From 81271cabd7bf6250d85b0d64f5456b198aaaea3f Mon Sep 17 00:00:00 2001
From: taxidis <taxidis@transifex.com>
Date: Tue, 27 Sep 2022 12:26:42 +0300
Subject: [PATCH] Add trivy and update OS

---
 Dockerfile | 5 ++++-
 Makefile   | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index db771cb..31ea233 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,10 @@ FROM node:16.13.2-alpine as builder
 ARG USER_ID
 ARG GROUP_ID
 
-RUN if [ ${USER_ID:-0} -ne 0 ] && [ ${GROUP_ID:-0} -ne 0 ]; then \
+RUN apk update && \
+    apk upgrade && \
+    rm -rf /var/cache/apk/* && \
+    if [ ${USER_ID:-0} -ne 0 ] && [ ${GROUP_ID:-0} -ne 0 ]; then \
     deluser node && \
     addgroup -g ${GROUP_ID} node && \
     adduser -u ${USER_ID} -D node -G node \
diff --git a/Makefile b/Makefile
index b62a377..3183c6c 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,14 @@ _build:
 		--target ${TARGET_IMAGE} \
 		-t ${TARGET_IMAGE}:${TARGET_TAG} .
 
+trivy:
+	make build_prod && \
+	docker run --rm \
+	-v /var/run/docker.sock:/var/run/docker.sock \
+	aquasec/trivy image \
+	--no-progress --ignore-unfixed --severity HIGH,CRITICAL \
+	transifex-delivery:latest
+
 up:
 	docker-compose -f docker-compose.yml -f docker-compose.dev.yml up