Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(checks): Improve AVD-DS-0005 logic #7806

Closed
simar7 opened this issue Oct 29, 2024 · 1 comment
Closed

fix(checks): Improve AVD-DS-0005 logic #7806

simar7 opened this issue Oct 29, 2024 · 1 comment
Assignees
@nicwortel @simar7
Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.58.0

Comments

@simar7
Copy link
Member

simar7 commented Oct 29, 2024

We can improve the logic of this check a little:

  • If is a local tar archive, it is decompressed and extracted to the specified destination
  • If is a URL, the contents of the URL are downloaded and placed at the specified destination
  • If is a Git repository, the repository is cloned to the specified destination

Discussion: #7791
@simar7 simar7 added the scan/misconfiguration Issues relating to misconfiguration scanning label Oct 29, 2024
nicwortel added a commit to nicwortel/trivy-checks that referenced this issue Oct 29, 2024
@nicwortel
Allow the ADD instruction with HTTP, HTTPS and Git URLs
862f031 
COPY should be preferred over ADD simply when copying a file from the
build context to the container. However, ADD supports additional
features such as fetching files from remote HTTP(S) and Git URLS and
extracting tar files.

See https://docs.docker.com/build/building/best-practices/#add-or-copy,
aquasecurity/trivy#7806 and
aquasecurity/trivy#7791.
nicwortel added a commit to nicwortel/trivy-checks that referenced this issue Oct 29, 2024
@nicwortel
Allow the ADD instruction with HTTP, HTTPS and Git URLs
5e33506 
COPY should be preferred over ADD when simply copying a file from the
build context to the container. However, ADD supports additional
features such as fetching files from remote HTTP(S) and Git URLS and
extracting tar files.

See https://docs.docker.com/build/building/best-practices/#add-or-copy,
aquasecurity/trivy#7806 and
aquasecurity/trivy#7791.
@nicwortel nicwortel mentioned this issue Oct 29, 2024
Merged
github-merge-queue bot pushed a commit to aquasecurity/trivy-checks that referenced this issue Oct 29, 2024
@nicwortel @simar7
Allow the ADD instruction with HTTP, HTTPS and Git URLs
89d7c53 
COPY should be preferred over ADD when simply copying a file from the
build context to the container. However, ADD supports additional
features such as fetching files from remote HTTP(S) and Git URLS and
extracting tar files.

See https://docs.docker.com/build/building/best-practices/#add-or-copy,
aquasecurity/trivy#7806 and
aquasecurity/trivy#7791.
@nicwortel
Copy link

@simar7 I believe this issue can be closed now, as aquasecurity/trivy-checks#281 has been merged 👍

@simar7 simar7 added this to the v0.58.0 milestone Nov 8, 2024
@simar7 simar7 closed this as completed Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nicwortel nicwortel

@simar7 simar7

Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Status: No status
Milestone
v0.58.0
Development

No branches or pull requests
3 participants
@nicwortel @simar7 and others