diff --git a/.github/workflows/release-docker-image.yaml b/.github/workflows/release-docker-image.yaml index e8803b7..365311a 100644 --- a/.github/workflows/release-docker-image.yaml +++ b/.github/workflows/release-docker-image.yaml @@ -11,6 +11,10 @@ on: - Minor - Patch - Snapshot + vulnerability_severity: + description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. Must be one of ['CRITICAL', 'CRITICAL,HIGH' or 'CRITICAL,HIGH,MEDIUM'] (without space in between). + type: string + default: 'CRITICAL,HIGH' jobs: Image: @@ -18,4 +22,5 @@ jobs: with: release_type: ${{ inputs.release_type }} cloud_provider: default + vulnerability_severity: ${{ inputs.vulnerability_severity }} secrets: inherit diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 0000000..3df38b5 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,8 @@ +# List any vulnerability that are to be accepted +# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ +# for more details +# e.g. +# CVE-2022-3996 + +# https://atlassian.thetradedesk.com/jira/browse/UID2-2927 +CVE-2023-52425 diff --git a/Dockerfile b/Dockerfile index 471e6b4..20681e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin@sha256:de8e6219ff5360811a453a9237713679a9d9106ba5150290ef37fb23e246ce7d +FROM eclipse-temurin@sha256:d7a82981336958683f147f17396fe2219cb1072a5853e8a8ef16d07f0535343a WORKDIR /app EXPOSE 8088 diff --git a/pom.xml b/pom.xml index fd7a1ff..298e930 100644 --- a/pom.xml +++ b/pom.xml @@ -13,7 +13,7 @@ UTF-8 - 4.3.8 + 4.5.3 1.1.0 7.1.0-8e67b3a537 @@ -93,12 +93,12 @@ ch.qos.logback logback-core - 1.3.5 + 1.4.12 ch.qos.logback logback-classic - 1.3.5 + 1.4.12 com.github.loki4j