Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(dockerfile): revert KICS user change from 65532 back to root #7322

Merged
merged 7 commits into from
Jan 31, 2025
Merged

update(dockerfile): revert KICS user change from 65532 back to root #7322

merged 7 commits into from
Jan 31, 2025

Conversation

cx-ruiaraujo
Copy link
Contributor

@cx-ruiaraujo cx-ruiaraujo commented Jan 31, 2025
edited
Loading

Reason for Proposed Changes

  • KICS always used root, but in the latest release, we changed it to 65532 due to FedRAMP policies. This change is causing issues in AST-CLI. Since we only use the binaries inside the image, there is no relevant reason to use 65532 instead of root. A possible fix is to run the KICS image with the same user as the container running it. However, since this would require users to change their setup, I am reverting this change to avoid that and to prevent other potential issues.

Proposed Changes

  • revert KICS user change from 65532 back to root
  • update KICS gh action to v2.1.4
  • fix vulnerabilities

I submit this contribution under the Apache-2.0 license.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 31, 2025
edited
Loading

kics-logo

KICS version: v2.1.4

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 47
Queries failed to execute placeholder 0
Execution time placeholder 0

@cx-ruiaraujo cx-ruiaraujo changed the title update(action): update kics gh action update(ghaction): update kics gh action Jan 31, 2025
@cx-ruiaraujo cx-ruiaraujo changed the title update(ghaction): update kics gh action update(docker): update kics gh action Jan 31, 2025
@github-actions github-actions bot added the docker Docker query label Jan 31, 2025
@cx-ruiaraujo cx-ruiaraujo changed the title update(docker): update kics gh action update(docker): revert KICS user change from 65532 back to root Jan 31, 2025
@cx-ruiaraujo cx-ruiaraujo marked this pull request as ready for review January 31, 2025 15:42
@cx-ruiaraujo cx-ruiaraujo requested a review from a team as a code owner January 31, 2025 15:42
@cx-ruiaraujo cx-ruiaraujo changed the title update(docker): revert KICS user change from 65532 back to root update(dockerfile): revert KICS user change from 65532 back to root Jan 31, 2025
EduardoSemanas
EduardoSemanas approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@EduardoSemanas EduardoSemanas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions github-actions bot added dockerfile and removed docker Docker query labels Jan 31, 2025
ArturRibeiro-CX
ArturRibeiro-CX approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@ArturRibeiro-CX ArturRibeiro-CX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would much rather prefer the solution you provided "A possible fix is to run the KICS image with the same user as the container running it" but I understand the problem with that.
LGTM eitherway.

@cx-ruiaraujo cx-ruiaraujo merged commit 7443b1e into master Jan 31, 2025
32 checks passed
@cx-ruiaraujo cx-ruiaraujo deleted the ruiar/update-kics-image branch January 31, 2025 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EduardoSemanas EduardoSemanas EduardoSemanas approved these changes

@ArturRibeiro-CX ArturRibeiro-CX ArturRibeiro-CX approved these changes

Assignees

@cx-ruiaraujo cx-ruiaraujo

Labels
dockerfile
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cx-ruiaraujo @EduardoSemanas @ArturRibeiro-CX