gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-15 09:00:59 -08:00
Code Issues Packages Projects Releases Wiki Activity

BREAKING: disable JAR detection in fs/repo scanning (#1512)

Browse Source 
Co-authored-by: Andrey Levchenko <levchenko.andrey@gmail.com>
This commit is contained in:
Teppei Fukuda
2021-12-24 16:14:50 +02:00
committed by GitHub
parent 59957d4c6b
commit 76249bdcf0
3 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
docs/vulnerability/detection/language.md
View File

@@ -2,23 +2,24 @@
`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
| Language | File | Image[^6] | Rootfs[^7] | Filesystem[^8] | Repository[^9] |Dev dependencies |
|----------|--------------------------|:---------:|:----------:|:--------------:|:---------------:|-----------------|
| Ruby | Gemfile.lock | - | - | | | included |
| | gemspec | ✅ | ✅ | - | - | included |
| Python | Pipfile.lock | - | - | | | excluded |
| | poetry.lock | - | - | | | included |
| | requirements.txt | - | - | | | included |
| | egg package[^1] | ✅ | ✅ | - | - | excluded |
| | wheel package[^2] | ✅ | ✅ | - | - | excluded |
| PHP | composer.lock | ✅ | ✅ | | | excluded |
| Node.js | package-lock.json | - | - | | | excluded |
| | yarn.lock | - | - | | | included |
| | package.json | ✅ | ✅ | - | - | excluded |
| .NET | packages.lock.json | ✅ | ✅ | | | included |
| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | | | included |
| Go | Binaries built by Go[^5] | ✅ | | - | - | excluded |
| | go.sum | - | - | ✅ | | included |
| Language | File | Image[^7] | Rootfs[^8] | Filesystem[^9] | Repository[^10] |Dev dependencies |
|----------|--------------------------|:---------:|:----------:|:--------------:|:--------------:|-----------------|
| Ruby | Gemfile.lock | - | - | | | included |
| | gemspec | ✅ | ✅ | - | - | included |
| Python | Pipfile.lock | - | - | | | excluded |
| | poetry.lock | - | - | | | included |
| | requirements.txt | - | - | | | included |
| | egg package[^1] | ✅ | ✅ | - | - | excluded |
| | wheel package[^2] | ✅ | ✅ | - | - | excluded |
| PHP | composer.lock | ✅ | ✅ | | | excluded |
| Node.js | package-lock.json | - | - | | | excluded |
| | yarn.lock | - | - | | | included |
| | package.json | ✅ | ✅ | - | - | excluded |
| .NET | packages.lock.json | ✅ | ✅ | | | included |
| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | - | - | included |
| | pom.xml[^5] | - | - | | | excluded |
| Go | Binaries built by Go[^6] | ✅ | | - | - | excluded |
| | go.sum | - | - | ✅ | ✅ | included |
The path of these files does not matter.
@@ -27,9 +28,10 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
[^1]: `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO`
[^2]: `.dist-info/META-DATA`
[^3]: `*.jar`, `*.war`, and `*.ear`
[^4]: It requires the Internet access
[^5]: UPX-compressed binaries don't work
[^6]: ✅ means "enabled" and `-` means "disabled" in the image scanning
[^7]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^8]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^9]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
[^4]: It requires Internet access
[^5]: It requires Internet access when the POM doesn't exist in your local repository
[^6]: UPX-compressed binaries don't work
[^7]: ✅ means "enabled" and `-` means "disabled" in the image scanning
[^8]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^9]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^10]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning

2
go.mod
View File

@@ -7,7 +7,7 @@ require (
github.com/Masterminds/sprig v2.22.0+incompatible
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/fanal v0.0.0-20211224062610-102e2bce2240
github.com/aquasecurity/fanal v0.0.0-20211224122944-42225c99da09
github.com/aquasecurity/go-dep-parser v0.0.0-20211224061556-d0e33761a8ab
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798

4
go.sum
View File

@@ -207,8 +207,8 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz
github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
github.com/aquasecurity/fanal v0.0.0-20211224062610-102e2bce2240 h1:wxeId0nDv3i3Ih98oFZE7Q6OeNY1R+itxOpkmpbaiek=
github.com/aquasecurity/fanal v0.0.0-20211224062610-102e2bce2240/go.mod h1:Uj+SCSOPxrU4xrxu9fFVvRWimkktPXv/VWzSfMx/dog=
github.com/aquasecurity/fanal v0.0.0-20211224122944-42225c99da09 h1:mydXHod777Xd44QS4I5JgRU2Cl6ZgssjPTm2KgJZrxI=
github.com/aquasecurity/fanal v0.0.0-20211224122944-42225c99da09/go.mod h1:Uj+SCSOPxrU4xrxu9fFVvRWimkktPXv/VWzSfMx/dog=
github.com/aquasecurity/go-dep-parser v0.0.0-20211224061556-d0e33761a8ab h1:/i0NsV3rYRcW0hkcCCrHmppX5rAr3rlWVIGKdeKBThU=
github.com/aquasecurity/go-dep-parser v0.0.0-20211224061556-d0e33761a8ab/go.mod h1:mYbm6nW+oy1o7gGYngbki6y2VPUf6BPt5U7+O9C78sI=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=