From 9155fdb04b20515a8b31ea299bdb0395167a4805 Mon Sep 17 00:00:00 2001
From: Karsten Thiems <150006841+typecastcloud@users.noreply.github.com>
Date: Tue, 9 Jul 2024 15:39:36 +0200
Subject: [PATCH 1/2] chore(deployment): enable readOnlyRootFilesystem

This resolves KSV014 from trivy. Is also required by guideline: https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-07/#why

Refs: #189
---
 charts/sdfactory/templates/deployment.yaml | 6 ++++++
 charts/sdfactory/values.yaml               | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/charts/sdfactory/templates/deployment.yaml b/charts/sdfactory/templates/deployment.yaml
index fe16945..78d3192 100644
--- a/charts/sdfactory/templates/deployment.yaml
+++ b/charts/sdfactory/templates/deployment.yaml
@@ -107,3 +107,9 @@ spec:
 
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp
+      volumes:
+      - emptyDir: {}
+        name: tmp
diff --git a/charts/sdfactory/values.yaml b/charts/sdfactory/values.yaml
index 3368301..08b58ac 100644
--- a/charts/sdfactory/values.yaml
+++ b/charts/sdfactory/values.yaml
@@ -56,7 +56,7 @@ securityContext:
     drop:
       - ALL
   allowPrivilegeEscalation: false
-  # readOnlyRootFilesystem: true
+  readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1000
   runAsGroup: 1000

From 3dcf4582fba01860fbfcae91829ed3c7530634cc Mon Sep 17 00:00:00 2001
From: Karsten Thiems <150006841+typecastcloud@users.noreply.github.com>
Date: Wed, 10 Jul 2024 10:51:41 +0200
Subject: [PATCH 2/2] Update DEPENDENCIES file

---
 DEPENDENCIES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 9c28800..a8a6096 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -61,7 +61,7 @@ maven/mavencentral/net.minidev/json-smart/2.5.0, Apache-2.0, approved, clearlyde
 maven/mavencentral/org.apache.commons/commons-lang3/3.13.0, Apache-2.0, approved, #9820
 maven/mavencentral/org.apache.logging.log4j/log4j-api/2.21.1, Apache-2.0 AND (Apache-2.0 AND LGPL-2.0-or-later), approved, #11079
 maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.21.1, Apache-2.0, approved, #15262
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.19, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.19, Apache-2.0 AND (EPL-2.0 OR (GPL-2.0 WITH Classpath-exception-2.0)) AND CDDL-1.0 AND (CDDL-1.1 OR (GPL-2.0-only WITH Classpath-exception-2.0)) AND EPL-2.0, approved, #15195
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.19, Apache-2.0, approved, #6997
 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.19, Apache-2.0, approved, #7920
 maven/mavencentral/org.apache.tomcat/tomcat-annotations-api/10.1.19, Apache-2.0, approved, #8196