diff --git a/.github/workflows/call-maventests.yml b/.github/workflows/call-maventests.yml index aadf569..76280fd 100644 --- a/.github/workflows/call-maventests.yml +++ b/.github/workflows/call-maventests.yml @@ -21,9 +21,13 @@ jobs: with: image: ${{ env.IMAGE_NAME}}:${{env.IMAGETAG}} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # pin@v0.19.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # pin@v0.28.0 + id: trivy-primary + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2 + TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db:1,public.ecr.aws/aquasecurity/trivy-java-db:1 with: - image-ref: ${{ env.IMAGE_NAME}}:${{env.IMAGETAG}} - exit-code: '1' - severity: 'CRITICAL,HIGH' + image-ref: "${{ env.IMAGE_NAME}}:${{env.IMAGETAG}}" + exit-code: "1" + severity: "CRITICAL,HIGH" diff --git a/.trivyignore b/.trivyignore index bd01a9c..c019fa8 100644 --- a/.trivyignore +++ b/.trivyignore @@ -20,3 +20,4 @@ CVE-2016-1000027 #spring-web fixed in 6.0.0 CVE-2024-22243 #spring-web fixed in 6.1.4, 6.0.17, 5.3.32 CVE-2024-22259 #spring-web fixed in 6.1.5, 6.0.18, 5.3.33 CVE-2024-22262 #spring-web fixed in 5.3.34, 6.0.19, 6.1.6 +CVE-2024-47554 #commons-io fixed in 2.14.0 diff --git a/docker/profiles/test/connector/keystore/eidasKeyStore.p12 b/docker/profiles/test/connector/keystore/eidasKeyStore.p12 index a5bb108..eb171f4 100644 Binary files a/docker/profiles/test/connector/keystore/eidasKeyStore.p12 and b/docker/profiles/test/connector/keystore/eidasKeyStore.p12 differ diff --git a/docker/profiles/test/proxy/keystore/eidasKeyStore.p12 b/docker/profiles/test/proxy/keystore/eidasKeyStore.p12 index ee449a6..58d6c26 100644 Binary files a/docker/profiles/test/proxy/keystore/eidasKeyStore.p12 and b/docker/profiles/test/proxy/keystore/eidasKeyStore.p12 differ