From 918a99ace12c37efc2b8d7ee0a5dd2fc50a44858 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Tue, 19 Sep 2023 06:29:06 +0200
Subject: [PATCH] Fixed the scans

---
 .gitlab-ci.yml | 46 ++++++++++++++++++++++++++++++++++++++++++++--
 Makefile       | 30 +++++++++++++++++++-----------
 2 files changed, 63 insertions(+), 13 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 21d772da4a..9f2ae75764 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -265,6 +265,46 @@ scan-search-db:
     reports:
       container_scanning: ./.trivy/trivy-search-db-report.json
 
+scan-data-db:
+  stage: scan-docker
+  needs:
+    - build-docker
+  only:
+    refs:
+      - dev
+      - master
+  allow_failure: true
+  script:
+    - make scan-data-db
+  cache:
+    paths:
+      - .trivycache/
+  artifacts:
+    when: always
+    expire_in: 1 days
+    reports:
+      container_scanning: ./.trivy/trivy-data-db-report.json
+
+scan-metadata-db:
+  stage: scan-docker
+  needs:
+    - build-docker
+  only:
+    refs:
+      - dev
+      - master
+  allow_failure: true
+  script:
+    - make scan-metadata-db
+  cache:
+    paths:
+      - .trivycache/
+  artifacts:
+    when: always
+    expire_in: 1 days
+    reports:
+      container_scanning: ./.trivy/trivy-metadata-db-report.json
+
 scan-ui:
   stage: scan-docker
   needs:
@@ -293,7 +333,8 @@ release-latest:
     - scan-broker-service
     - scan-gateway-service
     - scan-metadata-service
-    - scan-proxy
+    - scan-metadata-db
+    - scan-data-db
     - scan-search-db
     - scan-ui
   only:
@@ -313,7 +354,8 @@ release-version:
     - scan-broker-service
     - scan-gateway-service
     - scan-metadata-service
-    - scan-proxy
+    - scan-metadata-db
+    - scan-data-db
     - scan-search-db
     - scan-ui
   only:
diff --git a/Makefile b/Makefile
index 2229c29937..338c090013 100644
--- a/Makefile
+++ b/Makefile
@@ -2,8 +2,6 @@
 
 TAG ?= latest
 TRIVY_VERSION ?= v0.41.0
-ELASTIC_VERSION ?= 8.7.1
-NGINX_VERSION ?= 1.25.0-alpine-slim
 AZURE_REPO ?= dbrepo.azurecr.io
 
 all: build
@@ -108,7 +106,7 @@ test-metadata-service: build-metadata-service teardown
 test-analyse-service: build-analyse-service
 	bash ./dbrepo-analyse-service/test.sh
 
-scan: scan-analyse-service scan-authentication-service scan-broker-service scan-gateway-service scan-metadata-db scan-metadata-service scan-search-db scan-ui scan-search-sync-agent scan-data-service
+scan: scan-analyse-service scan-authentication-service scan-broker-service scan-gateway-service scan-metadata-db scan-metadata-service scan-search-db scan-ui scan-search-sync-agent scan-data-db
 
 scan-analyse-service:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
@@ -126,10 +124,10 @@ scan-broker-service:
 	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-broker-service:latest
 
 scan-gateway-service:
-	docker pull "nginx:${NGINX_VERSION}"
-	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json "nginx:${NGINX_VERSION}"
-	trivy image --insecure --exit-code 0 "nginx:${NGINX_VERSION}"
-	trivy image --insecure --exit-code 1 --severity CRITICAL "nginx:${NGINX_VERSION}"
+	docker pull "nginx:1.25.0-alpine-slim"
+	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json "nginx:1.25.0-alpine-slim"
+	trivy image --insecure --exit-code 0 "nginx:1.25.0-alpine-slim"
+	trivy image --insecure --exit-code 1 --severity CRITICAL "nginx:1.25.0-alpine-slim"
 
 scan-metadata-db:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json dbrepo-metadata-db:latest
@@ -147,10 +145,20 @@ scan-search-sync-agent:
 	trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-sync-agent:latest
 
 scan-search-db:
-	docker pull "elasticsearch:${ELASTIC_VERSION}"
-	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json "elasticsearch:${ELASTIC_VERSION}"
-	trivy image --insecure --exit-code 0 "elasticsearch:${ELASTIC_VERSION}"
-	trivy image --insecure --exit-code 1 --severity CRITICAL "elasticsearch:${ELASTIC_VERSION}"
+	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json "dbrepo-search-db"
+	trivy image --insecure --exit-code 0 "dbrepo-search-db"
+	trivy image --insecure --exit-code 1 --severity CRITICAL "dbrepo-search-db"
+
+scan-metadata-db:
+	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json "dbrepo-metadata-db"
+	trivy image --insecure --exit-code 0 "dbrepo-metadata-db"
+	trivy image --insecure --exit-code 1 --severity CRITICAL "dbrepo-metadata-db"
+
+scan-data-db:
+	docker pull "bitnami/mariadb:10.5"
+	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json "bitnami/mariadb:10.5"
+	trivy image --insecure --exit-code 0 "bitnami/mariadb:10.5"
+	trivy image --insecure --exit-code 1 --severity CRITICAL "bitnami/mariadb:10.5"
 
 scan-ui:
 	trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json dbrepo-ui:latest
-- 
GitLab