Merge pull request #238 from MaibornWolff/dev

chore: merge to main for release 2025_01
MaibornWolff · Jan 7, 2025 · 62978bf · 62978bf
2 parents 62f07d2 + a8344da
commit 62978bf
Show file tree

Hide file tree

Showing 42 changed files with 47 additions and 47 deletions.
diff --git a/actions/DAST/cryptolyzer/action.yaml b/actions/DAST/cryptolyzer/action.yaml
@@ -42,7 +42,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_cryptolyzer.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/DAST/drheader/action.yaml b/actions/DAST/drheader/action.yaml
@@ -45,7 +45,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_drheader.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/DAST/zap/action.yaml b/actions/DAST/zap/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners-zap:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners-zap:2025_01'
   entrypoint: '/entrypoints/entrypoint_zap.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/bandit/action.yaml b/actions/SAST/bandit/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_bandit.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/checkov/action.yaml b/actions/SAST/checkov/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_checkov.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/eslint/action.yaml b/actions/SAST/eslint/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_eslint.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/kics/action.yaml b/actions/SAST/kics/action.yaml
@@ -50,7 +50,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_kics.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/semgrep/action.yaml b/actions/SAST/semgrep/action.yaml
@@ -50,7 +50,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_semgrep.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/tfsec/action.yaml b/actions/SAST/tfsec/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_tfsec.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SAST/trivy_config/action.yaml b/actions/SAST/trivy_config/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_trivy_config.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SCA/grype_image/action.yaml b/actions/SCA/grype_image/action.yaml
@@ -45,7 +45,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_grype_image.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SCA/grype_sbom/action.yaml b/actions/SCA/grype_sbom/action.yaml
@@ -45,7 +45,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_grype_sbom.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SCA/trivy_filesystem/action.yaml b/actions/SCA/trivy_filesystem/action.yaml
@@ -50,7 +50,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_trivy_filesystem.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/SCA/trivy_image/action.yaml b/actions/SCA/trivy_image/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_trivy_image.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/check_security_gate/action.yaml b/actions/check_security_gate/action.yaml
@@ -15,7 +15,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: 'check_security_gate.sh'
   env:
     SO_API_BASE_URL: ${{ inputs.so_api_base_url }}

diff --git a/actions/importer/action.yaml b/actions/importer/action.yaml
@@ -41,7 +41,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: 'file_upload_observations.sh'
   env:
     SO_UPLOAD: ${{ inputs.so_upload }}

diff --git a/actions/secrets/gitleaks/action.yaml b/actions/secrets/gitleaks/action.yaml
@@ -42,7 +42,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_gitleaks.sh'
   env:
     REPORT_NAME: ${{ inputs.report_name }}

diff --git a/actions/secrets/trivy_filesystem_secrets/action.yaml b/actions/secrets/trivy_filesystem_secrets/action.yaml
@@ -46,7 +46,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_trivy_filesystem_secrets.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/secrets/trivy_image_secrets/action.yaml b/actions/secrets/trivy_image_secrets/action.yaml
@@ -42,7 +42,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_trivy_image_secrets.sh'
   env:
     TARGET: ${{ inputs.target }}

diff --git a/actions/vulnerability_scanner/action.yaml b/actions/vulnerability_scanner/action.yaml
@@ -12,7 +12,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: 'docker://maibornwolff/secobserve-scanners:2024_12'
+  image: 'docker://maibornwolff/secobserve-scanners:2025_01'
   entrypoint: '/entrypoints/entrypoint_vulnerability_scanner.sh'
   env:
     SO_CONFIGURATION: ${{ inputs.so_configuration }}

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # Python build stage
-FROM python:3.12.7-alpine AS python-build-stage
+FROM python:3.12.8-alpine AS python-build-stage
 
 # Install gcc to be able to compile wheels for python packages
 RUN apk add --no-cache gcc musl-dev python3-dev
@@ -22,13 +22,13 @@ RUN wget --no-verbose https://github.com/Checkmarx/kics/archive/refs/tags/v${KIC
     && go build -o ./bin/kics cmd/console/main.go
 
 # Python run stage
-FROM python:3.12.7-alpine AS python-run-stage
+FROM python:3.12.8-alpine AS python-run-stage
 
-ARG GITLEAKS_VERSION=8.22.0
+ARG GITLEAKS_VERSION=8.22.1
 ARG GRYPE_VERSION=0.86.1
 ARG KICS_VERSION=2.1.3
-ARG TRIVY_VERSION=0.58.0
-ARG TFSEC_VERSION=1.28.11
+ARG TRIVY_VERSION=0.58.1
+ARG TFSEC_VERSION=1.28.12
 
 ARG CREATED
 ARG REVISION

diff --git a/docker/requirements.txt b/docker/requirements.txt
@@ -5,15 +5,15 @@ bandit-sarif-formatter==1.1.1  # https://github.com/microsoft/bandit-sarif-forma
 
 # Checkov
 # ----------------------------------------------------------------
-checkov==3.2.344  # https://github.com/bridgecrewio/checkov
+checkov==3.2.347  # https://github.com/bridgecrewio/checkov
 
 # Semgrep
 # ----------------------------------------------------------------
 semgrep==1.101.0  # https://github.com/returntocorp/semgrep
 
 # CryptoLyzer
 # ----------------------------------------------------------------
-CryptoLyzer==0.12.5  # https://gitlab.com/coroner/cryptolyzer
+CryptoLyzer==0.12.6  # https://gitlab.com/coroner/cryptolyzer
 
 # Importer
 # ----------------------------------------------------------------

diff --git a/templates/DAST/cryptolyzer.yml b/templates/DAST/cryptolyzer.yml
@@ -1,6 +1,6 @@
 .cryptolyzer:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: post_deploy
   variables:
     GIT_STRATEGY: none

diff --git a/templates/DAST/drheader.yml b/templates/DAST/drheader.yml
@@ -1,6 +1,6 @@
 .drheader:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: post_deploy
   variables:
     GIT_STRATEGY: none

diff --git a/templates/DAST/zap.yml b/templates/DAST/zap.yml
@@ -1,6 +1,6 @@
 .zap:
   image:
-    name: maibornwolff/secobserve-scanners-zap:2024_12
+    name: maibornwolff/secobserve-scanners-zap:2025_01
   stage: post_deploy
   variables:
     GIT_STRATEGY: none

diff --git a/templates/SAST/bandit.yml b/templates/SAST/bandit.yml
@@ -1,6 +1,6 @@
 .bandit:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SAST/checkov.yml b/templates/SAST/checkov.yml
@@ -1,6 +1,6 @@
 .checkov:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SAST/eslint.yml b/templates/SAST/eslint.yml
@@ -1,6 +1,6 @@
 .eslint:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SAST/kics.yml b/templates/SAST/kics.yml
@@ -1,6 +1,6 @@
 .kics:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SAST/semgrep.yml b/templates/SAST/semgrep.yml
@@ -1,6 +1,6 @@
 .semgrep:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SAST/tfsec.yml b/templates/SAST/tfsec.yml
@@ -1,6 +1,6 @@
 .kics:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SAST/trivy_config.yml b/templates/SAST/trivy_config.yml
@@ -1,6 +1,6 @@
 .kics:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SCA/grype_image.yml b/templates/SCA/grype_image.yml
@@ -1,6 +1,6 @@
 .grype_image:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     GIT_STRATEGY: none

diff --git a/templates/SCA/grype_sbom.yml b/templates/SCA/grype_sbom.yml
@@ -1,6 +1,6 @@
 .grype_image:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SCA/trivy_filesystem.yml b/templates/SCA/trivy_filesystem.yml
@@ -1,6 +1,6 @@
 .trivy_filesystem:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/SCA/trivy_image.yml b/templates/SCA/trivy_image.yml
@@ -1,6 +1,6 @@
 .trivy_image:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     GIT_STRATEGY: none

diff --git a/templates/check_security_gate.yml b/templates/check_security_gate.yml
@@ -1,6 +1,6 @@
 .check_security_gate:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: post_test
   variables:
     GIT_STRATEGY: none

diff --git a/templates/importer.yml b/templates/importer.yml
@@ -1,6 +1,6 @@
 .importer:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: upload
   variables:
     GIT_STRATEGY: none

diff --git a/templates/secrets/gitleaks.yml b/templates/secrets/gitleaks.yml
@@ -1,6 +1,6 @@
 .gitleaks:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/secrets/trivy_filesystem_secrets.yml b/templates/secrets/trivy_filesystem_secrets.yml
@@ -1,6 +1,6 @@
 .trivy_filesystem_secrets:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     FURTHER_PARAMETERS: ""

diff --git a/templates/secrets/trivy_image_secrets.yml b/templates/secrets/trivy_image_secrets.yml
@@ -1,6 +1,6 @@
 .trivy_image_secrets:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   stage: test
   variables:
     GIT_STRATEGY: none

diff --git a/templates/vulnerability_scanner.yml b/templates/vulnerability_scanner.yml
@@ -1,6 +1,6 @@
 .vulnerability_scanner:
   image:
-    name: maibornwolff/secobserve-scanners:2024_12
+    name: maibornwolff/secobserve-scanners:2025_01
   script:
     - scan_vulnerabilities.sh
   interruptible: true