#962: Use Trivy cache and updated Ubuntu packages (#453)

related to exasol/script-languages-release#962
exasol · Sep 26, 2024 · ca29b6f · ca29b6f
1 parent 6a49900
commit ca29b6f
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 6 deletions.
diff --git a/ext/scripts/security_scan/run_trivy.sh b/ext/scripts/security_scan/run_trivy.sh
@@ -7,10 +7,21 @@ if [ $# -lt 1 ]; then
  exit 1
 fi
 
+TRIVY_CACHE_LOCATION="https://dli4ip9yror05.cloudfront.net"
+
+
+mkdir -p "$HOME/.cache/"
+pushd "$HOME/.cache/"
+
+curl -s -o trivy_cache.tar.gz "${TRIVY_CACHE_LOCATION}/trivy_cache.tar.gz"
+tar xf trivy_cache.tar.gz
+
+popd
+
 output_path=$1
 
-trivy rootfs --no-progress --offline-scan --format json --ignore-policy /trivy.rego --output "$output_path/trivy_report.json" / > /dev/null
+trivy rootfs  --no-progress --offline-scan --format json --timeout 15m0s --skip-java-db-update --skip-db-update --ignore-policy /trivy.rego --output "$output_path/trivy_report.json" / > /dev/null
 #run with format table and print to stdout
-trivy rootfs --no-progress --offline-scan --format table --ignore-policy /trivy.rego --output "$output_path/trivy_report.txt" / > /dev/null
+trivy rootfs --no-progress --offline-scan --format table --timeout 15m0s --skip-java-db-update --skip-db-update --ignore-policy /trivy.rego --output "$output_path/trivy_report.txt" / > /dev/null
 #Force script to return with error if a high or critical issue is found
-trivy rootfs --no-progress --offline-scan --ignore-policy /trivy.rego --show-suppressed --severity "HIGH,CRITICAL" --exit-code 1 /
+trivy rootfs --no-progress --offline-scan --timeout 15m0s --skip-db-update --skip-java-db-update --ignore-policy /trivy.rego --show-suppressed --severity "HIGH,CRITICAL" --exit-code 1 /
diff --git a/...rs/template-Exasol-all-python-3.10-conda/flavor_base/conda_deps/packages/apt_get_packages b/...rs/template-Exasol-all-python-3.10-conda/flavor_base/conda_deps/packages/apt_get_packages
@@ -1,5 +1,5 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
 curl|7.81.0-1ubuntu1.18
-ca-certificates|20230311ubuntu0.22.04.1
+ca-certificates|20240203~22.04.1
 bzip2|1.0.8-5build1
diff --git a/...xasol-all-python-3.10-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages b/...xasol-all-python-3.10-cuda-conda/flavor_base/nvidia_driver_deps/packages/apt_get_packages
@@ -1,5 +1,5 @@
 coreutils|8.32-4.1ubuntu1.2
 locales|2.35-0ubuntu3.8
 curl|7.81.0-1ubuntu1.18
-ca-certificates|20230311ubuntu0.22.04.1
+ca-certificates|20240203~22.04.1
 bzip2|1.0.8-5build1
diff --git a/flavors/template-Exasol-all-python-3.10/flavor_base/language_deps/packages/apt_get_packages b/flavors/template-Exasol-all-python-3.10/flavor_base/language_deps/packages/apt_get_packages
@@ -1,4 +1,4 @@
-ca-certificates|20230311ubuntu0.22.04.1
+ca-certificates|20240203~22.04.1
 python3.10-dev|3.10.12-1~22.04.6
 python3-distutils|3.10.8-1~22.04
 curl|7.81.0-1ubuntu1.18