Fix/ci silent pass on empty build#32
Conversation
Signed-off-by: Daniele De Lorenzi <2905124+dark-vex@users.noreply.github.com>
Signed-off-by: Daniele De Lorenzi <2905124+dark-vex@users.noreply.github.com>
Signed-off-by: Daniele De Lorenzi <2905124+dark-vex@users.noreply.github.com>
The old buildx (v0.5.1) paired with a current buildkit rejects registry-qualified names in --output type=docker. Build with a plain local tag (bareos-<app>:<tag>), then docker tag + docker push in the push step. This removes the invalid reference format error entirely.
Signed-off-by: Daniele De Lorenzi <2905124+dark-vex@users.noreply.github.com>
…d push debug output docker:stable was deprecated ~2020 and pins Docker ~19.03, which may reject otherwise-valid registry references. Upgrading to docker:27 gets current reference parsing. Debug echoes expose raw INPUT_REGISTRY and GITHUB_REPOSITORY so we can confirm values at push time.
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
![wiz-b661a10a98[bot]](https://avatars.githubusercontent.com/u/2905124?s=60&v=4){kind=small}
| @@ -1,4 +1,4 @@ | |||
| FROM docker:stable | |||
| FROM docker:27 | |||
There was a problem hiding this comment.
Missing User Instruction
on resource FROM docker:27 AS docker:27
More Details
This rule checks whether a `USER` instruction is specified in the Dockerfile. The rule fails when the `USER` instruction is missing, causing the container to run with root privileges (UID 0). If an attacker compromises an application running as root, they gain the privileges needed to potentially escape the container and attack the host node. It also increases the blast radius of a breach, allowing full control to modify files or install malware within the container. Enforcing a non-root user is a fundamental security measure that minimizes the attack surface and contains the impact of a potential compromise.
Expected
The Dockerfile stage should contain the 'USER' instruction
Found
The Dockerfile stage does not contain any 'USER' instruction
Security Frameworks: wf-id-264, wf-id-217, c7d2843b-ff83-4115-823e-a440e5c9b434, fcb43ca7-1138-43c6-af95-fe30190b00f7, 9bc0c54d-4a51-4dbc-8ae6-890bc8c96f68
Rule ID: e24d894e-a4db-4b8d-98cc-38d5825e1c7a
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate
| @@ -1,4 +1,4 @@ | |||
| FROM docker:stable | |||
| FROM docker:27 | |||
There was a problem hiding this comment.
Missing User Instruction
on resource FROM docker:27 AS docker:27
More Details
This rule checks whether a `USER` instruction is specified in the Dockerfile. The rule fails when the `USER` instruction is missing, causing the container to run with root privileges (UID 0). If an attacker compromises an application running as root, they gain the privileges needed to potentially escape the container and attack the host node. It also increases the blast radius of a breach, allowing full control to modify files or install malware within the container. Enforcing a non-root user is a fundamental security measure that minimizes the attack surface and contains the impact of a potential compromise.
Expected
The Dockerfile stage should contain the 'USER' instruction
Found
The Dockerfile stage does not contain any 'USER' instruction
Security Frameworks: wf-id-264, wf-id-217, c7d2843b-ff83-4115-823e-a440e5c9b434, fcb43ca7-1138-43c6-af95-fe30190b00f7, 9bc0c54d-4a51-4dbc-8ae6-890bc8c96f68
Rule ID: e24d894e-a4db-4b8d-98cc-38d5825e1c7a
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate
| @@ -1,4 +1,4 @@ | |||
| FROM docker:stable | |||
| FROM docker:27 | |||
There was a problem hiding this comment.
Missing User Instruction
on resource FROM docker:27 AS docker:27
More Details
This rule checks whether a `USER` instruction is specified in the Dockerfile. The rule fails when the `USER` instruction is missing, causing the container to run with root privileges (UID 0). If an attacker compromises an application running as root, they gain the privileges needed to potentially escape the container and attack the host node. It also increases the blast radius of a breach, allowing full control to modify files or install malware within the container. Enforcing a non-root user is a fundamental security measure that minimizes the attack surface and contains the impact of a potential compromise.
Expected
The Dockerfile stage should contain the 'USER' instruction
Found
The Dockerfile stage does not contain any 'USER' instruction
Security Frameworks: wf-id-264, wf-id-217, c7d2843b-ff83-4115-823e-a440e5c9b434, fcb43ca7-1138-43c6-af95-fe30190b00f7, 9bc0c54d-4a51-4dbc-8ae6-890bc8c96f68
Rule ID: e24d894e-a4db-4b8d-98cc-38d5825e1c7a
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate
1 participant
No description provided.