Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

go upgrading #367

Merged
merged 3 commits into from
May 13, 2024

go upgrading

a43ec5f
Select commit
Loading
Failed to load commit list.
Merged

go upgrading #367

go upgrading
a43ec5f
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Files Analyzer succeeded May 13, 2024 in 1s

DryRun Security

Details

Sensitive Files Analyzer Findings: 7 detected

⚠️ Potential Sensitive File dockerfiles/agent/container/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename dockerfiles/agent/container/Dockerfile
CodeLink
FROM golang:1.22 AS builder
WORKDIR /
COPY ./ ./
⚠️ Potential Sensitive File dockerfiles/agent/git/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename dockerfiles/agent/git/Dockerfile
CodeLink
FROM golang:1.22 AS builder
WORKDIR /
COPY ./ ./
⚠️ Potential Sensitive File dockerfiles/agent/kubviz/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename dockerfiles/agent/kubviz/Dockerfile
CodeLink
# Build the manager binary
FROM golang:1.22 as builder
WORKDIR /workspace
# Copy the Go Modules manifests
⚠️ Potential Sensitive File dockerfiles/client/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename dockerfiles/client/Dockerfile
CodeLink
# Build the manager binary
FROM golang:1.22 as builder
WORKDIR /workspace
# Copy the Go Modules manifests
⚠️ Potential Sensitive File dockerfiles/migration/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename dockerfiles/migration/Dockerfile
CodeLink
FROM golang:1.22 as builder
WORKDIR /workspace
COPY ./ ./
⚠️ Potential Sensitive File go.mod (click for details)
Type Potential Sensitive File
Description Golang applications manage their dependencies through their go.mod and go.sum files. A change in these files may indicate an addition of a library/dependency which could introduce additional risk to the application either through vulnerable code, expansion of the application's attack surface via additional routes, or malicious code.
Filename go.mod
CodeLink

kubviz/go.mod

Lines 1 to 6 in a43ec5f

module github.com/intelops/kubviz
go 1.22
require (
bou.ke/monkey v1.0.2
⚠️ Potential Sensitive File go.sum (click for details)
Type Potential Sensitive File
Description Golang applications manage their dependencies through their go.mod and go.sum files. A change in these files may indicate an addition of a library/dependency which could introduce additional risk to the application either through vulnerable code, expansion of the application's attack surface via additional routes, or malicious code.
Filename go.sum
CodeLink

kubviz/go.sum

Lines 29 to 37 in a43ec5f

cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=