trivy

mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00

Author	SHA1	Message	Date
Huang Huang	e621cf2bc1	Sunsetting VendorVectors (#718 )	2020-10-25 13:45:56 +02:00
Teppei Fukuda	ea28d3b6f3	test(vulnerability): fix usages of new trivy-db refactor changes (#611 ) * mod: Update trivy-db Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test: Fix usages of new trivy-db refactor changes Signed-off-by: Simarpreet Singh <simar@linux.com> * chore(mod): update trivy-db Co-authored-by: Simarpreet Singh <simar@linux.com>	2020-08-25 12:21:15 +03:00
Teppei Fukuda	9c6f077818	feat(report): support OPA to filter vulnerabilities (#562 ) * feat(cli): add --filter option * feat(opa): support OPA * test(opa): add a test case with OPA * test: update a mock * chore(mod): update dependencies * chore(filter): add example Rego files * chore(README): update * chore(rego): apply opa fmt * refactor: replace filter with policy * chore(policy): update rego files * fix(vulnerability): evaluate each vulnerability * chore(README): update * Update README.md Co-authored-by: Itay Shakury <itay@itaysk.com> * Update README.md Co-authored-by: Itay Shakury <itay@itaysk.com> * chore(README): update a TOC link * fix: replace allow with ignore * chore(README): update Co-authored-by: Itay Shakury <itay@itaysk.com>	2020-07-22 21:10:44 +03:00
Teppei Fukuda	4f90b114ea	feat(vulnerability): add CWE-ID (#561 ) * chore(mod): update dependency * test(vulnerability): add CweIDs	2020-07-16 11:07:27 +03:00
Simarpreet Singh	d18d17b861	db: Update trivy-db to include CVSS score info (#530 ) * mod: Update trivy-db to include CVSS score info Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Update go.mod Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Update trivy-db to latest Signed-off-by: Simarpreet Singh <simar@linux.com>	2020-07-07 08:16:42 -07:00
Simarpreet Singh	a57c27eeec	vulnerability: Add CVSS Vectors to JSON output. (#484 ) * vulnerability: Add CVSS Vectors to JSON output. Now Trivy will display the CVSS Vectors presented by various vendors as part of the JSON output. This can be seen as follows: ``` { "VulnerabilityID": "CVE-2019-9923", "PkgName": "tar", "InstalledVersion": "1.30+dfsg-6", "Layer": { "Digest": "sha256:90fe46dd819953eb995f9cc9c326130abe9dd0b3993a998e12c01d0218a0b831", "DiffID": "sha256:e40d297cf5f89a9822af4c2f63caa2f2085d5aa188137506918e603774b083cb" }, "SeveritySource": "debian", "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "Severity": "LOW", "VendorVectors": { "nvd": { "v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "redhat": { "v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } }, "References": [ "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "http://savannah.gnu.org/bugs/?55369", "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" ] }, ``` Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: Update to latest master of trivy-db Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test: Fix tests for new struct type Signed-off-by: Simarpreet Singh <simar@linux.com>	2020-05-21 14:22:14 -07:00
Simarpreet Singh	17b84f6c09	Override with Vendor score if exists (#433 ) * wip: Add a failing test to demo severity override Signed-off-by: Simarpreet Singh <simar@linux.com> * scan.go: Return osFound for use in determining vendor. Signed-off-by: Simarpreet Singh <simar@linux.com> * pkg: Fix ScanImage return in case an OSFound Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Include a package-lock.json for happy path Signed-off-by: Simarpreet Singh <simar@linux.com> * wip: Add a test to include various reportResult types Signed-off-by: Simarpreet Singh <simar@linux.com> * Makefile: Add a target to generate mocks. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Pass reportType as argument for FillInfo. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add other types of vulnerabilities. Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Update golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * ospkg: Fix FillInfo for ospkg/server Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Add os.Family type to Response. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test.go: Add case where no vendor severity exists. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Fallback to NVD if it exists. Also add tests for other cases. Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Fix a few sites with reportType info and tests. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Remove VendorSeverity from displayed results Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add vulnerability source information. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add VendorSeverity logic for lightDB as well. This commit also makes FillInfo logic common to both light and full DBs. Signed-off-by: Simarpreet Singh <simar@linux.com> * remove some crufty TODOs Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test: Add a case for light db for documentation purposes Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: update trivy-db to point to master Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Remove cruft and bring back test cases Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Add pkg Type to mock return Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: reorder err check after err Signed-off-by: Simarpreet Singh <simar@linux.com> * client_test: Fix import ordering Signed-off-by: Simarpreet Singh <simar@linux.com> * convert.go: Use result.Type Signed-off-by: Simarpreet Singh <simar@linux.com> * convert: Use result.Type and simplify ConvertFromRpcResults signature Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Refactor calls to getVendorSeverity Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Remove centos-7-critical.json.golden There's no critical vulnerability in CentOS 7 anymore. In addition this test was not adding any value that is already not covered by existing tests cases. Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Include severity source in tests. Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Update test db to include VendorSeverity. Test DB is now a snapshot of full database from trivy-db. Also update golden files to include SeveritySource. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Make centos7 use RHEL vendor severities Signed-off-by: Simarpreet Singh <simar@linux.com>	2020-04-16 16:58:58 -07:00
Masahiro Fujimura	fcc193b7d1	Support Photon OS (#340 ) * Add photon * test(vulnerability): use generated structs and mock * test(photon): add integration tests * test(photon): comment in * test(integration): add vulnerability details to trivy.db * chore(mod): update dependencies * chore(README): add Photon OS Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>	2019-12-27 10:30:53 +02:00
Teppei Fukuda	74717b888e	feat: support client/server mode (#295 ) * chore(app): change dir * feat(rpc): add a proto file and auto-generated files * chore(dep): add dependencies * fix(app): fix import path * fix(integration): fix import path * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * refactor: split functions for client/server (#296) * refactor(db): split db.Download * refactor(standalone): create a different package * refactor(vulnerability): split FillAndFilter * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * fix(db): remove an unused variable * fix(db): expose the github client as an argument of constructor * refactor(vulnerability): add the detail message * feat(rpc): add rpc client (#302) * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * feat(rpc): convert types * feat(rpc): add rpc client * token: Refactor to handle bad headers being set Signed-off-by: Simarpreet Singh <simar@linux.com> * feat(rpc): add rpc server (#303) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * test(mock): add mocks * test(rpc/server): add tests * test(rpc/ospkg/server): add tests * tets(os/detector): add tests * refactor(library): move directories * chore(dependency): add google/wire * refactor(library): introduce google/wire * refactor(ospkg/detector): move directory * feat(rpc): add eosl * refactor(ospkg): introduce google/wire * refactor(wire): bind an interface * refactor(client): use wire.Struct * chore(Makefile): fix wire * test(server): add AssertExpectations * test(server): add AssertExpectations * refactor(server): remove debug log * refactor(error): add more context messages * test(server): fix error message * refactor(test): create a constructor of mock * refactor(config): remove an unused variable * test(config): add an assertion to test the config struct * feat(client/server): add sub commands (#304) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * feat(client/server): add sub commands * merge(server3) * test(scan): remove an unused mock * refactor(client): generate the constructor by wire * fix(cli): change the default port * fix(server): use auto-generated constructor * feat(ospkg): return eosl * test(integration): add integration tests for client/server (#306) * fix(server): remove unnecessary options * test(integration): add integration tests for client/server * fix(server): wrap an error * fix(server): change the update interval * fix(server): display the error detail * test(config): add an assertion to test the config struct * fix(client): returns an error when failing to initizlie a logger * test(ospkg/server): add eosl * Squashed commit of the following: * test(server): refactor and add tests (#307) * test(github): create a mock * test(db): create a mock * test(server): add tests for DB hot update * chore(db): add a log message * refactor(db): introduce google/wire * refactor(rpc): move directory * refactor(injector): fix import name * refactor(import): remove new lines * fix(server): display the error detail * fix(server): change the update interval * fix(server): wrap an error * test(integration): add integration tests for client/server * fix(server): remove unnecessary options * refactor(server): return an error when failing to initialize a logger * refactor(server): remove unused error * fix(client/server): fix default port * chore(README): add client/server * chore(README): update	2019-12-13 15:00:11 +02:00
knqyf263	4bf0615579	test(vulnerability): format	2019-11-10 16:16:37 +02:00
knqyf263	8257e0d455	test(vulnerability): fix test	2019-11-01 22:09:40 +02:00
knqyf263	47273ef6da	feat(library_scanner): use trivy-db	2019-10-31 12:26:02 +02:00

12 Commits