From 5a063499c999b96706ca4b471c1338bd094581c0 Mon Sep 17 00:00:00 2001
From: Niladri Halder <niladri.halder@mayadata.io>
Date: Mon, 18 Apr 2022 12:15:50 +0530
Subject: [PATCH] Upgrade alpine version to 3.14.6. Ignore trivy
 vulnerabilities CVE-2022-28391 and CVE-2022-1271 via .trivyignore (#25)

Signed-off-by: Niladri Halder <niladri.halder@mayadata.io>
---
 .trivyignore | 8 ++++++++
 Dockerfile   | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 0000000..154bba8
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,8 @@
+# This vulnerability has been fixed in alpine 3.14.6.
+# We have upgraded to 3.14.6, but the aquasecurity/trivy-action
+# v0.2.4 keeps failing because the database is not up to date.
+# https://github.com/aquasecurity/trivy/issues/1988
+CVE-2022-28391
+
+# The zgrep utility is not installed in the linux-utils image
+CVE-2022-1271
diff --git a/Dockerfile b/Dockerfile
index 20b0830..c7e78bc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.14.5
+FROM alpine:3.14.6
 RUN apk add --no-cache util-linux xfsprogs xfsprogs-extra lvm2 device-mapper
 
 ARG DBUILD_DATE