Merge pull request #152 from abnamro/2467022-update-db-image

Peter-v-d-Spek · web-flow · commit a2c23313d761 · 2023-08-09T17:25:15.000+02:00
2467022 update db image
diff --git a/.github/workflows/backend-ci.yaml b/.github/workflows/backend-ci.yaml
@@ -142,7 +142,7 @@ jobs:
           cd ${{ env.RESC_BACKEND_DIR }}
           docker build -t ${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{needs.python-build-and-publish.outputs.backend_version}} .
 
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy vulnerability scanner - RESC-Backend
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{needs.python-build-and-publish.outputs.backend_version}}
@@ -197,3 +197,33 @@ jobs:
           context: ${{ env.RESC_BACKEND_DIR }}/
           push: ${{ env.PUBLISH_IMAGE }}
           tags: ${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest, ${{ env.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{needs.python-build-and-publish.outputs.backend_version}}
+
+      - name: Run Trivy vulnerability scanner - Redis
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: redis:7.0.11-alpine
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Run Trivy vulnerability scanner - RabbitMQ
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: rabbitmq:3.11.9-management-alpine
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Run Trivy vulnerability scanner - Database
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: mcr.microsoft.com/azure-sql-edge:1.0.7
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
diff --git a/components/resc-backend/README.md b/components/resc-backend/README.md
@@ -170,7 +170,7 @@ If you can override the images by providing below arguments to the script.
 cd tests/newman_tests
 ./run_newman_tests.sh -b <resc-backend image:tag> -d <resc-database image:tag>  -n <newman image:tag> 
 
-Example: ./run_newman_tests.sh -b 'rescabnamro/resc-backend:latest' -d 'mcr.microsoft.com/azure-sql-edge:1.0.5' -n 'postman/newman:5.3.1-alpine'
+Example: ./run_newman_tests.sh -b 'rescabnamro/resc-backend:latest' -d 'mcr.microsoft.com/azure-sql-edge:1.0.7' -n 'postman/newman:5.3.1-alpine'
 ```
 
 ### Run OWASP ZAP API Security tests locally:
@@ -185,7 +185,7 @@ If you can override the images by providing below arguments to the script.
 cd tests/zap_tests
 ./run_run_zap_api_tests.sh -b <resc-backend image:tag> -d <resc-database image:tag>  -z <zap image:tag>
 
-Example: ./run_newman_tests.sh -b 'rescabnamro/resc-backend:latest' -d 'mcr.microsoft.com/azure-sql-edge:1.0.5' -n 'owasp/zap2docker-weekly'
+Example: ./run_newman_tests.sh -b 'rescabnamro/resc-backend:latest' -d 'mcr.microsoft.com/azure-sql-edge:1.0.7' -n 'owasp/zap2docker-weekly'
 ```
 
 
diff --git a/components/resc-backend/tests/newman_tests/run_newman_tests.sh b/components/resc-backend/tests/newman_tests/run_newman_tests.sh
@@ -4,7 +4,7 @@
 #Description	: This script runs newman tests for RESC API
 #Args         : -b <resc-backend image:tag> -d <resc-database image:tag>  -n <newman image:tag>
 #Usage 1      : ./run_newman_tests.sh -b 'rescabnamro/resc-backend:latest'  \
-#                -d 'mcr.microsoft.com/azure-sql-edge:1.0.5'  \
+#                -d 'mcr.microsoft.com/azure-sql-edge:1.0.7'  \
 #                -n "postman/newman:5.3.1-alpine"
 #Usage 2      : ./run_newman_tests.sh , default values will be used
 #                if you don't provide any argument
@@ -24,7 +24,7 @@ do
 done
 
 RESC_BACKEND_IMAGE="${backend_image:-"rescabnamro/resc-backend:latest"}"
-RESC_DATABASE_IMAGE="${database_image:-"mcr.microsoft.com/azure-sql-edge:1.0.5"}"
+RESC_DATABASE_IMAGE="${database_image:-"mcr.microsoft.com/azure-sql-edge:1.0.7"}"
 RESC_NEWMAN_IMAGE="${newman_image:-"postman/newman:5.3.1-alpine"}"
 RESC_BACKEND_CONTAINER="resc-api-test"
 RESC_DATABASE_CONTAINER="resc-database-test"
diff --git a/components/resc-backend/tests/zap_tests/run_zap_api_tests.sh b/components/resc-backend/tests/zap_tests/run_zap_api_tests.sh
@@ -4,7 +4,7 @@
 #Description	: This script runs ZAP API Security tests for RESC API
 #Args         : -b <resc-backend image:tag> -d <resc-database image:tag>  -z <zap image:tag>
 #Usage 1      : ./run_zap_api_tests.sh -b 'rescabnamro/resc-backend:latest'  \
-#                -d 'mcr.microsoft.com/azure-sql-edge:1.0.5'  \
+#                -d 'mcr.microsoft.com/azure-sql-edge:1.0.7'  \
 #                   -z "owasp/zap2docker-weekly"
 #Usage 2      : ./run_zap_api_tests.sh , default values will be used
 #                if you don't provide any argument
@@ -24,7 +24,7 @@ do
 done
 
 RESC_BACKEND_IMAGE="${backend_image:-"rescabnamro/resc-backend:latest"}"
-RESC_DATABASE_IMAGE="${database_image:-"mcr.microsoft.com/azure-sql-edge:1.0.5"}"
+RESC_DATABASE_IMAGE="${database_image:-"mcr.microsoft.com/azure-sql-edge:1.0.7"}"
 RESC_ZAP_IMAGE="${zap_image:-"owasp/zap2docker-weekly"}"
 RESC_BACKEND_CONTAINER="resc-api-test"
 RESC_DATABASE_CONTAINER="resc-database-test"
diff --git a/deployment/kubernetes/README.md b/deployment/kubernetes/README.md
@@ -279,7 +279,7 @@ If any image is not getting pulled automatically from the registry, you can use
 
 Examples:
 ```bash
-docker pull mcr.microsoft.com/azure-sql-edge:1.0.5
+docker pull mcr.microsoft.com/azure-sql-edge:1.0.7
 
 docker pull redis:7.0.11-alpine
 
diff --git a/deployment/kubernetes/charts/resc-database/values.yaml b/deployment/kubernetes/charts/resc-database/values.yaml
@@ -5,7 +5,7 @@ database:
   image:
     repository: mcr.microsoft.com/
     name: azure-sql-edge
-    tag: 1.0.5
+    tag: 1.0.7
     pullPolicy: IfNotPresent
   resources:
     requests:
