integrations v1.5.12 updated

.github/workflows/go-ci-integration.yml

@@ -32,7 +32,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           load: true
           context: ./

.github/workflows/go-e2e.yaml

@@ -55,7 +55,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           load: true
           context: ./

.github/workflows/go-generate-antlr-parser.yaml

@@ -16,7 +16,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
       - name: Build ANTLR image
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         id: build_antlr_image
         with:
           context: .

.github/workflows/release-apispec.yml

@@ -137,7 +137,7 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push alpine to Docker Hub
         id: build_alpine
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           push: true
@@ -150,7 +150,7 @@ jobs:
             APISCANNER="true"
       - name: Build and push debian to Docker Hub
         id: build_debian
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.apispec.debian

.github/workflows/release-dkr-image-for-tag.yml

@@ -69,7 +69,7 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push alpine to Docker Hub
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           push: true
@@ -83,7 +83,7 @@ jobs:
       - name: Push debian to Docker Hub
         if: ${{ hashFiles('./docker/Dockerfile.debian') }} != ""
         id: build_debian
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.debian
@@ -98,7 +98,7 @@ jobs:
       - name: Push ubi8 to Docker Hub
         if: ${{ hashFiles('./docker/Dockerfile.ubi8') }} != ""
         id: build_ubi8
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.ubi8

.github/workflows/release-dkr-image.yml

@@ -48,7 +48,7 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push alpine to Docker Hub
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         id: build_alpine
         with:
           context: .
@@ -62,7 +62,7 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Build and push debian to Docker Hub
         id: build_debian
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.debian
@@ -76,7 +76,7 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Build and push ubi8 to Docker Hub
         id: build_ubi8
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.ubi8

.github/workflows/release-docker-github-actions.yaml

@@ -33,7 +33,7 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push Github Action Image to Docker Hub
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         id: build_gh_action
         with:
           context: .

.github/workflows/release-nightly.yml

@@ -160,7 +160,7 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push alpine to Docker Hub
         id: build_alpine
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           push: true
@@ -172,7 +172,7 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Build and push debian to Docker Hub
         id: build_debian
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.debian
@@ -185,7 +185,7 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Build and push ubi8 to Docker Hub
         id: build_ubi8
-        uses: docker/build-push-action@v3.0.0
+        uses: docker/build-push-action@v3.1.0
         with:
           context: .
           file: ./docker/Dockerfile.ubi8

Dockerfile

@@ -33,7 +33,7 @@ HEALTHCHECK CMD wget -q --method=HEAD localhost/system-status.txt
 # Runtime image
 # Ignore no User Cmd since KICS container is stopped afer scan
 # kics-scan ignore-line
-FROM alpine:3.16.0
+FROM alpine:3.16.1
 
 ENV TERM xterm-256color
 

assets/queries/k8s/rbac_roles_with_attach_permission/test/negative.yaml

@@ -18,6 +18,6 @@ subjects:
   name: bob
   apiGroup: rbac.authorization.k8s.io
 roleRef:
-  kind: Role 
+  kind: Role
   name: allow-attach-neg
   apiGroup: ""

assets/queries/terraform/aws/api_gateway_with_invalid_compression/query.rego

@@ -13,9 +13,12 @@ CxPolicy[result] {
 		"resourceType": "aws_api_gateway_rest_api",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_api_gateway_rest_api[%s]", [name]),
+		"searchLine": commonLib.build_search_line(["resource", "aws_api_gateway_rest_api", name], []),
 		"issueType": "MissingAttribute",
 		"keyExpectedValue": "Attribute 'minimum_compression_size' to be set and have a value greater than -1 and smaller than 10485760",
 		"keyActualValue": "Attribute 'minimum_compression_size' is undefined",
+		"remediation": "minimum_compression_size = 0",
+		"remediationType": "addition",
 	}
 }
 
@@ -29,8 +32,14 @@ CxPolicy[result] {
 		"resourceType": "aws_api_gateway_rest_api",
 		"resourceName": tf_lib.get_resource_name(resource, name),
 		"searchKey": sprintf("aws_api_gateway_rest_api[%s].minimum_compression_size", [name]),
+		"searchLine": commonLib.build_search_line(["resource", "aws_api_gateway_rest_api", name, "minimum_compression_size"], []),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "Attribute 'minimum_compression_size' to be greater than -1 and smaller than 10485760",
 		"keyActualValue": sprintf("Attribute 'minimum_compression_size' is %d", [resource.minimum_compression_size]),
+		"remediation": json.marshal({
+			"before": sprintf("%d", [resource.minimum_compression_size]),
+			"after": "0"
+		}),
+		"remediationType": "replacement",
 	}
 }

docs/docker/digests.csv

@@ -79,3 +79,4 @@ v1.5.6-gh-actions,sha256:f0232875171f3ef272ed3374a4f4e649fcddc9cc4fea3825d6ff103
 v1.5.8-gh-actions,sha256:61a2d50c83f15acbcf536f56bebc114ba19eecfe5a356580ed931c4a01f341fd
 v1.5.9-gh-actions,sha256:015eebbaeb31e8a9ea0909df089bed06442d8aabe60ac3e6afcdc00c269c0f41
 v1.5.10-gh-actions,sha256:78199d59ab734071f32746d84ff0443b9a9dd6088bd9e335bfb7867964f2223b
+v1.5.12-gh-actions,sha256:e3172e976f6be1885dfd6164a181ad2d9b824b6baab3b32e0b0b957b394fe1eb

docs/docker/digests.md

@@ -80,3 +80,4 @@ v1.5.6-gh-actions   |  sha256:f0232875171f3ef272ed3374a4f4e649fcddc9cc4fea3825d6
 v1.5.8-gh-actions   |  sha256:61a2d50c83f15acbcf536f56bebc114ba19eecfe5a356580ed931c4a01f341fd
 v1.5.9-gh-actions   |  sha256:015eebbaeb31e8a9ea0909df089bed06442d8aabe60ac3e6afcdc00c269c0f41
 v1.5.10-gh-actions  |  sha256:78199d59ab734071f32746d84ff0443b9a9dd6088bd9e335bfb7867964f2223b
+v1.5.12-gh-actions  |  sha256:e3172e976f6be1885dfd6164a181ad2d9b824b6baab3b32e0b0b957b394fe1eb

docs/docker/nightly.csv

@@ -421,3 +421,19 @@ scratch,bc87c6bf,2022-07-15,sha256:180ae2bd2b8b27f13f716a5f645f602b8ee93fa31a079
 alpine,bc87c6bf,2022-07-15,sha256:180ae2bd2b8b27f13f716a5f645f602b8ee93fa31a07969d52e8de2046441fd7
 debian,bc87c6bf,2022-07-15,sha256:85b899a8ccbc3260b50239ca84a375087bbc57352c8b5dbd38efbb23118c2f5c
 ubi8,bc87c6bf,2022-07-15,sha256:1263b8496e10a4914efc1c09b8c9b10b8cb39eaced03e207891b58088914ee29
+scratch,902fa7bb,2022-07-18,sha256:890cc5f3730e8a58db1a9e8984285fd100f534e549a735a3984024b9ec3e8473
+alpine,902fa7bb,2022-07-18,sha256:890cc5f3730e8a58db1a9e8984285fd100f534e549a735a3984024b9ec3e8473
+debian,902fa7bb,2022-07-18,sha256:4526282f445316fe1615aa98414d604828d9af9e3741bd85c9e00ddc3fe5f4cf
+ubi8,902fa7bb,2022-07-18,sha256:4b1935952706a5ccfbdd12378377f91d02b201d584f193ddbc89eb103fd9b8dd
+scratch,7e8b65d9,2022-07-19,sha256:846a9fafb7cf2e9b95ae2e8ff611b81aec79c0ff37860270ed63635ba637a995
+alpine,7e8b65d9,2022-07-19,sha256:846a9fafb7cf2e9b95ae2e8ff611b81aec79c0ff37860270ed63635ba637a995
+debian,7e8b65d9,2022-07-19,sha256:8a87129603cd5e6e1ff9d655e2cf33405354d7e1bb759a0440be21b07f2235ca
+ubi8,7e8b65d9,2022-07-19,sha256:fff30708f3809a04b3839a32a4cb4d267bace0cb30f6b0c77e38bb75640f3e8a
+scratch,a8e7a611,2022-07-20,sha256:aa0db1182f560bb29d1afbaf8d0ca5e0779e8543d603110792bce24a19e706f6
+alpine,a8e7a611,2022-07-20,sha256:aa0db1182f560bb29d1afbaf8d0ca5e0779e8543d603110792bce24a19e706f6
+debian,a8e7a611,2022-07-20,sha256:0f2d0cf342f1df566800e286c4c926353a6b60b8355e0dcb460a839156c8e187
+ubi8,a8e7a611,2022-07-20,sha256:6398049c8978b03454ff5d190cb358dd1f262871f879c368ec2271ba38c61246
+scratch,278acb19,2022-07-21,sha256:027f5bbe9521c315060bc1a9198c911163cf155d68a31cfdca45e52e2a616979
+alpine,278acb19,2022-07-21,sha256:027f5bbe9521c315060bc1a9198c911163cf155d68a31cfdca45e52e2a616979
+debian,278acb19,2022-07-21,sha256:22c026a49665bf94751cc69a71d1d6e78af9cc3e6d1e301fe17b3b82e3b2d12a
+ubi8,278acb19,2022-07-21,sha256:a9d3bb91a83a79af4f33006f521f73163a64036d3ea681e1c3f07d319cefd194

docs/docker/nightly.md

@@ -422,3 +422,19 @@ scratch  |  bc87c6bf  |  2022-07-15  |  sha256:180ae2bd2b8b27f13f716a5f645f602b8
 alpine   |  bc87c6bf  |  2022-07-15  |  sha256:180ae2bd2b8b27f13f716a5f645f602b8ee93fa31a07969d52e8de2046441fd7
 debian   |  bc87c6bf  |  2022-07-15  |  sha256:85b899a8ccbc3260b50239ca84a375087bbc57352c8b5dbd38efbb23118c2f5c
 ubi8     |  bc87c6bf  |  2022-07-15  |  sha256:1263b8496e10a4914efc1c09b8c9b10b8cb39eaced03e207891b58088914ee29
+scratch  |  902fa7bb  |  2022-07-18  |  sha256:890cc5f3730e8a58db1a9e8984285fd100f534e549a735a3984024b9ec3e8473
+alpine   |  902fa7bb  |  2022-07-18  |  sha256:890cc5f3730e8a58db1a9e8984285fd100f534e549a735a3984024b9ec3e8473
+debian   |  902fa7bb  |  2022-07-18  |  sha256:4526282f445316fe1615aa98414d604828d9af9e3741bd85c9e00ddc3fe5f4cf
+ubi8     |  902fa7bb  |  2022-07-18  |  sha256:4b1935952706a5ccfbdd12378377f91d02b201d584f193ddbc89eb103fd9b8dd
+scratch  |  7e8b65d9  |  2022-07-19  |  sha256:846a9fafb7cf2e9b95ae2e8ff611b81aec79c0ff37860270ed63635ba637a995
+alpine   |  7e8b65d9  |  2022-07-19  |  sha256:846a9fafb7cf2e9b95ae2e8ff611b81aec79c0ff37860270ed63635ba637a995
+debian   |  7e8b65d9  |  2022-07-19  |  sha256:8a87129603cd5e6e1ff9d655e2cf33405354d7e1bb759a0440be21b07f2235ca
+ubi8     |  7e8b65d9  |  2022-07-19  |  sha256:fff30708f3809a04b3839a32a4cb4d267bace0cb30f6b0c77e38bb75640f3e8a
+scratch  |  a8e7a611  |  2022-07-20  |  sha256:aa0db1182f560bb29d1afbaf8d0ca5e0779e8543d603110792bce24a19e706f6
+alpine   |  a8e7a611  |  2022-07-20  |  sha256:aa0db1182f560bb29d1afbaf8d0ca5e0779e8543d603110792bce24a19e706f6
+debian   |  a8e7a611  |  2022-07-20  |  sha256:0f2d0cf342f1df566800e286c4c926353a6b60b8355e0dcb460a839156c8e187
+ubi8     |  a8e7a611  |  2022-07-20  |  sha256:6398049c8978b03454ff5d190cb358dd1f262871f879c368ec2271ba38c61246
+scratch  |  278acb19  |  2022-07-21  |  sha256:027f5bbe9521c315060bc1a9198c911163cf155d68a31cfdca45e52e2a616979
+alpine   |  278acb19  |  2022-07-21  |  sha256:027f5bbe9521c315060bc1a9198c911163cf155d68a31cfdca45e52e2a616979
+debian   |  278acb19  |  2022-07-21  |  sha256:22c026a49665bf94751cc69a71d1d6e78af9cc3e6d1e301fe17b3b82e3b2d12a
+ubi8     |  278acb19  |  2022-07-21  |  sha256:a9d3bb91a83a79af4f33006f521f73163a64036d3ea681e1c3f07d319cefd194