CHNS/AI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed a directory issue

Browse Source
This commit is contained in:
Derek Cooper
2026-03-22 12:56:25 -07:00
parent d8b2d87062
commit 876f9b5c18
1 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
playbooks/docker-security-audit.md
View File

@@ -147,9 +147,17 @@ After all scans are complete for this image:
After all images are scanned, generate the following files. All output goes into a timestamped folder: After all images are scanned, generate the following files. All output goes into a timestamped folder:
**Folder:** `reports/audit-<YYYY-MM-DD>/` **Folder structure:**
Create this folder before writing any files. If it already exists, continue writing into it. ```
reports/audit-<YYYY-MM-DD>/
audit-<YYYY-MM-DD>.md ← overview report
<image-name>/ ← one folder per image (name only, no tag, slashes replaced with -)
<image-name>-<tag>.md ← per-image detail report
sbom-<image-name>-<tag>.json ← SBOM
```
Create `reports/audit-<YYYY-MM-DD>/` and each per-image subfolder before writing any files. If folders already exist, continue writing into them.
--- ---
@@ -163,7 +171,7 @@ This is the top-level summary. It must link to each per-image detail file.
| Image | CRITICAL | HIGH | MEDIUM | LOW | Secrets | Misconfigs | Hadolint | Status | Removed | Detail File | | Image | CRITICAL | HIGH | MEDIUM | LOW | Secrets | Misconfigs | Hadolint | Status | Removed | Detail File |
|---|---|---|---|---|---|---|---|---|---|---| |---|---|---|---|---|---|---|---|---|---|---|
| image:tag | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ACTIVE/NOT ACTIVE | YES/NO/FAILED | [image-name.md](image-name.md) | | image:tag | 0 | 0 | 0 | 0 | 0 | 0 | 0 | ACTIVE/NOT ACTIVE | YES/NO/FAILED | [image-name/image-name-tag.md](image-name/image-name-tag.md) |
#### Critical & High Findings (All Images) #### Critical & High Findings (All Images)
@@ -198,9 +206,12 @@ After all findings:
### File 2 — Per-Image Detail Reports ### File 2 — Per-Image Detail Reports
**Filename per image:** `reports/audit-<YYYY-MM-DD>/<image-name>-<tag>.md` **Filename per image:** `reports/audit-<YYYY-MM-DD>/<image-name>/<image-name>-<tag>.md`
- Replace `:` and `/` in the image name with `-` to form a safe filename (e.g. `nginx-latest.md`, `myrepo-myapp-1.2.3.md`) - `<image-name>` is the image name only — no tag, slashes replaced with `-` (e.g. `nginx`, `myrepo-myapp`)
- `<tag>` is the image tag (e.g. `latest`, `1.2.3`)
- Example: `nginx:latest``reports/audit-2026-03-22/nginx/nginx-latest.md`
- Example: `myrepo/myapp:1.2.3``reports/audit-2026-03-22/myrepo-myapp/myrepo-myapp-1.2.3.md`
- Generate one file per image — do not combine images into a single detail file - Generate one file per image — do not combine images into a single detail file
Each per-image file must include: Each per-image file must include:
@@ -272,10 +283,10 @@ List any unknown or restrictive licenses flagged by Trivy.
Note the SBOM filename saved alongside this report: Note the SBOM filename saved alongside this report:
`SBOM saved: reports/audit-<YYYY-MM-DD>/sbom-<image-name>-<tag>.json` `SBOM saved: reports/audit-<YYYY-MM-DD>/<image-name>/sbom-<image-name>-<tag>.json`
Update the SBOM output path to match this folder: Update the SBOM output path to match this folder:
`trivy image --format cyclonedx --output reports/audit-<YYYY-MM-DD>/sbom-<image-name>-<tag>.json <image:tag>` `trivy image --format cyclonedx --output reports/audit-<YYYY-MM-DD>/<image-name>/sbom-<image-name>-<tag>.json <image:tag>`
#### Cleanup #### Cleanup