trivy updates

.devcontainer/devcontainer.json

@@ -42,7 +42,7 @@
 			"version": "v3.20.3"
 		},
 		"ghcr.io/dhoeric/features/trivy:1.0.0": {
-			"version": "0.49.1"
+			"version": "0.52.1"
 		}
 	},
 	"customizations": {
@@ -62,7 +62,8 @@
 				"eamodio.gitlens",
 				"streetsidesoftware.code-spell-checker",
 				"github.vscode-pull-request-github",
-				"codeandstuff.package-json-upgrade"
+				"codeandstuff.package-json-upgrade", 
+				"AquaSecurityOfficial.trivy-vulnerability-scanner"
 			]
 		}
 	},	

.github/workflows/cacti-dev-container-vscode-publish.yaml

@@ -1,7 +1,7 @@
 name: connector-fabric-publish
 
 env:
-  NODEJS_VERSION: v20.3.0
+  NODEJS_VERSION: v20.11.1
   IMAGE_NAME: cacti-dev-container-vscode
 
 on:

.github/workflows/ci.yaml

@@ -2160,7 +2160,16 @@ jobs:
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-besu-all-in-one
-        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile
+        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile -t cactus-besu-all-in-one
+      - name: Run Trivy vulnerability scan for cactus-besu-all-in-one
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-besu-all-in-one'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-cmd-api-server:
     runs-on: ubuntu-22.04
     needs:
@@ -2247,8 +2256,16 @@ jobs:
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-corda-all-in-one
-        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile
-
+        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile -t cactus-corda-all-in-one
+      - name: Run Trivy vulnerability scan for cactus-corda-all-in-one
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-corda-all-in-one'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-corda-all-in-one-flowdb:
     runs-on: ubuntu-22.04
     steps:
@@ -2264,7 +2281,15 @@ jobs:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-corda-all-in-one-obligation
         run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-all-in-one-obligation
-
+      - name: Run Trivy vulnerability scan for cactus-corda-all-in-one-obligation
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-corda-all-in-one-obligation'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-dev-container-vscode:
     runs-on: ubuntu-22.04
     needs:
@@ -2287,38 +2312,69 @@ jobs:
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-example-carbon-accounting
-        run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile
-
+        run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile -t cactus-example-carbon-accounting
+      - name: Run Trivy vulnerability scan for cactus-example-carbon-accounting
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-example-carbon-accounting'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-example-supply-chain-app:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-example-supply-chain-app
         run: DOCKER_BUILDKIT=1 docker build . -f ./examples/cactus-example-supply-chain-backend/Dockerfile -t cactus-example-supply-chain-app
-
+      - name: Run Trivy vulnerability scan for cactus-example-supply-chain-app
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-example-supply-chain-app'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-fabric-all-in-one:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-fabric-all-in-one
-        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x
-
+        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x -t cactus-fabric-all-in-one
+      - name: Run Trivy vulnerability scan for cactus-fabric-all-in-one
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-fabric-all-in-one'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-fabric2-all-in-one:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-fabric2-all-in-one
-        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x
-
+        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x -t cactus-fabric2-all-in-one
+      - name: Run Trivy vulnerability scan for cactus-fabric2-all-in-one
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-fabric2-all-in-one'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-keychain-vault-server:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-keychain-vault-server
         run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server
-      - if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
-        name: Run Trivy vulnerability scan for cactus-keychain-vault-server
-        uses: aquasecurity/[email protected]
+      - name: Run Trivy vulnerability scan for cactus-keychain-vault-server
+        uses: aquasecurity/[email protected]
         with:
           image-ref: 'cactus-keychain-vault-server'
           format: 'table'
@@ -2331,15 +2387,31 @@ jobs:
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-quorum-all-in-one
-        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile
-
+        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile -t cactus-quorum-all-in-one
+      - name: Run Trivy vulnerability scan for cactus-quorum-all-in-one
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-quorum-all-in-one'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
   ghcr-quorum-multi-party-all-in-one:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/[email protected]
       - name: ghcr.io/hyperledger/cactus-quorum-multi-party-all-in-one
         run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile -t cactus-quorum-multi-party-all-in-one
-
+      - name: Run Trivy vulnerability scan for cactus-quorum-multi-party-all-in-one
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: 'cactus-quorum-multi-party-all-in-one'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
 name: Cactus_CI
 'on':
   pull_request:

.vscode/extensions.json

@@ -14,6 +14,7 @@
       "eamodio.gitlens",
       "streetsidesoftware.code-spell-checker",
       "github.vscode-pull-request-github",
-      "codeandstuff.package-json-upgrade"
+      "codeandstuff.package-json-upgrade", 
+      "AquaSecurityOfficial.trivy-vulnerability-scanner"
     ]
   }