zotregistry.dev/zot@v1.4.4-0.20240314164342-eec277e14d20/test/images/README.md

zotregistry.dev/zot@v1.4.4-0.20240314164342-eec277e14d20/test/images/README.md (about)

     1  # Build scripts for images used in tests
     2  
     3  ## General instructions
     4  
     5  This folder contains build files used to produce oci images used in zot tests.
     6  Build them using stacker, and copy them over to ghrc.io using skopeo.
     7  
     8  For example in case of the java image:
     9  
    10  ```bash
    11  stacker build -f stacker-java.yaml
    12  ```
    13  
    14  Check the image is scanned correctly using a trivy binary, in order to make sure it does
    15  or does not contain expected vulnerabilities, in case the image is to be used for CVE scanning.
    16  
    17  ```bash
    18  trivy image scan --input oci:java-test
    19  ```
    20  
    21  Copy the new image over to ghcr.io using skopeo
    22  
    23  ```bash
    24  skopeo copy --dest-creds=<user>:<token> oci:oci:java-test docker://ghcr.io/project-zot/test-images/java:0.0.1
    25  ```
    26  
    27  ## Images
    28  
    29  ### Java
    30  
    31  The file stacker-java.yaml is used to produce the images in the repo at: ghcr.io/project-zot/test-images/java
    32  Basically we compile a simple java file and without any vulnerabilities.
    33  We can test the CVE scanning of Java images, including zot downloading the Java vulnerability DB.
    34  
    35  ### Spring
    36  
    37  The file stacker-spring.yaml is used to produce the images in the repo at: ghcr.io/project-zot/test-images/spring-web
    38  We just copy and download the already compiled spring jar file.
    39  It can be scanned to identify at least one Java specific vulnerability in zot tests.