From d3bd7d7fbfba7669f3dc812b4d257fb9adfa10b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CBrittany?= Date: Thu, 7 Dec 2023 16:36:13 -0500 Subject: [PATCH 1/3] update docs to remove references to docker desktop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “Brittany --- docs/developer-tool-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/developer-tool-faq.md b/docs/developer-tool-faq.md index ea37062ff..c75ea5faf 100644 --- a/docs/developer-tool-faq.md +++ b/docs/developer-tool-faq.md @@ -419,11 +419,11 @@ The `detect-secrets` tool can also be run as a docker container. It supports Win #### Prerequisite -You need to have Python and [install the pre-commit framework](https://pre-commit.com/#install). The docker image of `detect-secrets` saves you the effort of installing the detect-secret pip package, which would require a heavy weight compilation environment. Besides that, please also make sure you have [docker installed](https://docs.docker.com/install/). +You need to have Python and [install the pre-commit framework](https://pre-commit.com/#install). The docker image of `detect-secrets` saves you the effort of installing the detect-secret pip package, which would require a heavy weight compilation environment. Besides that, please also make sure you have a desktop container management application such as [Rancher Desktop](https://rancherdesktop.io) or [Podman Desktop](https://podman-desktop.io) installed. (NOTE: Docker Desktop is no longer approved to use on IBM devices.) 1. python [installed](https://docs.python-guide.org/starting/installation/) 1. pre-commit framework [installed](https://pre-commit.com/#install) -1. docker [installed](https://docs.docker.com/install/) +1. [Rancher Desktop](https://rancherdesktop.io) or [Podman Desktop](https://podman-desktop.io) installed #### Setup steps From ccecb7f4921763e31bf876b09e3d27b7928c2d3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CBrittany?= Date: Tue, 12 Dec 2023 08:50:02 -0500 Subject: [PATCH 2/3] update makefile to remove deprecated command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “Brittany --- Makefile.ibm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.ibm b/Makefile.ibm index 11a1861b0..ceaaf9fd8 100644 --- a/Makefile.ibm +++ b/Makefile.ibm @@ -64,7 +64,7 @@ trivy-scan-python-vulnerabilities: ./scripts/gen-pipfile.sh > Pipfile pipenv --python `which python3` pipenv lock - $(TRIVY) fs --exit-code 1 --ignore-unfixed --security-checks vuln ./ + $(TRIVY) fs --exit-code 1 --ignore-unfixed --scanners vuln ./ docker-quality-images: for image_name in $(DOCKER_IMAGES_TO_SCAN) ; do \ From f3d2a05dffebc08c1f308e0cc59c06206af66f55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CBrittany?= Date: Wed, 13 Dec 2023 09:37:52 -0500 Subject: [PATCH 3/3] exclude jwts from trivy scan MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: “Brittany --- trivy-secret.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 trivy-secret.yaml diff --git a/trivy-secret.yaml b/trivy-secret.yaml new file mode 100644 index 000000000..af27f5f84 --- /dev/null +++ b/trivy-secret.yaml @@ -0,0 +1,2 @@ +disable-rules: + - jwt-token