feat: add Trivy security scan workflow and update Dockerfiles for vulnerability scanning

2026-03-17 22:54:00 +05:30
parent 8bf52b9ef1
commit 23b072ea10
4 changed files with 113 additions and 1 deletions
--- a/4
+++ b/4
@@ -79,6 +79,10 @@ ARG BASE_URL
 # Set this to "true" to disable Nginx listening on IPv6
 ENV DISABLE_IPV6=false

+USER root
+RUN apk upgrade --no-cache
+USER nginx
+
 COPY --chown=nginx:nginx --from=builder /app/dist /usr/share/nginx/html${BASE_URL%/}
 COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
 COPY --chown=nginx:nginx --chmod=755 nginx-ipv6.sh /docker-entrypoint.d/99-disable-ipv6.sh