diff --git a/.trivyignore b/.trivyignore index 1664a1601..a07c2fa4d 100644 --- a/.trivyignore +++ b/.trivyignore @@ -12,7 +12,4 @@ CVE-2025-65018 exp:2026-06-05 CVE-2025-66293 exp:2026-06-15 # UID2-6481 -CVE-2025-68973 exp:2026-06-15 - -# UID2-6550 -CVE-2026-24515 exp:2026-03-05 \ No newline at end of file +CVE-2025-68973 exp:2026-06-15 \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 2c92f798b..5fb795c79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -# sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.9_10-jre-alpine-3.23/images/sha256-79f8eb45e1219ce03b48d045b1ee920ea529acceb7ff2be6fad7b0b5cb6f07e0 -FROM eclipse-temurin@sha256:79f8eb45e1219ce03b48d045b1ee920ea529acceb7ff2be6fad7b0b5cb6f07e0 +# sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 +FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 # For Amazon Corretto Crypto Provider -RUN apk add --no-cache --upgrade libpng && apk add --no-cache gcompat +RUN apk add --no-cache gcompat WORKDIR /app EXPOSE 8080 diff --git a/scripts/azure-cc/Dockerfile b/scripts/azure-cc/Dockerfile index 4eb79c648..7a2880aa3 100644 --- a/scripts/azure-cc/Dockerfile +++ b/scripts/azure-cc/Dockerfile @@ -1,8 +1,8 @@ -# sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.9_10-jre-alpine-3.23/images/sha256-79f8eb45e1219ce03b48d045b1ee920ea529acceb7ff2be6fad7b0b5cb6f07e0 -FROM eclipse-temurin@sha256:79f8eb45e1219ce03b48d045b1ee920ea529acceb7ff2be6fad7b0b5cb6f07e0 +# sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 +FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 # Install necessary packages and set up virtual environment -RUN apk update && apk add --no-cache --upgrade libpng && apk add --no-cache jq python3 py3-pip && \ +RUN apk update && apk add --no-cache jq python3 py3-pip && \ python3 -m venv /venv && \ . /venv/bin/activate && \ pip install --no-cache-dir requests azure-identity azure-keyvault-secrets && \ diff --git a/scripts/gcp-oidc/Dockerfile b/scripts/gcp-oidc/Dockerfile index 22646304b..7bc63c787 100644 --- a/scripts/gcp-oidc/Dockerfile +++ b/scripts/gcp-oidc/Dockerfile @@ -1,5 +1,5 @@ -# sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.9_10-jre-alpine-3.23/images/sha256-79f8eb45e1219ce03b48d045b1ee920ea529acceb7ff2be6fad7b0b5cb6f07e0 -FROM eclipse-temurin@sha256:79f8eb45e1219ce03b48d045b1ee920ea529acceb7ff2be6fad7b0b5cb6f07e0 +# sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 +FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 LABEL "tee.launch_policy.allow_env_override"="API_TOKEN_SECRET_NAME,DEPLOYMENT_ENVIRONMENT,CORE_BASE_URL,OPTOUT_BASE_URL,DEBUG_MODE,SKIP_VALIDATIONS" LABEL "tee.launch_policy.log_redirect"="always"