Merge pull request #39 from myoung34/bump_alpine

Bump alpine to resolve CVE-2021-28831
myoung34 · Apr 4, 2021 · 643623c · 643623c
2 parents 63ca98e + 4b6f5ff
commit 643623c
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 2 deletions.
diff --git a/.claire.yml b/.claire.yml
@@ -0,0 +1,3 @@
+generalwhitelist:
+  # musl 1.2.2 resolves -> A buffer overflow (CVE-2020-28928) in wcsnrtombs has been fixed with the function essentially rewritten
+  CVE-2020-28928: musl
diff --git a/.dockerignore b/.dockerignore
@@ -4,3 +4,4 @@ Dockerfile
 Makefile
 .git
 LICENSE
+.claire.yml
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Build
         run: docker build -t myoung34/tilty:latest .
       - name: Test
-        run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest
+        run: ./clair-scanner -w .claire.yml --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest
   bandit:
     runs-on: ubuntu-latest
     strategy:

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.12.0
+FROM alpine:3.13.4
 
 LABEL maintainer="[email protected]"
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,4 @@ Dockerfile @@
     Makefile
     .git
     LICENSE
+    .claire.yml