Fixed tfsec vulnerability (#941)

* INSIGHTS-153 Remove new vulnerability CVE-2024-6257 * Fixing tfsec vulnerability * Fixing tfsec vulnerability * Fixing tfsec vulnerability * Updated version * Updated version * Fixing script * Fixing script
FairwindsOps · Jun 28, 2024 · 13639c0 · 13639c0
1 parent 1524f09
commit 13639c0
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/plugins/ci/CHANGELOG.md b/plugins/ci/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 5.5.8
+* Fixed CI vulnerability
+
 ## 5.5.7
 * Bump alpine to 3.20
 

diff --git a/plugins/ci/Dockerfile b/plugins/ci/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.20 AS downloader
 ARG TARGETARCH
 ARG TARGETOS
-ENV tfsecVersion=1.28.6
+ENV tfsecVersion=1.28.9
 ENV trivyVersion=0.50.4
 ENV polarisVersion=9.0.0
 ENV plutoVersion=5.19.4
@@ -11,7 +11,7 @@ ENV helmVersion=3.11.2
 RUN apk update && apk --no-cache add curl bash openssl ca-certificates
 RUN if [ "${TARGETARCH}" = "amd64" ] ; then trivyArch="64bit"; else trivyArch="${TARGETARCH}"; fi && \
   curl -L https://github.com/aquasecurity/trivy/releases/download/v${trivyVersion}/trivy_${trivyVersion}_${TARGETOS}-${trivyArch}.tar.gz > trivy.tar.gz && tar -xvf trivy.tar.gz && mv ./trivy /usr/local/bin/trivy && rm trivy.tar.gz
-RUN curl -L https://github.com/aquasecurity/tfsec/releases/download/v${tfsecVersion}/tfsec-${TARGETOS}-${TARGETARCH} > /usr/local/bin/tfsec && chmod +x /usr/local/bin/tfsec
+RUN curl -L https://github.com/aquasecurity/tfsec/releases/download/v${tfsecVersion}/tfsec_${tfsecVersion}_${TARGETOS}_${TARGETARCH}.tar.gz > tfsec.tar.gz && tar -xvf tfsec.tar.gz && mv ./tfsec /usr/local/bin/tfsec && chmod +x /usr/local/bin/tfsec && rm tfsec.tar.gz
 RUN curl -L "https://github.com/FairwindsOps/polaris/releases/download/$polarisVersion/polaris_${TARGETOS}_${TARGETARCH}.tar.gz" > polaris.tar.gz && tar -xvf polaris.tar.gz && chmod +x polaris && rm polaris.tar.gz && mv ./polaris /usr/local/bin/polaris
 RUN curl -L "https://github.com/FairwindsOps/pluto/releases/download/v$plutoVersion/pluto_${plutoVersion}_${TARGETOS}_${TARGETARCH}.tar.gz" > pluto.tar.gz && tar -xvf pluto.tar.gz && chmod +x pluto && rm pluto.tar.gz && mv ./pluto /usr/local/bin/pluto
 

diff --git a/plugins/ci/version.txt b/plugins/ci/version.txt
@@ -1 +1 @@
-5.5.7
+5.5.8