From 03b1821bd9ea9768a959cc8a2e2f40d5e96bdf60 Mon Sep 17 00:00:00 2001 From: Bruno Silva <73999905+cx-bruno-silva@users.noreply.github.com> Date: Wed, 4 Mar 2026 11:32:27 +0000 Subject: [PATCH 1/5] Update kics version from 2.1.19 to 2.1.20 (AST-138810) --- internal/commands/scan.go | 2 +- internal/commands/util/remediation.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 9f3ecba7e..47de5b3fa 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -64,7 +64,7 @@ const ( containerVolumeFlag = "-v" containerNameFlag = "--name" containerRemove = "--rm" - containerImage = "checkmarx/kics:v2.1.19" + containerImage = "checkmarx/kics:v2.1.20" containerScan = "scan" containerScanPathFlag = "-p" containerScanPath = "/path" diff --git a/internal/commands/util/remediation.go b/internal/commands/util/remediation.go index b762108d8..7322a5fa8 100644 --- a/internal/commands/util/remediation.go +++ b/internal/commands/util/remediation.go @@ -27,7 +27,7 @@ const ( filesContainerVolume = ":/files" resultsContainerLocation = "/kics/" containerRemove = "--rm" - ContainerImage = "checkmarx/kics:v2.1.19" + ContainerImage = "checkmarx/kics:v2.1.20" containerNameFlag = "--name" remediateCommand = "remediate" resultsFlag = "--results" From 9ae5ad74c13644a928cfd3061c4fd22bb89dc583 Mon Sep 17 00:00:00 2001 From: Bruno Silva <73999905+cx-bruno-silva@users.noreply.github.com> Date: Thu, 5 Mar 2026 11:49:15 +0000 Subject: [PATCH 2/5] Update trivy action to version v0.34.2 --- .github/workflows/ci-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index 9ee25c073..af5ad5120 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -167,7 +167,7 @@ jobs: - name: Build Docker image run: docker build -t ast-cli:${{ github.sha }} . - name: Run Trivy scanner without downloading DBs - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 #v0.28.0 + uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 #v0.34.2 with: scan-type: 'image' image-ref: ast-cli:${{ github.sha }} From 0609328fc76a31fe6e8874a6613e856f4d1c9fc5 Mon Sep 17 00:00:00 2001 From: Bruno Silva <73999905+cx-bruno-silva@users.noreply.github.com> Date: Thu, 5 Mar 2026 17:16:33 +0000 Subject: [PATCH 3/5] Update checkmarx/bash version on dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5f6c76486..51fa2dc04 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM checkmarx/bash:5.2.37-r33-812e1f54f671f5@sha256:812e1f54f671f5678f647d7762f61521a967ff1f8d376d9f38a9838e0a3659a3 +FROM checkmarx/bash:5.3-r5-98621acba7807a@sha256:98621acba7807a4e128f3e00aba3987e4f659ff352191f79cdbaa7f8a32cfb58 USER nonroot COPY cx /app/bin/cx From 223d03a26efe0f104e93e7f18ffc834764536742 Mon Sep 17 00:00:00 2001 From: Bruno Silva <73999905+cx-bruno-silva@users.noreply.github.com> Date: Thu, 5 Mar 2026 17:25:05 +0000 Subject: [PATCH 4/5] retrigger checks From 30661e427aa709f4879c3557149e2a94359676e7 Mon Sep 17 00:00:00 2001 From: Bruno Silva <73999905+cx-bruno-silva@users.noreply.github.com> Date: Thu, 5 Mar 2026 17:44:47 +0000 Subject: [PATCH 5/5] Update github.com/docker/cli to version 29.2.0 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 1700fc5b2..496beb980 100644 --- a/go.mod +++ b/go.mod @@ -114,7 +114,7 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v29.0.3+incompatible // indirect + github.com/docker/cli v29.2.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v28.5.2+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect diff --git a/go.sum b/go.sum index 9f86bb87c..8f1c4c936 100644 --- a/go.sum +++ b/go.sum @@ -299,6 +299,8 @@ github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxK github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/docker/cli v29.0.3+incompatible h1:8J+PZIcF2xLd6h5sHPsp5pvvJA+Sr2wGQxHkRl53a1E= github.com/docker/cli v29.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM= +github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=