Skip to content

Commit

Permalink
fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304
Browse files Browse the repository at this point in the history
…, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156

fixes: #2058

trivy scanner verified that the vulnerabilities in keychain-vault-server
is not appearing anymore. CVEs are the following
- CVE-2021-22946
- CVE-2022-1304
- CVE-2018-12886
- CVE-2022-29458
- CVE-2019-3843
- CVE-2019-3844
- CVE-2022-29458 (base)
- CVE-2022-29458 (bin)
- CVE-2020-16156

No changes was needed to be merged.

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
  • Loading branch information
ruzell22 committed Jul 25, 2023
1 parent 292d287 commit 05fb935
Showing 1 changed file with 52 additions and 0 deletions.
52 changes: 52 additions & 0 deletions .github/workflows/trivy-containter-scan.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: trivy-container-image-scan

on:
push:
pull_request:
# Publish `main` as Docker `latest` image.
branches:
- main

# Publish `v1.2.3` tags as releases.
tags:
- v*

jobs:

build:
name: Scan keychain-vault-server table image
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build an image from Dockerfile
run: |
DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.11.2
with:
image-ref: 'cactus-keychain-vault-server'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

build2:
name: Scan keychain-vault-server json image
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build an image from Dockerfile
run: |
DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.11.2
with:
image-ref: 'cactus-keychain-vault-server'
format: 'json'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

0 comments on commit 05fb935

Please sign in to comment.