diff --git a/.github/scripts/server-mock/package-lock.json b/.github/scripts/server-mock/package-lock.json
index 4666f2252ff..dfced2cc55b 100644
--- a/.github/scripts/server-mock/package-lock.json
+++ b/.github/scripts/server-mock/package-lock.json
@@ -52,20 +52,6 @@
"npm": "1.2.8000 || >= 1.4.16"
}
},
- "node_modules/body-parser/node_modules/qs": {
- "version": "6.13.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
- "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
- "dependencies": {
- "side-channel": "^1.0.6"
- },
- "engines": {
- "node": ">=0.6"
- },
- "funding": {
- "url": "https://github.com/sponsors/ljharb"
- }
- },
"node_modules/bytes": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
@@ -112,9 +98,9 @@
}
},
"node_modules/cookie": {
- "version": "0.6.0",
- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
- "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+ "version": "0.7.1",
+ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+ "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
"engines": {
"node": ">= 0.6"
}
@@ -211,23 +197,23 @@
}
},
"node_modules/express": {
- "version": "4.20.0",
- "resolved": "https://registry.npmjs.org/express/-/express-4.20.0.tgz",
- "integrity": "sha512-pLdae7I6QqShF5PnNTCVn4hI91Dx0Grkn2+IAsMTgMIKuQVte2dN9PeGSSAME2FR8anOhVA62QDIUaWVfEXVLw==",
+ "version": "4.21.1",
+ "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
+ "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
"dependencies": {
"accepts": "~1.3.8",
"array-flatten": "1.1.1",
"body-parser": "1.20.3",
"content-disposition": "0.5.4",
"content-type": "~1.0.4",
- "cookie": "0.6.0",
+ "cookie": "0.7.1",
"cookie-signature": "1.0.6",
"debug": "2.6.9",
"depd": "2.0.0",
"encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
- "finalhandler": "1.2.0",
+ "finalhandler": "1.3.1",
"fresh": "0.5.2",
"http-errors": "2.0.0",
"merge-descriptors": "1.0.3",
@@ -236,11 +222,11 @@
"parseurl": "~1.3.3",
"path-to-regexp": "0.1.10",
"proxy-addr": "~2.0.7",
- "qs": "6.11.0",
+ "qs": "6.13.0",
"range-parser": "~1.2.1",
"safe-buffer": "5.2.1",
"send": "0.19.0",
- "serve-static": "1.16.0",
+ "serve-static": "1.16.2",
"setprototypeof": "1.2.0",
"statuses": "2.0.1",
"type-is": "~1.6.18",
@@ -252,12 +238,12 @@
}
},
"node_modules/finalhandler": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
- "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+ "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
"dependencies": {
"debug": "2.6.9",
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
@@ -268,14 +254,6 @@
"node": ">= 0.8"
}
},
- "node_modules/finalhandler/node_modules/encodeurl": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
- "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
- "engines": {
- "node": ">= 0.8"
- }
- },
"node_modules/forwarded": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
@@ -527,11 +505,11 @@
}
},
"node_modules/qs": {
- "version": "6.11.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
- "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+ "version": "6.13.0",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
+ "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
"dependencies": {
- "side-channel": "^1.0.4"
+ "side-channel": "^1.0.6"
},
"engines": {
"node": ">=0.6"
@@ -623,11 +601,11 @@
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
},
"node_modules/serve-static": {
- "version": "1.16.0",
- "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.0.tgz",
- "integrity": "sha512-pDLK8zwl2eKaYrs8mrPZBJua4hMplRWJ1tIFksVC3FtBEBnl8dxgeHtsaMS8DhS9i4fLObaon6ABoc4/hQGdPA==",
+ "version": "1.16.2",
+ "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+ "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
"dependencies": {
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"parseurl": "~1.3.3",
"send": "0.19.0"
@@ -636,14 +614,6 @@
"node": ">= 0.8.0"
}
},
- "node_modules/serve-static/node_modules/encodeurl": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
- "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
- "engines": {
- "node": ">= 0.8"
- }
- },
"node_modules/set-function-length": {
"version": "1.2.2",
"resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml
index 58ee37ed0a9..d5ff32d3515 100644
--- a/.github/workflows/go-ci-coverage.yaml
+++ b/.github/workflows/go-ci-coverage.yaml
@@ -33,11 +33,11 @@ jobs:
curl -L \
https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg
cat coverage.svg
- - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: ${{ runner.os }}-badge-latest
path: coverage.svg
- - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: ${{ runner.os }}-coverage-latest
path: coverage.html
diff --git a/.github/workflows/go-ci-integration.yml b/.github/workflows/go-ci-integration.yml
index 328fc24c2f6..dec5339b438 100644
--- a/.github/workflows/go-ci-integration.yml
+++ b/.github/workflows/go-ci-integration.yml
@@ -22,7 +22,7 @@ jobs:
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -49,7 +49,7 @@ jobs:
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run docker image and generate results.json
run: |
- docker run -v ${PWD}/assets/queries:/path \
+ docker run --user $(id -u):$(id -g) -v ${PWD}/assets/queries:/path \
kics:${{ github.sha }} scan \
--silent \
--disable-full-descriptions \
@@ -59,7 +59,7 @@ jobs:
-p "/path" \
-o "/path/"
- name: Archive test logs
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
if: always()
with:
name: integration-logs-${{ github.event.pull_request.head.sha }}
@@ -68,7 +68,7 @@ jobs:
run: |
cat ${PWD}/assets/queries/results.json
- name: Archive test results
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: integration-results-${{ github.event.pull_request.head.sha }}
path: assets/queries/results.json
diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml
index 2cfc340e32a..7d7f03b1121 100644
--- a/.github/workflows/go-ci-metrics.yaml
+++ b/.github/workflows/go-ci-metrics.yaml
@@ -26,7 +26,7 @@ jobs:
curl -L \
https://img.shields.io/badge/Queries-${{ steps.metrics.outputs.total_queries }}-blue.svg > queries.svg
cat queries.svg
- - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: ${{ runner.os }}-queries-badge-latest
path: queries.svg
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
index 283ccd97dc1..a8de9fd3876 100644
--- a/.github/workflows/go-ci.yml
+++ b/.github/workflows/go-ci.yml
@@ -56,7 +56,7 @@ jobs:
shell: bash
run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT
- name: Cache dependencies
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.go-cache-paths.outputs.GO_BUILD }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -86,7 +86,7 @@ jobs:
go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log
- name: Archive test logs
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
path: unit-test.log
diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml
index caeb9b1369b..265eebe03a5 100644
--- a/.github/workflows/go-e2e-debian.yaml
+++ b/.github/workflows/go-e2e-debian.yaml
@@ -44,7 +44,7 @@ jobs:
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -100,7 +100,7 @@ jobs:
DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/')
- name: Archive test report
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: e2e-tests-report-dockerfile-$DOCKER_NAME
path: e2e-report.html
diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml
index 873b85d2b02..e7efbd6a643 100644
--- a/.github/workflows/go-e2e.yaml
+++ b/.github/workflows/go-e2e.yaml
@@ -45,7 +45,7 @@ jobs:
id: buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -96,9 +96,10 @@ jobs:
- name: Get docker name
run: |
DOCKER_NAME=$(echo ${{ matrix.kics-docker }} | sed 's/\//-/')
+ echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV
- name: Archive test report
if: always()
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
- name: e2e-tests-report-$DOCKER_NAME
+ name: e2e-tests-report-${{ env.DOCKER_NAME }}
path: e2e-report.html
diff --git a/.github/workflows/go-test-race.yml b/.github/workflows/go-test-race.yml
index 43043c320e1..9a260889ba0 100644
--- a/.github/workflows/go-test-race.yml
+++ b/.github/workflows/go-test-race.yml
@@ -27,7 +27,7 @@ jobs:
echo "::set-output name=go-build::$(go env GOCACHE)"
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
- name: Cache dependencies
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.go-cache-paths.outputs.go-build }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -45,7 +45,7 @@ jobs:
exit $result_code
- name: Archive test logs
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
path: unit-test.log
diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml
index 87f6be481d3..4dfb7aeb4f6 100644
--- a/.github/workflows/kics-gh-action.yaml
+++ b/.github/workflows/kics-gh-action.yaml
@@ -11,7 +11,7 @@ jobs:
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run KICS Scan
- uses: checkmarx/kics-github-action@252e73959bd4809a14863cbfbb42d7a90d5a4860 # v2.1.1
+ uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3
with:
token: ${{ secrets.GITHUB_TOKEN }}
path: "./Dockerfile"
@@ -20,7 +20,7 @@ jobs:
output_path: ./results
output_formats: json,html
type: dockerfile
- - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: results
path: ./results
diff --git a/.github/workflows/release-apispec.yml b/.github/workflows/release-apispec.yml
deleted file mode 100644
index d41daa8d666..00000000000
--- a/.github/workflows/release-apispec.yml
+++ /dev/null
@@ -1,196 +0,0 @@
-name: goreleaser-apispec
-
-on:
- workflow_dispatch:
-
-jobs:
- goreleaser:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- with:
- fetch-depth: 0
- - name: Set short hash
- id: shorthash
- run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-8)"
- - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
- if: always()
- with:
- github-token: ${{ secrets.KICS_BOT_PAT }}
- webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
- card-layout-start: cozy
- card-layout-exit: complete
- show-on-start: true
- show-on-exit: true
- custom-facts: |
- - name: APISpec Release Commit
- value: ${{ steps.shorthash.outputs.sha8 }}
- custom-actions: |
- - name: View CI Logs
- value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
- - name: View HEAD Commit
- value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- - name: Set up Go
- uses: actions/setup-go@v5
- with:
- go-version: 1.23.x
- - name: Run GoReleaser
- uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 #v5.1.0
- with:
- version: v0.160.0
- args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-apispec.yml"
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
- DESCRIPTIONS_URL: ${{ secrets.DESCRIPTIONS_URL }}
- APISCANNER: "true"
- - name: delete release
- uses: dev-drprasad/delete-tag-and-release@82600feb9527126eca69833f07bafe53279bd9b4 # v1.1
- with:
- delete_release: true # default: false
- tag_name: apispec # tag name to delete
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Create Release
- id: create_release
- uses: actions/create-release@v1.1.4
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- tag_name: apispec
- release_name: apispec-${{ steps.shorthash.outputs.sha8 }}
- draft: false
- prerelease: true
- - name: Display assets
- run: |
- ls -l /home/runner/work/kics/kics/dist
- - name: Upload Release Asset Linux
- id: upload-release-asset-linux
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
- asset_path: /home/runner/work/kics/kics/dist/kics_apispec_linux_x64.tar.gz
- asset_name: kics_apispec-release_linux_amd64.tar.gz
- asset_content_type: application/gzip
- - name: Upload Release Asset Darwin
- id: upload-release-asset-darwin
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
- asset_path: /home/runner/work/kics/kics/dist/kics_apispec_darwin_x64.tar.gz
- asset_name: kics_apispec-release_darwin_amd64.tar.gz
- asset_content_type: application/gzip
- - name: Upload Release Asset Windows
- id: upload-release-asset-windows
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
- asset_path: /home/runner/work/kics/kics/dist/kics_apispec_windows_x64.zip
- asset_name: kics_apispec-release_windows_amd64.zip
- asset_content_type: application/zip
- - name: Upload Release Asset Checksum
- id: upload-release-asset-checksums
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
- asset_path: /home/runner/work/kics/kics/dist/kics_apispec_checksums.txt
- asset_name: kics_apispec-release_checksums.txt
- asset_content_type: text/plain
- push_to_registry:
- name: Push Docker image to Docker Hub
- runs-on: ubuntu-latest
- steps:
- - name: Check out the repo
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
- if: always()
- with:
- github-token: ${{ secrets.KICS_BOT_PAT }}
- webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
- card-layout-start: cozy
- card-layout-exit: complete
- show-on-start: true
- show-on-exit: true
- custom-facts: |
- - name: APISpec Release Commit
- value: ${{ steps.shorthash.outputs.sha8 }}
- custom-actions: |
- - name: View CI Logs
- value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
- - name: View HEAD Commit
- value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- - name: Login to DockerHub
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Push alpine to Docker Hub
- id: build_alpine
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
- with:
- context: .
- push: true
- file: ./docker/Dockerfile.apispec
- tags: checkmarx/kics:apispec,checkmarx/kics:apispec-alpine
- build-args: |
- VERSION=apipsec-${{ steps.shorthash.outputs.sha8 }}
- COMMIT=${{ github.sha }}
- DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
- APISCANNER="true"
- - name: Build and push debian to Docker Hub
- id: build_debian
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
- with:
- context: .
- file: ./docker/Dockerfile.apispec.debian
- push: true
- tags: checkmarx/kics:apispec-debian,checkmarx/kics:apispec-debian-latest
- build-args: |
- VERSION=apipsec-${{ steps.shorthash.outputs.sha8 }}
- COMMIT=${{ github.sha }}
- DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
- APISCANNER="true"
- - name: Export Image Digests
- run: |
- VERSION=apispec
-
- COMMIT_SHA8=${{ steps.shorthash.outputs.sha8 }}
- DATE=$(date +'%Y-%m-%d')
- DIGEST=${{ steps.build_alpine.outputs.digest }}
- ALPINE_DIGEST=${{ steps.build_alpine.outputs.digest }}
- DEBIAN_DIGEST=${{ steps.build_debian.outputs.digest }}
-
- echo "scratch,${COMMIT_SHA8},${DATE},${DIGEST}" >> docs/docker/apispec.csv
- echo "alpine,${COMMIT_SHA8},${DATE},${ALPINE_DIGEST}" >> docs/docker/apispec.csv
- echo "debian,${COMMIT_SHA8},${DATE},${DEBIAN_DIGEST}" >> docs/docker/apispec.csv
- - uses: actions/setup-python@v4
- with:
- python-version: 3.x
- - name: Generate .md table
- run: |
- pip install csvtomd
- csvtomd docs/docker/apispec.csv > docs/docker/apispec.md
- - name: Create Pull Request
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
- with:
- title: "docs(kicsbot): update images digest"
- token: ${{ secrets.KICS_BOT_PAT }}
- commit-message: "docs(kicsbot): update images digest"
- delete-branch: true
- branch: feature/kicsbot-update-queries-docs
- body: |
- **Automated Changes**
- Updating docker images digests
- Triggered by SHA: _${{ github.sha }}_
- labels: documentation
diff --git a/.github/workflows/release-dkr-image-for-tag.yml b/.github/workflows/release-dkr-image-for-tag.yml
deleted file mode 100644
index f1d37aeabff..00000000000
--- a/.github/workflows/release-dkr-image-for-tag.yml
+++ /dev/null
@@ -1,112 +0,0 @@
-name: release-manual-docker-tag-latest
-
-on:
- workflow_dispatch:
- inputs:
- tag:
- description: "Git Tag"
- required: true
- latest:
- description: "true if image is latest"
- default: "false"
-
-jobs:
- push_to_registry:
- name: Push Docker image to Docker Hub
- runs-on: ubuntu-latest
- env:
- DOCKER_CLI_EXPERIMENTAL: "enabled"
- steps:
- - name: Check out the repo
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- with:
- ref: ${{ github.event.inputs.tag }}
- - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
- if: always()
- with:
- github-token: ${{ secrets.KICS_BOT_PAT }}
- webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
- card-layout-start: cozy
- card-layout-exit: complete
- show-on-start: true
- show-on-exit: true
- custom-actions: |
- - name: View CI Logs
- value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}
- - name: View HEAD Commit
- value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- - name: Prepare
- id: prep
- run: |
- DOCKER_IMAGE=Checkmarx/kics
- VERSION=${{ github.event.inputs.tag }}
- TAGS="${DOCKER_IMAGE}:${VERSION}"
- ALPINE_TAGS="${TAGS}-alpine"
- DEBIAN_TAGS="${TAGS}-debian"
- UBI8_TAGS="${TAGS}-ubi8"
-
- if [ "${{ github.event.inputs.latest }}" = "true" ]; then
- TAGS=${TAGS},${DOCKER_IMAGE}:latest
- ALPINE_TAGS="{ALPINE_TAGS},${DOCKER_IMAGE}:alpine"
- DEBIAN_TAGS="{DEBIAN_TAGS},${DOCKER_IMAGE}:debian"
- UBI8_TAGS="{UBI8_TAGS},${DOCKER_IMAGE}:ubi8"
- fi
-
- echo ::set-output name=tags::${TAGS}
- echo ::set-output name=alpine_tags::${ALPINE_TAGS}
- echo ::set-output name=debian_tags::${DEBIAN_TAGS}
- echo ::set-output name=ubi8_tags::${UBI8_TAGS}
- - name: Set up QEMU
- uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
- with:
- image: tonistiigi/binfmt:latest
- platforms: linux/amd64,linux/arm64
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- - name: Login to DockerHub
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
- with:
- username: ${{ secrets.DOCKER_USERNAME }}
- password: ${{ secrets.DOCKER_PASSWORD }}
- - name: Push alpine to Docker Hub
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
- with:
- context: .
- push: true
- platforms: linux/amd64,linux/arm64
- tags: ${{ steps.prep.outputs.tags }},${{ steps.prep.outputs.alpine_tags }}
- build-args: |
- VERSION=${{ github.event.inputs.tag }}
- COMMIT=${{ github.sha }}
- SENTRY_DSN=${{ secrets.SENTRY_DSN }}
- DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
- - name: Push debian to Docker Hub
- if: ${{ hashFiles('./docker/Dockerfile.debian') }} != ""
- id: build_debian
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
- with:
- context: .
- file: ./docker/Dockerfile.debian
- push: true
- platforms: linux/amd64,linux/arm64
- tags: ${{ steps.prep.outputs.debian_tags }}
- build-args: |
- VERSION=${{ github.event.inputs.tag }}
- COMMIT=${{ github.sha }}
- SENTRY_DSN=${{ secrets.SENTRY_DSN }}
- DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
- - name: Push ubi8 to Docker Hub
- if: ${{ hashFiles('./docker/Dockerfile.ubi8') }} != ""
- id: build_ubi8
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
- with:
- context: .
- file: ./docker/Dockerfile.ubi8
- push: true
- platforms: linux/amd64
- tags: ${{ steps.prep.outputs.ubi8_tags }}
- build-args: |
- VERSION=${{ github.event.inputs.tag }}
- COMMIT=${{ github.sha }}
- SENTRY_DSN=${{ secrets.SENTRY_DSN }}
- DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml
index 35117f4cbb2..dff543f11e7 100644
--- a/.github/workflows/release-dkr-image.yml
+++ b/.github/workflows/release-dkr-image.yml
@@ -41,14 +41,33 @@ jobs:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+ uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to DockerHub
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
+ - name: Get current date
+ run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+ with:
+ images: "checkmarx/kics"
+ labels: |
+ org.opencontainers.image.title=KICS
+ org.opencontainers.image.version=${{ steps.get-version.outputs.version }}
+ org.opencontainers.image.vendor=Checkmarx
+ org.opencontainers.image.authors=KICS
+ org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
+ org.opencontainers.image.documentation=https://docs.kics.io
+ org.opencontainers.image.url=https://github.com/Checkmarx/kics
+ org.opencontainers.image.source=https://github.com/Checkmarx/kics
+ org.opencontainers.image.licenses=Apache-2.0
+ org.opencontainers.image.revision=${{ github.sha }}
+ org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push alpine to Docker Hub
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
id: build_alpine
with:
context: .
@@ -60,9 +79,10 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
- name: Build and push debian to Docker Hub
id: build_debian
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.debian
@@ -74,9 +94,10 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
- name: Build and push ubi8 to Docker Hub
id: build_ubi8
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.ubi8
@@ -88,6 +109,7 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
# TODO: dockerhub api does not support PAT yet
# https://github.com/docker/roadmap/issues/115#issuecomment-891694974
# https://github.com/docker/roadmap/issues/115
diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml
index cb2b87d578a..102e8f7639d 100644
--- a/.github/workflows/release-docker-github-actions.yaml
+++ b/.github/workflows/release-docker-github-actions.yaml
@@ -26,14 +26,33 @@ jobs:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+ uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to DockerHub
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
+ - name: Get current date
+ run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+ with:
+ images: "checkmarx/kics"
+ labels: |
+ org.opencontainers.image.title=KICS
+ org.opencontainers.image.version=${{ github.event.inputs.version }}
+ org.opencontainers.image.vendor=Checkmarx
+ org.opencontainers.image.authors=KICS
+ org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
+ org.opencontainers.image.documentation=https://docs.kics.io
+ org.opencontainers.image.url=https://github.com/Checkmarx/kics
+ org.opencontainers.image.source=https://github.com/Checkmarx/kics
+ org.opencontainers.image.licenses=Apache-2.0
+ org.opencontainers.image.revision=${{ github.sha }}
+ org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push Github Action Image to Docker Hub
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
id: build_gh_action
with:
context: .
@@ -45,6 +64,7 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
- name: Check out the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
diff --git a/.github/workflows/release-kics-cxone.yaml b/.github/workflows/release-kics-cxone.yaml
new file mode 100644
index 00000000000..88222571f63
--- /dev/null
+++ b/.github/workflows/release-kics-cxone.yaml
@@ -0,0 +1,45 @@
+name: release-kics-cxone
+on:
+ release:
+ types:
+ - published
+jobs:
+ create-branch:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ - name: Set up Git credentials
+ run: |
+ git config --global user.name "KICSBot"
+ git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+ git config --global url."https://${{ secrets.CHECKMARXDEV_GIT_TOKEN }}@github.com".insteadOf "https://github.com"
+
+ - name: Clone internal repository
+ run: |
+ cd ..
+ git clone https://github.com/CheckmarxDev/${{ secrets.CHECKMARXDEV_KICS_RELEASER }}.git
+
+ - name: Create new branch for release ${{ github.event.release.name }}
+ run: |
+ cd ../${{ secrets.CHECKMARXDEV_KICS_RELEASER }}
+ git checkout --orphan ${{ github.event.release.name }}
+ find . -mindepth 1 \( -not -path './.*' -not -name 'README.md' -o -name '.gitignore' \) -delete
+
+ - name: Copy queries to new branch
+ run: |
+ mkdir -p ../${{ secrets.CHECKMARXDEV_KICS_RELEASER }}/kics-queries
+ rsync -av --exclude='*/test/*' --exclude='common/*' ./assets/queries/ ../${{ secrets.CHECKMARXDEV_KICS_RELEASER }}/kics-queries/
+
+ - name: Modify circleci configuration
+ run: |
+ sed -i 's/BRANCH_NAME_TEMPLATE_TO_REPLACE/${{ github.event.release.name }}/g' ../${{ secrets.CHECKMARXDEV_KICS_RELEASER }}/.circleci/config.yml
+ sed -i 's/BRANCH_NAME_TEMPLATE_TO_REPLACE/${{ github.event.release.name }}/g' ../${{ secrets.CHECKMARXDEV_KICS_RELEASER }}/.github/workflows/*.yaml
+
+ - name: Push branch
+ run: |
+ cd ../${{ secrets.CHECKMARXDEV_KICS_RELEASER }}
+ git add .
+ git commit -m "AUTO: Add queries from release ${{ github.event.release.name }} to ${{ secrets.CHECKMARXDEV_KICS_RELEASER }}"
+ git push origin ${{ github.event.release.name }}
\ No newline at end of file
diff --git a/.github/workflows/release-kics-queries-repo-branch.yaml b/.github/workflows/release-kics-queries-repo-branch.yaml
deleted file mode 100644
index 07a11e75d71..00000000000
--- a/.github/workflows/release-kics-queries-repo-branch.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: release-kics-queries-repo-branch
-on:
- release:
- types:
- - published
-jobs:
- create-branch:
- runs-on: ubuntu-latest
- env:
- REPO_NAME: "kics-queries-repo"
- steps:
- - name: Checkout code
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
- - name: Set up Git credentials
- run: |
- git config --global user.name "KICSBot"
- git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
- git config --global url."https://${{ secrets.CHECKMARXDEV_GIT_TOKEN }}@github.com".insteadOf "https://github.com"
-
- - name: Clone kics-queries-repo from CheckmarxDev
- run: |
- cd ..
- git clone https://github.com/CheckmarxDev/$REPO_NAME.git
-
- - name: Create new branch for release ${{ github.event.release.name }}
- run: |
- cd ../$REPO_NAME
- git checkout -b ${{ github.event.release.name }}
-
- - name: Copy queries to new branch
- run: |
- mkdir -p ../$REPO_NAME/kics-queries
- rsync -av --exclude='*/test/*' --exclude='common/*' ./assets/queries/ ../$REPO_NAME/kics-queries/
-
- - name: Modify circleci configuration
- run: |
- sed -i 's/branch_name_template_to_replace/${{ github.event.release.name }}/g' ../$REPO_NAME/.circleci/config.yml
-
- - name: Push branch
- run: |
- cd ../$REPO_NAME
- git add .
- git commit -m "Add queries from release ${{ github.event.release.name }} to $REPO_NAME"
- git push origin ${{ github.event.release.name }}
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index 013fdab20a7..fc6adbccbd9 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -152,15 +152,34 @@ jobs:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+ uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to DockerHub
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
+ - name: Get current date
+ run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
+ - name: Docker meta
+ id: meta
+ uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+ with:
+ images: "checkmarx/kics"
+ labels: |
+ org.opencontainers.image.title=KICS
+ org.opencontainers.image.version=nightly-${{ needs.pre_release_job.outputs.sha8 }}
+ org.opencontainers.image.vendor=Checkmarx
+ org.opencontainers.image.authors=KICS
+ org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
+ org.opencontainers.image.documentation=https://docs.kics.io
+ org.opencontainers.image.url=https://github.com/Checkmarx/kics
+ org.opencontainers.image.source=https://github.com/Checkmarx/kics
+ org.opencontainers.image.licenses=Apache-2.0
+ org.opencontainers.image.revision=${{ github.sha }}
+ org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push alpine to Docker Hub
id: build_alpine
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
push: true
@@ -170,9 +189,10 @@ jobs:
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
- name: Build and push debian to Docker Hub
id: build_debian
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.debian
@@ -183,9 +203,10 @@ jobs:
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
- name: Build and push ubi8 to Docker Hub
id: build_ubi8
- uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+ uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.ubi8
@@ -196,6 +217,7 @@ jobs:
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+ labels: ${{ steps.meta.outputs.labels }}
- name: Create Pull Request
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
with:
diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml
index 3ccf3e5c4db..a066a014ca2 100644
--- a/.github/workflows/sec-checks.yaml
+++ b/.github/workflows/sec-checks.yaml
@@ -19,6 +19,7 @@ jobs:
format: 'table'
output: './results.txt'
severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+ skip-dirs: '.github'
exit-code: '1'
# trivy-config: trivy.yaml
- name: Inspect action report
@@ -26,7 +27,7 @@ jobs:
run: cat ./results.txt
- name: Upload artifact
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: trivy-fs-scan-results
path: ./results.txt
@@ -74,7 +75,7 @@ jobs:
run: cat ./results.txt
- name: Upload artifact
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: trivy-docker-image-scan-results
path: ./results.txt
@@ -151,7 +152,7 @@ jobs:
run: cat ./results.txt
- name: Upload artifact
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: govulncheck-fs-scan-results
path: ./results.txt
@@ -177,7 +178,18 @@ jobs:
run: cat ./results.txt
- name: Upload artifact
if: always()
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: govulncheck-binary-scan-results
path: ./results.txt
+ - name: Inspect final dependencies from binary
+ if: github.event_name == 'pull_request'
+ run: |
+ strings ./bin/kics | grep -P "dep\t" | sort -u > binary_dependencies.txt
+ cat binary_dependencies.txt
+ - name: Upload artifact
+ if: always()
+ uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ with:
+ name: binary-dependencies
+ path: ./binary_dependencies.txt
\ No newline at end of file
diff --git a/.grype.yaml b/.grype.yaml
index 1e526650ca5..3a0f3e28fbb 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -7,3 +7,5 @@ ignore:
location: "/usr/bin/terraform"
- package:
location: "/usr/local/bin/terraform"
+exclude:
+ - './.github/scripts/**' # test files
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 4c62257adba..6badba2abcb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM cgr.dev/chainguard/go@sha256:1e17e06119fc26b78a9a2208aeab6209f9ef90b6a19f3fc69d4cc581e70d09bf as build_env
+FROM checkmarx/go:1.23.4-r0@sha256:07aa6232e1255b14e2cbde76323059af733b5017890d64670b57d51b33744220 AS build_env
# Copy the source from the current directory to the Working Directory inside the container
WORKDIR /app
@@ -21,17 +21,15 @@ RUN go mod download -x
COPY . .
# Build the Go app
-RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
-ldflags "-s -w -X github.com/Checkmarx/kics/v2/internal/constants.Version=${VERSION} -X github.com/Checkmarx/kics/v2/internal/constants.SCMCommit=${COMMIT} -X github.com/Checkmarx/kics/v2/internal/constants.SentryDSN=${SENTRY_DSN} -X github.com/Checkmarx/kics/v2/internal/constants.BaseURL=${DESCRIPTIONS_URL}" \
-a -installsuffix cgo \
-o bin/kics cmd/console/main.go
-USER nonroot
-
# Runtime image
# Ignore no User Cmd since KICS container is stopped afer scan
# kics-scan ignore-line
-FROM cgr.dev/chainguard/git@sha256:d007b76406e3e77d8f35b26620ffd1f82d71c61d0c900530c2ac4666a96822b8
+FROM checkmarx/git:2.47.0-r0@sha256:2f3ce1eb50ac04e3a9930a5f71526e3e3e22cd09964a9a2aab9d4c3787f25b21
ENV TERM xterm-256color
@@ -45,6 +43,8 @@ COPY --from=build_env /app/assets/libraries/* /app/bin/assets/libraries/
WORKDIR /app/bin
+USER 65532
+
# Healthcheck the container
ENV PATH $PATH:/app/bin
diff --git a/README.md b/README.md
index 90d3f84ff17..66621d7a521 100644
--- a/README.md
+++ b/README.md
@@ -192,6 +192,11 @@ Find security vulnerabilities, compliance issues, and infrastructure misconfigur
+
+
+
+
+ |
### Beta Features
@@ -202,8 +207,6 @@ Find security vulnerabilities, compliance issues, and infrastructure misconfigur
-
-
@@ -267,4 +270,4 @@ KICS is used by various companies and organizations, some are listed below. If y
---
-© 2024 Checkmarx Ltd. All Rights Reserved.
\ No newline at end of file
+© 2025 Checkmarx Ltd. All Rights Reserved.
\ No newline at end of file
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/positive_expected_result.json b/assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/positive_expected_result.json
deleted file mode 100644
index 8d8cde32c89..00000000000
--- a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/positive_expected_result.json
+++ /dev/null
@@ -1,7 +0,0 @@
-[
- {
- "queryName": "Allow Unsafe Lookups Enabled",
- "severity": "HIGH",
- "line": 19
- }
-]
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/metadata.json b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/metadata.json
similarity index 88%
rename from assets/queries/ansible/config/allow_unsafe_lookups_enabled/metadata.json
rename to assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/metadata.json
index 35dd02a7534..465f4b407f5 100644
--- a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/metadata.json
+++ b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/metadata.json
@@ -1,6 +1,6 @@
{
"id": "86b97bb4-85c9-462d-8635-cbc057c5c8c5",
- "queryName": "Allow Unsafe Lookups Enabled",
+ "queryName": "Allow Unsafe Lookups Enabled In Defaults",
"severity": "HIGH",
"category": "Insecure Configurations",
"descriptionText": "When enabled, this option allows lookup plugins to return data that is not marked 'unsafe'.",
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/query.rego b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/query.rego
similarity index 100%
rename from assets/queries/ansible/config/allow_unsafe_lookups_enabled/query.rego
rename to assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/query.rego
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/negative1.cfg b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/negative1.cfg
similarity index 100%
rename from assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/negative1.cfg
rename to assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/negative1.cfg
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/negative2.cfg b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/negative2.cfg
similarity index 100%
rename from assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/negative2.cfg
rename to assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/negative2.cfg
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/positive1.cfg b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/positive1.cfg
similarity index 100%
rename from assets/queries/ansible/config/allow_unsafe_lookups_enabled/test/positive1.cfg
rename to assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/positive1.cfg
diff --git a/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/positive_expected_result.json b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/positive_expected_result.json
new file mode 100644
index 00000000000..ab2ceef570a
--- /dev/null
+++ b/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults/test/positive_expected_result.json
@@ -0,0 +1,7 @@
+[
+ {
+ "queryName": "Allow Unsafe Lookups Enabled In Defaults",
+ "severity": "HIGH",
+ "line": 19
+ }
+]
diff --git a/assets/queries/ansible/config/communication_over_http/test/positive_expected_result.json b/assets/queries/ansible/config/communication_over_http/test/positive_expected_result.json
deleted file mode 100644
index b576bce1997..00000000000
--- a/assets/queries/ansible/config/communication_over_http/test/positive_expected_result.json
+++ /dev/null
@@ -1,7 +0,0 @@
-[
- {
- "queryName": "Communication over HTTP",
- "severity": "MEDIUM",
- "line": 5
- }
-]
diff --git a/assets/queries/ansible/config/communication_over_http/metadata.json b/assets/queries/ansible/config/communication_over_http_in_defaults/metadata.json
similarity index 88%
rename from assets/queries/ansible/config/communication_over_http/metadata.json
rename to assets/queries/ansible/config/communication_over_http_in_defaults/metadata.json
index 04fbc225c90..826632905c5 100644
--- a/assets/queries/ansible/config/communication_over_http/metadata.json
+++ b/assets/queries/ansible/config/communication_over_http_in_defaults/metadata.json
@@ -1,6 +1,6 @@
{
"id": "d7dc9350-74bc-485b-8c85-fed22d276c43",
- "queryName": "Communication over HTTP",
+ "queryName": "Communication Over HTTP In Defaults",
"severity": "MEDIUM",
"category": "Insecure Configurations",
"descriptionText": "Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks",
diff --git a/assets/queries/ansible/config/communication_over_http/query.rego b/assets/queries/ansible/config/communication_over_http_in_defaults/query.rego
similarity index 100%
rename from assets/queries/ansible/config/communication_over_http/query.rego
rename to assets/queries/ansible/config/communication_over_http_in_defaults/query.rego
diff --git a/assets/queries/ansible/config/communication_over_http/test/negative1.cfg b/assets/queries/ansible/config/communication_over_http_in_defaults/test/negative1.cfg
similarity index 100%
rename from assets/queries/ansible/config/communication_over_http/test/negative1.cfg
rename to assets/queries/ansible/config/communication_over_http_in_defaults/test/negative1.cfg
diff --git a/assets/queries/ansible/config/communication_over_http/test/positive1.cfg b/assets/queries/ansible/config/communication_over_http_in_defaults/test/positive1.cfg
similarity index 100%
rename from assets/queries/ansible/config/communication_over_http/test/positive1.cfg
rename to assets/queries/ansible/config/communication_over_http_in_defaults/test/positive1.cfg
diff --git a/assets/queries/ansible/config/communication_over_http_in_defaults/test/positive_expected_result.json b/assets/queries/ansible/config/communication_over_http_in_defaults/test/positive_expected_result.json
new file mode 100644
index 00000000000..af3bb39b39d
--- /dev/null
+++ b/assets/queries/ansible/config/communication_over_http_in_defaults/test/positive_expected_result.json
@@ -0,0 +1,7 @@
+[
+ {
+ "queryName": "Communication Over HTTP In Defaults",
+ "severity": "MEDIUM",
+ "line": 5
+ }
+]
diff --git a/assets/queries/ansible/config/logging_of_sensitive_data/metadata.json b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/metadata.json
similarity index 89%
rename from assets/queries/ansible/config/logging_of_sensitive_data/metadata.json
rename to assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/metadata.json
index fb13738219d..3940ee40b10 100644
--- a/assets/queries/ansible/config/logging_of_sensitive_data/metadata.json
+++ b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/metadata.json
@@ -1,6 +1,6 @@
{
"id": "c6473dae-8477-4119-88b7-b909b435ce7b",
- "queryName": "Logging of Sensitive Data",
+ "queryName": "Logging of Sensitive Data In Defaults",
"severity": "LOW",
"category": "Best Practices",
"descriptionText": "To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True",
diff --git a/assets/queries/ansible/config/logging_of_sensitive_data/query.rego b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/query.rego
similarity index 100%
rename from assets/queries/ansible/config/logging_of_sensitive_data/query.rego
rename to assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/query.rego
diff --git a/assets/queries/ansible/config/logging_of_sensitive_data/test/negative1.cfg b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/negative1.cfg
similarity index 100%
rename from assets/queries/ansible/config/logging_of_sensitive_data/test/negative1.cfg
rename to assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/negative1.cfg
diff --git a/assets/queries/ansible/config/logging_of_sensitive_data/test/positive1.cfg b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive1.cfg
similarity index 100%
rename from assets/queries/ansible/config/logging_of_sensitive_data/test/positive1.cfg
rename to assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive1.cfg
diff --git a/assets/queries/ansible/config/logging_of_sensitive_data/test/positive2.cfg b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive2.cfg
similarity index 100%
rename from assets/queries/ansible/config/logging_of_sensitive_data/test/positive2.cfg
rename to assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive2.cfg
diff --git a/assets/queries/ansible/config/logging_of_sensitive_data/test/positive_expected_result.json b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive_expected_result.json
similarity index 58%
rename from assets/queries/ansible/config/logging_of_sensitive_data/test/positive_expected_result.json
rename to assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive_expected_result.json
index 9a8b6096b93..4236128659b 100644
--- a/assets/queries/ansible/config/logging_of_sensitive_data/test/positive_expected_result.json
+++ b/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults/test/positive_expected_result.json
@@ -1,12 +1,12 @@
[
{
- "queryName": "Logging of Sensitive Data",
+ "queryName": "Logging of Sensitive Data In Defaults",
"severity": "LOW",
"filename": "positive1.cfg",
"line": 1
},
{
- "queryName": "Logging of Sensitive Data",
+ "queryName": "Logging of Sensitive Data In Defaults",
"severity": "LOW",
"filename": "positive2.cfg",
"line": 39
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/metadata.json b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/metadata.json
similarity index 85%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/metadata.json
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/metadata.json
index cc54e9dfb2f..cadcbf30734 100644
--- a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/metadata.json
+++ b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/metadata.json
@@ -1,6 +1,6 @@
{
"id": "404908b6-4954-4611-98f0-e8ceacdabcb1",
- "queryName": "Privilege Escalation Using Become Plugin",
+ "queryName": "Privilege Escalation Using Become Plugin In Defaults",
"severity": "MEDIUM",
"category": "Access Control",
"descriptionText": "In order to perform an action as a different user with the become_user, 'become' must be defined and set to 'true'",
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/query.rego b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/query.rego
similarity index 100%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/query.rego
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/query.rego
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/negative1.cfg b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/negative1.cfg
similarity index 100%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/negative1.cfg
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/negative1.cfg
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/negative2.cfg b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/negative2.cfg
similarity index 100%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/negative2.cfg
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/negative2.cfg
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive1.cfg b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive1.cfg
similarity index 100%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive1.cfg
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive1.cfg
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive2.cfg b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive2.cfg
similarity index 100%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive2.cfg
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive2.cfg
diff --git a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive_expected_result.json b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive_expected_result.json
similarity index 51%
rename from assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive_expected_result.json
rename to assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive_expected_result.json
index 107a868cad8..edcbda369aa 100644
--- a/assets/queries/ansible/config/privilege_escalation_using_become_plugin/test/positive_expected_result.json
+++ b/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults/test/positive_expected_result.json
@@ -1,12 +1,12 @@
[
{
- "queryName": "Privilege Escalation Using Become Plugin",
+ "queryName": "Privilege Escalation Using Become Plugin In Defaults",
"severity": "MEDIUM",
"filename": "positive1.cfg",
"line": 10
},
{
- "queryName": "Privilege Escalation Using Become Plugin",
+ "queryName": "Privilege Escalation Using Become Plugin In Defaults",
"severity": "MEDIUM",
"filename": "positive2.cfg",
"line": 12
diff --git a/assets/queries/dockerfile/last_user_is_root/metadata.json b/assets/queries/dockerfile/last_user_is_root/metadata.json
index ed4a7e9198d..9826eaefbf7 100644
--- a/assets/queries/dockerfile/last_user_is_root/metadata.json
+++ b/assets/queries/dockerfile/last_user_is_root/metadata.json
@@ -3,10 +3,11 @@
"queryName": "Last User Is 'root'",
"severity": "HIGH",
"category": "Best Practices",
- "descriptionText": "Leaving the last user as root can cause security risks. Change to another user after running the commands the need privileges",
+ "descriptionText": "Leaving the last user as root can cause security risks. Change to another user after running the commands that need privileges",
"descriptionUrl": "https://docs.docker.com/engine/reference/builder/#user",
"platform": "Dockerfile",
"descriptionID": "f445bd25",
+ "cloudProvider": "common",
"cwe": "250",
"oldSeverity": "MEDIUM"
}
\ No newline at end of file
diff --git a/assets/queries/terraform/aws/security_group_without_description/metadata.json b/assets/queries/terraform/aws/security_group_without_description/metadata.json
index 5bfdb684026..bb5dc873e8b 100644
--- a/assets/queries/terraform/aws/security_group_without_description/metadata.json
+++ b/assets/queries/terraform/aws/security_group_without_description/metadata.json
@@ -1,6 +1,6 @@
{
"id": "cb3f5ed6-0d18-40de-a93d-b3538db31e8c",
- "queryName": "Security Group Rule Without Description",
+ "queryName": "Security Group Without Description",
"severity": "INFO",
"category": "Best Practices",
"descriptionText": "It's considered a best practice for AWS Security Group to have a description",
@@ -9,4 +9,4 @@
"descriptionID": "bc535d27",
"cloudProvider": "aws",
"cwe": "710"
-}
\ No newline at end of file
+}
diff --git a/assets/queries/terraform/aws/security_group_without_description/test/positive_expected_result.json b/assets/queries/terraform/aws/security_group_without_description/test/positive_expected_result.json
index be1032186a6..359317244ee 100644
--- a/assets/queries/terraform/aws/security_group_without_description/test/positive_expected_result.json
+++ b/assets/queries/terraform/aws/security_group_without_description/test/positive_expected_result.json
@@ -1,6 +1,6 @@
[
{
- "queryName": "Security Group Rule Without Description",
+ "queryName": "Security Group Without Description",
"severity": "INFO",
"line": 1,
"filename": "positive1.tf"
diff --git a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/query.rego b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/query.rego
index 52586e85f73..9c312229f34 100644
--- a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/query.rego
+++ b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/query.rego
@@ -7,7 +7,7 @@ CxPolicy[result] {
app := input.document[i].resource.azurerm_app_service[name]
is_number(app.site_config.min_tls_version)
- app.site_config.min_tls_version != 1.2
+ app.site_config.min_tls_version != 1.3
result := {
"documentId": input.document[i].id,
@@ -15,12 +15,12 @@ CxPolicy[result] {
"resourceName": tf_lib.get_resource_name(app, name),
"searchKey": sprintf("azurerm_app_service[%s].site_config.min_tls_version", [name]),
"issueType": "IncorrectValue",
- "keyExpectedValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' should be set to '1.2'", [name]),
- "keyActualValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' is not set to '1.2'", [name]),
+ "keyExpectedValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' should be set to '1.3'", [name]),
+ "keyActualValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' is not set to '1.3'", [name]),
"searchLine": common_lib.build_search_line(["resource", "azurerm_app_service", name, "site_config", "min_tls_version"], []),
"remediation": json.marshal({
"before": sprintf("%.1f", [app.site_config.min_tls_version]),
- "after": "1.2"
+ "after": "1.3"
}),
"remediationType": "replacement",
}
@@ -30,7 +30,7 @@ CxPolicy[result] {
app := input.document[i].resource.azurerm_app_service[name]
not is_number(app.site_config.min_tls_version)
- app.site_config.min_tls_version != "1.2"
+ app.site_config.min_tls_version != "1.3"
result := {
"documentId": input.document[i].id,
@@ -38,12 +38,12 @@ CxPolicy[result] {
"resourceName": tf_lib.get_resource_name(app, name),
"searchKey": sprintf("azurerm_app_service[%s].site_config.min_tls_version", [name]),
"issueType": "IncorrectValue",
- "keyExpectedValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' should be set to '1.2'", [name]),
- "keyActualValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' is not set to '1.2'", [name]),
+ "keyExpectedValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' should be set to '1.3'", [name]),
+ "keyActualValue": sprintf("'azurerm_app_service[%s].site_config.min_tls_version' is not set to '1.3'", [name]),
"searchLine": common_lib.build_search_line(["resource", "azurerm_app_service", name, "site_config", "min_tls_version"], []),
"remediation": json.marshal({
"before": sprintf("%s", [app.site_config.min_tls_version]),
- "after": "1.2"
+ "after": "1.3"
}),
"remediationType": "replacement",
}
diff --git a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/negative1.tf b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/negative1.tf
index ca1680a6135..c882887f3fa 100644
--- a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/negative1.tf
+++ b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/negative1.tf
@@ -7,6 +7,6 @@ resource "azurerm_app_service" "negative1" {
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
- min_tls_version = 1.2
+ min_tls_version = 1.3
}
}
diff --git a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive2.tf b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive2.tf
new file mode 100644
index 00000000000..8e07d103e9d
--- /dev/null
+++ b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive2.tf
@@ -0,0 +1,12 @@
+resource "azurerm_app_service" "positive2" {
+ name = "example-app-service"
+ location = azurerm_resource_group.example.location
+ resource_group_name = azurerm_resource_group.example.name
+ app_service_plan_id = azurerm_app_service_plan.example.id
+
+ site_config {
+ dotnet_framework_version = "v4.0"
+ scm_type = "LocalGit"
+ min_tls_version = 1.2
+ }
+}
diff --git a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json
index 7142ab2e113..6debd505d34 100644
--- a/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json
+++ b/assets/queries/terraform/azure/app_service_not_using_latest_tls_encryption_version/test/positive_expected_result.json
@@ -4,5 +4,11 @@
"severity": "MEDIUM",
"line": 10,
"fileName": "positive1.tf"
+ },
+ {
+ "queryName": "App Service Not Using Latest TLS Encryption Version",
+ "severity": "MEDIUM",
+ "line": 10,
+ "fileName": "positive2.tf"
}
]
\ No newline at end of file
diff --git a/docker/Dockerfile.ubi8 b/docker/Dockerfile.ubi8
index ce6e89433ec..8273d875cd6 100644
--- a/docker/Dockerfile.ubi8
+++ b/docker/Dockerfile.ubi8
@@ -44,7 +44,7 @@ LABEL name="KICS" \
description="Checkmarx/kics is an opensource project that enable you to find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code find more in https://kics.io" \
maintainer="kics@checkmarx.com" \
vendor="Checkmarx" \
- version="v2.1.3" \
+ version="v2.1.4" \
release="1" \
io.k8s.display-name="KICS by Checkmarx" \
io.openshift.tags="kics checkmarx"
diff --git a/docs/index.md b/docs/index.md
index 3e5c363895b..03ad092b761 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -11,8 +11,8 @@
-
Version 2.1.3
-
2024.09.30
+
Version 2.1.4
+
2025.01.22
Contribute!
@@ -142,6 +142,11 @@ KICS scans and detects issues in following Infrastructure as Code solutions:
+
#### Beta Features
@@ -149,9 +154,6 @@ KICS scans and detects issues in following Infrastructure as Code solutions:
-
-
-
23a4dc83-4959-4d99-8056-8e051a82bc1e|Ansible|Low|Build Process|Query details
Documentation
|
|AKS Network Policy Misconfigured
8c3bedf1-c570-4c3b-b414-d068cd39a00c|Ansible|Low|Insecure Configurations|Query details
Documentation
|
|Small Activity Log Retention Period
37fafbea-dedb-4e0d-852e-d16ee0589326|Ansible|Low|Observability|Query details
Documentation
|
-|Allow Unsafe Lookups Enabled
86b97bb4-85c9-462d-8635-cbc057c5c8c5|Ansible|High|Insecure Configurations|Query details
Documentation
|
-|Privilege Escalation Using Become Plugin
404908b6-4954-4611-98f0-e8ceacdabcb1|Ansible|Medium|Access Control|Query details
Documentation
|
-|Communication over HTTP
d7dc9350-74bc-485b-8c85-fed22d276c43|Ansible|Medium|Insecure Configurations|Query details
Documentation
|
-|Logging of Sensitive Data
c6473dae-8477-4119-88b7-b909b435ce7b|Ansible|Low|Best Practices|Query details
Documentation
|
+|Allow Unsafe Lookups Enabled In Defaults
86b97bb4-85c9-462d-8635-cbc057c5c8c5|Ansible|High|Insecure Configurations|Query details
Documentation
|
+|Privilege Escalation Using Become Plugin In Defaults
404908b6-4954-4611-98f0-e8ceacdabcb1|Ansible|Medium|Access Control|Query details
Documentation
|
+|Communication Over HTTP In Defaults
d7dc9350-74bc-485b-8c85-fed22d276c43|Ansible|Medium|Insecure Configurations|Query details
Documentation
|
+|Logging of Sensitive Data In Defaults
c6473dae-8477-4119-88b7-b909b435ce7b|Ansible|Low|Best Practices|Query details
Documentation
|
|Cloud Storage Anonymous or Publicly Accessible
086031e1-9d4a-4249-acb3-5bfe4c363db2|Ansible|Critical|Access Control|Query details
Documentation
|
|SQL DB Instance Publicly Accessible
7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b|Ansible|Critical|Insecure Configurations|Query details
Documentation
|
|BigQuery Dataset Is Public
2263b286-2fe9-4747-a0ae-8b4768a2bbd2|Ansible|High|Access Control|Query details
Documentation
|
@@ -1490,8 +1490,8 @@ This page contains all queries.
|DynamoDB Table Point In Time Recovery Disabled
741f1291-47ac-4a85-a07b-3d32a9d6bd3e|Terraform|Info|Best Practices|Query details
Documentation
|
|EC2 Not EBS Optimized
60224630-175a-472a-9e23-133827040766|Terraform|Info|Best Practices|Query details
Documentation
|
|Resource Not Using Tags
e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10|Terraform|Info|Best Practices|Query details
Documentation
|
-|Security Group Rule Without Description
cb3f5ed6-0d18-40de-a93d-b3538db31e8c|Terraform|Info|Best Practices|Query details
Documentation
|
|Security Group Rule Without Description
68eb4bf3-f9bf-463d-b5cf-e029bb446d2e|Terraform|Info|Best Practices|Query details
Documentation
|
+|Security Group Without Description
cb3f5ed6-0d18-40de-a93d-b3538db31e8c|Terraform|Info|Best Practices|Query details
Documentation
|
|CloudWatch AWS Organizations Changes Missing Alarm
38b85c45-e772-4de8-a247-69619ca137b3|Terraform|Info|Observability|Query details
Documentation
|
|CloudWatch Without Retention Period Specified
ef0b316a-211e-42f1-888e-64efe172b755|Terraform|Info|Observability|Query details
Documentation
|
|BOM - AWS DynamoDB
23edf35f-7c22-4ff9-87e6-0ca74261cfbf|Terraform|Trace|Bill Of Materials|Query details
Documentation
|
diff --git a/docs/queries/ansible-queries.md b/docs/queries/ansible-queries.md
index eea9ed4db29..9812be68b22 100644
--- a/docs/queries/ansible-queries.md
+++ b/docs/queries/ansible-queries.md
@@ -188,10 +188,10 @@ Below are listed queries related to Ansible CONFIG:
| Query |Severity|Category|More info|
|------------------------------|--------|--------|-----------|
-|Allow Unsafe Lookups Enabled
86b97bb4-85c9-462d-8635-cbc057c5c8c5|High|Insecure Configurations|Query details
Documentation
|
-|Privilege Escalation Using Become Plugin
404908b6-4954-4611-98f0-e8ceacdabcb1|Medium|Access Control|Query details
Documentation
|
-|Communication over HTTP
d7dc9350-74bc-485b-8c85-fed22d276c43|Medium|Insecure Configurations|Query details
Documentation
|
-|Logging of Sensitive Data
c6473dae-8477-4119-88b7-b909b435ce7b|Low|Best Practices|Query details
Documentation
|
+|Allow Unsafe Lookups Enabled In Defaults
86b97bb4-85c9-462d-8635-cbc057c5c8c5|High|Insecure Configurations|Query details
Documentation
|
+|Privilege Escalation Using Become Plugin In Defaults
404908b6-4954-4611-98f0-e8ceacdabcb1|Medium|Access Control|Query details
Documentation
|
+|Communication Over HTTP In Defaults
d7dc9350-74bc-485b-8c85-fed22d276c43|Medium|Insecure Configurations|Query details
Documentation
|
+|Logging of Sensitive Data In Defaults
c6473dae-8477-4119-88b7-b909b435ce7b|Low|Best Practices|Query details
Documentation
|
### GCP
Below are listed queries related to Ansible GCP:
diff --git a/docs/queries/ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1.md b/docs/queries/ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1.md
index 85cb3cb0461..e9a0c42e9f8 100644
--- a/docs/queries/ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1.md
+++ b/docs/queries/ansible-queries/404908b6-4954-4611-98f0-e8ceacdabcb1.md
@@ -1,5 +1,5 @@
---
-title: Privilege Escalation Using Become Plugin
+title: Privilege Escalation Using Become Plugin In Defaults
hide:
toc: true
navigation: true
@@ -16,12 +16,12 @@ hide:
- **Query id:** 404908b6-4954-4611-98f0-e8ceacdabcb1
-- **Query name:** Privilege Escalation Using Become Plugin
+- **Query name:** Privilege Escalation Using Become Plugin In Defaults
- **Platform:** Ansible
- **Severity:** Medium
- **Category:** Access Control
- **CWE:** 286
-- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/privilege_escalation_using_become_plugin)
+- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/privilege_escalation_using_become_plugin_in_defaults)
### Description
In order to perform an action as a different user with the become_user, 'become' must be defined and set to 'true'
diff --git a/docs/queries/ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5.md b/docs/queries/ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5.md
index 571674c835c..71d5a009de0 100644
--- a/docs/queries/ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5.md
+++ b/docs/queries/ansible-queries/86b97bb4-85c9-462d-8635-cbc057c5c8c5.md
@@ -1,5 +1,5 @@
---
-title: Allow Unsafe Lookups Enabled
+title: Allow Unsafe Lookups Enabled In Defaults
hide:
toc: true
navigation: true
@@ -16,12 +16,12 @@ hide:
- **Query id:** 86b97bb4-85c9-462d-8635-cbc057c5c8c5
-- **Query name:** Allow Unsafe Lookups Enabled
+- **Query name:** Allow Unsafe Lookups Enabled In Defaults
- **Platform:** Ansible
- **Severity:** High
- **Category:** Insecure Configurations
- **CWE:** 200
-- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/allow_unsafe_lookups_enabled)
+- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/allow_unsafe_lookups_enabled_in_defaults)
### Description
When enabled, this option allows lookup plugins to return data that is not marked 'unsafe'.
diff --git a/docs/queries/ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b.md b/docs/queries/ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b.md
index 1415b09eb1b..d5f8d37c468 100644
--- a/docs/queries/ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b.md
+++ b/docs/queries/ansible-queries/c6473dae-8477-4119-88b7-b909b435ce7b.md
@@ -1,5 +1,5 @@
---
-title: Logging of Sensitive Data
+title: Logging of Sensitive Data In Defaults
hide:
toc: true
navigation: true
@@ -16,12 +16,12 @@ hide:
- **Query id:** c6473dae-8477-4119-88b7-b909b435ce7b
-- **Query name:** Logging of Sensitive Data
+- **Query name:** Logging of Sensitive Data In Defaults
- **Platform:** Ansible
- **Severity:** Low
- **Category:** Best Practices
- **CWE:** 532
-- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/logging_of_sensitive_data)
+- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/logging_of_sensitive_data_in_defaults)
### Description
To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True
diff --git a/docs/queries/ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43.md b/docs/queries/ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43.md
index a3d8357073f..1b88a19b06e 100644
--- a/docs/queries/ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43.md
+++ b/docs/queries/ansible-queries/d7dc9350-74bc-485b-8c85-fed22d276c43.md
@@ -1,5 +1,5 @@
---
-title: Communication over HTTP
+title: Communication Over HTTP In Defaults
hide:
toc: true
navigation: true
@@ -16,12 +16,12 @@ hide:
- **Query id:** d7dc9350-74bc-485b-8c85-fed22d276c43
-- **Query name:** Communication over HTTP
+- **Query name:** Communication Over HTTP In Defaults
- **Platform:** Ansible
- **Severity:** Medium
- **Category:** Insecure Configurations
- **CWE:** 319
-- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/communication_over_http)
+- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/config/communication_over_http_in_defaults)
### Description
Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
diff --git a/docs/queries/dockerfile-queries/67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae.md b/docs/queries/dockerfile-queries/67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae.md
index eee035c2489..4109c2b551b 100644
--- a/docs/queries/dockerfile-queries/67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae.md
+++ b/docs/queries/dockerfile-queries/67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae.md
@@ -24,7 +24,7 @@ hide:
- **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/dockerfile/last_user_is_root)
### Description
-Leaving the last user as root can cause security risks. Change to another user after running the commands the need privileges
+Leaving the last user as root can cause security risks. Change to another user after running the commands that need privileges
[Documentation](https://docs.docker.com/engine/reference/builder/#user)
### Code samples
diff --git a/docs/queries/terraform-queries.md b/docs/queries/terraform-queries.md
index 9e6e8c0a752..ef526f5e04b 100644
--- a/docs/queries/terraform-queries.md
+++ b/docs/queries/terraform-queries.md
@@ -398,8 +398,8 @@ Below are listed queries related to Terraform AWS:
|DynamoDB Table Point In Time Recovery Disabled
741f1291-47ac-4a85-a07b-3d32a9d6bd3e|Info|Best Practices|Query details
Documentation
|
|EC2 Not EBS Optimized
60224630-175a-472a-9e23-133827040766|Info|Best Practices|Query details
Documentation
|
|Resource Not Using Tags
e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10|Info|Best Practices|Query details
Documentation
|
-|Security Group Rule Without Description
cb3f5ed6-0d18-40de-a93d-b3538db31e8c|Info|Best Practices|Query details
Documentation
|
|Security Group Rule Without Description
68eb4bf3-f9bf-463d-b5cf-e029bb446d2e|Info|Best Practices|Query details
Documentation
|
+|Security Group Without Description
cb3f5ed6-0d18-40de-a93d-b3538db31e8c|Info|Best Practices|Query details
Documentation
|
|CloudWatch AWS Organizations Changes Missing Alarm
38b85c45-e772-4de8-a247-69619ca137b3|Info|Observability|Query details
Documentation
|
|CloudWatch Without Retention Period Specified
ef0b316a-211e-42f1-888e-64efe172b755|Info|Observability|Query details
Documentation
|
diff --git a/docs/queries/terraform-queries/aws/cb3f5ed6-0d18-40de-a93d-b3538db31e8c.md b/docs/queries/terraform-queries/aws/cb3f5ed6-0d18-40de-a93d-b3538db31e8c.md
index cd8a4aa9d68..1a48fe5b12e 100644
--- a/docs/queries/terraform-queries/aws/cb3f5ed6-0d18-40de-a93d-b3538db31e8c.md
+++ b/docs/queries/terraform-queries/aws/cb3f5ed6-0d18-40de-a93d-b3538db31e8c.md
@@ -1,5 +1,5 @@
---
-title: Security Group Rule Without Description
+title: Security Group Without Description
hide:
toc: true
navigation: true
@@ -16,7 +16,7 @@ hide:
- **Query id:** cb3f5ed6-0d18-40de-a93d-b3538db31e8c
-- **Query name:** Security Group Rule Without Description
+- **Query name:** Security Group Without Description
- **Platform:** Terraform
- **Severity:** Info
- **Category:** Best Practices
diff --git a/docs/queries/terraform-queries/azure/b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643.md b/docs/queries/terraform-queries/azure/b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643.md
index bed4755cf08..62bc902b749 100644
--- a/docs/queries/terraform-queries/azure/b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643.md
+++ b/docs/queries/terraform-queries/azure/b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643.md
@@ -43,6 +43,21 @@ resource "azurerm_app_service" "positive1" {
}
}
+```
+```tf title="Positive test num. 2 - tf file" hl_lines="10"
+resource "azurerm_app_service" "positive2" {
+ name = "example-app-service"
+ location = azurerm_resource_group.example.location
+ resource_group_name = azurerm_resource_group.example.name
+ app_service_plan_id = azurerm_app_service_plan.example.id
+
+ site_config {
+ dotnet_framework_version = "v4.0"
+ scm_type = "LocalGit"
+ min_tls_version = 1.2
+ }
+}
+
```
@@ -57,7 +72,7 @@ resource "azurerm_app_service" "negative1" {
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
- min_tls_version = 1.2
+ min_tls_version = 1.3
}
}
diff --git a/e2e/fixtures/schemas/result.json b/e2e/fixtures/schemas/result.json
index 80a3cdbd1c5..4d61250ea22 100644
--- a/e2e/fixtures/schemas/result.json
+++ b/e2e/fixtures/schemas/result.json
@@ -81,7 +81,7 @@
},
"query_id": {
"type": "string",
- "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12}$"
+ "pattern": "^(?[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12})|(?(t:|p:|a:)(\\d{1,20}))$"
},
"query_url": {
"type": "string",
diff --git a/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go b/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go
new file mode 100644
index 00000000000..dccdf43fe8b
--- /dev/null
+++ b/e2e/testcases/e2e-cli-098_include_ids_with_new_queryid_validation.go
@@ -0,0 +1,31 @@
+package testcases
+
+// E2E-CLI-098
+// should perform the scan successfully and return exit code 50
+// this test sample contains a different query_id
+// that is not a UUID, but contains a prefix ('t:', 'p:', or 'a:') + uint64
+func init() { //nolint
+ testSample := TestCase{
+ Name: "should perform a valid scan and return one HIGH result [E2E-CLI-098]",
+ Args: args{
+ Args: []cmdArgs{
+ []string{"scan", "-o", "/path/e2e/output",
+ "--output-name", "E2E_CLI_098_RESULT",
+ "-q", "\"/path/test/fixtures/new_queryid_validation\"",
+ "-p", "\"/path/test/fixtures/new_queryid_validation/Dockerfile\"",
+ // QueryID 'a:123' does not exist, however, since the first one does, it should perform the scan successfully
+ "-i", "t:8820143918834007824,a:123",
+ },
+ },
+ ExpectedResult: []ResultsValidation{
+ {
+ ResultsFile: "E2E_CLI_098_RESULT",
+ ResultsFormats: []string{"json"},
+ },
+ },
+ },
+ WantStatus: []int{50},
+ }
+
+ Tests = append(Tests, testSample)
+}
diff --git a/e2e/utils/helper.go b/e2e/utils/helper.go
index fb39e28b360..4a277f5e435 100644
--- a/e2e/utils/helper.go
+++ b/e2e/utils/helper.go
@@ -1,6 +1,7 @@
package utils
import (
+ "fmt"
"os"
"os/exec"
"path/filepath"
@@ -96,6 +97,7 @@ func runKicsDocker(kicsArgs []string, descriptionServer, kicsDockerImage string)
}
baseDir := filepath.Dir(cwd)
dockerArgs := []string{"run", "-e", descriptionServer, "--add-host=host.docker.internal:host-gateway",
+ "--user", fmt.Sprintf("%d:%d", os.Getuid(), os.Getgid()),
"-v", baseDir + ":/path", kicsDockerImage}
completeArgs := append(dockerArgs, kicsArgs...) //nolint
return "docker", completeArgs
diff --git a/go.mod b/go.mod
index 4f1ce661f55..fa96a0e41ba 100644
--- a/go.mod
+++ b/go.mod
@@ -2,30 +2,20 @@ module github.com/Checkmarx/kics/v2
go 1.23.1
-replace (
- github.com/containerd/containerd => github.com/containerd/containerd v1.6.26
- github.com/docker/cli => github.com/docker/cli v20.10.12+incompatible
- github.com/jung-kurt/gofpdf => github.com/jung-kurt/gofpdf v1.16.3-0.20210918000319-0c885ad36193 // indirect
- github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
- github.com/spf13/afero => github.com/spf13/afero v1.2.2
- golang.org/x/crypto => golang.org/x/crypto v0.21.1-0.20240404165943-d042a396a6de // indirect
- google.golang.org/protobuf => google.golang.org/protobuf v1.33.0 // indirect
-)
-
require (
code.cloudfoundry.org/bytefmt v0.0.0-20240604172014-5a751eb643b0
github.com/BurntSushi/toml v1.4.0
github.com/agnivade/levenshtein v1.1.1
github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0
github.com/antlr4-go/antlr/v4 v4.13.1
- github.com/aws/aws-sdk-go-v2 v1.27.1
+ github.com/aws/aws-sdk-go-v2 v1.30.3
github.com/bigkevmcd/go-configparser v0.0.0-20230427073640-c6b631f70126
github.com/cheggaaa/pb/v3 v3.1.5
github.com/emicklei/proto v1.13.2
- github.com/getsentry/sentry-go v0.28.2-0.20240729102758-eb05e4b3014c
+ github.com/getsentry/sentry-go v0.31.2-0.20250102155933-f2d4348b0508
github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1
github.com/golang/mock v1.6.0
- github.com/google/pprof v0.0.0-20240528025155-186aa0362fba
+ github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db
github.com/google/uuid v1.6.0
github.com/gookit/color v1.5.4
github.com/hashicorp/go-getter v1.7.5
@@ -34,7 +24,7 @@ require (
github.com/hashicorp/terraform-json v0.22.1
github.com/johnfercher/maroto v1.0.0
github.com/mackerelio/go-osstat v0.2.5
- github.com/moby/buildkit v0.15.1-0.20240730223335-bc92b63b98aa
+ github.com/moby/buildkit v0.18.1-0.20250114211737-dd069229019d
github.com/open-policy-agent/opa v0.68.0
github.com/pkg/errors v0.9.1
github.com/relex/aini v1.6.0
@@ -43,33 +33,35 @@ require (
github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.19.0
- github.com/stretchr/testify v1.9.0
+ github.com/stretchr/testify v1.10.0
github.com/tdewolff/minify/v2 v2.20.32
github.com/tidwall/gjson v1.17.1
github.com/xeipuuv/gojsonschema v1.2.0
github.com/yargevad/filepathx v1.0.0
github.com/zclconf/go-cty v1.14.4
- golang.org/x/net v0.28.0
- golang.org/x/text v0.17.0
- golang.org/x/tools v0.22.0
+ golang.org/x/net v0.34.0
+ golang.org/x/text v0.21.0
+ golang.org/x/tools v0.26.0
gopkg.in/yaml.v3 v3.0.1
- helm.sh/helm/v3 v3.16.1
+ helm.sh/helm/v3 v3.17.0
mvdan.cc/sh/v3 v3.8.0
)
require (
cloud.google.com/go v0.112.1 // indirect
- cloud.google.com/go/compute/metadata v0.3.0 // indirect
+ cloud.google.com/go/compute/metadata v0.5.0 // indirect
cloud.google.com/go/iam v1.1.6 // indirect
cloud.google.com/go/storage v1.38.0 // indirect
dario.cat/mergo v1.0.1 // indirect
- github.com/Microsoft/hcsshim v0.12.5 // indirect
+ github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/aws/aws-sdk-go v1.44.295 // indirect
- github.com/aws/smithy-go v1.20.2 // indirect
+ github.com/aws/smithy-go v1.20.3 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
+ github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/log v0.1.0 // indirect
- github.com/containerd/typeurl/v2 v2.1.1 // indirect
+ github.com/containerd/platforms v1.0.0-rc.1 // indirect
+ github.com/containerd/typeurl/v2 v2.2.3 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -88,6 +80,7 @@ require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.6.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@@ -96,19 +89,19 @@ require (
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.opencensus.io v0.24.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
- go.opentelemetry.io/otel v1.28.0 // indirect
- go.opentelemetry.io/otel/metric v1.28.0 // indirect
- go.opentelemetry.io/otel/sdk v1.28.0 // indirect
- go.opentelemetry.io/otel/trace v1.28.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect
+ go.opentelemetry.io/otel v1.31.0 // indirect
+ go.opentelemetry.io/otel/metric v1.31.0 // indirect
+ go.opentelemetry.io/otel/sdk v1.31.0 // indirect
+ go.opentelemetry.io/otel/trace v1.31.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
- golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect
- golang.org/x/mod v0.18.0 // indirect
+ golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
+ golang.org/x/mod v0.21.0 // indirect
google.golang.org/api v0.171.0 // indirect
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
)
@@ -128,26 +121,26 @@ require (
github.com/boombuler/barcode v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
- github.com/containerd/containerd v1.7.21 // indirect
- github.com/cyphar/filepath-securejoin v0.3.1 // indirect
+ github.com/containerd/containerd v1.7.24 // indirect
+ github.com/cyphar/filepath-securejoin v0.3.6 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
- github.com/docker/cli v27.1.1+incompatible // indirect
+ github.com/docker/cli v27.5.0+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
- github.com/docker/docker v27.1.1+incompatible // indirect
+ github.com/docker/docker v27.5.0+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.2 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
- github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
+ github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/fatih/color v1.17.0 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
- github.com/go-openapi/jsonpointer v0.19.6 // indirect
+ github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
- github.com/go-openapi/swag v0.22.4 // indirect
+ github.com/go-openapi/swag v0.23.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
@@ -157,18 +150,17 @@ require (
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/gosuri/uitable v0.0.4 // indirect
- github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
+ github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-version v1.7.0 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
- github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jmoiron/sqlx v1.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/jung-kurt/gofpdf v1.16.3-0.20210918000319-0c885ad36193 // indirect
- github.com/klauspost/compress v1.17.9 // indirect
+ github.com/klauspost/compress v1.17.11 // indirect
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
github.com/lib/pq v1.10.9 // indirect
@@ -184,7 +176,7 @@ require (
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/locker v1.0.1 // indirect
- github.com/moby/spdystream v0.4.0 // indirect
+ github.com/moby/spdystream v0.5.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -195,13 +187,13 @@ require (
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.20.2 // indirect
+ github.com/prometheus/client_golang v1.20.5 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
- github.com/rubenv/sql-migrate v1.7.0 // indirect
+ github.com/rubenv/sql-migrate v1.7.1 // indirect
github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
github.com/shopspring/decimal v1.4.0 // indirect
@@ -218,34 +210,33 @@ require (
github.com/xlab/treeprint v1.2.0 // indirect
github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
github.com/yashtewari/glob-intersection v0.2.0 // indirect
- go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
- golang.org/x/crypto v0.26.0 // indirect
- golang.org/x/oauth2 v0.21.0 // indirect
- golang.org/x/sync v0.8.0 // indirect
- golang.org/x/sys v0.23.0 // indirect
- golang.org/x/term v0.23.0 // indirect
- golang.org/x/time v0.6.0 // indirect
- google.golang.org/grpc v1.66.0 // indirect
- google.golang.org/protobuf v1.34.2 // indirect
+ golang.org/x/crypto v0.32.0 // indirect
+ golang.org/x/oauth2 v0.23.0 // indirect
+ golang.org/x/sync v0.10.0 // indirect
+ golang.org/x/sys v0.29.0 // indirect
+ golang.org/x/term v0.28.0 // indirect
+ golang.org/x/time v0.7.0 // indirect
+ google.golang.org/grpc v1.68.1 // indirect
+ google.golang.org/protobuf v1.35.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
- k8s.io/api v0.31.0
- k8s.io/apiextensions-apiserver v0.31.0 // indirect
- k8s.io/apimachinery v0.31.0
- k8s.io/apiserver v0.31.0 // indirect
- k8s.io/cli-runtime v0.31.0 // indirect
- k8s.io/client-go v0.31.0
- k8s.io/component-base v0.31.0 // indirect
+ k8s.io/api v0.32.1
+ k8s.io/apiextensions-apiserver v0.32.1 // indirect
+ k8s.io/apimachinery v0.32.1
+ k8s.io/apiserver v0.32.1 // indirect
+ k8s.io/cli-runtime v0.32.0 // indirect
+ k8s.io/client-go v0.32.1
+ k8s.io/component-base v0.32.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
- k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
- k8s.io/kubectl v0.31.0 // indirect
- k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
+ k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+ k8s.io/kubectl v0.32.0 // indirect
+ k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
oras.land/oras-go v1.2.5 // indirect
sigs.k8s.io/controller-runtime v0.14.6
- sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/kustomize/api v0.17.2 // indirect
- sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+ sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+ sigs.k8s.io/kustomize/api v0.18.0 // indirect
+ sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
diff --git a/go.sum b/go.sum
index faf6db7b0da..5b66a6dacef 100644
--- a/go.sum
+++ b/go.sum
@@ -68,8 +68,8 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz
cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
-cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
-cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
+cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4=
cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0=
@@ -189,6 +189,8 @@ dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -209,8 +211,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8
github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Microsoft/hcsshim v0.12.5 h1:bpTInLlDy/nDRWFVcefDZZ1+U8tS+rz3MxjKgu9boo0=
-github.com/Microsoft/hcsshim v0.12.5/go.mod h1:tIUGego4G1EN5Hb6KC90aDYiUI2dqLSTTOCjVNpOgZ8=
+github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg=
+github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
@@ -240,10 +242,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go v1.44.295 h1:SGjU1+MqttXfRiWHD6WU0DRhaanJgAFY+xIhEaugV8Y=
github.com/aws/aws-sdk-go v1.44.295/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go-v2 v1.27.1 h1:xypCL2owhog46iFxBKKpBcw+bPTX/RJzwNj8uSilENw=
-github.com/aws/aws-sdk-go-v2 v1.27.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
-github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
+github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
+github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
+github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -294,23 +296,29 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
-github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
-github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.6.26 h1:VVfrE6ZpyisvB1fzoY8Vkiq4sy+i5oF4uk7zu03RaHs=
-github.com/containerd/containerd v1.6.26/go.mod h1:I4TRdsdoo5MlKob5khDJS2EPT1l1oMNaE2MBm6FrwxM=
-github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
-github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
+github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
+github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
+github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA=
+github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
+github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4=
+github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
-github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
-github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containerd/platforms v1.0.0-rc.1 h1:83KIq4yy1erSRgOVHNk1HYdPvzdJ5CnsWaRoJX4C41E=
+github.com/containerd/platforms v1.0.0-rc.1/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4=
+github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40=
+github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE=
-github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc=
+github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
+github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -325,12 +333,12 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB
github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v20.10.12+incompatible h1:lZlz0uzG+GH+c0plStMUdF/qk3ppmgnswpR5EbqzVGA=
-github.com/docker/cli v20.10.12+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvDaFkLctbGM=
+github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY=
-github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.5.0+incompatible h1:um++2NcQtGRTz5eEgO6aJimo6/JxrTXC941hd05JO6U=
+github.com/docker/docker v27.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
@@ -361,8 +369,8 @@ github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lSh
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
-github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
@@ -378,8 +386,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/getsentry/sentry-go v0.28.2-0.20240729102758-eb05e4b3014c h1:RQztYpXOOQULmDrm/1IXZDdeMvxejM1DFqnl3vWbaqY=
-github.com/getsentry/sentry-go v0.28.2-0.20240729102758-eb05e4b3014c/go.mod h1:jhPesDAL0Q0W2+2YEuVOvdWmVtdsr1+jtBrlDEVWwLY=
+github.com/getsentry/sentry-go v0.31.2-0.20250102155933-f2d4348b0508 h1:hVneMLWNL6QWiRvweS1eWgUN5K7kCNfq1a1wAwSuB/s=
+github.com/getsentry/sentry-go v0.31.2-0.20250102155933-f2d4348b0508/go.mod h1:CYNcMMz73YigoHljQRG+qPF+eMq8gG72XcGN/p71BAY=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
@@ -400,13 +408,14 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
-github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -423,8 +432,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4=
-github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
+github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY=
+github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -446,6 +455,10 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
@@ -509,8 +522,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g=
-github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
@@ -547,12 +560,12 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
+github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -581,8 +594,6 @@ github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -603,13 +614,15 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
github.com/jung-kurt/gofpdf v1.16.3-0.20210918000319-0c885ad36193 h1:CayMi+tPSM/E2jT9zBgpgCrLiRkAfV6Vw0qf63NCsfQ=
github.com/jung-kurt/gofpdf v1.16.3-0.20210918000319-0c885ad36193/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -664,14 +677,16 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/moby/buildkit v0.15.1-0.20240730223335-bc92b63b98aa h1:z92Wl4gmPxFt5wL0Stbl9mQ+3iv6x7mcD7niQHhgAYw=
-github.com/moby/buildkit v0.15.1-0.20240730223335-bc92b63b98aa/go.mod h1:CJPmyL9eDzHLepMLptubdQ3uckgHFdhxWR1Idj6YgNo=
+github.com/moby/buildkit v0.18.1-0.20250114211737-dd069229019d h1:jSMnqy0Ce8R3g9M63eafNJ7XljfEdY9yQU944td+0G0=
+github.com/moby/buildkit v0.18.1-0.20250114211737-dd069229019d/go.mod h1:4WYJLet/NI2p1o2rPQ6CIFpyyyvwvPz/TVISmwqqpHI=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
-github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
-github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
-github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
+github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
+github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -688,16 +703,16 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
-github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ=
github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
-github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@@ -713,6 +728,8 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -721,8 +738,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg=
-github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -751,8 +768,8 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
-github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI=
-github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE=
+github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4=
+github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
@@ -778,8 +795,8 @@ github.com/sosedoff/ansible-vault-go v0.2.0/go.mod h1:wMU54HNJfY0n0KIgbpA9m15NBf
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
@@ -805,8 +822,9 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
@@ -870,35 +888,40 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
-go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
-go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw=
-go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
-go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
-go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
-go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
-go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
-go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM=
+go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
+go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 h1:K0XaT3DwHAcV4nKLzcQvwAgSyisUghWoY20I7huthMk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 h1:FFeLy03iVTXP6ffeN2iXrxfGsZGCjVx0/4KlizjyBwU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o=
+go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
+go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
+go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
+go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
+go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
+go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
-go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=
-go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
-golang.org/x/crypto v0.21.1-0.20240404165943-d042a396a6de h1:itp3pUt+FbR0Ua6LmgwmK25AakNF4awMz16+e2+9n8Q=
-golang.org/x/crypto v0.21.1-0.20240404165943-d042a396a6de/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -909,8 +932,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -938,15 +961,15 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
@@ -989,10 +1012,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1018,8 +1039,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri
golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1034,9 +1055,8 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1105,22 +1125,15 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1131,15 +1144,13 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1194,9 +1205,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1369,10 +1379,10 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz
google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
-google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg=
+google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1408,11 +1418,26 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu
google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c=
-google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0=
+google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1435,10 +1460,10 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
-gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
-helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c=
-helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps=
+gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
+helm.sh/helm/v3 v3.17.0 h1:DUD4AGdNVn7PSTYfxe1gmQG7s18QeWv/4jI9TubnhT0=
+helm.sh/helm/v3 v3.17.0/go.mod h1:Mo7eGyKPPHlS0Ml67W8z/lbkox/gD9Xt1XpD6bxvZZA=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1446,28 +1471,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
-k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
-k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
-k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
-k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
-k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
-k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
-k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
-k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
-k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
-k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
-k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
-k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
+k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
+k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
+k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
+k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
+k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
+k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apiserver v0.32.1 h1:oo0OozRos66WFq87Zc5tclUX2r0mymoVHRq8JmR7Aak=
+k8s.io/apiserver v0.32.1/go.mod h1:UcB9tWjBY7aryeI5zAgzVJB/6k7E97bkr1RgqDz0jPw=
+k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c=
+k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ=
+k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
+k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
+k8s.io/component-base v0.32.1 h1:/5IfJ0dHIKBWysGV0yKTFfacZ5yNV1sulPh3ilJjRZk=
+k8s.io/component-base v0.32.1/go.mod h1:j1iMMHi/sqAHeG5z+O9BFNCF698a1u0186zkjMZQ28w=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg=
-k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw=
+k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
mvdan.cc/sh/v3 v3.8.0 h1:ZxuJipLZwr/HLbASonmXtcvvC9HXY9d2lXZHnKGjFc8=
mvdan.cc/sh/v3 v3.8.0/go.mod h1:w04623xkgBVo7/IUK89E0g8hBykgEpN0vgOj3RJr6MY=
oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
@@ -1477,13 +1502,13 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/controller-runtime v0.14.6 h1:oxstGVvXGNnMvY7TAESYk+lzr6S3V5VFxQ6d92KcwQA=
sigs.k8s.io/controller-runtime v0.14.6/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
-sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
-sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
-sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
+sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo=
+sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U=
+sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E=
+sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/internal/console/flags/validate.go b/internal/console/flags/validate.go
index 275464f6426..765f3900489 100644
--- a/internal/console/flags/validate.go
+++ b/internal/console/flags/validate.go
@@ -14,8 +14,15 @@ var flagValidationFuncs = flagValidationFuncsMap{
}
func isQueryID(id string) bool {
- re := regexp.MustCompile(`^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$`)
- return re.MatchString(id)
+ uuidRegex := regexp.MustCompile(`^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$`)
+ isQueryID := uuidRegex.MatchString(id)
+ if !isQueryID {
+ // (t:|p:|a:) matches strings starting with 't:', 'p:', or 'a:'
+ // (\d{1,20}) ensures the numeric part has 1 to 20 digits (uint64 validation)
+ cxoneRegex := regexp.MustCompile(`^(t:|p:|a:)(\d{1,20})$`)
+ isQueryID = cxoneRegex.MatchString(id)
+ }
+ return isQueryID
}
func convertSliceToDummyMap(slice []string) map[string]string {
diff --git a/internal/console/flags/validate_test.go b/internal/console/flags/validate_test.go
index 1b8f3934b71..8b5d75d7ea1 100644
--- a/internal/console/flags/validate_test.go
+++ b/internal/console/flags/validate_test.go
@@ -22,6 +22,26 @@ func TestFlags_isQueryID(t *testing.T) {
id: "test",
expected: false,
},
+ {
+ name: "for prefix 't:' should return that query id is valid",
+ id: "t:12345678901234567890",
+ expected: true,
+ },
+ {
+ name: "for prefix 'p:' should return that query id is valid",
+ id: "p:8820143918834007824",
+ expected: true,
+ },
+ {
+ name: "for prefix 'a:' should return that query id is valid",
+ id: "a:8820143918834007824",
+ expected: true,
+ },
+ {
+ name: "should return that query id is invalid because uint exceeds 20 length",
+ id: "t:123456789012345678901",
+ expected: false,
+ },
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
diff --git a/pkg/kics/sink_test.go b/pkg/kics/sink_test.go
index b4cfabc80dc..d8119de692b 100644
--- a/pkg/kics/sink_test.go
+++ b/pkg/kics/sink_test.go
@@ -2,7 +2,6 @@ package kics
import (
"encoding/json"
- "regexp"
"testing"
"github.com/Checkmarx/kics/v2/pkg/model"
@@ -125,19 +124,22 @@ func TestKics_prepareDocument(t *testing.T) {
func TestKics_resolveCRLFFile(t *testing.T) {
tests := []struct {
- name string
- body string
+ name string
+ body string
+ expected string
}{
{
- name: "CRLF File 1",
- body: "Resources:\r\nDemoSecurityGroup:\r\nType: 'AWS::EC2::SecurityGroup'\r\nProperties:\r\nVpcId: !Ref myVPC\r\nGroupDescription: Ports open to the world\r\nSecurityGroupIngress:\r\n- Description: Allowing port 22 for everyone\r\nIpProtocol: tcp\r\nFromPort: 22\r\nToPort: 22\r\nCidrIp: \"0.0.0.0/0\"\r\n# kics-scan ignore-block\r\n- Description: Allowing port 80 for everyone\r\nIpProtocol: tcp\r\nFromPort: 80\r\nToPort: 80\r\nCidrIp: \"0.0.0.0/0\"",
+ name: "CRLF File should not contain '\\r'",
+ body: "Resources:\r\nDemoSecurityGroup:\r\nType: 'AWS::EC2::SecurityGroup'\r\nProperties:\r\nVpcId: !Ref myVPC\r\nGroupDescription: Ports open to the world\r\nSecurityGroupIngress:\r\n- Description: Allowing port 22 for everyone\r\nIpProtocol: tcp\r\nFromPort: 22\r\nToPort: 22\r\nCidrIp: \"0.0.0.0/0\"\r\n# kics-scan ignore-block\r\n- Description: Allowing port 80 for everyone\r\nIpProtocol: tcp\r\nFromPort: 80\r\nToPort: 80\r\nCidrIp: \"0.0.0.0/0\"",
+ expected: "Resources:\nDemoSecurityGroup:\nType: 'AWS::EC2::SecurityGroup'\nProperties:\nVpcId: !Ref myVPC\nGroupDescription: Ports open to the world\nSecurityGroupIngress:\n- Description: Allowing port 22 for everyone\nIpProtocol: tcp\nFromPort: 22\nToPort: 22\nCidrIp: \"0.0.0.0/0\"\n# kics-scan ignore-block\n- Description: Allowing port 80 for everyone\nIpProtocol: tcp\nFromPort: 80\nToPort: 80\nCidrIp: \"0.0.0.0/0\"",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
resolved := resolveCRLFFile([]byte(tt.body))
- require.NotRegexp(t, regexp.MustCompile("[\r\n]"), resolved, tt.name+" is matching with [\\r\\n] regexp")
+ require.Equal(t, tt.expected, string(resolved), "Resolved content does not match expected output")
+ require.NotContains(t, string(resolved), "\r", "Resolved content contains '\\r'")
})
}
}
diff --git a/test/fixtures/new_queryid_validation/Dockerfile b/test/fixtures/new_queryid_validation/Dockerfile
new file mode 100644
index 00000000000..09c9ccaca40
--- /dev/null
+++ b/test/fixtures/new_queryid_validation/Dockerfile
@@ -0,0 +1,3 @@
+FROM alpine:2.6
+USER guest
+RUN npm install
\ No newline at end of file
diff --git a/test/fixtures/new_queryid_validation/metadata.json b/test/fixtures/new_queryid_validation/metadata.json
new file mode 100644
index 00000000000..622648602b0
--- /dev/null
+++ b/test/fixtures/new_queryid_validation/metadata.json
@@ -0,0 +1,12 @@
+{
+ "id": "t:8820143918834007824",
+ "queryName": "Last User Is 'guest'",
+ "severity": "HIGH",
+ "category": "Best Practices",
+ "descriptionText": "Leaving the last user as guest can cause security risks. Change to another user after running the commands that need privileges",
+ "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#user",
+ "platform": "Dockerfile",
+ "descriptionID": "f445bd25",
+ "cwe": "250",
+ "oldSeverity": "MEDIUM"
+}
\ No newline at end of file
diff --git a/test/fixtures/new_queryid_validation/query.rego b/test/fixtures/new_queryid_validation/query.rego
new file mode 100644
index 00000000000..36e6b8bb9a8
--- /dev/null
+++ b/test/fixtures/new_queryid_validation/query.rego
@@ -0,0 +1,19 @@
+package Cx
+
+import data.generic.dockerfile as dockerLib
+
+CxPolicy[result] {
+ resource := input.document[i].command[name]
+ dockerLib.check_multi_stage(name, input.document[i].command)
+
+ userCmd := [x | resource[j].Cmd == "user"; x := resource[j]]
+ userCmd[minus(count(userCmd), 1)].Value[0] == "guest"
+
+ result := {
+ "documentId": input.document[i].id,
+ "searchKey": sprintf("FROM={{%s}}.{{%s}}", [name, userCmd[minus(count(userCmd), 1)].Original]),
+ "issueType": "IncorrectValue",
+ "keyExpectedValue": "Last User shouldn't be guest",
+ "keyActualValue": "Last User is guest",
+ }
+}
