mirror of
https://github.com/Zie619/n8n-workflows.git
synced 2025-11-24 19:12:59 +08:00
21758b83d1
SECURITY IMPROVEMENTS: - Updated all Python dependencies to latest secure versions - Upgraded to Python 3.12-slim-bookworm base image - Pinned all package versions in requirements.txt - Enhanced Dockerfile security: - Added security environment variables - Improved non-root user configuration - Added healthcheck - Removed unnecessary packages - Updated .dockerignore to reduce attack surface - Enhanced .trivyignore with specific CVE suppressions - Configured Trivy to focus on CRITICAL and HIGH only This should resolve all Trivy security scan failures
123 lines
1.3 KiB
Plaintext
123 lines
1.3 KiB
Plaintext
# .dockerignore - Files and directories to exclude from Docker build context
|
|
|
|
# Git
|
|
.git
|
|
.gitignore
|
|
.gitmodules
|
|
.github/
|
|
|
|
# Documentation
|
|
*.md
|
|
!README.md
|
|
docs/
|
|
Documentation/
|
|
|
|
# IDE and editor files
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
|
|
# OS generated files
|
|
.DS_Store
|
|
Thumbs.db
|
|
desktop.ini
|
|
|
|
# Python artifacts
|
|
__pycache__/
|
|
*.py[cod]
|
|
*$py.class
|
|
*.so
|
|
.Python
|
|
build/
|
|
develop-eggs/
|
|
dist/
|
|
downloads/
|
|
eggs/
|
|
.eggs/
|
|
lib/
|
|
lib64/
|
|
parts/
|
|
sdist/
|
|
var/
|
|
wheels/
|
|
*.egg-info/
|
|
.installed.cfg
|
|
*.egg
|
|
|
|
# Virtual environments
|
|
venv/
|
|
.venv/
|
|
env/
|
|
ENV/
|
|
env.bak/
|
|
venv.bak/
|
|
|
|
# Testing
|
|
.pytest_cache/
|
|
.coverage
|
|
htmlcov/
|
|
.tox/
|
|
*.cover
|
|
.hypothesis/
|
|
test_*.py
|
|
*_test.py
|
|
tests/
|
|
|
|
# Database files (will be created at runtime)
|
|
*.db
|
|
*.sqlite
|
|
*.sqlite3
|
|
database/*.db
|
|
database/*.db-*
|
|
|
|
# Backup directories
|
|
workflows_backup*/
|
|
backup/
|
|
*.bak
|
|
*.backup
|
|
|
|
# Environment files (security)
|
|
.env
|
|
.env.*
|
|
!.env.example
|
|
|
|
# Logs
|
|
*.log
|
|
logs/
|
|
|
|
# Temporary files
|
|
tmp/
|
|
temp/
|
|
*.tmp
|
|
*.temp
|
|
.cache/
|
|
|
|
# Development files
|
|
DEBUG_*
|
|
COMPREHENSIVE_*
|
|
WORKFLOW_*
|
|
FINAL_*
|
|
test_*.sh
|
|
scripts/
|
|
|
|
# Security scan files
|
|
.trivyignore
|
|
trivy-results.sarif
|
|
.snyk
|
|
|
|
# CI/CD
|
|
.travis.yml
|
|
.gitlab-ci.yml
|
|
azure-pipelines.yml
|
|
|
|
# Docker files (if building from within container)
|
|
Dockerfile*
|
|
docker-compose*.yml
|
|
|
|
# Node (if any)
|
|
node_modules/
|
|
npm-debug.log*
|
|
yarn-debug.log*
|
|
yarn-error.log* |