aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.77k stars 587 forks source link

Pinned image not updated nor set correctly in docker hub #507

Closed rhtenhove closed 2 years ago

rhtenhove commented 2 years ago

What happened

After merging #504, nothing seemed to happen what was expected.

Expected behavior

Actual behaviour

Now the manifest won't work at all.

Needed changes

  1. I'll create an MR to make the publish.yaml GA the same as for kube-bench. Can someone check if that will do as expected? kube-bench uses workflow_dispatch: so perhaps there's some manual step going on there that adds the v?
  2. Do you use semver to make automated changes in the repo to update version numbers anywhere? I'm not sure how they do it for kube-bench, perhaps manually every time?

To 'fix' 1., we could also use the image tag without the v and update that in the manifest. In the end it's just OCD that wants things to be the same.

rhtenhove commented 2 years ago

Just read in the documentation of crazy-max/ghaction-docker-meta@v3 that we're supposed to use {{raw}} instead of {{version}}, although kube-bench doesn't do that either.

Hopefully someone working on both projects can elaborate :)

danielsagi commented 2 years ago

Hi, the v0.6.8 came out before this PR was merged. meaning the action didnt run. Further releases should be affected though.