Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update lacework/lacework-inline-scanner version to latest (0.27.0) #74

Closed
gopkri24 opened this issue Oct 2, 2024 · 5 comments
Closed

feat: update lacework/lacework-inline-scanner version to latest (0.27.0) #74

gopkri24 opened this issue Oct 2, 2024 · 5 comments

Comments

@gopkri24
Copy link

gopkri24 commented Oct 2, 2024

Feature Request

Describe the Feature Request

The Dockerfile used by the composite action currently utilizes inline scanner version 0.23.2, but a newer version 0.27.0 is available.

Is your feature request related to a problem? Please describe

Running the scan using different version gave two different results.

Attempt 1: Use the latest inline scanner version:

docker run \
    -e LW_ACCOUNT_NAME=xxx \
    -e LW_ACCESS_TOKEN=XXXX \
    -v /var/run/docker.sock:/var/run/docker.sock \
    lacework/lacework-inline-scanner:0.27.0 \
    image evaluate xxx/currency-exchange 1.4.0-pr-169.92.1.1

Report: 

-------------------------------------------------------------------------------------------------------+----------------------------------------------
    ID          sha256:blobs/sha256/e8b30aae5943e87cfdaa48dce4e959a49731361fc6bcfd7a6df813a02c39e25a       SEVERITY   COUNT   FIXABLE   EXCEPTIONS
    Digest      sha256:0ea22257084fbe747001ed145f15f912c83c88d40df9b336e06c4b23b2317911                  -----------+-------+---------+-------------
    Registry    xxx                                                                                       Critical       2         2            0
    Repository  currency-exchange:1.4.0-pr-169.92.1.1                                                      High           3         3            0
    Size        318.1 MB                                                                                   Medium        17        13            0
    Created At  2024-09-28T00:25:13.409Z                                                                   Low           16         4            0
    Tags        1.4.0-pr-169.92.1.1                                                                        Info           3         0            0


Attempt 2: Use 0.23.2 inline scanner version which matches with what we have in this repo

docker run \
    -e LW_ACCOUNT_NAME=XXX \
    -e LW_ACCESS_TOKEN=XXXX \
    -v /var/run/docker.sock:/var/run/docker.sock \
    lacework/lacework-inline-scanner:0.23.2 \
    image evaluate xxx/currency-exchange 1.4.0-pr-169.92.1.1

Report:

-------------------------------------------------------------------------------------------------------+----------------------------------------------
    ID          sha256:blobs/sha256/e8b30aae5943e87cfdaa48dce4e959a49731361fc6bcfd7a6df813a02c39e25a       SEVERITY   COUNT   FIXABLE   EXCEPTIONS
    Digest      sha256:0ea22257084fbe747001ed145f15f912c83c88d40df9b336e06c4b23b2317911                  -----------+-------+---------+-------------
    Registry    index.docker.io                                                                            Critical       0         0            0
    Repository  xxx/currency-exchange                                                                     High           0         0            0
    Size        318.1 MB                                                                                   Medium        14        10            0
    Created At  2024-09-28T00:25:13.409Z                                                                   Low           16         4            0
    Tags        1.4.0-pr-169.92.1.1                                                                        Info           3         0            0

Describe Preferred Solution
Update the base docker image here to latest(0.27.0)
@leijin-lw
Copy link
Contributor

leijin-lw commented Oct 2, 2024
edited
Loading

Hi,

I tried to upgrade to 0.27.0 but failed get the right docker image. The 0.27.0 version has less assets than 0.23.2. We will try to figure out inline scanner asset issues first before doing the upgrade

@leijin-lw
Copy link
Contributor

#75 has been merged to main

@gopkri24
Copy link
Author

gopkri24 commented Oct 2, 2024

Thank you guys for the quick response. Really appreciate it!!

@prathamesh16c prathamesh16c mentioned this issue Oct 2, 2024
Merged
@prathamesh16c
Copy link

@leijin-lw It seems like the latest release of v1.4.2 is still unavailable. Please can you address this ?

@leijin-lw
Copy link
Contributor

@prathamesh16c The auto release is not working properly. I manually released v1.4.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@prathamesh16c @gopkri24 @leijin-lw