From 6ae502ddd47d1dfac9c85a781b67a7da5371e53d Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 20 Nov 2025 09:23:55 +0000 Subject: [PATCH 01/37] Upgrading semgrep from 1.143.0 to 1.144.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index a81d89417..6f4d64480 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.143.0" +appVersion: "1.144.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index b3c8a3d2b..dbb6b9776 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.143.0" +appVersion: "1.144.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index af6317648..ba81da041 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.143.0` +- tagged releases, e.g. `1.144.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From 7a402eb8023a1ff5f44dc7de5a66c70cf32242a3 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 20 Nov 2025 09:23:58 +0000 Subject: [PATCH 02/37] Upgrading gitleaks from v8.29.0 to v8.29.1 Signed-off-by: secureCodeBoxBot --- scanners/gitleaks/Chart.yaml | 2 +- scanners/gitleaks/README.md | 2 +- scanners/gitleaks/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/gitleaks/Chart.yaml b/scanners/gitleaks/Chart.yaml index 28ee90486..5db005787 100644 --- a/scanners/gitleaks/Chart.yaml +++ b/scanners/gitleaks/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the gitleaks repository scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v8.29.0" +appVersion: "v8.29.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zricethezav/gitleaks/releases/latest diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index 9bd30f7a0..b90720704 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -3,7 +3,7 @@ title: "Gitleaks" category: "scanner" type: "Repository" state: "released" -appVersion: "v8.29.0" +appVersion: "v8.29.1" usecase: "Find potential secrets in repositories" --- diff --git a/scanners/gitleaks/docs/README.DockerHub-Parser.md b/scanners/gitleaks/docs/README.DockerHub-Parser.md index 6248ab530..9280dbc96 100644 --- a/scanners/gitleaks/docs/README.DockerHub-Parser.md +++ b/scanners/gitleaks/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `v8.29.0` +- tagged releases, e.g. `v8.29.1` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/gitleaks. From 731ec2fa5e8a885715c77abb1c6570a2ed1e3acf Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Sun, 23 Nov 2025 09:23:28 +0000 Subject: [PATCH 03/37] Upgrading subfinder from v2.10.0 to v2.10.1 Signed-off-by: secureCodeBoxBot --- scanners/subfinder/Chart.yaml | 2 +- scanners/subfinder/README.md | 2 +- scanners/subfinder/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/subfinder/Chart.yaml b/scanners/subfinder/Chart.yaml index d43c2dbe1..7ee5e363d 100644 --- a/scanners/subfinder/Chart.yaml +++ b/scanners/subfinder/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the subfinder security Scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v2.10.0" +appVersion: "v2.10.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/projectdiscovery/subfinder/releases/latest diff --git a/scanners/subfinder/README.md b/scanners/subfinder/README.md index 9adbf9e00..a636193cb 100644 --- a/scanners/subfinder/README.md +++ b/scanners/subfinder/README.md @@ -3,7 +3,7 @@ title: "subfinder" category: "scanner" type: "Network" state: "released" -appVersion: "v2.10.0" +appVersion: "v2.10.1" usecase: "Subdomain Enumeration Scanner" --- diff --git a/scanners/subfinder/docs/README.DockerHub-Parser.md b/scanners/subfinder/docs/README.DockerHub-Parser.md index 56575cba0..e4e5ad9bf 100644 --- a/scanners/subfinder/docs/README.DockerHub-Parser.md +++ b/scanners/subfinder/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `v2.10.0` +- tagged releases, e.g. `v2.10.1` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://github.com/projectdiscovery/subfinder. From 243823f89b551a6000220d7a9885a6afdab528c3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 17:48:51 +0000 Subject: [PATCH 04/37] Update dependency helm/helm to v3.19.2 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 232ce5f74..d7fdc3b7c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ env: # renovate: datasource=github-releases depName=kubernetes-sigs/kind KIND_BINARY_VERSION: "v0.30.0" # renovate: datasource=github-releases depName=helm/helm - HELM_VERSION: "v3.19.1" + HELM_VERSION: "v3.19.2" # renovate: datasource=github-releases depName=helm-unittest/helm-unittest HELM_PLUGIN_UNITTEST_VERSION: "1.0.0" # renovate: datasource=github-releases depName=go-task/task From 785adcb43565a3f332c941c57ca0beae720038a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 09:16:16 +0000 Subject: [PATCH 05/37] Bump the npm-version-updates group in /documentation with 3 updates Bumps the npm-version-updates group in /documentation with 3 updates: [rimraf](https://github.com/isaacs/rimraf), [sass](https://github.com/sass/dart-sass) and [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react). Updates `rimraf` from 6.1.0 to 6.1.2 - [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/rimraf/compare/v6.1.0...v6.1.2) Updates `sass` from 1.94.0 to 1.94.2 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.94.0...1.94.2) Updates `@types/react` from 19.2.5 to 19.2.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: rimraf dependency-version: 6.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: sass dependency-version: 1.94.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: "@types/react" dependency-version: 19.2.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 66 ++++++++++++--------------------- documentation/package.json | 4 +- 2 files changed, 25 insertions(+), 45 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 71080ada7..b83e22702 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -23,7 +23,7 @@ "prism-react-renderer": "^2.4.1", "react": "^19.2.0", "react-dom": "^19.2.0", - "rimraf": "^6.1.0", + "rimraf": "^6.1.2", "sass": "1.94" }, "devDependencies": { @@ -31,7 +31,7 @@ "@docusaurus/tsconfig": "^3.9.2", "@docusaurus/types": "^3.6.0", "@types/node": "^24.10.1", - "@types/react": "^19.2.5", + "@types/react": "^19.2.6", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", "sass-loader": "^16.0.6", @@ -5490,12 +5490,12 @@ "license": "MIT" }, "node_modules/@types/react": { - "version": "19.2.5", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.5.tgz", - "integrity": "sha512-keKxkZMqnDicuvFoJbzrhbtdLSPhj/rZThDlKWCDbgXmUg0rEUFtRssDXKYmtXluZlIqiC5VqkCgRwzuyLHKHw==", + "version": "19.2.6", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.6.tgz", + "integrity": "sha512-p/jUvulfgU7oKtj6Xpk8cA2Y1xKTtICGpJYeJXz2YVO2UcvjQgeRMLDGfDeqeRW2Ta+0QNFwcc8X3GH8SxZz6w==", "license": "MIT", "dependencies": { - "csstype": "^3.0.2" + "csstype": "^3.2.2" } }, "node_modules/@types/react-helmet": { @@ -7745,9 +7745,10 @@ "license": "CC0-1.0" }, "node_modules/csstype": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz", - "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==" + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "license": "MIT" }, "node_modules/data-uri-to-buffer": { "version": "4.0.1", @@ -9311,21 +9312,15 @@ "license": "ISC" }, "node_modules/glob": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-11.1.0.tgz", - "integrity": "sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==", + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.0.tgz", + "integrity": "sha512-tvZgpqk6fz4BaNZ66ZsRaZnbHvP/jG3uKJvAZOwEVUL4RTA5nJeeLYfyN9/VA8NX/V3IBG+hkeuGpKjvELkVhA==", "license": "BlueOak-1.0.0", "dependencies": { - "foreground-child": "^3.3.1", - "jackspeak": "^4.1.1", "minimatch": "^10.1.1", "minipass": "^7.1.2", - "package-json-from-dist": "^1.0.0", "path-scurry": "^2.0.0" }, - "bin": { - "glob": "dist/esm/bin.mjs" - }, "engines": { "node": "20 || >=22" }, @@ -9391,9 +9386,9 @@ } }, "node_modules/glob/node_modules/path-scurry": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.0.tgz", - "integrity": "sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.1.tgz", + "integrity": "sha512-oWyT4gICAu+kaA7QWk/jvCHWarMKNs6pXOGWKDTr7cw4IGcUbW+PeTfbaQiLGheFRpjo6O9J0PmyMfQPjH71oA==", "license": "BlueOak-1.0.0", "dependencies": { "lru-cache": "^11.0.0", @@ -10779,21 +10774,6 @@ "node": ">=0.10.0" } }, - "node_modules/jackspeak": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.1.1.tgz", - "integrity": "sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==", - "license": "BlueOak-1.0.0", - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "engines": { - "node": "20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/jest-util": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", @@ -16825,12 +16805,12 @@ } }, "node_modules/rimraf": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.1.0.tgz", - "integrity": "sha512-DxdlA1bdNzkZK7JiNWH+BAx1x4tEJWoTofIopFo6qWUU94jYrFZ0ubY05TqH3nWPJ1nKa1JWVFDINZ3fnrle/A==", + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-6.1.2.tgz", + "integrity": "sha512-cFCkPslJv7BAXJsYlK1dZsbP8/ZNLkCAQ0bi1hf5EKX2QHegmDFEFA6QhuYJlk7UDdc+02JjO80YSOrWPpw06g==", "license": "BlueOak-1.0.0", "dependencies": { - "glob": "^11.0.3", + "glob": "^13.0.0", "package-json-from-dist": "^1.0.1" }, "bin": { @@ -16921,9 +16901,9 @@ "license": "MIT" }, "node_modules/sass": { - "version": "1.94.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.94.0.tgz", - "integrity": "sha512-Dqh7SiYcaFtdv5Wvku6QgS5IGPm281L+ZtVD1U2FJa7Q0EFRlq8Z3sjYtz6gYObsYThUOz9ArwFqPZx+1azILQ==", + "version": "1.94.2", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.94.2.tgz", + "integrity": "sha512-N+7WK20/wOr7CzA2snJcUSSNTCzeCGUTFY3OgeQP3mZ1aj9NMQ0mSTXwlrnd89j33zzQJGqIN52GIOmYrfq46A==", "license": "MIT", "dependencies": { "chokidar": "^4.0.0", diff --git a/documentation/package.json b/documentation/package.json index 19ac3475e..d813ae65b 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -33,7 +33,7 @@ "prism-react-renderer": "^2.4.1", "react": "^19.2.0", "react-dom": "^19.2.0", - "rimraf": "^6.1.0", + "rimraf": "^6.1.2", "sass": "1.94" }, "browserslist": { @@ -53,7 +53,7 @@ "@docusaurus/tsconfig": "^3.9.2", "@docusaurus/types": "^3.6.0", "@types/node": "^24.10.1", - "@types/react": "^19.2.5", + "@types/react": "^19.2.6", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", "sass-loader": "^16.0.6", From c013e3a8106fd9cdb40c92b5038d74492791afa2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 09:35:24 +0000 Subject: [PATCH 06/37] Bump @types/node Bumps the npm-version-updates group with 1 update in the /parser-sdk/nodejs directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@types/node` from 24.10.0 to 24.10.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- hook-sdk/nodejs/package-lock.json | 6 +++--- parser-sdk/nodejs/package-lock.json | 14 +++++++------- parser-sdk/nodejs/package.json | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/hook-sdk/nodejs/package-lock.json b/hook-sdk/nodejs/package-lock.json index c1e05a4ab..9c5d645ef 100644 --- a/hook-sdk/nodejs/package-lock.json +++ b/hook-sdk/nodejs/package-lock.json @@ -66,9 +66,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "24.10.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.0.tgz", - "integrity": "sha512-qzQZRBqkFsYyaSWXuEHc2WR9c0a0CXwiE5FWUvn7ZM+vdy1uZLfCunD38UzhuB7YN/J11ndbDBcTmOdxJo9Q7A==", + "version": "24.10.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.1.tgz", + "integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==", "dependencies": { "undici-types": "~7.16.0" } diff --git a/parser-sdk/nodejs/package-lock.json b/parser-sdk/nodejs/package-lock.json index 6e2c6559e..fe50ae78f 100644 --- a/parser-sdk/nodejs/package-lock.json +++ b/parser-sdk/nodejs/package-lock.json @@ -16,7 +16,7 @@ "jsonpointer": "^5.0.1" }, "devDependencies": { - "@types/node": "^24.10.0" + "@types/node": "^24.10.1" } }, "node_modules/@jsep-plugin/assignment": { @@ -73,9 +73,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "24.10.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.0.tgz", - "integrity": "sha512-qzQZRBqkFsYyaSWXuEHc2WR9c0a0CXwiE5FWUvn7ZM+vdy1uZLfCunD38UzhuB7YN/J11ndbDBcTmOdxJo9Q7A==", + "version": "24.10.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.1.tgz", + "integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==", "dependencies": { "undici-types": "~7.16.0" } @@ -867,9 +867,9 @@ "integrity": "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==" }, "@types/node": { - "version": "24.10.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.0.tgz", - "integrity": "sha512-qzQZRBqkFsYyaSWXuEHc2WR9c0a0CXwiE5FWUvn7ZM+vdy1uZLfCunD38UzhuB7YN/J11ndbDBcTmOdxJo9Q7A==", + "version": "24.10.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.1.tgz", + "integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==", "requires": { "undici-types": "~7.16.0" } diff --git a/parser-sdk/nodejs/package.json b/parser-sdk/nodejs/package.json index 8cf8239a5..29394bc26 100644 --- a/parser-sdk/nodejs/package.json +++ b/parser-sdk/nodejs/package.json @@ -18,6 +18,6 @@ "jsonpointer": "^5.0.1" }, "devDependencies": { - "@types/node": "^24.10.0" + "@types/node": "^24.10.1" } } From cdc48655efc6d6808599aa117ed41d5238cf8a2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 09:46:53 +0000 Subject: [PATCH 07/37] Bump the github-actions-version-updates group across 1 directory with 5 updates Bumps the github-actions-version-updates group with 5 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.2` | `4.31.5` | | [mikefarah/yq](https://github.com/mikefarah/yq) | `4.48.1` | `4.49.1` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.8` | `7.0.9` | Updates `actions/checkout` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) Updates `actions/setup-go` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/44694675825211faa026b3c33043df3e48a5fa00...4dc6199c7b1a012772edbd06daecab0f50c9053c) Updates `github/codeql-action` from 4.31.2 to 4.31.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...fdbfb4d2750291e159f0156def62b853c2798ca2) Updates `mikefarah/yq` from 4.48.1 to 4.49.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/0ecdce24e83f0fa127940334be98c86b07b0c488...45be35c06387d692bb6bf689919919e0e32e796f) Updates `peter-evans/create-pull-request` from 7.0.8 to 7.0.9 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-version-updates - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-version-updates - dependency-name: github/codeql-action dependency-version: 4.31.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates - dependency-name: mikefarah/yq dependency-version: 4.49.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-version-updates - dependency-name: peter-evans/create-pull-request dependency-version: 7.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 34 +++++++++---------- .github/workflows/documentation-roulette.yaml | 2 +- .../workflows/helm-charts-release-ghcr.yaml | 2 +- .github/workflows/helm-charts-release.yaml | 2 +- .github/workflows/helm-docs.yaml | 2 +- .github/workflows/label-commenter.yml | 2 +- .github/workflows/license-check.yaml | 2 +- .github/workflows/mega-linter.yml | 2 +- .github/workflows/move-bot-pr-to-review.yaml | 2 +- .github/workflows/oss-scorecard.yaml | 4 +-- .github/workflows/release-build.yaml | 26 +++++++------- .github/workflows/scb-bot.yaml | 10 +++--- 12 files changed, 45 insertions(+), 45 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d7fdc3b7c..212bf64c4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -37,7 +37,7 @@ jobs: name: "Unit Test | Node.js Scanner Test Helpers" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 @@ -53,7 +53,7 @@ jobs: name: "Setup Kind & Kubectl & Helm & Task" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install Kind run: | @@ -111,7 +111,7 @@ jobs: needs: - k8s-setup steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Download Helm uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -150,7 +150,7 @@ jobs: matrix: unit: ["persistence-defectdojo"] steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 17 @@ -191,10 +191,10 @@ jobs: component: ["operator", "lurker"] steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Go Setup - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: "operator/go.mod" @@ -230,10 +230,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Go Setup - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: "auto-discovery/kubernetes/go.mod" @@ -270,10 +270,10 @@ jobs: - k8s-setup steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Go Setup - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: "auto-discovery/kubernetes/go.mod" @@ -363,10 +363,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Go Setup - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: "auto-discovery/cloud-aws/go.mod" @@ -407,7 +407,7 @@ jobs: - hook-sdk steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Build Image working-directory: ./${{ matrix.sdk }}/nodejs @@ -457,7 +457,7 @@ jobs: - zap-automation-framework steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 @@ -610,7 +610,7 @@ jobs: # - persistence-static-report (WIP) steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 @@ -744,10 +744,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: "scbctl/go.mod" diff --git a/.github/workflows/documentation-roulette.yaml b/.github/workflows/documentation-roulette.yaml index 3f854ba98..56e765719 100644 --- a/.github/workflows/documentation-roulette.yaml +++ b/.github/workflows/documentation-roulette.yaml @@ -21,7 +21,7 @@ jobs: if: github.repository == 'secureCodeBox/secureCodeBox' steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 # Request team members with the GitHub API using their gh cli - name: Fetch core-team members diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 1c9e11e31..6687b1685 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -20,7 +20,7 @@ jobs: name: "Publish Helm Charts to GHCR" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Parse Release Version run: | diff --git a/.github/workflows/helm-charts-release.yaml b/.github/workflows/helm-charts-release.yaml index 26459d32e..670e02972 100644 --- a/.github/workflows/helm-charts-release.yaml +++ b/.github/workflows/helm-charts-release.yaml @@ -18,7 +18,7 @@ jobs: name: Package and Publish runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: "Install yq" run: | sudo snap install yq diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 28e117868..c27152251 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-24.04 if: github.repository == 'secureCodeBox/secureCodeBox' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.head_ref }} token: ${{ secrets.SCB_BOT_USER_TOKEN }} diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml index 7882bf908..1c54908a3 100644 --- a/.github/workflows/label-commenter.yml +++ b/.github/workflows/label-commenter.yml @@ -19,7 +19,7 @@ jobs: comment: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Label Commenter uses: peaceiris/actions-label-commenter@f0dbbef043eb1b150b566db36b0bdc8b7f505579 # v1.10.0 with: diff --git a/.github/workflows/license-check.yaml b/.github/workflows/license-check.yaml index f9cadf756..095d233cd 100644 --- a/.github/workflows/license-check.yaml +++ b/.github/workflows/license-check.yaml @@ -19,7 +19,7 @@ jobs: if: github.repository == 'secureCodeBox/secureCodeBox' steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: REUSE Compliance Check uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0 diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index a18a208d8..e425411df 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -36,7 +36,7 @@ jobs: steps: # Git Checkout - name: Checkout Code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml index 3169a8029..f21944bcd 100644 --- a/.github/workflows/move-bot-pr-to-review.yaml +++ b/.github/workflows/move-bot-pr-to-review.yaml @@ -19,7 +19,7 @@ jobs: # only run if the branch starts with 'dependabot/' or 'dependencies/upgrading' if: startsWith(github.head_ref, 'dependabot/') || startsWith(github.head_ref, 'dependencies/upgrading') steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Add bot PR to project run: | diff --git a/.github/workflows/oss-scorecard.yaml b/.github/workflows/oss-scorecard.yaml index 0eed3743a..81ca97672 100644 --- a/.github/workflows/oss-scorecard.yaml +++ b/.github/workflows/oss-scorecard.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: results.sarif diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index f8e28f7de..1c4de9ab7 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -31,7 +31,7 @@ jobs: component: ["operator", "lurker"] steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -78,7 +78,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -125,7 +125,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -178,7 +178,7 @@ jobs: - hook-sdk steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -231,7 +231,7 @@ jobs: - update-field-hook steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -285,7 +285,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -347,7 +347,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -422,10 +422,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set ENV Var with Scanner Version - uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 + uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 # Notice: The current version of the scanner is provided via the Chart.yaml to ensure # there is only one place to edit the version of a scanner with: @@ -433,7 +433,7 @@ jobs: # extract the supported cpu architectures from the Chart.yaml - name: Set ENV Var with Supported Platforms - uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 + uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 with: cmd: echo supportedPlatforms=$(yq e .annotations.supported-platforms scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV @@ -492,7 +492,7 @@ jobs: - test-scan steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Docker Meta id: docker_meta @@ -552,10 +552,10 @@ jobs: - old-wordpress steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set ENV Var with Demo-Target Version - uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 + uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 # Notice: The current version of the demo-target is provided via the Chart.yaml to ensure # there is only one place to edit the version of a scanner with: diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index c95dc20ed..99f070e4e 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -48,7 +48,7 @@ jobs: - zap-automation-framework # missing scanners are : nmap, nikto steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Import GPG key uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 @@ -61,14 +61,14 @@ jobs: # Fetching scanner version from local chart .appVersion attribute # this would look like 1.1.1 or v1.1.1 depending on the corresponding Docker image tag - name: Fetch local scanner version - uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 + uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 with: cmd: echo local=$(yq e .appVersion scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV # Fetching scanner version API from local chart .annotations.versionApi attribute # This would look like https://api.github.com/repos/projectdiscovery/nuclei/releases/latest - name: Fetch scanner's version API - uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 + uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 with: cmd: echo versionApi=$(yq e .annotations.versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV @@ -143,7 +143,7 @@ jobs: - name: Upgrade Scanner Helm Chart if: ${{ env.release != env.local && env.prExists == 0 && env.release != null}} - uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.48.1 + uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 with: # appVersion value in chart is replaced with release value. Empty lines are deleted in the process cmd: yq e --inplace '.appVersion = "${{env.release}}"' ./scanners/${{ matrix.scanner }}/Chart.yaml @@ -189,7 +189,7 @@ jobs: - name: Create Pull Request if: ${{ env.release != env.local && env.prExists == 0 && env.release != null }} - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: token: ${{ secrets.SCB_BOT_USER_TOKEN }} committer: secureCodeBoxBot From 4bd21db413c72196908dad95e3333705311613d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:02:56 +0000 Subject: [PATCH 08/37] Bump the gradle-version-updates group across 1 directory with 2 updates Bumps the gradle-version-updates group with 2 updates in the /hooks/persistence-defectdojo/hook directory: [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) and org.sonarqube. Updates `org.springframework:spring-web` from 6.2.12 to 7.0.1 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.12...v7.0.1) Updates `org.sonarqube` from 7.0.1.6134 to 7.1.0.6387 --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gradle-version-updates - dependency-name: org.sonarqube dependency-version: 7.1.0.6387 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-version-updates ... Signed-off-by: dependabot[bot] --- hooks/persistence-defectdojo/hook/build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle index 637625766..2956925c6 100644 --- a/hooks/persistence-defectdojo/hook/build.gradle +++ b/hooks/persistence-defectdojo/hook/build.gradle @@ -8,7 +8,7 @@ plugins { // https://github.com/ben-manes/gradle-versions-plugin // Run: ./gradlew dependencyUpdates -Drevision=release id "com.github.ben-manes.versions" version "0.53.0" - id "org.sonarqube" version "7.0.1.6134" + id "org.sonarqube" version "7.1.0.6387" } group = "io.securecodebox" @@ -24,7 +24,7 @@ repositories { dependencies { implementation group: "io.securecodebox", name: "defectdojo-client", version: "2.0.1" implementation group: "io.kubernetes", name: "client-java", version: "20.0.1" - implementation group: "org.springframework", name: "spring-web", version: "6.2.12" + implementation group: "org.springframework", name: "spring-web", version: "7.0.1" // https://github.com/FasterXML/jackson-bom implementation platform("com.fasterxml.jackson:jackson-bom:2.20.1") implementation "com.fasterxml.jackson.core:jackson-core" From aa0a3c45db83f9b66b68cc386194d10c5406439b Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Thu, 27 Nov 2025 13:58:28 +0100 Subject: [PATCH 09/37] Add New Blog Post From The Internet Signed-off-by: Sven Strittmatter --- documentation/docs/12-mentions.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/documentation/docs/12-mentions.md b/documentation/docs/12-mentions.md index ee3b7c28c..56f3c6c66 100644 --- a/documentation/docs/12-mentions.md +++ b/documentation/docs/12-mentions.md @@ -11,6 +11,7 @@ Here we collect blog posts, articles, talks about etc. _secureCodeBox_. They are ## Blog Posts and Articles +- [Automating Penetration Testing with SecureCodeBox on Kubernetes Kind Clusters Using GitHub Actions][gharbi-post] 🇬🇧 by [Yasmine Gharbi][gharbi-author]. - [Wprowadzenie do OWASP secureCodeBox][lukasz-post] 🇵🇱 by [Łukasz Mieczkowski][lukasz-blog]. - [Exploring secureCodeBox — An Open-Source Continuous Security Testing Solution for DevSecOps][theowni-post] 🇬🇧 by [Krzysztof Pranczk][theowni-author]. - [SecureCodeBox — k8s based, toolchain for continuous security scans][gortega-post] 🇬🇧 by [Gustavo Ortega][gortega-author]. @@ -30,6 +31,8 @@ Here we collect blog posts, articles, talks about etc. _secureCodeBox_. They are - [Interview with RadioTux on YouTube][radiotux-youtube] 🇩🇪 ([Podcast Episode][radiotux-podcast]). - [35 DevSecOps Tools to Add Sec to Your DevOps][thechief.io] 🇬🇧. +[gharbi-author]: https://www.linkedin.com/in/yasmine-gharbi-39b67221a/ +[gharbi-post]: https://medium.com/@gyasmine29/automating-penetration-testing-with-securecodebox-on-kubernetes-kind-clusters-using-github-actions-27230b8b087c [theowni-post]: https://itnext.io/exploring-securecodebox-an-open-source-continuous-security-testing-solution-for-devsecops-b233fc5341e1 [theowni-author]: https://medium.com/@theowni [gortega-post]: https://gortega.medium.com/securecodebox-an-interesting-tool-bab410185b77 From 3f59a2ccc9088f8e3e124d7b3bc185942beeafec Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 27 Nov 2025 09:24:12 +0000 Subject: [PATCH 10/37] Upgrading gitleaks from v8.29.1 to v8.30.0 Signed-off-by: secureCodeBoxBot --- scanners/gitleaks/Chart.yaml | 2 +- scanners/gitleaks/README.md | 2 +- scanners/gitleaks/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/gitleaks/Chart.yaml b/scanners/gitleaks/Chart.yaml index 5db005787..b53e1eac7 100644 --- a/scanners/gitleaks/Chart.yaml +++ b/scanners/gitleaks/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the gitleaks repository scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v8.29.1" +appVersion: "v8.30.0" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zricethezav/gitleaks/releases/latest diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index b90720704..5d5cef98d 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -3,7 +3,7 @@ title: "Gitleaks" category: "scanner" type: "Repository" state: "released" -appVersion: "v8.29.1" +appVersion: "v8.30.0" usecase: "Find potential secrets in repositories" --- diff --git a/scanners/gitleaks/docs/README.DockerHub-Parser.md b/scanners/gitleaks/docs/README.DockerHub-Parser.md index 9280dbc96..2b9678430 100644 --- a/scanners/gitleaks/docs/README.DockerHub-Parser.md +++ b/scanners/gitleaks/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `v8.29.1` +- tagged releases, e.g. `v8.30.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/gitleaks. From 31b939edca7cf2bcfe602a617a01d754ba001369 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 19:14:45 +0000 Subject: [PATCH 11/37] Update dependency helm-unittest/helm-unittest to v1.0.3 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 212bf64c4..e9bf2482d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,7 +28,7 @@ env: # renovate: datasource=github-releases depName=helm/helm HELM_VERSION: "v3.19.2" # renovate: datasource=github-releases depName=helm-unittest/helm-unittest - HELM_PLUGIN_UNITTEST_VERSION: "1.0.0" + HELM_PLUGIN_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-releases depName=go-task/task TASK_VERSION: "v3.45.5" From cab6db0d07fbae3e0451996d4f8838d595c38294 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Thu, 27 Nov 2025 09:30:55 +0100 Subject: [PATCH 12/37] Update helm-scapshots for helm-unittest v1.0.3 Signed-off-by: Samreet Singh --- .../tests/__snapshot__/bodgeit_test.yaml.snap | 2 +- .../__snapshot__/dummy-ssh_test.yaml.snap | 2 +- .../__snapshot__/http-webhook_test.yaml.snap | 2 +- .../__snapshot__/juice-shop_test.yaml.snap | 4 +- .../__snapshot__/old-joomla_test.yaml.snap | 2 +- .../__snapshot__/old-typo3_test.yaml.snap | 2 +- .../__snapshot__/old-wordpress_test.yaml.snap | 2 +- .../swagger-petstore_test.yaml.snap | 2 +- .../__snapshot__/unsafe-https_test.yaml.snap | 2 +- .../vulnerable-log4j_test.yaml.snap | 2 +- .../cascading-scans_test.yaml.snap | 2 +- .../finding-post-processing_test.yaml.snap | 3 +- .../generic-webhook_test.yaml.snap | 2 +- .../__snapshot__/notification_test.yaml.snap | 4 +- .../persistence-azure-monitor_test.yaml.snap | 2 +- .../persistence-defectdojo_test.yaml.snap | 2 +- .../persistence-elastic_test.yaml.snap | 2 +- .../update-field-hook_test.yaml.snap | 2 +- .../__snapshot__/operator_test.yaml.snap | 500 +++++++++++++----- .../tests/__snapshot__/scanner_test.yaml.snap | 2 +- .../tests/__snapshot__/scanner_test.yaml.snap | 10 +- .../tests/__snapshot__/scanner_test.yaml.snap | 2 +- 22 files changed, 401 insertions(+), 154 deletions(-) diff --git a/demo-targets/bodgeit/tests/__snapshot__/bodgeit_test.yaml.snap b/demo-targets/bodgeit/tests/__snapshot__/bodgeit_test.yaml.snap index 3835ba9ab..3a10cf6f3 100644 --- a/demo-targets/bodgeit/tests/__snapshot__/bodgeit_test.yaml.snap +++ b/demo-targets/bodgeit/tests/__snapshot__/bodgeit_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | 1. Get the application URL by running these commands: 2: | apiVersion: apps/v1 diff --git a/demo-targets/dummy-ssh/tests/__snapshot__/dummy-ssh_test.yaml.snap b/demo-targets/dummy-ssh/tests/__snapshot__/dummy-ssh_test.yaml.snap index 8de190c81..c0756779d 100644 --- a/demo-targets/dummy-ssh/tests/__snapshot__/dummy-ssh_test.yaml.snap +++ b/demo-targets/dummy-ssh/tests/__snapshot__/dummy-ssh_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Demo SSH Server deployed. Note this should used for demo and test purposes. diff --git a/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap b/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap index 024edcd3d..94194b0c4 100644 --- a/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap +++ b/demo-targets/http-webhook/tests/__snapshot__/http-webhook_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | 1. Get the application URL by running these commands: 2: | apiVersion: apps/v1 diff --git a/demo-targets/juice-shop/tests/__snapshot__/juice-shop_test.yaml.snap b/demo-targets/juice-shop/tests/__snapshot__/juice-shop_test.yaml.snap index fd100f143..735e87c3f 100644 --- a/demo-targets/juice-shop/tests/__snapshot__/juice-shop_test.yaml.snap +++ b/demo-targets/juice-shop/tests/__snapshot__/juice-shop_test.yaml.snap @@ -1,12 +1,12 @@ matches the snapshot: 1: | - raw: |2 + raw: | 1. Get the application URL by running these commands: https://chart-example.localmap[path:/] 2: | apiVersion: v1 data: - customConfig.yml: |2 + customConfig.yml: | application: domain: juice-sh.op name: OWASP Juice Shop diff --git a/demo-targets/old-joomla/tests/__snapshot__/old-joomla_test.yaml.snap b/demo-targets/old-joomla/tests/__snapshot__/old-joomla_test.yaml.snap index a683a2885..5a8d342b2 100644 --- a/demo-targets/old-joomla/tests/__snapshot__/old-joomla_test.yaml.snap +++ b/demo-targets/old-joomla/tests/__snapshot__/old-joomla_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | 1. Get the application URL by running these commands: 2: | apiVersion: apps/v1 diff --git a/demo-targets/old-typo3/tests/__snapshot__/old-typo3_test.yaml.snap b/demo-targets/old-typo3/tests/__snapshot__/old-typo3_test.yaml.snap index 1afbb7465..2e066d095 100644 --- a/demo-targets/old-typo3/tests/__snapshot__/old-typo3_test.yaml.snap +++ b/demo-targets/old-typo3/tests/__snapshot__/old-typo3_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | 1. Get the application URL by running these commands: 2: | apiVersion: apps/v1 diff --git a/demo-targets/old-wordpress/tests/__snapshot__/old-wordpress_test.yaml.snap b/demo-targets/old-wordpress/tests/__snapshot__/old-wordpress_test.yaml.snap index 40ce2b37b..b7cc885ed 100644 --- a/demo-targets/old-wordpress/tests/__snapshot__/old-wordpress_test.yaml.snap +++ b/demo-targets/old-wordpress/tests/__snapshot__/old-wordpress_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Old Wordpress Instance deployed. Note this should used for demo and test purposes. diff --git a/demo-targets/swagger-petstore/tests/__snapshot__/swagger-petstore_test.yaml.snap b/demo-targets/swagger-petstore/tests/__snapshot__/swagger-petstore_test.yaml.snap index 4432cfedd..d9eda818f 100644 --- a/demo-targets/swagger-petstore/tests/__snapshot__/swagger-petstore_test.yaml.snap +++ b/demo-targets/swagger-petstore/tests/__snapshot__/swagger-petstore_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | 1. Get the application URL by running these commands: 2: | apiVersion: apps/v1 diff --git a/demo-targets/unsafe-https/tests/__snapshot__/unsafe-https_test.yaml.snap b/demo-targets/unsafe-https/tests/__snapshot__/unsafe-https_test.yaml.snap index 979ea466b..175e11372 100644 --- a/demo-targets/unsafe-https/tests/__snapshot__/unsafe-https_test.yaml.snap +++ b/demo-targets/unsafe-https/tests/__snapshot__/unsafe-https_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Demo Unsafe Https Server deployed. Note this should only be used for demo and test purposes. diff --git a/demo-targets/vulnerable-log4j/tests/__snapshot__/vulnerable-log4j_test.yaml.snap b/demo-targets/vulnerable-log4j/tests/__snapshot__/vulnerable-log4j_test.yaml.snap index 754289a78..9b15039fc 100644 --- a/demo-targets/vulnerable-log4j/tests/__snapshot__/vulnerable-log4j_test.yaml.snap +++ b/demo-targets/vulnerable-log4j/tests/__snapshot__/vulnerable-log4j_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Vulnerable log4j Instance deployed. Note this should used for demo and test purposes. diff --git a/hooks/cascading-scans/tests/__snapshot__/cascading-scans_test.yaml.snap b/hooks/cascading-scans/tests/__snapshot__/cascading-scans_test.yaml.snap index 59c149477..a91282dfb 100644 --- a/hooks/cascading-scans/tests/__snapshot__/cascading-scans_test.yaml.snap +++ b/hooks/cascading-scans/tests/__snapshot__/cascading-scans_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Cascading Scan Hook deployed. This will allow you to start Scans based on previous findings. diff --git a/hooks/finding-post-processing/tests/__snapshot__/finding-post-processing_test.yaml.snap b/hooks/finding-post-processing/tests/__snapshot__/finding-post-processing_test.yaml.snap index 6491d79a3..0d76f0284 100644 --- a/hooks/finding-post-processing/tests/__snapshot__/finding-post-processing_test.yaml.snap +++ b/hooks/finding-post-processing/tests/__snapshot__/finding-post-processing_test.yaml.snap @@ -1,7 +1,6 @@ matches the snapshot: 1: | - raw: |2 - + raw: | FindingPostProcessing Hook deployed. This will add postprocessing on every finding in this namespace matching these rules: [{"matches":[{"anyOf":[{"attributes":{"port":21,"state":"open"},"category":"Open Port"},{"attributes":{"port":389,"state":"open"},"category":"Open Port"}]}],"override":{"description":"Telnet is bad","severity":"high"}}]. 2: | diff --git a/hooks/generic-webhook/tests/__snapshot__/generic-webhook_test.yaml.snap b/hooks/generic-webhook/tests/__snapshot__/generic-webhook_test.yaml.snap index f6b7db66d..51b945b48 100644 --- a/hooks/generic-webhook/tests/__snapshot__/generic-webhook_test.yaml.snap +++ b/hooks/generic-webhook/tests/__snapshot__/generic-webhook_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | GenericWebhook deployed. Will send requests to: POST http://example.com diff --git a/hooks/notification/tests/__snapshot__/notification_test.yaml.snap b/hooks/notification/tests/__snapshot__/notification_test.yaml.snap index 4887549b2..8ff76dc93 100644 --- a/hooks/notification/tests/__snapshot__/notification_test.yaml.snap +++ b/hooks/notification/tests/__snapshot__/notification_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Notification hook deployed. Will send requests to: - slack: SOME_ENV_KEY @@ -11,7 +11,7 @@ matches the snapshot: 2: | apiVersion: v1 data: - notification-channel.yaml: |2 + notification-channel.yaml: | - endPoint: SOME_ENV_KEY name: slack rules: diff --git a/hooks/persistence-azure-monitor/tests/__snapshot__/persistence-azure-monitor_test.yaml.snap b/hooks/persistence-azure-monitor/tests/__snapshot__/persistence-azure-monitor_test.yaml.snap index 75aefdeb7..0194bfda5 100644 --- a/hooks/persistence-azure-monitor/tests/__snapshot__/persistence-azure-monitor_test.yaml.snap +++ b/hooks/persistence-azure-monitor/tests/__snapshot__/persistence-azure-monitor_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Azure Monitor PersistenceProvider deployed. 2: | apiVersion: execution.securecodebox.io/v1 diff --git a/hooks/persistence-defectdojo/tests/__snapshot__/persistence-defectdojo_test.yaml.snap b/hooks/persistence-defectdojo/tests/__snapshot__/persistence-defectdojo_test.yaml.snap index cdef1bfcc..92d3a37bc 100644 --- a/hooks/persistence-defectdojo/tests/__snapshot__/persistence-defectdojo_test.yaml.snap +++ b/hooks/persistence-defectdojo/tests/__snapshot__/persistence-defectdojo_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: "\nDefectDojo PersistenceProvider succesfully deployed \U0001F389.\n" + raw: "DefectDojo PersistenceProvider succesfully deployed \U0001F389.\n" 2: | apiVersion: execution.securecodebox.io/v1 kind: ScanCompletionHook diff --git a/hooks/persistence-elastic/tests/__snapshot__/persistence-elastic_test.yaml.snap b/hooks/persistence-elastic/tests/__snapshot__/persistence-elastic_test.yaml.snap index 8f851fd78..b4d93791b 100644 --- a/hooks/persistence-elastic/tests/__snapshot__/persistence-elastic_test.yaml.snap +++ b/hooks/persistence-elastic/tests/__snapshot__/persistence-elastic_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | Elastic Stack PersistenceProvider deployed. 2: | apiVersion: batch/v1 diff --git a/hooks/update-field-hook/tests/__snapshot__/update-field-hook_test.yaml.snap b/hooks/update-field-hook/tests/__snapshot__/update-field-hook_test.yaml.snap index 8c46f4d71..9aeee5375 100644 --- a/hooks/update-field-hook/tests/__snapshot__/update-field-hook_test.yaml.snap +++ b/hooks/update-field-hook/tests/__snapshot__/update-field-hook_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: |2 + raw: | UpdateField Hook deployed. This will add or override "category: my-own-category" on every finding in this namespace. 2: | diff --git a/operator/tests/__snapshot__/operator_test.yaml.snap b/operator/tests/__snapshot__/operator_test.yaml.snap index adb9dcda1..5a129a373 100644 --- a/operator/tests/__snapshot__/operator_test.yaml.snap +++ b/operator/tests/__snapshot__/operator_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: "\nsecureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" + raw: "secureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" 2: | apiVersion: v1 kind: Service @@ -134,6 +134,177 @@ matches the snapshot: name: foo name: ca-certificate 4: | + apiVersion: v1 + data: + root-password: dGVzdHBhc3N3b3Jk + root-user: dGVzdHVzZXI= + kind: Secret + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: operator-0.0.0 + name: RELEASE-NAME-operator-minio + namespace: NAMESPACE + type: Opaque + 5: | + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: operator-0.0.0 + name: RELEASE-NAME-operator-minio + namespace: NAMESPACE + spec: + ports: + - name: api + port: 9000 + protocol: TCP + targetPort: 9000 + - name: console + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: operator + type: ClusterIP + 6: | + apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: operator-0.0.0 + name: RELEASE-NAME-operator-minio + namespace: NAMESPACE + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: operator + serviceName: RELEASE-NAME-operator-minio + template: + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: operator + spec: + automountServiceAccountToken: false + containers: + - args: + - | + set -e + echo "Starting minio server..." + minio server /data --console-address ":9001" & + MINIO_PID=$! + + echo "Waiting for minio to be ready..." + sleep 5 + + echo "Creating bucket: $MINIO_DEFAULT_BUCKETS" + mc alias set myminio http://localhost:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD + mc mb myminio/$MINIO_DEFAULT_BUCKETS --ignore-existing || true + echo "Bucket creation completed" + + wait $MINIO_PID + command: + - /bin/bash + - -c + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + key: root-user + name: RELEASE-NAME-operator-minio + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root-password + name: RELEASE-NAME-operator-minio + - name: MINIO_DEFAULT_BUCKETS + value: securecodebox + image: docker.io/minio/minio:RELEASE.2025-07-23T15-54-02Z + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /minio/health/live + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: minio + ports: + - containerPort: 9000 + name: api + protocol: TCP + - containerPort: 9001 + name: console + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /minio/health/ready + port: api + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 500m + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + imagePullSecrets: + - name: foo + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + 7: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -157,7 +328,7 @@ matches the snapshot: - cascadingrules/status verbs: - get - 5: | + 8: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -177,7 +348,7 @@ matches the snapshot: - cascadingrules/status verbs: - get - 6: | + 9: | apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -214,7 +385,7 @@ matches the snapshot: verbs: - create - patch - 7: | + 10: | apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -227,7 +398,7 @@ matches the snapshot: - kind: ServiceAccount name: securecodebox-operator namespace: NAMESPACE - 8: | + 11: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -251,7 +422,7 @@ matches the snapshot: - parsedefinitions/status verbs: - get - 9: | + 12: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -271,7 +442,7 @@ matches the snapshot: - parsedefinitions/status verbs: - get - 10: | + 13: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -370,7 +541,7 @@ matches the snapshot: - list - update - watch - 11: | + 14: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -383,7 +554,7 @@ matches the snapshot: - kind: ServiceAccount name: securecodebox-operator namespace: NAMESPACE - 12: | + 15: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -407,7 +578,7 @@ matches the snapshot: - scans/status verbs: - get - 13: | + 16: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -427,7 +598,7 @@ matches the snapshot: - scans/status verbs: - get - 14: | + 17: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -451,7 +622,7 @@ matches the snapshot: - scancompletionhooks/status verbs: - get - 15: | + 18: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -471,7 +642,7 @@ matches the snapshot: - scancompletionhooks/status verbs: - get - 16: | + 19: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -495,7 +666,7 @@ matches the snapshot: - scantypes/status verbs: - get - 17: | + 20: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -515,57 +686,6 @@ matches the snapshot: - scantypes/status verbs: - get - 18: | - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: scheduledscan-editor-role - rules: - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans/status - verbs: - - get - 19: | - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: scheduledscan-viewer-role - rules: - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans - verbs: - - get - - list - - watch - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans/status - verbs: - - get - 20: | - apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: {} - labels: {} - name: securecodebox-operator 21: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -619,7 +739,7 @@ matches the snapshot: name: securecodebox-operator properly-renders-the-service-monitor-when-enabled: 1: | - raw: "\nsecureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" + raw: "secureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" 2: | apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -766,6 +886,177 @@ properly-renders-the-service-monitor-when-enabled: name: foo name: ca-certificate 5: | + apiVersion: v1 + data: + root-password: dGVzdHBhc3N3b3Jk + root-user: dGVzdHVzZXI= + kind: Secret + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: operator-0.0.0 + name: RELEASE-NAME-operator-minio + namespace: NAMESPACE + type: Opaque + 6: | + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: operator-0.0.0 + name: RELEASE-NAME-operator-minio + namespace: NAMESPACE + spec: + ports: + - name: api + port: 9000 + protocol: TCP + targetPort: 9000 + - name: console + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: operator + type: ClusterIP + 7: | + apiVersion: apps/v1 + kind: StatefulSet + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 0.0.0 + helm.sh/chart: operator-0.0.0 + name: RELEASE-NAME-operator-minio + namespace: NAMESPACE + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: operator + serviceName: RELEASE-NAME-operator-minio + template: + metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: operator + spec: + automountServiceAccountToken: false + containers: + - args: + - | + set -e + echo "Starting minio server..." + minio server /data --console-address ":9001" & + MINIO_PID=$! + + echo "Waiting for minio to be ready..." + sleep 5 + + echo "Creating bucket: $MINIO_DEFAULT_BUCKETS" + mc alias set myminio http://localhost:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD + mc mb myminio/$MINIO_DEFAULT_BUCKETS --ignore-existing || true + echo "Bucket creation completed" + + wait $MINIO_PID + command: + - /bin/bash + - -c + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + key: root-user + name: RELEASE-NAME-operator-minio + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: root-password + name: RELEASE-NAME-operator-minio + - name: MINIO_DEFAULT_BUCKETS + value: securecodebox + image: docker.io/minio/minio:RELEASE.2025-07-23T15-54-02Z + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /minio/health/live + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 10 + name: minio + ports: + - containerPort: 9000 + name: api + protocol: TCP + - containerPort: 9001 + name: console + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /minio/health/ready + port: api + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 500m + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + imagePullSecrets: + - name: foo + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + 8: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -789,7 +1080,7 @@ properly-renders-the-service-monitor-when-enabled: - cascadingrules/status verbs: - get - 6: | + 9: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -809,7 +1100,7 @@ properly-renders-the-service-monitor-when-enabled: - cascadingrules/status verbs: - get - 7: | + 10: | apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -846,7 +1137,7 @@ properly-renders-the-service-monitor-when-enabled: verbs: - create - patch - 8: | + 11: | apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -859,7 +1150,7 @@ properly-renders-the-service-monitor-when-enabled: - kind: ServiceAccount name: securecodebox-operator namespace: NAMESPACE - 9: | + 12: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -883,7 +1174,7 @@ properly-renders-the-service-monitor-when-enabled: - parsedefinitions/status verbs: - get - 10: | + 13: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -903,7 +1194,7 @@ properly-renders-the-service-monitor-when-enabled: - parsedefinitions/status verbs: - get - 11: | + 14: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1002,7 +1293,7 @@ properly-renders-the-service-monitor-when-enabled: - list - update - watch - 12: | + 15: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -1015,7 +1306,7 @@ properly-renders-the-service-monitor-when-enabled: - kind: ServiceAccount name: securecodebox-operator namespace: NAMESPACE - 13: | + 16: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1039,7 +1330,7 @@ properly-renders-the-service-monitor-when-enabled: - scans/status verbs: - get - 14: | + 17: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1059,7 +1350,7 @@ properly-renders-the-service-monitor-when-enabled: - scans/status verbs: - get - 15: | + 18: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1083,7 +1374,7 @@ properly-renders-the-service-monitor-when-enabled: - scancompletionhooks/status verbs: - get - 16: | + 19: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1103,7 +1394,7 @@ properly-renders-the-service-monitor-when-enabled: - scancompletionhooks/status verbs: - get - 17: | + 20: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1127,7 +1418,7 @@ properly-renders-the-service-monitor-when-enabled: - scantypes/status verbs: - get - 18: | + 21: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -1147,57 +1438,6 @@ properly-renders-the-service-monitor-when-enabled: - scantypes/status verbs: - get - 19: | - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: scheduledscan-editor-role - rules: - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans/status - verbs: - - get - 20: | - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: scheduledscan-viewer-role - rules: - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans - verbs: - - get - - list - - watch - - apiGroups: - - execution.securecodebox.io - resources: - - scheduledscans/status - verbs: - - get - 21: | - apiVersion: v1 - kind: ServiceAccount - metadata: - annotations: {} - labels: {} - name: securecodebox-operator 22: | apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/scanners/semgrep/tests/__snapshot__/scanner_test.yaml.snap b/scanners/semgrep/tests/__snapshot__/scanner_test.yaml.snap index ba0ebb78e..965e55273 100644 --- a/scanners/semgrep/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/semgrep/tests/__snapshot__/scanner_test.yaml.snap @@ -10,7 +10,7 @@ matches the snapshot: env: - name: foo value: bar - image: securecodebox/parser-semgrep:0.0.0 + image: docker.io/securecodebox/parser-semgrep:0.0.0 imagePullPolicy: IfNotPresent imagePullSecrets: - name: foo diff --git a/scanners/ssh-audit/tests/__snapshot__/scanner_test.yaml.snap b/scanners/ssh-audit/tests/__snapshot__/scanner_test.yaml.snap index d018204b5..6b282b25a 100644 --- a/scanners/ssh-audit/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/ssh-audit/tests/__snapshot__/scanner_test.yaml.snap @@ -49,6 +49,8 @@ matches the snapshot: suspend: false template: spec: + affinity: + foo: bar containers: - command: - sh @@ -71,5 +73,11 @@ matches the snapshot: volumeMounts: [] - image: bar name: foo - restartPolicy: Never + imagePullSecrets: + - name: foo + restartPolicy: OnFailure + securityContext: + fsGroup: 1234 + tolerations: + - foo: bar volumes: [] diff --git a/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap b/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap index 0b40b866d..ce04f6b6d 100644 --- a/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap @@ -97,7 +97,7 @@ matches the snapshot: 4: | apiVersion: v1 data: - zap-entrypoint.bash: |2 + zap-entrypoint.bash: | # ensures that zap still exits with a exit code of zero when the scan logged warnings: see https://www.zaproxy.org/docs/automate/automation-framework/ ./zap.sh -cmd $@ || [ $? -ne 1 ] kind: ConfigMap From d9311120110f9dd8d96018df94de58b712a6ef23 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Fri, 28 Nov 2025 15:23:28 +0100 Subject: [PATCH 13/37] Add fixed credentials to prevent breaking snapshot tests by random credential generation Signed-off-by: Samreet Singh --- operator/tests/operator_test.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/operator/tests/operator_test.yaml b/operator/tests/operator_test.yaml index f27d9347b..6c8dbc638 100644 --- a/operator/tests/operator_test.yaml +++ b/operator/tests/operator_test.yaml @@ -18,6 +18,11 @@ tests: customCACertificate.existingCertificate: foo serviceaccount: {create: true, annotations: {foo: bar}, name: foo} podSecurityContext: {fsGroup: 1234} + minio: + enabled: true + auth: + rootUser: testuser + rootPassword: testpassword asserts: - matchSnapshot: {} - it: properly-renders-the-service-monitor-when-enabled @@ -32,6 +37,11 @@ tests: metrics: serviceMonitor: enabled: true + minio: + enabled: true + auth: + rootUser: testuser + rootPassword: testpassword asserts: - matchSnapshot: {} - it: renders minio resources when minio is enabled From e9d5a25f77bc580953bca21629329fba895c0e6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 09:55:22 +0000 Subject: [PATCH 14/37] Bump @types/react in /documentation in the npm-version-updates group Bumps the npm-version-updates group in /documentation with 1 update: [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react). Updates `@types/react` from 19.2.6 to 19.2.7 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 38 ++++++++++++++++++++++++++++----- documentation/package.json | 2 +- 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index b83e22702..40411ef61 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -31,7 +31,7 @@ "@docusaurus/tsconfig": "^3.9.2", "@docusaurus/types": "^3.6.0", "@types/node": "^24.10.1", - "@types/react": "^19.2.6", + "@types/react": "^19.2.7", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", "sass-loader": "^16.0.6", @@ -247,6 +247,7 @@ "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.40.1.tgz", "integrity": "sha512-Mw6pAUF121MfngQtcUb5quZVqMC68pSYYjCRZkSITC085S3zdk+h/g7i6FxnVdbSU6OztxikSDMh1r7Z+4iPlA==", "license": "MIT", + "peer": true, "dependencies": { "@algolia/client-common": "5.40.1", "@algolia/requester-browser-xhr": "5.40.1", @@ -385,6 +386,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.0.tgz", "integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==", "license": "MIT", + "peer": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.26.0", @@ -2189,6 +2191,7 @@ } ], "license": "MIT", + "peer": true, "engines": { "node": ">=18" }, @@ -2211,6 +2214,7 @@ } ], "license": "MIT", + "peer": true, "engines": { "node": ">=18" } @@ -2320,6 +2324,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -2741,6 +2746,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -3422,6 +3428,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.9.2.tgz", "integrity": "sha512-HbjwKeC+pHUFBfLMNzuSjqFE/58+rLVKmOU3lxQrpsxLBOGosYco/Q0GduBb0/jEMRiyEqjNT/01rRdOMWq5pw==", "license": "MIT", + "peer": true, "dependencies": { "@docusaurus/babel": "3.9.2", "@docusaurus/bundler": "3.9.2", @@ -3603,6 +3610,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.9.2.tgz", "integrity": "sha512-C5wZsGuKTY8jEYsqdxhhFOe1ZDjH0uIYJ9T/jebHwkyxqnr4wW0jTkB72OMqNjsoQRcb0JN3PcSeTwFlVgzCZg==", "license": "MIT", + "peer": true, "dependencies": { "@docusaurus/core": "3.9.2", "@docusaurus/logger": "3.9.2", @@ -4389,6 +4397,7 @@ "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.1.tgz", "integrity": "sha512-f++rKLQgUVYDAtECQ6fn/is15GkEH9+nZPM3MS0RcxVqoTfawHvDlSCH7JbMhAM6uJ32v3eXLvLmLvjGu7PTQw==", "license": "MIT", + "peer": true, "dependencies": { "@types/mdx": "^2.0.0" }, @@ -5117,6 +5126,7 @@ "resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz", "integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/core": "^7.21.3", "@svgr/babel-preset": "8.1.0", @@ -5490,10 +5500,11 @@ "license": "MIT" }, "node_modules/@types/react": { - "version": "19.2.6", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.6.tgz", - "integrity": "sha512-p/jUvulfgU7oKtj6Xpk8cA2Y1xKTtICGpJYeJXz2YVO2UcvjQgeRMLDGfDeqeRW2Ta+0QNFwcc8X3GH8SxZz6w==", + "version": "19.2.7", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.7.tgz", + "integrity": "sha512-MWtvHrGZLFttgeEj28VXHxpmwYbor/ATPYbBfSFZEIRK0ecCFLl2Qo55z52Hss+UV9CRN7trSeq1zbgx7YDWWg==", "license": "MIT", + "peer": true, "dependencies": { "csstype": "^3.2.2" } @@ -5845,6 +5856,7 @@ "version": "6.4.2", "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.4.2.tgz", "integrity": "sha512-XtGIhXwF8YM8bJhGxG5kXgjkEuNGLTkoYqVE+KMR+aspr4KGYmKYg7yUe3KghyQ9yheNwLnjmzh/7+gfDBmHCQ==", + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -5945,6 +5957,7 @@ "version": "6.12.6", "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -6008,6 +6021,7 @@ "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.40.1.tgz", "integrity": "sha512-iUNxcXUNg9085TJx0HJLjqtDE0r1RZ0GOGrt8KNQqQT5ugu8lZsHuMUYW/e0lHhq6xBvmktU9Bw4CXP9VQeKrg==", "license": "MIT", + "peer": true, "dependencies": { "@algolia/abtesting": "1.6.1", "@algolia/client-abtesting": "5.40.1", @@ -6489,6 +6503,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.3", "caniuse-lite": "^1.0.30001741", @@ -7432,6 +7447,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -14268,6 +14284,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -15171,6 +15188,7 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", + "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -15938,6 +15956,7 @@ "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz", "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==", "license": "MIT", + "peer": true, "engines": { "node": ">=0.10.0" } @@ -15947,6 +15966,7 @@ "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz", "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==", "license": "MIT", + "peer": true, "dependencies": { "scheduler": "^0.27.0" }, @@ -16017,6 +16037,7 @@ "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz", "integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==", "license": "MIT", + "peer": true, "dependencies": { "@types/react": "*" }, @@ -16043,6 +16064,7 @@ "version": "5.3.4", "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", + "peer": true, "dependencies": { "@babel/runtime": "^7.12.13", "history": "^4.9.0", @@ -16905,6 +16927,7 @@ "resolved": "https://registry.npmjs.org/sass/-/sass-1.94.2.tgz", "integrity": "sha512-N+7WK20/wOr7CzA2snJcUSSNTCzeCGUTFY3OgeQP3mZ1aj9NMQ0mSTXwlrnd89j33zzQJGqIN52GIOmYrfq46A==", "license": "MIT", + "peer": true, "dependencies": { "chokidar": "^4.0.0", "immutable": "^5.0.2", @@ -17028,6 +17051,7 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", "license": "MIT", + "peer": true, "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -18312,7 +18336,8 @@ "node_modules/tslib": { "version": "2.8.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", - "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==" + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "peer": true }, "node_modules/type-fest": { "version": "2.19.0", @@ -18373,6 +18398,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "devOptional": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -18921,6 +18947,7 @@ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.96.1.tgz", "integrity": "sha512-l2LlBSvVZGhL4ZrPwyr8+37AunkcYj5qh8o6u2/2rzoPc8gxFJkLj1WxNgooi9pnoc06jh0BjuXnamM4qlujZA==", "license": "MIT", + "peer": true, "dependencies": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.6", @@ -19623,6 +19650,7 @@ "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.12.tgz", "integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==", "license": "MIT", + "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } diff --git a/documentation/package.json b/documentation/package.json index d813ae65b..12064386f 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -53,7 +53,7 @@ "@docusaurus/tsconfig": "^3.9.2", "@docusaurus/types": "^3.6.0", "@types/node": "^24.10.1", - "@types/react": "^19.2.6", + "@types/react": "^19.2.7", "@types/react-helmet": "^6.1.11", "@types/react-router-dom": "^5.1.8", "sass-loader": "^16.0.6", From ce61700f31e37bac915375fe3ee9fbc2d4ca3c0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 11:49:37 +0000 Subject: [PATCH 15/37] Bump the github-actions-version-updates group across 1 directory with 4 updates Bumps the github-actions-version-updates group with 4 updates in the /.github/workflows directory: [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter), [github/codeql-action](https://github.com/github/codeql-action), [docker/metadata-action](https://github.com/docker/metadata-action) and [mikefarah/yq](https://github.com/mikefarah/yq). Updates `oxsecurity/megalinter` from 9.1.0 to 9.2.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/62c799d895af9bcbca5eacfebca29d527f125a57...55a59b24a441e0e1943080d4a512d827710d4a9d) Updates `github/codeql-action` from 4.31.5 to 4.31.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...fe4161a26a8629af62121b670040955b330f9af2) Updates `docker/metadata-action` from 5.9.0 to 5.10.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/318604b99e75e41977312d83839a89be02ca4893...c299e40c65443455700f0fdfc63efafe5b349051) Updates `mikefarah/yq` from 4.49.1 to 4.49.2 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/45be35c06387d692bb6bf689919919e0e32e796f...7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd) --- updated-dependencies: - dependency-name: oxsecurity/megalinter dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-version-updates - dependency-name: github/codeql-action dependency-version: 4.31.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates - dependency-name: docker/metadata-action dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-version-updates - dependency-name: mikefarah/yq dependency-version: 4.49.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/mega-linter.yml | 2 +- .github/workflows/oss-scorecard.yaml | 2 +- .github/workflows/release-build.yaml | 26 +++++++++++++------------- .github/workflows/scb-bot.yaml | 6 +++--- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index e425411df..88214b346 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -46,7 +46,7 @@ jobs: id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.github.io/flavors/ - uses: oxsecurity/megalinter@62c799d895af9bcbca5eacfebca29d527f125a57 # v9.1.0 + uses: oxsecurity/megalinter@55a59b24a441e0e1943080d4a512d827710d4a9d # v9.2.0 env: # All available variables are described in documentation # https://megalinter.github.io/configuration/ diff --git a/.github/workflows/oss-scorecard.yaml b/.github/workflows/oss-scorecard.yaml index 81ca97672..cf9e31352 100644 --- a/.github/workflows/oss-scorecard.yaml +++ b/.github/workflows/oss-scorecard.yaml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: sarif_file: results.sarif diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index 1c4de9ab7..e52ba3d2f 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -35,7 +35,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/${{ matrix.component }} tags: | @@ -82,7 +82,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/auto-discovery-kubernetes tags: | @@ -129,7 +129,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/auto-discovery-pull-secret-extractor tags: | @@ -182,7 +182,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/${{ matrix.sdk }}-nodejs tags: | @@ -235,7 +235,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/hook-${{ matrix.hook }} tags: | @@ -289,7 +289,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/persistence-elastic-dashboard-importer tags: | @@ -351,7 +351,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/parser-${{ matrix.parser }} tags: | @@ -425,7 +425,7 @@ jobs: uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set ENV Var with Scanner Version - uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 + uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 # Notice: The current version of the scanner is provided via the Chart.yaml to ensure # there is only one place to edit the version of a scanner with: @@ -433,13 +433,13 @@ jobs: # extract the supported cpu architectures from the Chart.yaml - name: Set ENV Var with Supported Platforms - uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 + uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 with: cmd: echo supportedPlatforms=$(yq e .annotations.supported-platforms scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} tags: | @@ -496,7 +496,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} tags: | @@ -555,7 +555,7 @@ jobs: uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set ENV Var with Demo-Target Version - uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 + uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 # Notice: The current version of the demo-target is provided via the Chart.yaml to ensure # there is only one place to edit the version of a scanner with: @@ -563,7 +563,7 @@ jobs: - name: Docker Meta id: docker_meta - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.DOCKER_NAMESPACE }}/demo-target-${{ matrix.target }} tags: | diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index 99f070e4e..47bbfc0fd 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -61,14 +61,14 @@ jobs: # Fetching scanner version from local chart .appVersion attribute # this would look like 1.1.1 or v1.1.1 depending on the corresponding Docker image tag - name: Fetch local scanner version - uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 + uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 with: cmd: echo local=$(yq e .appVersion scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV # Fetching scanner version API from local chart .annotations.versionApi attribute # This would look like https://api.github.com/repos/projectdiscovery/nuclei/releases/latest - name: Fetch scanner's version API - uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 + uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 with: cmd: echo versionApi=$(yq e .annotations.versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV @@ -143,7 +143,7 @@ jobs: - name: Upgrade Scanner Helm Chart if: ${{ env.release != env.local && env.prExists == 0 && env.release != null}} - uses: mikefarah/yq@45be35c06387d692bb6bf689919919e0e32e796f # v4.49.1 + uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 with: # appVersion value in chart is replaced with release value. Empty lines are deleted in the process cmd: yq e --inplace '.appVersion = "${{env.release}}"' ./scanners/${{ matrix.scanner }}/Chart.yaml From ff324a2ac95a68d2c84912759ae4af922df6b4a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 04:09:16 +0000 Subject: [PATCH 16/37] Bump nodemailer from 7.0.7 to 7.0.11 in /hooks/notification/hook Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 7.0.7 to 7.0.11. - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodemailer/nodemailer/compare/v7.0.7...v7.0.11) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 7.0.11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- hooks/notification/hook/package-lock.json | 14 +++++++------- hooks/notification/hook/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hooks/notification/hook/package-lock.json b/hooks/notification/hook/package-lock.json index bb6bc147a..f41944635 100644 --- a/hooks/notification/hook/package-lock.json +++ b/hooks/notification/hook/package-lock.json @@ -12,7 +12,7 @@ "@types/js-yaml": "^4.0.2", "js-yaml": "^4.1.1", "lodash-es": "^4.17.21", - "nodemailer": "^7.0.7", + "nodemailer": "^7.0.11", "nunjucks": "^3.2.4" }, "devDependencies": { @@ -1706,9 +1706,9 @@ } }, "node_modules/nodemailer": { - "version": "7.0.7", - "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.7.tgz", - "integrity": "sha512-jGOaRznodf62TVzdyhKt/f1Q/c3kYynk8629sgJHpRzGZj01ezbgMMWJSAjHADcwTKxco3B68/R+KHJY2T5BaA==", + "version": "7.0.11", + "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.11.tgz", + "integrity": "sha512-gnXhNRE0FNhD7wPSCGhdNh46Hs6nm+uTyg+Kq0cZukNQiYdnCsoQjodNP9BQVG9XrcK/v6/MgpAPBUFyzh9pvw==", "engines": { "node": ">=6.0.0" } @@ -3094,9 +3094,9 @@ } }, "nodemailer": { - "version": "7.0.7", - "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.7.tgz", - "integrity": "sha512-jGOaRznodf62TVzdyhKt/f1Q/c3kYynk8629sgJHpRzGZj01ezbgMMWJSAjHADcwTKxco3B68/R+KHJY2T5BaA==" + "version": "7.0.11", + "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.11.tgz", + "integrity": "sha512-gnXhNRE0FNhD7wPSCGhdNh46Hs6nm+uTyg+Kq0cZukNQiYdnCsoQjodNP9BQVG9XrcK/v6/MgpAPBUFyzh9pvw==" }, "nunjucks": { "version": "3.2.4", diff --git a/hooks/notification/hook/package.json b/hooks/notification/hook/package.json index 80601ba91..ff8998029 100644 --- a/hooks/notification/hook/package.json +++ b/hooks/notification/hook/package.json @@ -37,7 +37,7 @@ "@types/js-yaml": "^4.0.2", "js-yaml": "^4.1.1", "lodash-es": "^4.17.21", - "nodemailer": "^7.0.7", + "nodemailer": "^7.0.11", "nunjucks": "^3.2.4" } } From 679843065d25a33e862d716c3fa0d5aa43959d36 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 21:51:16 +0000 Subject: [PATCH 17/37] Update golang Docker tag to v1.25.5 --- auto-discovery/cloud-aws/Dockerfile | 2 +- auto-discovery/kubernetes/Dockerfile | 2 +- auto-discovery/kubernetes/pull-secret-extractor/Dockerfile | 2 +- lurker/Dockerfile | 2 +- operator/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/auto-discovery/cloud-aws/Dockerfile b/auto-discovery/cloud-aws/Dockerfile index 4daf5d24f..5a6264fac 100644 --- a/auto-discovery/cloud-aws/Dockerfile +++ b/auto-discovery/cloud-aws/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the service binary -FROM --platform=$BUILDPLATFORM golang:1.25.4 AS builder +FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/auto-discovery/kubernetes/Dockerfile b/auto-discovery/kubernetes/Dockerfile index a570a4711..535b1188c 100644 --- a/auto-discovery/kubernetes/Dockerfile +++ b/auto-discovery/kubernetes/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the manager binary -FROM --platform=$BUILDPLATFORM golang:1.25.4 AS builder +FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile index 0984e12ae..b34b6ad81 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile +++ b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the pull-secret-extractor binary -FROM --platform=$BUILDPLATFORM golang:1.25.4 AS builder +FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/lurker/Dockerfile b/lurker/Dockerfile index 631dba6b5..5f655da42 100644 --- a/lurker/Dockerfile +++ b/lurker/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the manager binary -FROM --platform=$BUILDPLATFORM golang:1.25.4 AS builder +FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/operator/Dockerfile b/operator/Dockerfile index e059aeb0d..3545a7948 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -3,7 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 # Build the manager binary -FROM --platform=$BUILDPLATFORM golang:1.25.4 AS builder +FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder WORKDIR /workspace # Copy the Go Modules manifests From 7d55a5f7bb2bf2a6dff1646154d82fe7508d5537 Mon Sep 17 00:00:00 2001 From: yyvf Date: Sun, 26 Oct 2025 16:11:43 -0300 Subject: [PATCH 18/37] Fix secret name in helm template Signed-off-by: yyvf --- operator/templates/manager/manager.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index c9ef6de29..a0ea08895 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -71,12 +71,12 @@ spec: - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: - name: "{{ .Release.Name }}-minio" + name: {{ .Values.minio.auth.existingSecret | default (printf "%s-minio" (include "operator.fullname" .)) }} key: root-user - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: - name: "{{ .Release.Name }}-minio" + name: {{ .Values.minio.auth.existingSecret | default (printf "%s-minio" (include "operator.fullname" .)) }} key: root-password - name: S3_BUCKET value: {{ .Values.minio.defaultBuckets }} From 72ef9afac3862f963be13bb769b178e159042b24 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 3 Dec 2025 10:42:03 +0100 Subject: [PATCH 19/37] Update operator helm snapshots Signed-off-by: Jannik Hollenbach --- operator/tests/__snapshot__/operator_test.yaml.snap | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/operator/tests/__snapshot__/operator_test.yaml.snap b/operator/tests/__snapshot__/operator_test.yaml.snap index 5a129a373..e9273fc32 100644 --- a/operator/tests/__snapshot__/operator_test.yaml.snap +++ b/operator/tests/__snapshot__/operator_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: "secureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" + raw: "\nsecureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" 2: | apiVersion: v1 kind: Service @@ -56,12 +56,12 @@ matches the snapshot: valueFrom: secretKeyRef: key: root-user - name: RELEASE-NAME-minio + name: RELEASE-NAME-operator-minio - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: key: root-password - name: RELEASE-NAME-minio + name: RELEASE-NAME-operator-minio - name: S3_BUCKET value: securecodebox - name: LURKER_IMAGE @@ -739,7 +739,7 @@ matches the snapshot: name: securecodebox-operator properly-renders-the-service-monitor-when-enabled: 1: | - raw: "secureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" + raw: "\nsecureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" 2: | apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -808,12 +808,12 @@ properly-renders-the-service-monitor-when-enabled: valueFrom: secretKeyRef: key: root-user - name: RELEASE-NAME-minio + name: RELEASE-NAME-operator-minio - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: key: root-password - name: RELEASE-NAME-minio + name: RELEASE-NAME-operator-minio - name: S3_BUCKET value: securecodebox - name: LURKER_IMAGE From 60ff0601dcb769f102cd22309e2feb390d26d898 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 3 Dec 2025 10:55:42 +0100 Subject: [PATCH 20/37] Properly update snapshots with helm unittest v1.0.3 Signed-off-by: Jannik Hollenbach --- operator/tests/__snapshot__/operator_test.yaml.snap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/tests/__snapshot__/operator_test.yaml.snap b/operator/tests/__snapshot__/operator_test.yaml.snap index e9273fc32..0df925307 100644 --- a/operator/tests/__snapshot__/operator_test.yaml.snap +++ b/operator/tests/__snapshot__/operator_test.yaml.snap @@ -1,6 +1,6 @@ matches the snapshot: 1: | - raw: "\nsecureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" + raw: "secureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" 2: | apiVersion: v1 kind: Service @@ -739,7 +739,7 @@ matches the snapshot: name: securecodebox-operator properly-renders-the-service-monitor-when-enabled: 1: | - raw: "\nsecureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" + raw: "secureCodeBox Operator Deployed \U0001F680\n\nThe operator can orchestrate the execution of various security scanning tools inside of your cluster.\nYou can find a list of all officially supported scanners here: https://www.securecodebox.io/\nThe website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch.\n\nThe operator send out regular telemetry pings to a central service.\nThis lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used.\nThe submitted data is chosen to be as anonymous as possible.\nYou can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/docs/telemetry\nThe first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`.\n" 2: | apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor From ee6d47531a1cf5054dbc498763184b3c40b71aeb Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 4 Dec 2025 09:24:29 +0000 Subject: [PATCH 21/37] Upgrading trivy from 0.67.2 to 0.68.1 Signed-off-by: secureCodeBoxBot --- scanners/trivy/Chart.yaml | 2 +- scanners/trivy/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index 33307718c..1c47a78cf 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.67.2" +appVersion: "0.68.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index ab963f7c7..753741e86 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -3,7 +3,7 @@ title: "Trivy" category: "scanner" type: "Container" state: "released" -appVersion: "0.67.2" +appVersion: "0.68.1" usecase: "Container Vulnerability Scanner" --- From d00f92981a289aebf3274336512f0539f4da2e39 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Thu, 4 Dec 2025 09:24:30 +0000 Subject: [PATCH 22/37] Upgrading trivy-sbom from 0.67.2 to 0.68.1 Signed-off-by: secureCodeBoxBot --- scanners/trivy-sbom/Chart.yaml | 2 +- scanners/trivy-sbom/README.md | 2 +- scanners/trivy-sbom/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/trivy-sbom/Chart.yaml b/scanners/trivy-sbom/Chart.yaml index cfd700315..e24aec095 100644 --- a/scanners/trivy-sbom/Chart.yaml +++ b/scanners/trivy-sbom/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy-sbom security scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.67.2" +appVersion: "0.68.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy-sbom/README.md b/scanners/trivy-sbom/README.md index ddff6b43d..1f165b73b 100644 --- a/scanners/trivy-sbom/README.md +++ b/scanners/trivy-sbom/README.md @@ -3,7 +3,7 @@ title: "Trivy SBOM" category: "scanner" type: "Container" state: "released" -appVersion: "0.67.2" +appVersion: "0.68.1" usecase: "Container Dependency Scanner" --- diff --git a/scanners/trivy-sbom/docs/README.DockerHub-Parser.md b/scanners/trivy-sbom/docs/README.DockerHub-Parser.md index 02c6e2b93..6f82b20ce 100644 --- a/scanners/trivy-sbom/docs/README.DockerHub-Parser.md +++ b/scanners/trivy-sbom/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `0.67.2` +- tagged releases, e.g. `0.68.1` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/trivy-sbom. From 647b2ea7df5e1097f5d00207d565996b763dc1f8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 22:05:25 +0000 Subject: [PATCH 23/37] Update alpine Docker tag to v3.23 --- hooks/persistence-elastic/dashboard-importer/Dockerfile | 2 +- scanners/nikto/scanner/Dockerfile | 4 ++-- scanners/nmap/scanner/Dockerfile | 2 +- scanners/test-scan/scanner/Dockerfile | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hooks/persistence-elastic/dashboard-importer/Dockerfile b/hooks/persistence-elastic/dashboard-importer/Dockerfile index b809bbd02..e7b55f396 100644 --- a/hooks/persistence-elastic/dashboard-importer/Dockerfile +++ b/hooks/persistence-elastic/dashboard-importer/Dockerfile @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.22 +FROM alpine:3.23 RUN apk add --no-cache curl bash diff --git a/scanners/nikto/scanner/Dockerfile b/scanners/nikto/scanner/Dockerfile index f49753c78..4618f0cfd 100644 --- a/scanners/nikto/scanner/Dockerfile +++ b/scanners/nikto/scanner/Dockerfile @@ -2,12 +2,12 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.22 AS build +FROM alpine:3.23 AS build ARG scannerVersion RUN apk add git RUN git clone --depth 1 https://github.com/sullo/nikto.git /nikto -FROM alpine:3.22 +FROM alpine:3.23 ENV PATH=${PATH}:/nikto diff --git a/scanners/nmap/scanner/Dockerfile b/scanners/nmap/scanner/Dockerfile index 412cbbb33..7ed1f3865 100644 --- a/scanners/nmap/scanner/Dockerfile +++ b/scanners/nmap/scanner/Dockerfile @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.22 +FROM alpine:3.23 ARG scannerVersion RUN apk add --no-cache nmap=$scannerVersion nmap-scripts=$scannerVersion RUN addgroup --system --gid 1001 nmap && adduser nmap --system --uid 1001 --ingroup nmap diff --git a/scanners/test-scan/scanner/Dockerfile b/scanners/test-scan/scanner/Dockerfile index 95da799e0..36572dc1b 100644 --- a/scanners/test-scan/scanner/Dockerfile +++ b/scanners/test-scan/scanner/Dockerfile @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.22 +FROM alpine:3.23 RUN addgroup --system --gid 1001 test && adduser test --system --uid 1001 --ingroup test WORKDIR /home/securecodebox/ USER 1001 From 3252226f3ba0d4d3586af2e79074bde1d792a69b Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Fri, 5 Dec 2025 09:24:05 +0000 Subject: [PATCH 24/37] Upgrading nuclei from v3.5.1 to v3.6.0 Signed-off-by: secureCodeBoxBot --- scanners/nuclei/Chart.yaml | 2 +- scanners/nuclei/README.md | 2 +- scanners/nuclei/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/nuclei/Chart.yaml b/scanners/nuclei/Chart.yaml index 9afaa0827..e17c1b484 100644 --- a/scanners/nuclei/Chart.yaml +++ b/scanners/nuclei/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the nuclei security scanner that integrates with t type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v3.5.1" +appVersion: "v3.6.0" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/projectdiscovery/nuclei/releases/latest diff --git a/scanners/nuclei/README.md b/scanners/nuclei/README.md index 8d2847c06..379f23972 100644 --- a/scanners/nuclei/README.md +++ b/scanners/nuclei/README.md @@ -3,7 +3,7 @@ title: "Nuclei" category: "scanner" type: "Website" state: "released" -appVersion: "v3.5.1" +appVersion: "v3.6.0" usecase: "Nuclei is a fast, template based vulnerability scanner." --- diff --git a/scanners/nuclei/docs/README.DockerHub-Parser.md b/scanners/nuclei/docs/README.DockerHub-Parser.md index bd1a96fb2..d9b85d29a 100644 --- a/scanners/nuclei/docs/README.DockerHub-Parser.md +++ b/scanners/nuclei/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `v3.5.1` +- tagged releases, e.g. `v3.6.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/nuclei. From 664446b98def4ac6e79e4831dbdab9992799e872 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Fri, 5 Dec 2025 09:24:03 +0000 Subject: [PATCH 25/37] Upgrading semgrep from 1.144.0 to 1.145.0 Signed-off-by: secureCodeBoxBot --- scanners/semgrep/Chart.yaml | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index 6f4d64480..f748c6534 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -22,7 +22,7 @@ version: "v3.1.0-alpha1" # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.144.0" +appVersion: "1.145.0" annotations: versionApi: https://api.github.com/repos/semgrep/semgrep/releases/latest supported-platforms: linux/amd64,linux/arm64 diff --git a/scanners/semgrep/README.md b/scanners/semgrep/README.md index dbb6b9776..f7c2636a9 100644 --- a/scanners/semgrep/README.md +++ b/scanners/semgrep/README.md @@ -3,7 +3,7 @@ title: "Semgrep" category: "scanner" type: "Repository" state: "released" -appVersion: "1.144.0" +appVersion: "1.145.0" usecase: "Static Code Analysis" --- diff --git a/scanners/semgrep/docs/README.DockerHub-Parser.md b/scanners/semgrep/docs/README.DockerHub-Parser.md index ba81da041..6e2f0d2b5 100644 --- a/scanners/semgrep/docs/README.DockerHub-Parser.md +++ b/scanners/semgrep/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `1.144.0` +- tagged releases, e.g. `1.145.0` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/semgrep. From ffc4698390030f3c604f140bc23a0d68dc3ca0e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 10:01:12 +0000 Subject: [PATCH 26/37] Bump node-forge Bumps the npm-security-updates group with 1 update in the /documentation directory: [node-forge](https://github.com/digitalbazaar/forge). Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm-security-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 40411ef61..b22f91c56 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -13668,9 +13668,9 @@ } }, "node_modules/node-forge": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz", + "integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==", "license": "(BSD-3-Clause OR GPL-2.0)", "engines": { "node": ">= 6.13.0" From 3105b86b6476cee32ea4d69f330e19bcb4a74c2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Dec 2025 22:00:10 +0000 Subject: [PATCH 27/37] Bump mdast-util-to-hast Bumps the npm-security-updates group with 1 update in the /documentation directory: [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast). Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1 - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1) --- updated-dependencies: - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect dependency-group: npm-security-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index b22f91c56..1a3f3516b 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -11513,9 +11513,9 @@ } }, "node_modules/mdast-util-to-hast": { - "version": "13.2.0", - "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz", - "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==", + "version": "13.2.1", + "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.1.tgz", + "integrity": "sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA==", "license": "MIT", "dependencies": { "@types/hast": "^3.0.0", From 041fe941852cb2ef9dfae5248a243dc31b2a55bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 09:07:00 +0000 Subject: [PATCH 28/37] Bump the npm-version-updates group in /documentation with 2 updates Bumps the npm-version-updates group in /documentation with 2 updates: [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom). Updates `react` from 19.2.0 to 19.2.1 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.1/packages/react) Updates `react-dom` from 19.2.0 to 19.2.1 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.1/packages/react-dom) --- updated-dependencies: - dependency-name: react dependency-version: 19.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-version-updates - dependency-name: react-dom dependency-version: 19.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-version-updates ... Signed-off-by: dependabot[bot] --- documentation/package-lock.json | 18 +++++++++--------- documentation/package.json | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/documentation/package-lock.json b/documentation/package-lock.json index 1a3f3516b..7d790fffe 100644 --- a/documentation/package-lock.json +++ b/documentation/package-lock.json @@ -21,8 +21,8 @@ "mustache": "^4.2.0", "node-fetch": "^3.1.1", "prism-react-renderer": "^2.4.1", - "react": "^19.2.0", - "react-dom": "^19.2.0", + "react": "^19.2.1", + "react-dom": "^19.2.1", "rimraf": "^6.1.2", "sass": "1.94" }, @@ -15952,9 +15952,9 @@ } }, "node_modules/react": { - "version": "19.2.0", - "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz", - "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==", + "version": "19.2.1", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.1.tgz", + "integrity": "sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw==", "license": "MIT", "peer": true, "engines": { @@ -15962,16 +15962,16 @@ } }, "node_modules/react-dom": { - "version": "19.2.0", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz", - "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==", + "version": "19.2.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.1.tgz", + "integrity": "sha512-ibrK8llX2a4eOskq1mXKu/TGZj9qzomO+sNfO98M6d9zIPOEhlBkMkBUBLd1vgS0gQsLDBzA+8jJBVXDnfHmJg==", "license": "MIT", "peer": true, "dependencies": { "scheduler": "^0.27.0" }, "peerDependencies": { - "react": "^19.2.0" + "react": "^19.2.1" } }, "node_modules/react-fast-compare": { diff --git a/documentation/package.json b/documentation/package.json index 12064386f..6634d834f 100644 --- a/documentation/package.json +++ b/documentation/package.json @@ -31,8 +31,8 @@ "mustache": "^4.2.0", "node-fetch": "^3.1.1", "prism-react-renderer": "^2.4.1", - "react": "^19.2.0", - "react-dom": "^19.2.0", + "react": "^19.2.1", + "react-dom": "^19.2.1", "rimraf": "^6.1.2", "sass": "1.94" }, From edcf17d2f648df15fb2092d371983cac7b2255ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 09:18:03 +0000 Subject: [PATCH 29/37] Bump the github-actions-version-updates group across 1 directory with 4 updates Bumps the github-actions-version-updates group with 4 updates in the /.github/workflows directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-java](https://github.com/actions/setup-java), [github/codeql-action](https://github.com/github/codeql-action) and [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request). Updates `actions/checkout` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8) Updates `actions/setup-java` from 5.0.0 to 5.1.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/dded0888837ed1f317902acf8a20df0ad188d165...f2beeb24e141e01a676f977032f5a29d81c9e27e) Updates `github/codeql-action` from 4.31.6 to 4.31.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/fe4161a26a8629af62121b670040955b330f9af2...cf1bb45a277cb3c205638b2cd5c984db1c46a412) Updates `peter-evans/create-pull-request` from 7.0.9 to 7.0.11 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...22a9089034f40e5a961c8808d113e2c98fb63676) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates - dependency-name: actions/setup-java dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-version-updates - dependency-name: github/codeql-action dependency-version: 4.31.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates - dependency-name: peter-evans/create-pull-request dependency-version: 7.0.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-version-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 26 +++++++++---------- .github/workflows/documentation-roulette.yaml | 2 +- .../workflows/helm-charts-release-ghcr.yaml | 2 +- .github/workflows/helm-charts-release.yaml | 2 +- .github/workflows/helm-docs.yaml | 2 +- .github/workflows/label-commenter.yml | 2 +- .github/workflows/license-check.yaml | 2 +- .github/workflows/mega-linter.yml | 2 +- .github/workflows/move-bot-pr-to-review.yaml | 2 +- .github/workflows/oss-scorecard.yaml | 4 +-- .github/workflows/release-build.yaml | 20 +++++++------- .github/workflows/scb-bot.yaml | 4 +-- 12 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e9bf2482d..f439c89ce 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -37,7 +37,7 @@ jobs: name: "Unit Test | Node.js Scanner Test Helpers" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 @@ -53,7 +53,7 @@ jobs: name: "Setup Kind & Kubectl & Helm & Task" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install Kind run: | @@ -111,7 +111,7 @@ jobs: needs: - k8s-setup steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Download Helm uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: @@ -150,11 +150,11 @@ jobs: matrix: unit: ["persistence-defectdojo"] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 17 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0 with: distribution: "temurin" # required Java distribution java-version: "17" # The JDK version to make available on the path. @@ -191,7 +191,7 @@ jobs: component: ["operator", "lurker"] steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Go Setup uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -230,7 +230,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Go Setup uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -270,7 +270,7 @@ jobs: - k8s-setup steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Go Setup uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -363,7 +363,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Go Setup uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -407,7 +407,7 @@ jobs: - hook-sdk steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Build Image working-directory: ./${{ matrix.sdk }}/nodejs @@ -457,7 +457,7 @@ jobs: - zap-automation-framework steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 @@ -610,7 +610,7 @@ jobs: # - persistence-static-report (WIP) steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 @@ -744,7 +744,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/documentation-roulette.yaml b/.github/workflows/documentation-roulette.yaml index 56e765719..0b87dc6b5 100644 --- a/.github/workflows/documentation-roulette.yaml +++ b/.github/workflows/documentation-roulette.yaml @@ -21,7 +21,7 @@ jobs: if: github.repository == 'secureCodeBox/secureCodeBox' steps: - name: Checkout repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Request team members with the GitHub API using their gh cli - name: Fetch core-team members diff --git a/.github/workflows/helm-charts-release-ghcr.yaml b/.github/workflows/helm-charts-release-ghcr.yaml index 6687b1685..4a6bbfd77 100644 --- a/.github/workflows/helm-charts-release-ghcr.yaml +++ b/.github/workflows/helm-charts-release-ghcr.yaml @@ -20,7 +20,7 @@ jobs: name: "Publish Helm Charts to GHCR" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Parse Release Version run: | diff --git a/.github/workflows/helm-charts-release.yaml b/.github/workflows/helm-charts-release.yaml index 670e02972..667a3da4c 100644 --- a/.github/workflows/helm-charts-release.yaml +++ b/.github/workflows/helm-charts-release.yaml @@ -18,7 +18,7 @@ jobs: name: Package and Publish runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: "Install yq" run: | sudo snap install yq diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index c27152251..30074751d 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-24.04 if: github.repository == 'secureCodeBox/secureCodeBox' steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: ${{ github.head_ref }} token: ${{ secrets.SCB_BOT_USER_TOKEN }} diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml index 1c54908a3..abe871f66 100644 --- a/.github/workflows/label-commenter.yml +++ b/.github/workflows/label-commenter.yml @@ -19,7 +19,7 @@ jobs: comment: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Label Commenter uses: peaceiris/actions-label-commenter@f0dbbef043eb1b150b566db36b0bdc8b7f505579 # v1.10.0 with: diff --git a/.github/workflows/license-check.yaml b/.github/workflows/license-check.yaml index 095d233cd..5accc5694 100644 --- a/.github/workflows/license-check.yaml +++ b/.github/workflows/license-check.yaml @@ -19,7 +19,7 @@ jobs: if: github.repository == 'secureCodeBox/secureCodeBox' steps: - name: Checkout repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: REUSE Compliance Check uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0 diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 88214b346..b7f28353e 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -36,7 +36,7 @@ jobs: steps: # Git Checkout - name: Checkout Code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml index f21944bcd..2e4bcfabc 100644 --- a/.github/workflows/move-bot-pr-to-review.yaml +++ b/.github/workflows/move-bot-pr-to-review.yaml @@ -19,7 +19,7 @@ jobs: # only run if the branch starts with 'dependabot/' or 'dependencies/upgrading' if: startsWith(github.head_ref, 'dependabot/') || startsWith(github.head_ref, 'dependencies/upgrading') steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Add bot PR to project run: | diff --git a/.github/workflows/oss-scorecard.yaml b/.github/workflows/oss-scorecard.yaml index cf9e31352..ec5e52c34 100644 --- a/.github/workflows/oss-scorecard.yaml +++ b/.github/workflows/oss-scorecard.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 + uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7 with: sarif_file: results.sarif diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index e52ba3d2f..28557a6ce 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -31,7 +31,7 @@ jobs: component: ["operator", "lurker"] steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -78,7 +78,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -125,7 +125,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -178,7 +178,7 @@ jobs: - hook-sdk steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -231,7 +231,7 @@ jobs: - update-field-hook steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -285,7 +285,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -347,7 +347,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -422,7 +422,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set ENV Var with Scanner Version uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 @@ -492,7 +492,7 @@ jobs: - test-scan steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Docker Meta id: docker_meta @@ -552,7 +552,7 @@ jobs: - old-wordpress steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set ENV Var with Demo-Target Version uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2 diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index 47bbfc0fd..e19179506 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -48,7 +48,7 @@ jobs: - zap-automation-framework # missing scanners are : nmap, nikto steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Import GPG key uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 @@ -189,7 +189,7 @@ jobs: - name: Create Pull Request if: ${{ env.release != env.local && env.prExists == 0 && env.release != null }} - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 with: token: ${{ secrets.SCB_BOT_USER_TOKEN }} committer: secureCodeBoxBot From a0bad7890cfa2b6322aa66317fa60117327972b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 09:07:55 +0000 Subject: [PATCH 30/37] Bump org.sonarqube Bumps the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 1 update: org.sonarqube. Updates `org.sonarqube` from 7.1.0.6387 to 7.2.0.6526 --- updated-dependencies: - dependency-name: org.sonarqube dependency-version: 7.2.0.6526 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gradle-version-updates ... Signed-off-by: dependabot[bot] --- hooks/persistence-defectdojo/hook/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle index 2956925c6..98ae54974 100644 --- a/hooks/persistence-defectdojo/hook/build.gradle +++ b/hooks/persistence-defectdojo/hook/build.gradle @@ -8,7 +8,7 @@ plugins { // https://github.com/ben-manes/gradle-versions-plugin // Run: ./gradlew dependencyUpdates -Drevision=release id "com.github.ben-manes.versions" version "0.53.0" - id "org.sonarqube" version "7.1.0.6387" + id "org.sonarqube" version "7.2.0.6526" } group = "io.securecodebox" From c6f382a72724389853e9943423a2d5b8ec3a8ee9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 25 Nov 2025 02:21:34 +0000 Subject: [PATCH 31/37] Update dependency helm/helm to v4 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f439c89ce..d34c4f94e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ env: # renovate: datasource=github-releases depName=kubernetes-sigs/kind KIND_BINARY_VERSION: "v0.30.0" # renovate: datasource=github-releases depName=helm/helm - HELM_VERSION: "v3.19.2" + HELM_VERSION: "v4.0.1" # renovate: datasource=github-releases depName=helm-unittest/helm-unittest HELM_PLUGIN_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-releases depName=go-task/task From 1e83663472b41d8e9532485ee64eb96fa57312fe Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Fri, 28 Nov 2025 16:04:27 +0100 Subject: [PATCH 32/37] Skip verification as it is enforced in helm v4but not yet supported by unittest Signed-off-by: Samreet Singh --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d34c4f94e..9c9561579 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -128,7 +128,7 @@ jobs: - name: Install Helm Unit Test Plugin run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST_VERSION }} + helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST_VERSION }} --verify=false - name: Download Task uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 From 1988816d9f0126ce6a4910ba530a79ee767fdb2d Mon Sep 17 00:00:00 2001 From: conleth Date: Tue, 25 Nov 2025 10:31:12 -0800 Subject: [PATCH 33/37] persistence-elastic: handle es8 bulk response Signed-off-by: conleth --- hooks/persistence-elastic/hook/hook.js | 5 ++- hooks/persistence-elastic/hook/hook.test.js | 42 +++++++++++++++++++++ 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-elastic/hook/hook.js b/hooks/persistence-elastic/hook/hook.js index e9ea8077e..9079005a5 100644 --- a/hooks/persistence-elastic/hook/hook.js +++ b/hooks/persistence-elastic/hook/hook.js @@ -105,9 +105,10 @@ export async function handle({ }, ]); - const { body: bulkResponse } = await client.bulk({ refresh: true, body }); + const bulkResponseRaw = await client.bulk({ refresh: true, body }); + const bulkResponse = bulkResponseRaw?.body ?? bulkResponseRaw; - if (bulkResponse.errors) { + if (bulkResponse?.errors) { console.error("Bulk Request had errors:"); console.log(bulkResponse); } diff --git a/hooks/persistence-elastic/hook/hook.test.js b/hooks/persistence-elastic/hook/hook.test.js index 08b5e7b16..125717f8c 100644 --- a/hooks/persistence-elastic/hook/hook.test.js +++ b/hooks/persistence-elastic/hook/hook.test.js @@ -218,3 +218,45 @@ test("should append week format like yyyy/'W'W -> 2020/W46", async () => { index: `scb_2020/W46`, }); }); + +test("should handle elasticsearch v8 bulk response shape", async () => { + const findings = [ + { + id: "4560b3e6-1219-4f5f-9b44-6579f5a32407", + name: "Port 5601 is open", + category: "Open Port", + }, + ]; + + const v8BulkResponse = { errors: true, items: [] }; + + const v8Client = { + indices: { + create: jest.fn(), + }, + index: jest.fn(), + bulk: jest.fn(() => v8BulkResponse), + }; + + const consoleErrorSpy = jest + .spyOn(console, "error") + .mockImplementation(() => {}); + const consoleLogSpy = jest.spyOn(console, "log").mockImplementation(() => {}); + + try { + await handle({ + getFindings: async () => findings, + scan, + now: testDate, + tenant: "default", + appendNamespace: true, + client: v8Client, + }); + expect(v8Client.bulk).toHaveBeenCalledTimes(1); + expect(consoleErrorSpy).toHaveBeenCalledWith("Bulk Request had errors:"); + expect(consoleLogSpy).toHaveBeenCalledWith(v8BulkResponse); + } finally { + consoleErrorSpy.mockRestore(); + consoleLogSpy.mockRestore(); + } +}); From e16d352b4de07e3b95c7f2cc238793491801e0f3 Mon Sep 17 00:00:00 2001 From: conleth Date: Tue, 25 Nov 2025 10:42:09 -0800 Subject: [PATCH 34/37] Adding my details Signed-off-by: conleth --- CONTRIBUTORS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index ad4696f13..5fcf8d316 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -61,3 +61,4 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m - Kai Schäfer - Joel Saß - Patrick Weiss +- Conleth Kennnedy From 9bd3a548cc2144eb72a956d78e02e8f7be0fbdd2 Mon Sep 17 00:00:00 2001 From: conleth Date: Tue, 25 Nov 2025 10:48:33 -0800 Subject: [PATCH 35/37] Extra n in my name Signed-off-by: conleth --- CONTRIBUTORS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 5fcf8d316..d6071c23b 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -61,4 +61,4 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m - Kai Schäfer - Joel Saß - Patrick Weiss -- Conleth Kennnedy +- Conleth Kennedy From 5dd8fd6807b2b0b1a3e8dc5bd1b28f4faddbe675 Mon Sep 17 00:00:00 2001 From: conleth Date: Tue, 9 Dec 2025 09:51:12 -0800 Subject: [PATCH 36/37] Refactor elastic hook tests to reduce duplication Signed-off-by: conleth --- hooks/persistence-elastic/hook/hook.test.js | 137 ++++++-------------- 1 file changed, 40 insertions(+), 97 deletions(-) diff --git a/hooks/persistence-elastic/hook/hook.test.js b/hooks/persistence-elastic/hook/hook.test.js index 125717f8c..84c9184f0 100644 --- a/hooks/persistence-elastic/hook/hook.test.js +++ b/hooks/persistence-elastic/hook/hook.test.js @@ -5,6 +5,7 @@ import { handle } from "./hook"; let elasticClient; +const buildGetFindings = (findings) => async () => findings; beforeEach(() => { elasticClient = { @@ -32,10 +33,36 @@ const scan = { const testDate = new Date("2020-11-11"); +const scanDocumentBody = { + "@timestamp": testDate, + id: scan.metadata.uid, + labels: scan.metadata.labels, + name: scan.metadata.name, + parameters: scan.spec.parameters, + scan_type: scan.spec.scanType, + type: "scan", +}; + +const expectScanIndexCalledWith = (index, client = elasticClient) => { + expect(client.index).toHaveBeenCalledTimes(1); + expect(client.index).toHaveBeenCalledWith({ + body: scanDocumentBody, + index, + }); +}; + +const findingsWithOpenPort = [ + { + id: "4560b3e6-1219-4f5f-9b44-6579f5a32407", + name: "Port 5601 is open", + category: "Open Port", + }, +]; + test("should only send scan summary document if no findings are passing in", async () => { const findings = []; - const getFindings = async () => findings; + const getFindings = buildGetFindings(findings); await handle({ getFindings, @@ -46,34 +73,12 @@ test("should only send scan summary document if no findings are passing in", asy client: elasticClient, }); - expect(elasticClient.index).toHaveBeenCalledTimes(1); - expect(elasticClient.index).toHaveBeenCalledWith({ - body: { - "@timestamp": testDate, - id: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc", - labels: { - company: "iteratec", - }, - name: "demo-scan", - parameters: ["-Pn", "localhost"], - scan_type: "Nmap", - type: "scan", - }, - index: `scb_default_2020-11-11`, - }); + expectScanIndexCalledWith(`scb_default_2020-11-11`); expect(elasticClient.bulk).not.toHaveBeenCalled(); }); test("should send findings to elasticsearch with given prefix", async () => { - const findings = [ - { - id: "4560b3e6-1219-4f5f-9b44-6579f5a32407", - name: "Port 5601 is open", - category: "Open Port", - }, - ]; - - const getFindings = async () => findings; + const getFindings = buildGetFindings(findingsWithOpenPort); await handle({ getFindings, @@ -85,21 +90,7 @@ test("should send findings to elasticsearch with given prefix", async () => { client: elasticClient, }); - expect(elasticClient.index).toHaveBeenCalledTimes(1); - expect(elasticClient.index).toHaveBeenCalledWith({ - body: { - "@timestamp": testDate, - id: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc", - labels: { - company: "iteratec", - }, - name: "demo-scan", - parameters: ["-Pn", "localhost"], - scan_type: "Nmap", - type: "scan", - }, - index: `myPrefix_default_2020-11-11`, - }); + expectScanIndexCalledWith(`myPrefix_default_2020-11-11`); expect(elasticClient.bulk).toHaveBeenCalledTimes(1); expect(elasticClient.bulk).toHaveBeenCalledWith({ @@ -130,7 +121,7 @@ test("should send findings to elasticsearch with given prefix", async () => { test("should not append namespace if 'appendNamespace' is null", async () => { const findings = []; - const getFindings = async () => findings; + const getFindings = buildGetFindings(findings); await handle({ getFindings, @@ -140,27 +131,13 @@ test("should not append namespace if 'appendNamespace' is null", async () => { client: elasticClient, }); - expect(elasticClient.index).toBeCalledTimes(1); - expect(elasticClient.index).toBeCalledWith({ - body: { - "@timestamp": testDate, - id: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc", - labels: { - company: "iteratec", - }, - name: "demo-scan", - parameters: ["-Pn", "localhost"], - scan_type: "Nmap", - type: "scan", - }, - index: `scb_2020-11-11`, - }); + expectScanIndexCalledWith(`scb_2020-11-11`); }); test("should append date format yyyy", async () => { const findings = []; - const getFindings = async () => findings; + const getFindings = buildGetFindings(findings); await handle({ getFindings, @@ -171,27 +148,13 @@ test("should append date format yyyy", async () => { client: elasticClient, }); - expect(elasticClient.index).toBeCalledTimes(1); - expect(elasticClient.index).toBeCalledWith({ - body: { - "@timestamp": testDate, - id: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc", - labels: { - company: "iteratec", - }, - name: "demo-scan", - parameters: ["-Pn", "localhost"], - scan_type: "Nmap", - type: "scan", - }, - index: `scb_2020`, - }); + expectScanIndexCalledWith(`scb_2020`); }); test("should append week format like yyyy/'W'W -> 2020/W46", async () => { const findings = []; - const getFindings = async () => findings; + const getFindings = buildGetFindings(findings); await handle({ getFindings, @@ -202,32 +165,12 @@ test("should append week format like yyyy/'W'W -> 2020/W46", async () => { client: elasticClient, }); - expect(elasticClient.index).toBeCalledTimes(1); - expect(elasticClient.index).toBeCalledWith({ - body: { - "@timestamp": testDate, - id: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc", - labels: { - company: "iteratec", - }, - name: "demo-scan", - parameters: ["-Pn", "localhost"], - scan_type: "Nmap", - type: "scan", - }, - index: `scb_2020/W46`, - }); + expectScanIndexCalledWith(`scb_2020/W46`); }); test("should handle elasticsearch v8 bulk response shape", async () => { - const findings = [ - { - id: "4560b3e6-1219-4f5f-9b44-6579f5a32407", - name: "Port 5601 is open", - category: "Open Port", - }, - ]; - + const findings = findingsWithOpenPort; + const getFindings = buildGetFindings(findings); const v8BulkResponse = { errors: true, items: [] }; const v8Client = { @@ -245,7 +188,7 @@ test("should handle elasticsearch v8 bulk response shape", async () => { try { await handle({ - getFindings: async () => findings, + getFindings, scan, now: testDate, tenant: "default", From 8b90269f2832be81da6249492a07302d3a53b48d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Dec 2025 03:13:52 +0000 Subject: [PATCH 37/37] Update dependency kubernetes/kubernetes to v1.34.3 --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9c9561579..e0ca0d272 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -22,7 +22,7 @@ env: # renovate: datasource=github-releases depName=python/cpython PYTHON_VERSION: "3.13.5" # renovate: datasource=github-releases depName=kubernetes/kubernetes - KUBECTL_VERSION: "v1.34.2" + KUBECTL_VERSION: "v1.34.3" # renovate: datasource=github-releases depName=kubernetes-sigs/kind KIND_BINARY_VERSION: "v0.30.0" # renovate: datasource=github-releases depName=helm/helm