NHSDigital
diff --git a/‎.devcontainer/Dockerfile‎
Lines changed: 10 additions & 6 deletions b/‎.devcontainer/Dockerfile‎
Lines changed: 10 additions & 6 deletions
diff --git a/‎.github/workflows/build_multi_arch_image.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/build_multi_arch_image.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/base/.devcontainer/.tool-versions‎
Lines changed: 0 additions & 1 deletion b/‎src/base/.devcontainer/.tool-versions‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/base/.devcontainer/Dockerfile‎
Lines changed: 18 additions & 0 deletions b/‎src/base/.devcontainer/Dockerfile‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎src/trivy/Dockerfile.amd64‎ ‎…ase/.devcontainer/Dockerfile.trivy.amd64‎src/trivy/Dockerfile.amd64 renamed to src/base/.devcontainer/Dockerfile.trivy.amd64 b/‎src/trivy/Dockerfile.amd64‎ ‎…ase/.devcontainer/Dockerfile.trivy.amd64‎src/trivy/Dockerfile.amd64 renamed to src/base/.devcontainer/Dockerfile.trivy.amd64
diff --git a/‎src/trivy/Dockerfile.arm64‎ ‎…ase/.devcontainer/Dockerfile.trivy.arm64‎src/trivy/Dockerfile.arm64 renamed to src/base/.devcontainer/Dockerfile.trivy.arm64 b/‎src/trivy/Dockerfile.arm64‎ ‎…ase/.devcontainer/Dockerfile.trivy.arm64‎src/trivy/Dockerfile.arm64 renamed to src/base/.devcontainer/Dockerfile.trivy.arm64
diff --git a/‎scripts/install_cosign.sh‎ ‎…/.devcontainer/scripts/install_cosign.sh‎scripts/install_cosign.sh renamed to src/base/.devcontainer/scripts/install_cosign.sh b/‎scripts/install_cosign.sh‎ ‎…/.devcontainer/scripts/install_cosign.sh‎scripts/install_cosign.sh renamed to src/base/.devcontainer/scripts/install_cosign.sh
diff --git a/‎scripts/install_trivy.sh‎ ‎…e/.devcontainer/scripts/install_trivy.sh‎scripts/install_trivy.sh renamed to src/base/.devcontainer/scripts/install_trivy.sh
Lines changed: 1 addition & 3 deletions b/‎scripts/install_trivy.sh‎ ‎…e/.devcontainer/scripts/install_trivy.sh‎scripts/install_trivy.sh renamed to src/base/.devcontainer/scripts/install_trivy.sh
Lines changed: 1 addition & 3 deletions
@@ -3,11 +3,15 @@ RUN apt-get update && apt-get install -y \
     jq \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
-COPY scripts/install_cosign.sh /tmp/install_cosign.sh
-COPY scripts/install_trivy.sh /tmp/install_trivy.sh
-RUN INSTALL_DIR=/usr/local/bin /tmp/install_cosign.sh
-RUN INSTALL_DIR=/tmp/trivy_arm64 ARCH=ARM64 /tmp/install_trivy.sh
-RUN INSTALL_DIR=/tmp/trivy_amd64 ARCH=64bit /tmp/install_trivy.sh
+COPY src/base/.devcontainer/scripts/install_cosign.sh /tmp/install_cosign.sh
+COPY src/base/.devcontainer/scripts/install_trivy.sh /tmp/install_trivy.sh
+RUN case "${TARGETARCH}" in \
+        x86_64|amd64) TRIVY_ARCH=64bit ;; \
+        aarch64|arm64) TRIVY_ARCH=ARM64 ;; \
+        *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
+    esac \
+    && INSTALL_DIR=/tmp/trivy/ ARCH="${TRIVY_ARCH}" /tmp/install_trivy.sh
+
 
 FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
 ARG TARGETARCH
@@ -75,7 +79,7 @@ RUN git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets && \
     chmod 755 /usr/share/secrets-scanner && \
     curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
 
-COPY --from=build /tmp/trivy_${TARGETARCH}/trivy /usr/local/bin/trivy
+COPY --from=build /tmp/trivy/trivy /usr/local/bin/trivy
 
 USER vscode
 
 
@@ -65,7 +65,7 @@ jobs:
           fetch-depth: 0
       - name: setup trivy
         run: |
-           docker build  --output=/usr/local/bin/ -f "src/trivy/Dockerfile.${ARCH}" .
+           docker build  --output=/usr/local/bin/ -f "src/base/.devcontainer/Dockerfile.trivy.${ARCH}" .
         env:
           ARCH: '${{ matrix.arch }}'
       - name: setup node
 
@@ -2,5 +2,4 @@ shellcheck 0.11.0
 direnv 2.37.1
 actionlint 1.7.11
 ruby 3.3.0
-trivy 0.69.3
 yq 4.52.4
@@ -1,3 +1,19 @@
+FROM golang:1.26.1-bookworm AS build
+ARG TARGETARCH
+RUN apt-get update && apt-get install -y \
+    jq \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+COPY scripts/install_cosign.sh /tmp/install_cosign.sh
+COPY scripts/install_trivy.sh /tmp/install_trivy.sh
+RUN INSTALL_DIR=/usr/local/bin /tmp/install_cosign.sh
+RUN case "${TARGETARCH}" in \
+        x86_64|amd64) TRIVY_ARCH=64bit ;; \
+        aarch64|arm64) TRIVY_ARCH=ARM64 ;; \
+        *) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
+    esac \
+    && INSTALL_DIR=/tmp/trivy/ ARCH="${TRIVY_ARCH}" /tmp/install_trivy.sh
+
 FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04
 
 ARG SCRIPTS_DIR=/usr/local/share/eps
@@ -16,6 +32,8 @@ COPY --chmod=755 Mk ${SCRIPTS_DIR}/Mk
 WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}
 RUN ./root_install.sh
 
+COPY --from=build /tmp/trivy/trivy /usr/local/bin/trivy
+
 COPY --chmod=755 scripts/vscode_install.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/vscode_install.sh
 USER vscode
 COPY --chown=vscode:vscode .tool-versions.asdf /home/vscode/.tool-versions.asdf
 
@@ -6,8 +6,6 @@ INSTALL_DIR="${INSTALL_DIR:-$DEFAULT_INSTALL_DIR}"
 VERSION="v0.69.3"
 DEFAULT_ARCH="64bit"
 ARCH="${ARCH:-$DEFAULT_ARCH}"
-#trivy_0.69.3_Linux-64bit.tar.gz 
-#trivy_0.69.3_Linux-ARM64.tar.gz 
 RELEASE_NUMBER="${VERSION#v}"
 BASE_URL="https://github.com/aquasecurity/trivy/releases/download/${VERSION}"
 ARCHIVE="trivy_${RELEASE_NUMBER}_Linux-${ARCH}.tar.gz"
@@ -18,7 +16,7 @@ usage() {
   cat <<'EOF'
 Usage: install_trivy.sh [output_dir]
 
-Downloads Trivy v0.69.3, its sigstore bundle, and checksum into output_dir (default: current directory),
+Downloads Trivy, its sigstore bundle, and checksum into output_dir (default: current directory),
 then verifies the checksum and the sigstore bundle, following
 https://github.com/aquasecurity/trivy/blob/main/docs/getting-started/signature-verification.md.
 EOF