Merge pull request #1157 from Checkmarx/containers-cli-1.10

Bump containers cli to 1.0.10 (AST-96696)

Author: cx-daniel-greenspan

go.mod

@@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli
 go 1.24.2
 
 require (
-	github.com/Checkmarx/containers-resolver v1.0.9
+	github.com/Checkmarx/containers-resolver v1.0.10
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.2
 	github.com/Checkmarx/manifest-parser v0.0.6
@@ -34,15 +34,14 @@ require (
 )
 
 require (
-	helm.sh/helm/v3 v3.17.3 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20240914100643-eb91380d8434 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Checkmarx/containers-images-extractor v1.0.7 // indirect
-	github.com/Checkmarx/containers-syft-packages-extractor v1.0.9 // indirect
+	github.com/Checkmarx/containers-syft-packages-extractor v1.0.10 // indirect
 	github.com/Checkmarx/containers-types v1.0.3 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
 	github.com/DataDog/zstd v1.5.6 // indirect
@@ -69,7 +68,7 @@ require (
 	github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115 // indirect
 	github.com/anchore/stereoscope v0.1.0 // indirect
 	github.com/anchore/syft v1.21.0 // indirect
-	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.1 // indirect
 	github.com/aquasecurity/go-version v0.0.1 // indirect
@@ -157,7 +156,7 @@ require (
 	github.com/google/licensecheck v0.3.1 // indirect
 	github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/h2non/filetype v1.1.3 // indirect
@@ -290,6 +289,7 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	helm.sh/helm/v3 v3.17.3 // indirect
 	k8s.io/api v0.32.3 // indirect
 	k8s.io/apiextensions-apiserver v0.32.3 // indirect
 	k8s.io/apimachinery v0.32.3 // indirect

go.sum

@@ -65,10 +65,10 @@ github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Checkmarx/containers-images-extractor v1.0.7 h1:lLgaDFFqz1jksN3/d/6sLXO0C0ODbt9xExbt44YMEOg=
 github.com/Checkmarx/containers-images-extractor v1.0.7/go.mod h1:ZtOqhzlErPr2QL9xGjMmxwGvzXUwi+G5BBeOfdY62Ug=
-github.com/Checkmarx/containers-resolver v1.0.9 h1:YuIpHS/5I8nf0HoEtD+Hw0PenrkS5rWcyiuCnlgL0GM=
-github.com/Checkmarx/containers-resolver v1.0.9/go.mod h1:7H1kGpc6EQ9mndAYdYKnDrBOWiC4Ej31NKBp+IIarEE=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.9 h1:KFqwtkdMjT2uzJIuBSGUSOOGMSm/UZl0oXec3Mf3nh4=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.9/go.mod h1:F9FFBVNmogF0wR9SVI0wRU9dZ9Ux3IZtZl3T24sQ/8E=
+github.com/Checkmarx/containers-resolver v1.0.10 h1:bIGh1piWrQgMCZcLoqqfTujnej+vbUYw/o72v47gQBY=
+github.com/Checkmarx/containers-resolver v1.0.10/go.mod h1:1D4p32HhczoJuja3F2brYfg676JxSb5+PPqKZKgzkjw=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.10 h1:35n22bjH2Tx5+B8vcqIHogHeEWOQrT2lUf4uaIjoENw=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.10/go.mod h1:F9FFBVNmogF0wR9SVI0wRU9dZ9Ux3IZtZl3T24sQ/8E=
 github.com/Checkmarx/containers-types v1.0.3 h1:srk+RQnyPXyFKmVHA6P9SQZAtjczyndZ1aa0CWF/6/0=
 github.com/Checkmarx/containers-types v1.0.3/go.mod h1:F13rfevriqYHR+0ahk3W9H8uLK0Msbts012f1pIxJb0=
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g=
@@ -146,8 +146,8 @@ github.com/anchore/stereoscope v0.1.0/go.mod h1:3vasimie0IJOXvMbMpjwvwIHBDA1+192
 github.com/anchore/syft v1.21.0 h1:JHmYOnEbCJsElROCCfg+3oIODw1LQLfXGkIrmXNZYsI=
 github.com/anchore/syft v1.21.0/go.mod h1:8i8Yp/MiSOdqID0+6eiwE9bOJWM7fEBYitINZyr2G6s=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
-github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
-github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3 h1:8PmGpDEZl9yDpcdEr6Odf23feCxK3LNUNMxjXg41pZQ=
+github.com/andybalholm/brotli v1.1.2-0.20250424173009-453214e765f3/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -543,8 +543,8 @@ github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkM
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
-github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
+github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=

internal/commands/scan.go

@@ -2855,8 +2855,11 @@ func validateCreateScanFlags(cmd *cobra.Command) error {
 }
 
 func validateContainerImageFormat(containerImage string) error {
-	imageParts := strings.Split(containerImage, ":")
-	if len(imageParts) != 2 || imageParts[0] == "" || imageParts[1] == "" {
+	pattern := regexp.MustCompile(`^(?:[a-zA-Z0-9.-]+(?::[0-9]+)?/)?(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*:[\w][\w.-]{0,127}$`)
+
+	matched := pattern.MatchString(containerImage)
+
+	if !matched {
 		return errors.Errorf("Invalid value for --container-images flag. The value must be in the format <image-name>:<image-tag>")
 	}
 	return nil

internal/commands/scan_test.go

@@ -1593,6 +1593,16 @@ func TestValidateContainerImageFormat(t *testing.T) {
 			containerImage: "nginx:latest",
 			expectedError:  nil,
 		},
+		{
+			name:           "Valid container image format",
+			containerImage: "service.test.whatever.image:8443/service/registries:custom-value",
+			expectedError:  nil,
+		},
+		{
+			name:           "Valid container image format",
+			containerImage: "nginx",
+			expectedError:  errors.Errorf("Invalid value for --container-images flag. The value must be in the format <image-name>:<image-tag>"),
+		},
 		{
 			name:           "Missing image name",
 			containerImage: ":latest",