trivyignore CVE that's not relevant

Signed-off-by: Samim Mirhosseini <ssmirr@users.noreply.github.com>
hyperledger · May 13, 2024 · 7de4ef4 · 7de4ef4
1 parent e20e08b
commit 7de4ef4
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,3 @@
+# not relevant to the way grpc is used in fabconnect
+# see https://github.com/hyperledger/firefly-fabconnect/pull/123#discussion_r1543748524
+GHSA-m425-mq94-257g
diff --git a/Dockerfile b/Dockerfile
@@ -9,11 +9,11 @@ RUN make
 
 FROM alpine:3.19 AS SBOM
 WORKDIR /
-ADD . /SBOM
+COPY . /SBOM
 RUN apk add --no-cache curl
 RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
 RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
-RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1
+RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1 --ignorefile /SBOM/.trivyignore
 
 FROM alpine:3.19
 WORKDIR /fabconnect