INSIGHTS-452 - plugins: bump trivy to 0.57.0 (#977)

* Bump trivy to 0.57.0

* Bump trivy to 0.57.0

* Fixing version

* Bumping polaris

* Fixed versions

* Fixed versions

* Fixed versions

* Fixed versions

.circleci/scripts/ci-plugin-e2e-test.sh

@@ -34,7 +34,7 @@ echo "Running CI/CD on sample repo"
 echo "The fairwinds-insights.yaml contents:"
 cat $CONFIG_FILE
 
-$ci_script &> output.txt || failed=false
+image_version=5.7 $ci_script &> output.txt || failed=false
 if [[ -n $failed ]]; then
   cat output.txt
   echo "CI script returned non-zero. Exiting."

.circleci/scripts/install-trivy.sh

@@ -1,7 +1,7 @@
 #! /bin/bash
 set -eo pipefail
 
-curl -L https://github.com/aquasecurity/trivy/releases/download/v0.56.2/trivy_0.56.2_Linux-64bit.tar.gz > trivy.tar.gz
+curl -L https://github.com/aquasecurity/trivy/releases/download/v0.57.0/trivy_0.57.0_Linux-64bit.tar.gz > trivy.tar.gz
 tar -xvf trivy.tar.gz
 sudo mv ./trivy /usr/local/bin/trivy
 rm trivy.tar.gz

fairwinds-insights.yaml

@@ -4,26 +4,26 @@ options:
 # run ./scripts/scan-all.sh to regenerate
 images:
   docker:
-    - quay.io/fairwinds/polaris:9.4
+    - quay.io/fairwinds/polaris:9.5
     - quay.io/fairwinds/nova:v3.11
     - us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5.20
     - us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.13
-    - quay.io/fairwinds/insights-admission-controller:1.17.1
+    - quay.io/fairwinds/insights-admission-controller:1.17
     - quay.io/fairwinds/aws-costs:1.4.2
-    - quay.io/fairwinds/insights-ci:5.7.4
-    - quay.io/fairwinds/cloud-costs:0.3.7
-    - quay.io/fairwinds/falco-agent:0.3.10
-    - quay.io/fairwinds/fw-kube-bench-aggregator:0.3.18
-    - quay.io/fairwinds/fw-kube-bench:0.5.1
-    - quay.io/fairwinds/kubectl:0.20.6
-    - quay.io/fairwinds/fw-kubesec:1.4.9
-    - quay.io/fairwinds/kyverno:0.3.1
-    - quay.io/fairwinds/fw-opa:2.5.1
+    - quay.io/fairwinds/insights-ci:5.7
+    - quay.io/fairwinds/cloud-costs:0.3
+    - quay.io/fairwinds/falco-agent:0.3
+    - quay.io/fairwinds/fw-kube-bench-aggregator:0.3
+    - quay.io/fairwinds/fw-kube-bench:0.5
+    - quay.io/fairwinds/kubectl:0.20
+    - quay.io/fairwinds/fw-kubesec:1.4
+    - quay.io/fairwinds/kyverno:0.3
+    - quay.io/fairwinds/fw-opa:2.5
     - quay.io/fairwinds/postgres-partman:16.0.1
-    - quay.io/fairwinds/prometheus-collector:1.5.2
-    - quay.io/fairwinds/rbac-reporter:1.3.19
-    - quay.io/fairwinds/right-sizer:0.5.8
-    - quay.io/fairwinds/fw-trivy:0.30.1
-    - quay.io/fairwinds/insights-uploader:0.5.6
+    - quay.io/fairwinds/prometheus-collector:1.5
+    - quay.io/fairwinds/rbac-reporter:1.3
+    - quay.io/fairwinds/right-sizer:0.5
+    - quay.io/fairwinds/fw-trivy:0.31
+    - quay.io/fairwinds/insights-uploader:0.5
     - quay.io/fairwinds/insights-utils:0.0.8
-    - quay.io/fairwinds/workloads:2.6.10
+    - quay.io/fairwinds/workloads:2.6

plugins/admission/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 1.17.3
+* bumped polaris to 9.5.0
+
 ## 1.17.2
 * bumped pluto to 5.20.3
 

plugins/admission/cmd/admission/main.go

@@ -62,7 +62,7 @@ func refreshConfig(cfg models.InsightsConfig, handler *fadmission.Validator, mut
 	}
 	if tempConfig.Polaris == nil {
 		logrus.Infoln("no admission polaris config is present in Insights, using the polaris default")
-		polarisConfig, err := polarisconfiguration.ParseFile("")
+		polarisConfig, err := polarisconfiguration.MergeConfigAndParseFile("", false)
 		if err != nil {
 			return err
 		}

plugins/admission/go.mod

@@ -8,7 +8,7 @@ require (
 	// IMPORTANT: Please also update the const  constant in pkg/pluto/pluto.go
 	// when updating the below Pluto version.
 	github.com/fairwindsops/pluto/v5 v5.20.3
-	github.com/fairwindsops/polaris v0.0.0-20240925151750-be349a885dbb
+	github.com/fairwindsops/polaris v0.0.0-20241022183118-073847559ad2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/rogpeppe/go-internal v1.12.0
 	github.com/samber/lo v1.46.0

plugins/admission/go.sum

@@ -38,8 +38,8 @@ github.com/fairwindsops/insights-plugins/plugins/opa v0.0.0-20240723212203-c2a84
 github.com/fairwindsops/insights-plugins/plugins/opa v0.0.0-20240723212203-c2a8403f3449/go.mod h1:O7exqY2twgCukf2ATiQuigzoDD/4uhYIc/cM3BpQhIc=
 github.com/fairwindsops/pluto/v5 v5.20.3 h1:VznhtWQL5YETPOJdQro84cyK/Y0eZthwqTZ2smdWxrI=
 github.com/fairwindsops/pluto/v5 v5.20.3/go.mod h1:EyAsOnv93/1zXAuNjnoq/v3Taxz7YNOpmPPhAPEzb/A=
-github.com/fairwindsops/polaris v0.0.0-20240925151750-be349a885dbb h1:Rhg2wAqB+jsVZTseO5SdXuu0sGHaK7+yoABMJ0BQSGg=
-github.com/fairwindsops/polaris v0.0.0-20240925151750-be349a885dbb/go.mod h1:WV1ym0X0lnb7CJN/7/F6t0xfKx+HMiMyNOHtTaaCin4=
+github.com/fairwindsops/polaris v0.0.0-20241022183118-073847559ad2 h1:F2wsMIfl7KXwHXZi/HVolpl61Bd9egLFbNy//EYtJYI=
+github.com/fairwindsops/polaris v0.0.0-20241022183118-073847559ad2/go.mod h1:WV1ym0X0lnb7CJN/7/F6t0xfKx+HMiMyNOHtTaaCin4=
 github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
 github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=

plugins/admission/version.txt

@@ -1 +1 @@
-1.17.2
+1.17.3

plugins/ci/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 5.7.9
+- bumped trivy to v0.57.0
+
 ## 5.7.8
 - Use `RemoveTokensAndPassword` function from trivy
 - Add trivy OCI repositories fallback

plugins/ci/Dockerfile

@@ -2,8 +2,8 @@ FROM alpine:3.20 AS downloader
 ARG TARGETARCH
 ARG TARGETOS
 ENV tfsecVersion=1.28.11
-ENV trivyVersion=0.56.2
-ENV polarisVersion=9.4.1
+ENV trivyVersion=0.57.0
+ENV polarisVersion=9.5.0
 ENV plutoVersion=5.20.3
 ENV helmVersion=3.15.4
 

plugins/ci/version.txt

@@ -1 +1 @@
-5.7.8
+5.7.9

plugins/trivy/CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.31.1
+* bumped trivy to 0.57.0
+
 ## 0.31.0
 * Add new env. variable support `SERVICE_ACCOUNT_ANNOTATIONS`
 * Add private GCP containers / registry support for skopeo copy

plugins/trivy/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:3.20 AS downloader
 ARG TARGETARCH
 ARG TARGETOS
-ENV trivyVersion=0.56.2
+ENV trivyVersion=0.57.0
 RUN apk update && apk add curl
 
 ENV kubectlVersion=1.31.0

plugins/trivy/version.txt

@@ -1 +1 @@
-0.31.0
+0.31.1