Add update-ca-trust command (#1314)

* Add update-ca-trust command * update triv ignore
microsoft · Sep 12, 2024 · 1b29b93 · 1b29b93
1 parent 8d6e12e
commit 1b29b93
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/.trivyignore b/.trivyignore
@@ -16,3 +16,8 @@ CVE-2024-24791
 
 #cbl-mariner
 CVE-2024-5535
+
+#stdlib
+CVE-2024-34156
+CVE-2024-34155
+CVE-2024-34158
diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch
@@ -22,7 +22,23 @@ ENV tmpdir /opt
 RUN tdnf clean all
 RUN tdnf repolist --refresh
 RUN tdnf -y update
-RUN tdnf install -y build-essential wget curl sudo net-tools cronie rsyslog dmidecode gnupg make logrotate busybox gawk tar && rm -rf /var/lib/apt/lists/*
+RUN tdnf install -y \
+         build-essential \
+        wget \
+        curl \
+        sudo \
+        net-tools \
+        cronie \
+        rsyslog \
+        dmidecode \
+        gnupg \
+        make \
+        logrotate \
+        busybox \
+        gawk \
+        tar \
+        ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /busybin && busybox --install /busybin
 
 COPY --from=golang-builder /src/kubernetes/linux/Linux_ULINUX_1.0_*_64_Release/docker-cimprov-*.*.*-*.*.sh $tmpdir/
@@ -81,6 +97,7 @@ COPY --from=builder /usr/bin/curl /usr/bin/curl
 COPY --from=builder /usr/bin/jq /usr/bin/jq
 COPY --from=builder /usr/bin/base64 /usr/bin/base64
 COPY --from=builder /usr/bin/fluentd /usr/bin/fluentd
+COPY --from=builder /usr/bin/update-ca-trust /usr/bin/update-ca-trust
 
 # bash dependencies
 COPY --from=builder /lib/libreadline.so.8 /lib/