Bump to golang 1.23 (#2356)

Makefile

@@ -18,7 +18,7 @@ export IMAGE_REPOSITORY?=quay.io/deepfenceio
 export DF_IMG_TAG?=latest
 export STEAMPIPE_IMG_TAG?=0.23.x
 export IS_DEV_BUILD?=false
-export VERSION?=v3.0.0
+export VERSION?=v2.5.0
 export AGENT_BINARY_BUILD=$(DEEPFENCE_FARGATE_DIR)/build
 export AGENT_BINARY_BUILD_RELATIVE=deepfence_agent/agent-binary/build
 export AGENT_BINARY_DIST=$(DEEPFENCE_FARGATE_DIR)/dist
@@ -174,7 +174,7 @@ openapi: server
 	--git-user-id deepfence
 
 	rm openapi.yaml
-	cd $(PWD)/golang_deepfence_sdk/client && rm -rf ./test && sed -i 's/go 1.18/go 1.20/g' go.mod && go mod tidy -v && cd -
+	cd $(PWD)/golang_deepfence_sdk/client && rm -rf ./test && sed -i 's/go 1.18/go 1.23.2/g' go.mod && go mod tidy -v && cd -
 
 .PHONY: cli
 cli: bootstrap

README.md

@@ -4,25 +4,21 @@
 [![GitHub stars](https://img.shields.io/github/stars/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/stargazers)
 [![Hacktoberfest](https://img.shields.io/github/hacktoberfest/2022/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/issues)
 [![GitHub issues](https://img.shields.io/github/issues/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/issues)
-[![Documentation](https://img.shields.io/badge/documentation-read-green)](https://community.deepfence.io/threatmapper/docs/v3.0/)
-[![Demo](https://img.shields.io/badge/threatmapper-demo-green)](https://community.deepfence.io/threatmapper/docs/v3.0/demo)
+[![Documentation](https://img.shields.io/badge/documentation-read-green)](https://community.deepfence.io/threatmapper/docs/v2.5/)
+[![Demo](https://img.shields.io/badge/threatmapper-demo-green)](https://community.deepfence.io/threatmapper/docs/v2.5/demo)
 [![Docker pulls](https://img.shields.io/docker/pulls/deepfenceio/deepfence_agent_ce)](https://hub.docker.com/r/deepfenceio/deepfence_agent_ce)
 [![Slack](https://img.shields.io/badge/[email protected]?logo=slack)](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ)
 [![Twitter](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2Fdeepfence%2FThreatMapper)](https://twitter.com/intent/tweet?text=Wow:&url=https%3A%2F%2Fgithub.com%2Fdeepfence%2FThreatMapper)
 
-## :tada: Announcing ThreatMapper v2
-
-_ThreatMapper versions v1.x are depreciated. Please upgrade to the latest version._
-
 # ThreatMapper - Runtime Threat Management and Attack Path Enumeration for Cloud Native
 
 Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. ThreatMapper uses a combination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats.
 
 With ThreatMapper's **ThreatGraph** visualization, you can then identify the issues that present the greatest risk to the security of your applications, and prioritize these for planned protection or remediation.
 
-* [Learn more about ThreatMapper](https://community.deepfence.io/threatmapper/docs/v3.0/) in the product documentation.
+* [Learn more about ThreatMapper](https://community.deepfence.io/threatmapper/docs/v2.5/) in the product documentation.
 
-* [See ThreatMapper running](https://community.deepfence.io/threatmapper/docs/v3.0/demo) in the live demo sandbox.
+* [See ThreatMapper running](https://community.deepfence.io/threatmapper/docs/v2.5/demo) in the live demo sandbox.
 
 ## When to use ThreatMapper
 
@@ -45,34 +41,34 @@ ThreatMapper consists of two components:
 
 ### The Management Console
 
-You [deploy the Management Console first](https://community.deepfence.io/threatmapper/docs/v3.0/console/), on a suitable docker host or Kubernetes cluster.  For example, on Docker:
+You [deploy the Management Console first](https://community.deepfence.io/threatmapper/docs/v2.5/console/), on a suitable docker host or Kubernetes cluster.  For example, on Docker:
 
 ```shell script
 # Docker installation process for ThreatMapper Management Console
 
-wget https://github.com/deepfence/ThreatMapper/raw/release-3.0/deployment-scripts/docker-compose.yml
+wget https://github.com/deepfence/ThreatMapper/raw/release-2.5/deployment-scripts/docker-compose.yml
 docker-compose -f docker-compose.yml up --detach
 ```
 
-Once the Management Console is up and running, you can [register an admin account and obtain an API key](https://community.deepfence.io/threatmapper/docs/v3.0/console/initial-configuration).
+Once the Management Console is up and running, you can [register an admin account and obtain an API key](https://community.deepfence.io/threatmapper/docs/v2.5/console/initial-configuration).
 
 ### Cloud Scanner tasks
 
-ThreatMapper [Cloud Scanner tasks](https://community.deepfence.io/threatmapper/docs/v3.0/cloudscanner/) are responsible for querying the cloud provider APIs to gather configuration and identify deviations from compliance benchmarks.
+ThreatMapper [Cloud Scanner tasks](https://community.deepfence.io/threatmapper/docs/v2.5/cloudscanner/) are responsible for querying the cloud provider APIs to gather configuration and identify deviations from compliance benchmarks.
 
 The task is deployed using a Terraform module. The ThreatMapper Management Console will present a basic configuration that may be deployed with Terraform, or you can refer to the expert configurations to fine-tune the deployment ([AWS](https://community.deepfence.io/threatmapper/docs/cloudscanner/aws), [Azure](https://community.deepfence.io/threatmapper/docs/cloudscanner/azure), [GCP](https://community.deepfence.io/threatmapper/docs/cloudscanner/gcp)).
 
 ### Sensor Agents
 
-Install the [sensor agents](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/) on your production or development platforms. The sensors report to the Management Console; they tell it what services they discover, provide telemetry and generate manifests of software dependencies.
+Install the [sensor agents](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/) on your production or development platforms. The sensors report to the Management Console; they tell it what services they discover, provide telemetry and generate manifests of software dependencies.
 
 The following production platforms are supported by ThreatMapper sensor agents:
 
-* [Kubernetes](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/kubernetes/): ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart.
-* [Docker](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/docker/): ThreatMapper sensors are deployed as a lightweight container.
-* [Amazon ECS](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/aws-ecs): ThreatMapper sensors are deployed as a daemon service using a task definition.
-* [AWS Fargate](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/aws-fargate): ThreatMapper sensors are deployed as a sidecar container, using a task definition.
-* [Bare-Metal or Virtual Machines](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/linux-host/): ThreatMapper sensors are deployed within a lightweight Docker runtime.
+* [Kubernetes](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/kubernetes/): ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart.
+* [Docker](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/docker/): ThreatMapper sensors are deployed as a lightweight container.
+* [Amazon ECS](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/aws-ecs): ThreatMapper sensors are deployed as a daemon service using a task definition.
+* [AWS Fargate](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/aws-fargate): ThreatMapper sensors are deployed as a sidecar container, using a task definition.
+* [Bare-Metal or Virtual Machines](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/linux-host/): ThreatMapper sensors are deployed within a lightweight Docker runtime.
 
 For example, run the following command to start the ThreatMapper sensor on a Docker host:
 
@@ -97,16 +93,16 @@ docker run -dit \
     -e http_proxy="" \
     -e https_proxy="" \
     -e no_proxy="" \
-    quay.io/deepfenceio/deepfence_agent_ce:3.0.0
+    quay.io/deepfenceio/deepfence_agent_ce:2.5.0
 ```
 
-Note: Image tag `quay.io/deepfenceio/deepfence_agent_ce:3.0.0-multiarch` is supported in amd64 and arm64/v8 architectures.
+Note: Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.5.0-multiarch` is supported in amd64 and arm64/v8 architectures.
 
-On a Kubernetes platform, the sensors are installed using [helm chart](https://community.deepfence.io/threatmapper/docs/v3.0/sensors/kubernetes/)
+On a Kubernetes platform, the sensors are installed using [helm chart](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/kubernetes/)
 
 ### Next Steps
 
-Visit the [Deepfence ThreatMapper Documentation](https://community.deepfence.io/threatmapper/docs/v3.0/), to learn how to get started and how to use ThreatMapper.
+Visit the [Deepfence ThreatMapper Documentation](https://community.deepfence.io/threatmapper/docs/v2.5/), to learn how to get started and how to use ThreatMapper.
 
 
 # Get in touch
@@ -116,7 +112,7 @@ Thank you for using ThreatMapper.  Please feel welcome to participate in the [Th
 * [Deepfence Community Website](https://community.deepfence.io)
 * [<img src="https://img.shields.io/badge/[email protected]?logo=slack">](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) Got a question, need some help?  Find the Deepfence team on Slack
 * [![GitHub issues](https://img.shields.io/github/issues/deepfence/ThreatMapper)](https://github.com/deepfence/ThreatMapper/issues) Got a feature request or found a bug?  Raise an issue
-* [![Documentation](https://img.shields.io/badge/documentation-read-green)](https://community.deepfence.io/threatmapper/docs/v3.0/) Read the documentation in the [Deepfence ThreatMapper Documentation](https://community.deepfence.io/threatmapper/docs/v3.0/)
+* [![Documentation](https://img.shields.io/badge/documentation-read-green)](https://community.deepfence.io/threatmapper/docs/v2.5/) Read the documentation in the [Deepfence ThreatMapper Documentation](https://community.deepfence.io/threatmapper/docs/v2.5/)
 * [productsecurity at deepfence dot io](SECURITY.md): Found a security issue?  Share it in confidence
 * Find out more at [deepfence.io](https://deepfence.io/)
 

deepfence_agent/Dockerfile

@@ -8,10 +8,10 @@ FROM $IMAGE_REPOSITORY/deepfence_compliance_scanner_ce:$DF_IMG_TAG AS compliance
 
 FROM debian:12-slim as downloads
 
-ENV DOCKERVERSION="24.0.2" \
-    VESSEL_VERSION="0.12.3"\
-    NERDCTL_VERSION="1.6.0" \
-    CRICTL_VERSION="v1.28.0"
+ENV DOCKERVERSION="27.3.1" \
+    VESSEL_VERSION="0.13.0"\
+    NERDCTL_VERSION="1.7.7" \
+    CRICTL_VERSION="v1.31.1"
 
 ARG TARGETARCH
 

deepfence_agent/plugins/deepfence_shipper/go.mod

@@ -1,6 +1,6 @@
 module github.com/deepfence/ThreatMapper/deepfence_shipper
 
-go 1.21.3
+go 1.23.2
 
 replace github.com/deepfence/golang_deepfence_sdk/client => ../../../golang_deepfence_sdk/client/
 
@@ -12,45 +12,45 @@ require (
 	github.com/deepfence/ThreatMapper/deepfence_utils v0.0.0-20240326010029-867ae2088a6a
 	github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20240319093800-8170dfbbfe5b
 	github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-00010101000000-000000000000
-	github.com/hashicorp/go-retryablehttp v0.7.5
+	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/nxadm/tail v1.4.11
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hibiken/asynq v0.24.1 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/httprc v1.0.5 // indirect
+	github.com/lestrrat-go/httprc v1.0.6 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/jwx/v2 v2.0.21 // indirect
+	github.com/lestrrat-go/jwx/v2 v2.1.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
-	github.com/redis/go-redis/v9 v9.5.1 // indirect
+	github.com/redis/go-redis/v9 v9.7.0 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
-	github.com/rs/zerolog v1.32.0 // indirect
+	github.com/rs/zerolog v1.33.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
-	github.com/twmb/franz-go v1.16.1 // indirect
-	github.com/twmb/franz-go/pkg/kadm v1.11.0 // indirect
-	github.com/twmb/franz-go/pkg/kmsg v1.7.0 // indirect
-	golang.org/x/crypto v0.22.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/protobuf v1.34.0 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/twmb/franz-go v1.18.0 // indirect
+	github.com/twmb/franz-go/pkg/kadm v1.14.0 // indirect
+	github.com/twmb/franz-go/pkg/kmsg v1.9.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 )