usabilla
Restore failing when CVE scanner finds a vulnerability
During the migration to GitHub Actions in #160 this functionality was mistakenly and overzealously removed. Since PHP 8 and Alpine 3.13 are out and #166 has been filed, currently with a CVE for musl in it, this check should have failed as it is our goal to ship images without known CVE's in it. On my own PHP images the CVE checking fails and as such I was surprised that #166 didn't have any failures. Up on checking the CI logs it showed the musl CVE but the step didn't fail.
This commit restores the original functionality and will make the CI once again fail when it finds a CVE in one of the images.
Usabilla PHP Docker Template
Reviewers: @usabilla/oss-docker
Type
Please specify the type of changes being proposed:
| Q | A |
|---|---|
| Documentation? | no |
| Dockerfile change? | no |
| Build feature? | no |
| Apply CVE Patch? | no |
| Remove CVE Patch? | no |
generally looks ok, but with the failing pipeline right now will be tricky to get this merged.
@agustingomes So it fails because it finds a CVE in the nginx 1.16 image for nginx ;)
generally looks ok, but with the failing pipeline right now will be tricky to get this merged.
@agustingomes So it fails because it finds a CVE in the nginx 1.16 image for nginx ;)
:thinking: How will you be able to merge it in?
generally looks ok, but with the failing pipeline right now will be tricky to get this merged.
@agustingomes So it fails because it finds a CVE in the nginx 1.16 image for nginx ;)
How will you be able to merge it in?
That's the question! Can either fix that vurn in this PR, or fix it in a separate PR and then rebase