Checkmarx
diff --git a/‎.dockerignore‎
Lines changed: 3 additions & 3 deletions b/‎.dockerignore‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/go-e2e.yaml‎
Lines changed: 5 additions & 2 deletions b/‎.github/workflows/go-e2e.yaml‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎.github/workflows/release-apispec.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/release-apispec.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/release-dkr-image-for-tag.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/release-dkr-image-for-tag.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/release-dkr-image.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/release-dkr-image.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/release-nightly.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/release-nightly.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/update-install-script.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/update-install-script.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 2 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎assets/queries/ansible/aws/memcached_disabled/metadata.json‎
Lines changed: 1 addition & 1 deletion b/‎assets/queries/ansible/aws/memcached_disabled/metadata.json‎
Lines changed: 1 addition & 1 deletion
@@ -8,15 +8,15 @@ examples
 .editorconfig
 .gitignore
 .golangci.yml
-.goreleaser.nightly.yml
-.goreleaser.yml
+release/.goreleaser.nightly.yml
+release/.goreleaser.yml
 cx.configuration
 docker-compose.yml
 mkdocs.yml
 sonar-project.properties
 *.sarif
 *.zip
 Dockerfile
-Dockerfile.*
+docker
 assets/queries/**/test
 assets/template
@@ -12,7 +12,7 @@ jobs:
       matrix:
         go-version: [1.18.x]
         os: [ubuntu-latest]
-        kics-docker: ["Dockerfile", "Dockerfile.ubi8"]
+        kics-docker: ["Dockerfile", "docker/Dockerfile.ubi8"]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Cancel Previous Runs
@@ -93,9 +93,12 @@ jobs:
           go mod tidy
           go build
           ./e2e-report -test-path ${CWD} -test-name results.json -report-path ${CWD} -report-name e2e-report.html
+      - name: Get docker name
+        run: |
+          DOCKER_NAME=$(echo ${{ matrix.kics-docker }} | sed 's/\//-/')
       - name: Archive test report
         if: always()
         uses: actions/upload-artifact@v2
         with:
-          name: e2e-tests-report-${{ matrix.kics-docker }}
+          name: e2e-tests-report-$DOCKER_NAME
           path: e2e-report.html
@@ -36,10 +36,10 @@ jobs:
         with:
           go-version: 1.18.x
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2.9.1
+        uses: goreleaser/goreleaser-action@v3.0.0
         with:
           version: v0.160.0
-          args: release --rm-dist --snapshot --skip-validate --config="./.goreleaser-apispec.yml"
+          args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-apispec.yml"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
@@ -141,7 +141,7 @@ jobs:
         with:
           context: .
           push: true
-          file: ./Dockerfile.apispec
+          file: ./docker/Dockerfile.apispec
           tags: checkmarx/kics:apispec,checkmarx/kics:apispec-alpine
           build-args: |
             VERSION=apipsec-${{ steps.shorthash.outputs.sha8 }}
@@ -153,7 +153,7 @@ jobs:
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.apispec.debian
+          file: ./docker/Dockerfile.apispec.debian
           push: true
           tags: checkmarx/kics:apispec-debian,checkmarx/kics:apispec-debian-latest
           build-args: |
 
@@ -81,12 +81,12 @@ jobs:
             SENTRY_DSN=${{ secrets.SENTRY_DSN }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Push debian to Docker Hub
-        if: ${{ hashFiles('Dockerfile.debian') }} != ""
+        if: ${{ hashFiles('./docker/Dockerfile.debian') }} != ""
         id: build_debian
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.debian
+          file: ./docker/Dockerfile.debian
           push: true
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.prep.outputs.debian_tags }}
@@ -96,12 +96,12 @@ jobs:
             SENTRY_DSN=${{ secrets.SENTRY_DSN }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
       - name: Push ubi8 to Docker Hub
-        if: ${{ hashFiles('Dockerfile.ubi8') }} != ""
+        if: ${{ hashFiles('./docker/Dockerfile.ubi8') }} != ""
         id: build_ubi8
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.ubi8
+          file: ./docker/Dockerfile.ubi8
           push: true
           platforms: linux/amd64
           tags: ${{ steps.prep.outputs.ubi8_tags }}
 
@@ -65,7 +65,7 @@ jobs:
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.debian
+          file: ./docker/Dockerfile.debian
           push: true
           platforms: linux/amd64,linux/arm64
           tags: checkmarx/kics:debian,checkmarx/kics:${{ steps.get-version.outputs.version }}-debian
@@ -79,7 +79,7 @@ jobs:
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.ubi8
+          file: ./docker/Dockerfile.ubi8
           push: true
           tags: checkmarx/kics:ubi8,checkmarx/kics:${{ steps.get-version.outputs.version }}-ubi8
           platforms: linux/amd64
 
@@ -53,10 +53,10 @@ jobs:
         with:
           go-version: 1.18.x
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2.9.1
+        uses: goreleaser/goreleaser-action@v3.0.0
         with:
           version: v0.160.0
-          args: release --rm-dist --snapshot --skip-validate --config="./.goreleaser-nightly.yml"
+          args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
@@ -175,7 +175,7 @@ jobs:
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.debian
+          file: ./docker/Dockerfile.debian
           push: true
           platforms: linux/amd64,linux/arm64
           tags: checkmarx/kics:nightly-debian
@@ -188,7 +188,7 @@ jobs:
         uses: docker/build-push-action@v3.0.0
         with:
           context: .
-          file: ./Dockerfile.ubi8
+          file: ./docker/Dockerfile.ubi8
           push: true
           tags: checkmarx/kics:nightly-ubi8
           platforms: linux/amd64
 
@@ -41,7 +41,7 @@ jobs:
         run: |
           #!/usr/bin/env python3
           import ruamel.yaml
-          with open('.goreleaser.yml', 'r') as file:
+          with open('./docker/.goreleaser.yml', 'r') as file:
             file_obj = ruamel.yaml.load(file, Loader=ruamel.yaml.RoundTripLoader)
             del file_obj['brews']
             file_content = ruamel.yaml.dump(file_obj, Dumper=ruamel.yaml.RoundTripDumper)
 
@@ -33,7 +33,7 @@ HEALTHCHECK CMD wget -q --method=HEAD localhost/system-status.txt
 # Runtime image
 # Ignore no User Cmd since KICS container is stopped afer scan
 # kics-scan ignore-line
-FROM alpine:3.15.4
+FROM alpine:3.16.0
 
 # Install Terraform and Terraform plugins
 RUN wget https://releases.hashicorp.com/terraform/1.1.3/terraform_1.1.3_linux_amd64.zip \
@@ -47,7 +47,7 @@ RUN wget https://releases.hashicorp.com/terraform/1.1.3/terraform_1.1.3_linux_am
     && unzip terraform-provider-aws_3.72.0_linux_amd64.zip && rm terraform-provider-aws_3.72.0_linux_amd64.zip \
     && mkdir ~/.terraform.d && mkdir ~/.terraform.d/plugins && mkdir ~/.terraform.d/plugins/linux_amd64 && mv terraform-provider-aws_v3.72.0_x5 terraform-provider-google_v4.10.0_x5 terraform-provider-azurerm_v2.95.0_x5 ~/.terraform.d/plugins/linux_amd64 \
     && apk add --no-cache \
-    git=2.34.2-r0
+    git=2.36.1-r0
 
 # Copy built binary to the runtime container
 # Vulnerability fixed in latest version of KICS remove when gh actions version is updated
 
@@ -172,7 +172,7 @@ dkr-compose: ## build docker image and runs docker-compose up
 
 .PHONY: dkr-build-antlr
 dkr-build-antlr: ## build ANTLRv4 docker image and generate parser based on given grammar
-	@docker build -t antlr4-generator:dev -f Dockerfile.antlr .
+	@docker build -t antlr4-generator:dev -f ./docker/Dockerfile.antlr .
 	@docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter:/work -it antlr4-generator:dev
 
 .PHONY: release
 
@@ -1,7 +1,7 @@
 {
   "id": "2d55ef88-b616-4890-b822-47f280763e89",
   "queryName": "Memcached Disabled",
-  "severity": "HIGH",
+  "severity": "MEDIUM",
   "category": "Encryption",
   "descriptionText": "Check if the Memcached is disabled on the ElastiCache",
   "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/elasticache_module.html#parameter-engine",
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"id": "2d55ef88-b616-4890-b822-47f280763e89",`
`3`	`3`	`"queryName": "Memcached Disabled",`
`4`		`- "severity": "HIGH",`
	`4`	`+ "severity": "MEDIUM",`
`5`	`5`	`"category": "Encryption",`
`6`	`6`	`"descriptionText": "Check if the Memcached is disabled on the ElastiCache",`
`7`	`7`	`"descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/community/aws/elasticache_module.html#parameter-engine",`