Upstream location for tfsec dependency has changed
Summary
tfsec
is currently sourced from docker://docker.io/tfsec/tfsec-scratch
, however according to https://hub.docker.com/r/tfsec/tfsec-scratch:
You should use aquasec/tfsec-scratch instead
It appears that the tfsec
project was acquired/adopted by the Aqua Security organisation and was moved into another group to reflect this.
Comparing the publicly published tags from tfsec/tfsec-scratch (latest being v1.13.2 from 10 months ago) and aquasec/tfsec-scratch (latest being v1.28.1 from 3 months ago) seem to indicate that the tfsec/tfsec-scratch
registry is not being published to anymore.
If we don't address this it will eventually result in obsolete software being used and likely a higher number of vulnerabilities.
Note that the aquasec/tfsec
registry appears to include version tags without the architecture classifier, which means addressing this issue will likely render https://repo1.dso.mil/dsop/opensource/tfsec/tfsec/-/issues/12 obsolete.
Steps to reproduce
N/A
What is the current bug behavior?
tfsec
dependency is obtained from docker://docker.io/tfsec/tfsec-scratch
What is the expected correct behavior?
tfsec
dependency is obtained from docker://docker.io/aquasec/tfsec-scratch
Relevant logs and/or screenshots
N/A
Possible fixes
- (Optional?) Create clone of this repo at
https://repo1.dso.mil/dsop/opensource/aquasec/tfsec
- In the new repository, replace all references to
tfsec/tfsec
withaquasec/tfsec
- (Optional?) Archive this repo
Tasks
-
Bug has been identified and corrected within the container