docker · PatriciaRivas1324 · Aug 14, 2025 · Aug 16, 2025 · Aug 16, 2025 · Aug 16, 2025
diff --git a/.dockerignore b/.dockerignore
@@ -1,6 +1,6 @@
-*
-!docker-bench-security.sh
-!functions/
-!tests/
-!log/
-log/*
+*
+!docker-bench-security.sh
+!functions/
+!tests/
+!log/
+log/*
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,54 @@
+name: CI - Build and Test
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+    branches:
+      - main
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 📥 Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🔍 Lint Dockerfile
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+
+      - name: 🐳 Build Docker image
+        run: docker build -t docker-bench-security:latest .
+
+      - name: 🧪 Run docker-bench-security
+        run: |
+          docker run --rm \
+          --name docker-bench-test \
+          --net host \
+          --pid host \
+          --userns host \
+          --cap-add audit_control \
+          --cap-add SYS_ADMIN \
+          --cap-add NET_ADMIN \
+          --cap-add NET_RAW \
+          --cap-add SYSLOG \
+          --cap-add SYS_PTRACE \
+          --cap-add DAC_READ_SEARCH \
+          --cap-add NET_BIND_SERVICE \
+          -v /etc:/etc:ro \
+          -v /usr/bin/docker-containerd:/usr/bin/docker-containerd:ro \
+          -v /usr/bin/docker-runc:/usr/bin/docker-runc:ro \
+          -v /usr/lib/systemd:/usr/lib/systemd:ro \
+          -v /var/lib:/var/lib:ro \
+          -v /var/run/docker.sock:/var/run/docker.sock:ro \
+          -v /var/run/containerd/containerd.sock:/var/run/containerd/containerd.sock:ro \
+          docker-bench-security:latest
diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml
@@ -1,19 +1,19 @@
-name: Issue assignment
-
-on:
-  issues:
-    types: [opened]
-
-permissions:
-  contents: read
-
-jobs:
-  auto-assign:
-    permissions:
-      issues: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'auto-assign issue'
-        uses: pozil/auto-assign-issue@74b9f64cc1a08f99358061073e243a4c3d7dd5c4 # v1.11.0
-        with:
-          assignees: konstruktoid
+name: Issue assignment
+
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  contents: read
+
+jobs:
+  auto-assign:
+    permissions:
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'auto-assign issue'
+        uses: pozil/auto-assign-issue@74b9f64cc1a08f99358061073e243a4c3d7dd5c4 # v1.11.0
+        with:
+          assignees: konstruktoid
diff --git a/.github/workflows/jest.config.js b/.github/workflows/jest.config.js
@@ -0,0 +1,7 @@
+/** @type {import('jest').Config} */
+module.exports = {
+  preset: "ts-jest",
+  testEnvironment: "node",
+  testMatch: ["**/tests/**/*.test.ts"],
+  moduleFileExtensions: ["ts", "js", "json"]
+};
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,30 @@
+name: CD - Build and Push to Docker Hub
+
+on:
+  push:
+    tags:
+      - 'v*' # Se ejecutará cuando se suba un tag de versión (ejemplo: v1.0.0)
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 📥 Checkout repository
+        uses: actions/checkout@v4
+
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🔑 Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: 🐳 Build and Push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/docker-bench-security:latest,${{ secrets.DOCKERHUB_USERNAME }}/docker-bench-security:${{ github.ref_name }}
diff --git a/.github/workflows/slsa.yml b/.github/workflows/slsa.yml
@@ -1,80 +1,80 @@
----
-name: SLSA
-on:
-  push:
-  release:
-    permissions:
-      contents: write
-    types: [published, released]
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    outputs:
-      hashes: ${{ steps.hash.outputs.hashes }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
-        with:
-          egress-policy: audit
-
-      - run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
-        shell: bash
-
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Build artifacts
-        run: |
-          find *.sh functions/* tests/* Dockerfile Vagrantfile -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha256
-
-      - name: Generate hashes
-        shell: bash
-        id: hash
-        run: |
-          echo "hashes=$(sha256sum ${{ env.REPOSITORY_NAME }}.sha256 | base64 -w0)" >> "$GITHUB_OUTPUT"
-
-      - name: Upload ${{ env.REPOSITORY_NAME }}.sha256
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
-        with:
-          name: ${{ env.REPOSITORY_NAME }}.sha256
-          path: ${{ env.REPOSITORY_NAME }}.sha256
-          if-no-files-found: error
-          retention-days: 5
-
-  provenance:
-    needs: [build]
-    permissions:
-      actions: read
-      id-token: write
-      contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
-    with:
-      base64-subjects: "${{ needs.build.outputs.hashes }}"
-      upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }}
-
-  release:
-    permissions:
-      actions: read
-      id-token: write
-      contents: write
-    needs: [build, provenance]
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
-        shell: bash
-
-      - name: Download ${{ env.REPOSITORY_NAME }}.sha256
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
-        with:
-          name: ${{ env.REPOSITORY_NAME }}.sha256
-
-      - name: Upload asset
-        uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
-        with:
-          files: |
-            ${{ env.REPOSITORY_NAME }}.sha256
+---
+name: SLSA
+on:
+  push:
+  release:
+    permissions:
+      contents: write
+    types: [published, released]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    outputs:
+      hashes: ${{ steps.hash.outputs.hashes }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Build artifacts
+        run: |
+          find *.sh functions/* tests/* Dockerfile Vagrantfile -exec sha256sum {} \; > ${{ env.REPOSITORY_NAME }}.sha256
+
+      - name: Generate hashes
+        shell: bash
+        id: hash
+        run: |
+          echo "hashes=$(sha256sum ${{ env.REPOSITORY_NAME }}.sha256 | base64 -w0)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload ${{ env.REPOSITORY_NAME }}.sha256
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: ${{ env.REPOSITORY_NAME }}.sha256
+          path: ${{ env.REPOSITORY_NAME }}.sha256
+          if-no-files-found: error
+          retention-days: 5
+
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.hashes }}"
+      upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }}
+
+  release:
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    needs: [build, provenance]
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - run: echo "REPOSITORY_NAME=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
+        shell: bash
+
+      - name: Download ${{ env.REPOSITORY_NAME }}.sha256
+        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        with:
+          name: ${{ env.REPOSITORY_NAME }}.sha256
+
+      - name: Upload asset
+        uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
+        with:
+          files: |
+            ${{ env.REPOSITORY_NAME }}.sha256
diff --git a/.github/workflows/src/suma.ts b/.github/workflows/src/suma.ts
@@ -0,0 +1,3 @@
+export function suma(a: number, b: number): number {
+  return a + b;
+}
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,3 @@
-log/*
-*.swp*
-.vagrant/
+log/*
+*.swp*
+.vagrant/