From dde341aa6f2ddcaaa6f51b2807a07f5b83d9df48 Mon Sep 17 00:00:00 2001
From: Ivan Kouznetsov <ivan.kouznetsov@slalom.com>
Date: Wed, 17 May 2023 13:19:30 -0700
Subject: [PATCH 1/6] adding tfsec to all images and readme

---
 Dockerfile/full-alpine-amd64     | 4 ++++
 Dockerfile/full-ubuntu-amd64     | 4 ++++
 Dockerfile/standard-alpine-amd64 | 4 ++++
 Dockerfile/standard-ubuntu-amd64 | 4 ++++
 4 files changed, 16 insertions(+)

diff --git a/Dockerfile/full-alpine-amd64 b/Dockerfile/full-alpine-amd64
index 3fb08af..0de82df 100644
--- a/Dockerfile/full-alpine-amd64
+++ b/Dockerfile/full-alpine-amd64
@@ -69,3 +69,7 @@ ARG tflint_version=0.45.0
 RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tflint_version}/tflint_linux_amd64.zip \
   && unzip -d /usr/local/bin tflint_linux_amd64.zip \
   && rm tflint_linux_amd64.zip
+
+# Install tfsec (https://github.com/aquasecurity/tfsec)
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/full-ubuntu-amd64 b/Dockerfile/full-ubuntu-amd64
index 6e5c74f..803d305 100644
--- a/Dockerfile/full-ubuntu-amd64
+++ b/Dockerfile/full-ubuntu-amd64
@@ -71,3 +71,7 @@ ARG tflint_version=0.45.0
 RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tflint_version}/tflint_linux_amd64.zip \
   && unzip -d /usr/local/bin tflint_linux_amd64.zip \
   && rm tflint_linux_amd64.zip
+
+# Install tfsec (https://github.com/aquasecurity/tfsec)
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/standard-alpine-amd64 b/Dockerfile/standard-alpine-amd64
index fc8112f..7929966 100644
--- a/Dockerfile/standard-alpine-amd64
+++ b/Dockerfile/standard-alpine-amd64
@@ -29,3 +29,7 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && wget https://github.com/cloudposse/atmos/releases/download/v${atmosrelease}/atmos_${atmosrelease}_linux_amd64 \
   && mv atmos_${atmosrelease}_linux_amd64 /usr/bin/atmos \
   && chmod +x /usr/bin/atmos
+
+# Install tfsec (https://github.com/aquasecurity/tfsec)
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/standard-ubuntu-amd64 b/Dockerfile/standard-ubuntu-amd64
index 04707f2..5ad780e 100644
--- a/Dockerfile/standard-ubuntu-amd64
+++ b/Dockerfile/standard-ubuntu-amd64
@@ -30,3 +30,7 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && wget https://github.com/cloudposse/atmos/releases/download/v${atmosrelease}/atmos_${atmosrelease}_linux_amd64 \
   && mv atmos_${atmosrelease}_linux_amd64 /usr/bin/atmos \
   && chmod +x /usr/bin/atmos
+
+# Install tfsec (https://github.com/aquasecurity/tfsec)
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN export tfsecrelease="$(tfsec --version)"

From 1446f4aa37bdbfd9892dd070bcf650453e87418c Mon Sep 17 00:00:00 2001
From: Ivan Kouznetsov <ivan.kouznetsov@slalom.com>
Date: Wed, 17 May 2023 13:36:36 -0700
Subject: [PATCH 2/6] adding tfsec to  readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cd7cef4..78cfc5e 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ docker pull ghcr.io/slalombuild/pe-toolkit-standard-ubuntu-amd64:latest
 
 | Standard | Full |
 | --- | --- |
-| `terraform`<br/> `atmos`<br/> `curl`<br/> `bash`<br/> `jq`<br/> `yq`<br/> `figlet`<br/> `unzip`<br/> `zip`<br/> `git`<br/> `shellcheck`<br/> `nano`<br/> | _everything in standard_<br/> `terraform-docs`<br/> `node` and `npm`<br/> `python` and `pip`<br/> `go`<br/> |
+| `terraform`<br/> `atmos`<br/> `curl`<br/> `bash`<br/> `jq`<br/> `yq`<br/> `figlet`<br/> `unzip`<br/> `zip`<br/> `git`<br/> `shellcheck`<br/> `nano`<br/> `tfsec` <br/>| _everything in standard_<br/> `terraform-docs`<br/> `node` and `npm`<br/> `python` and `pip`<br/> `go`<br/> |
 
 #### I'd like the image(s) to include x, can I add it?
 

From a35a83b583fe7ea2f26b290d1756af0974efbe6a Mon Sep 17 00:00:00 2001
From: Ivan Kouznetsov <ivan.kouznetsov@slalom.com>
Date: Wed, 17 May 2023 15:11:00 -0700
Subject: [PATCH 3/6] actually run the install script

---
 Dockerfile/full-alpine-amd64     | 2 +-
 Dockerfile/full-ubuntu-amd64     | 2 +-
 Dockerfile/standard-alpine-amd64 | 2 +-
 Dockerfile/standard-ubuntu-amd64 | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile/full-alpine-amd64 b/Dockerfile/full-alpine-amd64
index 0de82df..3316bb8 100644
--- a/Dockerfile/full-alpine-amd64
+++ b/Dockerfile/full-alpine-amd64
@@ -71,5 +71,5 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/full-ubuntu-amd64 b/Dockerfile/full-ubuntu-amd64
index 803d305..030e05c 100644
--- a/Dockerfile/full-ubuntu-amd64
+++ b/Dockerfile/full-ubuntu-amd64
@@ -73,5 +73,5 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/standard-alpine-amd64 b/Dockerfile/standard-alpine-amd64
index 7929966..8f52076 100644
--- a/Dockerfile/standard-alpine-amd64
+++ b/Dockerfile/standard-alpine-amd64
@@ -31,5 +31,5 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/standard-ubuntu-amd64 b/Dockerfile/standard-ubuntu-amd64
index 5ad780e..fe9d4f5 100644
--- a/Dockerfile/standard-ubuntu-amd64
+++ b/Dockerfile/standard-ubuntu-amd64
@@ -32,5 +32,5 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh
+RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
 RUN export tfsecrelease="$(tfsec --version)"

From 128d036f11e0f955a8c44f146ca6456cdbbcae2d Mon Sep 17 00:00:00 2001
From: Ivan Kouznetsov <ivan.kouznetsov@slalom.com>
Date: Wed, 17 May 2023 15:39:49 -0700
Subject: [PATCH 4/6] use local shell script to install tfsec

---
 Dockerfile/full-alpine-amd64     |   4 +-
 Dockerfile/full-ubuntu-amd64     |   4 +-
 Dockerfile/standard-alpine-amd64 |   4 +-
 Dockerfile/standard-ubuntu-amd64 |   4 +-
 Dockerfile/tfsec-install.sh      | 132 +++++++++++++++++++++++++++++++
 5 files changed, 144 insertions(+), 4 deletions(-)
 create mode 100644 Dockerfile/tfsec-install.sh

diff --git a/Dockerfile/full-alpine-amd64 b/Dockerfile/full-alpine-amd64
index 3316bb8..abd4b20 100644
--- a/Dockerfile/full-alpine-amd64
+++ b/Dockerfile/full-alpine-amd64
@@ -71,5 +71,7 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
+COPY tfsec-install.sh .
+RUN chmod +x tfsec-install.sh
+RUN tfsec-install.sh
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/full-ubuntu-amd64 b/Dockerfile/full-ubuntu-amd64
index 030e05c..5545b18 100644
--- a/Dockerfile/full-ubuntu-amd64
+++ b/Dockerfile/full-ubuntu-amd64
@@ -73,5 +73,7 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
+COPY tfsec-install.sh .
+RUN chmod +x tfsec-install.sh
+RUN tfsec-install.sh
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/standard-alpine-amd64 b/Dockerfile/standard-alpine-amd64
index 8f52076..d0fcb91 100644
--- a/Dockerfile/standard-alpine-amd64
+++ b/Dockerfile/standard-alpine-amd64
@@ -31,5 +31,7 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
+COPY tfsec-install.sh .
+RUN chmod +x tfsec-install.sh
+RUN tfsec-install.sh
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/standard-ubuntu-amd64 b/Dockerfile/standard-ubuntu-amd64
index fe9d4f5..3b015ad 100644
--- a/Dockerfile/standard-ubuntu-amd64
+++ b/Dockerfile/standard-ubuntu-amd64
@@ -32,5 +32,7 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash
+COPY tfsec-install.sh .
+RUN chmod +x tfsec-install.sh
+RUN tfsec-install.sh
 RUN export tfsecrelease="$(tfsec --version)"
diff --git a/Dockerfile/tfsec-install.sh b/Dockerfile/tfsec-install.sh
new file mode 100644
index 0000000..764da94
--- /dev/null
+++ b/Dockerfile/tfsec-install.sh
@@ -0,0 +1,132 @@
+#!/bin/sh -e
+
+get_machine_arch () {
+    machine_arch=""
+    case $(uname -m) in
+        i386)     machine_arch="386" ;;
+        i686)     machine_arch="386" ;;
+        x86_64)   machine_arch="amd64" ;;
+        arm64)    machine_arch="arm64" ;;
+        aarch64)  dpkg --print-architecture | grep -q "arm64" && machine_arch="arm64" || machine_arch="arm" ;;
+    esac
+    echo $machine_arch
+}
+arch=$(get_machine_arch)
+
+echo "arch=$arch"
+
+local_filename="tfsec"
+case "$(uname -s)" in
+  Darwin*)
+    remote_filename="$local_filename-darwin-${arch}"
+    checkgen_filename="$local_filename-checkgen-darwin-${arch}"
+    ;;
+  MINGW64*)
+    remote_filename="$local_filename-windows-${arch}"
+    checkgen_filename+="$local_filename-checkgen-windows-${arch}"
+    local_filename+=".exe"
+    ;;
+  MSYS_NT*)
+    remote_filename+="$local_filename-windows-${arch}"
+    checkgen_filename+="$local_filename-checkgen-windows-${arch}"
+    local_filename+=".exe"
+    ;;
+  *)
+    remote_filename+="$local_filename-linux-${arch}"
+    checkgen_filename+="$local_filename-checkgen-linux-${arch}"
+    ;;
+esac
+checksum_file="tfsec_checksums.txt"
+download_path=$(mktemp -d -t tfsec.XXXXXXXXXX)
+
+echo "remote_filename=$remote_filename"
+echo "local_filename=$local_filename"
+echo "checkgen_filename=$checkgen_filename"
+
+mkdir -p $download_path
+
+echo -e "\n\n===================================================="
+
+get_latest_release() {
+  curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | # Get latest release from GitHub api
+    grep '"tag_name":' |                                                            # Get tag line
+    sed -E 's/.*"([^"]+)".*/\1/'                                                    # Pluck JSON value
+}
+
+if [ -z "${TFSEC_VERSION}" ] || [ "${TFSEC_VERSION}" == "latest" ]; then
+  echo "Looking up the latest version..."
+  version=$(get_latest_release)
+else
+  version=${TFSEC_VERSION}
+fi
+
+echo "Downloading tfsec $version"
+
+download_file() {
+  echo "Downloading $3..."
+  local download_path=${1:?Download path no supplied}   
+  local version=${2:?No version supplied}
+  local file=${3:?File to download not supplied}
+  curl --fail --silent -L -o "${download_path}/${file}" "https://github.com/aquasecurity/tfsec/releases/download/${version}/${file}"
+  dl_status=$?
+  if [ $dl_status -ne 0 ]; then
+    echo "Failed to download ${file}"
+    exit $dl_status
+  fi
+  echo "Downloaded file \"${file}\" successfully"
+}
+
+download_file ${download_path} ${version} ${remote_filename}
+download_file ${download_path} ${version} ${checkgen_filename}
+download_file ${download_path} ${version} ${checksum_file}
+
+pushd $PWD > /dev/null
+cd $download_path
+cat ${checksum_file} | grep ${checkgen_filename} > checksum.txt
+sha256sum -c checksum.txt
+shasum_val=$?
+popd > /dev/null
+
+if [ $shasum_val -ne 0 ]; then
+  echo "Failed to verify checksum"
+  exit $shasum_val
+fi
+echo "Checksum verified successfully"
+
+echo -e "\n\n===================================================="
+
+mv "${download_path}/${remote_filename}" "${download_path}/${local_filename}"
+if [[ $remote_filename == *"windows"* ]]; then
+  dest="${TFSEC_INSTALL_PATH:-/bin}/"
+  echo "Installing ${local_filename} to ${dest}..."
+  mv "${download_path}/${local_filename}" "$dest"
+  retVal=$?
+  if [ $retVal -ne 0 ]; then
+    echo "Failed to install tfsec"
+    exit $retVal
+  else
+    echo "tfsec installed at ${dest} successfully"
+  fi
+else
+  dest="${TFSEC_INSTALL_PATH:-/usr/local/bin}/"
+  echo "Installing ${download_path}/${local_filename} to ${dest}..."
+
+  if [[ -w "$dest" ]]; then SUDO=""; else
+    # current user does not have write access to install directory
+    SUDO="sudo"
+  fi
+
+  $SUDO mkdir -p "$dest"
+  $SUDO install -c -v "${download_path}/${local_filename}" "$dest"
+  retVal=$?
+  if [ $retVal -ne 0 ]; then
+    echo "Failed to install tfsec"
+    exit $retVal
+  fi
+fi
+
+echo "Cleaning downloaded files..."
+rm -rf "${download_path}"
+
+echo -e "\n\n===================================================="
+echo "Current tfsec version: $(${dest}${local_filename} -v)"

From b2047aa401965b2fd17b89f453f7896055c7b101 Mon Sep 17 00:00:00 2001
From: Ivan Kouznetsov <ivan.kouznetsov@slalom.com>
Date: Thu, 18 May 2023 13:08:37 -0700
Subject: [PATCH 5/6] download using wget and move to usr/bin

---
 Dockerfile/full-alpine-amd64     |   8 +-
 Dockerfile/full-ubuntu-amd64     |   8 +-
 Dockerfile/standard-alpine-amd64 |   9 ++-
 Dockerfile/standard-ubuntu-amd64 |   8 +-
 Dockerfile/tfsec-install.sh      | 132 -------------------------------
 5 files changed, 17 insertions(+), 148 deletions(-)
 delete mode 100644 Dockerfile/tfsec-install.sh

diff --git a/Dockerfile/full-alpine-amd64 b/Dockerfile/full-alpine-amd64
index abd4b20..dcf7b13 100644
--- a/Dockerfile/full-alpine-amd64
+++ b/Dockerfile/full-alpine-amd64
@@ -71,7 +71,7 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-COPY tfsec-install.sh .
-RUN chmod +x tfsec-install.sh
-RUN tfsec-install.sh
-RUN export tfsecrelease="$(tfsec --version)"
+RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
+RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
+RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
+RUN tfsec --version
diff --git a/Dockerfile/full-ubuntu-amd64 b/Dockerfile/full-ubuntu-amd64
index 5545b18..cf691c4 100644
--- a/Dockerfile/full-ubuntu-amd64
+++ b/Dockerfile/full-ubuntu-amd64
@@ -73,7 +73,7 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-COPY tfsec-install.sh .
-RUN chmod +x tfsec-install.sh
-RUN tfsec-install.sh
-RUN export tfsecrelease="$(tfsec --version)"
+RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
+RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
+RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
+RUN tfsec --version
diff --git a/Dockerfile/standard-alpine-amd64 b/Dockerfile/standard-alpine-amd64
index d0fcb91..0c264cd 100644
--- a/Dockerfile/standard-alpine-amd64
+++ b/Dockerfile/standard-alpine-amd64
@@ -31,7 +31,8 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-COPY tfsec-install.sh .
-RUN chmod +x tfsec-install.sh
-RUN tfsec-install.sh
-RUN export tfsecrelease="$(tfsec --version)"
+RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
+RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
+RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
+RUN tfsec --version
+
diff --git a/Dockerfile/standard-ubuntu-amd64 b/Dockerfile/standard-ubuntu-amd64
index 3b015ad..9165a8f 100644
--- a/Dockerfile/standard-ubuntu-amd64
+++ b/Dockerfile/standard-ubuntu-amd64
@@ -32,7 +32,7 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-COPY tfsec-install.sh .
-RUN chmod +x tfsec-install.sh
-RUN tfsec-install.sh
-RUN export tfsecrelease="$(tfsec --version)"
+RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
+RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
+RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
+RUN tfsec --version
diff --git a/Dockerfile/tfsec-install.sh b/Dockerfile/tfsec-install.sh
deleted file mode 100644
index 764da94..0000000
--- a/Dockerfile/tfsec-install.sh
+++ /dev/null
@@ -1,132 +0,0 @@
-#!/bin/sh -e
-
-get_machine_arch () {
-    machine_arch=""
-    case $(uname -m) in
-        i386)     machine_arch="386" ;;
-        i686)     machine_arch="386" ;;
-        x86_64)   machine_arch="amd64" ;;
-        arm64)    machine_arch="arm64" ;;
-        aarch64)  dpkg --print-architecture | grep -q "arm64" && machine_arch="arm64" || machine_arch="arm" ;;
-    esac
-    echo $machine_arch
-}
-arch=$(get_machine_arch)
-
-echo "arch=$arch"
-
-local_filename="tfsec"
-case "$(uname -s)" in
-  Darwin*)
-    remote_filename="$local_filename-darwin-${arch}"
-    checkgen_filename="$local_filename-checkgen-darwin-${arch}"
-    ;;
-  MINGW64*)
-    remote_filename="$local_filename-windows-${arch}"
-    checkgen_filename+="$local_filename-checkgen-windows-${arch}"
-    local_filename+=".exe"
-    ;;
-  MSYS_NT*)
-    remote_filename+="$local_filename-windows-${arch}"
-    checkgen_filename+="$local_filename-checkgen-windows-${arch}"
-    local_filename+=".exe"
-    ;;
-  *)
-    remote_filename+="$local_filename-linux-${arch}"
-    checkgen_filename+="$local_filename-checkgen-linux-${arch}"
-    ;;
-esac
-checksum_file="tfsec_checksums.txt"
-download_path=$(mktemp -d -t tfsec.XXXXXXXXXX)
-
-echo "remote_filename=$remote_filename"
-echo "local_filename=$local_filename"
-echo "checkgen_filename=$checkgen_filename"
-
-mkdir -p $download_path
-
-echo -e "\n\n===================================================="
-
-get_latest_release() {
-  curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | # Get latest release from GitHub api
-    grep '"tag_name":' |                                                            # Get tag line
-    sed -E 's/.*"([^"]+)".*/\1/'                                                    # Pluck JSON value
-}
-
-if [ -z "${TFSEC_VERSION}" ] || [ "${TFSEC_VERSION}" == "latest" ]; then
-  echo "Looking up the latest version..."
-  version=$(get_latest_release)
-else
-  version=${TFSEC_VERSION}
-fi
-
-echo "Downloading tfsec $version"
-
-download_file() {
-  echo "Downloading $3..."
-  local download_path=${1:?Download path no supplied}   
-  local version=${2:?No version supplied}
-  local file=${3:?File to download not supplied}
-  curl --fail --silent -L -o "${download_path}/${file}" "https://github.com/aquasecurity/tfsec/releases/download/${version}/${file}"
-  dl_status=$?
-  if [ $dl_status -ne 0 ]; then
-    echo "Failed to download ${file}"
-    exit $dl_status
-  fi
-  echo "Downloaded file \"${file}\" successfully"
-}
-
-download_file ${download_path} ${version} ${remote_filename}
-download_file ${download_path} ${version} ${checkgen_filename}
-download_file ${download_path} ${version} ${checksum_file}
-
-pushd $PWD > /dev/null
-cd $download_path
-cat ${checksum_file} | grep ${checkgen_filename} > checksum.txt
-sha256sum -c checksum.txt
-shasum_val=$?
-popd > /dev/null
-
-if [ $shasum_val -ne 0 ]; then
-  echo "Failed to verify checksum"
-  exit $shasum_val
-fi
-echo "Checksum verified successfully"
-
-echo -e "\n\n===================================================="
-
-mv "${download_path}/${remote_filename}" "${download_path}/${local_filename}"
-if [[ $remote_filename == *"windows"* ]]; then
-  dest="${TFSEC_INSTALL_PATH:-/bin}/"
-  echo "Installing ${local_filename} to ${dest}..."
-  mv "${download_path}/${local_filename}" "$dest"
-  retVal=$?
-  if [ $retVal -ne 0 ]; then
-    echo "Failed to install tfsec"
-    exit $retVal
-  else
-    echo "tfsec installed at ${dest} successfully"
-  fi
-else
-  dest="${TFSEC_INSTALL_PATH:-/usr/local/bin}/"
-  echo "Installing ${download_path}/${local_filename} to ${dest}..."
-
-  if [[ -w "$dest" ]]; then SUDO=""; else
-    # current user does not have write access to install directory
-    SUDO="sudo"
-  fi
-
-  $SUDO mkdir -p "$dest"
-  $SUDO install -c -v "${download_path}/${local_filename}" "$dest"
-  retVal=$?
-  if [ $retVal -ne 0 ]; then
-    echo "Failed to install tfsec"
-    exit $retVal
-  fi
-fi
-
-echo "Cleaning downloaded files..."
-rm -rf "${download_path}"
-
-echo -e "\n\n===================================================="
-echo "Current tfsec version: $(${dest}${local_filename} -v)"

From 0939cfd5900529d3337f771875e087d5a60f08ce Mon Sep 17 00:00:00 2001
From: Dave Nicoll <dave.nicoll@slalom.com>
Date: Thu, 18 May 2023 14:21:37 -0700
Subject: [PATCH 6/6] bugfix tfsec installation

---
 Dockerfile/full-alpine-amd64     | 34 ++++++++++++++++---------------
 Dockerfile/full-ubuntu-amd64     | 35 ++++++++++++++++----------------
 Dockerfile/standard-alpine-amd64 | 31 ++++++++++++++--------------
 Dockerfile/standard-ubuntu-amd64 | 34 ++++++++++++++++---------------
 4 files changed, 70 insertions(+), 64 deletions(-)

diff --git a/Dockerfile/full-alpine-amd64 b/Dockerfile/full-alpine-amd64
index dcf7b13..d4f9912 100644
--- a/Dockerfile/full-alpine-amd64
+++ b/Dockerfile/full-alpine-amd64
@@ -3,18 +3,18 @@ FROM alpine:latest
 RUN apk update && \
   apk upgrade && \
   apk add --update --no-cache \
-    curl \
-    bash \
-    jq \
-    yq \
-    figlet \
-    unzip \
-    zip \
-    git \
-    shellcheck \
-    nano \
-    tar && \
-    rm -rf /var/cache/apk/*
+  curl \
+  bash \
+  jq \
+  yq \
+  figlet \
+  unzip \
+  zip \
+  git \
+  shellcheck \
+  nano \
+  tar && \
+  rm -rf /var/cache/apk/*
 
 # Install languages, libraries and frameworks
 RUN apk add --update \
@@ -71,7 +71,9 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
-RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
-RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
-RUN tfsec --version
+RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,1);}')" \
+  && echo "Installing tfsec v${tfsecrelease}" \
+  && wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64 \
+  && mv tfsec-linux-amd64 /usr/bin/tfsec \
+  && chmod +x /usr/bin/tfsec
+
diff --git a/Dockerfile/full-ubuntu-amd64 b/Dockerfile/full-ubuntu-amd64
index cf691c4..9c1f73c 100644
--- a/Dockerfile/full-ubuntu-amd64
+++ b/Dockerfile/full-ubuntu-amd64
@@ -3,19 +3,19 @@ FROM ubuntu:latest
 RUN apt update -yq && \
   apt upgrade -yq && \
   apt install -yq --no-install-recommends --no-install-suggests \
-    ca-certificates \
-    apt-transport-https \
-    wget \
-    curl \
-    bash \
-    jq \
-    figlet \
-    unzip \
-    zip \
-    git \
-    shellcheck \
-    nano \
-    tar
+  ca-certificates \
+  apt-transport-https \
+  wget \
+  curl \
+  bash \
+  jq \
+  figlet \
+  unzip \
+  zip \
+  git \
+  shellcheck \
+  nano \
+  tar
 
 # Install languages, libraries and frameworks
 RUN apt install -yq --no-install-recommends --no-install-suggests \
@@ -73,7 +73,8 @@ RUN wget -nv https://github.com/terraform-linters/tflint/releases/download/v${tf
   && rm tflint_linux_amd64.zip
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
-RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
-RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
-RUN tfsec --version
+RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,1);}')" \
+  && echo "Installing tfsec v${tfsecrelease}" \
+  && wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64 \
+  && mv tfsec-linux-amd64 /usr/bin/tfsec \
+  && chmod +x /usr/bin/tfsec
diff --git a/Dockerfile/standard-alpine-amd64 b/Dockerfile/standard-alpine-amd64
index 0c264cd..85db991 100644
--- a/Dockerfile/standard-alpine-amd64
+++ b/Dockerfile/standard-alpine-amd64
@@ -3,17 +3,17 @@ FROM alpine:latest
 RUN apk update && \
   apk upgrade && \
   apk add --update --no-cache \
-    curl \
-    bash \
-    jq \
-    yq \
-    figlet \
-    unzip \
-    zip \
-    git \
-    shellcheck \
-    nano && \
-    rm -rf /var/cache/apk/*
+  curl \
+  bash \
+  jq \
+  yq \
+  figlet \
+  unzip \
+  zip \
+  git \
+  shellcheck \
+  nano && \
+  rm -rf /var/cache/apk/*
 
 # Install terraform (https://github.com/hashicorp/terraform)
 RUN export tfrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/hashicorp/terraform/releases/latest | awk -F / '{print substr($NF,2);}')" \
@@ -31,8 +31,9 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
-RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
-RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
-RUN tfsec --version
+RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,1);}')" \
+  && echo "Installing tfsec v${tfsecrelease}" \
+  && wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64 \
+  && mv tfsec-linux-amd64 /usr/bin/tfsec \
+  && chmod +x /usr/bin/tfsec
 
diff --git a/Dockerfile/standard-ubuntu-amd64 b/Dockerfile/standard-ubuntu-amd64
index 9165a8f..b0a8b39 100644
--- a/Dockerfile/standard-ubuntu-amd64
+++ b/Dockerfile/standard-ubuntu-amd64
@@ -3,18 +3,18 @@ FROM ubuntu:latest
 RUN apt update -yq && \
   apt upgrade -yq && \
   apt install -yq --no-install-recommends --no-install-suggests \
-    ca-certificates \
-    wget \
-    curl \
-    bash \
-    jq \
-    figlet \
-    unzip \
-    zip \
-    git \
-    shellcheck \
-    nano && \
-    rm -rf /var/lib/apt/lists/*
+  ca-certificates \
+  wget \
+  curl \
+  bash \
+  jq \
+  figlet \
+  unzip \
+  zip \
+  git \
+  shellcheck \
+  nano && \
+  rm -rf /var/lib/apt/lists/*
 
 # Install terraform (https://github.com/hashicorp/terraform)
 RUN export tfrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/hashicorp/terraform/releases/latest | awk -F / '{print substr($NF,2);}')" \
@@ -32,7 +32,9 @@ RUN export atmosrelease="$(curl -Ls -o /dev/null -w %{url_effective} https://git
   && chmod +x /usr/bin/atmos
 
 # Install tfsec (https://github.com/aquasecurity/tfsec)
-RUN export tfsecrelease="$(curl --silent "https://api.github.com/repos/aquasecurity/tfsec/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')" 
-RUN wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64
-RUN mv tfsec-linux-amd64 /usr/bin/tfsec && chmod +x /usr/bin/tfsec
-RUN tfsec --version
+RUN export tfsecrelease="$(curl -Ls -o /dev/null -w %{url_effective} "https://github.com/aquasecurity/tfsec/releases/latest" | awk -F / '{print substr($NF,1);}')" \
+  && echo "Installing tfsec v${tfsecrelease}" \
+  && wget https://github.com/aquasecurity/tfsec/releases/download/${tfsecrelease}/tfsec-linux-amd64 \
+  && mv tfsec-linux-amd64 /usr/bin/tfsec \
+  && chmod +x /usr/bin/tfsec
+