admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): Update defsec to v0.92.0 (#5068)

Browse Source 
* chore(deps): Update defsec to v0.92.0

* update tests

* update integration tests
This commit is contained in:
simar7
2023-08-30 14:43:08 -06:00
committed by GitHub
parent d4ca3cce21
commit 07f7e9853b
6 changed files with 125 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
go.mod
View File

@@ -13,7 +13,7 @@ require (
github.com/NYTimes/gziphandler v1.1.1
github.com/alicebob/miniredis/v2 v2.30.4
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.91.1
github.com/aquasecurity/defsec v0.92.0
github.com/aquasecurity/go-dep-parser v0.0.0-20230828120518-ef5e9409fc43
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
@@ -266,7 +266,7 @@ require (
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/hcl/v2 v2.14.1 // indirect
github.com/hashicorp/hcl/v2 v2.17.0 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -348,8 +348,8 @@ require (
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/yashtewari/glob-intersection v0.1.0 // indirect
github.com/yuin/gopher-lua v1.1.0 // indirect
github.com/zclconf/go-cty v1.10.0 // indirect
github.com/zclconf/go-cty-yaml v1.0.2 // indirect
github.com/zclconf/go-cty v1.13.0 // indirect
github.com/zclconf/go-cty-yaml v1.0.3 // indirect
go.mongodb.org/mongo-driver v1.11.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/otel v1.14.0 // indirect
@@ -373,10 +373,10 @@ require (
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
helm.sh/helm/v3 v3.12.1 // indirect
k8s.io/apiextensions-apiserver v0.27.2 // indirect
helm.sh/helm/v3 v3.12.3 // indirect
k8s.io/apiextensions-apiserver v0.27.3 // indirect
k8s.io/apimachinery v0.28.0 // indirect
k8s.io/apiserver v0.27.2 // indirect
k8s.io/apiserver v0.27.3 // indirect
k8s.io/cli-runtime v0.28.0 // indirect
k8s.io/client-go v0.28.0 // indirect
k8s.io/component-base v0.28.0 // indirect
@@ -392,7 +392,7 @@ require (
modernc.org/opt v0.1.3 // indirect
modernc.org/strutil v1.1.3 // indirect
modernc.org/token v1.0.1 // indirect
oras.land/oras-go v1.2.2 // indirect
oras.land/oras-go v1.2.3 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect

35
go.sum
View File

@@ -318,18 +318,17 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=
github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.91.1 h1:dBIPm6Tva9I+ZTQv+6t9wob3ZlMSu8NFqMJr4mgJC5A=
github.com/aquasecurity/defsec v0.91.1/go.mod h1:l/srzxtuuyb6c6FlqUvMp3xw2ZbvuZ0l9972MNJM7V8=
github.com/aquasecurity/defsec v0.92.0 h1:cls2JJSQ+vb06Qh2XjnODIRfZbrTGBkBQnjgC6R5+vA=
github.com/aquasecurity/defsec v0.92.0/go.mod h1:uZIC1NjU5R49619WvZOlhWRpCEf/7KD3Lm8nDKRjq+o=
github.com/aquasecurity/go-dep-parser v0.0.0-20230828120518-ef5e9409fc43 h1:/F4aNnwyFNyAemjKtHznfRdeWUEENOZYOnx+smPPpAE=
github.com/aquasecurity/go-dep-parser v0.0.0-20230828120518-ef5e9409fc43/go.mod h1:0+GvQF0gL4YEAAUPpNeLeGpFDxMvvIHLMd7vk9bpwko=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg=
github.com/aquasecurity/go-mock-aws v0.0.0-20230810212901-d6feebd39060 h1:V7nC90NpRDEubNpNEgRDtTfLH3RKQlZeY9/HSqxEze8=
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc=
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798/go.mod h1:hxbJZtKlO4P8sZ9nztizR6XLoE33O+BkPmuYQ4ACyz0=
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 h1:vmXNl+HDfqqXgr0uY1UgK1GAhps8nbAAtqHNBcgyf+4=
@@ -969,7 +968,6 @@ github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71
github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -1138,8 +1136,8 @@ github.com/hashicorp/golang-lru/v2 v2.0.2 h1:Dwmkdr5Nc/oBiXgJS3CDHNhJtIHkuZ3DZF5
github.com/hashicorp/golang-lru/v2 v2.0.2/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/hcl/v2 v2.14.1 h1:x0BpjfZ+CYdbiz+8yZTQ+gdLO7IXvOut7Da+XJayx34=
github.com/hashicorp/hcl/v2 v2.14.1/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0=
github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY=
github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
@@ -1236,7 +1234,6 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
@@ -1691,7 +1688,6 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
@@ -1733,11 +1729,11 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
github.com/zclconf/go-cty-yaml v1.0.2 h1:dNyg4QLTrv2IfJpm7Wtxi55ed5gLGOlPrZ6kMd51hY0=
github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
github.com/zclconf/go-cty v1.13.0 h1:It5dfKTTZHe9aeppbNOda3mN7Ag7sg6QkBNm6TkyFa0=
github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
github.com/zclconf/go-cty-yaml v1.0.3 h1:og/eOQ7lvA/WWhHGFETVWNduJM7Rjsv2RRpx1sdFMLc=
github.com/zclconf/go-cty-yaml v1.0.3/go.mod h1:9YLUH4g7lOhVWqUbctnVlZ5KLpg7JAprQNgxSZ1Gyxs=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
@@ -1857,7 +1853,6 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -2509,8 +2504,8 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
helm.sh/helm/v3 v3.12.1 h1:lzU7etZX24A6BTMXYQF3bFq0ECfD8s+fKlNBBL8AbEc=
helm.sh/helm/v3 v3.12.1/go.mod h1:qhmSY9kcX7yH1xebe+FDMZa7E5NAeZ+LvK5j1gSln48=
helm.sh/helm/v3 v3.12.3 h1:5y1+Sbty12t48T/t/CGNYUIME5BJ0WKfmW/sobYqkFg=
helm.sh/helm/v3 v3.12.3/go.mod h1:KPKQiX9IP5HX7o5YnnhViMnNuKiL/lJBVQ47GHe1R0k=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2523,8 +2518,8 @@ k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
k8s.io/api v0.28.0 h1:3j3VPWmN9tTDI68NETBWlDiA9qOiGJ7sdKeufehBYsM=
k8s.io/api v0.28.0/go.mod h1:0l8NZJzB0i/etuWnIXcwfIv+xnDOhL3lLW919AWYDuY=
k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
k8s.io/apiextensions-apiserver v0.27.3 h1:xAwC1iYabi+TDfpRhxh4Eapl14Hs2OftM2DN5MpgKX4=
k8s.io/apiextensions-apiserver v0.27.3/go.mod h1:BH3wJ5NsB9XE1w+R6SSVpKmYNyIiyIz9xAmBl8Mb+84=
k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
@@ -2533,8 +2528,8 @@ k8s.io/apimachinery v0.28.0/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEv
k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
k8s.io/apiserver v0.27.3 h1:AxLvq9JYtveYWK+D/Dz/uoPCfz8JC9asR5z7+I/bbQ4=
k8s.io/apiserver v0.27.3/go.mod h1:Y61+EaBMVWUBJtxD5//cZ48cHZbQD+yIyV/4iEBhhNA=
k8s.io/cli-runtime v0.28.0 h1:Tcz1nnccXZDNIzoH6EwjCs+7ezkUGhorzCweEvlVOFg=
k8s.io/cli-runtime v0.28.0/go.mod h1:U+ySmOKBm/JUCmebhmecXeTwNN1RzI7DW4+OM8Oryas=
k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=

40
integration/testdata/helm.json.golden vendored
View File

@@ -20,8 +20,8 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 146,
"Failures": 4,
"Successes": 151,
"Failures": 5,
"Exceptions": 0
},
"Misconfigurations": [
@@ -149,7 +149,7 @@
"ID": "KSV030",
"AVDID": "AVD-KSV-0030",
"Title": "Runtime/Default Seccomp profile not set",
"Description": "The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.",
"Description": "According to pod security standard 'Seccomp', the RuntimeDefault seccomp profile must be required, or allow specific additional profiles.",
"Message": "Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'",
"Namespace": "builtin.kubernetes.KSV030",
"Query": "data.builtin.kubernetes.KSV030.deny",
@@ -268,11 +268,11 @@
"ID": "KSV104",
"AVDID": "AVD-KSV-0104",
"Title": "Seccomp policies disabled",
"Description": "Seccomp profile must not be explicitly set to 'Unconfined'.",
"Description": "A program inside the container can bypass Seccomp protection policies.",
"Message": "container testchart of deployment testchart in default namespace should specify a seccomp profile",
"Namespace": "builtin.kubernetes.KSV104",
"Query": "data.builtin.kubernetes.KSV104.deny",
"Resolution": "Do not set seccomp profile to 'Unconfined'",
"Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards",
"Severity": "MEDIUM",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv104",
"References": [
@@ -314,6 +314,32 @@
"Lines": null
}
}
},
{
"Type": "Helm Security Check",
"ID": "KSV117",
"AVDID": "AVD-KSV-0117",
"Title": "Prevent binding to privileged ports",
"Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.",
"Message": "deployment testchart in default namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024",
"Namespace": "builtin.kubernetes.KSV117",
"Query": "data.builtin.kubernetes.KSV117.deny",
"Resolution": "Do not map the container ports to privileged host ports when starting a container.",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
"References": [
"https://kubernetes.io/docs/concepts/security/pod-security-standards/",
"https://avd.aquasec.com/misconfig/ksv117"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Kubernetes",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
},
@@ -322,7 +348,7 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 149,
"Successes": 155,
"Failures": 1,
"Exceptions": 0
},
@@ -360,7 +386,7 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 149,
"Successes": 155,
"Failures": 1,
"Exceptions": 0
},

40
integration/testdata/helm_testchart.json.golden vendored
View File

@@ -20,8 +20,8 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 146,
"Failures": 4,
"Successes": 151,
"Failures": 5,
"Exceptions": 0
},
"Misconfigurations": [
@@ -149,7 +149,7 @@
"ID": "KSV030",
"AVDID": "AVD-KSV-0030",
"Title": "Runtime/Default Seccomp profile not set",
"Description": "The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.",
"Description": "According to pod security standard 'Seccomp', the RuntimeDefault seccomp profile must be required, or allow specific additional profiles.",
"Message": "Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'",
"Namespace": "builtin.kubernetes.KSV030",
"Query": "data.builtin.kubernetes.KSV030.deny",
@@ -268,11 +268,11 @@
"ID": "KSV104",
"AVDID": "AVD-KSV-0104",
"Title": "Seccomp policies disabled",
"Description": "Seccomp profile must not be explicitly set to 'Unconfined'.",
"Description": "A program inside the container can bypass Seccomp protection policies.",
"Message": "container testchart of deployment testchart in default namespace should specify a seccomp profile",
"Namespace": "builtin.kubernetes.KSV104",
"Query": "data.builtin.kubernetes.KSV104.deny",
"Resolution": "Do not set seccomp profile to 'Unconfined'",
"Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards",
"Severity": "MEDIUM",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv104",
"References": [
@@ -314,6 +314,32 @@
"Lines": null
}
}
},
{
"Type": "Helm Security Check",
"ID": "KSV117",
"AVDID": "AVD-KSV-0117",
"Title": "Prevent binding to privileged ports",
"Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.",
"Message": "deployment testchart in default namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024",
"Namespace": "builtin.kubernetes.KSV117",
"Query": "data.builtin.kubernetes.KSV117.deny",
"Resolution": "Do not map the container ports to privileged host ports when starting a container.",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
"References": [
"https://kubernetes.io/docs/concepts/security/pod-security-standards/",
"https://avd.aquasec.com/misconfig/ksv117"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Kubernetes",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
},
@@ -322,7 +348,7 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 149,
"Successes": 155,
"Failures": 1,
"Exceptions": 0
},
@@ -360,7 +386,7 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 149,
"Successes": 155,
"Failures": 1,
"Exceptions": 0
},

40
integration/testdata/helm_testchart.overridden.json.golden vendored
View File

@@ -20,8 +20,8 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 144,
"Failures": 6,
"Successes": 149,
"Failures": 7,
"Exceptions": 0
},
"Misconfigurations": [
@@ -268,7 +268,7 @@
"ID": "KSV030",
"AVDID": "AVD-KSV-0030",
"Title": "Runtime/Default Seccomp profile not set",
"Description": "The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.",
"Description": "According to pod security standard 'Seccomp', the RuntimeDefault seccomp profile must be required, or allow specific additional profiles.",
"Message": "Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'",
"Namespace": "builtin.kubernetes.KSV030",
"Query": "data.builtin.kubernetes.KSV030.deny",
@@ -387,11 +387,11 @@
"ID": "KSV104",
"AVDID": "AVD-KSV-0104",
"Title": "Seccomp policies disabled",
"Description": "Seccomp profile must not be explicitly set to 'Unconfined'.",
"Description": "A program inside the container can bypass Seccomp protection policies.",
"Message": "container testchart of deployment testchart in default namespace should specify a seccomp profile",
"Namespace": "builtin.kubernetes.KSV104",
"Query": "data.builtin.kubernetes.KSV104.deny",
"Resolution": "Do not set seccomp profile to 'Unconfined'",
"Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards",
"Severity": "MEDIUM",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv104",
"References": [
@@ -525,6 +525,32 @@
"Lines": null
}
}
},
{
"Type": "Helm Security Check",
"ID": "KSV117",
"AVDID": "AVD-KSV-0117",
"Title": "Prevent binding to privileged ports",
"Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.",
"Message": "deployment testchart in default namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024",
"Namespace": "builtin.kubernetes.KSV117",
"Query": "data.builtin.kubernetes.KSV117.deny",
"Resolution": "Do not map the container ports to privileged host ports when starting a container.",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
"References": [
"https://kubernetes.io/docs/concepts/security/pod-security-standards/",
"https://avd.aquasec.com/misconfig/ksv117"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Kubernetes",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
},
@@ -533,7 +559,7 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 149,
"Successes": 155,
"Failures": 1,
"Exceptions": 0
},
@@ -571,7 +597,7 @@
"Class": "config",
"Type": "helm",
"MisconfSummary": {
"Successes": 149,
"Successes": 155,
"Failures": 1,
"Exceptions": 0
},

78
pkg/cloud/aws/commands/run_test.go
View File

@@ -38,7 +38,7 @@ const expectedS3ScanResult = `{
"Type": "cloud",
"MisconfSummary": {
"Successes": 1,
"Failures": 9,
"Failures": 8,
"Exceptions": 0
},
"Misconfigurations": [
@@ -114,30 +114,6 @@ const expectedS3ScanResult = `{
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0089",
"AVDID": "AVD-AWS-0089",
"Title": "S3 Bucket does not have logging enabled.",
"Description": "Buckets should have logging enabled so that access can be audited.",
"Message": "Bucket does not have logging enabled",
"Resolution": "Add a logging block to the resource to enable access logging",
"Severity": "MEDIUM",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0089",
"References": [
"https://avd.aquasec.com/misconfig/avd-aws-0089"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Resource": "arn:aws:s3:::examplebucket",
"Provider": "aws",
"Service": "s3",
"Code": {
"Lines": null
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0090",
@@ -342,7 +318,7 @@ const expectedCustomScanResult = `{
"Type": "cloud",
"MisconfSummary": {
"Successes": 1,
"Failures": 9,
"Failures": 8,
"Exceptions": 0
},
"Misconfigurations": [
@@ -418,30 +394,6 @@ const expectedCustomScanResult = `{
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0089",
"AVDID": "AVD-AWS-0089",
"Title": "S3 Bucket does not have logging enabled.",
"Description": "Buckets should have logging enabled so that access can be audited.",
"Message": "Bucket does not have logging enabled",
"Resolution": "Add a logging block to the resource to enable access logging",
"Severity": "MEDIUM",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0089",
"References": [
"https://avd.aquasec.com/misconfig/avd-aws-0089"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Resource": "arn:aws:s3:::examplebucket",
"Provider": "aws",
"Service": "s3",
"Code": {
"Lines": null
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0090",
@@ -720,7 +672,7 @@ const expectedS3AndCloudTrailResult = `{
"Type": "cloud",
"MisconfSummary": {
"Successes": 1,
"Failures": 9,
"Failures": 8,
"Exceptions": 0
},
"Misconfigurations": [
@@ -796,30 +748,6 @@ const expectedS3AndCloudTrailResult = `{
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0089",
"AVDID": "AVD-AWS-0089",
"Title": "S3 Bucket does not have logging enabled.",
"Description": "Buckets should have logging enabled so that access can be audited.",
"Message": "Bucket does not have logging enabled",
"Resolution": "Add a logging block to the resource to enable access logging",
"Severity": "MEDIUM",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0089",
"References": [
"https://avd.aquasec.com/misconfig/avd-aws-0089"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Resource": "arn:aws:s3:::examplebucket",
"Provider": "aws",
"Service": "s3",
"Code": {
"Lines": null
}
}
},
{
"Type": "AWS",
"ID": "AVD-AWS-0090",