Skip to content

Commit

Permalink
feat: introduce cve scanners (#500)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Demonsthere
Demonsthere authored Jul 4, 2024
1 parent 1b46b29 commit d229e74
Show file tree
Hide file tree
Showing 181 changed files with 239 additions and 190 deletions.
44 changes: 44 additions & 0 deletions .github/workflows/cve-scanner.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Go Source Scanners
on:
push:
branches:
- "master"
- "v*.*.*"
- "v*"
tags:
- "v*.*.*"
pull_request:
branches:
- "master"
- "v*.*.*"
- "v*"

jobs:
scanners:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Env
id: vars
shell: bash
run: |
echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> "${GITHUB_ENV}"
- name: Run Gosec Security Scanner
continue-on-error: true
uses: securego/gosec@master
with:
args: ./...
- name: Run Govulncheck Scanner
continue-on-error: true
uses: golang/govulncheck-action@v1
with:
go-package: ./...
go-version-input: "1.22"
- name: Run Trivy vulnerability scanner in repo mode
continue-on-error: true
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
ignore-unfixed: true
format: "json"
2 changes: 1 addition & 1 deletion .github/workflows/format.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.21"
go-version: 1.22
- run: make format
- name: Indicate formatting issues
run: git diff HEAD --exit-code --color
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.21"
go-version: "1.22"
- run: make test
- name: WriteGoList
run: go list -json -deps ./... > go.list
Expand Down
2 changes: 1 addition & 1 deletion docker/auth.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2015 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/change.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2014 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/client.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2013 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/client_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2016 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/client_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2016 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/container.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2013 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/distribution.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2017 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/env.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2014 Docker authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/event.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2014 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/exec.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2014 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/image.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2013 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/misc.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2013 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/network.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Copyright 2015 go-dockerclient authors. All rights reserved.
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/env.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/hosts.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/hosts_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/hosts_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/ip.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/opts.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/opts_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/opts_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/quotedstring.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/runtime.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/opts/ulimit.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package opts
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/archive.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/archive_linux.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/archive_other.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !linux
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/archive_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/archive_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/changes.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/changes_linux.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/changes_other.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !linux
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/changes_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/changes_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/copy.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/copy_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/copy_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/diff.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/example_changes.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build ignore
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/time_linux.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/time_unsupported.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !linux
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/whiteouts.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/archive/wrap.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package archive // import "github.com/ory/dockertest/v3/docker/pkg/archive"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/fileutils/fileutils.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fileutils // import "github.com/ory/dockertest/v3/docker/pkg/fileutils"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/fileutils/fileutils_darwin.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fileutils // import "github.com/ory/dockertest/v3/docker/pkg/fileutils"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/fileutils/fileutils_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build linux || freebsd
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/fileutils/fileutils_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fileutils // import "github.com/ory/dockertest/v3/docker/pkg/fileutils"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/homedir/homedir_linux.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package homedir // import "github.com/ory/dockertest/v3/docker/pkg/homedir"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/homedir/homedir_others.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !linux
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/homedir/homedir_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/homedir/homedir_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package homedir // import "github.com/ory/dockertest/v3/docker/pkg/homedir"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/idtools/idtools.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package idtools // import "github.com/ory/dockertest/v3/docker/pkg/idtools"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/idtools/idtools_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !windows
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/idtools/idtools_windows.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package idtools // import "github.com/ory/dockertest/v3/docker/pkg/idtools"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/idtools/usergroupadd_linux.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package idtools // import "github.com/ory/dockertest/v3/docker/pkg/idtools"
Expand Down
2 changes: 1 addition & 1 deletion docker/pkg/idtools/usergroupadd_unsupported.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2023 Ory Corp
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

//go:build !linux
Expand Down
Loading

0 comments on commit d229e74

Please sign in to comment.