Merge branch 'master' into kics-748-update-query-metadata

.github/workflows/release-dkr-image.yml

@@ -99,26 +99,6 @@ jobs:
       #    password: ${{ secrets.DOCKER_PASSWORD }}
       #    readme-filepath: docs/dockerhub.md
       #    repository: checkmarx/kics
-      - name: Export Image Digests
-        run: |
-          VERSION=${{ steps.get-version.outputs.version }}
-
-          DIGEST=${{ steps.build_alpine.outputs.digest }}
-          ALPINE_DIGEST=${{ steps.build_alpine.outputs.digest }}
-          DEBIAN_DIGEST=${{ steps.build_debian.outputs.digest }}
-          UBI8_DIGEST=${{ steps.build_ubi8.outputs.digest }}
-
-          echo "${VERSION},${DIGEST}" >> docs/docker/digests.csv
-          echo "${VERSION}-alpine,${ALPINE_DIGEST}" >> docs/docker/digests.csv
-          echo "${VERSION}-debian,${DEBIAN_DIGEST}" >> docs/docker/digests.csv
-          echo "${VERSION}-ubi8,${UBI8_DIGEST}" >> docs/docker/digests.csv
-      - uses: actions/setup-python@v4
-        with:
-          python-version: 3.x
-      - name: Generate .md table
-        run: |
-          pip install csvtomd
-          csvtomd docs/docker/digests.csv > docs/docker/digests.md
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:

.github/workflows/release-docker-github-actions.yaml

@@ -49,20 +49,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Export Image Digests
-        run: |
-          VERSION=${{ github.event.inputs.version }}
-
-          DIGEST=${{ steps.build_gh_action.outputs.digest }}
-
-          echo "${VERSION}-gh-actions,${DIGEST}" >> docs/docker/digests.csv
-      - uses: actions/setup-python@v4
-        with:
-          python-version: 3.x
-      - name: Generate .md table
-        run: |
-          pip install csvtomd
-          csvtomd docs/docker/digests.csv > docs/docker/digests.md
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:

.github/workflows/release-nightly.yml

@@ -196,28 +196,6 @@ jobs:
             VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
             COMMIT=${{ github.sha }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
-      - name: Export Image Digests
-        run: |
-          VERSION=nightly
-
-          COMMIT_SHA8=${{ needs.pre_release_job.outputs.sha8 }}
-          DATE=$(date +'%Y-%m-%d')
-          DIGEST=${{ steps.build_alpine.outputs.digest }}
-          ALPINE_DIGEST=${{ steps.build_alpine.outputs.digest }}
-          DEBIAN_DIGEST=${{ steps.build_debian.outputs.digest }}
-          UBI8_DIGEST=${{ steps.build_ubi8.outputs.digest }}
-
-          echo "scratch,${COMMIT_SHA8},${DATE},${DIGEST}" >> docs/docker/nightly.csv
-          echo "alpine,${COMMIT_SHA8},${DATE},${ALPINE_DIGEST}" >> docs/docker/nightly.csv
-          echo "debian,${COMMIT_SHA8},${DATE},${DEBIAN_DIGEST}" >> docs/docker/nightly.csv
-          echo "ubi8,${COMMIT_SHA8},${DATE},${UBI8_DIGEST}" >> docs/docker/nightly.csv
-      - uses: actions/setup-python@v4
-        with:
-          python-version: 3.x
-      - name: Generate .md table
-        run: |
-          pip install csvtomd
-          csvtomd docs/docker/nightly.csv > docs/docker/nightly.md
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:

assets/queries/dockerfile/npm_install_without_pinned_version/query.rego

@@ -13,7 +13,9 @@ CxPolicy[result] {
 	indexof(currentCmd, installCmd) > -1
 
 	tokens := split(currentCmd, " ")
-	token := tokens[_]
+    refactor_tokens := [x | x := tokens[_]; x != ""]
+
+	token := refactor_tokens[_]
 
 	token != "npm"
 	token != "install"

assets/queries/dockerfile/npm_install_without_pinned_version/test/negative.dockerfile → assets/queries/dockerfile/npm_install_without_pinned_version/test/negative1.dockerfile

@@ -6,3 +6,6 @@ RUN npm install [email protected] | grep fail && npm install sax@latest
 RUN npm install git://github.com/npm/cli.git
 RUN npm install git+ssh://[email protected]:npm/cli#semver:^5.0
 RUN npm install --production --no-cache
+RUN npm config set registry <internal_npm_registry> && \
+    npm install && \
+    npx vite build --mode $VITE_MODE

assets/queries/dockerfile/npm_install_without_pinned_version/test/positive_expected_result.json

@@ -2,36 +2,43 @@
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 2
+    "line": 2,
+    "filename": "positive1.dockerfile"
   },
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 3
+    "line": 3,
+    "filename": "positive1.dockerfile"
   },
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 4
+    "line": 4,
+    "filename": "positive1.dockerfile"
   },
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 5
+    "line": 5,
+    "filename": "positive1.dockerfile"
   },
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 6
+    "line": 6,
+    "filename": "positive1.dockerfile"
   },
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 7
+    "line": 7,
+    "filename": "positive1.dockerfile"
   },
   {
     "queryName": "NPM Install Command Without Pinned Version",
     "severity": "MEDIUM",
-    "line": 8
+    "line": 8,
+    "filename": "positive1.dockerfile"
   }
-]
+]