Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(checks): Improve AVD-DS-0005 logic #7806

Closed
simar7 opened this issue Oct 29, 2024 · 1 comment
Closed

fix(checks): Improve AVD-DS-0005 logic #7806

simar7 opened this issue Oct 29, 2024 · 1 comment
Assignees
Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Milestone

Comments

@simar7
Copy link
Member

simar7 commented Oct 29, 2024

We can improve the logic of this check a little:

  • If is a local tar archive, it is decompressed and extracted to the specified destination
  • If is a URL, the contents of the URL are downloaded and placed at the specified destination
  • If is a Git repository, the repository is cloned to the specified destination

Discussion: #7791

@simar7 simar7 added the scan/misconfiguration Issues relating to misconfiguration scanning label Oct 29, 2024
nicwortel added a commit to nicwortel/trivy-checks that referenced this issue Oct 29, 2024
COPY should be preferred over ADD simply when copying a file from the
build context to the container. However, ADD supports additional
features such as fetching files from remote HTTP(S) and Git URLS and
extracting tar files.

See https://docs.docker.com/build/building/best-practices/#add-or-copy,
aquasecurity/trivy#7806 and
aquasecurity/trivy#7791.
nicwortel added a commit to nicwortel/trivy-checks that referenced this issue Oct 29, 2024
COPY should be preferred over ADD when simply copying a file from the
build context to the container. However, ADD supports additional
features such as fetching files from remote HTTP(S) and Git URLS and
extracting tar files.

See https://docs.docker.com/build/building/best-practices/#add-or-copy,
aquasecurity/trivy#7806 and
aquasecurity/trivy#7791.
github-merge-queue bot pushed a commit to aquasecurity/trivy-checks that referenced this issue Oct 29, 2024
COPY should be preferred over ADD when simply copying a file from the
build context to the container. However, ADD supports additional
features such as fetching files from remote HTTP(S) and Git URLS and
extracting tar files.

See https://docs.docker.com/build/building/best-practices/#add-or-copy,
aquasecurity/trivy#7806 and
aquasecurity/trivy#7791.
@nicwortel
Copy link
Contributor

@simar7 I believe this issue can be closed now, as aquasecurity/trivy-checks#281 has been merged 👍

@simar7 simar7 added this to the v0.58.0 milestone Nov 8, 2024
@simar7 simar7 closed this as completed Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Status: No status
Development

No branches or pull requests

3 participants
@nicwortel @simar7 and others