From 71cc75cac03f7ebf4d94b863ddf06c09437b96d7 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Fri, 19 Jul 2024 20:47:44 -0400
Subject: [PATCH 1/2] [CONFIG] [Gihub Actions] Docker analisys with Trivy: new
 secondary "table" output.

---
 .github/workflows/docker-image.yml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 7c6fe1f..0148273 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -157,7 +157,7 @@ jobs:
         with:
           sarif_file: 'snyk.sarif'
   scan:
-    name: "Trivy"
+    name: "Trivy (sarif)"
     runs-on: ubuntu-latest
     needs: build
     permissions:
@@ -187,3 +187,25 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
+
+  report:
+    name: "Trivy (report)"
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ env.ARTIFACT_NAME }}_prod
+          path: /tmp/
+
+      - name: Load image
+        run: |
+          docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
+          docker image ls -a
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
+          format: 'table'

From 8dd601648f0bd97cddcc096bca0007656d8ae727 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Fri, 19 Jul 2024 20:47:14 -0400
Subject: [PATCH 2/2] [Security] [CONFIG] [Docker] FIX CVE-2024-5535
 CVE-2024-4741

https://github.com/alpinelinux/docker-alpine/issues/405#issuecomment-2237087563
---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 972f166..7d623bd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,6 +5,8 @@ ENV WORKDIR=/app
 WORKDIR ${WORKDIR}
 
 RUN apk add --update --no-cache make
+RUN apk upgrade --update --no-cache openssl libcrypto3 libssl3 # FIX CVE-2024-5535
+RUN apk upgrade --update --no-cache --available # FIX CVE-2024-5535 CVE-2024-4741
 
 ###############################################################################
 FROM base AS lint
@@ -92,6 +94,8 @@ CMD ["make", "test"]
 ## WORKDIR and USER are maintained
 ##
 FROM eclipse-temurin:22.0.1_8-jre-alpine AS production
+RUN apk upgrade --update --no-cache openssl libcrypto3 libssl3 # FIX CVE-2024-5535
+RUN apk upgrade --update --no-cache --available # FIX CVE-2024-5535 CVE-2024-4741
 
 ENV LOG_LEVEL=INFO
 ENV BRUTEFORCE=false