From 63b080ca681376907d3da5c45a1f137d8185e844 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 14:39:51 +0200 Subject: [PATCH 01/25] chore: Add Trivy vulnerability scanner to build-docker job --- .github/workflows/main.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ece7a4d..d7f1dc9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -63,4 +63,15 @@ jobs: tags: ${{ vars.DOCKER_IMAGE_NAME }}:latest - needs: lint-gradle-project \ No newline at end of file + needs: build-gradle-project + + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: 'razano/ctcd' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' \ No newline at end of file From 60f49a8caef5c80e850d359df78e01affd123c30 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 14:47:49 +0200 Subject: [PATCH 02/25] test de changer de distrib --- .github/workflows/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d7f1dc9..fc18f37 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -63,7 +63,9 @@ jobs: tags: ${{ vars.DOCKER_IMAGE_NAME }}:latest - needs: build-gradle-project + cve-check: + runs-on: ubuntu-latest + needs: build-docker steps: - name: Run Trivy vulnerability scanner From a7d71caa13a18e3c323bd68c4aa948d87b470905 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:18:43 +0200 Subject: [PATCH 03/25] chore: Update Trivy vulnerability scanner configuration --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fc18f37..5796f42 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -75,5 +75,5 @@ jobs: format: 'table' exit-code: '1' ignore-unfixed: true - vuln-type: 'os,library' + vuln-type: 'library' severity: 'CRITICAL,HIGH' \ No newline at end of file From 3dca30eb47404f9f6acf6d6e4110a15b6550165c Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:28:27 +0200 Subject: [PATCH 04/25] test github summary --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5796f42..1a90938 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,7 @@ jobs: uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'razano/ctcd' - format: 'table' + format: 'github' exit-code: '1' ignore-unfixed: true vuln-type: 'library' From 4a58ea5c0d76114399ba21e8094d8bd1350b0a21 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:34:07 +0200 Subject: [PATCH 05/25] chore: Update Trivy vulnerability scanner configuration --- .github/workflows/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1a90938..14b438d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,8 +72,12 @@ jobs: uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'razano/ctcd' - format: 'github' + format: 'template' + template: "@trivy/github-markdown.tpl" + output: trivy.md exit-code: '1' ignore-unfixed: true vuln-type: 'library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' + - run: cat trivy.md >> $GITHUB_STEP_SUMMARY + if: always() \ No newline at end of file From f6316221987b0f68bd6c947f7ed834cfda0a42a9 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:39:37 +0200 Subject: [PATCH 06/25] chore: Update Trivy vulnerability scanner configuration --- .github/workflows/main.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 14b438d..0e3d0ff 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -73,11 +73,9 @@ jobs: with: image-ref: 'razano/ctcd' format: 'template' - template: "@trivy/github-markdown.tpl" - output: trivy.md + template: "@/github/workspace/software/trivy/templates/markdown.tpl" + output: ${{ github.step_summary }} exit-code: '1' ignore-unfixed: true vuln-type: 'library' - severity: 'CRITICAL,HIGH' - - run: cat trivy.md >> $GITHUB_STEP_SUMMARY - if: always() \ No newline at end of file + severity: 'CRITICAL,HIGH' \ No newline at end of file From 79708c96faea1a2562a2cc8bf9b0ef1acf5ddf29 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:47:23 +0200 Subject: [PATCH 07/25] chore: Update Trivy vulnerability scanner configuration --- .github/workflows/main.yml | 2 +- trivy/github-markdown.tpl | 56 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 trivy/github-markdown.tpl diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0e3d0ff..f4a43bc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -73,7 +73,7 @@ jobs: with: image-ref: 'razano/ctcd' format: 'template' - template: "@/github/workspace/software/trivy/templates/markdown.tpl" + template: "@trivy/github-markdown.tpl" output: ${{ github.step_summary }} exit-code: '1' ignore-unfixed: true diff --git a/trivy/github-markdown.tpl b/trivy/github-markdown.tpl new file mode 100644 index 0000000..b20a1f5 --- /dev/null +++ b/trivy/github-markdown.tpl @@ -0,0 +1,56 @@ +{{- if . }} +{{- range . }} +

Target {{ escapeXML .Target }}

+{{- if (eq (len .Vulnerabilities) 0) }} +

No Vulnerabilities found

+{{- else }} +

Vulnerabilities ({{ len .Vulnerabilities }})

+ + + + + + + + + {{- range .Vulnerabilities }} + + + + + + + + {{- end }} +
PackageIDSeverityInstalled VersionFixed Version
{{ escapeXML .PkgName }}{{ escapeXML .VulnerabilityID }}{{ escapeXML .Severity }}{{ escapeXML .InstalledVersion }}{{ escapeXML .FixedVersion }}
+{{- end }} +{{- if (eq (len .Misconfigurations ) 0) }} +

No Misconfigurations found

+{{- else }} +

Misconfigurations

+ + + + + + + + + {{- range .Misconfigurations }} + + + + + + + + {{- end }} +
TypeIDCheckSeverityMessage
{{ escapeXML .Type }}{{ escapeXML .ID }}{{ escapeXML .Title }}{{ escapeXML .Severity }} + {{ escapeXML .Message }} +
{{ escapeXML .PrimaryURL }}
+
+{{- end }} +{{- end }} +{{- else }} +

Trivy Returned Empty Report

+{{- end }} \ No newline at end of file From fa12bc486d0d638a4bd31aa5719e8a4fc5501a0e Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:49:55 +0200 Subject: [PATCH 08/25] chore: Update Trivy vulnerability scanner configuration --- .github/workflows/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f4a43bc..14b438d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -74,8 +74,10 @@ jobs: image-ref: 'razano/ctcd' format: 'template' template: "@trivy/github-markdown.tpl" - output: ${{ github.step_summary }} + output: trivy.md exit-code: '1' ignore-unfixed: true vuln-type: 'library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' + - run: cat trivy.md >> $GITHUB_STEP_SUMMARY + if: always() \ No newline at end of file From 991991864a0a6bbeaabc3f09d8df3365c8c1d0ed Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:57:39 +0200 Subject: [PATCH 09/25] chore: Update Trivy vulnerability scanner configuration --- .github/workflows/main.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 14b438d..754952f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,7 +44,7 @@ jobs: - name: Run build without tests run: ./gradlew assemble - build-docker: + check-cve: runs-on: ubuntu-latest steps: - name: Set up Docker Buildx @@ -68,10 +68,13 @@ jobs: needs: build-docker steps: + - name: Checkout code + uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: - image-ref: 'razano/ctcd' + scan-type: 'fs' + scan-ref: '.' format: 'template' template: "@trivy/github-markdown.tpl" output: trivy.md From 81b4c2311e7b8aea684785e409eededee2c42fac Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 15:59:23 +0200 Subject: [PATCH 10/25] chore: Update Trivy vulnerability scanner configuration to use actions/checkout@v4 and include OS vulnerabilities --- .github/workflows/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 754952f..1499764 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,6 +7,8 @@ jobs: lint-gradle-project: runs-on: ubuntu-latest + needs: check-cve + steps: - name: Checkout project source uses: actions/checkout@v4 @@ -69,7 +71,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: @@ -80,7 +82,7 @@ jobs: output: trivy.md exit-code: '1' ignore-unfixed: true - vuln-type: 'library' + vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - run: cat trivy.md >> $GITHUB_STEP_SUMMARY if: always() \ No newline at end of file From aa91b9ce49cf389659840257da699b76e0292863 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:13:18 +0200 Subject: [PATCH 11/25] chore: Update Trivy vulnerability scanner configuration to use actions/checkout@v4 and include OS vulnerabilities --- .github/workflows/main.yml | 11 +++-------- Dockerfile | 2 +- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1499764..4bd5790 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,9 +6,7 @@ jobs: lint-gradle-project: runs-on: ubuntu-latest - needs: check-cve - steps: - name: Checkout project source uses: actions/checkout@v4 @@ -70,19 +68,16 @@ jobs: needs: build-docker steps: - - name: Checkout code - uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: - scan-type: 'fs' - scan-ref: '.' + image-ref: 'razano/ctcd' format: 'template' template: "@trivy/github-markdown.tpl" output: trivy.md exit-code: '1' ignore-unfixed: true - vuln-type: 'os,library' + vuln-type: 'library' severity: 'CRITICAL,HIGH' - run: cat trivy.md >> $GITHUB_STEP_SUMMARY - if: always() \ No newline at end of file + if: always() diff --git a/Dockerfile b/Dockerfile index efb9680..8d1b745 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,6 @@ WORKDIR /app COPY . . RUN ./gradlew assemble -FROM openjdk:17-jdk-slim AS runtime +FROM openjdk:23-slim-bookworm AS runtime COPY --from=build /app/build/libs/ctcd-0.0.1-SNAPSHOT.jar /app/ctcd-0.0.1-SNAPSHOT.jar ENTRYPOINT ["java", "-jar", "/app/ctcd-0.0.1-SNAPSHOT.jar"] \ No newline at end of file From 2e468e0f9c22bd8598ab4604998f0734f210a306 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:21:20 +0200 Subject: [PATCH 12/25] chore: Update Dockerfile to fix Gradle assemble command --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8d1b745..1ecccb9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM gradle:latest AS build WORKDIR /app COPY . . -RUN ./gradlew assemble +RUN ./gradlew assemblev --no-daemon FROM openjdk:23-slim-bookworm AS runtime COPY --from=build /app/build/libs/ctcd-0.0.1-SNAPSHOT.jar /app/ctcd-0.0.1-SNAPSHOT.jar From 3f595ef0ef2e1972bb1dd5c7645c254757800315 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:35:43 +0200 Subject: [PATCH 13/25] chore: Update Trivy vulnerability scanner configuration to include OS vulnerabilities and use actions/checkout@v4 --- .github/workflows/main.yml | 5 ++--- Dockerfile | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4bd5790..541fc6f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,12 +72,11 @@ jobs: uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'razano/ctcd' - format: 'template' - template: "@trivy/github-markdown.tpl" + format: 'table' output: trivy.md exit-code: '1' ignore-unfixed: true - vuln-type: 'library' + vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - run: cat trivy.md >> $GITHUB_STEP_SUMMARY if: always() diff --git a/Dockerfile b/Dockerfile index 1ecccb9..2974bf8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM gradle:latest AS build WORKDIR /app COPY . . -RUN ./gradlew assemblev --no-daemon +RUN ./gradlew assemble --no-daemon FROM openjdk:23-slim-bookworm AS runtime COPY --from=build /app/build/libs/ctcd-0.0.1-SNAPSHOT.jar /app/ctcd-0.0.1-SNAPSHOT.jar From a94e3746feb9f33a9603a179a5a35d8c353876fe Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:42:13 +0200 Subject: [PATCH 14/25] test cve avec l'ancienne image --- Dockerfile | 4 +-- trivy/github-markdown.tpl | 56 --------------------------------------- 2 files changed, 2 insertions(+), 58 deletions(-) delete mode 100644 trivy/github-markdown.tpl diff --git a/Dockerfile b/Dockerfile index 2974bf8..efb9680 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM gradle:latest AS build WORKDIR /app COPY . . -RUN ./gradlew assemble --no-daemon +RUN ./gradlew assemble -FROM openjdk:23-slim-bookworm AS runtime +FROM openjdk:17-jdk-slim AS runtime COPY --from=build /app/build/libs/ctcd-0.0.1-SNAPSHOT.jar /app/ctcd-0.0.1-SNAPSHOT.jar ENTRYPOINT ["java", "-jar", "/app/ctcd-0.0.1-SNAPSHOT.jar"] \ No newline at end of file diff --git a/trivy/github-markdown.tpl b/trivy/github-markdown.tpl deleted file mode 100644 index b20a1f5..0000000 --- a/trivy/github-markdown.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{- if . }} -{{- range . }} -

Target {{ escapeXML .Target }}

-{{- if (eq (len .Vulnerabilities) 0) }} -

No Vulnerabilities found

-{{- else }} -

Vulnerabilities ({{ len .Vulnerabilities }})

- - - - - - - - - {{- range .Vulnerabilities }} - - - - - - - - {{- end }} -
PackageIDSeverityInstalled VersionFixed Version
{{ escapeXML .PkgName }}{{ escapeXML .VulnerabilityID }}{{ escapeXML .Severity }}{{ escapeXML .InstalledVersion }}{{ escapeXML .FixedVersion }}
-{{- end }} -{{- if (eq (len .Misconfigurations ) 0) }} -

No Misconfigurations found

-{{- else }} -

Misconfigurations

- - - - - - - - - {{- range .Misconfigurations }} - - - - - - - - {{- end }} -
TypeIDCheckSeverityMessage
{{ escapeXML .Type }}{{ escapeXML .ID }}{{ escapeXML .Title }}{{ escapeXML .Severity }} - {{ escapeXML .Message }} -
{{ escapeXML .PrimaryURL }}
-
-{{- end }} -{{- end }} -{{- else }} -

Trivy Returned Empty Report

-{{- end }} \ No newline at end of file From 3cf842121331563d3059c5ac2ca191f415d3675a Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:44:39 +0200 Subject: [PATCH 15/25] chore: Update Trivy vulnerability scanner configuration to use 'github' format for output --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 541fc6f..b336f23 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,7 @@ jobs: uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'razano/ctcd' - format: 'table' + format: 'github' output: trivy.md exit-code: '1' ignore-unfixed: true From 062c9e955a8036e23f1f962df427b24f3e7e3488 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:50:43 +0200 Subject: [PATCH 16/25] chore: Update Trivy vulnerability scanner configuration to use 'template' format for output --- .github/workflows/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b336f23..8cccdcc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,8 @@ jobs: uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'razano/ctcd' - format: 'github' + format: 'template' + template: 'https://raw.githubusercontent.com/aquasecurity/trivy/7735ec432a83d5446d13a593ab3b27dd02649ca1/contrib/markdown.tpl' output: trivy.md exit-code: '1' ignore-unfixed: true From 187412d7cfb001997c70f56833407ac72962108e Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:53:08 +0200 Subject: [PATCH 17/25] chore: Update Trivy vulnerability scanner configuration to use 'template' format for output --- .github/workflows/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8cccdcc..2720227 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,7 +44,7 @@ jobs: - name: Run build without tests run: ./gradlew assemble - check-cve: + build-docker: runs-on: ubuntu-latest steps: - name: Set up Docker Buildx @@ -68,12 +68,13 @@ jobs: needs: build-docker steps: + - run: curl https://raw.githubusercontent.com/aquasecurity/trivy/7735ec432a83d5446d13a593ab3b27dd02649ca1/contrib/markdown.tpl -o markdown.tpl - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'razano/ctcd' format: 'template' - template: 'https://raw.githubusercontent.com/aquasecurity/trivy/7735ec432a83d5446d13a593ab3b27dd02649ca1/contrib/markdown.tpl' + template: '@markdown.tpl' output: trivy.md exit-code: '1' ignore-unfixed: true From c44a14d844833e00cf03eb98cb8793fad58c4503 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 16:59:44 +0200 Subject: [PATCH 18/25] chore: Update Dockerfile to fix Gradle assemble command and use latest OpenJDK version --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index efb9680..2974bf8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM gradle:latest AS build WORKDIR /app COPY . . -RUN ./gradlew assemble +RUN ./gradlew assemble --no-daemon -FROM openjdk:17-jdk-slim AS runtime +FROM openjdk:23-slim-bookworm AS runtime COPY --from=build /app/build/libs/ctcd-0.0.1-SNAPSHOT.jar /app/ctcd-0.0.1-SNAPSHOT.jar ENTRYPOINT ["java", "-jar", "/app/ctcd-0.0.1-SNAPSHOT.jar"] \ No newline at end of file From 84a7006abd987cef517f1111506a8461bc8897ca Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:09:48 +0200 Subject: [PATCH 19/25] chore: Update Trivy vulnerability scanner configuration to use latest Docker image and template format for output --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2720227..65dbcb6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: - image-ref: 'razano/ctcd' + image-ref: ${{ variables.DOCKER_IMAGE_NAME }}:latest format: 'template' template: '@markdown.tpl' output: trivy.md From 75058f6c8343f610abb6aab6930b6fb065fdf7b3 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:11:31 +0200 Subject: [PATCH 20/25] chore: Update Trivy vulnerability scanner configuration to use correct Docker image reference and template format for output --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 65dbcb6..07a92c9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: - image-ref: ${{ variables.DOCKER_IMAGE_NAME }}:latest + image-ref: $DOCKER_IMAGE_NAME:latest format: 'template' template: '@markdown.tpl' output: trivy.md From 8465983be8c34c15a4cee1c04a68444150410e6c Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:13:49 +0200 Subject: [PATCH 21/25] chore: Update Trivy vulnerability scanner configuration to use $DOCKER_IMAGE_NAME:latest and 'template' format for output --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 07a92c9..e0dd655 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: - image-ref: $DOCKER_IMAGE_NAME:latest + image-ref: ${{ vars.DOCKER_IMAGE_NAME }}:latest format: 'template' template: '@markdown.tpl' output: trivy.md From 3fb3bac98a3e1edf7477a6d21986e729db3c6728 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:30:07 +0200 Subject: [PATCH 22/25] chore: Update Trivy vulnerability scanner configuration to use latest Docker image and 'template' format for output --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e0dd655..f16ed3d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -62,7 +62,6 @@ jobs: push: true tags: ${{ vars.DOCKER_IMAGE_NAME }}:latest - cve-check: runs-on: ubuntu-latest needs: build-docker From 306df2487d3381feca3b255624c5518b80a24ba1 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:30:58 +0200 Subject: [PATCH 23/25] chore: Remove unnecessary 'needs' step from lint-gradle-project job --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f16ed3d..f55dc14 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,7 +6,6 @@ jobs: lint-gradle-project: runs-on: ubuntu-latest - needs: check-cve steps: - name: Checkout project source uses: actions/checkout@v4 From edc489addcbdea1fda10ab7a089de1e04c917761 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:34:09 +0200 Subject: [PATCH 24/25] chore: Update Docker Buildx action to version 4 --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f55dc14..b306a39 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v4 - name: Login to Docker Hub uses: docker/login-action@v3 From 3e04355e9870b982a33bd93ffd1dea643d355e64 Mon Sep 17 00:00:00 2001 From: Dorian TETU Date: Mon, 3 Jun 2024 17:34:43 +0200 Subject: [PATCH 25/25] chore: Update Docker Buildx action to version 3 --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b306a39..cb4fee4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3