fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! perf: build frontend once on runner instead of in Docker

2026-06-05 22:53:53 +00:00 · 2026-01-04 02:48:28 +00:00
parent 448bb70ac8
commit f86943b884
1 changed files with 11 additions and 0 deletions
@@ -16,6 +16,10 @@ RUN apk add --no-cache \
    bash \
    sqlite-libs \
    musl \
+    python3 \
+    py3-pip \
+    npm \
+    go \
    && update-ca-certificates

 # Install Trivy for container scanning
@@ -24,6 +28,13 @@ RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/
 # Install Grype for vulnerability scanning
 RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin

+# Install govulncheck for Go vulnerability scanning
+RUN go install golang.org/x/vuln/cmd/govulncheck@latest && \
+    mv /root/go/bin/govulncheck /usr/local/bin/
+
+# Install pip-audit for Python package vulnerability scanning
+RUN pip3 install --no-cache-dir pip-audit --break-system-packages
+
 # Create non-root user
 RUN addgroup -g 1000 scanner && \
    adduser -D -u 1000 -G scanner scanner