Skip to content

Commit e188d4b

Browse files
nguyernguyer
authored
Merge pull request #79 from kaleido-io/vuln-check
adding high/critical severity vuln checks
2 parents 15ccd61 + 165c0cd commit e188d4b

File tree

3 files changed

+562
-331
lines changed

3 files changed

+562
-331
lines changed

Dockerfile

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,15 @@ USER 1001
88
RUN npm install
99
RUN npm run build
1010

11+
FROM alpine:3.19 AS SBOM
12+
WORKDIR /
13+
ADD . /SBOM
14+
RUN apk add --no-cache curl
15+
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
16+
RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
17+
RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
18+
19+
1120
FROM node:16-alpine3.15
1221
WORKDIR /firefly-dataexchange-https
1322
COPY --from=firefly-dataexchange-builder /firefly-dataexchange-https/package.json /firefly-dataexchange-https
@@ -17,5 +26,6 @@ RUN npm install --production
1726
EXPOSE 3000
1827
EXPOSE 3001
1928
USER 1001
29+
COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json
2030

2131
CMD [ "node", "./build/index.js" ]

0 commit comments

Comments
 (0)