adding high/critical severity vuln checks

Signed-off-by: Samim Mirhosseini <ssmirr@users.noreply.github.com>
hyperledger · Mar 28, 2024 · 35c2ee9 · 35c2ee9
1 parent 15ccd61
commit 35c2ee9
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,6 +8,15 @@ USER 1001
 RUN npm install
 RUN npm run build
 
+FROM alpine:3.19 AS SBOM
+WORKDIR /
+ADD . /SBOM
+RUN apk add --no-cache curl
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
+RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
+RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
+
+
 FROM node:16-alpine3.15
 WORKDIR /firefly-dataexchange-https
 COPY --from=firefly-dataexchange-builder /firefly-dataexchange-https/package.json /firefly-dataexchange-https
@@ -17,5 +26,6 @@ RUN npm install --production
 EXPOSE 3000
 EXPOSE 3001
 USER 1001
+COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json
 
 CMD [ "node", "./build/index.js" ]