pycsw icon indicating copy to clipboard operation
pycsw copied to clipboard
verified publisher icon geopython

add Dockerfile CVE check, update vulnerability scanning to use trivy action

Open tomkralidis opened this issue 2 years ago • 1 comments

Overview

add Dockerfile CVE check, update vulnerability scanning to use trivy action

Related Issue / Discussion

None

Additional Information

None

Contributions and Licensing

(as per https://github.com/geopython/pycsw/blob/master/CONTRIBUTING.rst#contributions-and-licensing)

  • [x] I'd like to contribute [feature X|bugfix Y|docs|something else] to pycsw. I confirm that my contributions to pycsw will be compatible with the pycsw license guidelines at the time of contribution.
  • [x] I have already previously agreed to the pycsw Contributions and Licensing Guidelines

tomkralidis avatar Jan 07 '24 00:01 tomkralidis

Testing only the docker image for vulnerabilities could give the impression that all deployment methods are tested as well.

In order to pass the tests here, we would also need to change the base docker image and put effort to catch up with OS security patches.

kalxas avatar Apr 10 '24 07:04 kalxas

PR updated. Note that upgrading Dockerfile to python:3.10-slim-buster and adding apt upgrade passes the trivy image scan.

tomkralidis avatar Aug 05 '24 00:08 tomkralidis