diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index de6013b5cd..ba238410dd 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -203,10 +203,9 @@ jobs: id: docker-scout uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 with: - command: cves,recommendations + command: cves image: ${{ steps.meta.outputs.tags }} ignore-base: true - only-fixed: true sarif-file: "${{ inputs.image }}-results/scout.sarif" write-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 2aa697eb88..d2c216cb62 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -224,10 +224,9 @@ jobs: id: docker-scout uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 with: - command: cves,recommendations + command: cves image: ${{ steps.meta.outputs.tags }} ignore-base: true - only-fixed: true sarif-file: "${{ inputs.image }}-results/scout.sarif" write-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index 8555194c7b..10fd2314c0 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -451,10 +451,9 @@ jobs: id: docker-scout uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 with: - command: cves,recommendations + command: cves image: ${{ steps.meta.outputs.tags }} ignore-base: true - only-fixed: true sarif-file: "${{ steps.directory.outputs.directory }}/scout.sarif" write-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment @@ -541,10 +540,9 @@ jobs: id: docker-scout uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 with: - command: cves,recommendations + command: cves image: ${{ steps.meta.outputs.tags }} ignore-base: true - only-fixed: true sarif-file: "${{ steps.directory.outputs.directory }}/scout.sarif" write-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment @@ -638,10 +636,9 @@ jobs: id: docker-scout uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 with: - command: cves,recommendations + command: cves image: ${{ steps.meta.outputs.tags }} ignore-base: true - only-fixed: true sarif-file: "${{ steps.directory.outputs.directory }}/scout.sarif" write-comment: false github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment diff --git a/build/Dockerfile b/build/Dockerfile index 21f233311f..9c31a51111 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -16,7 +16,7 @@ FROM ghcr.io/nginxinc/dependencies/nginx-ot:nginx-1.27.2-alpine@sha256:83da7cd36 FROM ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le:nginx-1.27.2@sha256:4c47c1295b25018342d9f7c8383fd933e73e162a482f2f45a21326f70c6d501d AS ubi-ppc64le FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.17@sha256:67b69b49aff96e185be841e2b2ff2d8236551ea5c18002bffa4344798d803fd8 AS alpine-fips-3.17 FROM ghcr.io/nginxinc/alpine-fips:0.2.3-alpine3.20@sha256:4c29e5c50b122354d9d4ba6b97cdf64647468e788b965fc0240ead541653454a AS alpine-fips-3.20 -FROM redhat/ubi9-minimal@sha256:d85040b6e3ed3628a89683f51a38c709185efc3fb552db2ad1b9180f2a6c38be AS ubi-minimal +FROM redhat/ubi9-minimal:9.5@sha256:d85040b6e3ed3628a89683f51a38c709185efc3fb552db2ad1b9180f2a6c38be AS ubi-minimal FROM golang:1.23-alpine@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574 AS golang-builder