-
-
Notifications
You must be signed in to change notification settings - Fork 244
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add renovate to repository linters (#4540)
* Add renovate to repository linters * [build-command] Update generated files * Fixes * build command * Minor fixes * Fix ARG usage --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
- Loading branch information
1 parent
ba894e8
commit c044592
Showing
25 changed files
with
272 additions
and
143 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,6 +27,8 @@ ARG GO_REVIVE_VERSION=v1.5.1 | |
| ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.7-alpine | ||
| # renovate: datasource=docker depName=yoheimuta/protolint | ||
| ARG PROTOBUF_PROTOLINT_VERSION=0.52.0 | ||
| # renovate: datasource=github-tags depName=checkmarx/dustilock | ||
| ARG REPOSITORY_DUSTILOCK_VERSION=1.2.0 | ||
| # renovate: datasource=docker depName=zricethezav/gitleaks | ||
| ARG REPOSITORY_GITLEAKS_VERSION=v8.23.1 | ||
| # renovate: datasource=docker depName=checkmarx/kics | ||
|
|
@@ -67,7 +69,8 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} AS kubeconform | |
| FROM ghcr.io/assignuser/chktex-alpine:latest AS chktex | ||
| FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} AS protolint | ||
| FROM golang:alpine AS dustilock | ||
| RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected] | ||
| ARG REPOSITORY_DUSTILOCK_VERSION | ||
| RUN apk add --no-cache git && GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v${REPOSITORY_DUSTILOCK_VERSION} | ||
| FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} AS gitleaks | ||
| FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} AS kics | ||
| FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} AS trufflehog | ||
|
|
@@ -167,6 +170,16 @@ ARG PSSA_VERSION='1.23.0' | |
| ARG RAKU_RAKU_VERSION=2024.10 | ||
| ARG RAKU_RAKU_ALPINE_VERSION=3.20 | ||
|
|
||
| # renovate: datasource=nuget depName=Microsoft.CST.DevSkim.CLI | ||
| ARG REPOSITORY_DEVSKIM_VERSION=1.0.51 | ||
| # renovate: datasource=github-tags depName=anchore/grype | ||
| ARG REPOSITORY_GRYPE_VERSION=0.79.5 | ||
| # renovate: datasource=github-tags depName=anchore/syft | ||
| ARG REPOSITORY_SYFT_VERSION=1.18.1 | ||
| # renovate: datasource=github-tags depName=aquasecurity/trivy | ||
| ARG REPOSITORY_TRIVY_VERSION=0.58.2 | ||
| # renovate: datasource=github-tags depName=aquasecurity/trivy | ||
| ARG REPOSITORY_TRIVY_SBOM_VERSION=0.58.2 | ||
| # renovate: datasource=npm depName=@salesforce/sfdx-scanner | ||
| ARG SALESFORCE_SFDX_SCANNER_VERSION=4.7.0 | ||
| # renovate: datasource=npm depName=lightning-flow-scanner | ||
|
|
@@ -781,7 +794,7 @@ ENV PATH="~/.raku/bin:/opt/rakudo-pkg/bin:/opt/rakudo-pkg/share/perl6/site/bin:$ | |
| # RUN apk add --no-cache dotnet9-sdk | ||
| # Next line commented because already managed by another linter | ||
| # ENV PATH="${PATH}:/root/.dotnet/tools" | ||
| RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI \ | ||
| RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI --version ${REPOSITORY_DEVSKIM_VERSION} \ | ||
| # | ||
| # dustilock installation | ||
| # Managed with COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock | ||
|
|
@@ -790,24 +803,23 @@ RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI \ | |
| # Managed with COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/ | ||
| # | ||
| # grype installation | ||
| && curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin v0.79.5 | ||
| && curl -sSfL https://raw.githubusercontent.com/anchore/grype/refs/tags/v${REPOSITORY_GRYPE_VERSION}/install.sh | sh -s -- -b /usr/local/bin | ||
| # | ||
| # kics installation | ||
| # Managed with COPY --link --from=kics /app/bin/kics /usr/bin/kics | ||
| ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/assets/libraries | ||
| # Managed with COPY --from=kics /app/bin/assets /usr/bin/assets | ||
| # | ||
| # syft installation | ||
| RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin \ | ||
| RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ | ||
| # | ||
| # trivy installation | ||
| && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \ | ||
| && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ | ||
| && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ | ||
| # | ||
| # trivy-sbom installation | ||
| # Next line commented because already managed by another linter | ||
| # RUN wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \ | ||
| # && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) | ||
| && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ | ||
| && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ | ||
| # | ||
| # trufflehog installation | ||
| # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.