Merge branch 'main' into dg-refactor-cloud-logs-wf

.ci/updatecli/updatecli.d/update-golang.yml

@@ -25,7 +25,7 @@ actions:
       labels:
         - automation
         - dependency
-        - backport-skip
+        - backport-v8.x
         - go
       description: |-
         ### What

.ci/updatecli/updatecli.d/update-hermit.yml

@@ -23,7 +23,7 @@ actions:
       automerge: false
       labels:
         - automation
-        - backport-skip
+        - backport-v8.x
         - dependency
       description: |-
         ### What

.ci/updatecli/updatecli.d/update-mods.yml

@@ -23,7 +23,7 @@ actions:
       automerge: false
       labels:
         - automation
-        - backport-skip
+        - backport-v8.x
         - dependency
         - go
       description: |-

.github/actions/aws-asset-inventory-ci/action.yml

@@ -37,7 +37,7 @@ runs:
         AWS_ACCOUNT_TYPE: ${{ inputs.aws-account-type }}
       shell: bash
       run: |
-        ./cloudbeat -c deploy/aws-asset-inventory/cloudbeat-aws-asset-inventory.yml -d '*' &
+        ./cloudbeat -c deploy/asset-inventory/cloudbeat-aws-asset-inventory.yml -d '*' &
 
     - name: Wait for cloudbeat to send some events
       shell: bash

.github/actions/gcp-asset-inventory-ci/action.yml

@@ -0,0 +1,65 @@
+name: "GCP Asset Inventory CI"
+description: "GCP Asset Inventory integration tests"
+inputs:
+  elk-version:
+    description: "ELK version"
+    required: true
+  credentials-json:
+    description: "GCP Service account key JSON"
+    required: true
+  project-id:
+    description: "GCP Project ID"
+    required: true
+
+  debug:
+    description: "debug"
+    required: false
+    default: "false"
+runs:
+  using: composite
+  steps:
+    - name: Init Integration
+      uses: ./.github/actions/init-integration
+      with:
+        elk-version: ${{ inputs.elk-version }}
+
+    - name: Run cloudbeat in background
+      env:
+        ES_HOST: http://localhost:9200
+        ES_USERNAME: elastic
+        ES_PASSWORD: changeme
+        GCP_PROJECT_ID: ${{ inputs.project-id}}
+        GCP_CREDENTIALS_JSON: ${{ inputs.credentials-json }}
+        GCP_ACCOUNT_TYPE: single-account
+      shell: bash
+      run: |
+        ./cloudbeat -c deploy/asset-inventory/cloudbeat-gcp-asset-inventory.yml -d '*' &
+
+    - name: Wait for cloudbeat to send some events
+      shell: bash
+      run: sleep 20
+
+    - name: Check for assets
+      working-directory: ./tests
+      env:
+        USE_K8S: "false"
+      shell: bash
+      run: poetry run pytest -k "asset_inventory_gcp" --alluredir=./allure/results/ --clean-alluredir
+
+    - name: Upload test results
+      if: ${{ always() }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: allure-results-ci-gcp-asset-inventory
+        path: tests/allure/results/
+        overwrite: true
+
+    - if: ${{ failure() || cancelled() || inputs.debug == 'true' }}
+      name: Upload cloudbeat logs
+      uses: actions/upload-artifact@v4
+      with:
+        name: cloubeat-logs-ci-gcp-asset-inventory
+        path: logs/
+        if-no-files-found: warn
+        retention-days: 1
+        overwrite: true

.github/dependabot.yml

@@ -26,7 +26,7 @@ updates:
         patterns:
           - "github.com/aquasecurity/*"
     labels:
-      - "backport-skip"
+      - "backport-v8.x"
       - "dependency"
       - "go"
     open-pull-requests-limit: 10
@@ -43,7 +43,7 @@ updates:
     schedule:
       interval: "monthly"
     labels:
-      - "backport-skip"
+      - "backport-v8.x"
       - "dependency"
       - "github_actions"
     groups:

.github/workflows/arm-template-lint.yml

@@ -7,6 +7,7 @@ on:
   push:
     branches:
       - main
+      - "8.x"
     paths:
       - "deploy/azure/*.json"
 

.github/workflows/ci-pull_request.yml

@@ -5,11 +5,13 @@ on:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
     types: [opened, synchronize, reopened]
   push:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
   workflow_dispatch:
 
 concurrency:

.github/workflows/ci.yml

@@ -11,6 +11,7 @@ on:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
   workflow_dispatch:
 
 concurrency:
@@ -98,6 +99,28 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ACC }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ACC }}
 
+  ci-gcp-asset-inventory:
+    needs: [init-hermit]
+    name: GCP Asset Inventory CI
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Hermit Environment
+        uses: ./.github/actions/hermit
+
+      - name: Run GCP Asset Inventory integration tests
+        uses: ./.github/actions/gcp-asset-inventory-ci
+        with:
+          elk-version: ${{ env.ELK_VERSION }}
+          credentials-json: ${{ secrets.GCP_ASSETS_INVENTORY_CREDENTIALS_JSON }}
+          project-id: "elastic-security-test"
+
   ci-gcp:
     needs: [ init-hermit ]
     name: CIS GCP CI

.github/workflows/cloudformation-ci.yml

@@ -1,18 +1,20 @@
 name: CloudFormation-CI
 
 on:
-  pull_request_target:
-    branches:
-      - main
-      - "[0-9]+.[0-9]+"
-    types: [opened, synchronize, reopened]
-    paths:
-      - deploy/cloudformation/*.yml
-      - .github/workflows/cloudformation-ci.yml
+  # pull_request_target:
+  #   branches:
+  #     - main
+  #     - "[0-9]+.[0-9]+"
+  #     - "8.x"
+  #   types: [opened, synchronize, reopened]
+  #   paths:
+  #     - deploy/cloudformation/*.yml
+  #     - .github/workflows/cloudformation-ci.yml
   push:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
     paths:
       - deploy/cloudformation/*.yml
       - .github/workflows/cloudformation-ci.yml

.github/workflows/eks-ci.yml

@@ -14,6 +14,7 @@ on:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
 
 env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ACC }}

.github/workflows/packaging.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
     types: [opened, synchronize, reopened]
 
 env:

.github/workflows/unit-test.yml

@@ -5,10 +5,12 @@ on:
     branches:
       - main
       - "[0-9]+.[0-9]+"
+      - "8.x"
     types: [opened, synchronize, reopened]
   push:
     branches:
       - main
+      - "8.x"
 
 env:
   K8S_MANIFEST_DIR: deploy

.github/workflows/updatecli.yml

@@ -54,7 +54,7 @@ jobs:
       - name: Init Hermit
         run: ./bin/hermit env -r >> $GITHUB_ENV
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@d0950ebbe80f4f80c3392b288d6a218fae872f69 # v0.76.1
+        uses: updatecli/updatecli-action@6b8881a17fc8038e884ec94ff72a49e8e8a4069f # v0.76.1
       - name: Run Updatecli in Apply mode
         run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml
         env:
@@ -84,7 +84,7 @@ jobs:
 
           echo "GIT_BRANCH=$branchName" >> $GITHUB_ENV
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@d0950ebbe80f4f80c3392b288d6a218fae872f69 # v0.76.1
+        uses: updatecli/updatecli-action@6b8881a17fc8038e884ec94ff72a49e8e8a4069f # v0.76.1
       - name: Run Updatecli in Apply mode
         run: updatecli apply --config .ci/updatecli/updatecli.d/update-${{ matrix.pipeline-name }}.yml --values .ci/updatecli/values.yml
         env:

.pre-commit-config.yaml

@@ -77,7 +77,7 @@ repos:
         files: deploy/cloudformation/.*yml
 
   - repo: https://github.com/aws-cloudformation/cfn-lint
-    rev: v1.11.1
+    rev: v1.12.4
     hooks:
       - id: cfn-python-lint
         files: deploy/cloudformation/.*.yml
@@ -183,7 +183,7 @@ repos:
         files: security-policies/.*\.(md|markdown)$
 
   - repo: https://github.com/StyraInc/regal
-    rev: v0.25.0
+    rev: v0.26.1
     hooks:
       - id: regal-lint
         args: [security-policies/bundle]

bin/bq

@@ -1 +1 @@
-.gcloud-490.0.0.pkg
+.gcloud-491.0.0.pkg

bin/docker-credential-gcloud

@@ -1 +1 @@
-.gcloud-490.0.0.pkg
+.gcloud-491.0.0.pkg

bin/elastic-package

@@ -1 +1 @@
-.elastic-package-0.102.0.pkg
+.elastic-package-0.103.0.pkg

bin/gcloud

@@ -1 +1 @@
-.gcloud-490.0.0.pkg
+.gcloud-491.0.0.pkg

bin/git-credential-gcloud.sh

@@ -1 +1 @@
-.gcloud-490.0.0.pkg
+.gcloud-491.0.0.pkg

bin/gsutil

@@ -1 +1 @@
-.gcloud-490.0.0.pkg
+.gcloud-491.0.0.pkg

bin/regal

@@ -1 +1 @@
-.regal-0.25.0.pkg
+.regal-0.26.1.pkg

deploy/asset-inventory/cloudbeat-gcp-asset-inventory.yml

@@ -0,0 +1,66 @@
+cloudbeat:
+  type: cloudbeat/asset_inventory
+  config:
+    v1:
+      type: asset_inventory
+      asset_inventory_provider: gcp
+      gcp:
+        project_id: ${GCP_PROJECT_ID:""}
+        account_type: ${GCP_ACCOUNT_TYPE:""}
+        credentials:
+          credentials_json: ${GCP_CREDENTIALS_JSON:""}
+          # credentials_file_path: ${GOOGLE_APPLICATION_CREDENTIALS:""}
+  # Defines how often an event is sent to the output
+  period: 30s
+  evaluator:
+    decision_logs: false
+# =================================== Kibana ===================================
+setup.kibana:
+  # Kibana Host
+  host: "http://host.docker.internal:5601"
+# =============================== Elastic Cloud ================================
+
+# These settings simplify using Cloudbeat with the Elastic Cloud (https://cloud.elastic.co/).
+
+# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
+# `setup.kibana.host` options.
+# You can find the `cloud.id` in the Elastic Cloud web UI.
+#cloud.id:
+
+# The cloud.auth setting overwrites the `output.elasticsearch.username` and
+# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
+#cloud.auth:
+
+# ---------------------------- Elasticsearch Output ----------------------------
+output.elasticsearch:
+  # Array of hosts to connect to.
+  hosts: ${ES_HOST}
+
+  # Protocol - either `http` (default) or `https`.
+  #  protocol: "https"
+
+  # Authentication credentials - either API key or username/password.
+  #api_key: "id:api_key"
+  username: ${ES_USERNAME}
+  password: ${ES_PASSWORD}
+
+  # Enable to allow sending output to older ES versions
+  allow_older_versions: true
+  # ssl.certificate_authorities: ${ES_CERT}
+
+# ================================= Processors =================================
+processors:
+  - add_cloud_metadata: ~
+  - add_docker_metadata: ~
+  - drop_fields:
+      fields: ["host.name"]
+# Sets log level. The default log level is info.
+# Available log levels are: error, warning, info, debug
+logging.level: debug
+# Enable debug output for selected components. To enable all selectors use ["*"]
+# Other available selectors are "beat", "publisher", "service"
+# Multiple selectors can be chained.
+#logging.selectors: ["publisher"]
+
+# Send all logging output to stderr. The default is false.
+#logging.to_stderr: false