From 13639c0bde3af5af53be232ca86acb4ead0ef2fc Mon Sep 17 00:00:00 2001
From: jdesouza <james@fairwinds.com>
Date: Fri, 28 Jun 2024 13:40:34 -0300
Subject: [PATCH] Fixed tfsec vulnerability (#941)

* INSIGHTS-153 Remove new vulnerability CVE-2024-6257

* Fixing tfsec vulnerability

* Fixing tfsec vulnerability

* Fixing tfsec vulnerability

* Updated version

* Updated version

* Fixing script

* Fixing script
---
 plugins/ci/CHANGELOG.md | 3 +++
 plugins/ci/Dockerfile   | 4 ++--
 plugins/ci/version.txt  | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/plugins/ci/CHANGELOG.md b/plugins/ci/CHANGELOG.md
index cfc7f4473..d7b655ccd 100644
--- a/plugins/ci/CHANGELOG.md
+++ b/plugins/ci/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 5.5.8
+* Fixed CI vulnerability
+
 ## 5.5.7
 * Bump alpine to 3.20
 
diff --git a/plugins/ci/Dockerfile b/plugins/ci/Dockerfile
index 6be4bc16b..a94412f3d 100644
--- a/plugins/ci/Dockerfile
+++ b/plugins/ci/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.20 AS downloader
 ARG TARGETARCH
 ARG TARGETOS
-ENV tfsecVersion=1.28.6
+ENV tfsecVersion=1.28.9
 ENV trivyVersion=0.50.4
 ENV polarisVersion=9.0.0
 ENV plutoVersion=5.19.4
@@ -11,7 +11,7 @@ ENV helmVersion=3.11.2
 RUN apk update && apk --no-cache add curl bash openssl ca-certificates
 RUN if [ "${TARGETARCH}" = "amd64" ] ; then trivyArch="64bit"; else trivyArch="${TARGETARCH}"; fi && \
   curl -L https://github.com/aquasecurity/trivy/releases/download/v${trivyVersion}/trivy_${trivyVersion}_${TARGETOS}-${trivyArch}.tar.gz > trivy.tar.gz && tar -xvf trivy.tar.gz && mv ./trivy /usr/local/bin/trivy && rm trivy.tar.gz
-RUN curl -L https://github.com/aquasecurity/tfsec/releases/download/v${tfsecVersion}/tfsec-${TARGETOS}-${TARGETARCH} > /usr/local/bin/tfsec && chmod +x /usr/local/bin/tfsec
+RUN curl -L https://github.com/aquasecurity/tfsec/releases/download/v${tfsecVersion}/tfsec_${tfsecVersion}_${TARGETOS}_${TARGETARCH}.tar.gz > tfsec.tar.gz && tar -xvf tfsec.tar.gz && mv ./tfsec /usr/local/bin/tfsec && chmod +x /usr/local/bin/tfsec && rm tfsec.tar.gz
 RUN curl -L "https://github.com/FairwindsOps/polaris/releases/download/$polarisVersion/polaris_${TARGETOS}_${TARGETARCH}.tar.gz" > polaris.tar.gz && tar -xvf polaris.tar.gz && chmod +x polaris && rm polaris.tar.gz && mv ./polaris /usr/local/bin/polaris
 RUN curl -L "https://github.com/FairwindsOps/pluto/releases/download/v$plutoVersion/pluto_${plutoVersion}_${TARGETOS}_${TARGETARCH}.tar.gz" > pluto.tar.gz && tar -xvf pluto.tar.gz && chmod +x pluto && rm pluto.tar.gz && mv ./pluto /usr/local/bin/pluto
 
diff --git a/plugins/ci/version.txt b/plugins/ci/version.txt
index 21f56a9f8..751e09b70 100644
--- a/plugins/ci/version.txt
+++ b/plugins/ci/version.txt
@@ -1 +1 @@
-5.5.7
+5.5.8