diff --git a/.claire.yml b/.claire.yml new file mode 100644 index 0000000..3232448 --- /dev/null +++ b/.claire.yml @@ -0,0 +1,3 @@ +generalwhitelist: + # musl 1.2.2 resolves -> A buffer overflow (CVE-2020-28928) in wcsnrtombs has been fixed with the function essentially rewritten + CVE-2020-28928: musl diff --git a/.dockerignore b/.dockerignore index dad9161..226640d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,3 +4,4 @@ Dockerfile Makefile .git LICENSE +.claire.yml diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index f1c089b..8bc24af 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -34,7 +34,7 @@ jobs: - name: Build run: docker build -t myoung34/tilty:latest . - name: Test - run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest + run: ./clair-scanner -w .claire.yml --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest bandit: runs-on: ubuntu-latest strategy: diff --git a/Dockerfile b/Dockerfile index ed695fd..a9edf97 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12.0 +FROM alpine:3.13.4 LABEL maintainer="3vilpenguin@gmail.com"