From 35c2ee924dd380d7597237193f87c9253c745ecf Mon Sep 17 00:00:00 2001
From: Samim Mirhosseini <ssmirr@users.noreply.github.com>
Date: Thu, 28 Mar 2024 14:47:12 -0400
Subject: [PATCH] adding high/critical severity vuln checks

Signed-off-by: Samim Mirhosseini <ssmirr@users.noreply.github.com>
---
 Dockerfile | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 20e7998..f79221b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,6 +8,15 @@ USER 1001
 RUN npm install
 RUN npm run build
 
+FROM alpine:3.19 AS SBOM
+WORKDIR /
+ADD . /SBOM
+RUN apk add --no-cache curl
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
+RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
+RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
+
+
 FROM node:16-alpine3.15
 WORKDIR /firefly-dataexchange-https
 COPY --from=firefly-dataexchange-builder /firefly-dataexchange-https/package.json /firefly-dataexchange-https
@@ -17,5 +26,6 @@ RUN npm install --production
 EXPOSE 3000
 EXPOSE 3001
 USER 1001
+COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json
 
 CMD [ "node", "./build/index.js" ]
\ No newline at end of file