From 32c0982bb352f6eea14238d051dc6c57705068d7 Mon Sep 17 00:00:00 2001
From: Torsten Kilias <torsten.kilias@exasol.com>
Date: Tue, 21 Nov 2023 08:36:25 +0100
Subject: [PATCH] Ignore example private key in the openssl R package
 documentation.

---
 .../flavor_base/security_scan/Dockerfile             | 12 +++---------
 .../flavor_base/security_scan/trivy-secret.yaml      |  4 ++++
 2 files changed, 7 insertions(+), 9 deletions(-)
 create mode 100644 flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/trivy-secret.yaml

diff --git a/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/Dockerfile b/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/Dockerfile
index 06cc5f3d..e65097b2 100644
--- a/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/Dockerfile
+++ b/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/Dockerfile
@@ -1,16 +1,10 @@
 FROM {{release}}
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN mkdir -p /build_info/packages
-COPY security_scan/packages /build_info/packages/security_scan
-RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/security_scan/apt_get_packages_trivy_deps
-RUN curl -s https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - &&\
-   /scripts/install_scripts/install_ppa.pl --ppa 'deb https://aquasecurity.github.io/trivy-repo/deb bionic main' --out-file trivy.list
-RUN /scripts/install_scripts/install_via_apt.pl --file /build_info/packages/security_scan/apt_get_packages
-
+ENV SECURITY_SCANNERS="trivy oyster"
 COPY /security_scan/.trivyignore /.trivyignore
+COPY /security_scan/trivy-secret.yaml /trivy-secret.yaml
 
-ENV SECURITY_SCANNERS="trivy"
-
+COPY /security_scan/.oysterignore /.oysterignore
 
 ENTRYPOINT ["/scripts/security_scan/run.sh"]
diff --git a/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/trivy-secret.yaml b/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/trivy-secret.yaml
new file mode 100644
index 00000000..86e881df
--- /dev/null
+++ b/flavors/standard-EXASOL-7.1.0/flavor_base/security_scan/trivy-secret.yaml
@@ -0,0 +1,4 @@
+allow-rules:
+  - id: r-open-ssl-samples
+    description: skip R open ssl sample secrets
+    path: usr/local/lib/R/site-library/openssl/doc/*