We identified a bug on versions 2.6.0 to 2.6.2 of Horusec that changed our vulnerabilities hashes and, because of that, broke the pipelines with vulnerabilities already set with false positives and risk accepted.
To solve this problem, our team did the following:
On CLI’s v2.6.3 release, we corrected the issue, so both hashes are identified and accepted.
On Horusec's Platform, we implemented a correction so the hashes could return to default before the bug, avoiding the pipeline to break when updating the CLI. This new configuration will be available in the 2.17.3 version.
For more information, check out our GitHub’s issues:
CLI: #680
Platform: https://github.com/ZupIT/horusec-platform/issues/390
- [CHORE] docs: improvement on dev setup on contributing (#676)
- [FIX] cli: fix breaking change on vulnerability hashes (#678)
- [CHORE] ci: add full depth checkout on security workflow (#675)
- [SECURITY] deps: update modules and remove vulnerable dependencies (#673)
- [CHORE] custom_rules: fix typo on match type enum (#672)
- [CHORE] e2e: update ruby total vulnerabilities (#674)
- [CHORE] git: improvement on success commit author tests (#671)
- [CHORE] deps: update github.com/aquasecurity/fanal commit hash to f7efd1b (#662)
- [CHORE] deps: update python Docker tag to v3.10.0 (#666)
- [CHORE] deps: update golang Docker tag to v1.17.2 (#664)
- [CHORE] deps: update docker Docker tag to v20.10.9 (#663)
- [CHORE] tests: fix coverage and e2e tests (#669)
Docker images
docker pull horuszup/horusec-cli:v2.6.3
docker pull horuszup/horusec-cli:v2