rapidfort · AnmolVirdi · Jan 13, 2025 · Jan 13, 2025
diff --git a/community_images/common/templates/image_yml_params.yml b/community_images/common/templates/image_yml_params.yml
@@ -0,0 +1,193 @@
+# Description of image.yml keys
+params:
+  - name: name
+    description: name of the image
+    value: '""'
+  - name: official_name
+    description: Official name of the image
+    value: '""'
+  - name: official_website
+    description: official website of the image
+    value: '""'
+  - name: source_image_provider
+    description: "source image provider, ex: Docker Library"
+    value: '""'
+  - name: source_image_repo
+    description: source image docker repo, used for linking image in frontrow
+    value: '""'
+  - name: source_image_repo_link
+    description: source image docker repo url
+    value: '""'
+  - name: rf_docker_link
+    description: 'rapidfort docker link, ex: rapidfort/<image>'
+    value: '""'
+  - name: image_workflow_name
+    description: 'used for generating github action file name'
+    value: '""'
+  - name: github_location
+    description: 'relative location of image folder in community_image'
+    value: '""'
+  - name: report_url
+    description: 'frontrow url for the repo'
+    value: '""'
+  - name: usage_instructions
+    description: 'usage instructions such as helm install or docker run'
+    value : '""'
+  - name: what_is_text
+    description: 'description about image, usually copied from official image What is?'
+    value : '""'
+  - name: disclaimer
+    description: 'disclaimer or any legal liability notice to be added'
+    value : '""'
+  - name: is_locked
+    description: 'if the image needs RF_ACCESS_TOKEN to be used or not'
+    value : 'False'
+  - name: docker_links
+    description: array of all the different image versions build along with link to original Dockerfile
+    value : ['""', '""']
+  - name: input_registry.registry
+    description: 'source registry used to pull docker image, ex: docker.io'
+    value : '""'
+  - name: input_registry.account
+    description: 'accout in registry from which source image is pulled, ex: hashicorp, fluent'
+    value : '""'
+  - name: repo_sets
+    description: array of repo_set object describe below.
+    value : ['repo_set', 'repo_set']
+  - name: needs_common_commands
+    description: needs to run common commands or not
+    value : 'true'
+  - name: runtimes
+    description: array of runtime object describe below.
+    value : ['runtime', 'runtime']
+repo_set_params:
+  - name: <repo>.input_base_tag
+    description: input base tag to search for a given repo
+    value : '""'
+  - name: <repo>.output_repo
+    description: output repo name for the repo
+    value : 'defaults to <repo>'
+    required: no
+runtime_params:
+  - name: type
+    description: pick from k8s, docker_compose, docker
+    value : 'pickOne: [k8s, docker_compose, docker]'
+  - name: script
+    description: script to be called for the runtime
+    value : '""'
+    required: no
+k8s_runtime_params:
+  - name: helm.repo
+    description: "helm repo to use for k8s runtime, ex: 'nats'"
+    value : '""'
+  - name: helm.repo_url
+    description: "helm repo URL to use for k8s runtime, ex: 'https://nats-io.github.io/k8s/helm/charts/'"
+    value : '""'
+  - name: helm.chart
+    description: "helm chart to use for k8s runtime, ex: 'nats'"
+    value : '""'
+  - name: readiness_wait_pod_name_suffix
+    description: "only valid for wait_type: pod, defaults to 0"
+    value : '["0"]'
+    required: no
+  - name: readiness_wait_deployments_suffix
+    description: "wait for list of deployment suffix, {release_name}-suffix"
+    value : '[""]'
+    required: no
+  - name: tls_certs.generate
+    description: if tls certs generation is needed true/false
+    value : 'false'
+    required: no
+  - name: tls_certs.secret_name
+    description: secret name to store tls certs
+    value : '""'
+  - name: tls_certs.common_name
+    description: common name to use in generated tls certs, defaults to localhost
+    value : 'localhost'
+  - name: helm_additional_params
+    description: additional key value parameters rendered as --set key=value for helm install command
+    value: '""'
+    required: no
+  - name: readiness_check_script
+    description: readiness check script to run for k8s deployment
+    value: '""'
+    required: no
+  - name: readiness_check_timeout
+    description: timeout for readiness check script to run in seconds
+    value: '300'
+    required: no
+  - name: image_keys.<repo>.repository
+    description: key to use for helm install command to specify image repository, needed for multi container system
+    value : 'image.repository'
+    required: no
+  - name: image_keys.<repo>.tag
+    description: key to use for helm install command to specify image tag, needed for multi container system
+    value : 'image.tag'
+    required: no
+docker_compose_runtime_params:
+  - name: compose_file
+    description: docker compose file path
+    value : '""'
+  - name: env_file
+    description: environment file for default env variables
+    value : 'docker.env'
+    required: no
+  - name: wait_time_sec
+    description: wait time in seconds after docker-compose up
+    value : '30'
+    required: no
+  - name: tls_certs.generate
+    description: if tls certs generation is needed true/false
+    value : 'false'
+    required: no
+  - name: tls_certs.out_dir
+    description: output directory relative to image.yml dir to store tls certs, defaults to certs
+    value : 'certs'
+    required: no
+  - name: image_keys.<repo>.repository
+    description: environment variable to specify repository for the repo, as describe in docker-compose.yml
+    value : '""'
+  - name: image_keys.<repo>.tag
+    description: environment variable to specify tag for the repo, as describe in docker-compose.yml
+    value : '""'
+docker_runtime_params:
+  - name: wait_time_sec
+    description: wait time in seconds after all docker run completes
+    value : '30'
+    required: no
+  - name: tls_certs.generate
+    description: if tls certs generation is needed true/false
+    value : 'false'
+    required: no
+  - name: tls_certs.out_dir
+    description: output directory relative to image.yml dir to store tls certs, defaults to certs
+    value : 'certs'
+    required: no
+  - name: volumes
+    description: map of input volumes, relative to script dir and mounted volume in ALL container
+    value : '""'
+  - name: environment
+    description: map of environment variables to be mounted in ALL container
+    value : '""'
+  - name: <repo>.env_file
+    description: repo specific environment file for default env variables
+    value : 'docker.env'
+    required: no
+  - name: <repo>.volumes
+    description: map of input volumes, relative to script dir and mounted volume in container
+    value : '""'
+  - name: <repo>.environment
+    description: map of environment variables to be mounted in container
+    value : '""'
+  - name: <repo>.exec_command
+    description: exec_command for container
+    value : '""'
+  - name: <repo>.daemon
+    description: if use daemon or interactive container flag -i or -d
+    value : 'True'
+  - name: <repo>.entrypoint
+    description: entrypoint for container
+    value : '""'
+  - name: <repo>.ports
+    description: list of ports to expose
+    value : '["", ""]'
diff --git a/community_images/common/templates/main_readme.j2 b/community_images/common/templates/main_readme.j2
@@ -0,0 +1,146 @@
+
+<a href="https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=main_landing_logo">
+<img src="/contrib/github_logo.png" alt="RapidFort" width="200" />
+</a>
+
+<h1> community-images </h1>
+
+[![RF Hardened][rf-h-badge]][rf-link-hardened-badge]
+[![Dockerhub][dh-rf-badge]][dh-rf]
+[![Slack][slack-badge]][slack-link]
+[![License][license-badge]][license]
+[![FOSSA Status][fossa-badge]][fossa-link]
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6087/badge)](https://bestpractices.coreinfrastructure.org/projects/6087)
+[![CodeQL](https://github.com/rapidfort/community-images/actions/workflows/codeql.yml/badge.svg)](https://github.com/rapidfort/community-images/actions/workflows/codeql.yml)
+
+<b>Near Zero CVE images available at <a style="color:blue;" href="https://hub.rapidfort.com/repositories">hub.rapidfort.com/repositories</a></b>
+
+<img src="https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/critical_button.png" alt="⚠️ CRITICAL NOTICE" width="150" /> <br>
+<b>As of 7/2024 community-images will be gated. Please register for free at <a style="color:blue;" href="https://www.rapidfort.com/get-a-demo">www.rapidfort.com</a> to access these images</b>
+
+[Getting started](#getting-started) ·
+[Supported containers](#supported-containers) ·
+[Contributing](CONTRIBUTING.md) ·
+[Build Process](#how-community-images-are-built) ·
+[Additional resources](#additional-resources)
+
+**RapidFort is a solution for building secure, optimized Docker containers.**
+
+Every day, we scan the most popular Docker Hub container images and remove unused code. Then we publish the results to share with you.
+
+Our container optimization process reduces the software attack surface and the chance of a vulnerability exploit.
+
+Stop downloading container images with thousands of vulnerabilities. Start using secure containers with minimized attack surfaces.
+
+
+## Getting Started
+
+![Demo][demo]
+
+[RapidFort][rf-link-getting-started] scans your Docker containers for vulnerabilities and looks for unused components that can be removed.
+
+<h2 id="supported-containers">What containers are supported?</h2>
+
+We’ve optimized and hardened some of the most popular container images on Docker Hub and are making them available to the community.
+
+| Repository                        | View Report                                   | RapidFort Image                     | Pull Count |
+|-----------------------------------| ------------------------------------------     | ------------------------------- | ------------------------------- |
+{%- for image in image_list_sorted %}
+| [ {{- image.official_name -}} ][ {{ image.name -}} -github-link]| <a href="{{- image.report_url -}}?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term={{- image.name -}}&utm_content=landing_get_full_report_button"> <img src="/contrib/github_button_3.svg" alt="View Report" height="25" /> </a> | <a href="https://hub.docker.com/r/{{- image.rf_docker_link }}"> <img src="/contrib/view_on_dockerhub.svg" alt="View on Dockerhub" height="25" /> </a> | <b> {{ image.pull_count_formatted }} </b> |
+{%- endfor %}
+
+<h2 id="supported-iron-bank-containers">What IronBank containers are supported?</h2>
+
+We’ve optimized and hardened some of the most popular container images on IronBank and are making them available to the community.
+
+| Repository                        | View Report                                   | RapidFort Image                     | Pull Count |
+|-----------------------------------| ------------------------------------------     | ------------------------------- | ------------------------------- |
+{%- for image in image_list_sorted %}
+{%- if 'input_registry' in image and image['input_registry']['registry'] == 'registry1.dso.mil' and image['input_registry']['account'] == 'ironbank' %}
+| [ {{- image.official_name -}} ][ {{ image.name -}} -github-link]| <a href="{{- image.report_url -}}?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term={{- image.name -}}&utm_content=landing_get_full_report_button"> <img src="/contrib/github_button_3.svg" alt="View Report" height="25" /> </a> | <a href="https://hub.docker.com/r/{{- image.rf_docker_link }}"> <img src="/contrib/view_on_dockerhub.svg" alt="View on Dockerhub" height="25" /> </a> | <b> {{ image.pull_count_formatted }} </b> |
+{%- endif %}
+{%- endfor %}
+
+### How to use Community Images
+
+Here’s what you can do with Community Images.
+
+```sh
+# Docker
+$ docker run --name redis -e ALLOW_EMPTY_PASSWORD=yes rapidfort/redis:latest
+
+# Docker compose
+$ docker-compose up -d
+
+# Kubernetes Helm
+$ helm repo add argo https://argoproj.github.io/argo-helm
+
+# install argocd, just replace repository with RapidFort registry
+$ helm install my-argocd argo/argo-cd --set image.repository=rapidfort/argocd
+
+# install nats
+$ helm install my-postgresql nats/nats --set image.repository=rapidfort/nats
+
+```
+## How Community Images are Built
+
+Source images are run through an optimization process that identifies and removes unused components from the image.
+You can contribute to this project by adding new images, improving coverage scripts, and adding regression and benchmark tests.
+
+![Demo](contrib/workflow.png)
+
+## Need support
+
+<a href="https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q">
+<img src="/contrib/github_banner.png" alt="RapidFort Community Slack" width="600" />
+</a>
+
+
+## Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/rapidfort/community-images.svg)](https://starchart.cc/rapidfort/community-images)
+
+## 🌟 Star this project
+
+[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers)
+
+### [⏫⭐️ Scroll to the star button](#start-of-content)
+
+If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers)
+have.
+
+## Additional Resources
+
+[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-link-main-landing-footer-logo]
+
+
+Learn more about container optimization at [RapidFort.com][rf-link-additonal-resource].
+
+
+[rf-link-hardened-badge]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=rf_hardened_badge
+[rf-link-getting-started]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=getting_started_link
+[rf-link-additonal-resource]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=additonal_resource
+[rf-link-main-landing-footer-logo]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=main_landing_footer_logo
+
+[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII=
+
+[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield
+[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield
+
+[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker
+[dh-rf]: https://hub.docker.com/u/rapidfort
+[license-badge]: https://img.shields.io/github/license/rapidfort/community-images?color=lightgray&style=flat-square
+[license]: https://github.com/rapidfort/community-images/blob/main/LICENSE
+[demo]: contrib/demo.gif
+
+[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B
+[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q
+
+[ image-ft-badge]: https://github.com/rapidfort/community-images/actions/workflows/image_run_v3.yml/badge.svg
+[ image-ft-badge-link]: https://github.com/rapidfort/community-images/actions/workflows/image_run_v3.yml
+
+{% for image in image_list %}
+[ {{- image.name -}} -github-link]: https://github.com/rapidfort/community-images/tree/main/community_images/{{- image.github_location }}
+[ {{- image.name -}} -dh-img-pulls-badge]: https://img.shields.io/docker/pulls/ {{- image.rf_docker_link -}} ?logo=docker&logoColor=white
+[ {{- image.name -}} -rf-link]: {{- image.report_url -}}?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term={{- image.name -}}&utm_content=landing_view_report
+{% endfor %}