gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 23:26:39 -08:00
Code Issues Packages Projects Releases Wiki Activity
1,667 Commits 29 Branches 178 Tags
a8ff5f06b54c1887eee0ddb51a0fc12ac56e4de5
Commit Graph

1667 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hirotaka Tagawa / wafuwafu13
a8ff5f06b5 test(fs): add --skip-files, --skip-dirs (#2984) 2022-10-12 15:20:56 +03:00
6543
561b2e7566 docs: add Woodpecker CI integrations example (#2823) 
Co-authored-by: Sebastian Crane <seabass-labrax@gmx.com>
 2022-10-12 15:01:59 +03:00
dependabot[bot]
4a3583da95 chore(deps): bump github.com/sigstore/rekor from 0.12.0 to 0.12.2 (#2981) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2022-10-12 13:45:56 +03:00
dependabot[bot]
4be9eebf07 chore(deps): bump github.com/liamg/memoryfs from 1.4.2 to 1.4.3 (#2976) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2022-10-12 13:44:35 +03:00
dependabot[bot]
a260d35dc1 chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 (#2975) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2022-10-12 13:37:20 +03:00
dependabot[bot]
558189f763 chore(deps): bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 (#2982) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2022-10-12 13:36:30 +03:00
DmitriyLewen
c2eb6ee301 fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000) 2022-10-11 21:25:46 +03:00
DmitriyLewen
68f79526bb fix(java): don't stop parsing jar file when wrong inner jar is found (#2989) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-10-11 12:45:44 +03:00
DmitriyLewen
be78da6c40 fix(sbom): use nuget purl type for dotnet-core (#2990) 
* use nuget prefix for dotnet-core

* refactor
 2022-10-11 12:23:43 +03:00
saso
92b5a1931e perf: retrieve rekor entries in bulk (#2987) 2022-10-09 10:53:00 +03:00
Liam Galvin
babd7e7526 feat(aws): Custom rego policies for AWS scanning (#2994) 2022-10-06 12:51:45 +03:00
AndrewCharlesHay
8ad9b8a939 docs: jq cli formatting (#2881) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-10-02 10:11:03 +03:00
Kyriakos Georgiou
a78684c340 docs(repo): troubleshooting $TMPDIR customization (#2985) 2022-10-02 10:05:09 +03:00
dependabot[bot]
7309ed0a5b chore(deps): bump actions/cache from 3.0.8 to 3.0.9 (#2969) 2022-10-02 10:03:49 +03:00
dependabot[bot]
9515a5ce8b chore(deps): bump actions/stale from 5 to 6 (#2970) 2022-10-02 10:03:26 +03:00
dependabot[bot]
955aff66df chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.7.0 (#2971) 2022-10-02 10:02:42 +03:00
dependabot[bot]
db56d238fd chore(deps): bump helm/chart-testing-action from 2.3.0 to 2.3.1 (#2972) 2022-10-02 10:02:22 +03:00
dependabot[bot]
05a723246e chore(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#2973) 2022-10-02 10:01:49 +03:00
afdesk
2c39d4729a chore: run go fmt (#2897) 2022-10-02 09:33:21 +03:00
Crypt Keeper
16a7dc10e0 chore(go): updates wazero to 1.0.0-pre.2 (#2955) 
Signed-off-by: Adrian Cole <adrian@tetrate.io>
 2022-10-02 09:29:15 +03:00
chavacava
ce4ba7c99c fix(aws): Less function for slice sorting always returns false #2967 
Signed-off-by: Salvador Cavadini <salvadorcavadini+github@gmail.com>
 2022-10-02 09:28:27 +03:00
DmitriyLewen
4ffe74643e fix(java): fix unmarshal pom exclusions (#2936) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-28 19:44:53 +03:00
DmitriyLewen
8b1cee845b fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943) v0.32.1 2022-09-28 15:32:01 +03:00
chenk
f5cbbb3fde chore: expat lib and go binary deps vulns (#2940) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2022-09-28 12:14:29 +03:00
Crypt Keeper
6882bdf561 wasm: Removes accidentally exported memory (#2950) 
Signed-off-by: Adrian Cole <adrian@tetrate.io>
 2022-09-28 11:12:46 +03:00
DmitriyLewen
6ea9a61cf3 fix(sbom): fix package name separation for gradle (#2906) 2022-09-28 11:11:23 +03:00
DmitriyLewen
3ee4c96f13 docs(readme.md): fix broken integrations link (#2931) 2022-09-28 11:03:20 +03:00
Moniseeta
5745961194 fix(image): handle images with single layer in rescan mergedLayers cache (#2927) 
For images with single layer, the layer key was directly being used as merged cache key.
This was posing an issue of data override and any other image having the same layer could get incorrect data.
So, fixed:
1. Even for 1 layer - merged layer key hash will be calculated
2. We will not go with assumption that merged data will have only 1 pkgInfo
3. We are setting a SchemaVersion in blob being generated in ToBlobInfo
 2022-09-22 14:46:28 +03:00
DmitriyLewen
e01253d54d fix(cli): split env values with ',' for slice flags (#2926) 2022-09-22 10:11:37 +03:00
Juan Antonio Osorio
0c1a42d4f3 fix(cli): config/helm: also take into account files with .yml (#2928) 
YAML files can also have the `.yml` file extension. So the helm config should take that into account.

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
 2022-09-21 17:08:13 +01:00
DmitriyLewen
237b8dcd06 fix(flag): add file-patterns flag for config subcommand (#2925) 2022-09-21 10:02:58 +03:00
dependabot[bot]
047a0b3d88 chore(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.43.1 (#2902) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2022-09-19 14:55:16 +03:00
Teppei Fukuda
585985edb3 docs: add Rekor SBOM attestation scanning (#2893) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
v0.32.0 		2022-09-16 15:43:01 +03:00
Teppei Fukuda
d30fa00adc chore: narrow the owner scope (#2894) 2022-09-16 15:42:31 +03:00
afdesk
38c1513af6 fix: remove a patch number from the recommendation link (#2891) 2022-09-16 12:23:58 +03:00
saso
ba29ce648c fix: enable parsing of UUID-only rekor entry ID (#2887) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-16 11:16:41 +03:00
Teppei Fukuda
018eda618b docs(sbom): add SPDX scanning (#2885) 2022-09-16 10:20:40 +03:00
Anais Urlichs
20f1e5991a docs: restructure docs and add tutorials (#2883) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 21:27:58 +03:00
saso
192fd78ca2 feat(sbom): scan sbom attestation in the rekor record (#2699) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 20:16:39 +03:00
chenk
597836c3a2 feat(k8s): support outdated-api (#2877) 2022-09-15 13:02:16 +03:00
dependabot[bot]
6c7bd67c04 chore(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#2815) 2022-09-15 11:40:54 +03:00
François Poirotte
41270434fe fix(c): support revisions in Conan parser (#2878) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 11:35:44 +03:00
chenk
b677d7e2e8 feat: dynamic links support for scan results (#2838) 2022-09-15 10:42:33 +03:00
dependabot[bot]
8e03bbb422 chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#2818) 2022-09-15 10:16:47 +03:00
George Rodrigues
27005c7d6a docs: update archlinux commands (#2876) 2022-09-15 10:14:53 +03:00
DmitriyLewen
b6e394dc80 feat(secret): add line from dockerfile where secret was added to secret result (#2780) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 10:13:20 +03:00
Masahiro331
9f6680a1fa feat(sbom): Add unmarshal for spdx (#2868) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 08:39:59 +03:00
dependabot[bot]
db0aaf18e6 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#2827) 2022-09-14 17:28:14 +03:00
AndrewCharlesHay
bb3220c3de fix: revert asff arn and add documentation (#2852) 2022-09-14 17:27:46 +03:00
AndrewCharlesHay
c51f2b82e4 docs: batch-import-findings limit (#2851) 2022-09-14 17:26:32 +03:00