSBOM > result.json
         env:
           TMAS_API_KEY: $(apikey)
       

From 47c81aca62af15a38387269e16be7fa874b6137b Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 23 Jan 2024 17:00:12 -0600
Subject: [PATCH 129/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index fa5f956..27046aa 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -52,12 +52,12 @@ stages:
         inputs:
           targetType: 'inline'
           script: |
-            docker save $(imageName):$(tag) -o $(Pipeline.Workspace)/image.tar
+            docker save $(imageName):$(tag) -o image.tar
       - task: Bash@3
         displayName: "Scan from Registry to Json"
         inputs:
           targetType: 'inline'
-          script: ./tmas-cli/tmas scan docker-archive:$(Pipeline.Workspace)/image.tar --malwareScan --saveSBOM > result.json
+          script: ./tmas-cli/tmas scan docker-archive:image.tar --malwareScan --saveSBOM > result.json
         env:
           TMAS_API_KEY: $(apikey)
       

From 9a5f57a8a6fbfbe0def0f16e57c7417c38419a1d Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Tue, 23 Jan 2024 18:59:19 -0600
Subject: [PATCH 130/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 62 ++++++++++++++++++++-------------------------
 1 file changed, 27 insertions(+), 35 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 27046aa..550bb0f 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -29,38 +29,30 @@ stages:
         repository: $(imageName)
         command: 'buildAndPush'
         Dockerfile: '**/Dockerfile'
-- stage: Scan
-  displayName: Trend Micro Artifact Scanner
-  jobs:
-    - job: Image_Scan
-      displayName: Image Scan
-      pool:
-        vmImage: ubuntu-latest
-      steps:
-      - script: |
-          tar --version
-          wget https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
-        displayName: Get Latest Version of TMAS
-      - task: ExtractFiles@1
-        inputs:
-          archiveFilePatterns: '**/tmas-cli_Linux_x86_64.tar.gz'
-          destinationFolder: 'tmas-cli'
-          cleanDestinationFolder: true
-          overwriteExistingFiles: true
-      - task: Bash@3
-        displayName: Save Docker Image
-        inputs:
-          targetType: 'inline'
-          script: |
-            docker save $(imageName):$(tag) -o image.tar
-      - task: Bash@3
-        displayName: "Scan from Registry to Json"
-        inputs:
-          targetType: 'inline'
-          script: ./tmas-cli/tmas scan docker-archive:image.tar --malwareScan --saveSBOM > result.json
-        env:
-          TMAS_API_KEY: $(apikey)
-      
-      - publish: 'result.json'
-        displayName: 'Publish json'
-        artifact: drop
\ No newline at end of file
+    - script: |
+        tar --version
+        wget https://cli.artifactscan.cloudone.trendmicro.com/tmas-cli/latest/tmas-cli_Linux_x86_64.tar.gz
+      displayName: Get Latest Version of TMAS
+    - task: ExtractFiles@1
+      inputs:
+        archiveFilePatterns: '**/tmas-cli_Linux_x86_64.tar.gz'
+        destinationFolder: 'tmas-cli'
+        cleanDestinationFolder: true
+        overwriteExistingFiles: true
+    - task: Bash@3
+      displayName: Save Docker Image
+      inputs:
+        targetType: 'inline'
+        script: |
+          docker save $(imageName):$(tag) -o image.tar
+    - task: Bash@3
+      displayName: "Scan from Registry to Json"
+      inputs:
+        targetType: 'inline'
+        script: ./tmas-cli/tmas scan docker-archive:image.tar --malwareScan --saveSBOM > result.json
+      env:
+        TMAS_API_KEY: $(apikey)
+    
+    - publish: 'result.json'
+      displayName: 'Publish json'
+      artifact: drop
\ No newline at end of file

From 9a5f68c51eea47147d0dc18052d37cea2d23ae65 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Sun, 28 Jan 2024 21:17:52 -0600
Subject: [PATCH 131/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 550bb0f..da7127b 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -4,6 +4,7 @@
 
 trigger:
 - master
+- zookeeper
 
 resources:
 - repo: self

From 159ad89eab89e584689f55f9da91091a876fb493 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 30 May 2024 21:40:19 -0600
Subject: [PATCH 132/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index da7127b..3af369c 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -50,7 +50,7 @@ stages:
       displayName: "Scan from Registry to Json"
       inputs:
         targetType: 'inline'
-        script: ./tmas-cli/tmas scan docker-archive:image.tar --malwareScan --saveSBOM > result.json
+        script: ./tmas-cli/tmas scan secrets docker-archive:image.tar --malwareScan --saveSBOM > result.json
       env:
         TMAS_API_KEY: $(apikey)
     

From 2a3ba896060ec58a5a08f327ad307dd8d72fa34a Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 30 May 2024 21:49:25 -0600
Subject: [PATCH 133/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 3af369c..f496e98 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -50,10 +50,20 @@ stages:
       displayName: "Scan from Registry to Json"
       inputs:
         targetType: 'inline'
-        script: ./tmas-cli/tmas scan secrets docker-archive:image.tar --malwareScan --saveSBOM > result.json
+        script: ./tmas-cli/tmas scan docker-archive:image.tar --malwareScan --saveSBOM > result.json
       env:
         TMAS_API_KEY: $(apikey)
-    
+    - task: Bash@3
+      displayName: "Scan from Registry to Json"
+      inputs:
+        targetType: 'inline'
+        script: ./tmas-cli/tmas scan secrets docker-archive:image.tar > resultSecrets.json
+      env:
+        TMAS_API_KEY: $(apikey)
+
     - publish: 'result.json'
+      displayName: 'Publish json'
+      artifact: drop
+    - publish: 'resultSecrets.json'
       displayName: 'Publish json'
       artifact: drop
\ No newline at end of file

From 277da24807d14d3eabf8e2d0458c67cbe1d392c5 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 30 May 2024 21:54:22 -0600
Subject: [PATCH 134/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index f496e98..2556372 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -61,9 +61,6 @@ stages:
       env:
         TMAS_API_KEY: $(apikey)
 
-    - publish: 'result.json'
-      displayName: 'Publish json'
-      artifact: drop
     - publish: 'resultSecrets.json'
       displayName: 'Publish json'
       artifact: drop
\ No newline at end of file

From 9682bf966638d8f608f0b002dceaf68c7aeb7877 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 30 May 2024 22:07:11 -0600
Subject: [PATCH 135/162] Update ImportantFile.txt

---
 ImportantFile.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ImportantFile.txt b/ImportantFile.txt
index e1bea2c..2789b34 100644
--- a/ImportantFile.txt
+++ b/ImportantFile.txt
@@ -4,4 +4,7 @@ Card Number	Card Type	Issuing Country	Expiry Date	CVV2/CVC3
 8171 9999 2766 0000	10/2030	737	CN
 8171 9999 0000 0000 021	10/2030	737	CN
 6243 0300 0000 0001	12/2029	737	CN
-6250946000000016	12/2033	123	111111	+85211112222
\ No newline at end of file
+6250946000000016	12/2033	123	111111	+85211112222
+
+
+password: 123141231

From 36c132d2eaa3d924f053c98f795c77cdfbc2ecf7 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Fri, 31 May 2024 09:08:07 -0600
Subject: [PATCH 136/162] Update ImportantFile.txt

---
 ImportantFile.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ImportantFile.txt b/ImportantFile.txt
index 2789b34..9c282ab 100644
--- a/ImportantFile.txt
+++ b/ImportantFile.txt
@@ -7,4 +7,4 @@ Card Number	Card Type	Issuing Country	Expiry Date	CVV2/CVC3
 6250946000000016	12/2033	123	111111	+85211112222
 
 
-password: 123141231
+dbpassword=123141231

From caa3f16230213961ec6930af0bc07422d1003366 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 8 Aug 2024 21:30:48 -0600
Subject: [PATCH 137/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 2556372..8250e5a 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -50,7 +50,7 @@ stages:
       displayName: "Scan from Registry to Json"
       inputs:
         targetType: 'inline'
-        script: ./tmas-cli/tmas scan docker-archive:image.tar --malwareScan --saveSBOM > result.json
+        script: ./tmas-cli/tmas scan docker-archive:image.tar -VMS --saveSBOM > result.json
       env:
         TMAS_API_KEY: $(apikey)
     - task: Bash@3

From 7f678b8ed7cfa9de7396258bd93b69cee0a2948a Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 8 Aug 2024 21:40:11 -0600
Subject: [PATCH 138/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 8250e5a..e4bab09 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -45,22 +45,14 @@ stages:
       inputs:
         targetType: 'inline'
         script: |
-          docker save $(imageName):$(tag) -o image.tar
+          docker save $(imageName):$(tag) -o $(imageName).tar
     - task: Bash@3
       displayName: "Scan from Registry to Json"
       inputs:
         targetType: 'inline'
-        script: ./tmas-cli/tmas scan docker-archive:image.tar -VMS --saveSBOM > result.json
+        script: ./tmas-cli/tmas scan docker-archive:$(imageName).tar -VMS --saveSBOM > result.json
       env:
         TMAS_API_KEY: $(apikey)
-    - task: Bash@3
-      displayName: "Scan from Registry to Json"
-      inputs:
-        targetType: 'inline'
-        script: ./tmas-cli/tmas scan secrets docker-archive:image.tar > resultSecrets.json
-      env:
-        TMAS_API_KEY: $(apikey)
-
-    - publish: 'resultSecrets.json'
+    - publish: 'result.json'
       displayName: 'Publish json'
       artifact: drop
\ No newline at end of file

From 479153dfd1281b199eaf1bcf2d750253e294df66 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 8 Aug 2024 21:49:57 -0600
Subject: [PATCH 139/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index e4bab09..1fb2757 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -10,7 +10,8 @@ resources:
 - repo: self
 
 variables:
-  imageName: 'xniapdev/django-app'
+  repositoryName: 'xniapdev'
+  imageName: 'django-app'
   tag: '$(Build.BuildId)'
   apikey: '$(v1apikey)'
   nombre-reporte: 'reporte_vulnerabilidades-$(imageName).xlsx'
@@ -27,7 +28,7 @@ stages:
     - task: Docker@2
       inputs:
         containerRegistry: 'dockerhub'
-        repository: $(imageName)
+        repository: $(xniapdev)/$(imageName)
         command: 'buildAndPush'
         Dockerfile: '**/Dockerfile'
     - script: |

From 1690d24c5bd8473cc9e745d8203640d9c758a8fb Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 8 Aug 2024 21:53:23 -0600
Subject: [PATCH 140/162] Update azure-pipelines.yml for Azure Pipelines

---
 azure-pipelines.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 1fb2757..9ad0888 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -28,7 +28,7 @@ stages:
     - task: Docker@2
       inputs:
         containerRegistry: 'dockerhub'
-        repository: $(xniapdev)/$(imageName)
+        repository: $(repositoryName)/$(imageName)
         command: 'buildAndPush'
         Dockerfile: '**/Dockerfile'
     - script: |

From 93f0cfce9a9eb9f1fb073d9020ef804124fce7e4 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Fri, 14 Feb 2025 08:53:15 -0600
Subject: [PATCH 141/162] Uptate TMAS version

---
 .github/workflows/tmas_workflow.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 1769ddf..da40770 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -35,8 +35,8 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: Trend Cloud One Container Security Scan Action
-        uses: trendmicro/tmas-scan-action@1.0.10
+      - name: TMAS Scan Action
+        uses: trendmicro/tmas-scan-action@1.0.11
         with:
             # Mandatory
             TMAS_API_KEY: ${{ secrets.API_KEY }}
@@ -65,4 +65,4 @@ jobs:
         with:
           name: sbom
           path: SBOM.json
-          retention-days: 30
\ No newline at end of file
+          retention-days: 30

From e9f09ae17abaa75618c4d37bd2744cc0f09a53fd Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Fri, 14 Feb 2025 08:56:30 -0600
Subject: [PATCH 142/162] Update upload artifact

Update upload-artifact version from V3 to V4 to solve deprecated libraries and functionalities
---
 .github/workflows/tmas_workflow.yml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index da40770..be85570 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -55,14 +55,8 @@ jobs:
             MAX_UNKNOWN: 500
             SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
       - name: 'Upload Scan Result Artifact'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: scan-result
           path: result.json
           retention-days: 30
-      - name: 'Upload SBOM Artifact'
-        uses: actions/upload-artifact@v3
-        with:
-          name: sbom
-          path: SBOM.json
-          retention-days: 30

From 4a6d5a082ceecf444fdedba692e5f6aa4ccc8df1 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 8 May 2025 03:18:31 -0600
Subject: [PATCH 143/162] Create deployment.yaml

---
 deployment.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 deployment.yaml

diff --git a/deployment.yaml b/deployment.yaml
new file mode 100644
index 0000000..fcbb44f
--- /dev/null
+++ b/deployment.yaml
@@ -0,0 +1,16 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: demoapp-deployment
+spec:
+  selector:
+    matchLabels:
+      app: demoapp
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: demoapp
+      containers:
+      - name: demoapp
+        image: 

From 0e23579db455e06271a7ee0570fa95ddaed6b783 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 8 May 2025 03:29:18 -0600
Subject: [PATCH 144/162] Update deployment.yaml

---
 deployment.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deployment.yaml b/deployment.yaml
index fcbb44f..558b0e6 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -3,14 +3,15 @@ kind: Deployment
 metadata:
   name: demoapp-deployment
 spec:
+  replicas: 1
   selector:
     matchLabels:
       app: demoapp
-  replicas: 1
   template:
     metadata:
       labels:
         app: demoapp
+    spec:
       containers:
       - name: demoapp
         image: 

From 4972f8215596e5ea2674d4783adc2e5b8e39e9c7 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 11:33:10 -0600
Subject: [PATCH 145/162] Delete SmartcheckScan.py

---
 SmartcheckScan.py | 322 ----------------------------------------------
 1 file changed, 322 deletions(-)
 delete mode 100644 SmartcheckScan.py

diff --git a/SmartcheckScan.py b/SmartcheckScan.py
deleted file mode 100644
index c4bc45d..0000000
--- a/SmartcheckScan.py
+++ /dev/null
@@ -1,322 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright 2019 Trend Micro and contributors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-from __future__ import print_function
-
-import argparse
-import base64
-import os
-import sys
-import json
-import time
-
-import requests
-
-from docker_image import reference
-
-
-class SlightlyImprovedSession(requests.Session):
-    def __init__(self, base, **kwargs):
-        super(SlightlyImprovedSession, self).__init__()
-        self.base = base
-        self.kwargs = kwargs
-
-    def post(self, url, **kwargs):
-        for k in self.kwargs:
-            if not k in kwargs:
-                kwargs[k] = self.kwargs[k]
-
-        return super(SlightlyImprovedSession, self).post(
-            requests.compat.urljoin(self.base, url),
-            **kwargs
-        )
-
-    def get(self, url, **kwargs):
-        for k in self.kwargs:
-            if not k in kwargs:
-                kwargs[k] = self.kwargs[k]
-
-        return super(SlightlyImprovedSession, self).get(
-            requests.compat.urljoin(self.base, url),
-            **kwargs
-        )
-
-
-def get_session(base, user, password, **kwargs):
-    """Authenticate with the service and return a session."""
-
-    session = SlightlyImprovedSession(base, **kwargs)
-
-    response = session.post('/api/sessions', json={
-        'user': {
-            'userID': user,
-            'password': password
-        }
-    })
-
-    if not response.ok:
-        raise Exception(f'could not start session: {response}')
-
-    token = response.json()['token']
-
-    session.headers.update({'Authorization': f'Bearer {token}'})
-    return session
-
-def eprint(*args, **kwargs):
-    """print a message to stderr"""
-    print(*args, file=sys.stderr, **kwargs)
-
-
-def start_scan(session, ref,
-               image_pull_auth=None,
-               registry_root_cas=None,
-               webhook_teams=None,
-               insecure_skip_registry_tls_verify=False,
-               wait=True):
-    """Start a scan."""
-
-    ref = reference.Reference.parse(ref)
-
-    hostname, name = ref.split_hostname()
-
-    if isinstance(image_pull_auth, str):
-        try:
-            image_pull_auth = json.loads(image_pull_auth)
-        except json.decoder.JSONDecodeError as err:
-            eprint('Unable to parse image-pull-auth value:', err)
-            sys.exit(1)
-
-    if registry_root_cas is not None:
-        with open(registry_root_cas) as file:
-            registry_root_cas = base64.b64encode(
-                file.read().encode()
-            ).decode('utf-8')
-    
-    registry_aux = session.get('/api/registries')
-    
-    for registry in registry_aux.json()["registries"]:
-        if(registry["host"] == hostname):
-            registry_id = registry["id"]
-
-    if(image_pull_auth == "None"):
-        response = session.post('/api/scans',
-                                json={
-                                    'name': name,
-                                    'source': {
-                                        'type': 'docker',
-                                        'registry': hostname,
-                                        'repository': name,
-                                        'tag': ref['tag'],
-                                        'digest': ref['digest'],
-                                        'credentials': image_pull_auth,
-                                        'rootCAs': registry_root_cas,
-                                        'insecureSkipVerify': insecure_skip_registry_tls_verify,
-                                    }
-                                })
-    else:
-        response = session.post("/api/registries/"+registry_id+"/scans",
-                                json={
-                                    "name": name,
-                                    "source": {
-                                        "repository": name,
-                                        "tag": ref["tag"],
-                                    }
-                                })
-        
-    if not response.ok:
-        eprint('could not create scan', response)
-        sys.exit(1)
-
-    scan = response.json()
-
-    if wait:
-        while scan['status'] in ['pending', 'in-progress']:
-            print('waiting for scan to complete...', file=sys.stderr)
-            time.sleep(10)
-
-            response = session.get(scan['href'])
-
-            if not response.ok:
-                eprint('could not check scan progress', response)
-                sys.exit(1)
-
-            scan = response.json()
-    if(webhook_teams != "None"):
-        sendToTeams(webhook_teams, scan, ref, hostname, name)
-
-    print(json.dumps(scan, indent='  '))
-
-def sendToTeams(webhook_teams, scan, ref, hostname, name):
-    
-    if(scan['status'] == "completed-with-findings" ):
-        findings = scan["details"]['results'][0]['findings']
-        vulnerabilities = findings['vulnerabilities']
-        dataVuln = "Vulnerabilities found: \n"
-        dataMalw = ""
-
-        for value in vulnerabilities['total']:
-            if value == 'high':
-                high = vulnerabilities['total']['high']
-                dataVuln = dataVuln+"High: "+str(high)+"\n"
-            if value == 'medium':
-                medium = vulnerabilities['total']['medium']
-                dataVuln = dataVuln+"Medium: "+str(medium)+"\n"
-            if value == 'low':
-                low = vulnerabilities['total']['low']
-                dataVuln = dataVuln+"Low: "+str(low)+"\n"
-            if value == 'negligible':
-                negligible = vulnerabilities['total']['negligible']
-                dataVuln = dataVuln+"Negligible: "+str(negligible)+"\n"
-            if value == 'unknown':
-                unknown = vulnerabilities['total']['unknown']
-                dataVuln = dataVuln+"Unknown: "+str(unknown)+"\n"
-
-        if dataVuln == "Vulnerabilities found: \n": dataVuln=""
-
-        for value in findings:
-            if value == 'malware':
-                malware = findings['malware']
-                dataMalw = "Malware found: "+str(malware)
-
-        message = dataVuln+dataMalw
-            
-        data = {"text": "
!!! Trend Micro - Smart Check Scan results !!! \n"+"
Image: "+name+':'+ref["tag"]+"\n"+message+"
"}
-
-        adaptiveCard = json.dumps({
-            "type": "message",
-            "attachments": [
-            {
-                "type": "AdaptiveCard",
-                "body": [
-                {
-                    "type": "ColumnSet",
-                    "columns": [
-                        {
-                        "type": "Column",
-                        "items": [
-                            {"type": "Container", "backgroundImage": "https://messagecardplayground.azurewebsites.net/assets/TxP_Background.png","items": [{ "type": "Image", "horizontalAlignment": "Center", "url": "https://www.docker.com/wp-content/uploads/2022/03/Moby-logo.png", "altText": "Docker", "isVisible": false, "width": "80px"}],"bleed": true},
-                            {"type": "Container","spacing": "none","style": "emphasis","items": [{"type": "TextBlock", "size": "extraLarge","weight": "lighter","color": "accent","text": "Image Name: {}".format(name+":"+ref["tag"]), "wrap": true}],"bleed": true,"height": "stretch"}
-                        ],
-                        "width": 45,"height": "stretch"
-                        },
-                        {
-                            "type": "Column",
-                            "items": [
-                                {
-                                    "type": "Container","height": "stretch",
-                                    "items": [
-                                        {
-                                            "type": "ColumnSet",
-                                            "columns": [
-                                                {
-                                                    "type": "Column",
-                                                    "items": [
-                                                        {"type": "RichTextBlock","inlines": [{"type": "TextRun", "text": "Summary Findings"} ]},
-                                                        {"type": "RichTextBlock", "horizontalAlignment": "Left", "inlines": [{"type": "TextRun","size": "Medium","text": "High","wrap": true}]},
-                                                        {"type": "RichTextBlock","horizontalAlignment": "Left","inlines": [{"type": "TextRun","size": "Medium","text": "Medium","wrap": true}]},
-                                                        {"type": "RichTextBlock", "horizontalAlignment": "Left", "inlines": [ { "type": "TextRun", "size": "Medium","text": "Low:","wrap": true }]}
-                                                    ],
-                                                    "width": 1
-                                                }
-                                            ]
-                                        }
-                                    ]
-                                }
-                            ],
-                            "width": 55
-                        }
-                    ],
-                    "height": "stretch"
-                }],
-                "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
-                "version": "1.4"
-            }]
-        })
-
-        url = webhook_teams
-        headers = {'Content-Type': 'application/json'}
-
-        try:
-            response = requests.request("POST", url, json=data, headers=headers)
-            print(response)
-        except requests.exceptions.RequestException as e:
-            print (e)
-            sys.exit(1)
-
-def main():
-    """Mainline"""
-
-    parser = argparse.ArgumentParser(
-        description='Start a scan',
-    )
-
-    parser.add_argument('--dssc-host', action='store',
-                        default=os.environ.get('DSSC_SMARTCHECK_HOST', None),
-                        help='The hostname of the Deep Security Smart Check deployment. Example: smartcheck.example.com')
-    parser.add_argument('--dssc-user', action='store',
-                        default=os.environ.get('DSSC_SMARTCHECK_USER', None),
-                        help='The userid for connecting to Deep Security Smart Check')
-    parser.add_argument('--dssc-password', action='store',
-                        default=os.environ.get(
-                            'DSSC_SMARTCHECK_PASSWORD', None),
-                        help='The password for connecting to Deep Security Smart Check')
-    parser.add_argument('--skip-tls-verify', action='store_true',
-                        default=os.environ.get(
-                            'DSSC_INSECURE_SKIP_TLS_VERIFY', False),
-                        help='Ignore certificate errors when connecting to Deep Security Smart Check')
-    parser.add_argument('--image-pull-auth', action='store',
-                        default=os.environ.get('DSSC_IMAGE_PULL_AUTH', None),
-                        help='A JSON object of credentials for authenticating with the registry to pull the image from')
-    parser.add_argument('--skip-registry-tls-verify', action='store_true',
-                        default=os.environ.get(
-                            'DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY', False),
-                        help='Ignore certificate errors from the image registry')
-    parser.add_argument('--webhook-teams', action='store',
-                        default=os.environ.get('DSSC_SMARTCHECK_WEBHOOK_TEAMS', None),
-                        help='WebHook Teams Ds Smartcheck')
-    parser.add_argument(
-        'image', help='The image to scan. Example: registry.example.com/project/image:latest')
-
-    args = parser.parse_args()
-
-    if args.dssc_host is None:
-        eprint('dssc_host is required')
-        sys.exit(1)
-
-    if args.skip_tls_verify:
-        import urllib3
-        urllib3.disable_warnings()
-
-    if not args.dssc_host.startswith('http'):
-        args.dssc_host = 'https://' + args.dssc_host
-
-    with get_session(
-        base=args.dssc_host,
-        user=args.dssc_user,
-        password=args.dssc_password,
-        verify=(not args.skip_tls_verify),
-    ) as session:
-        start_scan(
-            session,
-            args.image,
-            image_pull_auth=args.image_pull_auth,
-            insecure_skip_registry_tls_verify=args.skip_registry_tls_verify,
-            webhook_teams=args.webhook_teams
-        )
-
-
-if __name__ == '__main__':
-    main()

From 93403a643dee9ab3fbaca83ef485265378b6c66f Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 11:39:59 -0600
Subject: [PATCH 146/162] Refactor TMAS Scan Action in workflow

Updated TMAS Scan Action configuration to use a new version and changed scan parameters.
---
 .github/workflows/tmas_workflow.yml | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index be85570..64a7b3d 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -35,25 +35,17 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: TMAS Scan Action
-        uses: trendmicro/tmas-scan-action@1.0.11
+      - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets
+        uses: trendmicro/tmas-scan-action@vX
         with:
-            # Mandatory
-            TMAS_API_KEY: ${{ secrets.API_KEY }}
-            REGION: us-1
-            # Optional
-            SBOM: true # Saves SBOM to SBOM.json so you can export it as an artifact later.
-            IMAGE: ${{ steps.meta.outputs.tags }} # The image need to be public or the pipeline need to have access to the private image of choice.
-            LOCAL_IMAGE_TARBALL: image.tar # For each threshold below, select the maximum number of vulnerabilities that are acceptable.
-            MALWARE_SCAN: true
-            MAX_TOTAL: 1000
-            MAX_CRITICAL: 500
-            MAX_HIGH: 500
-            MAX_MEDIUM: 500
-            MAX_LOW: 500
-            MAX_NEGLIGIBLE: 500
-            MAX_UNKNOWN: 500
-            SCAN_RESULT_ARTIFACT: result.json # Save as an artifact in GitHub to be able to keep the result of the scan.
+          version: '3' # Recommended: pin to major version for automatic updates within v2.x.x
+          vulnerabilitiesScan: true
+          malwareScan: false
+          secretsScan: true
+          artifact: dir:./repo-name
+          additionalArgs: --region=ue-east-1
+          tmasApiKey: ${{ secrets.API_KEY }}
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4
         with:

From 8aae44a7b27fd65998e4ef7c9676bf3f24a756b4 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 11:40:29 -0600
Subject: [PATCH 147/162] Update TMAS scan action to version 3.0.1

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 64a7b3d..84d052e 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -36,7 +36,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets
-        uses: trendmicro/tmas-scan-action@vX
+        uses: trendmicro/tmas-scan-action@v3.0.1
         with:
           version: '3' # Recommended: pin to major version for automatic updates within v2.x.x
           vulnerabilitiesScan: true

From db581fb6bd2b31972412ba06c2cc06de76f70ca4 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 11:57:46 -0600
Subject: [PATCH 148/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 84d052e..546d475 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -38,7 +38,7 @@ jobs:
       - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets
         uses: trendmicro/tmas-scan-action@v3.0.1
         with:
-          version: '3' # Recommended: pin to major version for automatic updates within v2.x.x
+          version: '2' # Recommended: pin to major version for automatic updates within v2.x.x
           vulnerabilitiesScan: true
           malwareScan: false
           secretsScan: true

From fe0561e55fb99c5baae1df6517b6e51c673b26b0 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 12:10:00 -0600
Subject: [PATCH 149/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 546d475..a15d71f 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -42,8 +42,8 @@ jobs:
           vulnerabilitiesScan: true
           malwareScan: false
           secretsScan: true
-          artifact: dir:./repo-name
-          additionalArgs: --region=ue-east-1
+          artifact: dir:./
+          additionalArgs: --region=us-east-1
           tmasApiKey: ${{ secrets.API_KEY }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
       - name: 'Upload Scan Result Artifact'

From f2cfa050ddd5b371d82f034d4826e0558c0bb0f3 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:23:29 -0600
Subject: [PATCH 150/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index a15d71f..16fe812 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -7,6 +7,7 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  TMAS_API_KEY: ${{ secrets.API_KEY }} 
 jobs:
   push_to_registries:
     name: Push Docker image to multiple registries

From 7d96e9b06c6ffd57baba2c73adefa8dbaf1dc8f2 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:27:36 -0600
Subject: [PATCH 151/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 16fe812..b587f52 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,7 +45,7 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: ${{ secrets.API_KEY }}
+          tmasApiKey: ${{ env.TMAS_API_KEY }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4

From 3e0b448a2351524a1e13038386e820e903fe583b Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:30:05 -0600
Subject: [PATCH 152/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index b587f52..aed22ea 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,7 +45,7 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: ${{ env.TMAS_API_KEY }}
+          tmasApiKey: "aijdlansdlansd"
           githubToken: ${{ secrets.GITHUB_TOKEN }}
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4

From f6bdbae66ec6a80086182bbd5ab61e0042e1198b Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:34:12 -0600
Subject: [PATCH 153/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index aed22ea..e9db65d 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,7 +45,7 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: "aijdlansdlansd"
+          tmasApiKey: ${{ secrets.TMAS_API_KEY }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4

From e4e178a1babdbeca5bf8fd3895b5967904710ed6 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:38:38 -0600
Subject: [PATCH 154/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index e9db65d..b00f2de 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -7,7 +7,7 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  TMAS_API_KEY: ${{ secrets.API_KEY }} 
+  TMAS_API_KEY: ${{  secrets.TMAS_API_KEY }} 
 jobs:
   push_to_registries:
     name: Push Docker image to multiple registries
@@ -36,6 +36,10 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+      - name: Debug Secret Var
+        run: echo "Secret key length: ${#TMAS_API_KEY}"
+        env:
+          TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }}
       - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets
         uses: trendmicro/tmas-scan-action@v3.0.1
         with:
@@ -47,6 +51,7 @@ jobs:
           additionalArgs: --region=us-east-1
           tmasApiKey: ${{ secrets.TMAS_API_KEY }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
+        
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4
         with:

From e415fc2b03f35ebdb291ef0dd0fd981c844c4cf2 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:40:41 -0600
Subject: [PATCH 155/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index b00f2de..b826ad2 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -37,7 +37,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Debug Secret Var
-        run: echo "Secret key length: ${#TMAS_API_KEY}"
+        run: echo "Secret key length:"
         env:
           TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }}
       - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets

From 54f1d9d76974c902ab23b955f6fad62f9c2837f6 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:44:37 -0600
Subject: [PATCH 156/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index b826ad2..c6940e1 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -36,10 +36,14 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: Debug Secret Var
-        run: echo "Secret key length:"
-        env:
-          TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }}
+      - name: Check if TMAS_API_KEY is set
+        run: |
+          if [ -z "${{ secrets.TMAS_API_KEY }}" ]; then
+            echo "❌ TMAS_API_KEY is not set"
+            exit 1
+          else
+            echo "✅ TMAS_API_KEY is set (length > 0)"
+          fi
       - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets
         uses: trendmicro/tmas-scan-action@v3.0.1
         with:

From 6ce6cd358af20355ba0f6fb56542c46f21025c16 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:50:23 -0600
Subject: [PATCH 157/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index c6940e1..d8c2763 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -7,7 +7,7 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  TMAS_API_KEY: ${{  secrets.TMAS_API_KEY }} 
+  TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }} 
 jobs:
   push_to_registries:
     name: Push Docker image to multiple registries
@@ -36,14 +36,6 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      - name: Check if TMAS_API_KEY is set
-        run: |
-          if [ -z "${{ secrets.TMAS_API_KEY }}" ]; then
-            echo "❌ TMAS_API_KEY is not set"
-            exit 1
-          else
-            echo "✅ TMAS_API_KEY is set (length > 0)"
-          fi
       - name: Download TMAS and Scan Repo for Open Source Vulnerabilities and Secrets
         uses: trendmicro/tmas-scan-action@v3.0.1
         with:
@@ -53,7 +45,7 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: ${{ secrets.TMAS_API_KEY }}
+          tmasApiKey: ${{ env.TMAS_API_KEY }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
         
       - name: 'Upload Scan Result Artifact'

From f64ac57493ca8dbb1b7eb0277877def2fb41b645 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:51:58 -0600
Subject: [PATCH 158/162] Change TMAS API key to use environment variable

Updated TMAS API key reference to use environment variable.
---
 .github/workflows/tmas_workflow.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index d8c2763..fea4c19 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,8 +45,12 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: ${{ env.TMAS_API_KEY }}
+          tmasApiKey: $TMAS_API_KEY
           githubToken: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          REGISTRY: ghcr.io
+          IMAGE_NAME: ${{ github.repository }}
+          TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }} 
         
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4

From 95b34bbdf8413bb422b9ff0133eb69afb696f025 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:53:04 -0600
Subject: [PATCH 159/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index fea4c19..63e8825 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,7 +45,7 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: $TMAS_API_KEY
+          tmasApiKey: "$TMAS_API_KEY"
           githubToken: ${{ secrets.GITHUB_TOKEN }}
         env:
           REGISTRY: ghcr.io

From 36d4547aa4d801378cba22bbbf61801fcd74aecb Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:54:47 -0600
Subject: [PATCH 160/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 63e8825..5b0af75 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,7 +45,7 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: "$TMAS_API_KEY"
+          tmasApiKey: "${{ secrets.TMAS_API_KEY }}"
           githubToken: ${{ secrets.GITHUB_TOKEN }}
         env:
           REGISTRY: ghcr.io

From 995589032ee4bec884206d1854912641fbf0ca15 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 27 Nov 2025 17:58:28 -0600
Subject: [PATCH 161/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 5b0af75..50b261f 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -45,12 +45,12 @@ jobs:
           secretsScan: true
           artifact: dir:./
           additionalArgs: --region=us-east-1
-          tmasApiKey: "${{ secrets.TMAS_API_KEY }}"
+          tmasApiKey: ${{ env.TMAS_API_KEY }}
           githubToken: ${{ secrets.GITHUB_TOKEN }}
         env:
           REGISTRY: ghcr.io
           IMAGE_NAME: ${{ github.repository }}
-          TMAS_API_KEY: ${{ secrets.TMAS_API_KEY }} 
+          TMAS_API_KEY: ${{ env.TMAS_API_KEY }} 
         
       - name: 'Upload Scan Result Artifact'
         uses: actions/upload-artifact@v4

From 40202ed3ab3bbfa928b91ee9f8431b91419494c3 Mon Sep 17 00:00:00 2001
From: Yessenia Becerra 
Date: Thu, 11 Dec 2025 07:54:01 -0600
Subject: [PATCH 162/162] Update tmas_workflow.yml

---
 .github/workflows/tmas_workflow.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/tmas_workflow.yml b/.github/workflows/tmas_workflow.yml
index 50b261f..6b6890b 100644
--- a/.github/workflows/tmas_workflow.yml
+++ b/.github/workflows/tmas_workflow.yml
@@ -16,6 +16,16 @@ jobs:
       packages: write
       contents: read
     steps:
+      - name: Check if secret exists
+        run: |
+          if [ -z "${MY_SECRET}" ]; then
+            echo "Secret MY_SECRET NO existe o está vacío"
+            exit 1
+          else
+            echo "Secret MY_SECRET está configurado"
+          fi
+        env:
+          MY_SECRET: ${{ secrets.TMAS_API_KEY }}
       - name: 'Checkout GitHub Action'
         uses: actions/checkout@main
       - name: 'Login to GitHub Container Registry'