From 222e69693433aec88ec99efbdf97450effdf53e6 Mon Sep 17 00:00:00 2001
From: Dave Hay <david_hay@uk.ibm.com>
Date: Tue, 3 Aug 2021 15:21:24 +0100
Subject: [PATCH] Upgrading apk-tools (#944)

Upgrading apk-tools to remediate CVE-2021-36159
( https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752 )

Fixes #943

Signed-off-by: Dave Hay <david_hay@uk.ibm.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index f8b720e..9b0f5e2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,6 +16,10 @@ WORKDIR /opt/kube-bench/
 # https://github.com/aquasecurity/kube-bench/issues/109
 RUN apk --no-cache add procps
 
+# Upgrading apk-tools to remediate CVE-2021-36159 - https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752
+# https://github.com/aquasecurity/kube-bench/issues/943
+RUN apk --no-cache upgrade apk-tools
+
 # Openssl is used by OpenShift tests
 # https://github.com/aquasecurity/kube-bench/issues/535
 RUN apk --no-cache add openssl