Skip to content

Commit

Permalink
Merge pull request #143 from kaleido-io/vuln-checks
Browse files Browse the repository at this point in the history
adding high/critical severity vuln checks
  • Loading branch information
nguyer authored Mar 28, 2024
2 parents a90c44b + 04b6837 commit f957c67
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,22 @@ ADD --chown=node:node . .
RUN npm run build

FROM node:20-alpine3.17 as solidity-build
RUN apk add python3=3.10.13-r0 alpine-sdk=1.0-r1
RUN apk add python3=3.10.14-r1 alpine-sdk=1.0-r1
USER node
WORKDIR /home/node
ADD --chown=node:node ./samples/solidity/package*.json ./
RUN npm install
ADD --chown=node:node ./samples/solidity .
RUN npx hardhat compile

FROM alpine:3.19 AS SBOM
WORKDIR /
ADD . /SBOM
RUN apk add --no-cache curl
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.48.3
RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --exit-code 1

FROM node:20-alpine3.17
RUN apk add curl=8.5.0-r0 jq=1.6-r2
RUN mkdir -p /app/contracts/source \
Expand All @@ -36,6 +44,7 @@ COPY --from=solidity-build --chown=1001:0 /home/node/artifacts/contracts/TokenFa
WORKDIR /app
COPY --from=build --chown=1001:0 /home/node/dist ./dist
COPY --from=build --chown=1001:0 /home/node/package.json /home/node/package-lock.json ./
COPY --from=SBOM /sbom.spdx.json /sbom.spdx.json

RUN npm install --production
EXPOSE 3000
Expand Down

0 comments on commit f957c67

Please sign in to comment.