-
Notifications
You must be signed in to change notification settings - Fork 286
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(devcontainer): add trivy and its VSCode Extension
Primary Changes 1) updated trivy version in the .devcontainer file and included AquaSecurityOfficial.trivy-vulnerability-scanner vs-code extension 2) updated trivy version in ci.yaml 3) included AquaSecurityOfficial.trivy-vulnerability-scanner vs-code extension in the .vscode/extensions.json file Fixes #2650 Signed-off-by: ashnashahgrover <[email protected]>
- Loading branch information
1 parent
603ff0e
commit 86a0c08
Showing
3 changed files
with
101 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1975,7 +1975,32 @@ jobs: | |
uses: actions/[email protected] | ||
with: | ||
name: coverage-reports-31 | ||
path: ./code-coverage-ts/**/ | ||
path: ./code-coverage-ts/**/ | ||
node-version: ${{ env.NODEJS_VERSION }} | ||
- uses: actions/[email protected] | ||
|
||
- id: yarn-cache | ||
name: Restore Yarn Cache | ||
uses: actions/[email protected] | ||
with: | ||
key: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} | ||
path: ./.yarn/ | ||
restore-keys: | | ||
${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} | ||
- run: ./tools/ci.sh | ||
|
||
- name: Build an image from Dockerfile | ||
run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t plugin-ledger-connector-quorum | ||
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }} | ||
name: Run Trivy vulnerability scan for plugin-ledger-connector-quorum | ||
uses: aquasecurity/[email protected] | ||
with: | ||
image-ref: 'plugin-ledger-connector-quorum' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: false | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL,HIGH' | ||
cplc-sawtooth: | ||
continue-on-error: false | ||
env: | ||
|
@@ -2565,6 +2590,44 @@ jobs: | |
- uses: actions/[email protected] | ||
- name: ghcr.io/hyperledger/cactus-besu-all-in-one | ||
run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile | ||
ghcr-cmd-api-server: | ||
runs-on: ubuntu-22.04 | ||
needs: | ||
- compute_changed_packages | ||
if: needs.compute_changed_packages.outputs.cmd-api-server-changed == 'true' | ||
steps: | ||
- uses: actions/[email protected] | ||
- name: ghcr.io/hyperledger/cactus-cmd-api-server | ||
run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-cmd-api-server/Dockerfile -t cactus-cmd-api-server | ||
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }} | ||
name: Run Trivy vulnerability scan for cactus-cmd-api-server | ||
uses: aquasecurity/[email protected] | ||
with: | ||
image-ref: 'cactus-cmd-api-server' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: false | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL,HIGH' | ||
ghcr-connector-besu: | ||
needs: | ||
- compute_changed_packages | ||
if: needs.compute_changed_packages.outputs.plugin-ledger-connector-besu-changed == 'true' | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
- uses: actions/[email protected] | ||
- name: ghcr.io/hyperledger/cactus-connector-besu | ||
run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-besu/ -f ./packages/cactus-plugin-ledger-connector-besu/Dockerfile -t cactus-connector-besu | ||
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }} | ||
name: Run Trivy vulnerability scan for cactus-connector-besu | ||
uses: aquasecurity/[email protected] | ||
with: | ||
image-ref: 'cactus-connector-besu' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: false | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL,HIGH' | ||
ghcr-connector-corda-server: | ||
runs-on: ubuntu-22.04 | ||
needs: | ||
|
@@ -2577,14 +2640,44 @@ jobs: | |
run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-corda/src/main-server/ -f ./packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile -t cactus-connector-corda-server | ||
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }} | ||
name: Run Trivy vulnerability scan for cactus-connector-corda-server | ||
uses: aquasecurity/trivy-action@0.19.0 | ||
uses: aquasecurity/trivy-action@0.52.1 | ||
with: | ||
image-ref: 'cactus-connector-corda-server' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: false | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL,HIGH' | ||
ghcr-connector-fabric: | ||
runs-on: ubuntu-22.04 | ||
needs: | ||
- compute_changed_packages | ||
if: needs.compute_changed_packages.outputs.plugin-ledger-connector-fabric-changed == 'true' | ||
|
||
steps: | ||
- uses: actions/[email protected] | ||
- name: ghcr.io/hyperledger/cactus-connector-fabric | ||
run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-fabric/ -f ./packages/cactus-plugin-ledger-connector-fabric/Dockerfile -t cactus-connector-fabric | ||
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }} | ||
name: Run Trivy vulnerability scan for cactus-connector-fabric | ||
uses: aquasecurity/[email protected] | ||
with: | ||
image-ref: 'cactus-connector-fabric' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: false | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL,HIGH' | ||
ghcr-corda-all-in-one: | ||
runs-on: ubuntu-22.04 | ||
needs: | ||
- compute_changed_packages | ||
if: needs.compute_changed_packages.outputs.ghcr-corda-all-in-one-changed == 'true' | ||
steps: | ||
- uses: actions/[email protected] | ||
- name: ghcr.io/hyperledger/cactus-corda-all-in-one | ||
run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile | ||
|
||
ghcr-corda-all-in-one-flowdb: | ||
runs-on: ubuntu-22.04 | ||
steps: | ||
|
@@ -2638,7 +2731,7 @@ jobs: | |
run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server | ||
- if: ${{ env.RUN_TRIVY_SCAN == 'true' }} | ||
name: Run Trivy vulnerability scan for cactus-keychain-vault-server | ||
uses: aquasecurity/trivy-action@0.19.0 | ||
uses: aquasecurity/trivy-action@0.52.1 | ||
with: | ||
image-ref: 'cactus-keychain-vault-server' | ||
format: 'table' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters