Merge pull request #63 from cortexapps/trivy-tweaks

Move to stable debian, ignore unfixed container vulns

Author: shawnburke

.github/workflows/docker.yml

@@ -71,6 +71,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
+          ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM debian:stable-slim
 WORKDIR /agent
 
 # Install dependencies