snyk-labs · schottsfired · Aug 23, 2022 · Oct 7, 2022 · Oct 11, 2022 · Mar 27, 2024
diff --git a/.github/workflows/snyk-code-manual.yml b/.github/workflows/snyk-code-manual.yml
@@ -13,4 +13,3 @@ jobs:
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: sarif.json
-          # sarif_file: example111.json
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,3 @@
-# FROM node:6-stretch
 FROM node:18.13.0
 
 RUN mkdir /usr/src/goof

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -19,6 +19,7 @@ services:
       - "27017:27017"
   good-mysql:
     container_name: goof-mysql
+    #platform: linux/x86_64
     image: mysql:5
     environment:
       MYSQL_ROOT_PASSWORD: root

diff --git a/example111.json b/example111.json
diff --git a/imagebuild.sh b/imagebuild.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+IMAGE_NAME=478468688580.dkr.ecr.us-east-1.amazonaws.com/nodejs-goof
+IMAGE_TAG=latest
+
+echo "📦 Building and pushing image ${IMAGE_NAME}:${IMAGE_TAG} ..."
+docker buildx create --name multiarch --use
+PLATFORM=linux/amd64
+if [[ $(uname -m) = arm64 ]]; then
+  echo "Found arm64! Building arm64 and amd64 images..."
+  PLATFORM=linux/arm64,linux/amd64
+fi
+docker buildx build --push --platform ${PLATFORM} -t ${IMAGE_NAME}:${IMAGE_TAG} .
diff --git a/mongoose-db.js b/mongoose-db.js
@@ -25,7 +25,7 @@ const DOCKER = process.env.DOCKER
 if (DOCKER === '1') {
   var mongoUri = 'mongodb://goof-mongo/express-todo';
 } else {
-  var mongoUri = 'mongodb://localhost/express-todo';
+  var mongoUri = 'mongodb://goof-mongo/express-todo';
 }
 
 

diff --git a/nodejs-goof-k8s.yaml b/nodejs-goof-k8s.yaml
@@ -0,0 +1,173 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+    kompose.version: 1.26.1 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: good-mysql
+  name: good-mysql
+spec:
+  ports:
+    - name: "3306"
+      port: 3306
+      targetPort: 3306
+  selector:
+    io.kompose.service: good-mysql
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+    kompose.version: 1.26.1 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: goof
+  name: goof
+spec:
+  ports:
+    - name: "3001"
+      port: 3001
+      targetPort: 3001
+    - name: "9229"
+      port: 9229
+      targetPort: 9229
+  selector:
+    io.kompose.service: goof
+status:
+  loadBalancer: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+    kompose.version: 1.26.1 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: goof-mongo
+  name: goof-mongo
+spec:
+  ports:
+    - name: "27017"
+      port: 27017
+      targetPort: 27017
+  selector:
+    io.kompose.service: goof-mongo
+status:
+  loadBalancer: {}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+    kompose.version: 1.26.1 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: good-mysql
+  name: good-mysql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: good-mysql
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+        kompose.version: 1.26.1 (HEAD)
+      creationTimestamp: null
+      labels:
+        io.kompose.service: good-mysql
+    spec:
+      containers:
+        - env:
+            - name: MYSQL_DATABASE
+              value: acme
+            - name: MYSQL_ROOT_PASSWORD
+              value: root
+          image: mysql:5
+          name: goof-mysql
+          ports:
+            - containerPort: 3306
+          resources: {}
+      restartPolicy: Always
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+    kompose.version: 1.26.1 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: goof
+  name: goof
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: goof
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+        kompose.version: 1.26.1 (HEAD)
+      creationTimestamp: null
+      labels:
+        io.kompose.service: goof
+    spec:
+      containers:
+        - env:
+            - name: DOCKER
+              value: "1"
+          image: 478468688580.dkr.ecr.us-east-1.amazonaws.com/nodejs-goof:latest
+          name: goof
+          ports:
+            - containerPort: 3001
+            - containerPort: 9229
+          resources: {}
+          securityContext:
+            privileged: true
+      restartPolicy: Always
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+    kompose.version: 1.26.1 (HEAD)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: goof-mongo
+  name: goof-mongo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: goof-mongo
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -o nodejs-goof-k8s.yaml
+        kompose.version: 1.26.1 (HEAD)
+      creationTimestamp: null
+      labels:
+        io.kompose.service: goof-mongo
+    spec:
+      containers:
+        - image: mongo:5.0.13
+          name: goof-mongo
+          ports:
+            - containerPort: 27017
+          resources: {}
+      restartPolicy: Always
+status: {}
+
diff --git a/snyk-test-and-monitor.sh b/snyk-test-and-monitor.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+# Usage: ./snyk-test-and-monitor.sh 478468688580.dkr.ecr.us-east-1.amazonaws.com/nodejs-goof:latest
+
+# Configure Snyk CLI options
+SNYK_TOKEN=${SNYK_TOKEN}  # Replace with your Snyk API token (store securely!)
+
+# Get remote repo URL from git config and remove unwanted prefix
+SNYK_REMOTE_REPO_URL=$(git config --get remote.origin.url | sed 's/^[email protected]://; s/\.git$//')
+
+# Get current branch name
+SNYK_TARGET_REFERENCE=$(git rev-parse --abbrev-ref HEAD)
+
+# Get container image ID from argument (assuming first argument)
+CONTAINER_IMAGE_ID="$1"
+
+# Run SCA scan
+snyk test \
+  --all-projects \
+  --fail-fast \
+  || true  # Ignore SCA scan failures
+
+# Run container scan (adjust based on your container image build process)
+snyk container test $CONTAINER_IMAGE_ID \
+  --file=Dockerfile \
+  --platform=linux/amd64 \
+  || true  # Ignore container scan failures
+
+# Run IaC scan (adjust based on your IaC tool)
+snyk iac test \
+  --report \
+  --remote-repo-url="$SNYK_REMOTE_REPO_URL" \
+  --target-reference="$SNYK_TARGET_REFERENCE" \
+  || true  # Ignore IaC scan failures
+
+# Send SCA scan results to Snyk platform with grouping and target reference
+snyk monitor \
+  --remote-repo-url="$SNYK_REMOTE_REPO_URL" \
+  --target-reference="$SNYK_TARGET_REFERENCE"
+
+# Send container scan results to Snyk platform
+snyk container monitor $CONTAINER_IMAGE_ID
+
+# Exit script with non-zero code if any scan fails (exit code 1)
+if [[ $? -ne 0 ]]; then
+  echo "Snyk scan failed!"
+  exit 1
+fi
+
+echo "Snyk scans completed successfully."
diff --git a/typeorm-db.js b/typeorm-db.js
@@ -6,7 +6,7 @@ const Users = require("./entity/Users")
 typeorm.createConnection({
   name: "mysql",
   type: "mysql",
-  host: "localhost",
+  host: "good-mysql",
   port: 3306,
   username: "root",
   password: "root",