Security scans

ways · ways · commit 2ce1ee302950 · 2026-01-02T00:38:48.000+01:00
diff --git a/Dockerfile b/Dockerfile
@@ -2,9 +2,9 @@
 # Run: docker run -it --rm fingr:latest
 
 FROM ubuntu:24.04
-COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+COPY --from=ghcr.io/astral-sh/uv:sha256:15f68a476b768083505fe1dbfcc998344d0135f0ca1b8465c4760b323904f05a /uv /uvx /bin/
 
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     gcc \
     g++ \
     libgfortran5 \
@@ -16,7 +16,7 @@ WORKDIR /app
 RUN useradd --home-dir=/app fingr && chown -R fingr /app
 USER fingr
 
-COPY pyproject.toml uv.lock .
+COPY pyproject.toml uv.lock ./
 
 # Install dependencies with uv
 # UV_COMPILE_BYTECODE: Precompile Python files to .pyc for faster startup
diff --git a/README.md b/README.md
@@ -93,6 +93,8 @@ Or with pip:
 ## More
 
 * Previous version: <https://github.com/ways/pyyrascii>
+* Scan dockerfile: `docker run --rm -it -v ./:/mnt aquasec/trivy fs --exit-code 1 --scanners vuln,secret,license,misconfig /mnt/Dockerfile`
+* Scan image: `docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db --severity HIGH,CRITICAL fingr`
 
 ## TODO
 
