From 95ba38549ffd04ff9e8d24ee6217b412fc6e1a85 Mon Sep 17 00:00:00 2001
From: jdesouza <james@fairwinds.com>
Date: Tue, 5 Nov 2024 15:18:39 -0300
Subject: [PATCH] INSIGHTS-452 - plugins: bump trivy to 0.57.0 (#977)

* Bump trivy to 0.57.0

* Bump trivy to 0.57.0

* Fixing version

* Bumping polaris

* Fixed versions

* Fixed versions

* Fixed versions

* Fixed versions
---
 .circleci/scripts/ci-plugin-e2e-test.sh |  2 +-
 .circleci/scripts/install-trivy.sh      |  2 +-
 fairwinds-insights.yaml                 | 34 ++++++++++++-------------
 plugins/admission/CHANGELOG.md          |  3 +++
 plugins/admission/cmd/admission/main.go |  2 +-
 plugins/admission/go.mod                |  2 +-
 plugins/admission/go.sum                |  4 +--
 plugins/admission/version.txt           |  2 +-
 plugins/ci/CHANGELOG.md                 |  3 +++
 plugins/ci/Dockerfile                   |  4 +--
 plugins/ci/version.txt                  |  2 +-
 plugins/trivy/CHANGELOG.md              |  3 +++
 plugins/trivy/Dockerfile                |  2 +-
 plugins/trivy/version.txt               |  2 +-
 14 files changed, 38 insertions(+), 29 deletions(-)

diff --git a/.circleci/scripts/ci-plugin-e2e-test.sh b/.circleci/scripts/ci-plugin-e2e-test.sh
index 951db157d..75441a2a8 100755
--- a/.circleci/scripts/ci-plugin-e2e-test.sh
+++ b/.circleci/scripts/ci-plugin-e2e-test.sh
@@ -34,7 +34,7 @@ echo "Running CI/CD on sample repo"
 echo "The fairwinds-insights.yaml contents:"
 cat $CONFIG_FILE
 
-$ci_script &> output.txt || failed=false
+image_version=5.7 $ci_script &> output.txt || failed=false
 if [[ -n $failed ]]; then
   cat output.txt
   echo "CI script returned non-zero. Exiting."
diff --git a/.circleci/scripts/install-trivy.sh b/.circleci/scripts/install-trivy.sh
index 6f611868a..eec669319 100755
--- a/.circleci/scripts/install-trivy.sh
+++ b/.circleci/scripts/install-trivy.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 set -eo pipefail
 
-curl -L https://github.com/aquasecurity/trivy/releases/download/v0.56.2/trivy_0.56.2_Linux-64bit.tar.gz > trivy.tar.gz
+curl -L https://github.com/aquasecurity/trivy/releases/download/v0.57.0/trivy_0.57.0_Linux-64bit.tar.gz > trivy.tar.gz
 tar -xvf trivy.tar.gz
 sudo mv ./trivy /usr/local/bin/trivy
 rm trivy.tar.gz
diff --git a/fairwinds-insights.yaml b/fairwinds-insights.yaml
index 48d0152d5..d5b2f9888 100644
--- a/fairwinds-insights.yaml
+++ b/fairwinds-insights.yaml
@@ -4,26 +4,26 @@ options:
 # run ./scripts/scan-all.sh to regenerate
 images:
   docker:
-    - quay.io/fairwinds/polaris:9.4
+    - quay.io/fairwinds/polaris:9.5
     - quay.io/fairwinds/nova:v3.11
     - us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5.20
     - us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.13
-    - quay.io/fairwinds/insights-admission-controller:1.17.1
+    - quay.io/fairwinds/insights-admission-controller:1.17
     - quay.io/fairwinds/aws-costs:1.4.2
-    - quay.io/fairwinds/insights-ci:5.7.4
-    - quay.io/fairwinds/cloud-costs:0.3.7
-    - quay.io/fairwinds/falco-agent:0.3.10
-    - quay.io/fairwinds/fw-kube-bench-aggregator:0.3.18
-    - quay.io/fairwinds/fw-kube-bench:0.5.1
-    - quay.io/fairwinds/kubectl:0.20.6
-    - quay.io/fairwinds/fw-kubesec:1.4.9
-    - quay.io/fairwinds/kyverno:0.3.1
-    - quay.io/fairwinds/fw-opa:2.5.1
+    - quay.io/fairwinds/insights-ci:5.7
+    - quay.io/fairwinds/cloud-costs:0.3
+    - quay.io/fairwinds/falco-agent:0.3
+    - quay.io/fairwinds/fw-kube-bench-aggregator:0.3
+    - quay.io/fairwinds/fw-kube-bench:0.5
+    - quay.io/fairwinds/kubectl:0.20
+    - quay.io/fairwinds/fw-kubesec:1.4
+    - quay.io/fairwinds/kyverno:0.3
+    - quay.io/fairwinds/fw-opa:2.5
     - quay.io/fairwinds/postgres-partman:16.0.1
-    - quay.io/fairwinds/prometheus-collector:1.5.2
-    - quay.io/fairwinds/rbac-reporter:1.3.19
-    - quay.io/fairwinds/right-sizer:0.5.8
-    - quay.io/fairwinds/fw-trivy:0.30.1
-    - quay.io/fairwinds/insights-uploader:0.5.6
+    - quay.io/fairwinds/prometheus-collector:1.5
+    - quay.io/fairwinds/rbac-reporter:1.3
+    - quay.io/fairwinds/right-sizer:0.5
+    - quay.io/fairwinds/fw-trivy:0.31
+    - quay.io/fairwinds/insights-uploader:0.5
     - quay.io/fairwinds/insights-utils:0.0.8
-    - quay.io/fairwinds/workloads:2.6.10
+    - quay.io/fairwinds/workloads:2.6
diff --git a/plugins/admission/CHANGELOG.md b/plugins/admission/CHANGELOG.md
index 40bd7d1c5..fc9471c86 100644
--- a/plugins/admission/CHANGELOG.md
+++ b/plugins/admission/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 1.17.3
+* bumped polaris to 9.5.0
+
 ## 1.17.2
 * bumped pluto to 5.20.3
 
diff --git a/plugins/admission/cmd/admission/main.go b/plugins/admission/cmd/admission/main.go
index ca421c841..6d33b1ae5 100644
--- a/plugins/admission/cmd/admission/main.go
+++ b/plugins/admission/cmd/admission/main.go
@@ -62,7 +62,7 @@ func refreshConfig(cfg models.InsightsConfig, handler *fadmission.Validator, mut
 	}
 	if tempConfig.Polaris == nil {
 		logrus.Infoln("no admission polaris config is present in Insights, using the polaris default")
-		polarisConfig, err := polarisconfiguration.ParseFile("")
+		polarisConfig, err := polarisconfiguration.MergeConfigAndParseFile("", false)
 		if err != nil {
 			return err
 		}
diff --git a/plugins/admission/go.mod b/plugins/admission/go.mod
index 9d9bea197..11d69baf9 100644
--- a/plugins/admission/go.mod
+++ b/plugins/admission/go.mod
@@ -8,7 +8,7 @@ require (
 	// IMPORTANT: Please also update the const  constant in pkg/pluto/pluto.go
 	// when updating the below Pluto version.
 	github.com/fairwindsops/pluto/v5 v5.20.3
-	github.com/fairwindsops/polaris v0.0.0-20240925151750-be349a885dbb
+	github.com/fairwindsops/polaris v0.0.0-20241022183118-073847559ad2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/rogpeppe/go-internal v1.12.0
 	github.com/samber/lo v1.46.0
diff --git a/plugins/admission/go.sum b/plugins/admission/go.sum
index 16ab6fe47..4f97b8429 100644
--- a/plugins/admission/go.sum
+++ b/plugins/admission/go.sum
@@ -38,8 +38,8 @@ github.com/fairwindsops/insights-plugins/plugins/opa v0.0.0-20240723212203-c2a84
 github.com/fairwindsops/insights-plugins/plugins/opa v0.0.0-20240723212203-c2a8403f3449/go.mod h1:O7exqY2twgCukf2ATiQuigzoDD/4uhYIc/cM3BpQhIc=
 github.com/fairwindsops/pluto/v5 v5.20.3 h1:VznhtWQL5YETPOJdQro84cyK/Y0eZthwqTZ2smdWxrI=
 github.com/fairwindsops/pluto/v5 v5.20.3/go.mod h1:EyAsOnv93/1zXAuNjnoq/v3Taxz7YNOpmPPhAPEzb/A=
-github.com/fairwindsops/polaris v0.0.0-20240925151750-be349a885dbb h1:Rhg2wAqB+jsVZTseO5SdXuu0sGHaK7+yoABMJ0BQSGg=
-github.com/fairwindsops/polaris v0.0.0-20240925151750-be349a885dbb/go.mod h1:WV1ym0X0lnb7CJN/7/F6t0xfKx+HMiMyNOHtTaaCin4=
+github.com/fairwindsops/polaris v0.0.0-20241022183118-073847559ad2 h1:F2wsMIfl7KXwHXZi/HVolpl61Bd9egLFbNy//EYtJYI=
+github.com/fairwindsops/polaris v0.0.0-20241022183118-073847559ad2/go.mod h1:WV1ym0X0lnb7CJN/7/F6t0xfKx+HMiMyNOHtTaaCin4=
 github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
 github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
diff --git a/plugins/admission/version.txt b/plugins/admission/version.txt
index 06fb41b63..b9a05a6dc 100644
--- a/plugins/admission/version.txt
+++ b/plugins/admission/version.txt
@@ -1 +1 @@
-1.17.2
+1.17.3
diff --git a/plugins/ci/CHANGELOG.md b/plugins/ci/CHANGELOG.md
index 4a6a8ebf2..d70ef2f76 100644
--- a/plugins/ci/CHANGELOG.md
+++ b/plugins/ci/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 5.7.9
+- bumped trivy to v0.57.0
+
 ## 5.7.8
 - Use `RemoveTokensAndPassword` function from trivy
 - Add trivy OCI repositories fallback
diff --git a/plugins/ci/Dockerfile b/plugins/ci/Dockerfile
index 6deab4450..361eacc15 100644
--- a/plugins/ci/Dockerfile
+++ b/plugins/ci/Dockerfile
@@ -2,8 +2,8 @@ FROM alpine:3.20 AS downloader
 ARG TARGETARCH
 ARG TARGETOS
 ENV tfsecVersion=1.28.11
-ENV trivyVersion=0.56.2
-ENV polarisVersion=9.4.1
+ENV trivyVersion=0.57.0
+ENV polarisVersion=9.5.0
 ENV plutoVersion=5.20.3
 ENV helmVersion=3.15.4
 
diff --git a/plugins/ci/version.txt b/plugins/ci/version.txt
index a45f93568..1988835ed 100644
--- a/plugins/ci/version.txt
+++ b/plugins/ci/version.txt
@@ -1 +1 @@
-5.7.8
+5.7.9
diff --git a/plugins/trivy/CHANGELOG.md b/plugins/trivy/CHANGELOG.md
index 16199df18..64adea3e1 100644
--- a/plugins/trivy/CHANGELOG.md
+++ b/plugins/trivy/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.31.1
+* bumped trivy to 0.57.0
+
 ## 0.31.0
 * Add new env. variable support `SERVICE_ACCOUNT_ANNOTATIONS`
 * Add private GCP containers / registry support for skopeo copy
diff --git a/plugins/trivy/Dockerfile b/plugins/trivy/Dockerfile
index af47692e8..11bbfdebc 100644
--- a/plugins/trivy/Dockerfile
+++ b/plugins/trivy/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.20 AS downloader
 ARG TARGETARCH
 ARG TARGETOS
-ENV trivyVersion=0.56.2
+ENV trivyVersion=0.57.0
 RUN apk update && apk add curl
 
 ENV kubectlVersion=1.31.0
diff --git a/plugins/trivy/version.txt b/plugins/trivy/version.txt
index 26bea73e8..f176c9441 100644
--- a/plugins/trivy/version.txt
+++ b/plugins/trivy/version.txt
@@ -1 +1 @@
-0.31.0
+0.31.1