From b069a8cc5e529d8832da02569fd19184ae5a14b0 Mon Sep 17 00:00:00 2001 From: BrianEllwood Date: Thu, 18 Dec 2025 11:12:20 +0000 Subject: [PATCH 1/4] add container release alert --- .github/workflows/container-release.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/container-release.yml b/.github/workflows/container-release.yml index 513257f..5241371 100644 --- a/.github/workflows/container-release.yml +++ b/.github/workflows/container-release.yml @@ -17,4 +17,6 @@ jobs: contents: write id-token: write packages: write - uses: ministryofjustice/analytical-platform-github-actions/.github/workflows/reusable-container-release.yml@0c3b5555edfbbb10220ed435359dfd6769ad79ed # v3.2.0 + uses: ministryofjustice/analytical-platform-github-actions/.github/workflows/reusable-container-release.yml@2ab174150aeb0a6003afd1c0b4316698720b3b6b # v5.5.0 + secrets: + release-failure-webhook-url: ${{ secrets.ANALYTICAL_PLATFORM_RELEASE_FAILURE_SLACK_WEBHOOK_URL }} From 2b16c8216df4d9708d0cd4e82ff7fe5697e08b18 Mon Sep 17 00:00:00 2001 From: BrianEllwood Date: Thu, 18 Dec 2025 11:18:08 +0000 Subject: [PATCH 2/4] update container scan version --- .github/workflows/container-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index b08906c..2fd9fcc 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -13,4 +13,4 @@ jobs: name: Container Scan permissions: contents: read - uses: ministryofjustice/analytical-platform-github-actions/.github/workflows/reusable-container-scan.yml@0c3b5555edfbbb10220ed435359dfd6769ad79ed # v3.2.0 + uses: ministryofjustice/analytical-platform-github-actions/.github/workflows/reusable-container-scan.yml@2ab174150aeb0a6003afd1c0b4316698720b3b6b # v5.5.0 From 1d4386de5acf641e15e1f7668874d6e3cfcabeac Mon Sep 17 00:00:00 2001 From: BrianEllwood Date: Thu, 18 Dec 2025 11:23:11 +0000 Subject: [PATCH 3/4] update container test version --- .github/workflows/container-test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml index 5a189c5..b1f1891 100644 --- a/.github/workflows/container-test.yml +++ b/.github/workflows/container-test.yml @@ -13,4 +13,5 @@ jobs: name: Container Test permissions: contents: read - uses: ministryofjustice/analytical-platform-github-actions/.github/workflows/reusable-container-test.yml@0c3b5555edfbbb10220ed435359dfd6769ad79ed # v3.2.0 + uses: ministryofjustice/analytical-platform-github-actions/.github/workflows/reusable-container-test.yml@2ab174150aeb0a6003afd1c0b4316698720b3b6b # v5.5.0 + From c59deae56ba8d561fc37470728f10f8c60263775 Mon Sep 17 00:00:00 2001 From: BrianEllwood Date: Thu, 18 Dec 2025 14:21:13 +0000 Subject: [PATCH 4/4] add CVEs to trivyignore --- .trivyignore | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.trivyignore b/.trivyignore index e8ce78e..1dbb430 100644 --- a/.trivyignore +++ b/.trivyignore @@ -1 +1,10 @@ # As of 03/06/2025 there are no vulnerabilities to skip in docker.io/openresty/openresty:1.27.1.2-1-alpine-fat + +# alpine 3.21.3 - sha is set to latest so no fix +CVE-2025-64720 exp:2026-03-17 +CVE-2025-65018 exp:2026-03-17 +CVE-2025-66293 exp:2026-03-17 +CVE-2025-49794 exp:2026-03-17 +CVE-2025-49796 exp:2026-03-17 +CVE-2025-49795 exp:2026-03-17 +CVE-2025-6021 exp:2026-03-17