Skip to content

Commit

Permalink
Merge pull request #71 from ba-st/improve_vulnerabiltiy_scanning
Browse files Browse the repository at this point in the history
Improve vulnerabiltiy scanning
gcotelli authored Apr 25, 2024
2 parents d0dc79f + f1895dd commit 5e77dea
Showing 2 changed files with 15 additions and 6 deletions.
13 changes: 11 additions & 2 deletions .github/workflows/scheduled-security-scan.yml
Original file line number Diff line number Diff line change
@@ -8,13 +8,22 @@ jobs:
permissions:
contents: read
security-events: write
name: Scheduled scan for vulnerabilities
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
version:
- latest
- v5
package:
- launchpad
- launchpad-gs64-3.7.1
name: Scheduled scan for vulnerabilities ${{ matrix.package }}-${{ matrix.version }}
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/${{ github.repository_owner }}/launchpad:latest
image-ref: ghcr.io/${{ github.repository_owner }}/${{ matrix.package }}:${{ matrix.version}}
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
8 changes: 4 additions & 4 deletions docker/pharo/Dockerfile
Original file line number Diff line number Diff line change
@@ -3,10 +3,10 @@ FROM ghcr.io/ba-st/pharo:v11.0.0
COPY --chown=pharo:users ./launchpad* ./
USER root
RUN set -eu; \
apt-get update; \
apt-get upgrade; \
apt-get install --assume-yes --no-install-recommends netcat-openbsd; \
apt-get clean; \
apt update; \
apt upgrade --assume-yes; \
apt install --assume-yes --no-install-recommends netcat-openbsd; \
apt clean; \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*; \
ln -s /opt/pharo/launchpad /usr/local/bin/launchpad; \
ln -s /opt/pharo/launchpad-list /usr/local/bin/launchpad-list; \

0 comments on commit 5e77dea

Please sign in to comment.