We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I'm working on a docker integration of ezpaarse for my OpenShift platform. In my CI wokflow, docker image is scanned by Trivy.
Using commit 3c131ca, 3 criticals and 17 high vulnerabilities are found.
I updated my Dockerfile to include this following line between make build-nuxt and npm cache clear :
RUN make node-modules build-nuxt RUN npm audit fix; npm install [email protected] [email protected] RUN npm cache clear --force
Then Trivy found only 8 high vulnerabilities.
I'm using registry.redhat.io/ubi9/nodejs-18 base image.
The command npm audit fix --force is not working because of xslx package.
So, maybe it can be a good choice to add npm audit fix command in Dockerfile to fix some vulnerabilities that can be resolved.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
I'm working on a docker integration of ezpaarse for my OpenShift platform. In my CI wokflow, docker image is scanned by Trivy.
Using commit 3c131ca, 3 criticals and 17 high vulnerabilities are found.
I updated my Dockerfile to include this following line between make build-nuxt and npm cache clear :
Then Trivy found only 8 high vulnerabilities.
I'm using registry.redhat.io/ubi9/nodejs-18 base image.
The command npm audit fix --force is not working because of xslx package.
So, maybe it can be a good choice to add npm audit fix command in Dockerfile to fix some vulnerabilities that can be resolved.
The text was updated successfully, but these errors were encountered: