Merge branch 'master' into kics-987

.github/scripts/report/go.mod

@@ -1,5 +1,15 @@
 module github.com/Checkmarx/e2e-report
 
-go 1.16
+go 1.21
 
-require github.com/tdewolff/minify/v2 v2.9.21
+require (
+	github.com/rs/zerolog v1.31.0
+	github.com/tdewolff/minify/v2 v2.9.21
+)
+
+require (
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/tdewolff/parse/v2 v2.5.19 // indirect
+	golang.org/x/sys v0.12.0 // indirect
+)

.github/scripts/report/go.sum

@@ -1,7 +1,18 @@
 github.com/cheekybits/is v0.0.0-20150225183255-68e9c0620927/go.mod h1:h/aW8ynjgkuj+NQRlZcDbAbM1ORAbXjXX77sX7T289U=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/matryer/try v0.0.0-20161228173917-9ac251b645a2/go.mod h1:0KeJpeMD6o+O4hW7qJOT7vyQPKrWmj26uf5wMc/IiIs=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A=
+github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/tdewolff/minify/v2 v2.9.21 h1:nO4s1PEMy7aRjlIlbr3Jgr+bJby8QYuifa2Vs2f9lh4=
 github.com/tdewolff/minify/v2 v2.9.21/go.mod h1:PoDBts2L7sCwUT28vTAlozGeD6qxjrrihtin4bR/RMM=
@@ -11,3 +22,7 @@ github.com/tdewolff/test v1.0.6 h1:76mzYJQ83Op284kMT+63iCNCI7NEERsIN8dLM+RiKr4=
 github.com/tdewolff/test v1.0.6/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

.github/workflows/alert-update-flags.yaml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout project
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 2
       - name: Execute diff and send email

.github/workflows/alert-update-terraform-modules.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Execute diff and send email

.github/workflows/check-apache-license.yaml

@@ -2,7 +2,7 @@ name: check-apache-license
 on:
   pull_request_target:
     types: [opened, synchronize, edited, reopened]
-    branches: 
+    branches:
       - master
 jobs:
   check-license:
@@ -12,7 +12,7 @@ jobs:
       USERNAME: ${{ github.event.pull_request.user.login }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -51,4 +51,4 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
     - name: Workflow failed
       if: env.CHECK_FAILED == 'true'
-      run: exit 1
+      run: exit 1

.github/workflows/check-go-coverage.yaml

@@ -10,13 +10,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
       - name: Run test metrics script
         id: testcov
         run: |
@@ -26,4 +26,4 @@ jobs:
         if: env.coverage < 80
         run: |
           echo "Go coverage is lower than 80%: ${{ env.coverage }}%"
-          exit 1
+          exit 1

.github/workflows/go-ci-coverage.yaml

@@ -14,13 +14,13 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
       - name: Run test metrics script
         id: testcov
         run: |
@@ -47,7 +47,7 @@ jobs:
     needs: coverage
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: gh-pages
       - name: Configure git commit author

.github/workflows/go-ci-metrics.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: "3.x"
@@ -36,7 +36,7 @@ jobs:
     needs: metrics
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: gh-pages
       - name: Configure git commit author

.github/workflows/go-ci.yml

@@ -10,24 +10,24 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
           cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3.5.0
         with:
-          version: v1.51.2
+          version: v1.55.2
           args: -c .golangci.yml --timeout 20m
   go-generate:
     name: go-generate
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.x
+          go-version: 1.21.x
       - name: Check out code
         uses: actions/checkout@v3
         with:
@@ -39,11 +39,11 @@ jobs:
     name: unit-tests
     strategy:
       matrix:
-        go-version: [1.20.x]
+        go-version: [1.21.x]
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go-version }}
@@ -119,6 +119,6 @@ jobs:
         with:
           args: "-no-fail -fmt sarif -out results.sarif ./..."
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.github/workflows/go-e2e-debian.yaml

@@ -0,0 +1,107 @@
+name: go-e2e-debian
+
+on:
+  pull_request:
+    branches: [master]
+
+jobs:
+  e2e-debian-tests:
+    name: e2e-debian-tests
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: [1.21.x]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/cancel-workflow-action@0.11.0
+        with:
+          access_token: ${{ github.token }}
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Set up Go 1.21.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Print go env
+        run: go env
+      - name: Get Modules
+        run: go mod vendor
+      - name: Set up Node v14
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - name: Install mock server
+        run: npm ci
+        working-directory: .github/scripts/server-mock
+      - name: Start mock server
+        run: (npm run start&)
+        working-directory: .github/scripts/server-mock
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.ref }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-${{ github.ref }}
+      - name: Append Entrypoint in dockerfile
+        run: |
+          echo "ENTRYPOINT [\"/app/bin/kics\"]" >> docker/Dockerfile.debian
+      - name: Get short SHA
+        run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v5.0.0
+        with:
+          load: true
+          context: ./
+          file: ./docker/Dockerfile.debian
+          builder: ${{ steps.buildx.outputs.name }}
+          push: false
+          tags: kics:e2e-debian-tests-${{ github.sha }}
+          build-args: |
+            VERSION=development
+            COMMIT=${{ github.sha }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+      - name: Display PWD / Files
+        run: |
+          pwd
+          ls
+      - name: Set Output Permissions
+        run: |
+          sudo chmod -R 777 ./e2e
+      - name: Run E2E Tests
+        env:
+          E2E_KICS_DOCKER: kics:e2e-debian-tests-${{ github.sha }}
+          E2E_KICS_QUERIES_PATH: ${{ steps.getbin.outputs.queries }}
+        run: |
+          go test -tags dev "github.com/Checkmarx/kics/e2e" -timeout 1500s -json > results.json
+      - name: Generate E2E Report
+        if: always()
+        env:
+          E2E_KICS_DOCKERFILE: docker/Dockerfile.debian
+        run: |
+          CWD=$(pwd)
+          cd .github/scripts/report
+          go mod tidy
+          go build
+          ./e2e-report -test-path ${CWD} -test-name results.json -report-path ${CWD} -report-name e2e-report.html
+      - name: Get docker name
+        run: |
+          DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/')
+      - name: Archive test report
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: e2e-tests-report-$DOCKER_NAME
+          path: e2e-report.html
+          # dummy

.github/workflows/go-e2e.yaml

@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.20.x]
+        go-version: [1.21.x]
         os: [ubuntu-latest]
         kics-docker: ["Dockerfile", "docker/Dockerfile.ubi8"]
     runs-on: ${{ matrix.os }}
@@ -20,10 +20,10 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Set up Go 1.20.x
+      - name: Set up Go 1.21.x
         uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go-version }}
@@ -32,9 +32,9 @@ jobs:
       - name: Get Modules
         run: go mod vendor
       - name: Set up Node v14
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: "14"
+          node-version: "20"
       - name: Install mock server
         run: npm ci
         working-directory: .github/scripts/server-mock
@@ -43,7 +43,7 @@ jobs:
         working-directory: .github/scripts/server-mock
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Cache Docker layers
         uses: actions/cache@v3
         with:
@@ -55,7 +55,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         with:
           load: true
           context: ./

.github/workflows/go-generate-antlr-parser.yaml

@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Build ANTLR image
-        uses: docker/build-push-action@v4.0.0
+        uses: docker/build-push-action@v5.0.0
         id: build_antlr_image
         with:
           context: .

.github/workflows/kics-gh-action.yaml

@@ -9,7 +9,7 @@ jobs:
   kics-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run KICS Scan
         uses: checkmarx/kics-github-action@v1.7.0
         with: