From 54cd7854f8a2df7417c0f3123752425c1d68a7d5 Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 11:12:25 -0400
Subject: [PATCH 1/8] comment the bento-sts security.

---
 .github/workflows/build-sts.yml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build-sts.yml b/.github/workflows/build-sts.yml
index cf6094c..9852789 100644
--- a/.github/workflows/build-sts.yml
+++ b/.github/workflows/build-sts.yml
@@ -73,18 +73,18 @@ jobs:
         cd devops/dockerfiles/sts/ && docker build -t $STS_IMAGE_NAME .
         #docker build --no-cache -t $STS_IMAGE_NAME -f devops/dockerfiles/sts/Dockerfile .
         
-    - name: Run Trivy vulnerability scanner
-      id: trivy-scan
-      if: github.event.inputs.trivy_scan == 'true'
-      env:
-        REGISTRY_URL: ${{ secrets.AWS_ECR_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
-        STS_IMAGE_NAME: ${{ secrets.AWS_ECR_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY}}:${{ env.IMAGE_TAG }}
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: '${{ env.STS_IMAGE_NAME }}'
-        format: 'table'
-        exit-code: 1
-        severity: 'CRITICAL,HIGH'
+#    - name: Run Trivy vulnerability scanner
+#      id: trivy-scan
+#      if: github.event.inputs.trivy_scan == 'true'
+#      env:
+#        REGISTRY_URL: ${{ secrets.AWS_ECR_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+#        STS_IMAGE_NAME: ${{ secrets.AWS_ECR_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY}}:${{ env.IMAGE_TAG }}
+#      uses: aquasecurity/trivy-action@master
+#      with:
+#        image-ref: '${{ env.STS_IMAGE_NAME }}'
+#        format: 'table'
+#        exit-code: 1
+#        severity: 'CRITICAL,HIGH'
 
     - name: Build STS FAST API image
       id: build-sts-fast-api-image

From 87b5cf8c74b54953e508819216fec3c84bb3427e Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 11:14:43 -0400
Subject: [PATCH 2/8] Updated the default env to ECR-cbiit-cloudone

---
 .github/workflows/build-sts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-sts.yml b/.github/workflows/build-sts.yml
index 9852789..f3c446d 100644
--- a/.github/workflows/build-sts.yml
+++ b/.github/workflows/build-sts.yml
@@ -8,7 +8,7 @@ on:
       environment:
         description: 'Which account the ECR repository is in'
         type: choice
-        default: fnl-leidos
+        default: ECR-cbiit-cloudone
         options:
           - fnl-leidos
           - ECR-cbiit-cloudone

From bc51e5d7abc37692507e907a0af12a0c43407019 Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 11:25:06 -0400
Subject: [PATCH 3/8] Updated the python version.

---
 devops/dockerfiles/sts-fast-api/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devops/dockerfiles/sts-fast-api/Dockerfile b/devops/dockerfiles/sts-fast-api/Dockerfile
index a64a232..260c8d7 100644
--- a/devops/dockerfiles/sts-fast-api/Dockerfile
+++ b/devops/dockerfiles/sts-fast-api/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.13.11-alpine3.23
+FROM python:3.13.12-alpine3.23
 
 EXPOSE 8000/tcp
 

From 06a1e9d61364db266494f48292007e150583eeed Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 11:31:25 -0400
Subject: [PATCH 4/8] Updated the python version.

---
 devops/dockerfiles/sts-fast-api/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devops/dockerfiles/sts-fast-api/Dockerfile b/devops/dockerfiles/sts-fast-api/Dockerfile
index 260c8d7..415d3d5 100644
--- a/devops/dockerfiles/sts-fast-api/Dockerfile
+++ b/devops/dockerfiles/sts-fast-api/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.13.12-alpine3.23
+FROM python:3.13.12-slim-trixie
 
 EXPOSE 8000/tcp
 

From e7378b93b885bb0bf3abd50e1ac17171f08ecba7 Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 11:42:32 -0400
Subject: [PATCH 5/8] Updated the python version.

---
 devops/dockerfiles/sts-fast-api/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devops/dockerfiles/sts-fast-api/Dockerfile b/devops/dockerfiles/sts-fast-api/Dockerfile
index 415d3d5..aec2860 100644
--- a/devops/dockerfiles/sts-fast-api/Dockerfile
+++ b/devops/dockerfiles/sts-fast-api/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.13.12-slim-trixie
+FROM python:3.12-alpine
 
 EXPOSE 8000/tcp
 

From def7e8727a4d763edfa72c5e8c5e30a53709f405 Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 15:18:29 -0400
Subject: [PATCH 6/8] updated apk.

---
 devops/dockerfiles/sts-fast-api/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/devops/dockerfiles/sts-fast-api/Dockerfile b/devops/dockerfiles/sts-fast-api/Dockerfile
index aec2860..b5471ae 100644
--- a/devops/dockerfiles/sts-fast-api/Dockerfile
+++ b/devops/dockerfiles/sts-fast-api/Dockerfile
@@ -1,9 +1,11 @@
-FROM python:3.12-alpine
+FROM python:3.13.11-alpine3.23
 
 EXPOSE 8000/tcp
 
 WORKDIR /app
 
+RUN apk update && apk upgrade
+
 # Install git for pip to clone from GitHub
 RUN apk add --no-cache git
 

From e14add4686354ccf4c2e8f1b244fe25d54b9546d Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 15:27:22 -0400
Subject: [PATCH 7/8] Roll back the default env.

---
 .github/workflows/build-sts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-sts.yml b/.github/workflows/build-sts.yml
index f3c446d..9852789 100644
--- a/.github/workflows/build-sts.yml
+++ b/.github/workflows/build-sts.yml
@@ -8,7 +8,7 @@ on:
       environment:
         description: 'Which account the ECR repository is in'
         type: choice
-        default: ECR-cbiit-cloudone
+        default: fnl-leidos
         options:
           - fnl-leidos
           - ECR-cbiit-cloudone

From d3ce90668564fc47c0ed87e325275fec349681d4 Mon Sep 17 00:00:00 2001
From: knockknockyoo <iheaven0129@gmail.com>
Date: Tue, 10 Mar 2026 15:30:42 -0400
Subject: [PATCH 8/8] Removed cache.

---
 devops/dockerfiles/sts-fast-api/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devops/dockerfiles/sts-fast-api/Dockerfile b/devops/dockerfiles/sts-fast-api/Dockerfile
index b5471ae..55e4c44 100644
--- a/devops/dockerfiles/sts-fast-api/Dockerfile
+++ b/devops/dockerfiles/sts-fast-api/Dockerfile
@@ -4,7 +4,7 @@ EXPOSE 8000/tcp
 
 WORKDIR /app
 
-RUN apk update && apk upgrade
+RUN apk update && apk upgrade --no-cache
 
 # Install git for pip to clone from GitHub
 RUN apk add --no-cache git