trivy

mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 06:43:05 -08:00

Author	SHA1	Message	Date
Teppei Fukuda	216a33b4cd	fix: handle a scratch/busybox/DockerSlim image gracefully (#476 ) * fix: handle unknown OS and no package errors * chore(mod): update dependencies * integration: add busybox * update depdendencies and fix tests Signed-off-by: Simarpreet Singh <simar@linux.com> * chore(mod): use the latest trivy-db Co-authored-by: Simarpreet Singh <simar@linux.com>	2020-04-30 12:48:28 +03:00
Simarpreet Singh	ad0bb7ce23	rpc: Fix output to use templates when in client server mode. (#469 ) Signed-off-by: Simarpreet Singh <simar@linux.com>	2020-04-22 13:38:48 -07:00
Simarpreet Singh	17b84f6c09	Override with Vendor score if exists (#433 ) * wip: Add a failing test to demo severity override Signed-off-by: Simarpreet Singh <simar@linux.com> * scan.go: Return osFound for use in determining vendor. Signed-off-by: Simarpreet Singh <simar@linux.com> * pkg: Fix ScanImage return in case an OSFound Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Include a package-lock.json for happy path Signed-off-by: Simarpreet Singh <simar@linux.com> * wip: Add a test to include various reportResult types Signed-off-by: Simarpreet Singh <simar@linux.com> * Makefile: Add a target to generate mocks. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Pass reportType as argument for FillInfo. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add other types of vulnerabilities. Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Update golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * ospkg: Fix FillInfo for ospkg/server Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Add os.Family type to Response. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test.go: Add case where no vendor severity exists. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Fallback to NVD if it exists. Also add tests for other cases. Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Fix a few sites with reportType info and tests. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Remove VendorSeverity from displayed results Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add vulnerability source information. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add VendorSeverity logic for lightDB as well. This commit also makes FillInfo logic common to both light and full DBs. Signed-off-by: Simarpreet Singh <simar@linux.com> * remove some crufty TODOs Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test: Add a case for light db for documentation purposes Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: update trivy-db to point to master Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Remove cruft and bring back test cases Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Add pkg Type to mock return Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: reorder err check after err Signed-off-by: Simarpreet Singh <simar@linux.com> * client_test: Fix import ordering Signed-off-by: Simarpreet Singh <simar@linux.com> * convert.go: Use result.Type Signed-off-by: Simarpreet Singh <simar@linux.com> * convert: Use result.Type and simplify ConvertFromRpcResults signature Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Refactor calls to getVendorSeverity Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Remove centos-7-critical.json.golden There's no critical vulnerability in CentOS 7 anymore. In addition this test was not adding any value that is already not covered by existing tests cases. Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Include severity source in tests. Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Update test db to include VendorSeverity. Test DB is now a snapshot of full database from trivy-db. Also update golden files to include SeveritySource. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Make centos7 use RHEL vendor severities Signed-off-by: Simarpreet Singh <simar@linux.com>	2020-04-16 16:58:58 -07:00
Teppei Fukuda	ac5f313129	feat(db): store metadata as a file (#464 ) * refactor: wrap errors * feat(db): add the metadata file * test(db): re-generate mocks * fix(app): read metadata from the file in showVersion * fix: open the database after downloading it * fix(operation): use UpdateMetadata * chore(mod): update dependency * test(integration): fix tests * fix(conf): rename TRIVY_NONSSL to TRIVY_NON_SSL	2020-04-15 16:07:42 +03:00
Teppei Fukuda	b847e57991	feat: show origin layer for vulnerabilities (#439 ) * chore(mod): update dependencies * test(integration): update the golden file	2020-03-18 11:00:23 +02:00
Masahiro Fujimura	fcc193b7d1	Support Photon OS (#340 ) * Add photon * test(vulnerability): use generated structs and mock * test(photon): add integration tests * test(photon): comment in * test(integration): add vulnerability details to trivy.db * chore(mod): update dependencies * chore(README): add Photon OS Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2019-12-27 10:30:53 +02:00
Teppei Fukuda	823374b578	feat(client/server): add --token-headers option (#326 ) * feat(option): add token-header * feat(client): add token header * feat(server): add token header * test(token): fix tests * test(token): add integration tests * feat(client): add --custom-headers	2019-12-24 16:49:56 +02:00
Masahiro Fujimura	b127c1c8a7	Support SUSE (#337 ) * Add suse support * Add suse support * Add OpenSUSETumbleweed * mv suse to detector * Add trivy-db * Fix suse test * Add integration test * Change README.md * change go.mod * Fix bug * Fix integration * Fix golden file * update go.mod Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2019-12-23 21:27:25 +02:00
Teppei Fukuda	74717b888e	feat: support client/server mode (#295 ) * chore(app): change dir * feat(rpc): add a proto file and auto-generated files * chore(dep): add dependencies * fix(app): fix import path * fix(integration): fix import path * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * refactor: split functions for client/server (#296) * refactor(db): split db.Download * refactor(standalone): create a different package * refactor(vulnerability): split FillAndFilter * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * fix(db): remove an unused variable * fix(db): expose the github client as an argument of constructor * refactor(vulnerability): add the detail message * feat(rpc): add rpc client (#302) * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * feat(rpc): convert types * feat(rpc): add rpc client * token: Refactor to handle bad headers being set Signed-off-by: Simarpreet Singh <simar@linux.com> * feat(rpc): add rpc server (#303) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * test(mock): add mocks * test(rpc/server): add tests * test(rpc/ospkg/server): add tests * tets(os/detector): add tests * refactor(library): move directories * chore(dependency): add google/wire * refactor(library): introduce google/wire * refactor(ospkg/detector): move directory * feat(rpc): add eosl * refactor(ospkg): introduce google/wire * refactor(wire): bind an interface * refactor(client): use wire.Struct * chore(Makefile): fix wire * test(server): add AssertExpectations * test(server): add AssertExpectations * refactor(server): remove debug log * refactor(error): add more context messages * test(server): fix error message * refactor(test): create a constructor of mock * refactor(config): remove an unused variable * test(config): add an assertion to test the config struct * feat(client/server): add sub commands (#304) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * feat(client/server): add sub commands * merge(server3) * test(scan): remove an unused mock * refactor(client): generate the constructor by wire * fix(cli): change the default port * fix(server): use auto-generated constructor * feat(ospkg): return eosl * test(integration): add integration tests for client/server (#306) * fix(server): remove unnecessary options * test(integration): add integration tests for client/server * fix(server): wrap an error * fix(server): change the update interval * fix(server): display the error detail * test(config): add an assertion to test the config struct * fix(client): returns an error when failing to initizlie a logger * test(ospkg/server): add eosl * Squashed commit of the following: * test(server): refactor and add tests (#307) * test(github): create a mock * test(db): create a mock * test(server): add tests for DB hot update * chore(db): add a log message * refactor(db): introduce google/wire * refactor(rpc): move directory * refactor(injector): fix import name * refactor(import): remove new lines * fix(server): display the error detail * fix(server): change the update interval * fix(server): wrap an error * test(integration): add integration tests for client/server * fix(server): remove unnecessary options * refactor(server): return an error when failing to initialize a logger * refactor(server): remove unused error * fix(client/server): fix default port * chore(README): add client/server * chore(README): update	2019-12-13 15:00:11 +02:00

9 Commits