From 77eceb1b4dde86b6f379fb5413e0017b33fe878a Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Tue, 17 Feb 2026 16:00:50 +0000 Subject: [PATCH 1/2] updates trivy version --- .github/workflows/quality-checks.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index faef2de..392187c 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -204,7 +204,7 @@ jobs: cd src go mod vendor - name: Check licenses - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "fs" scan-ref: "." @@ -247,7 +247,7 @@ jobs: - name: Run unit tests run: make test - name: Generate SBOM - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "fs" scan-ref: "." @@ -264,7 +264,7 @@ jobs: - name: Check python vulnerabilities if: ${{ steps.check_languages.outputs.uses_poetry == 'true' }} - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "fs" skip-files: "**/package-lock.json,**/go.mod,**/pom.xml" @@ -277,7 +277,7 @@ jobs: trivy-config: trivy.yaml - name: Check node vulnerabilities if: ${{ steps.check_languages.outputs.uses_node == 'true' }} - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "fs" skip-files: "**/poetry.lock,**/go.mod,**/pom.xml" @@ -290,7 +290,7 @@ jobs: trivy-config: trivy.yaml - name: Check go vulnerabilities if: ${{ steps.check_languages.outputs.uses_go == 'true' }} - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "fs" skip-files: "**/poetry.lock,**/package-lock.json,**/pom.xml" @@ -302,7 +302,7 @@ jobs: exit-code: "1" - name: Check java vulnerabilities if: ${{ steps.check_languages.outputs.uses_java == 'true' }} - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "fs" skip-files: "**/poetry.lock,**/package-lock.json,**/go.mod" @@ -486,7 +486,7 @@ jobs: make docker-build - name: Check docker vulnerabilities - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 + uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 with: scan-type: "image" image-ref: ${{ matrix.docker_image }} From d041b3da918f911b59d4fedb94c38ddeafb1f012 Mon Sep 17 00:00:00 2001 From: Jack Spagnoli Date: Tue, 17 Feb 2026 16:01:02 +0000 Subject: [PATCH 2/2] devcontainer make install --- .devcontainer/devcontainer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index fe626eb..9510367 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -20,7 +20,7 @@ "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }, - "postAttachCommand": "docker build -f /workspaces/eps-common-workflows/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && pre-commit install --install-hooks -f", + "postAttachCommand": "make install && docker build -f /workspaces/eps-common-workflows/dockerfiles/nhsd-git-secrets.dockerfile -t git-secrets . && pre-commit install --install-hooks -f", "features": { "ghcr.io/devcontainers/features/github-cli:1": {}, "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {