Upgrade alpine version to 3.14.6. Ignore trivy vulnerabilities CVE-20…

…22-28391 and CVE-2022-1271 via .trivyignore (#25) Signed-off-by: Niladri Halder <[email protected]>
openebs · Apr 18, 2022 · 5a06349 · 5a06349
1 parent 0b00a0c
commit 5a06349
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,8 @@
+# This vulnerability has been fixed in alpine 3.14.6.
+# We have upgraded to 3.14.6, but the aquasecurity/trivy-action
+# v0.2.4 keeps failing because the database is not up to date.
+# https://github.com/aquasecurity/trivy/issues/1988
+CVE-2022-28391
+
+# The zgrep utility is not installed in the linux-utils image
+CVE-2022-1271
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.14.5
+FROM alpine:3.14.6
 RUN apk add --no-cache util-linux xfsprogs xfsprogs-extra lvm2 device-mapper
 
 ARG DBUILD_DATE