[IDP-2143] CVE fix

pagopa · Nov 27, 2023 · 74fe744 · 74fe744
1 parent b6bbc2b
commit 74fe744
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
@@ -58,7 +58,7 @@ jobs:
       - name: CVE Description escaped extraction and print
         if: always()
         run: |
-          SCAN_RESULTS=$(jq -r '.runs[0].tool.driver.rules | map(.shortDescription.text) | join("\\n")' ${{ steps.scan.outputs.sarif }})
+          SCAN_RESULTS=$(jq -r 'try .runs[0].tool.driver.rules | map(.shortDescription.text) | join("\\n")' ${{ steps.scan.outputs.sarif }})
           echo "SCAN_RESULTS=$SCAN_RESULTS" >> $GITHUB_ENV
           echo "CVE_CRITICAL=$(echo $SCAN_RESULTS | grep -o critical | wc -l)" >> $GITHUB_ENV
           echo "CVE_HIGH=$(echo $SCAN_RESULTS | grep -o high | wc -l)" >> $GITHUB_ENV

diff --git a/Dockerfile b/Dockerfile
@@ -13,6 +13,9 @@ RUN mvn clean package -DskipTests
 #
 FROM amazoncorretto:17.0.9-alpine3.18@sha256:df48bf2e183230040890460ddb4359a10aa6c7aad24bd88899482c52053c7e17 AS runtime
 
+# security fixes
+RUN apk update && apk upgrade --no-cache libcrypto3 libssl3
+
 RUN apk --no-cache add shadow
 RUN useradd --uid 10000 runner