Skip to content

Commit 7de4ef4

Browse files
ssmirrssmirr
committed
trivyignore CVE that's not relevant
Signed-off-by: Samim Mirhosseini <ssmirr@users.noreply.github.com>
1 parent e20e08b commit 7de4ef4

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

.trivyignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# not relevant to the way grpc is used in fabconnect
2+
# see https://github.com/hyperledger/firefly-fabconnect/pull/123#discussion_r1543748524
3+
GHSA-m425-mq94-257g

Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,11 @@ RUN make
99

1010
FROM alpine:3.19 AS SBOM
1111
WORKDIR /
12-
ADD . /SBOM
12+
COPY . /SBOM
1313
RUN apk add --no-cache curl
1414
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
1515
RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
16-
RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
16+
RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1 --ignorefile /SBOM/.trivyignore
1717

1818
FROM alpine:3.19
1919
WORKDIR /fabconnect

0 commit comments

Comments
 (0)