-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
93 lines (87 loc) · 1.87 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
version: '3'
services:
# nosemgrep: yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service
grafana:
image: grafana/grafana:latest
security_opt:
- no-new-privileges:true
networks:
- grafana
ports:
- 3000:3000
environment:
- GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
- GF_AUTH_ANONYMOUS_ENABLED=true
- GF_AUTH_BASIC_ENABLED=false
volumes:
- ./k6/dashboards:/var/lib/grafana/dashboards
- ./k6/grafana-dashboard.yaml:/etc/grafana/provisioning/dashboards/dashboard.yaml
- ./k6/grafana-datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml
cap_drop:
- ALL
influxdb:
image: influxdb:1.8
read_only: true
security_opt:
- no-new-privileges:true
networks:
- k6
- grafana
environment:
- INFLUXDB_DB=k6
cats:
build:
context: .
dockerfile: appsec/Dockerfile.cats
security_opt:
- no-new-privileges:true
networks:
- appsec
volumes:
- ./openapi.yaml:/var/openapi.yaml:ro
- ./results:/var/results
depends_on:
- 'api'
user: app
cap_drop:
- ALL
k6:
build:
context: .
dockerfile: k6/Dockerfile.k6
read_only: true
security_opt:
- no-new-privileges:true
networks:
- k6
environment:
- K6_OUT=influxdb=http://influxdb:8086/k6
volumes:
- ./k6/auto:/auto
depends_on:
- 'influxdb'
cap_drop:
- ALL
cpu_count: 1
api:
build:
context: .
dockerfile: docker/Dockerfile.alpine.prod
read_only: true
security_opt:
- no-new-privileges:true
networks:
- appsec
- k6
ports:
- 8080:8080
environment:
- SWAGGER_STATS_USERNAME=local
- SWAGGER_STATS_PASSWORD=local
user: node
cap_drop:
- ALL
networks:
grafana:
k6:
appsec: