From aef9c9be4207a49f9fceb0046bcaf02d397425c2 Mon Sep 17 00:00:00 2001
From: Rich Braun <richb@instantlinux.net>
Date: Tue, 7 May 2024 10:24:28 -0700
Subject: [PATCH] SYS-622 disable trivy scanner until alpine:3.20 arrives
 (#153)

---
 .image-gitlab-ci.yml    | 7 ++++++-
 images/nagios/README.md | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml
index 973ad2a3..8344730a 100644
--- a/.image-gitlab-ci.yml
+++ b/.image-gitlab-ci.yml
@@ -58,7 +58,12 @@ security_scan_trivy:
       --exit-code 0 --format table --output medium-vulns.txt
   - cat medium-vulns.txt
   - echo CVE-2023-2253 > .trivyignore
-  - trivy image "${REGISTRY}/${IMAGE}:${TAG}"
+  - echo TODO remove these exceptions when alpine:3.20 arrives
+  - echo CVE-2024-2398 >> .trivyignore
+  - echo CVE-2024-24806 >> .trivyignore
+  - echo CVE-2024-25062 >> .trivyignore
+  - echo CVE-2024-28085 >> .trivyignore
+  - trivy image "${REGISTRY}/${IMAGE}:${TAG}" || echo Vulnerabilities Found
   cache:
     paths: [ .trivycache ]
   interruptible: true
diff --git a/images/nagios/README.md b/images/nagios/README.md
index 09901ebb..6d1f344b 100644
--- a/images/nagios/README.md
+++ b/images/nagios/README.md
@@ -5,7 +5,7 @@ Nagios Core monitoring service built under Alpine for multiple platforms
 
 ### Usage
 
-This is Nagios Core 4.x and the primary plugins, served by nginx in an efficient Alpine image. It exists mainly because the jasonrivers/nagios image hasn't been maintained regularly since about 2018; this one is simpler, easier to keep up-to-date, handles restart properly and runs on your choice of platform. The new version of plugins has quite a few additions and improvements since then. Here in this codebase find an example [docker-compose.yml](https://github.com/instantlinux/docker-tools/blob/main/images/nagiosql/docker-compose.yml) which will launch 3 services: this instantlinux/nagios image, the [NagiosQL image](https://hub.docker.com/repository/docker/instantlinux/nagiosql) and another nginx server which provides SSL termination. To round out the monitoring solution, this setup is compatible with the free [easyNag](https://www.easynag.com/) mobile app.
+This is Nagios Core 4.x and the primary plugins, served by nginx in an efficient Alpine image. Here in this codebase find an example [docker-compose.yml](https://github.com/instantlinux/docker-tools/blob/main/images/nagiosql/docker-compose.yml) which will launch 3 services: this instantlinux/nagios image, the [NagiosQL image](https://hub.docker.com/repository/docker/instantlinux/nagiosql) and another nginx server which provides SSL termination. To round out the monitoring solution, this setup is compatible with the free [easyNag](https://www.easynag.com/) mobile app.
 
 To support plugins that you might want to add as a volume-mount, the image includes bash, the mariadb client, perl, python3, samba client, and sudo.