From a9dc4fb0ef8b7f232a9110e33c596ce470fbbeda Mon Sep 17 00:00:00 2001 From: Samim Mirhosseini Date: Mon, 5 Feb 2024 10:11:24 -0500 Subject: [PATCH] adding high/critical severity vuln checks Signed-off-by: Samim Mirhosseini --- Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Dockerfile b/Dockerfile index a613133..43d0cd6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,14 @@ RUN npm install ADD . . RUN npm run build +FROM alpine:3.19 AS SBOM +WORKDIR / +ADD . /SBOM +RUN apk add --no-cache curl +RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3 +RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM +RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1 + FROM node:16-alpine3.15 RUN apk add curl WORKDIR /app @@ -25,6 +33,7 @@ COPY --from=builder /root/dist dist COPY --from=builder /root/.env /app/.env RUN chgrp -R 0 /app/ \ && chmod -R g+rwX /app/ +COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json USER 1001 EXPOSE 3000 CMD ["node", "dist/src/main"]