You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to maintain a image with up-to-date vulnerability databases up to 4 hours. I was trying to reduce the pulls to the NVD by recursively building the image and running a database update. ever 4 hours. I noticed the size of the container is expanding exponentially so I was thinking of instead using a multi-stage docker build.
What folders do I need to copy over in a multi-stage docker build?
The text was updated successfully, but these errors were encountered:
In a multi-stage build after running the update you would have to copy over the contents of /usr/share/dependency-check/data
If you have an environment with external persistent storage available to your containers you could avoid the periodic container-build/push by mounting the datalocation as a volume (which is what is done in the script referenced in our documentation for running the container - https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#docker)
Also be aware of that the docker image (which uses the CLI) is only recommended as a scanner of last resort. If your project is built by a tool for which there is a dedicated build-tool based plugin you will typically get much better results (fewer false positives) when you use that plugin for the scan
I want to maintain a image with up-to-date vulnerability databases up to 4 hours. I was trying to reduce the pulls to the NVD by recursively building the image and running a database update. ever 4 hours. I noticed the size of the container is expanding exponentially so I was thinking of instead using a multi-stage docker build.
What folders do I need to copy over in a multi-stage docker build?
The text was updated successfully, but these errors were encountered: