gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 23:26:39 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)

Browse Source 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Y.Horie
2023-11-15 13:11:09 +09:00
committed by GitHub
parent d005f5af24
commit f4dd062f58
81 changed files with 203 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/docs/supply-chain/attestation/vuln.md
View File

@@ -30,6 +30,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10
},
"result": {
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "alpine:3.10",
"ArtifactType": "container_image",
"Metadata": {

4
integration/client_server_test.go
View File

@@ -354,7 +354,7 @@ func TestClientServerWithFormat(t *testing.T) {
},
}
fakeTime := time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC)
fakeTime := time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)
clock.SetFakeTime(t, fakeTime)
report.CustomTemplateFuncMap = map[string]interface{}{
@@ -419,7 +419,7 @@ func TestClientServerWithCycloneDX(t *testing.T) {
addr, cacheDir := setup(t, setupOptions{})
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden)

3
integration/integration_test.go
View File

@@ -27,6 +27,7 @@ import (
"github.com/aquasecurity/trivy-db/pkg/db"
"github.com/aquasecurity/trivy-db/pkg/metadata"
"github.com/aquasecurity/trivy/pkg/clock"
"github.com/aquasecurity/trivy/pkg/commands"
"github.com/aquasecurity/trivy/pkg/dbtest"
"github.com/aquasecurity/trivy/pkg/types"
@@ -43,6 +44,8 @@ func initDB(t *testing.T) string {
entries, err := os.ReadDir(fixtureDir)
require.NoError(t, err)
clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
var fixtures []string
for _, entry := range entries {
if entry.IsDir() {

2
integration/repo_test.go
View File

@@ -480,7 +480,7 @@ func TestRepository(t *testing.T) {
osArgs = append(osArgs, "--output", outputFile)
osArgs = append(osArgs, tt.args.input)
clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC))
clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d")
// Run "trivy repo"

1
integration/testdata/almalinux-8.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/almalinux-8.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

9
integration/testdata/alpine-310-registry.json.golden vendored
View File

@@ -1,6 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "localhost:55844/alpine:3.10",
"CreatedAt": 1629894030,
"ArtifactName": "localhost:53869/alpine:3.10",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
@@ -13,10 +14,10 @@
"sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
],
"RepoTags": [
"localhost:55844/alpine:3.10"
"localhost:53869/alpine:3.10"
],
"RepoDigests": [
"localhost:55844/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
"localhost:53869/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
],
"ImageConfig": {
"architecture": "amd64",
@@ -55,7 +56,7 @@
},
"Results": [
{
"Target": "localhost:55844/alpine:3.10 (alpine 3.10.2)",
"Target": "localhost:53869/alpine:3.10 (alpine 3.10.2)",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [

16
integration/testdata/alpine-310.asff.golden vendored
View File

@@ -7,8 +7,8 @@
"GeneratorId": "Trivy/CVE-2019-1549",
"AwsAccountId": "123456789012",
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
"CreatedAt": "2020-08-10T07:28:17.000958601Z",
"UpdatedAt": "2020-08-10T07:28:17.000958601Z",
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"UpdatedAt": "2021-08-25T12:20:30.000000005Z",
"Severity": {
"Label": "MEDIUM"
},
@@ -52,8 +52,8 @@
"GeneratorId": "Trivy/CVE-2019-1551",
"AwsAccountId": "123456789012",
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
"CreatedAt": "2020-08-10T07:28:17.000958601Z",
"UpdatedAt": "2020-08-10T07:28:17.000958601Z",
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"UpdatedAt": "2021-08-25T12:20:30.000000005Z",
"Severity": {
"Label": "MEDIUM"
},
@@ -97,8 +97,8 @@
"GeneratorId": "Trivy/CVE-2019-1549",
"AwsAccountId": "123456789012",
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
"CreatedAt": "2020-08-10T07:28:17.000958601Z",
"UpdatedAt": "2020-08-10T07:28:17.000958601Z",
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"UpdatedAt": "2021-08-25T12:20:30.000000005Z",
"Severity": {
"Label": "MEDIUM"
},
@@ -142,8 +142,8 @@
"GeneratorId": "Trivy/CVE-2019-1551",
"AwsAccountId": "123456789012",
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
"CreatedAt": "2020-08-10T07:28:17.000958601Z",
"UpdatedAt": "2020-08-10T07:28:17.000958601Z",
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"UpdatedAt": "2021-08-25T12:20:30.000000005Z",
"Severity": {
"Label": "MEDIUM"
},

2
integration/testdata/alpine-310.gsbom.golden vendored
View File

@@ -11,7 +11,7 @@
"correlator": "workflow-name_integration",
"id": "1910764383"
},
"scanned": "2020-08-10T07:28:17Z",
"scanned": "2021-08-25T12:20:30Z",
"manifests": {
"testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)": {
"name": "alpine",

4
integration/testdata/alpine-310.html.golden vendored
View File

@@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC </title>
<title>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC</h1>
<h1>testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC</h1>
<table>
<tr class="group-header"><th colspan="6">alpine</th></tr>
<tr class="sub-header">

1
integration/testdata/alpine-310.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/alpine-39-high-critical.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/alpine-39-ignore-cveids.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/alpine-39-skip.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/alpine-39.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/alpine-distroless.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/alpine-distroless.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/amazon-1.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/amazon-2.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/amazon-2.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/amazonlinux2-gp2-x86-vm.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "disk.img",
"ArtifactType": "vm",
"Metadata": {

1
integration/testdata/busybox-with-lockfile.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/centos-6.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/centos-6.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/centos-7-ignore-unfixed.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/centos-7-medium.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/centos-7.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/cocoapods.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/cocoapods",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/composer.lock.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/composer",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/conan.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/conan",
"ArtifactType": "repository",
"Metadata": {

2
integration/testdata/conda-cyclonedx.json.golden vendored
View File

@@ -5,7 +5,7 @@
"serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
"version": 1,
"metadata": {
"timestamp": "2020-09-10T14:20:30+00:00",
"timestamp": "2021-08-25T12:20:30+00:00",
"tools": [
{
"vendor": "aquasecurity",

2
integration/testdata/conda-spdx.json.golden vendored
View File

@@ -9,7 +9,7 @@
"Organization: aquasecurity",
"Tool: trivy-dev"
],
"created": "2020-09-10T14:20:30Z"
"created": "2021-08-25T12:20:30Z"
},
"packages": [
{

1
integration/testdata/debian-buster-ignore-unfixed.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/debian-buster.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/debian-stretch.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/debian-stretch.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/distroless-base.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/distroless-base.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/distroless-python27.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/distroless-python27.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/dockerfile-custom-policies.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/custom-policy",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/dockerfile-namespace-exception.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/namespace-exception",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/dockerfile-rule-exception.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/rule-exception",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/dockerfile.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/dockerfile",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/dockerfile_file_pattern.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/dockerfile_file_pattern",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/dotnet.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/dotnet",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/fluentd-gems.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

2
integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden vendored
View File

@@ -5,7 +5,7 @@
"serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
"version": 1,
"metadata": {
"timestamp": "2020-09-10T14:20:30+00:00",
"timestamp": "2021-08-25T12:20:30+00:00",
"tools": [
{
"vendor": "aquasecurity",

1
integration/testdata/fluentd-multiple-lockfiles.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json",
"ArtifactType": "cyclonedx",
"Metadata": {

1
integration/testdata/gomod-skip.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/gomod",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/gomod.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/gomod",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/gradle.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/gradle",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/helm.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/helm",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/helm_badname.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/helm_badname",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/helm_testchart.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/helm_testchart",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/helm_testchart.overridden.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/helm_testchart",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/mariner-1.0.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/mariner-1.0.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

4
integration/testdata/minikube-kbom.json.golden vendored
View File

@@ -1,12 +1,12 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/sbom/minikube-kbom.json",
"ArtifactType": "cyclonedx",
"Metadata": {
"OS": {
"Family": "ubuntu",
"Name": "22.04.2",
"EOSL": false
"Name": "22.04.2"
},
"ImageConfig": {
"architecture": "",

1
integration/testdata/mix.lock.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/mixlock",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/npm-with-dev.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/npm",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/npm.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/npm",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/nuget.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/nuget",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/opensuse-leap-151.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/opensuse-leap-151.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/oraclelinux-8.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/oraclelinux-8.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/photon-30.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/photon-30.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/pip.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/pip",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/pipenv.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/pipenv",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/pnpm.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/pnpm",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/poetry.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/poetry",
"ArtifactType": "repository",
"Metadata": {

186
integration/testdata/pom-cyclonedx.json.golden vendored
View File

@@ -5,7 +5,7 @@
"serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
"version": 1,
"metadata": {
"timestamp": "2020-09-10T14:20:30+00:00",
"timestamp": "2021-08-25T12:20:30+00:00",
"tools": [
{
"vendor": "aquasecurity",
@@ -102,6 +102,98 @@
}
],
"vulnerabilities": [
{
"id": "CVE-2021-20190",
"source": {
"name": "glad",
"url": "https://gitlab.com/gitlab-org/advisories-community"
},
"ratings": [
{
"source": {
"name": "ghsa"
},
"severity": "high"
},
{
"source": {
"name": "nvd"
},
"score": 8.3,
"severity": "high",
"method": "CVSSv2",
"vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"
},
{
"source": {
"name": "nvd"
},
"score": 8.1,
"severity": "high",
"method": "CVSSv31",
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"source": {
"name": "redhat"
},
"score": 8.1,
"severity": "high",
"method": "CVSSv31",
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"cwes": [
502
],
"description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.7",
"advisories": [
{
"url": "https://avd.aquasec.com/nvd/cve-2021-20190"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20190"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a"
},
{
"url": "https://github.com/FasterXML/jackson-databind/issues/2854"
},
{
"url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w"
},
{
"url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
}
],
"published": "2021-01-19T17:15:00+00:00",
"updated": "2021-07-20T23:15:00+00:00",
"affects": [
{
"ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1",
"versions": [
{
"version": "2.9.1",
"status": "affected"
}
]
}
]
},
{
"id": "CVE-2020-9548",
"source": {
@@ -223,98 +315,6 @@
]
}
]
},
{
"id": "CVE-2021-20190",
"source": {
"name": "glad",
"url": "https://gitlab.com/gitlab-org/advisories-community"
},
"ratings": [
{
"source": {
"name": "ghsa"
},
"severity": "high"
},
{
"source": {
"name": "nvd"
},
"score": 8.3,
"severity": "high",
"method": "CVSSv2",
"vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"
},
{
"source": {
"name": "nvd"
},
"score": 8.1,
"severity": "high",
"method": "CVSSv31",
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"source": {
"name": "redhat"
},
"score": 8.1,
"severity": "high",
"method": "CVSSv31",
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"cwes": [
502
],
"description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.7",
"advisories": [
{
"url": "https://avd.aquasec.com/nvd/cve-2021-20190"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-20190"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a"
},
{
"url": "https://github.com/FasterXML/jackson-databind/issues/2854"
},
{
"url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w"
},
{
"url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210219-0008/"
}
],
"published": "2021-01-19T17:15:00+00:00",
"updated": "2021-07-20T23:15:00+00:00",
"affects": [
{
"ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1",
"versions": [
{
"version": "2.9.1",
"status": "affected"
}
]
}
]
}
]
}

1
integration/testdata/pom.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/pom",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/pubspec.lock.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/pubspec",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/rockylinux-8.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/rockylinux-8.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

8
integration/testdata/secrets.asff.golden vendored
View File

@@ -6,8 +6,8 @@
"GeneratorId": "Trivy",
"AwsAccountId": "123456789012",
"Types": [ "Sensitive Data Identifications" ],
"CreatedAt": "2020-08-10T07:28:17.000958601Z",
"UpdatedAt": "2020-08-10T07:28:17.000958601Z",
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"UpdatedAt": "2021-08-25T12:20:30.000000005Z",
"Severity": {
"Label": "CRITICAL"
},
@@ -35,8 +35,8 @@
"GeneratorId": "Trivy",
"AwsAccountId": "123456789012",
"Types": [ "Sensitive Data Identifications" ],
"CreatedAt": "2020-08-10T07:28:17.000958601Z",
"UpdatedAt": "2020-08-10T07:28:17.000958601Z",
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"UpdatedAt": "2021-08-25T12:20:30.000000005Z",
"Severity": {
"Label": "CRITICAL"
},

1
integration/testdata/secrets.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/secrets",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/spring4shell-jre11.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/spring4shell-jre11.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/spring4shell-jre8.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/spring4shell-jre8.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/swift.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/swift",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/test-repo.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "https://github.com/knqyf263/trivy-ci-test",
"ArtifactType": "repository",
"Metadata": {

1
integration/testdata/ubi-7.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/ubi-7.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/ubuntu-1804-ignore-unfixed.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/ubuntu-1804.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz",
"ArtifactType": "container_image",
"Metadata": {

1
integration/testdata/ubuntu-gp2-x86-vm.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "disk.img",
"ArtifactType": "vm",
"Metadata": {

1
integration/testdata/yarn.json.golden vendored
View File

@@ -1,5 +1,6 @@
{
"SchemaVersion": 2,
"CreatedAt": 1629894030,
"ArtifactName": "testdata/fixtures/repo/yarn",
"ArtifactType": "repository",
"Metadata": {

9
magefiles/magefile.go
View File

@@ -266,6 +266,12 @@ func (t Test) Module() error {
return sh.RunWithV(ENV, "go", "test", "-v", "-tags=module_integration", "./integration/...")
}
// UpdateModuleGolden updates golden files for Wasm integration tests
func (t Test) UpdateModuleGolden() error {
mg.Deps(t.FixtureContainerImages, t.GenerateExampleModules)
return sh.RunWithV(ENV, "go", "test", "-v", "-tags=module_integration", "./integration/...", "-update")
}
// VM runs VM integration tests
func (t Test) VM() error {
mg.Deps(t.FixtureVMImages)
@@ -273,7 +279,8 @@ func (t Test) VM() error {
}
// UpdateVMGolden updates golden files for integration tests
func (Test) UpdateVMGolden() error {
func (t Test) UpdateVMGolden() error {
mg.Deps(t.FixtureVMImages)
return sh.RunWithV(ENV, "go", "test", "-v", "-tags=vm_integration", "./integration/...", "-update")
}

2
pkg/scanner/scan.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/google/wire"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy/pkg/clock"
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
flocal "github.com/aquasecurity/trivy/pkg/fanal/artifact/local"
@@ -172,6 +173,7 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (t
return types.Report{
SchemaVersion: report.SchemaVersion,
CreatedAt: clock.Now().Unix(),
ArtifactName: artifactInfo.Name,
ArtifactType: artifactInfo.Type,
Metadata: types.Metadata{

4
pkg/scanner/scan_test.go
View File

@@ -4,10 +4,12 @@ import (
"context"
"errors"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/pkg/clock"
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
@@ -17,6 +19,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
type args struct {
options types.ScanOptions
}
clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
tests := []struct {
name string
args args
@@ -96,6 +99,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
},
want: types.Report{
SchemaVersion: 2,
CreatedAt: 1629894030,
ArtifactName: "alpine:3.11",
ArtifactType: ftypes.ArtifactContainerImage,
Metadata: types.Metadata{

1
pkg/types/report.go
View File

@@ -11,6 +11,7 @@ import (
// Report represents a scan result
type Report struct {
SchemaVersion int `json:",omitempty"`
CreatedAt int64 `json:",omitempty"`
ArtifactName string `json:",omitempty"`
ArtifactType ftypes.ArtifactType `json:",omitempty"`
Metadata Metadata `json:",omitempty"`