Merge pull request #79 from kaleido-io/vuln-check

adding high/critical severity vuln checks
hyperledger · Mar 28, 2024 · e188d4b · e188d4b
2 parents 15ccd61 + 165c0cd
commit e188d4b
Show file tree

Hide file tree

Showing 3 changed files with 562 additions and 331 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,6 +8,15 @@ USER 1001
 RUN npm install
 RUN npm run build
 
+FROM alpine:3.19 AS SBOM
+WORKDIR /
+ADD . /SBOM
+RUN apk add --no-cache curl
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
+RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
+RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
+
+
 FROM node:16-alpine3.15
 WORKDIR /firefly-dataexchange-https
 COPY --from=firefly-dataexchange-builder /firefly-dataexchange-https/package.json /firefly-dataexchange-https
@@ -17,5 +26,6 @@ RUN npm install --production
 EXPOSE 3000
 EXPOSE 3001
 USER 1001
+COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json
 
 CMD [ "node", "./build/index.js" ]