docs: upate image inventory (#165)

* fix: add repos * feat: add update date to the report * fix: use force push * docs: upate image inventory --------- Co-authored-by: ed382 <[email protected]>
kubeshop · Nov 7, 2024 · 1f2716d · 1f2716d
1 parent f2620c0
commit 1f2716d
Show file tree

Hide file tree

Showing 35 changed files with 1,299 additions and 1,847 deletions.
diff --git a/.github/workflows/update-image-inventory.yaml b/.github/workflows/update-image-inventory.yaml
@@ -41,3 +41,4 @@ jobs:
           commit_message: "docs: upate image inventory"
           branch: update-image-inventory
           create_branch: true
+          push_options: '--force'
diff --git a/docs/articles/inventory/generated/agent_images.md b/docs/articles/inventory/generated/agent_images.md
@@ -1,6 +1,6 @@
 :::info
 
-Based on chart `testkube` as of version `2.1.75`
+Based on chart `testkube` as of version `2.1.75` on 07-11-2024
 
 :::
 

diff --git a/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_amd64.md b/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_amd64.md
diff --git a/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_arm64.md b/docs/articles/inventory/generated/bitnami-mongodb-7.0.12_linux_arm64.md
diff --git a/docs/articles/inventory/generated/cp_images.md b/docs/articles/inventory/generated/cp_images.md
@@ -1,6 +1,6 @@
 :::info
 
-Based on chart `testkube-enterprise` as of version `2.2.0`
+Based on chart `testkube-enterprise` as of version `2.11.0` on 07-11-2024
 
 :::
 
@@ -9,9 +9,8 @@ Based on chart `testkube-enterprise` as of version `2.2.0`
 | bitnami/minio:2024.8.3-debian-12-r1 | Object store used by the Testkube control plane to store logs and artifacts. | [View Report](./minio-2024.8.3-debian-12-r1_linux_amd64.md) | [View Report](./minio-2024.8.3-debian-12-r1_linux_arm64.md) |
 | ghcr.io/dexidp/dex:v2.41.1 | Identity provider used by the Testkube control plane. | [View Report](./dex-v2.41.1_linux_amd64.md) | [View Report](./dex-v2.41.1_linux_arm64.md) |
 | kubeshop/bitnami-mongodb:7.0.12 | Database used by the Testkube control plane. | [View Report](./bitnami-mongodb-7.0.12_linux_amd64.md) | [View Report](./bitnami-mongodb-7.0.12_linux_arm64.md) |
-| kubeshop/testkube-enterprise-api:1.10.74 | API server for the Testkube control plane. | [View Report](./testkube-enterprise-api-1.10.74_linux_amd64.md) | [View Report](./testkube-enterprise-api-1.10.74_linux_arm64.md) |
-| kubeshop/testkube-enterprise-ui:2.7.0 | Testkube dashboard. | [View Report](./testkube-enterprise-ui-2.7.0_linux_amd64.md) | [View Report](./testkube-enterprise-ui-2.7.0_linux_arm64.md) |
+| kubeshop/testkube-enterprise-api:1.10.78 | API server for the Testkube control plane. | [View Report](./testkube-enterprise-api-1.10.78_linux_amd64.md) | [View Report](./testkube-enterprise-api-1.10.78_linux_arm64.md) |
+| kubeshop/testkube-enterprise-ui:2.7.1 | Testkube dashboard. | [View Report](./testkube-enterprise-ui-2.7.1_linux_amd64.md) | [View Report](./testkube-enterprise-ui-2.7.1_linux_arm64.md) |
 | kubeshop/testkube-enterprise-worker-service:1.10.74 | Testkube worker service used for background processing. | [View Report](./testkube-enterprise-worker-service-1.10.74_linux_amd64.md) | [View Report](./testkube-enterprise-worker-service-1.10.74_linux_arm64.md) |
 | nats:2.10.22-alpine | NATS message broker. | [View Report](./nats-2.10.22-alpine_linux_amd64.md) | [View Report](./nats-2.10.22-alpine_linux_arm64.md) |
 | natsio/nats-server-config-reloader:0.16.0 | NATS config reloader. | [View Report](./nats-server-config-reloader-0.16.0_linux_amd64.md) | [View Report](./nats-server-config-reloader-0.16.0_linux_arm64.md) |
-| natsio/prometheus-nats-exporter:0.15.0 | NATS metrics exporter. | [View Report](./prometheus-nats-exporter-0.15.0_linux_amd64.md) | [View Report](./prometheus-nats-exporter-0.15.0_linux_arm64.md) |
diff --git a/docs/articles/inventory/generated/dex-v2.41.1_linux_amd64.md b/docs/articles/inventory/generated/dex-v2.41.1_linux_amd64.md
@@ -3,7 +3,7 @@ hide_table_of_contents: true
 ---
 
 <table>
-<tr><td>digest</td><td><code>sha256:bdf1b97afc58a4b5696348d9f15f02654688a9620cf4ca510ff36fcbbf54a86e</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 9" src="https://img.shields.io/badge/high-9-e25d68"/> <img alt="medium: 1" src="https://img.shields.io/badge/medium-1-fbb552"/> <img alt="low: 2" src="https://img.shields.io/badge/low-2-fce1a9"/> <img alt="unspecified: 3" src="https://img.shields.io/badge/unspecified-3-lightgrey"/></td></tr>
+<tr><td>digest</td><td><code>sha256:bdf1b97afc58a4b5696348d9f15f02654688a9620cf4ca510ff36fcbbf54a86e</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 9" src="https://img.shields.io/badge/high-9-e25d68"/> <img alt="medium: 3" src="https://img.shields.io/badge/medium-3-fbb552"/> <img alt="low: 2" src="https://img.shields.io/badge/low-2-fce1a9"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
 <tr><td>size</td><td>38 MB</td></tr>
 <tr><td>packages</td><td>237</td></tr>
 </table>
@@ -12,7 +12,7 @@ hide_table_of_contents: true
 
 <table>
 <tr><td valign="top">
-<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 4" src="https://img.shields.io/badge/H-4-e25d68"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/U-1-lightgrey"/><strong>stdlib</strong> <code>1.22.4</code> (golang)</summary>
+<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 4" src="https://img.shields.io/badge/H-4-e25d68"/> <img alt="medium: 1" src="https://img.shields.io/badge/M-1-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <!-- unspecified: 0 --><strong>stdlib</strong> <code>1.22.4</code> (golang)</summary>
 
 <small><code>pkg:golang/[email protected]</code></small><br/>
 
@@ -93,7 +93,7 @@ Calling Decoder.Decode on a message which contains deeply nested structures can
 </blockquote>
 </details>
 
-<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="unspecified : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=unspecified%20&labelColor=lightgrey"/></a> 
+<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="medium : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=medium%20&labelColor=fbb552"/></a> 
 
 <table>
 <tr><td>Affected range</td><td><code>&lt;1.22.7</code></td></tr>
@@ -112,7 +112,7 @@ Calling any of the Parse functions on Go source code which contains deeply neste
 </details></td></tr>
 
 <tr><td valign="top">
-<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 3" src="https://img.shields.io/badge/H-3-e25d68"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/U-1-lightgrey"/><strong>stdlib</strong> <code>1.22.5</code> (golang)</summary>
+<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 3" src="https://img.shields.io/badge/H-3-e25d68"/> <img alt="medium: 1" src="https://img.shields.io/badge/M-1-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <!-- unspecified: 0 --><strong>stdlib</strong> <code>1.22.5</code> (golang)</summary>
 
 <small><code>pkg:golang/[email protected]</code></small><br/>
 
@@ -174,7 +174,7 @@ Calling Decoder.Decode on a message which contains deeply nested structures can
 </blockquote>
 </details>
 
-<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="unspecified : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=unspecified%20&labelColor=lightgrey"/></a> 
+<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="medium : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=medium%20&labelColor=fbb552"/></a> 
 
 <table>
 <tr><td>Affected range</td><td><code>&lt;1.22.7</code></td></tr>

diff --git a/docs/articles/inventory/generated/dex-v2.41.1_linux_arm64.md b/docs/articles/inventory/generated/dex-v2.41.1_linux_arm64.md
@@ -3,7 +3,7 @@ hide_table_of_contents: true
 ---
 
 <table>
-<tr><td>digest</td><td><code>sha256:bc7cfce7c17f52864e2bb2a4dc1d2f86a41e3019f6d42e81d92a301fad0c8a1d</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 9" src="https://img.shields.io/badge/high-9-e25d68"/> <img alt="medium: 1" src="https://img.shields.io/badge/medium-1-fbb552"/> <img alt="low: 2" src="https://img.shields.io/badge/low-2-fce1a9"/> <img alt="unspecified: 3" src="https://img.shields.io/badge/unspecified-3-lightgrey"/></td></tr>
+<tr><td>digest</td><td><code>sha256:4ef1c507feb9cdb4c0c06c19823562b2ab4631659710ce4219a9c5261750a2de</code></td><tr><tr><td>vulnerabilities</td><td><img alt="critical: 0" src="https://img.shields.io/badge/critical-0-lightgrey"/> <img alt="high: 9" src="https://img.shields.io/badge/high-9-e25d68"/> <img alt="medium: 3" src="https://img.shields.io/badge/medium-3-fbb552"/> <img alt="low: 2" src="https://img.shields.io/badge/low-2-fce1a9"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/unspecified-1-lightgrey"/></td></tr>
 <tr><td>size</td><td>36 MB</td></tr>
 <tr><td>packages</td><td>237</td></tr>
 </table>
@@ -12,9 +12,17 @@ hide_table_of_contents: true
 
 <table>
 <tr><td valign="top">
-<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 4" src="https://img.shields.io/badge/H-4-e25d68"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/U-1-lightgrey"/><strong>stdlib</strong> <code>1.22.4</code> (golang)</summary>
+<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 4" src="https://img.shields.io/badge/H-4-e25d68"/> <img alt="medium: 1" src="https://img.shields.io/badge/M-1-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <!-- unspecified: 0 --><strong>stdlib</strong> <code>1.22.4</code> (golang)</summary>
 
 <small><code>pkg:golang/[email protected]</code></small><br/>
+
+```dockerfile
+# Dockerfile (80:80)
+COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
+```
+
+<br/>
+
 <a href="https://scout.docker.com/v/CVE-2024-34158?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="high : CVE--2024--34158" src="https://img.shields.io/badge/CVE--2024--34158-lightgrey?label=high%20&labelColor=e25d68"/></a> 
 
 <table>
@@ -85,7 +93,7 @@ Calling Decoder.Decode on a message which contains deeply nested structures can
 </blockquote>
 </details>
 
-<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="unspecified : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=unspecified%20&labelColor=lightgrey"/></a> 
+<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="medium : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=medium%20&labelColor=fbb552"/></a> 
 
 <table>
 <tr><td>Affected range</td><td><code>&lt;1.22.7</code></td></tr>
@@ -104,9 +112,17 @@ Calling any of the Parse functions on Go source code which contains deeply neste
 </details></td></tr>
 
 <tr><td valign="top">
-<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 3" src="https://img.shields.io/badge/H-3-e25d68"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/U-1-lightgrey"/><strong>stdlib</strong> <code>1.22.5</code> (golang)</summary>
+<details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 3" src="https://img.shields.io/badge/H-3-e25d68"/> <img alt="medium: 1" src="https://img.shields.io/badge/M-1-fbb552"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <!-- unspecified: 0 --><strong>stdlib</strong> <code>1.22.5</code> (golang)</summary>
 
 <small><code>pkg:golang/[email protected]</code></small><br/>
+
+```dockerfile
+# Dockerfile (76:76)
+COPY --from=builder /go/bin/dex /usr/local/bin/dex
+```
+
+<br/>
+
 <a href="https://scout.docker.com/v/CVE-2024-34158?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="high : CVE--2024--34158" src="https://img.shields.io/badge/CVE--2024--34158-lightgrey?label=high%20&labelColor=e25d68"/></a> 
 
 <table>
@@ -158,7 +174,7 @@ Calling Decoder.Decode on a message which contains deeply nested structures can
 </blockquote>
 </details>
 
-<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="unspecified : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=unspecified%20&labelColor=lightgrey"/></a> 
+<a href="https://scout.docker.com/v/CVE-2024-34155?s=golang&n=stdlib&t=golang&vr=%3C1.22.7"><img alt="medium : CVE--2024--34155" src="https://img.shields.io/badge/CVE--2024--34155-lightgrey?label=medium%20&labelColor=fbb552"/></a> 
 
 <table>
 <tr><td>Affected range</td><td><code>&lt;1.22.7</code></td></tr>
@@ -180,6 +196,33 @@ Calling any of the Parse functions on Go source code which contains deeply neste
 <details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 1" src="https://img.shields.io/badge/H-1-e25d68"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <img alt="unspecified: 1" src="https://img.shields.io/badge/U-1-lightgrey"/><strong>openssl</strong> <code>3.3.1-r3</code> (apk)</summary>
 
 <small><code>pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.20</code></small><br/>
+
+```dockerfile
+# Dockerfile (38:57)
+FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 AS stager
+
+RUN mkdir -p /var/dex
+RUN mkdir -p /etc/dex
+COPY config.docker.yaml /etc/dex/
+
+FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 AS gomplate
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG TARGETVARIANT
+
+ENV GOMPLATE_VERSION=v4.0.1
+
+RUN wget -O /usr/local/bin/gomplate \
+  "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \
+  && chmod +x /usr/local/bin/gomplate
+
+# For Dependabot to detect base image versions
+FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 AS alpine
+```
+
+<br/>
+
 <a href="https://scout.docker.com/v/CVE-2024-6119?s=alpine&n=openssl&ns=alpine&t=apk&osn=alpine&osv=3.20&vr=%3C3.3.2-r0"><img alt="high : CVE--2024--6119" src="https://img.shields.io/badge/CVE--2024--6119-lightgrey?label=high%20&labelColor=e25d68"/></a> 
 
 <table>
@@ -219,6 +262,14 @@ Calling any of the Parse functions on Go source code which contains deeply neste
 <details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 1" src="https://img.shields.io/badge/H-1-e25d68"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 0" src="https://img.shields.io/badge/L-0-lightgrey"/> <!-- unspecified: 0 --><strong>github.com/dexidp/dex</strong> <code>2.41.1</code> (golang)</summary>
 
 <small><code>pkg:golang/github.com/dexidp/[email protected]</code></small><br/>
+
+```dockerfile
+# Dockerfile (76:76)
+COPY --from=builder /go/bin/dex /usr/local/bin/dex
+```
+
+<br/>
+
 <a href="https://scout.docker.com/v/CVE-2024-23656?s=golang&n=dex&ns=github.com%2Fdexidp&t=golang&vr=%3E%3D0"><img alt="high : CVE--2024--23656" src="https://img.shields.io/badge/CVE--2024--23656-lightgrey?label=high%20&labelColor=e25d68"/></a> 
 
 <table>
@@ -247,6 +298,14 @@ The additional affected modules and versions are: github.com/dexidp/dex from v2.
 <details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/H-0-lightgrey"/> <img alt="medium: 1" src="https://img.shields.io/badge/M-1-fbb552"/> <img alt="low: 1" src="https://img.shields.io/badge/L-1-fce1a9"/> <!-- unspecified: 0 --><strong>github.com/aws/aws-sdk-go</strong> <code>1.54.10</code> (golang)</summary>
 
 <small><code>pkg:golang/github.com/aws/[email protected]</code></small><br/>
+
+```dockerfile
+# Dockerfile (80:80)
+COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
+```
+
+<br/>
+
 <a href="https://scout.docker.com/v/CVE-2020-8911?s=golang&n=aws-sdk-go&ns=github.com%2Faws&t=golang&vr=%3E%3D0"><img alt="medium : CVE--2020--8911" src="https://img.shields.io/badge/CVE--2020--8911-lightgrey?label=medium%20&labelColor=fbb552"/></a> 
 
 <table>
@@ -290,6 +349,14 @@ Files encrypted by the V1 EncryptionClient using either the AES-CBC content ciph
 <details><summary><img alt="critical: 0" src="https://img.shields.io/badge/C-0-lightgrey"/> <img alt="high: 0" src="https://img.shields.io/badge/H-0-lightgrey"/> <img alt="medium: 0" src="https://img.shields.io/badge/M-0-lightgrey"/> <img alt="low: 1" src="https://img.shields.io/badge/L-1-fce1a9"/> <!-- unspecified: 0 --><strong>google.golang.org/grpc</strong> <code>1.64.0</code> (golang)</summary>
 
 <small><code>pkg:golang/google.golang.org/[email protected]</code></small><br/>
+
+```dockerfile
+# Dockerfile (80:80)
+COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate
+```
+
+<br/>
+
 <a href="https://scout.docker.com/v/GHSA-xr7q-jx4m-x55m?s=github&n=grpc&ns=google.golang.org&t=golang&vr=%3E%3D1.64.0%2C%3C1.64.1"><img alt="low : GHSA--xr7q--jx4m--x55m" src="https://img.shields.io/badge/GHSA--xr7q--jx4m--x55m-lightgrey?label=low%20&labelColor=fce1a9"/></a> <i>Exposure of Sensitive Information to an Unauthorized Actor</i>
 
 <table>