Contains a very simple Nodejs application, which is published to a registry as a runnable docker container.
After container is built, it is sent through an Anchore engine scan.
- GitLab - .gitlab-ci.yml -
- CircleCi - config.yml -
- Jenkins Pipeline - Jenkinsfile
- AWS CodeBuild - buildspec.yml -
- CodeShip - codeship-services.yml & codeship-steps.yml -
- Codefresh - codefresh.yml -
- TravisCI - .travis.yml -
When Anchore scanning finishes, by default, the following reports are available as artifacts.
image-content-os-report.json- all OS packages installed in image.image-content-python-report.json- all Python modules installed in image.image-content-java-report.json- all Java modules installed in image.image-vuln-report.json- all CVE's found in image.image-details-report.json- image metadata utilized by Anchore engine.image-policy-report.json- details of policy applied to the Anchore scan.