update(go): update go version to 1.23.1

.github/workflows/go-ci-integration.yml

@@ -45,6 +45,9 @@ jobs:
             COMMIT=${GITHUB_SHA}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
+      - name: Set Permissions
+        run: |
+          sudo chmod -R 777 ${PWD}/assets/queries
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
       - name: Run docker image and generate results.json

.github/workflows/go-ci.yml

@@ -99,10 +99,13 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
+        uses: securego/gosec@6fbd381238e97e1d1f3358f0d6d65de78dcf9245 # v2.20.0
         with:
           args: "-no-fail -fmt sarif -out results.sarif ./..."
+      - name: Show results
+        run: |
+          cat results.sarif
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33
         with:
           sarif_file: results.sarif

Dockerfile

@@ -1,4 +1,4 @@
-FROM cgr.dev/chainguard/go@sha256:4f11a0dfbd73832405bc3f611e53b4dbd61a1d1d23d205f2665cabfbd295a109 as build_env
+FROM cgr.dev/chainguard/go@sha256:1b27d8f2f9bb49434e38fbb7456cb8b72b6652235bb07e2ee002d06f44821c29 as build_env
 
 # Copy the source from the current directory to the Working Directory inside the container
 WORKDIR /app
@@ -31,7 +31,7 @@ USER nonroot
 # Runtime image
 # Ignore no User Cmd since KICS container is stopped afer scan
 # kics-scan ignore-line
-FROM cgr.dev/chainguard/git@sha256:51620806588a4738b536e1f328206b17ae2a988b2a424a6a37c419041eb2b9a9
+FROM cgr.dev/chainguard/git@sha256:02660563e96b553d6aeb4093e3fcc3e91b2ad3a86e05c65b233f37f035e5044e
 
 ENV TERM xterm-256color
 

docker/Dockerfile.debian

@@ -3,7 +3,7 @@
 # it does not define an ENTRYPOINT as this is a requirement described here:
 # https://docs.microsoft.com/en-us/azure/devops/pipelines/process/container-phases?view=azure-devops#linux-based-containers
 #
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22.5-bookworm as build_env
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.22.7-bookworm as build_env
 # Create a group and user
 RUN groupadd checkmarx && useradd -g checkmarx -M -s /bin/bash checkmarx
 USER checkmarx

docker/Dockerfile.ubi8

@@ -4,10 +4,10 @@ WORKDIR /build
 
 ENV PATH=$PATH:/usr/local/go/bin
 
-ADD https://golang.org/dl/go1.22.4.linux-amd64.tar.gz .
+ADD https://golang.org/dl/go1.22.7.linux-amd64.tar.gz .
 RUN yum install git gcc -y \
-  && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.22.4.linux-amd64.tar.gz \
-  && rm -f go1.22.4.linux-amd64.tar.gz
+  && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.22.7.linux-amd64.tar.gz \
+  && rm -f go1.22.7.linux-amd64.tar.gz
 
 ENV GOPRIVATE=github.com/Checkmarx/*
 ARG VERSION="development"

go.mod

@@ -1,6 +1,6 @@
 module github.com/Checkmarx/kics/v2
 
-go 1.22.5
+go 1.22.7
 
 replace (
 	github.com/containerd/containerd => github.com/containerd/containerd v1.6.26