Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Think of a way to avoid maintenance as much as possible #38

Closed
mattaereal opened this issue Oct 14, 2024 · 4 comments
Closed

Think of a way to avoid maintenance as much as possible #38

mattaereal opened this issue Oct 14, 2024 · 4 comments
Assignees
@reynico
Labels
enhancement New feature or request

Comments

@mattaereal
Copy link
Collaborator

mattaereal commented Oct 14, 2024
edited
Loading

My current idea is to have the make file prompt you whether you want to try to pull the latest for each tool, or just the latest stable we've known worked for us.

Do you think you can do this?

I'm thinking make latest, make release-1 (for example). Although it might confuse people on differentiating our latest release versus the latest pull for each tool.
@mattaereal mattaereal added the enhancement New feature or request label Oct 14, 2024
@mattaereal
Copy link
Collaborator Author

As per our previous conversation, I will be adding here the latest versions I've tried that work, so we can start creating a latest vs releases that worked with our deployment

@mattaereal
Copy link
Collaborator Author

Here they come! Btw, some of them can be directly downloaded from their releases, without the need to compile, should we pursue that instead of compiling? It does make sense in terms of speed, right?

  1. gitxray:
    ARG T_GITXRAY=1.0.15
    RUN pipx run gitxray==1.0.15

  2. gh-repo-analyzer
    since this is a script, I say we download the latest from GitHub, already added a PR to install it easier and updated

  3. git-secrets
    same, it's by awslabs, and barely updated, I doubt any breaking change will happen soon.

  4. trufflehog
    ARG T_TRUFFLEHOG=3.82.8
    https://github.com/trufflesecurity/trufflehog/releases/tag/v3.82.8
    https://github.com/trufflesecurity/trufflehog/releases/latest

  5. gitleaks
    ARG T_GITLEAKS=8.21.0
    https://github.com/gitleaks/gitleaks/releases/tag/v8.21.0
    https://github.com/gitleaks/gitleaks/releases/latest

  6. 2ms
    ARG T_2MS=3.10.0
    https://github.com/Checkmarx/2ms/releases/tag/v3.10.0
    https://github.com/Checkmarx/2ms/releases/latest

  7. detect-secrets
    ARG T_DETECT_SECRETS=1.5.0
    RUN pipx install detect-secrets==1.5.0
    https://github.com/Yelp/detect-secrets/releases/tag/v1.5.0
    https://github.com/Yelp/detect-secrets/releases/latest

  8. trivy
    ARG T_TRIVY=0.56.2
    https://github.com/aquasecurity/trivy/releases/tag/v0.56.2
    https://github.com/aquasecurity/trivy/releases/latest

  9. clair
    ARG T_CLAIR=4.8.0
    https://github.com/quay/clair/releases/tag/v4.8.0
    https://github.com/quay/clair/releases/latest

  10. snyk
    ARG T_SNYK=1.1293.1
    RUN pnpm install -g snyk@1.1293.1
    https://github.com/snyk/cli/releases/tag/v1.1293.1
    https://github.com/snyk/cli/releases/latest

  11. grype
    ARG T_GRYPE=0.82.1
    https://github.com/anchore/grype/releases/tag/v0.82.1
    https://github.com/anchore/grype/releases/latest

  12. falco
    ARG T_FALCO=0.39.1
    https://github.com/falcosecurity/falco/releases/tag/0.39.1
    https://github.com/falcosecurity/falco/latest

  13. semgrep
    ARG T_SEMGREP=1.91.0
    RUN pipx install semgrep==1.91.0
    https://github.com/semgrep/semgrep/releases/tag/v1.91.0
    https://github.com/semgrep/semgrep/releases/latest

  14. legitify
    ARG T_LEGITIFY=1.0.11
    https://github.com/Legit-Labs/legitify/releases/tag/v1.0.11
    https://github.com/Legit-Labs/legitify/releases/latest

  15. kics
    ARG T_KICS=2.1.3
    https://github.com/Checkmarx/kics/releases/tag/v2.1.3
    https://github.com/Checkmarx/kics/releases/latest

  16. checkov
    ARG T_CHECKOV=3.2.262
    RUN pipx install checkov==3.2.262
    https://github.com/bridgecrewio/checkov/releases/tag/3.2.262
    https://github.com/bridgecrewio/checkov/releases/latest

  17. scoutsuite
    ARG T_SCOUTSUITE=5.15.0
    RUN pipx install scoutsuite==5.15.0
    https://github.com/nccgroup/ScoutSuite/releases/tag/5.14.0
    https://github.com/nccgroup/ScoutSuite/releases/latest

  18. cloudsplaining
    ARG T_CLOUDSPLAINING=0.7.0
    RUN pipx install cloudsplaining==0.7.0
    https://github.com/salesforce/cloudsplaining/releases/tag/0.7.0
    https://github.com/salesforce/cloudsplaining/latest

  19. hadolint
    ARG T_HADOLINT=2.12.0
    https://github.com/hadolint/hadolint/releases/tag/v2.12.0
    https://github.com/hadolint/hadolint/releases/latest

  20. dependency-check
    ARG T_DEPCHECK=10.0.4
    https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.4
    https://github.com/jeremylong/DependencyCheck/releases/latest

  21. nodejsscan
    ARG T_NODEJSSCAN=4.8
    RUN pipx install nodejsscan==4.8
    https://github.com/ajinabraham/nodejsscan/releases/tag/v4.8
    https://github.com/ajinabraham/nodejsscan/releases/latest

  22. lavamoat
    this shouldn't be installed by default!

  23. retire
    ARG T_RETIRE=5.2.4
    RUN pnpm install -g retire@5.2.4
    https://github.com/RetireJS/retire.js/releases/tag/5.2.4
    https://github.com/RetireJS/retire.js/releases/latest

@mattaereal mattaereal reopened this Oct 15, 2024
@mattaereal
Copy link
Collaborator Author

Adding one more:
24. dockle
ARG T_DOCKLE=0.4.14
https://github.com/goodwithtech/dockle/releases/tag/v0.4.14
https://github.com/goodwithtech/dockle/releases/latest

@mattaereal
Copy link
Collaborator Author

Incorporated in #42 #43

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reynico reynico

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattaereal @reynico