Fix trivy security scan issues (#1391)

* Fix trivy security scan issues * Using aquasecurity/trivy-action * Remove scripts/trivy_scan.sh * Upgrade argo3 and kubectl
equinor · Jul 2, 2024 · 03a29b1 · 03a29b1
1 parent 23c5a73
commit 03a29b1
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 37 deletions.
diff --git a/.github/workflows/master-ci.yml b/.github/workflows/master-ci.yml
@@ -47,10 +47,15 @@ jobs:
           load: true
 
       - name: Run Trivy vulnerability scanner
-        env:
-          IMAGE: ${{ steps.prep.outputs.base_image }}
-        run: |
-          bash scripts/trivy_scan.sh "$IMAGE"
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: ${{ steps.prep.outputs.base_image }}
+          format: 'table'
+          exit-code: '10'
+          ignore-unfixed: true
+          hide-progress: true
+          severity: 'HIGH,CRITICAL'
+          timeout: 5m
 
       - name: Push gordo-base
         uses: docker/build-push-action@v2

diff --git a/Dockerfile b/Dockerfile
@@ -47,7 +47,7 @@ RUN pip install gordo-packed.tar.gz[full]
 
 # Install GordoDeploy dependencies
 ARG HTTPS_PROXY
-ARG KUBECTL_VERSION="v1.22.4"
+ARG KUBECTL_VERSION="v1.30.2"
 
 #donwload & install kubectl
 RUN curl -sSL -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl &&\
@@ -74,7 +74,7 @@ RUN cp ${HOME}/build.sh /usr/bin/build \
 WORKDIR ${HOME}
 
 #download & install argo
-ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.4.7\"}]"
+ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.5.8\"}]"
 COPY scripts/download_argo.py ./download_argo.py
 RUN python3 ./download_argo.py -o /usr/local/bin
 

diff --git a/scripts/trivy_scan.sh b/scripts/trivy_scan.sh