e1a273d25d
Related-to: https://github.com/woodpecker-ci/woodpecker/pull/2078 Remaining CVEs: ``` ❯ trivy fs --exit-code 1 --skip-dirs node_modules/,plugins/woodpecker-plugins/node_modules/ docs/ 2023-08-01T10:02:36.911+0200 INFO Vulnerability scanning is enabled 2023-08-01T10:02:36.911+0200 INFO Secret scanning is enabled 2023-08-01T10:02:36.911+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-08-01T10:02:36.911+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.43/docs/scanner/secret/#recommendation for faster secret detection 2023-08-01T10:02:36.963+0200 INFO Number of language-specific files: 1 2023-08-01T10:02:36.963+0200 INFO Detecting pnpm vulnerabilities... pnpm-lock.yaml (pnpm) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ got │ CVE-2022-33987 │ MEDIUM │ 9.6.0 │ 11.8.5, 12.1.0 │ missing verification of requested URLs allows redirects to │ │ │ │ │ │ │ UNIX sockets │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-33987 │ ├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤ │ trim │ CVE-2020-7753 │ HIGH │ 0.0.1 │ 0.0.3 │ nodejs-trim: Regular Expression Denial of Service (ReDoS) in │ │ │ │ │ │ │ trim function │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-7753 │ └─────────┴────────────────┴──────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘ ``` - `trim` is pulled in by `@docusaurus/theme-classic` and can be ignored due to https://github.com/facebook/docusaurus/issues/7275#issuecomment-1113997259 - `got` can be ignored as well, see `trim`
Woodpecker
Woodpecker is a community fork of the Drone CI system.
🫶 Support
Please consider to donate and become a backer. 🙏 [Become a backer]
🚀 Usage
.woodpecker.yml
- Place your pipeline in a file named
.woodpecker.ymlin your repository - Pipeline steps can be named as you like
- Run any command in the commands section
Build steps are containers
- Define any Docker image as context
- Install the needed tools in custom Docker images, use them as context
Plugins
Woodpecker has official plugins, but you can also use your own.
📖 Documentation
✨ Contribute
📣 Translate
We use an own Weblate instance at translate.woodpecker-ci.org.
👋 Who uses Woodpecker?
Codeberg, the Woodpecker project itself, and many others.
Leave a comment if you're using it as well.
Also consider using the topic WoodpeckerCI in your repository, so others can learn from your config and use the hashtag #WoodpeckerCI when talking about the project on social media!
Here are some places where people mention Woodpecker:
✨ Stars over time
License
Woodpecker is Apache 2.0 licensed with the source files in this repository having a header indicating which license they are under and what copyrights apply.
Files under the docs/ folder are licensed under Creative Commons Attribution-ShareAlike 4.0 International Public License.