Upgrade alpine version to 3.14.6. Ignore trivy vulnerabilities CVE-2022-28391 and CVE-2022-1271 via .trivyignore (#25)

niladrih · web-flow · commit 5a063499c999 · 2022-04-18T12:15:50.000+05:30
Signed-off-by: Niladri Halder &lt;niladri.halder@mayadata.io&gt;
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,8 @@
+# This vulnerability has been fixed in alpine 3.14.6.
+# We have upgraded to 3.14.6, but the aquasecurity/trivy-action
+# v0.2.4 keeps failing because the database is not up to date.
+# https://github.com/aquasecurity/trivy/issues/1988
+CVE-2022-28391
+
+# The zgrep utility is not installed in the linux-utils image
+CVE-2022-1271
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.14.5
+FROM alpine:3.14.6
 RUN apk add --no-cache util-linux xfsprogs xfsprogs-extra lvm2 device-mapper
 
 ARG DBUILD_DATE

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM alpine:3.14.5`
	`1`	`+FROM alpine:3.14.6`
`2`	`2`	`RUN apk add --no-cache util-linux xfsprogs xfsprogs-extra lvm2 device-mapper`
`3`	`3`
`4`	`4`	`ARG DBUILD_DATE`