Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bump tomcat, fix tests
  • Loading branch information
pcaskey committed Mar 13, 2023
1 parent abe361d commit 47a7a78
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 9 deletions.
3 changes: 3 additions & 0 deletions .trivyignore
@@ -0,0 +1,3 @@
# Accept the risk
CVE-2016-1000027

4 changes: 2 additions & 2 deletions Dockerfile
Expand Up @@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux:8.6
#
##tomcat \
ENV TOMCAT_MAJOR=9 \
TOMCAT_VERSION=9.0.71 \
TOMCAT_VERSION=9.0.73 \
##shib-idp \
VERSION=4.3.0 \
##TIER \
TIERVERSION=20230118_rocky8_multiarch \
TIERVERSION=20230313_rocky8_multiarch \
#################### \
#### OTHER VARS #### \
#################### \
Expand Down
10 changes: 5 additions & 5 deletions Jenkinsfile
Expand Up @@ -97,11 +97,11 @@ pipeline {
// Scan container for all vulnerability levels
echo "Scanning for all vulnerabilities..."
sh 'mkdir -p reports'
// 2 scans below are temp (os scan only, no lib scan), while timeout issues are worked
// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
// 2 commented scans below are OS-only, in case timeout issues occur
sh "trivy image --timeout 10m --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
// sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
sh "trivy image --timeout 10m --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
// sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
Expand Down
3 changes: 1 addition & 2 deletions tests/checktomcatver.sh
Expand Up @@ -51,8 +51,7 @@ if [ -z "$(echo $tomcatver | xargs)" ]; then
fi

#check if that version of tomcat is available in the download area (return is 0 if current, non-zero if not current)
wget -q --spider https://mirrors.gigenet.com/apache/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz
#wget -q --spider http://apache.mirrors.ionfish.org/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz
wget -q --spider https://dlcdn.apache.org/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz

if [ $? == '0' ]; then
echo "Running Tomcat version (${tomcatver}) is current!"
Expand Down

0 comments on commit 47a7a78

Please sign in to comment.