From 242ffa4d8e9f7ec7ea4101aa1e31a620d8d62686 Mon Sep 17 00:00:00 2001 From: 030 Date: Sat, 11 Nov 2023 16:23:14 +0100 Subject: [PATCH] fix: [#384] Create groups. --- .github/workflows/trivy.yml | 2 ++ .trivyignore | 3 +++ Dockerfile | 3 --- 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 .trivyignore diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index cd6fe478..5ad90217 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -20,6 +20,7 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + trivyignores: ../../.trivyignore - name: Run Trivy vulnerability scanner in fs mode uses: aquasecurity/trivy-action@0.14.0 with: @@ -28,3 +29,4 @@ jobs: exit-code: '1' ignore-unfixed: true severity: 'CRITICAL,HIGH' + trivyignores: ../../.trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..30d4e6e7 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,3 @@ +# upgrading to libcrypto3=3.1.4-r0 breaks apk-tools and no newer version +# available of latter package. +CVE-2023-5363 diff --git a/Dockerfile b/Dockerfile index 54a46274..2fb9dd6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,8 +13,5 @@ FROM alpine:3.18.4 COPY --from=builder /etc/passwd /etc/passwd COPY --from=builder /n3dr /usr/local/bin/n3dr COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -RUN apk add --no-cache \ - libcrypto3=3.1.4-r0 \ - libssl3=3.1.4-r0 USER n3dr ENTRYPOINT ["/usr/local/bin/n3dr"]