Skip to content

v2.0.0

Latest
Latest
Compare
Choose a tag to compare
@scrthq scrthq released this 06 Dec 20:21
v2.0.0
73fd5d0
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

v2.0.0

Breaking Changes

  • Building ASH images for use in CI platforms (or other orchestration platforms that may require elevated access within the container) now requires targeting the ci stage of the Dockerfile:

via ash CLI

ash --no-run --build-target ci

via docker or other OCI CLI

docker build --tag automated-security-helper:ci --target ci .

Features

  • Run ASH as non-root user to align with security best practices.
  • Create a CI version of the docker file that still runs as root to comply with the different requirements from building platforms where UID/GID cannot be modified and there are additional agents installed at runtime that requires elevated privileges.

Fixes

  • Offline mode now skips NPM/PNPM/Yarn Audit checks (requires connection to registry to pull package information)
  • NPM install during image build now restricts available memory to prevent segmentation fault

Commits

What's Changed

  • Add additional checks for build expiry and ignoring Checkov/NPM Audit during offline mode by @awsmadi in #106
  • Release v2.0.0: Run ASH as non-root user, add explicit CI stage by @rafaelpereyra in #109
  • feat: run ASH image using non-root user by @climbertjh2 in #79

Full Changelog: v1.5.1...v2.0.0

Contributors

rafaelpereyra, climbertjh2, and awsmadi
Assets 2
Loading