mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-07-11 04:41:52 +00:00
fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! perf: build frontend once on runner instead of in Docker
This commit is contained in:
@@ -16,6 +16,10 @@ RUN apk add --no-cache \
|
|||||||
bash \
|
bash \
|
||||||
sqlite-libs \
|
sqlite-libs \
|
||||||
musl \
|
musl \
|
||||||
|
python3 \
|
||||||
|
py3-pip \
|
||||||
|
npm \
|
||||||
|
go \
|
||||||
&& update-ca-certificates
|
&& update-ca-certificates
|
||||||
|
|
||||||
# Install Trivy for container scanning
|
# Install Trivy for container scanning
|
||||||
@@ -24,6 +28,13 @@ RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/
|
|||||||
# Install Grype for vulnerability scanning
|
# Install Grype for vulnerability scanning
|
||||||
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
|
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
|
||||||
|
|
||||||
|
# Install govulncheck for Go vulnerability scanning
|
||||||
|
RUN go install golang.org/x/vuln/cmd/govulncheck@latest && \
|
||||||
|
mv /root/go/bin/govulncheck /usr/local/bin/
|
||||||
|
|
||||||
|
# Install pip-audit for Python package vulnerability scanning
|
||||||
|
RUN pip3 install --no-cache-dir pip-audit --break-system-packages
|
||||||
|
|
||||||
# Create non-root user
|
# Create non-root user
|
||||||
RUN addgroup -g 1000 scanner && \
|
RUN addgroup -g 1000 scanner && \
|
||||||
adduser -D -u 1000 -G scanner scanner
|
adduser -D -u 1000 -G scanner scanner
|
||||||
|
|||||||
Reference in New Issue
Block a user