Home Explore Help
Sign In
yunoadmin
/
bambuddy
mirror of https://github.com/maziggy/bambuddy
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

chore(docker): silence Trivy DS-0026 on Dockerfile.test via HEALTHCHECK NONE

  Trivy raised DS-0026 ("No HEALTHCHECK defined") against Dockerfile.test
  on every run of the security workflow. The test image is a one-shot
  pytest runner — there's no service to probe, so any HEALTHCHECK we
  invented would be cargo-cult noise that fires once and means nothing.

  HEALTHCHECK NONE is the documented Docker directive to explicitly opt
  out of any inherited HEALTHCHECK and is the way Trivy itself expects
  projects to signal "this image is intentionally not a long-running
  service." Adding it closes code-scanning alert #813 cleanly.

  Note: the perl-base CVE-2026-8376 alert (#811) is left open for now
  and dismissed in the GitHub UI as "Won't fix - no upstream patch"
  because Debian Trixie has not yet shipped a fixed perl-base; the
  patched build will land automatically on the next base-image refresh.
maziggy 3 days ago
parent
12d344cbfc
commit
b9b06a7351
2 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      CHANGELOG.md
  2. 5 0
      Dockerfile.test

File diff suppressed because it is too large
+ 1 - 0
CHANGELOG.md


+ 5 - 0
Dockerfile.test
View File 

@@ -37,6 +37,11 @@ ENV PYTHONUNBUFFERED=1
 
 ENV DATA_DIR=/app/data
 
 ENV TESTING=1
 
 
+# Test image runs pytest and exits — there is no long-running service
 
+# to probe. HEALTHCHECK NONE is the documented Docker opt-out and
 
+# silences Trivy DS-0026 without adding meaningless probe logic.
 
+HEALTHCHECK NONE
 
+
 
 # Default command runs pytest (excluding docker integration tests).
 
 # -v dropped: 5300+ "PASSED foo::bar" lines per worker eat noticeable
 
 # stdout I/O time and clutter test_docker.sh output. --tb=short still

Some files were not shown because too many files changed in this diff