Skip to content

fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile #7397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 17, 2025
Merged

fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile #7397

merged 3 commits into from
Mar 17, 2025

Conversation

smtan-gl
Copy link
Contributor

@smtan-gl smtan-gl commented Mar 11, 2025
edited
Loading

Closes #7396

Reason for Proposed Changes

  • Restore compatibility with Alpine-based images by re-enabling static linking of the KICS binary
  • This was previously removed via this commit

Proposed Changes

  • Restore CGO_ENABLED=0 flag in the Dockerfile

I submit this contribution under the Apache-2.0 license.

@smtan-gl
fix: Restore CGO_ENABLED=0 for static linking in Dockerfile
c5fde7b 
This reverts part of commit 42272a2 which removed CGO_ENABLED=0.
The flag is necessary to ensure all dependencies are statically linked
during the build process, preventing runtime dependencies on host system
C libraries.
@smtan-gl smtan-gl requested a review from a team as a code owner March 11, 2025 06:16
@github-actions github-actions bot added community Community contribution dockerfile labels Mar 11, 2025
@smtan-gl smtan-gl changed the title fix: Restore CGO_ENABLED=0 for static linking in Dockerfile fix(dockerfile): Restore CGO_ENABLED=0 for static linking in Dockerfile Mar 11, 2025
@smtan-gl smtan-gl changed the title fix(dockerfile): Restore CGO_ENABLED=0 for static linking in Dockerfile fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile Mar 11, 2025
@smtan-gl
Copy link
Contributor Author

Hi @ArturRibeiro-CX, just checking in on this PR that I submitted last week. Is there anything I can do to help move the review process forward? Thank you 😃

@cx-artur-ribeiro
Copy link
Contributor

Hey @smtan-gl,
Apologies for the delay!

We appreciate your contribution and are aware of your PR. We're currently investigating whether this change aligns with our security policies and best practices. Once we have an update, we’ll reach out to you.

Thanks for you contribution!

@gitguardian GitGuardian
Copy link

gitguardian bot commented Mar 17, 2025
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
9411235 Triggered Generic Password a144731 assets/queries/common/passwords_and_secrets/test/positive46.yaml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

cx-rui-araujo
cx-rui-araujo approved these changes Mar 17, 2025
View reviewed changes
Copy link
Contributor

@cx-rui-araujo cx-rui-araujo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cx-rui-araujo cx-rui-araujo merged commit 05b8ce0 into Checkmarx:master Mar 17, 2025
26 checks passed
@cx-rui-araujo
Copy link
Contributor

Hi @smtan-gl ,
Please check my response on the issue and thanks for the contribution 🙌

@BrewTestBot BrewTestBot mentioned this pull request Mar 18, 2025
Merged
@BrewTestBot BrewTestBot mentioned this pull request Apr 21, 2025
Merged
JonasCordsen pushed a commit to JonasCordsen/kics that referenced this pull request Jun 11, 2025
@smtan-gl @cx-rui-araujo @cx-artur-ribeiro
fix: Restore CGO_ENABLED=0 for static linking in Dockerfile (Checkmar…
b9e23e8 
…x#7397)

This reverts part of commit e6bd0d5 which removed CGO_ENABLED=0.
The flag is necessary to ensure all dependencies are statically linked
during the build process, preventing runtime dependencies on host system
C libraries.

Co-authored-by: Rui Araújo Gomes <rui.araujo@checkmarx.com>
Co-authored-by: Artur Ribeiro <artur.ribeiro@checkmarx.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cx-rui-araujo cx-rui-araujo cx-rui-araujo approved these changes

Assignees
No one assigned
Labels
community Community contribution dockerfile
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(dockerfile): Alpine compatibility broken after v2.1.3 due to CGO_ENABLED=0 removal
3 participants
@smtan-gl @cx-artur-ribeiro @cx-rui-araujo