🩺(trivy) add trivyignore file and add minimatch CVE
We added a .trivyignore file to ignore the CVE-2026-26996 vulnerability coming from the y-provider image. We also updated the docker-hub.yml workflow to use this .trivyignore file when scanning our Docker images with Trivy.
This commit is contained in:
Anthony LC
6
.github/workflows/docker-hub.yml
vendored
6
.github/workflows/docker-hub.yml
vendored
@@ -16,6 +16,9 @@ on:
|
||||
env:
|
||||
DOCKER_USER: 1001:127
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build-and-push-backend:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -42,6 +45,7 @@ jobs:
|
||||
with:
|
||||
docker-build-args: "--target backend-production -f Dockerfile"
|
||||
docker-image-name: "docker.io/lasuite/impress-backend:${{ github.sha }}"
|
||||
trivyignores: ./.github/.trivyignore
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
@@ -83,6 +87,7 @@ jobs:
|
||||
with:
|
||||
docker-build-args: "-f src/frontend/Dockerfile --target frontend-production"
|
||||
docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}"
|
||||
trivyignores: ./.github/.trivyignore
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
@@ -124,6 +129,7 @@ jobs:
|
||||
with:
|
||||
docker-build-args: "-f src/frontend/servers/y-provider/Dockerfile --target y-provider"
|
||||
docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}"
|
||||
trivyignores: ./.github/.trivyignore
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
|
||||
Reference in New Issue
Block a user