gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(cyclonedx): add file checksums to CycloneDX reports (#7507)

Browse Source 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Johannes Feichtner
2024-10-18 09:10:46 +02:00
committed by GitHub
parent 35fd018ae7
commit c225883649
3 changed files with 344 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
integration/testdata/conda-cyclonedx.json.golden vendored
View File

@@ -34,6 +34,12 @@
"type": "library",
"name": "openssl",
"version": "1.1.1q",
"hashes": [
{
"alg": "SHA-1",
"content": "237db0da53131e4548cb1181337fa0f420299e1f"
}
],
"licenses": [
{
"license": {
@@ -58,6 +64,12 @@
"type": "library",
"name": "pip",
"version": "22.2.2",
"hashes": [
{
"alg": "SHA-1",
"content": "a6a2db7668f1ad541d704369fc66c96a4415aa24"
}
],
"licenses": [
{
"license": {

330
integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden vendored
View File

@@ -6169,6 +6169,12 @@
"type": "library",
"name": "activesupport",
"version": "6.0.2.1",
"hashes": [
{
"alg": "SHA-1",
"content": "a2cd09dcbaf8ca1951fb8e3f2ebdfe6728ab44f7"
}
],
"licenses": [
{
"license": {
@@ -6201,6 +6207,12 @@
"type": "library",
"name": "addressable",
"version": "2.7.0",
"hashes": [
{
"alg": "SHA-1",
"content": "b4596fdeffcb1c89b24623b6f775a6b054a8323f"
}
],
"licenses": [
{
"license": {
@@ -6233,6 +6245,12 @@
"type": "library",
"name": "concurrent-ruby",
"version": "1.1.6",
"hashes": [
{
"alg": "SHA-1",
"content": "c96749b0390ad63300b13dca6fd83e5508facf18"
}
],
"licenses": [
{
"license": {
@@ -6265,6 +6283,12 @@
"type": "library",
"name": "cool.io",
"version": "1.6.0",
"hashes": [
{
"alg": "SHA-1",
"content": "706a2490b54301e8ae8f2ca8f9f56b279b96ac7b"
}
],
"purl": "pkg:gem/cool.io@1.6.0",
"properties": [
{
@@ -6290,6 +6314,12 @@
"type": "library",
"name": "dig_rb",
"version": "1.0.1",
"hashes": [
{
"alg": "SHA-1",
"content": "04a4a555fe3a7e253098e870cf8a6c8746828829"
}
],
"licenses": [
{
"license": {
@@ -6322,6 +6352,12 @@
"type": "library",
"name": "domain_name",
"version": "0.5.20190701",
"hashes": [
{
"alg": "SHA-1",
"content": "e45a352deedbf1d48c2563caa583d0864d6ac62b"
}
],
"licenses": [
{
"license": {
@@ -6364,6 +6400,12 @@
"type": "library",
"name": "elasticsearch-api",
"version": "7.5.0",
"hashes": [
{
"alg": "SHA-1",
"content": "aac794d1d845525dc57d73d8bd5bda4b7f593ea4"
}
],
"licenses": [
{
"license": {
@@ -6396,6 +6438,12 @@
"type": "library",
"name": "elasticsearch-transport",
"version": "7.5.0",
"hashes": [
{
"alg": "SHA-1",
"content": "29ab0a306cfc109b82ac19c37f288956a4d6d1d9"
}
],
"licenses": [
{
"license": {
@@ -6428,6 +6476,12 @@
"type": "library",
"name": "elasticsearch",
"version": "7.5.0",
"hashes": [
{
"alg": "SHA-1",
"content": "f3996e145e83f80d27ed48f8d2dca84f02c696c3"
}
],
"licenses": [
{
"license": {
@@ -6460,6 +6514,12 @@
"type": "library",
"name": "excon",
"version": "0.72.0",
"hashes": [
{
"alg": "SHA-1",
"content": "8b5c81a189d2748ae488dff8a7b4876493b86f76"
}
],
"licenses": [
{
"license": {
@@ -6492,6 +6552,12 @@
"type": "library",
"name": "faraday",
"version": "0.17.3",
"hashes": [
{
"alg": "SHA-1",
"content": "b8c741fbdc2d729a59e2e855037421040673ca45"
}
],
"licenses": [
{
"license": {
@@ -6524,6 +6590,12 @@
"type": "library",
"name": "ffi-compiler",
"version": "1.0.1",
"hashes": [
{
"alg": "SHA-1",
"content": "b9ffee214ef79e695c14c8703566f7c13be4c2ba"
}
],
"licenses": [
{
"license": {
@@ -6556,6 +6628,12 @@
"type": "library",
"name": "ffi",
"version": "1.12.2",
"hashes": [
{
"alg": "SHA-1",
"content": "e6345da46b7a923b2248bc76d074362e7491376b"
}
],
"licenses": [
{
"license": {
@@ -6588,6 +6666,12 @@
"type": "library",
"name": "fluent-plugin-concat",
"version": "2.4.0",
"hashes": [
{
"alg": "SHA-1",
"content": "b6a0da88821e50d052cb244b57562f00abe79888"
}
],
"licenses": [
{
"license": {
@@ -6620,6 +6704,12 @@
"type": "library",
"name": "fluent-plugin-detect-exceptions",
"version": "0.0.13",
"hashes": [
{
"alg": "SHA-1",
"content": "d1a7b50f7723ead908453f463e24424735be0a56"
}
],
"licenses": [
{
"license": {
@@ -6652,6 +6742,12 @@
"type": "library",
"name": "fluent-plugin-elasticsearch",
"version": "3.8.0",
"hashes": [
{
"alg": "SHA-1",
"content": "d60372f3af2757abd0a4ff68484e9328b2cbe386"
}
],
"licenses": [
{
"license": {
@@ -6684,6 +6780,12 @@
"type": "library",
"name": "fluent-plugin-kubernetes_metadata_filter",
"version": "2.4.1",
"hashes": [
{
"alg": "SHA-1",
"content": "eeb3ce046c69c9c83ed1d4bc949058ef6a124f96"
}
],
"licenses": [
{
"license": {
@@ -6716,6 +6818,12 @@
"type": "library",
"name": "fluent-plugin-multi-format-parser",
"version": "1.0.0",
"hashes": [
{
"alg": "SHA-1",
"content": "9aa245fc07627474621e29f04507a377dfae09d3"
}
],
"licenses": [
{
"license": {
@@ -6748,6 +6856,12 @@
"type": "library",
"name": "fluent-plugin-prometheus",
"version": "1.7.0",
"hashes": [
{
"alg": "SHA-1",
"content": "597a311791f0d05968c558e8015c8bed864137e2"
}
],
"licenses": [
{
"license": {
@@ -6780,6 +6894,12 @@
"type": "library",
"name": "fluent-plugin-systemd",
"version": "1.0.2",
"hashes": [
{
"alg": "SHA-1",
"content": "115901208913bc5031597a20fae33c50c6de6500"
}
],
"licenses": [
{
"license": {
@@ -6812,6 +6932,12 @@
"type": "library",
"name": "fluentd",
"version": "1.8.0",
"hashes": [
{
"alg": "SHA-1",
"content": "5f31ca316e345410e5a5b70b5fafed8a51fd5092"
}
],
"licenses": [
{
"license": {
@@ -6844,6 +6970,12 @@
"type": "library",
"name": "http-accept",
"version": "1.7.0",
"hashes": [
{
"alg": "SHA-1",
"content": "21dedf2ba79a24f86528c2dfc32d17dd9324d9fd"
}
],
"purl": "pkg:gem/http-accept@1.7.0",
"properties": [
{
@@ -6869,6 +7001,12 @@
"type": "library",
"name": "http-cookie",
"version": "1.0.3",
"hashes": [
{
"alg": "SHA-1",
"content": "e6f5b8e237e694b3729797cca134525822769964"
}
],
"licenses": [
{
"license": {
@@ -6901,6 +7039,12 @@
"type": "library",
"name": "http-form_data",
"version": "2.2.0",
"hashes": [
{
"alg": "SHA-1",
"content": "53c844c1f954a9c43b78b8e57f18c0ec965beb1f"
}
],
"licenses": [
{
"license": {
@@ -6933,6 +7077,12 @@
"type": "library",
"name": "http-parser",
"version": "1.2.1",
"hashes": [
{
"alg": "SHA-1",
"content": "7c6889d98755a1fe8859d850892412a0e001ba9a"
}
],
"licenses": [
{
"license": {
@@ -6965,6 +7115,12 @@
"type": "library",
"name": "http",
"version": "4.3.0",
"hashes": [
{
"alg": "SHA-1",
"content": "79032e0328aa1d3ee184a38c50cd93d5bce8998b"
}
],
"licenses": [
{
"license": {
@@ -6997,6 +7153,12 @@
"type": "library",
"name": "http_parser.rb",
"version": "0.6.0",
"hashes": [
{
"alg": "SHA-1",
"content": "0ed80e936eaf7151f540186333c3df436afd46c6"
}
],
"licenses": [
{
"license": {
@@ -7029,6 +7191,12 @@
"type": "library",
"name": "i18n",
"version": "1.8.2",
"hashes": [
{
"alg": "SHA-1",
"content": "d13bccc2521cef33fc4303888b24f327a7369877"
}
],
"licenses": [
{
"license": {
@@ -7061,6 +7229,12 @@
"type": "library",
"name": "kubeclient",
"version": "4.6.0",
"hashes": [
{
"alg": "SHA-1",
"content": "31916cb42ac6b30c68a5422414946d0328be94d4"
}
],
"licenses": [
{
"license": {
@@ -7093,6 +7267,12 @@
"type": "library",
"name": "lru_redux",
"version": "1.1.0",
"hashes": [
{
"alg": "SHA-1",
"content": "c8c5874f406a8fefc655fee48b75dfa276a5b8fa"
}
],
"licenses": [
{
"license": {
@@ -7125,6 +7305,12 @@
"type": "library",
"name": "mime-types-data",
"version": "3.2019.1009",
"hashes": [
{
"alg": "SHA-1",
"content": "8a80ce9bf4961df0184d25699612d29293a05aee"
}
],
"licenses": [
{
"license": {
@@ -7157,6 +7343,12 @@
"type": "library",
"name": "mime-types",
"version": "3.3.1",
"hashes": [
{
"alg": "SHA-1",
"content": "b70aa1555acff548ee282c76ddd562e831483187"
}
],
"licenses": [
{
"license": {
@@ -7189,6 +7381,12 @@
"type": "library",
"name": "minitest",
"version": "5.14.0",
"hashes": [
{
"alg": "SHA-1",
"content": "8fcf25c201eacdf1a0e4db78efcb37ad590f33c0"
}
],
"licenses": [
{
"license": {
@@ -7221,6 +7419,12 @@
"type": "library",
"name": "msgpack",
"version": "1.3.3",
"hashes": [
{
"alg": "SHA-1",
"content": "bda4ff6f3cd395534ba441ccacc4640f9dc43942"
}
],
"licenses": [
{
"license": {
@@ -7253,6 +7457,12 @@
"type": "library",
"name": "multi_json",
"version": "1.14.1",
"hashes": [
{
"alg": "SHA-1",
"content": "fead333877a2db2e2aaca87d8cd1f270952cd42e"
}
],
"licenses": [
{
"license": {
@@ -7285,6 +7495,12 @@
"type": "library",
"name": "multipart-post",
"version": "2.1.1",
"hashes": [
{
"alg": "SHA-1",
"content": "927edb51d5b23a49a417fe1503f196896c0e8034"
}
],
"licenses": [
{
"license": {
@@ -7317,6 +7533,12 @@
"type": "library",
"name": "netrc",
"version": "0.11.0",
"hashes": [
{
"alg": "SHA-1",
"content": "98d7bbb894429413feb5c0a3b766a7945f65e3ba"
}
],
"licenses": [
{
"license": {
@@ -7349,6 +7571,12 @@
"type": "library",
"name": "oj",
"version": "3.10.0",
"hashes": [
{
"alg": "SHA-1",
"content": "b348b933b9c2f6a6e952f6a15c7cbd9f1186815f"
}
],
"licenses": [
{
"license": {
@@ -7381,6 +7609,12 @@
"type": "library",
"name": "prometheus-client",
"version": "0.9.0",
"hashes": [
{
"alg": "SHA-1",
"content": "f829d25ee6b39cdda518f7b6f85be6563d7b5990"
}
],
"licenses": [
{
"license": {
@@ -7413,6 +7647,12 @@
"type": "library",
"name": "public_suffix",
"version": "4.0.3",
"hashes": [
{
"alg": "SHA-1",
"content": "ac88907845a8bec2a0df25cf2e3ef61121e47252"
}
],
"licenses": [
{
"license": {
@@ -7445,6 +7685,12 @@
"type": "library",
"name": "quantile",
"version": "0.2.1",
"hashes": [
{
"alg": "SHA-1",
"content": "07a0817cd9df688930b2d8481a647a7ec321b870"
}
],
"licenses": [
{
"license": {
@@ -7477,6 +7723,12 @@
"type": "library",
"name": "rake",
"version": "13.0.1",
"hashes": [
{
"alg": "SHA-1",
"content": "d01a832a472daf914670adda88b44b419a4d2daf"
}
],
"licenses": [
{
"license": {
@@ -7509,6 +7761,12 @@
"type": "library",
"name": "recursive-open-struct",
"version": "1.1.0",
"hashes": [
{
"alg": "SHA-1",
"content": "5a4a02765d82d6786a832384b890f0a2497c2e14"
}
],
"licenses": [
{
"license": {
@@ -7541,6 +7799,12 @@
"type": "library",
"name": "rest-client",
"version": "2.1.0",
"hashes": [
{
"alg": "SHA-1",
"content": "a7e5943a216b16e0867693f20d5d1604cd015486"
}
],
"licenses": [
{
"license": {
@@ -7573,6 +7837,12 @@
"type": "library",
"name": "serverengine",
"version": "2.2.1",
"hashes": [
{
"alg": "SHA-1",
"content": "16e5806b2d513f6b075355c602aed0f960584267"
}
],
"licenses": [
{
"license": {
@@ -7605,6 +7875,12 @@
"type": "library",
"name": "sigdump",
"version": "0.2.4",
"hashes": [
{
"alg": "SHA-1",
"content": "1bae5c6042dc82a4bec6aacb42f75ba71f7cb634"
}
],
"licenses": [
{
"license": {
@@ -7637,6 +7913,12 @@
"type": "library",
"name": "strptime",
"version": "0.2.3",
"hashes": [
{
"alg": "SHA-1",
"content": "17150d9e40754ea1a732796f224b9be78e77b86a"
}
],
"licenses": [
{
"license": {
@@ -7669,6 +7951,12 @@
"type": "library",
"name": "systemd-journal",
"version": "1.3.3",
"hashes": [
{
"alg": "SHA-1",
"content": "4f310622fe58e95897147736c96d3d42174a3363"
}
],
"licenses": [
{
"license": {
@@ -7701,6 +7989,12 @@
"type": "library",
"name": "thread_safe",
"version": "0.3.6",
"hashes": [
{
"alg": "SHA-1",
"content": "546993ac33864e279ae73e918d6da5d4ca083098"
}
],
"licenses": [
{
"license": {
@@ -7733,6 +8027,12 @@
"type": "library",
"name": "tzinfo-data",
"version": "1.2019.3",
"hashes": [
{
"alg": "SHA-1",
"content": "26832d11382943b02433f3ad1df7653b4cfdf3a2"
}
],
"licenses": [
{
"license": {
@@ -7765,6 +8065,12 @@
"type": "library",
"name": "tzinfo",
"version": "1.2.6",
"hashes": [
{
"alg": "SHA-1",
"content": "5b7db490d431d97366729086683e736d2b5fee99"
}
],
"licenses": [
{
"license": {
@@ -7797,6 +8103,12 @@
"type": "library",
"name": "unf",
"version": "0.1.4",
"hashes": [
{
"alg": "SHA-1",
"content": "85ff87b60a6d16ffddf4db5f5f91c0ef76bacd3d"
}
],
"licenses": [
{
"license": {
@@ -7829,6 +8141,12 @@
"type": "library",
"name": "unf_ext",
"version": "0.0.7.6",
"hashes": [
{
"alg": "SHA-1",
"content": "1b5141ee855f16e832534c2e73d81fec0601ebd3"
}
],
"licenses": [
{
"license": {
@@ -7861,6 +8179,12 @@
"type": "library",
"name": "yajl-ruby",
"version": "1.4.1",
"hashes": [
{
"alg": "SHA-1",
"content": "670f3cd2fc601c9b7fde02b1d8c60e90491a7221"
}
],
"licenses": [
{
"license": {
@@ -7893,6 +8217,12 @@
"type": "library",
"name": "zeitwerk",
"version": "2.3.0",
"hashes": [
{
"alg": "SHA-1",
"content": "803894c06d28932016866a26fc2b22c4db942094"
}
],
"licenses": [
{
"license": {

4
pkg/commands/artifact/run.go
View File

@@ -538,9 +538,9 @@ func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (Scan
}
}
// SPDX needs to calculate digests for package files
// SPDX and CycloneDX need to calculate digests for package files
var fileChecksum bool
if opts.Format == types.FormatSPDXJSON || opts.Format == types.FormatSPDX {
if opts.Format == types.FormatSPDXJSON || opts.Format == types.FormatSPDX || opts.Format == types.FormatCycloneDX {
fileChecksum = true
}