Skip to content

Ci/trivy #948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 15, 2025
Merged

Ci/trivy #948

merged 3 commits into from
Aug 15, 2025

Conversation

tom-rm-meyer-ISST
Copy link
Contributor

@tom-rm-meyer-ISST tom-rm-meyer-ISST commented Aug 15, 2025
edited
Loading

Description

Bumps versions of transitive dependencies in backend to fix security vulnerabilities:

  • keycloak-core to 26.3.2
  • keycloak-server-spi-private to 26.3.2
  • bcprov-jdk18on to 3.18.0
  • commons-lang3 to 3.18
  • tomcat to 10.1.43

Adapt trivy ci:

  • to upload sarif file also in case critical / high vulnerabilities have be detected.
  • bump version of trivy-action to 0.32.0

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

  • DEPENDENCIES are up-to-date. Dash license tool. Committers can open IP issues for restricted libs.
  • Copyright and license header are present on all affected files
  • If helm chart has been changed, the chart version has been bumped to either next major, minor or patch level (compared to released chart).

@tom-rm-meyer-ISST tom-rm-meyer-ISST marked this pull request as ready for review August 15, 2025 09:22
@tom-rm-meyer-ISST tom-rm-meyer-ISST merged commit 6dcc844 into eclipse-tractusx:main Aug 15, 2025
13 checks passed
@tom-rm-meyer-ISST tom-rm-meyer-ISST deleted the ci/trivy branch August 15, 2025 11:14
@tom-rm-meyer-ISST tom-rm-meyer-ISST mentioned this pull request Aug 15, 2025
Closed
45 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mhellmeier mhellmeier mhellmeier approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tom-rm-meyer-ISST @mhellmeier