From d4bcbddeaee803d03d0dbd8e9e7e8f6031589236 Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Tue, 27 Aug 2024 11:42:24 +0900 Subject: [PATCH 1/7] =?UTF-8?q?ECR=E3=82=A2=E3=83=83=E3=83=97=E3=83=87?= =?UTF-8?q?=E3=83=BC=E3=83=88=E3=82=B9=E3=82=AF=E3=83=AA=E3=83=97=E3=83=88?= =?UTF-8?q?=E5=8C=96=E5=AE=9F=E8=A3=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vulnerability-scan/README.md | 17 +++++++++++++++++ vulnerability-scan/build-push-scanpoint.sh | 19 +++++++++++++++++++ .../check-view-security-option.sh | 14 ++++++++++++++ .../build-push-scanpoint/crm-datafetch.sh | 14 ++++++++++++++ .../build-push-scanpoint/dataimport.sh | 11 +++++++++++ .../build-push-scanpoint/export-dbdump.sh | 13 +++++++++++++ .../jskult-batch-daily.sh | 13 +++++++++++++ .../jskult-batch-laundering.sh | 13 +++++++++++++ .../build-push-scanpoint/jskult-dbdump.sh | 14 ++++++++++++++ .../build-push-scanpoint/jskult-webapp.sh | 14 ++++++++++++++ .../build-push-scanpoint/sap-data-decrypt.sh | 12 ++++++++++++ vulnerability-scan/retag-push-latest.sh | 19 +++++++++++++++++++ .../retag-check-view-security-option.sh | 9 +++++++++ .../retag-push-latest/retag-crm-datafetch.sh | 9 +++++++++ .../retag-push-latest/retag-dataimport.sh | 9 +++++++++ .../retag-push-latest/retag-export-dbdump.sh | 9 +++++++++ .../retag-jskult-batch-daily.sh | 9 +++++++++ .../retag-jskult-batch-laundering.sh | 9 +++++++++ .../retag-push-latest/retag-jskult-dbdump.sh | 9 +++++++++ .../retag-push-latest/retag-jskult-webapp.sh | 9 +++++++++ .../retag-sap-data-decrypt.sh | 9 +++++++++ 21 files changed, 254 insertions(+) create mode 100644 vulnerability-scan/README.md create mode 100644 vulnerability-scan/build-push-scanpoint.sh create mode 100644 vulnerability-scan/build-push-scanpoint/check-view-security-option.sh create mode 100644 vulnerability-scan/build-push-scanpoint/crm-datafetch.sh create mode 100644 vulnerability-scan/build-push-scanpoint/dataimport.sh create mode 100644 vulnerability-scan/build-push-scanpoint/export-dbdump.sh create mode 100644 vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh create mode 100644 vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh create mode 100644 vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh create mode 100644 vulnerability-scan/build-push-scanpoint/jskult-webapp.sh create mode 100644 vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh create mode 100644 vulnerability-scan/retag-push-latest.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-check-view-security-option.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-crm-datafetch.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-dataimport.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-export-dbdump.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-jskult-batch-daily.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-jskult-batch-laundering.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-jskult-dbdump.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-jskult-webapp.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-sap-data-decrypt.sh diff --git a/vulnerability-scan/README.md b/vulnerability-scan/README.md new file mode 100644 index 00000000..d8d8676f --- /dev/null +++ b/vulnerability-scan/README.md @@ -0,0 +1,17 @@ +## 脆弱スキャン用ツール +### 前提 + +- `docker cli`インストール済み +- `AWS CLI`インストール済み +- AWS CLIでアカウント情報設定されていること + +### 実行方法 + +- `vulnerability-scan`の直下フォルダで以下コマンド実行する + +```bash +bash build-push-scanpoint.sh +``` + +- *実行したコマンド失敗したとき、スクリプトが停止する* +- *その場合は`build-push-scanpoint`直下から失敗したコマンド単体実行できる* \ No newline at end of file diff --git a/vulnerability-scan/build-push-scanpoint.sh b/vulnerability-scan/build-push-scanpoint.sh new file mode 100644 index 00000000..1a9826b1 --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +#ログイン認証確認 +if [[ $(aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com) == *"Login Succeeded"* ]] +then + echo "AWS login succeeded" + cd build-push-scanpoint + bash build-dataimport.sh || { echo "build-dataimport.sh failed"; exit 1; } + bash build-sap-data-decrypt.sh || { echo "build-sap-data-decrypt.sh failed"; exit 1; } + bash build-check-view-security-option.sh || { echo "build-check-view-security-option.sh failed"; exit 1; } + bash build-crm-datafetch.sh || { echo "build-crm-datafetch.sh failed"; exit 1; } + bash build-jskult-dbdump.sh || { echo "build-jskult-dbdump.sh failed"; exit 1; } + bash build-jskult-batch-daily.sh || { echo "build-jskult-batch-daily.sh failed"; exit 1; } + bash build-jskult-batch-laundering.sh || { echo "build-jskult-batch-laundering.sh failed"; exit 1; } + bash build-jskult-webapp.sh || { echo "build-jskult-webapp.sh failed"; exit 1; } + bash build-export-dbdump.sh || { echo "build-export-dbdump.sh failed"; exit 1; } +else + echo "AWS login failed" +fi diff --git a/vulnerability-scan/build-push-scanpoint/check-view-security-option.sh b/vulnerability-scan/build-push-scanpoint/check-view-security-option.sh new file mode 100644 index 00000000..02942d4a --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/check-view-security-option.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +cd ../../lambda/check-view-security-option || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-check-view-security-option-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-check-view-security-option-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:scan-point + diff --git a/vulnerability-scan/build-push-scanpoint/crm-datafetch.sh b/vulnerability-scan/build-push-scanpoint/crm-datafetch.sh new file mode 100644 index 00000000..d1ceb375 --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/crm-datafetch.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +cd ../../ecs/crm-datafetch || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-crm-datafetch-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-crm-datafetch-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:scan-point + diff --git a/vulnerability-scan/build-push-scanpoint/dataimport.sh b/vulnerability-scan/build-push-scanpoint/dataimport.sh new file mode 100644 index 00000000..3852ea3b --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/dataimport.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +cd ../../ecs/dataimport/ || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:scan-point \ No newline at end of file diff --git a/vulnerability-scan/build-push-scanpoint/export-dbdump.sh b/vulnerability-scan/build-push-scanpoint/export-dbdump.sh new file mode 100644 index 00000000..8c079d44 --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/export-dbdump.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +cd ../../ecs/export-dbdump || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-export-dbdump-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-export-dbdump-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:scan-point \ No newline at end of file diff --git a/vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh b/vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh new file mode 100644 index 00000000..8d796c55 --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +cd ../../ecs/jskult-batch-daily || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-jskult-batch-daily-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-jskult-batch-daily-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:scan-point diff --git a/vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh b/vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh new file mode 100644 index 00000000..d6dfe0ad --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +cd ../../ecs/jskult-batch-laundering || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-jskult-batch-laundering-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-jskult-batch-laundering-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:scan-point diff --git a/vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh b/vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh new file mode 100644 index 00000000..e6318d31 --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +cd ../../ecs/jskult-dbdump || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-jskult-dbdump-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-jskult-dbdump-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:scan-point + diff --git a/vulnerability-scan/build-push-scanpoint/jskult-webapp.sh b/vulnerability-scan/build-push-scanpoint/jskult-webapp.sh new file mode 100644 index 00000000..ffd453ef --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/jskult-webapp.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +cd ../../ecs/jskult-webapp || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +pipenv update + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-jskult-webapp-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-jskult-webapp-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:scan-point + diff --git a/vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh b/vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh new file mode 100644 index 00000000..4a7c772b --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +cd ../../lambda/sap-data-decrypt || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-sap-data-decrypt . --no-cache + +docker tag mbj-newdwh2021-staging-sap-data-decrypt:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:scan-point + diff --git a/vulnerability-scan/retag-push-latest.sh b/vulnerability-scan/retag-push-latest.sh new file mode 100644 index 00000000..92953823 --- /dev/null +++ b/vulnerability-scan/retag-push-latest.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +#ログイン認証確認 +if [[ $(aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com) == *"Login Succeeded"* ]] +then + echo "AWS login succeeded" + cd retag-push-latest + bash retag-dataimport.sh || { echo "retag-dataimport.sh failed"; exit 1; } + bash retag-sap-data-decrypt.sh || { echo "retag-sap-data-decrypt.sh failed"; exit 1; } + bash retag-check-view-security-option.sh || { echo "retag-check-view-security-option.sh failed"; exit 1; } + bash retag-crm-datafetch.sh || { echo "retag-crm-datafetch.sh failed"; exit 1; } + bash retag-jskult-dbdump.sh || { echo "retag-jskult-dbdump.sh failed"; exit 1; } + bash retag-jskult-batch-daily.sh || { echo "retag-jskult-batch-daily.sh failed"; exit 1; } + bash retag-jskult-batch-laundering.sh || { echo "retag-jskult-batch-laundering.sh failed"; exit 1; } + bash retag-jskult-webapp.sh || { echo "retag-jskult-webapp.sh failed"; exit 1; } + bash retag-export-dbdump.sh || { echo "retag-export-dbdump.sh failed"; exit 1; } +else + echo "AWS login failed" +fi diff --git a/vulnerability-scan/retag-push-latest/retag-check-view-security-option.sh b/vulnerability-scan/retag-push-latest/retag-check-view-security-option.sh new file mode 100644 index 00000000..814d1a2f --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-check-view-security-option.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-check-view-security-option-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-check-view-security-option-ecr:latest + +docker tag mbj-newdwh2021-staging-check-view-security-option-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-check-view-security-option-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-check-view-security-option-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-crm-datafetch.sh b/vulnerability-scan/retag-push-latest/retag-crm-datafetch.sh new file mode 100644 index 00000000..7926a24f --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-crm-datafetch.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-crm-datafetch-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-crm-datafetch-ecr:latest + +docker tag mbj-newdwh2021-staging-crm-datafetch-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-crm-datafetch-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-crm-datafetch-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-dataimport.sh b/vulnerability-scan/retag-push-latest/retag-dataimport.sh new file mode 100644 index 00000000..a1145b84 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-dataimport.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-ecr:latest + +docker tag mbj-newdwh2021-staging-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-ecr:latest diff --git a/vulnerability-scan/retag-push-latest/retag-export-dbdump.sh b/vulnerability-scan/retag-push-latest/retag-export-dbdump.sh new file mode 100644 index 00000000..a66e5b8c --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-export-dbdump.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-export-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-export-dbdump-ecr:latest + +docker tag mbj-newdwh2021-staging-export-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-export-dbdump-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-export-dbdump-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-jskult-batch-daily.sh b/vulnerability-scan/retag-push-latest/retag-jskult-batch-daily.sh new file mode 100644 index 00000000..9a07e607 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-jskult-batch-daily.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-jskult-batch-daily-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-daily-ecr:latest + +docker tag mbj-newdwh2021-staging-jskult-batch-daily-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-daily-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-daily-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-jskult-batch-laundering.sh b/vulnerability-scan/retag-push-latest/retag-jskult-batch-laundering.sh new file mode 100644 index 00000000..2a655f39 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-jskult-batch-laundering.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-jskult-batch-laundering-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-batch-laundering-ecr:latest + +docker tag mbj-newdwh2021-staging-jskult-batch-laundering-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-laundering-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-batch-laundering-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-jskult-dbdump.sh b/vulnerability-scan/retag-push-latest/retag-jskult-dbdump.sh new file mode 100644 index 00000000..6ce675e7 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-jskult-dbdump.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-jskult-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-dbdump-ecr:latest + +docker tag mbj-newdwh2021-staging-jskult-dbdump-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-dbdump-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-dbdump-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-jskult-webapp.sh b/vulnerability-scan/retag-push-latest/retag-jskult-webapp.sh new file mode 100644 index 00000000..58e75740 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-jskult-webapp.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-jskult-webapp-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-jskult-webapp-ecr:latest + +docker tag mbj-newdwh2021-staging-jskult-webapp-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-webapp-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-jskult-webapp-ecr:latest \ No newline at end of file diff --git a/vulnerability-scan/retag-push-latest/retag-sap-data-decrypt.sh b/vulnerability-scan/retag-push-latest/retag-sap-data-decrypt.sh new file mode 100644 index 00000000..cd61dc53 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-sap-data-decrypt.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-sap-data-decrypt 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-sap-data-decrypt:latest + +docker tag mbj-newdwh2021-staging-sap-data-decrypt 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-sap-data-decrypt:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-sap-data-decrypt:latest \ No newline at end of file From 8bdd70ba009d6dfbbe5e64996197389dc6c1bb9b Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Tue, 27 Aug 2024 11:49:28 +0900 Subject: [PATCH 2/7] =?UTF-8?q?Readme=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vulnerability-scan/README.md | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/vulnerability-scan/README.md b/vulnerability-scan/README.md index d8d8676f..ba1a5540 100644 --- a/vulnerability-scan/README.md +++ b/vulnerability-scan/README.md @@ -5,7 +5,9 @@ - `AWS CLI`インストール済み - AWS CLIでアカウント情報設定されていること -### 実行方法 +## 実行方法 + +### ECRをビルド、タグ、プッシュする - `vulnerability-scan`の直下フォルダで以下コマンド実行する @@ -14,4 +16,20 @@ bash build-push-scanpoint.sh ``` - *実行したコマンド失敗したとき、スクリプトが停止する* -- *その場合は`build-push-scanpoint`直下から失敗したコマンド単体実行できる* \ No newline at end of file +- *その場合は`build-push-scanpoint`直下から失敗したコマンド単体実行できる* +- *例:`bash dataimport.sh`* +- *スクリプトを強制停止したい場合、`Ctrl + C`で停止できる* + +### ビルドしたECRをlatestに再タグ、プッシュする + +- 前提:プッシュした`scan-point` ECRを動作確認済 +- `vulnerability-scan`の直下フォルダで以下コマンド実行する + +```bash +bash retag-push-latest.sh +``` + +- *実行したコマンド失敗したとき、スクリプトが停止する* +- *その場合は`retag-push-latest`直下から失敗したコマンド単体実行できる* +- *例:`bash retag-dataimport.sh`* +- *スクリプトを強制停止したい場合、`Ctrl + C`で停止できる* From 5f3ef51454c9d0fc8bdc5357d2aa1aaac0d0c6e0 Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Thu, 29 Aug 2024 11:02:02 +0900 Subject: [PATCH 3/7] =?UTF-8?q?README=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vulnerability-scan/README.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/vulnerability-scan/README.md b/vulnerability-scan/README.md index ba1a5540..d2717750 100644 --- a/vulnerability-scan/README.md +++ b/vulnerability-scan/README.md @@ -33,3 +33,36 @@ bash retag-push-latest.sh - *その場合は`retag-push-latest`直下から失敗したコマンド単体実行できる* - *例:`bash retag-dataimport.sh`* - *スクリプトを強制停止したい場合、`Ctrl + C`で停止できる* + + +## フォルダ構成 +├── build-push-scanpoint.sh -- 全ECRモジュールをアップデート、Dockerイメージにビルドし、プッシュするスクリプト +├── retag-push-latest.sh -- ビルドしたDockerイメージをlatestの再タグして、ステージング環境と本番環境にプッシュするスクリプト +├── README.md -- 当ファイル +├── build-push-scanpoint +│ ├── dataimport.sh -- データ登録機能のアップデートスクリプト +│ ├── sap-data-decrypt.sh -- SAPデータ登録 SAPデータ復号化機能アップデートスクリプト +│ ├── check-view-security-option.sh -- Viewセキュリティオプションチェック機能アップデートスクリプト +│ ├── crm-datafetch.sh -- CRMデータ連携 CRMデータ取得機能アップデートスクリプト +│ ├── jskult-dbdump.sh -- 実消化&アルトマーク日次バッチ実行前dump取得機能アップデートスクリプト +│ ├── jskult-batch-daily.sh -- 実消化&アルトマーク日次バッチ機能アップデートスクリプト +│ ├── jskult-batch-laundering.sh -- 実消化&アルトマーク週次バッチ機能アップデートスクリプト +│ ├── jskult-webapp.sh -- 実消化&アルトマークWebアプリケーションアップデートスクリプト +| └── export-dbdump.sh -- DBダンプ取得機能アップデートスクリプト +└── retag-push-latest + ├── retag-dataimport.sh -- データ登録機能の再タグ本番環境にプッシュスクリプト + ├── retag-sap-data-decrypt.sh -- SAPデータ登録 SAPデータ復号化機能再タグ本番環境にプッシュスクリプト + ├── retag-check-view-security-option.sh -- Viewセキュリティオプションチェック機能再タグ本番環境にプッシュスクリプト + ├── retag-crm-datafetch.sh -- CRMデータ連携 CRMデータ取得機能再タグ本番環境にプッシュスクリプト + ├── retag-jskult-dbdump.sh -- 実消化&アルトマーク日次バッチ実行前dump取得機能再タグ本番環境にプッシュスクリプト + ├── retag-jskult-batch-daily.sh -- 実消化&アルトマーク日次バッチ機能再タグ本番環境にプッシュスクリプト + ├── retag-jskult-batch-laundering.sh -- 実消化&アルトマーク週次バッチ機能再タグ本番環境にプッシュスクリプト + ├── retag-jskult-webapp.sh -- 実消化&アルトマークWebアプリケーション再タグ本番環境にプッシュスクリプト + └── retag-export-dbdump.sh -- DBダンプ取得機能再タグ本番環境にプッシュスクリプト + +## 作成方法とタイミング +- 本番リリース済みのECRリポジトリに対して脆弱性スキャン対象になるため、リリース済のECRにスクリプト作成する +- `vulnerability-scan/build-push-scanpoint/dataimport.sh` を参考にしてスクリプト実装する +- 実装したスクリプトを親スクリプト`vulnerability-scan/build-push-scanpoint.sh`に追加する +- `vulnerability-scan/retag-push-latest/-retag-dataimport.sh` を参考にしてスクリプト実装する +- 実装したスクリプトを親スクリプト`vulnerability-scan/retag-push-latest.sh`に追加する \ No newline at end of file From de6069ead62748e8e90b50bcdcdd66550c427221 Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Fri, 30 Aug 2024 16:29:21 +0900 Subject: [PATCH 4/7] =?UTF-8?q?fix:=20=E3=82=B7=E3=82=A7=E3=83=AB=E3=82=B9?= =?UTF-8?q?=E3=82=AF=E3=83=AA=E3=83=97=E3=83=88=E3=81=AE=E3=83=95=E3=82=A1?= =?UTF-8?q?=E3=82=A4=E3=83=AB=E5=90=8D=E3=81=AE=E8=AA=A4=E3=82=8A=E3=82=92?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...iew-security-option.sh => build-check-view-security-option.sh} | 0 .../{crm-datafetch.sh => build-crm-datafetch.sh} | 0 .../build-push-scanpoint/{dataimport.sh => build-dataimport.sh} | 0 .../{export-dbdump.sh => build-export-dbdump.sh} | 0 .../{jskult-batch-daily.sh => build-jskult-batch-daily.sh} | 0 ...skult-batch-laundering.sh => build-jskult-batch-laundering.sh} | 0 .../{jskult-dbdump.sh => build-jskult-dbdump.sh} | 0 .../{jskult-webapp.sh => build-jskult-webapp.sh} | 0 .../{sap-data-decrypt.sh => build-sap-data-decrypt.sh} | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename vulnerability-scan/build-push-scanpoint/{check-view-security-option.sh => build-check-view-security-option.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{crm-datafetch.sh => build-crm-datafetch.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{dataimport.sh => build-dataimport.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{export-dbdump.sh => build-export-dbdump.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{jskult-batch-daily.sh => build-jskult-batch-daily.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{jskult-batch-laundering.sh => build-jskult-batch-laundering.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{jskult-dbdump.sh => build-jskult-dbdump.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{jskult-webapp.sh => build-jskult-webapp.sh} (100%) rename vulnerability-scan/build-push-scanpoint/{sap-data-decrypt.sh => build-sap-data-decrypt.sh} (100%) diff --git a/vulnerability-scan/build-push-scanpoint/check-view-security-option.sh b/vulnerability-scan/build-push-scanpoint/build-check-view-security-option.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/check-view-security-option.sh rename to vulnerability-scan/build-push-scanpoint/build-check-view-security-option.sh diff --git a/vulnerability-scan/build-push-scanpoint/crm-datafetch.sh b/vulnerability-scan/build-push-scanpoint/build-crm-datafetch.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/crm-datafetch.sh rename to vulnerability-scan/build-push-scanpoint/build-crm-datafetch.sh diff --git a/vulnerability-scan/build-push-scanpoint/dataimport.sh b/vulnerability-scan/build-push-scanpoint/build-dataimport.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/dataimport.sh rename to vulnerability-scan/build-push-scanpoint/build-dataimport.sh diff --git a/vulnerability-scan/build-push-scanpoint/export-dbdump.sh b/vulnerability-scan/build-push-scanpoint/build-export-dbdump.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/export-dbdump.sh rename to vulnerability-scan/build-push-scanpoint/build-export-dbdump.sh diff --git a/vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh b/vulnerability-scan/build-push-scanpoint/build-jskult-batch-daily.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/jskult-batch-daily.sh rename to vulnerability-scan/build-push-scanpoint/build-jskult-batch-daily.sh diff --git a/vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh b/vulnerability-scan/build-push-scanpoint/build-jskult-batch-laundering.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/jskult-batch-laundering.sh rename to vulnerability-scan/build-push-scanpoint/build-jskult-batch-laundering.sh diff --git a/vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh b/vulnerability-scan/build-push-scanpoint/build-jskult-dbdump.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/jskult-dbdump.sh rename to vulnerability-scan/build-push-scanpoint/build-jskult-dbdump.sh diff --git a/vulnerability-scan/build-push-scanpoint/jskult-webapp.sh b/vulnerability-scan/build-push-scanpoint/build-jskult-webapp.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/jskult-webapp.sh rename to vulnerability-scan/build-push-scanpoint/build-jskult-webapp.sh diff --git a/vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh b/vulnerability-scan/build-push-scanpoint/build-sap-data-decrypt.sh similarity index 100% rename from vulnerability-scan/build-push-scanpoint/sap-data-decrypt.sh rename to vulnerability-scan/build-push-scanpoint/build-sap-data-decrypt.sh From e87dfd7aacba3e74de2b250510a129880237fa72 Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Fri, 30 Aug 2024 16:35:32 +0900 Subject: [PATCH 5/7] =?UTF-8?q?feat:=20med=E3=83=91=E3=82=B9=E7=A4=BE?= =?UTF-8?q?=E3=83=87=E3=83=BC=E3=82=BF=E8=BB=A2=E9=80=81=E5=87=A6=E7=90=86?= =?UTF-8?q?=E3=81=AE=E8=84=86=E5=BC=B1=E6=80=A7=E3=82=B9=E3=82=AD=E3=83=A3?= =?UTF-8?q?=E3=83=B3=E3=82=B3=E3=83=9E=E3=83=B3=E3=83=89=E3=82=92=E8=BF=BD?= =?UTF-8?q?=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vulnerability-scan/build-push-scanpoint.sh | 1 + .../build-transfer-medpass-data.sh | 12 ++++++++++++ vulnerability-scan/retag-push-latest.sh | 1 + .../retag-push-latest/retag-transfer-medpass-data.sh | 9 +++++++++ 4 files changed, 23 insertions(+) create mode 100644 vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh create mode 100644 vulnerability-scan/retag-push-latest/retag-transfer-medpass-data.sh diff --git a/vulnerability-scan/build-push-scanpoint.sh b/vulnerability-scan/build-push-scanpoint.sh index 1a9826b1..ee2d9c11 100644 --- a/vulnerability-scan/build-push-scanpoint.sh +++ b/vulnerability-scan/build-push-scanpoint.sh @@ -14,6 +14,7 @@ then bash build-jskult-batch-laundering.sh || { echo "build-jskult-batch-laundering.sh failed"; exit 1; } bash build-jskult-webapp.sh || { echo "build-jskult-webapp.sh failed"; exit 1; } bash build-export-dbdump.sh || { echo "build-export-dbdump.sh failed"; exit 1; } + bash build-transfer-medpass-data.sh || { echo "build-transfer-medpass-data.sh failed"; exit 1; } else echo "AWS login failed" fi diff --git a/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh b/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh new file mode 100644 index 00000000..1598957d --- /dev/null +++ b/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh @@ -0,0 +1,12 @@ +#!/bin/bash +cd ../lambda/transfer-medpass-data || { echo "Error: ディレクトリ変更に失敗しました"; exit 1; } + +docker pull public.ecr.aws/lambda/python:3.12 + +aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com + +docker build -t mbj-newdwh2021-staging-transfer-medpass-data-ecr . --no-cache + +docker tag mbj-newdwh2021-staging-transfer-medpass-data-ecr:latest 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-transfer-medpass-data-ecr:scan-point + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-transfer-medpass-data-ecr:scan-point diff --git a/vulnerability-scan/retag-push-latest.sh b/vulnerability-scan/retag-push-latest.sh index 92953823..ca021b78 100644 --- a/vulnerability-scan/retag-push-latest.sh +++ b/vulnerability-scan/retag-push-latest.sh @@ -14,6 +14,7 @@ then bash retag-jskult-batch-laundering.sh || { echo "retag-jskult-batch-laundering.sh failed"; exit 1; } bash retag-jskult-webapp.sh || { echo "retag-jskult-webapp.sh failed"; exit 1; } bash retag-export-dbdump.sh || { echo "retag-export-dbdump.sh failed"; exit 1; } + bash retag-transfer-medpass-data.sh || { echo "retag-transfer-medpass-data.sh failed"; exit 1; } else echo "AWS login failed" fi diff --git a/vulnerability-scan/retag-push-latest/retag-transfer-medpass-data.sh b/vulnerability-scan/retag-push-latest/retag-transfer-medpass-data.sh new file mode 100644 index 00000000..9666b406 --- /dev/null +++ b/vulnerability-scan/retag-push-latest/retag-transfer-medpass-data.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker tag mbj-newdwh2021-staging-transfer-medpass-data-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-transfer-medpass-data-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-staging-transfer-medpass-data-ecr:latest + +docker tag mbj-newdwh2021-staging-transfer-medpass-data-ecr 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-transfer-medpass-data-ecr:latest + +docker push 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com/mbj-newdwh2021-product-transfer-medpass-data-ecr:latest From b2cdb4dc2ab26537daed15923c0761164d43ad2e Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Fri, 30 Aug 2024 16:42:48 +0900 Subject: [PATCH 6/7] =?UTF-8?q?fix:=20=E3=82=B3=E3=83=9E=E3=83=B3=E3=83=89?= =?UTF-8?q?=E3=83=9F=E3=82=B9=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../build-push-scanpoint/build-transfer-medpass-data.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh b/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh index 1598957d..469335b8 100644 --- a/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh +++ b/vulnerability-scan/build-push-scanpoint/build-transfer-medpass-data.sh @@ -3,6 +3,8 @@ cd ../lambda/transfer-medpass-data || { echo "Error: ディレクトリ変更 docker pull public.ecr.aws/lambda/python:3.12 +pipenv update + aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 826466435614.dkr.ecr.ap-northeast-1.amazonaws.com docker build -t mbj-newdwh2021-staging-transfer-medpass-data-ecr . --no-cache From a0cb93bcdb19ccbe56f883d02343efd899ea6a54 Mon Sep 17 00:00:00 2001 From: "shimoda.m@nds-tyo.co.jp" Date: Fri, 30 Aug 2024 16:52:20 +0900 Subject: [PATCH 7/7] =?UTF-8?q?docs:=20README=E3=82=92=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vulnerability-scan/README.md | 72 +++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 30 deletions(-) diff --git a/vulnerability-scan/README.md b/vulnerability-scan/README.md index d2717750..9eb3fd2e 100644 --- a/vulnerability-scan/README.md +++ b/vulnerability-scan/README.md @@ -1,7 +1,8 @@ -## 脆弱スキャン用ツール -### 前提 +# MeDaCA ECR脆弱スキャンツール -- `docker cli`インストール済み +## 前提 + +- `docker cli`インストール済み(WSL想定) - `AWS CLI`インストール済み - AWS CLIでアカウント情報設定されていること @@ -15,41 +16,42 @@ bash build-push-scanpoint.sh ``` -- *実行したコマンド失敗したとき、スクリプトが停止する* -- *その場合は`build-push-scanpoint`直下から失敗したコマンド単体実行できる* -- *例:`bash dataimport.sh`* -- *スクリプトを強制停止したい場合、`Ctrl + C`で停止できる* +- 実行したコマンド失敗したとき、スクリプトが停止する +- その場合は`build-push-scanpoint`直下から失敗したコマンド単体実行できる + - 例:`bash build-dataimport.sh` +- スクリプトを強制停止したい場合、`Ctrl + C`で停止できる ### ビルドしたECRをlatestに再タグ、プッシュする -- 前提:プッシュした`scan-point` ECRを動作確認済 +- **前提:ECRにプッシュした`scan-point`タグのイメージでステージング環境での動作確認が完了していること。** - `vulnerability-scan`の直下フォルダで以下コマンド実行する ```bash bash retag-push-latest.sh ``` -- *実行したコマンド失敗したとき、スクリプトが停止する* -- *その場合は`retag-push-latest`直下から失敗したコマンド単体実行できる* -- *例:`bash retag-dataimport.sh`* -- *スクリプトを強制停止したい場合、`Ctrl + C`で停止できる* - +- 実行したコマンド失敗したとき、スクリプトが停止する +- その場合は`retag-push-latest`直下から失敗したコマンド単体実行できる +- 例:`bash retag-dataimport.sh` +- スクリプトを強制停止したい場合、`Ctrl + C`で停止できる ## フォルダ構成 + ├── build-push-scanpoint.sh -- 全ECRモジュールをアップデート、Dockerイメージにビルドし、プッシュするスクリプト ├── retag-push-latest.sh -- ビルドしたDockerイメージをlatestの再タグして、ステージング環境と本番環境にプッシュするスクリプト ├── README.md -- 当ファイル -├── build-push-scanpoint -│ ├── dataimport.sh -- データ登録機能のアップデートスクリプト -│ ├── sap-data-decrypt.sh -- SAPデータ登録 SAPデータ復号化機能アップデートスクリプト -│ ├── check-view-security-option.sh -- Viewセキュリティオプションチェック機能アップデートスクリプト -│ ├── crm-datafetch.sh -- CRMデータ連携 CRMデータ取得機能アップデートスクリプト -│ ├── jskult-dbdump.sh -- 実消化&アルトマーク日次バッチ実行前dump取得機能アップデートスクリプト -│ ├── jskult-batch-daily.sh -- 実消化&アルトマーク日次バッチ機能アップデートスクリプト -│ ├── jskult-batch-laundering.sh -- 実消化&アルトマーク週次バッチ機能アップデートスクリプト -│ ├── jskult-webapp.sh -- 実消化&アルトマークWebアプリケーションアップデートスクリプト -| └── export-dbdump.sh -- DBダンプ取得機能アップデートスクリプト -└── retag-push-latest +├── build-push-scanpoint +│ ├── build-dataimport.sh -- データ登録機能の脆弱性スキャンスクリプト +│ ├── build-sap-data-decrypt.sh -- SAPデータ登録 SAPデータ復号化機能脆弱性スキャンスクリプト +│ ├── build-check-view-security-option.sh -- Viewセキュリティオプションチェック機能脆弱性スキャンスクリプト +│ ├── build-crm-datafetch.sh -- CRMデータ連携 CRMデータ取得機能脆弱性スキャンスクリプト +│ ├── build-jskult-dbdump.sh -- 実消化&アルトマーク日次バッチ実行前dump取得機能脆弱性スキャンスクリプト +│ ├── build-jskult-batch-daily.sh -- 実消化&アルトマーク日次バッチ機能脆弱性スキャンスクリプト +│ ├── build-jskult-batch-laundering.sh -- 実消化&アルトマーク週次バッチ機能脆弱性スキャンスクリプト +│ ├── build-jskult-webapp.sh -- 実消化&アルトマークWebアプリケーション脆弱性スキャンスクリプト +| ├── build-export-dbdump.sh -- DBダンプ取得機能脆弱性スキャンスクリプト +| └── build-transfer-medpass-data.sh -- medパス社データ転送機能脆弱性スキャンスクリプト +└── retag-push-latest ├── retag-dataimport.sh -- データ登録機能の再タグ本番環境にプッシュスクリプト ├── retag-sap-data-decrypt.sh -- SAPデータ登録 SAPデータ復号化機能再タグ本番環境にプッシュスクリプト ├── retag-check-view-security-option.sh -- Viewセキュリティオプションチェック機能再タグ本番環境にプッシュスクリプト @@ -58,11 +60,21 @@ bash retag-push-latest.sh ├── retag-jskult-batch-daily.sh -- 実消化&アルトマーク日次バッチ機能再タグ本番環境にプッシュスクリプト ├── retag-jskult-batch-laundering.sh -- 実消化&アルトマーク週次バッチ機能再タグ本番環境にプッシュスクリプト ├── retag-jskult-webapp.sh -- 実消化&アルトマークWebアプリケーション再タグ本番環境にプッシュスクリプト - └── retag-export-dbdump.sh -- DBダンプ取得機能再タグ本番環境にプッシュスクリプト + ├── retag-export-dbdump.sh -- DBダンプ取得機能再タグ本番環境にプッシュスクリプト + └── retag-transfer-medpass-data.sh -- medパス社データ転送機能再タグ本番環境にプッシュスクリプト -## 作成方法とタイミング -- 本番リリース済みのECRリポジトリに対して脆弱性スキャン対象になるため、リリース済のECRにスクリプト作成する -- `vulnerability-scan/build-push-scanpoint/dataimport.sh` を参考にしてスクリプト実装する +## 作成タイミングと作成方法 + +### 作成タイミング + +- ECRリポジトリにて資材を管理する機能のUAT完了後、脆弱性スキャン手順を作成するタイミングで、当スクリプトをreleaseブランチに登録する。 + +### 作成方法 + +- 脆弱性スキャンスクリプトを`build-push-scanpoint`フォルダ配下に作成する。 + - `vulnerability-scan/build-push-scanpoint/build-crm-datafetch.sh` を参考にしてスクリプト実装する + - リポジトリによってコマンドの組み方が微妙に異なるため、作成後にレビューを受けること - 実装したスクリプトを親スクリプト`vulnerability-scan/build-push-scanpoint.sh`に追加する -- `vulnerability-scan/retag-push-latest/-retag-dataimport.sh` を参考にしてスクリプト実装する -- 実装したスクリプトを親スクリプト`vulnerability-scan/retag-push-latest.sh`に追加する \ No newline at end of file +- 再タグ&本番環境へのPUSHスクリプトを`retag-push-latest`フォルダ配下に作成する。 + - `vulnerability-scan/retag-push-latest/retag-dataimport.sh` を参考にしてスクリプト実装する +- 実装したスクリプトを親スクリプト`vulnerability-scan/retag-push-latest.sh`に追加する