Restore failing when CVE scanner finds a vulnerability #167
Commits on Feb 25, 2021
-
Restore failing when CVE scanner finds a vulnerability
During the migration to GitHub Actions in #160 this functionality was mistakenly and overzealously removed. Since PHP 8 and Alpine 3.13 are out and #166 has been filed, currently with a CVE for musl in it, this check should have failed as it is our goal to ship images without known CVE's in it. On my own PHP images the CVE checking fails and as such I was surprised that #166 didn't have any failures. Up on checking the CI logs it showed the musl CVE but the step didn't fail. This commit restores the original functionality and will make the CI once again fail when it finds a CVE in one of the images.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.