-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[APIPUB-80] Fixing vulnerabilities found with Docker Scout (#84)
Update nuget packages Update System.Text.Json to version 8.0.5 Update .NET SDK alpine version to use Alpine 3.20 Update apk for openssl to use version 3.3.2 and remove vulnerability Update apk for postgres client to use version 16
- Loading branch information
1 parent
ca01994
commit f742485
Showing
15 changed files
with
68 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,8 +3,8 @@ | |
# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0. | ||
# See the LICENSE and NOTICES files in the project root for more information. | ||
|
||
# Tag aspnet:8.0-alpine | ||
FROM mcr.microsoft.com/dotnet/aspnet@sha256:ba398f8c6a0469436cc115bfbd278002baf4ce9423b6d8a9e904da6adc31a23d | ||
# Tag aspnet:8.0-alpine3.20 | ||
FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.20@sha256:b5b7dec8006fe016cc864f618cf60eab24fb7d7a28c8ecf4f6b90ceeaa5cf9f2 | ||
LABEL maintainer="Ed-Fi Alliance, LLC and Contributors <[email protected]>" | ||
|
||
ARG VERSION="1.2.1" | ||
|
@@ -21,7 +21,8 @@ COPY ./Docker/plainTextNamedConnections.template.json /app/plainTextNamedConnect | |
|
||
COPY ./Docker/run.sh /app/run.sh | ||
|
||
RUN apk --no-cache add unzip=~6 dos2unix=~7 bash=~5 gettext=~0 postgresql13-client=~13 icu=~74 curl=~8 && \ | ||
RUN apk update && \ | ||
apk --no-cache add --upgrade unzip=~6 dos2unix=~7 bash=~5 gettext=~0 openssl=3.3.2-r0 postgresql16-client=~16 icu=~74 curl=~8 && \ | ||
wget -nv -O /app/ApiPublisher.zip https://pkgs.dev.azure.com/ed-fi-alliance/Ed-Fi-Alliance-OSS/_apis/packaging/feeds/EdFi/nuget/packages/EdFi.ApiPublisher/versions/${VERSION}/content && \ | ||
unzip /app/ApiPublisher.zip 'EdFi.ApiPublisher/**' -d /app/ && \ | ||
mv /app/EdFi.ApiPublisher/* /app/ && \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,7 +5,7 @@ | |
|
||
|
||
# tag sdk:8.0 alpine | ||
FROM mcr.microsoft.com/dotnet/sdk@sha256:91cb46b0ee207d0df53e2e38f2e4013fe2668ab52dcca13c971afbbef94c83ef AS build | ||
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine3.20@sha256:07cb8622ca6c4d7600b42b2eccba968dff4b37d41b43a9bf4bd800aa02fab117 AS build | ||
WORKDIR /source | ||
|
||
COPY ./.editorconfig .editorconfig | ||
|
@@ -37,7 +37,7 @@ RUN dotnet publish -c Release -o /app/EdFi.Tools.ApiPiblisher.Cli --no-build --n | |
|
||
|
||
# Tag aspnet:8.0 alpine | ||
FROM mcr.microsoft.com/dotnet/aspnet@sha256:ba398f8c6a0469436cc115bfbd278002baf4ce9423b6d8a9e904da6adc31a23d | ||
FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine3.20@sha256:b5b7dec8006fe016cc864f618cf60eab24fb7d7a28c8ecf4f6b90ceeaa5cf9f2 | ||
LABEL maintainer="Ed-Fi Alliance, LLC and Contributors <[email protected]>" | ||
|
||
# Alpine image does not contain Globalization Cultures library so we need to install ICU library to get fopr LINQ expression to work | ||
|
@@ -53,11 +53,11 @@ COPY ./Docker/logging.template.json /app/logging.template.json | |
COPY ./Docker/plainTextNamedConnections.template.json /app/plainTextNamedConnections.template.json | ||
COPY ./Docker/run.sh /app/run.sh | ||
|
||
RUN apk --no-cache add unzip=~6 dos2unix=~7 bash=~5 gettext=~0 icu=~74 curl=~8 && \ | ||
RUN apk --no-cache add --upgrade unzip=~6 dos2unix=~7 bash=~5 openssl=3.3.2-r0 gettext=~0 icu=~74 curl=~8 && \ | ||
dos2unix /app/*.json && \ | ||
dos2unix /app/*.sh && \ | ||
chmod 700 /app/*.sh -- ** && \ | ||
rm -f /app/*.pdb && \ | ||
rm -f /app/*.exe | ||
|
||
ENTRYPOINT [ "/app/run.sh" ] | ||
ENTRYPOINT [ "/app/run.sh" ] |