Skip to content

Commit 2a64c4d

Browse files
david-waltermiredavid-waltermire
committed
chore: add trivy:ignore comments for builder stage findings
1 parent 63bb7dc commit 2a64c4d

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

Dockerfile.ci

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
# syntax=docker/dockerfile:1
2+
# trivy:ignore:DS026 - CLI tool runs and exits, HEALTHCHECK not applicable
23
ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17
34
ARG RUNNER_IMAGE=eclipse-temurin:17
45

6+
# Builder stage runs as root; runner stage uses non-root user
7+
# trivy:ignore:DS029
58
FROM ${BUILDER_IMAGE} AS builder
9+
# trivy:ignore:DS029
610
RUN apt-get update && apt-get install -y unzip
711
COPY ./target/*oscal-cli.zip /tmp/oscal-cli.zip
812
WORKDIR /tmp

Dockerfile.local

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
# syntax=docker/dockerfile:1
2+
# trivy:ignore:DS026 - CLI tool runs and exits, HEALTHCHECK not applicable
23
ARG BUILDER_IMAGE=maven:3.9.9-eclipse-temurin-17
34
ARG RUNNER_IMAGE=eclipse-temurin:17
45

6+
# Builder stage runs as root; runner stage uses non-root user
7+
# trivy:ignore:DS029
58
FROM ${BUILDER_IMAGE} AS builder
69
ARG BUILDER_JDK_VENDOR=temurin
710
ARG BUILDER_JDK_MAJOR_VERSION=17
811
ARG BUILDER_JDK_HOME_PATH=/opt/java/openjdk
12+
# trivy:ignore:DS005 - ADD used intentionally to copy entire build context
913
ADD . /usr/local/src
1014
WORKDIR /usr/local/src
15+
# trivy:ignore:DS029
1116
RUN apt-get update && apt-get install -y unzip
1217
RUN <<EOF
1318
mkdir -p /root/.m2

0 commit comments

Comments
 (0)