Skip to content

Commit

Permalink
adding high/critical severity vuln checks
Browse files Browse the repository at this point in the history
Signed-off-by: Samim Mirhosseini <[email protected]>
  • Loading branch information
ssmirr committed Mar 28, 2024
1 parent 15ccd61 commit 35c2ee9
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@ USER 1001
RUN npm install
RUN npm run build

FROM alpine:3.19 AS SBOM
WORKDIR /
ADD . /SBOM
RUN apk add --no-cache curl
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1


FROM node:16-alpine3.15
WORKDIR /firefly-dataexchange-https
COPY --from=firefly-dataexchange-builder /firefly-dataexchange-https/package.json /firefly-dataexchange-https
Expand All @@ -17,5 +26,6 @@ RUN npm install --production
EXPOSE 3000
EXPOSE 3001
USER 1001
COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json

CMD [ "node", "./build/index.js" ]

0 comments on commit 35c2ee9

Please sign in to comment.