bump (#112)

* bump

* chore: remove syft

* bump

.github/workflows/release-npm.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Checkout Repository to Runner Context
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: "20.x"
           registry-url: "https://npm.pkg.github.com"

.github/workflows/super-devsecops.yml

@@ -29,25 +29,10 @@ jobs:
           yarn install
           npx eslint .
         continue-on-error: true
-  syft-source-sbom:
-    name: SBOM for Source Code
-    needs: code_quality
-    permissions:
-      contents: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: Scan the source code and upload dependency results
-        uses: anchore/sbom-action@f3355df2ccd621f5873fe3c7c653ebdc5ef1bcb2
-        with:
-          path: .
-          dependency-snapshot: true
-          format: spdx-json
   build:
     name: Build
     runs-on: ubuntu-latest
-    needs: syft-source-sbom
+    needs: code_quality
     strategy:
       matrix:
         node-version: [16.x, 18.x, 20.x]
@@ -59,7 +44,7 @@ jobs:
       - name: Checkout Repository to Runner Context
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Use Node version ${{ matrix.node-version }}
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: ${{ matrix.node-version }}
           cache: "yarn"
@@ -82,7 +67,7 @@ jobs:
       - name: Checkout Repository to Runner Context
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Use Node version ${{ matrix.node-version }}
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: ${{ matrix.node-version }}
           cache: "yarn"
@@ -198,10 +183,3 @@ jobs:
         run: |
           docker build -t ghcr.io/stormsinbrewing/savvy-devsecops .
           docker push ghcr.io/stormsinbrewing/savvy-devsecops
-      - name: Image SBOM Scan with Syft
-        uses: anchore/sbom-action@f3355df2ccd621f5873fe3c7c653ebdc5ef1bcb2
-        with:
-          image: "ghcr.io/stormsinbrewing/savvy-devsecops"
-          dependency-snapshot: true
-          format: spdx-json
-          artifact-name: spdx.docker.json

Dockerfile

@@ -7,7 +7,7 @@ RUN yarn install --production
 COPY . .
 RUN yarn build
 
-FROM nginx:1.25.3-alpine@sha256:f2802c2a9d09c7aa3ace27445dfc5656ff24355da28e7b958074a0111e3fc076 as production
+FROM nginx:1.25.4-alpine@sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9 as production
 ENV NODE_ENV production
 COPY --from=builder /app/build /usr/share/nginx/html
 COPY nginx.conf /etc/nginx/conf.d/default.conf