Skip to content

Commit

Permalink
Add trivy ignore for CVE-2023-52425
Browse files Browse the repository at this point in the history
  • Loading branch information
@samleeflang
samleeflang committed Feb 12, 2024
1 parent 142879f commit 48287fd
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/.trivyignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Date: Feb 12, 2024
# Notes: Issue with libexpat, parsing large tokens can trigger a denial of service
# Needs to be fixed in Docker Image.
CVE-2023-6378
4 changes: 2 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM eclipse-temurin:21-jdk-alpine AS builder
FROM eclipse-temurin:21-jre-alpine AS builder
WORKDIR application
ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} application.jar
RUN java -Djarmode=layertools -jar application.jar extract

FROM eclipse-temurin:21-jdk-alpine
FROM eclipse-temurin:21-jre-alpine
RUN adduser -D -u 1000 java
WORKDIR application
COPY --chown=java:java --from=builder application/dependencies/ ./
Expand Down

0 comments on commit 48287fd

Please sign in to comment.