From ddffb1b45194bba3ff1e3f2d33f3f277a5b71bd4 Mon Sep 17 00:00:00 2001 From: Moulick Aggarwal Date: Mon, 15 Aug 2022 18:45:22 +0530 Subject: [PATCH] fix(cli): secret scanning perf link fix (#2607) --- Makefile | 2 +- docs/docs/vulnerability/distributions.md | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- goreleaser-canary.yml | 2 +- pkg/commands/artifact/run.go | 24 +++++++++++++++++++++++- 6 files changed, 30 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 501a8421d9..8a81662f19 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := $(shell git describe --tags --always) +VERSION := $(patsubst v%,%,$(shell git describe --tags --always)) #Strips the v prefix from the tag LDFLAGS := -ldflags "-s -w -X=main.version=$(VERSION)" GOPATH := $(shell go env GOPATH) diff --git a/docs/docs/vulnerability/distributions.md b/docs/docs/vulnerability/distributions.md index bab01ba82d..59c4522f06 100644 --- a/docs/docs/vulnerability/distributions.md +++ b/docs/docs/vulnerability/distributions.md @@ -41,7 +41,7 @@ The following table provides an outline of the features Trivy offers. 2022-07-27T09:30:21.756Z INFO Vulnerability scanning is enabled 2022-07-27T09:30:21.756Z INFO Secret scanning is enabled 2022-07-27T09:30:21.756Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning - 2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/0.30.4/docs/secret/scanning/#recommendation for faster secret detection + 2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/v0.30.4/docs/secret/scanning/#recommendation for faster secret detection 2022-07-27T09:30:22.205Z INFO Detected OS: cbl-mariner 2022-07-27T09:30:22.205Z INFO Detecting CBL-Mariner vulnerabilities... 2022-07-27T09:30:22.205Z INFO Number of language-specific files: 0 @@ -55,4 +55,4 @@ The following table provides an outline of the features Trivy offers. See [here][source]. [mariner]: https://github.com/microsoft/CBL-Mariner -[source]: detection/data-source.md \ No newline at end of file +[source]: detection/data-source.md diff --git a/go.mod b/go.mod index ff771b5398..f2556f623b 100644 --- a/go.mod +++ b/go.mod @@ -227,7 +227,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/go-version v1.4.0 // indirect + github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl/v2 v2.13.0 // indirect github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect github.com/huandu/xstrings v1.3.2 // indirect diff --git a/go.sum b/go.sum index d78a62685d..c2bf19b0d5 100644 --- a/go.sum +++ b/go.sum @@ -992,8 +992,8 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4= -github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= diff --git a/goreleaser-canary.yml b/goreleaser-canary.yml index f1ec0a9435..3e5b2910ba 100644 --- a/goreleaser-canary.yml +++ b/goreleaser-canary.yml @@ -28,4 +28,4 @@ archives: files: - README.md - LICENSE - - contrib/*.tpl \ No newline at end of file + - contrib/*.tpl diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index 52bb0e0889..e90e22de87 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -10,6 +10,7 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" + "github.com/aquasecurity/go-version/pkg/semver" "github.com/aquasecurity/trivy-db/pkg/db" tcache "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/commands/operation" @@ -39,6 +40,8 @@ const ( TargetRepository TargetKind = "repo" TargetImageArchive TargetKind = "archive" TargetSBOM TargetKind = "sbom" + + devVersion = "dev" ) var ( @@ -471,9 +474,10 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi // Do not load config file for secret scanning if slices.Contains(opts.SecurityChecks, types.SecurityCheckSecret) { + ver := canonicalVersion(opts.AppVersion) log.Logger.Info("Secret scanning is enabled") log.Logger.Info("If your scanning is slow, please try '--security-checks vuln' to disable secret scanning") - log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", opts.AppVersion) + log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", ver) } else { opts.SecretConfigPath = "" } @@ -543,3 +547,21 @@ func Exit(opts flag.Options, failedResults bool) { os.Exit(opts.ExitCode) } } + +func canonicalVersion(ver string) string { + if ver == devVersion { + return ver + } + v, err := semver.Parse(ver) + if err != nil { + return devVersion + } + // Replace pre-release with "dev" + // e.g. v0.34.0-beta1+snapshot-1 + if v.IsPreRelease() || v.Metadata() != "" { + return devVersion + } + + // Add "v" prefix, "0.34.0" => "v0.34.0" for the url + return "v" + ver +}