Configure and utilize trivy scan

also fix detected issue with Dockerfile Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-06-11 15:27:59 +02:00 · 2023-06-11 15:27:59 +02:00 · 1720ebb665
commit 1720ebb665
parent 6657c7f712
4 changed files with 22 additions and 1 deletions
--- a/.github/workflows/test-and-build.yml
+++ b/.github/workflows/test-and-build.yml
@ -40,6 +40,7 @@ jobs:
            nodejs-lts-hydrogen \
            npm \
            tar \
            trivy \
            unzip \
            which \
            zip
@ -53,6 +54,9 @@ jobs:
        run: |
          go test -v ./...
      - name: Execute Trivy scan
        run: make trivy
      - name: Build release
        run: make publish
        env:
--- a/2
+++ b/2
@ -34,6 +34,8 @@ COPY --from=builder /go/bin/ots /usr/local/bin/ots
 EXPOSE 3000
 USER 1000:1000
 ENTRYPOINT ["/usr/local/bin/ots"]
 CMD ["--"]
--- a/Dockerfile.minimal
+++ b/Dockerfile.minimal
@ -30,6 +30,8 @@ COPY --from=builder /go/bin/ots /usr/local/bin/ots
 EXPOSE 3000
 USER 1000:1000
 ENTRYPOINT ["/usr/local/bin/ots"]
 CMD ["--"]
--- a/15
+++ b/15
@ -1,4 +1,4 @@
-VER_FONTAWESOME=6.4.0
+VER_FONTAWESOME:=6.4.0
 default: generate download_libs
@ -33,3 +33,16 @@ download_libs: fontawesome
 fontawesome:
 	curl -sSfL https://github.com/FortAwesome/Font-Awesome/archive/$(VER_FONTAWESOME).tar.gz | \
 		tar -vC frontend -xz --strip-components=1 --wildcards --exclude='*/js-packages' '*/css' '*/webfonts'
 # -- Vulnerability scanning --
 trivy:
 	trivy fs . \
 		--dependency-tree \
 		--exit-code 1 \
 		--format table \
 		--ignore-unfixed \
 		--quiet \
 		--scanners config,license,secret,vuln \
 		--severity HIGH,CRITICAL \
 		--skip-dirs docs