Merge pull request #136 from MaibornWolff/dev

chore: merge to main for release 2024_01
MaibornWolff · Jan 5, 2024 · b9071cc · b9071cc
2 parents 14b5c83 + d8b09ae
commit b9071cc
Show file tree

Hide file tree

Showing 11 changed files with 23 additions and 23 deletions.
diff --git a/.github/workflows/build_push_dev.yml b/.github/workflows/build_push_dev.yml
@@ -32,7 +32,7 @@ jobs:
           push: true
           tags: maibornwolff/secobserve-scanners:dev
       -
-        name: Build and push OWASP ZAP
+        name: Build and push ZAP
         uses: docker/build-push-action@v5
         with:
           context: .

diff --git a/.github/workflows/build_push_latest.yml b/.github/workflows/build_push_latest.yml
@@ -43,7 +43,7 @@ jobs:
           build-args:
             VERSION=${{ github.event.inputs.release }}
       -
-        name: Build and push OWASP ZAP
+        name: Build and push ZAP
         uses: docker/build-push-action@v5
         with:
           context: .

diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ It consists of 2 major components:
 | [Gitleaks](https://gitleaks.io)                                   | `actions/secrets/gitleaks` | `templates/secrets/gitleaks.yml` | [MIT](https://github.com/gitleaks/gitleaks/blob/master/LICENSE) |
 | [CryptoLyzer](https://gitlab.com/coroner/cryptolyzer)             | `actions/DAST/cryptolyzer` | `templates/DAST/cryptolyzer.yml` | [MPL 2.0](https://gitlab.com/coroner/cryptolyzer/-/blob/master/LICENSE.txt) |
 | [DrHeader](https://github.com/Santandersecurityresearch/DrHeader) | `actions/DAST/drheader` | `templates/DAST/drheader.yml` | [MIT](https://github.com/Santandersecurityresearch/DrHeader/blob/master/LICENSE) |
-| [OWASP ZAP](https://github.com/zaproxy/zaproxy)                   | `actions/DAST/owasp_zap` | `templates/DAST/owasp_zap.yml` | [Apache 2.0](https://github.com/zaproxy/zaproxy/blob/main/LICENSE) |
+| [ZAP](https://github.com/zaproxy/zaproxy)                         | `actions/DAST/zap` | `templates/DAST/zap.yml` | [Apache 2.0](https://github.com/zaproxy/zaproxy/blob/main/LICENSE) |
 
 All GitHub actions and GitLab CI templates use a pre-built Docker image that contains all scanners and the SecObserve importer.
 

diff --git a/actions/DAST/owasp_zap/action.yaml → actions/DAST/zap/action.yaml b/actions/DAST/owasp_zap/action.yaml → actions/DAST/zap/action.yaml
@@ -1,5 +1,5 @@
-name: 'SecObserve OWASP ZAP'
-description: 'Scans web sites and APIs with OWASP ZAP'
+name: 'SecObserve ZAP'
+description: 'Scans web sites and APIs with ZAP'
 author: 'MaibornWolff'
 
 inputs:
@@ -44,7 +44,7 @@ inputs:
 runs:
   using: 'docker'
   image: 'docker://maibornwolff/secobserve-scanners-zap:latest'
-  entrypoint: '/entrypoints/entrypoint_owasp_zap.sh'
+  entrypoint: '/entrypoints/entrypoint_zap.sh'
   env:
     TARGET: ${{ inputs.target }}
     REPORT_NAME: ${{ inputs.report_name }}

diff --git a/dev/actions/DAST/owasp_zap/action.yaml → dev/actions/DAST/zap/action.yaml b/dev/actions/DAST/owasp_zap/action.yaml → dev/actions/DAST/zap/action.yaml
@@ -1,5 +1,5 @@
-name: 'SecObserve OWASP ZAP'
-description: 'Scans web sites and APIs with OWASP ZAP'
+name: 'SecObserve ZAP'
+description: 'Scans web sites and APIs with ZAP'
 author: 'MaibornWolff'
 
 inputs:
@@ -44,7 +44,7 @@ inputs:
 runs:
   using: 'docker'
   image: 'docker://maibornwolff/secobserve-scanners-zap:latest'
-  entrypoint: '/entrypoints/entrypoint_owasp_zap.sh'
+  entrypoint: '/entrypoints/entrypoint_zap.sh'
   env:
     TARGET: ${{ inputs.target }}
     REPORT_NAME: ${{ inputs.report_name }}

diff --git a/dev/templates/DAST/owasp_zap.yml → dev/templates/DAST/zap.yml b/dev/templates/DAST/owasp_zap.yml → dev/templates/DAST/zap.yml
@@ -1,4 +1,4 @@
-.owasp_zap:
+.zap:
   image:
     name: maibornwolff/secobserve-scanners-zap:dev
   stage: post_deploy
@@ -8,7 +8,7 @@
     SCRIPT: "zap-baseline.py"
     SO_UPLOAD: "true"
   script:
-    - /entrypoints/entrypoint_owasp_zap.sh
+    - /entrypoints/entrypoint_zap.sh
   interruptible: true
   allow_failure: true
   artifacts:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # Python build stage
-FROM python:3.11.5-alpine as python-build-stage
+FROM python:3.12.1-alpine as python-build-stage
 
 # Install gcc to be able to compile wheels for python packages
 RUN apk add --no-cache gcc musl-dev python3-dev
@@ -22,12 +22,12 @@ RUN wget --no-verbose https://github.com/Checkmarx/kics/archive/refs/tags/v${KIC
     && go build -o ./bin/kics cmd/console/main.go
 
 # Python run stage
-FROM python:3.11.5-alpine as python-run-stage
+FROM python:3.12.1-alpine as python-run-stage
 
 ARG GITLEAKS_VERSION=8.18.1
-ARG GRYPE_VERSION=0.73.4
+ARG GRYPE_VERSION=0.73.5
 ARG KICS_VERSION=1.7.12
-ARG TRIVY_VERSION=0.48.1
+ARG TRIVY_VERSION=0.48.2
 ARG TFSEC_VERSION=1.28.4
 
 # Install openssl-dev because libcrypto is needed for CryptoLyzer
@@ -41,7 +41,7 @@ RUN pip install --no-cache-dir --no-index --find-links=/wheels/ /wheels/* \
 	&& rm -rf /wheels/ && rm -rf /tmp
 
 # Hack because Python's find_library doesn't work on Alpine
-RUN sed -i -e "s|get_library('crypto', 'libcrypto\.dylib', '42')|'/usr/lib/libcrypto\.so'|g" /usr/local/lib/python3.11/site-packages/oscrypto/_openssl/_libcrypto_cffi.py
+RUN sed -i -e "s|get_library('crypto', 'libcrypto\.dylib', '42')|'/usr/lib/libcrypto\.so'|g" /usr/local/lib/python3.12/site-packages/oscrypto/_openssl/_libcrypto_cffi.py
 
 # copy and install precompiled DrHeader library and rules
 COPY docker/drheader/drheader-1.7.0-py2.py3-none-any.whl docker/drheader/rules.yml ./

diff --git a/docker/requirements.txt b/docker/requirements.txt
@@ -5,11 +5,11 @@ bandit-sarif-formatter==1.1.1  # https://github.com/microsoft/bandit-sarif-forma
 
 # Checkov
 # ----------------------------------------------------------------
-checkov==3.1.40  # https://github.com/bridgecrewio/checkov
+checkov==3.1.53  # https://github.com/bridgecrewio/checkov
 
 # Semgrep
 # ----------------------------------------------------------------
-semgrep==1.54.1  # https://github.com/returntocorp/semgrep
+semgrep==1.55.1  # https://github.com/returntocorp/semgrep
 
 # CryptoLyzer
 # ----------------------------------------------------------------

diff --git a/docker_zap/Dockerfile b/docker_zap/Dockerfile
@@ -1,5 +1,5 @@
 # Python run stage
-FROM owasp/zap2docker-stable:2.14.0
+FROM softwaresecurityproject/zap-stable:2.14.0
 
 # Install importer
 COPY importer/ /usr/local/importer/

diff --git a/...r_zap/entrypoints/entrypoint_owasp_zap.sh → docker_zap/entrypoints/entrypoint_zap.sh b/...r_zap/entrypoints/entrypoint_owasp_zap.sh → docker_zap/entrypoints/entrypoint_zap.sh
@@ -12,10 +12,10 @@ else
 fi
 
 export SO_FILE_NAME="${REPORT_NAME}"
-export SO_PARSER_NAME="OWASP ZAP"
+export SO_PARSER_NAME="ZAP"
 
 echo ----------------------------------------
-echo OWASP ZAP
+echo ZAP
 echo - TARGET:             "$TARGET"
 echo - REPORT_NAME:        "$REPORT_NAME"
 echo - SCRIPT:             "$SCRIPT"

diff --git a/templates/DAST/owasp_zap.yml → templates/DAST/zap.yml b/templates/DAST/owasp_zap.yml → templates/DAST/zap.yml
@@ -1,4 +1,4 @@
-.owasp_zap:
+.zap:
   image:
     name: maibornwolff/secobserve-scanners-zap:latest
   stage: post_deploy
@@ -8,7 +8,7 @@
     SCRIPT: "zap-baseline.py"
     SO_UPLOAD: "true"
   script:
-    - /entrypoints/entrypoint_owasp_zap.sh
+    - /entrypoints/entrypoint_zap.sh
   interruptible: true
   allow_failure: true
   artifacts: