⬆️
Hands on projects
  • ✅Ghost App
    • Unlock the Best in Blogging: A Tour of Our Secure, Scalable, and Compliant Blog App
    • Secure Deployment of Ghost on GKE using GitLab CI/CD
    • PLAN Phase : Threat Modeling for Ghost app
    • CODE Phase: Enhancing Security with IDE Security Plugin,Secret Detection, SAST, and SCA
      • What to do if I found vulnerability
    • BUILD Phase
    • TEST Phase
      • DAST Report
    • RELEASE and DEPLOY Phase
    • OPERATE and MONITOR Phase
  • Extra Security
    • VPN Connection
      • OpenVPN Server on Google Cloud Platform
  • NFS Persistent Volumes with Kubernetes on GKE
Powered by GitBook
On this page
  1. Ghost App

BUILD Phase

PreviousWhat to do if I found vulnerabilityNextTEST Phase

Last updated 1 year ago

After several scans for secret and vulnerabilities, we can build and push our app to docker hub. For that, i added build stage to gitlab-ci.yaml

gitlab-ci.yaml
build_image:
  stage: build  # Define the stage of the CI/CD pipeline as 'build'
  image: docker:latest  # Use the latest version of the Docker image

  script:  # The list of commands that are run during this stage
    - docker login -u "$DOCKERHUB_USERNAME" -p "$DOCKERHUB_PASSWORD"  # Log in to Docker Hub using environment variables for credentials
    - VERSION=$(cat version.txt)  # Read the version number from version.txt and store it in a variable named VERSION
    - docker build -t asafahmad/ghost:$VERSION .  # Build the Docker image and tag it using the version number
    - docker push asafahmad/ghost:$VERSION  # Push the built image with its tag to Docker Hub

After success build then I added container scan stage for scanning the image which we created

snyk_container_security:
  stage: container_scan
  image: 
    name: snyk/snyk-cli:1.1205.0-docker
    entrypoint: [""]
  script:
    - npm install -g npm@latest
    - npm install -g synk
    - snyk auth $SNYK_TOKEN
    - snyk container monitor asafahmad/ghost:v5 --org=785253e7-a8e7-412e-a88b-b1f89e0e2d08
  allow_failure: true
✅