Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docker release to the full release process for final releases #1004

Merged
merged 30 commits into from
May 21, 2024

update docker release to align with other adapters, add dev docker

8e31cc4
Select commit
Loading
Failed to load commit list.
Merged

Add docker release to the full release process for final releases #1004

update docker release to align with other adapters, add dev docker
8e31cc4
Select commit
Loading
Failed to load commit list.
Wiz Inc. (266a8a9c32) / Wiz IaC Scanner completed Apr 13, 2024 in 2s

Wiz IaC Scanner

Ave, Warden of Whitespace Wilderness! 🏞️

Wiz's lantern's glow brought hidden secrets into the light within this PR. 🔮🔦

Revealing IaC misconfigurations with Wiz 🪄

🔮 IaC Misconfigurations Detected: 4

0C 2H 1M 0L 1I

― Note from Wiz: "Wiz's spirit dwells in your code - keep conjuring marvels! 🪄💻🌟"

Annotations

Check failure on line 47 in docker-dev/Dockerfile

See this annotation in the file changed.

@wiz-inc-266a8a9c32 wiz-inc-266a8a9c32 / Wiz IaC Scanner

Missing User Instruction

Rule ID: e54afcf9-dc71-484a-8967-d930e3044062
Severity: High
Resource: FROM={{base as dbt-spark-dev}}

A user should be specified in the dockerfile, otherwise the image will run as root
Raw output
Expected: The 'Dockerfile' should contain the 'USER' instruction
Found: The 'Dockerfile' does not contain any 'USER' instruction

Check failure on line 32 in docker-release/Dockerfile

See this annotation in the file changed.

@wiz-inc-266a8a9c32 wiz-inc-266a8a9c32 / Wiz IaC Scanner

Missing User Instruction

Rule ID: e54afcf9-dc71-484a-8967-d930e3044062
Severity: High
Resource: FROM={{base as dbt-spark}}

A user should be specified in the dockerfile, otherwise the image will run as root
Raw output
Expected: The 'Dockerfile' should contain the 'USER' instruction
Found: The 'Dockerfile' does not contain any 'USER' instruction

Check warning on line 42 in docker-release/Dockerfile

See this annotation in the file changed.

@wiz-inc-266a8a9c32 wiz-inc-266a8a9c32 / Wiz IaC Scanner

Unpinned Package Version in Pip Install

Rule ID: 1f0d05d7-8caf-4f04-bc60-332d472de5a9
Severity: Medium
Resource: FROM={{base as dbt-spark}}.{{RUN python -m pip install --no-cache-dir "dbt-spark[${extras}] @ git+https://github.com/dbt-labs/dbt-spark@${commit_ref}"}}

Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction python -m pip install --no-cache-dir "dbt-spark[all] @ git+https://github.com/dbt-labs/dbt-spark@main" does not use package pinning form

Check notice on line 8 in docker-dev/Dockerfile

See this annotation in the file changed.

@wiz-inc-266a8a9c32 wiz-inc-266a8a9c32 / Wiz IaC Scanner

APT-GET Not Avoiding Additional Packages

Rule ID: 0cbafd91-7f35-4000-b40a-bebedb7bb5f8
Severity: None
Resource: FROM={{ubuntu:22.04 as base}}.{{RUN apt-get update   && apt-get install -y software-properties-common=0.99.22.9   && add-apt-repository -y ppa:deadsnakes/ppa   && apt-get clean   && rm -rf     /var/lib/apt/lists/*     /tmp/*     /var/tmp/*}}

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Raw output
Expected: 'RUN apt-get update   && apt-get install -y software-properties-common=0.99.22.9   && add-apt-repository -y ppa:deadsnakes/ppa   && apt-get clean   && rm -rf     /var/lib/apt/lists/*     /tmp/*     /var/tmp/*' uses '--no-install-recommends' flag to avoid installing additional packages
Found: 'RUN apt-get update   && apt-get install -y software-properties-common=0.99.22.9   && add-apt-repository -y ppa:deadsnakes/ppa   && apt-get clean   && rm -rf     /var/lib/apt/lists/*     /tmp/*     /var/tmp/*' does not use '--no-install-recommends' flag to avoid installing additional packages