From 9c8ceb06a596b775c0c2aabb18e00c248256a5d4 Mon Sep 17 00:00:00 2001
From: ItayPaz <143506741+Korjen97@users.noreply.github.com>
Date: Tue, 24 Dec 2024 12:47:14 +0200
Subject: [PATCH 01/17] test branch
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 33eca9cb1..3e8a4c2a6 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@
-
+
From ca8146ebca38679669060f68e4745876ca510001 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 12:04:32 +0200
Subject: [PATCH 02/17] Update ci.yml
---
.github/workflows/ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 533c0a17e..8b2796f31 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,6 +14,7 @@ jobs:
with:
go-version-file: go.mod
- run: go version
+ - run: docker version
- name: go test with coverage
run: |
sudo chmod +x ./internal/commands/.scripts/up.sh
From 8bcd5e0b1c0bb79595a0050e77f06ff34eecc2a8 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 12:19:17 +0200
Subject: [PATCH 03/17] Update scan.go
---
internal/commands/scan.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
index f26973a13..face3df21 100644
--- a/internal/commands/scan.go
+++ b/internal/commands/scan.go
@@ -60,7 +60,7 @@ const (
containerVolumeFlag = "-v"
containerNameFlag = "--name"
containerRemove = "--rm"
- containerImage = "checkmarx/kics:latest"
+ containerImage = "checkmarx/kics:2.1.3"
containerScan = "scan"
containerScanPathFlag = "-p"
containerScanPath = "/path"
From fb4f06389ec669be9bd3712c071dc59fee57d304 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 12:22:27 +0200
Subject: [PATCH 04/17] Update scan.go
---
internal/commands/scan.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
index face3df21..d04a0727f 100644
--- a/internal/commands/scan.go
+++ b/internal/commands/scan.go
@@ -60,7 +60,7 @@ const (
containerVolumeFlag = "-v"
containerNameFlag = "--name"
containerRemove = "--rm"
- containerImage = "checkmarx/kics:2.1.3"
+ containerImage = "checkmarx/kics:v2.1.3"
containerScan = "scan"
containerScanPathFlag = "-p"
containerScanPath = "/path"
From 8fc8e6a0d599ae8833b2389f6a8219ad3766e189 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 13:15:52 +0200
Subject: [PATCH 05/17] Update ci.yml
---
.github/workflows/ci.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8b2796f31..9dceb6ac4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,9 @@ on:
jobs:
unit-tests:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
+ container:
+ image: ubuntu-24.04:20250105.1.0
steps:
- name: Checkout the repository
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
From 2452fa6d70e13e176fde0a372b1151c2edf4b177 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 13:18:05 +0200
Subject: [PATCH 06/17] Update ci.yml
---
.github/workflows/ci.yml | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9dceb6ac4..d52d69630 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,9 +5,7 @@ on:
jobs:
unit-tests:
- runs-on: ubuntu-24.04
- container:
- image: ubuntu-24.04:20250105.1.0
+ runs-on: ubuntu-24.04@20250105.1.0
steps:
- name: Checkout the repository
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
From 914f4ef09154833c9d1fbb22269a3c10e8c40f99 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 13:24:38 +0200
Subject: [PATCH 07/17] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d52d69630..cba094fe9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ on:
jobs:
unit-tests:
- runs-on: ubuntu-24.04@20250105.1.0
+ runs-on: ubuntu-24.04:20250105.1.0
steps:
- name: Checkout the repository
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
From 79d279c4afea8ab55230dd862844c982d51392b2 Mon Sep 17 00:00:00 2001
From: AlvoBen <144705560+AlvoBen@users.noreply.github.com>
Date: Thu, 23 Jan 2025 13:25:21 +0200
Subject: [PATCH 08/17] Update ci.yml
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cba094fe9..8b2796f31 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ on:
jobs:
unit-tests:
- runs-on: ubuntu-24.04:20250105.1.0
+ runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
From 29161db9fdcfb8c2063dba3bf0b6c87b3b40f82b Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Thu, 23 Jan 2025 15:24:23 +0200
Subject: [PATCH 09/17] fix
---
go.mod | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/go.mod b/go.mod
index d02e4fd2d..8c3462deb 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module github.com/checkmarx/ast-cli
-go 1.23.3
+go 1.23.5
require (
github.com/Checkmarx/containers-resolver v1.0.4
From 51b36340698308114043d5353b945cd938f4e215 Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Thu, 23 Jan 2025 16:07:47 +0200
Subject: [PATCH 10/17] fix
---
.github/workflows/ci.yml | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8b2796f31..7bb10a442 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,8 +14,17 @@ jobs:
with:
go-version-file: go.mod
- run: go version
- - run: docker version
+
+ - name: Setup Docker on macOS
+ uses: docker/setup-buildx-action@v1
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
- name: go test with coverage
+ shell: bash
run: |
sudo chmod +x ./internal/commands/.scripts/up.sh
./internal/commands/.scripts/up.sh
From 27da0fb9bb61f4f25a18c9356bac31a10cfcccb0 Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Thu, 23 Jan 2025 16:34:27 +0200
Subject: [PATCH 11/17] fix
---
.github/workflows/ci.yml | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7bb10a442..6d8232548 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,9 +14,16 @@ jobs:
with:
go-version-file: go.mod
- run: go version
-
+
- name: Setup Docker on macOS
- uses: docker/setup-buildx-action@v1
+ uses: docker-practice/actions-setup-docker@master
+ timeout-minutes: 12
+ - run: |
+ set -x
+
+ docker version
+
+ docker run --rm hello-world
- name: Login to Docker Hub
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
@@ -76,7 +83,7 @@ jobs:
PR_GITHUB_NAMESPACE: "checkmarx"
PR_GITHUB_REPO_NAME: "ast-cli"
PR_GITHUB_NUMBER: 983
- PR_GITLAB_TOKEN : ${{ secrets.PR_GITLAB_TOKEN }}
+ PR_GITLAB_TOKEN: ${{ secrets.PR_GITLAB_TOKEN }}
PR_GITLAB_NAMESPACE: ${{ secrets.PR_GITLAB_NAMESPACE }}
PR_GITLAB_REPO_NAME: ${{ secrets.PR_GITLAB_REPO_NAME }}
PR_GITLAB_PROJECT_ID: ${{ secrets.PR_GITLAB_PROJECT_ID }}
@@ -168,7 +175,7 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build the project
- run: go build -o ./cx ./cmd
+ run: go build -o ./cx ./cmd
- name: Build Docker image
run: docker build -t ast-cli:${{ github.sha }} .
- name: Run Trivy scanner without downloading DBs
@@ -185,7 +192,7 @@ jobs:
env:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
-
+
- name: Inspect action report
if: always()
shell: bash
From 71970572760bbc76aeb2ca5f6d80fd4c8e6bb321 Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Thu, 23 Jan 2025 16:43:18 +0200
Subject: [PATCH 12/17] fix
---
.github/workflows/ci.yml | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6d8232548..b169dcafa 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,15 +15,14 @@ jobs:
go-version-file: go.mod
- run: go version
- - name: Setup Docker on macOS
- uses: docker-practice/actions-setup-docker@master
- timeout-minutes: 12
- - run: |
- set -x
-
- docker version
-
- docker run --rm hello-world
+ - name: Set up Docker
+ uses: docker/setup-buildx-action@cf09c5c41b299b55c366aff30022701412eb6ab0 #v1.0.0
+
+ - name: Log in to Docker Hub
+ uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b #v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to Docker Hub
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
From 08a0ad405bbd4704c5ba1b74c2266092f3e3be5f Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Thu, 23 Jan 2025 17:06:16 +0200
Subject: [PATCH 13/17] fix
---
.github/workflows/ci.yml | 2 +-
internal/commands/.scripts/up.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b169dcafa..5b23144c0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -33,7 +33,7 @@ jobs:
shell: bash
run: |
sudo chmod +x ./internal/commands/.scripts/up.sh
- ./internal/commands/.scripts/up.sh
+ sudo ./internal/commands/.scripts/up.sh
- name: Check if total coverage is greater then 79.9
shell: bash
run: |
diff --git a/internal/commands/.scripts/up.sh b/internal/commands/.scripts/up.sh
index a5a987ce9..7155ee8f3 100755
--- a/internal/commands/.scripts/up.sh
+++ b/internal/commands/.scripts/up.sh
@@ -4,4 +4,4 @@ wget https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-linux64.tar.g
tar -xzvf ScaResolver-linux64.tar.gz -C /tmp
rm -rf ScaResolver-linux64.tar.gz
# ignore mock and wrappers packages, as they checked by integration tests
-go test $(go list ./... | grep -v "mock" | grep -v "wrappers" | grep -v "bitbucketserver" | grep -v "logger") -timeout 20m -coverprofile cover.out
\ No newline at end of file
+sudo go test $(go list ./... | grep -v "mock" | grep -v "wrappers" | grep -v "bitbucketserver" | grep -v "logger") -timeout 20m -coverprofile cover.out
\ No newline at end of file
From d7b1fc1a75eb685976f86aed7224f5c60bbd9c67 Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Thu, 23 Jan 2025 17:24:39 +0200
Subject: [PATCH 14/17] fix1
---
.github/workflows/ci.yml | 18 ++++++++++++------
internal/commands/.scripts/up.sh | 2 +-
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5b23144c0..08083423f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,9 @@ on:
jobs:
unit-tests:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
@@ -17,6 +20,14 @@ jobs:
- name: Set up Docker
uses: docker/setup-buildx-action@cf09c5c41b299b55c366aff30022701412eb6ab0 #v1.0.0
+ with:
+ version: latest
+
+ - name: Set Docker permissions
+ run: |
+ sudo chmod 666 /var/run/docker.sock
+ sudo systemctl start docker
+ docker --version
- name: Log in to Docker Hub
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b #v2
@@ -24,16 +35,11 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Login to Docker Hub
- uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
- name: go test with coverage
shell: bash
run: |
sudo chmod +x ./internal/commands/.scripts/up.sh
- sudo ./internal/commands/.scripts/up.sh
+ ./internal/commands/.scripts/up.sh
- name: Check if total coverage is greater then 79.9
shell: bash
run: |
diff --git a/internal/commands/.scripts/up.sh b/internal/commands/.scripts/up.sh
index 7155ee8f3..a5a987ce9 100755
--- a/internal/commands/.scripts/up.sh
+++ b/internal/commands/.scripts/up.sh
@@ -4,4 +4,4 @@ wget https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-linux64.tar.g
tar -xzvf ScaResolver-linux64.tar.gz -C /tmp
rm -rf ScaResolver-linux64.tar.gz
# ignore mock and wrappers packages, as they checked by integration tests
-sudo go test $(go list ./... | grep -v "mock" | grep -v "wrappers" | grep -v "bitbucketserver" | grep -v "logger") -timeout 20m -coverprofile cover.out
\ No newline at end of file
+go test $(go list ./... | grep -v "mock" | grep -v "wrappers" | grep -v "bitbucketserver" | grep -v "logger") -timeout 20m -coverprofile cover.out
\ No newline at end of file
From cd006eb5478c725c19c3ff9c6486005b39fcfbd3 Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Sun, 26 Jan 2025 09:44:11 +0200
Subject: [PATCH 15/17] check docker rootfull
---
.github/workflows/ci.yml | 27 +++------------------------
1 file changed, 3 insertions(+), 24 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 08083423f..697a3e721 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,9 +6,6 @@ on:
jobs:
unit-tests:
runs-on: ubuntu-latest
- permissions:
- contents: read
- packages: read
steps:
- name: Checkout the repository
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
@@ -17,27 +14,9 @@ jobs:
with:
go-version-file: go.mod
- run: go version
-
- - name: Set up Docker
- uses: docker/setup-buildx-action@cf09c5c41b299b55c366aff30022701412eb6ab0 #v1.0.0
- with:
- version: latest
-
- - name: Set Docker permissions
- run: |
- sudo chmod 666 /var/run/docker.sock
- sudo systemctl start docker
- docker --version
-
- - name: Log in to Docker Hub
- uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b #v2
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
-
- name: go test with coverage
- shell: bash
run: |
+ docker info | grep "rootless"
sudo chmod +x ./internal/commands/.scripts/up.sh
./internal/commands/.scripts/up.sh
- name: Check if total coverage is greater then 79.9
@@ -88,7 +67,7 @@ jobs:
PR_GITHUB_NAMESPACE: "checkmarx"
PR_GITHUB_REPO_NAME: "ast-cli"
PR_GITHUB_NUMBER: 983
- PR_GITLAB_TOKEN: ${{ secrets.PR_GITLAB_TOKEN }}
+ PR_GITLAB_TOKEN : ${{ secrets.PR_GITLAB_TOKEN }}
PR_GITLAB_NAMESPACE: ${{ secrets.PR_GITLAB_NAMESPACE }}
PR_GITLAB_REPO_NAME: ${{ secrets.PR_GITLAB_REPO_NAME }}
PR_GITLAB_PROJECT_ID: ${{ secrets.PR_GITLAB_PROJECT_ID }}
@@ -180,7 +159,7 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build the project
- run: go build -o ./cx ./cmd
+ run: go build -o ./cx ./cmd
- name: Build Docker image
run: docker build -t ast-cli:${{ github.sha }} .
- name: Run Trivy scanner without downloading DBs
From 03d597b8b50ba10b9ee74b2554e4fca73a01fcdf Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Sun, 26 Jan 2025 09:46:58 +0200
Subject: [PATCH 16/17] check docker rootfull
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 697a3e721..c6340db05 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
- run: go version
- name: go test with coverage
run: |
- docker info | grep "rootless"
+ docker info
sudo chmod +x ./internal/commands/.scripts/up.sh
./internal/commands/.scripts/up.sh
- name: Check if total coverage is greater then 79.9
From 52a8ec3e93aaaddf594ff55055fee9d40caeb5c3 Mon Sep 17 00:00:00 2001
From: AlvoBen
Date: Sun, 26 Jan 2025 10:04:46 +0200
Subject: [PATCH 17/17] check
---
internal/commands/util/remediation.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/internal/commands/util/remediation.go b/internal/commands/util/remediation.go
index 79081dd9f..dcd9c0066 100644
--- a/internal/commands/util/remediation.go
+++ b/internal/commands/util/remediation.go
@@ -27,7 +27,7 @@ const (
filesContainerVolume = ":/files"
resultsContainerLocation = "/kics/"
containerRemove = "--rm"
- containerImage = "checkmarx/kics:latest"
+ containerImage = "checkmarx/kics:v2.1.3"
containerNameFlag = "--name"
remediateCommand = "remediate"
resultsFlag = "--results"