Merge pull request #163 from MaibornWolff/dev

chore: merge to main for release 2024_04

actions/DAST/cryptolyzer/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/DAST/drheader/action.yaml

@@ -30,6 +30,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/DAST/zap/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SAST/bandit/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SAST/checkov/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SAST/eslint/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SAST/kics/action.yaml

@@ -18,6 +18,10 @@ inputs:
     description: 'Further parameters to be given to the scanner.'
     required: false
     default: ''
+  output_path:
+    description: 'Output path for the KICS scan results.'
+    required: true
+    default: ''
   so_upload:
     description: 'No upload of observations into SecObserve if value is not "true", default is "true".'
     required: false
@@ -31,6 +35,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false
@@ -50,6 +57,7 @@ runs:
     REPORT_NAME: ${{ inputs.report_name }}
     RUN_DIRECTORY: ${{ inputs.run_directory }}
     FURTHER_PARAMETERS: ${{ inputs.further_parameters }}
+    OUTPUT_PATH: ${{ inputs.output_path }}
     SO_UPLOAD: ${{ inputs.so_upload }}
     SO_API_BASE_URL: ${{ inputs.so_api_base_url }}
     SO_API_TOKEN: ${{ inputs.so_api_token }}

actions/SAST/semgrep/action.yaml

@@ -35,6 +35,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SAST/tfsec/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SAST/trivy_config/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SCA/grype_image/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SCA/trivy_filesystem/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/SCA/trivy_image/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

actions/importer/action.yaml

@@ -16,6 +16,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_file_name:
     description: 'Name of the file to import.'
     required: true

actions/secrets/gitleaks/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/DAST/cryptolyzer/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/DAST/drheader/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/DAST/zap/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SAST/bandit/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SAST/checkov/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SAST/eslint/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SAST/kics/action.yaml

@@ -18,6 +18,10 @@ inputs:
     description: 'Further parameters to be given to the scanner.'
     required: false
     default: ''
+  output_path:
+    description: 'Output path for the KICS scan results.'
+    required: true
+    default: ''
   so_upload:
     description: 'No upload of observations into SecObserve if value is not "true", default is "true".'
     required: false
@@ -31,6 +35,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false
@@ -50,6 +57,7 @@ runs:
     REPORT_NAME: ${{ inputs.report_name }}
     RUN_DIRECTORY: ${{ inputs.run_directory }}
     FURTHER_PARAMETERS: ${{ inputs.further_parameters }}
+    OUTPUT_PATH: ${{ inputs.output_path }}
     SO_UPLOAD: ${{ inputs.so_upload }}
     SO_API_BASE_URL: ${{ inputs.so_api_base_url }}
     SO_API_TOKEN: ${{ inputs.so_api_token }}

dev/actions/SAST/semgrep/action.yaml

@@ -35,6 +35,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SAST/tfsec/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SAST/trivy_config/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SCA/grype_image/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SCA/trivy_filesystem/action.yaml

@@ -31,6 +31,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/SCA/trivy_image/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

dev/actions/importer/action.yaml

@@ -16,6 +16,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_file_name:
     description: 'Name of the file to import.'
     required: true

dev/actions/secrets/gitleaks/action.yaml

@@ -27,6 +27,9 @@ inputs:
   so_product_name:
     description: 'Name of the product which observations are imported. The product has to exist before starting the import.'
     required: true
+  so_branch_name:
+    description: 'Name of the product branch which observations are imported. If the branch does not exist yet, it is automatically created.'
+    required: false
   so_origin_service:
     description: 'Service name to be set for all imported observations.'
     required: false

docker/Dockerfile

@@ -1,5 +1,5 @@
 # Python build stage
-FROM python:3.12.2-alpine as python-build-stage
+FROM python:3.12.3-alpine as python-build-stage
 
 # Install gcc to be able to compile wheels for python packages
 RUN apk add --no-cache gcc musl-dev python3-dev
@@ -10,9 +10,9 @@ COPY docker/requirements.txt .
 RUN pip wheel --wheel-dir /usr/src/app/wheels -r ./requirements.txt
 
 # Go build stage for KICS
-FROM golang:1.22.0-alpine as go-build-stage
+FROM golang:1.22.2-alpine as go-build-stage
 
-ARG KICS_VERSION=1.7.12
+ARG KICS_VERSION=2.0.0
 
 # Install kics from GitHub
 WORKDIR /usr/local/kics
@@ -22,12 +22,12 @@ RUN wget --no-verbose https://github.com/Checkmarx/kics/archive/refs/tags/v${KIC
     && go build -o ./bin/kics cmd/console/main.go
 
 # Python run stage
-FROM python:3.12.2-alpine as python-run-stage
+FROM python:3.12.3-alpine as python-run-stage
 
 ARG GITLEAKS_VERSION=8.18.2
-ARG GRYPE_VERSION=0.74.5
-ARG KICS_VERSION=1.7.12
-ARG TRIVY_VERSION=0.49.1
+ARG GRYPE_VERSION=0.77.0
+ARG KICS_VERSION=2.0.0
+ARG TRIVY_VERSION=0.50.2
 ARG TFSEC_VERSION=1.28.5
 
 ARG CREATED