gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,700 Commits 29 Branches 178 Tags
f23ed7759802391b33d957e21334e661f3bb92ae
Commit Graph

109 Commits

Author SHA1 Message Date
Jeff Rescignano
f23ed77598 feat(misconf): Support private registries for misconf check bundle (#6327) 2024-04-01 05:45:58 +00:00
Parvez
9d2057a7c2 feat(image): customer podman host or socket option (#6256) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-03-11 04:27:57 +00:00
saso
7694df11fb fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) 2024-02-20 06:44:35 +00:00
Teppei Fukuda
99c04c4383 feat(report): output plugin (#4863) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-12-04 11:04:43 +00:00
simar7
b5874e3ad3 feat(misconf): Add --misconfig-scanners option (#5670) 2023-11-29 23:59:17 +00:00
simar7
13362233c8 feat(misconf): Expose misconf engine debug logs with --debug option (#5550) 
Signed-off-by: Simar <simar@linux.com>
 2023-11-16 02:29:38 +00:00
simar7
e3c28f8ee3 feat(misconf): Add support for --cf-params for CFT (#5507) 
Signed-off-by: Simar <simar@linux.com>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>
 2023-11-15 07:04:22 +00:00
Teppei Fukuda
ac0e327492 feat(flag): replace '--slow' with '--parallel' (#5572) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-11-15 06:41:13 +00:00
Michel Meyer
908a4914c7 feat(db): allow passing registry options (#5226) 
* feat(db): allow passing registry options

Signed-off-by: Michel Meyer <meyer_michel@outlook.com>

* feat(db): pass cli registry options to javaDB

---------

Signed-off-by: Michel Meyer <meyer_michel@outlook.com>
 2023-09-27 13:17:11 +00:00
Teppei Fukuda
9628b1cbf3 feat: add support for .trivyignore.yaml (#5070) 
* feat: add support for .trivyignore.yaml

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* add test for trivyignore.yaml

* Add doublestar support

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* go mod tidy

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* update docs

* test: fix

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: load .trivyignore once

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: add a debug log

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: add a table for fields

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: skip empty results

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* revert the change

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-08-31 11:53:37 +00:00
Nikita Pivkin
e8cf281471 fix(aws): resolve endpoint if endpoint is passed (#4925) 
* fix(aws): resolve endpoint to get identity if endpoint is passed

* resolve endpoint for ami and ebs

* return an error if aws region is missing
 2023-08-08 07:19:40 +00:00
simar7
11618c9408 feat(misconf): Support custom URLs for policy bundle (#4834) 
* feat(misconf): Support custom URLs for policy bundle

This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: https://github.com/aquasecurity/trivy/issues/4672

Signed-off-by: Simar <simar@linux.com>

* update docs

Signed-off-by: Simar <simar@linux.com>

* rename flag to `--policy-bundle-repository`

Signed-off-by: Simar <simar@linux.com>

* fix field

* rebase and update docs

Signed-off-by: Simar <simar@linux.com>

* set policyBundleRepo on client

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
 2023-07-26 08:45:49 +00:00
Teppei Fukuda
20c2246a61 fix(report): close the file (#4842) 
* fix(report): close the file

* refactor: add the format type

* fix: return errors in version printing

* fix: lint issues

* fix: do not fail on bogus cache dir

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-07-23 13:37:18 +00:00
simar7
a7bd7bb65f feat(misconf): Add support for independently enabling libraries (#4070) 
* feat(misconf): Add support for independently enabling libraries

Implements: https://github.com/aquasecurity/trivy/issues/4181

Signed-off-by: Simar <simar@linux.com>

* update tests

Signed-off-by: Simar <simar@linux.com>

* fix lint

Signed-off-by: Simar <simar@linux.com>

* fix tests

Signed-off-by: Simar <simar@linux.com>

* update defsec

Signed-off-by: Simar <simar@linux.com>

* fix test

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-23 09:44:59 +00:00
simar7
4bc8d29c15 feat(misconf): Support custom data for rego policies for cloud (#4745) 
* feat(misconf): Support custom data for cloud policies

Signed-off-by: Simar <simar@linux.com>

* use policyfs

Signed-off-by: Simar <simar@linux.com>

* refactor to reduce cyclomatic complexity

Signed-off-by: Simar <simar@linux.com>

* bump defsec

* update docs

Signed-off-by: Simar <simar@linux.com>

* update test assertion

Signed-off-by: Simar <simar@linux.com>

* update test

Need this as OPA is currently broken on Windows

https://github.com/open-policy-agent/opa/issues/4521

Signed-off-by: Simar <simar@linux.com>

* fix data path

* fix(mapfs): convert volume names into dirs

* revert creating temp dirs

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2023-07-17 12:34:20 +00:00
Nikita Pivkin
3c7d988d71 feat(cli): add --tf-exclude-downloaded-modules flag (#4810) 
* feat(cli): add --tf-exclude-downloaded-modules flag

* fix typo

* generate docs
 2023-07-16 08:56:03 +00:00
DmitriyLewen
22463ababd feat(cli): add include-dev-deps flag (#4700) 
* add Dev field for Package

* fix integration test

* update docs

* feat(cli): add include-dev flag

* bump go-dep-parser

* update docs

* add integration test

* refactor

* refactor

* fix integration test

* refactor: rename flag to include-dev-deps

* update docs

* update docs

* filter dev deps when scanning packages

* add flag support for server mode

* refactor: remove comment that might confuse

* refactor: move --include-dev-deps to the scanner flag group

* refactor: not return apps

* docs: update

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-29 13:15:52 +00:00
Tung Bui (Leo)
904f1cf24e fix: Show the correct URL of the secret scanning (#4682) 2023-06-21 10:57:54 +00:00
Teppei Fukuda
9ef01133c8 feat: add SBOM analyzer (#4210) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-06-02 09:34:07 +03:00
Teppei Fukuda
50fe43f14c feat(cli): convert JSON reports into a different format (#4452) 
Co-authored-by: Aurelien LAJOIE <aurelien.lajoie@kili-technology.com>
 2023-05-24 11:45:26 +03:00
simar7
92f9e98d04 feat(misconf): Add --reset-policy-bundle for policy bundle (#4167) 2023-05-18 11:54:01 +03:00
guangwu
56a01ec6f7 refactor: code-optimization (#4214) 2023-05-15 14:48:09 +03:00
Peter Engelbert
6a0e152657 feat(image): Add image-src flag to specify which runtime(s) to use (#4047) 
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-05-15 14:42:42 +03:00
Teppei Fukuda
55fb723a6e feat(image): enforce image platform (#4083) 2023-05-08 21:04:22 +03:00
Teppei Fukuda
11a5b91a1a feat(sbom): add VEX support (#4053) 2023-04-27 10:21:06 +03:00
Adarsh A
0650e0e1d5 feat(license): add new flag for classifier confidence level (#4073) 
Co-authored-by: Aswath S <aswath.s@thoughtworks.com>
 2023-04-24 13:41:08 +03:00
Teppei Fukuda
bd0c60364a perf(misconf): replace with post-analyzers (#4090) 
Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Simar <simar@linux.com>
 2023-04-23 19:22:46 +03:00
aswath-s-tw
be47b688c7 feat(image): custom docker host option (#3599) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-04-20 22:10:51 +03:00
Teppei Fukuda
f0df725c5a fix: lock downloading policies and database (#4017) 2023-04-10 15:37:13 +03:00
DmitriyLewen
67236f6aac fix(sbom): add checksum to files (#3888) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-03-30 09:24:27 +03:00
Teppei Fukuda
f14bed4532 feat: add auth support for downloading OCI artifacts (#3915) 2023-03-30 05:53:24 +03:00
Teppei Fukuda
ca0d972cdb feat(image): add registry options (#3906) 2023-03-28 07:00:04 +03:00
DmitriyLewen
1fac7bf1ba fix: disable jar analyzer for scanners other than vuln (#3810) 2023-03-13 00:11:25 +02:00
DmitriyLewen
6614398ab4 fix(license): disable jar analyzer for licence scan only (#3780) 2023-03-07 13:22:23 +02:00
Teppei Fukuda
bc0836623c fix(cli): pass integer to exit-on-eol (#3716) 2023-03-01 12:18:11 +02:00
Kalyana Krishna Varanasi
302c8ae24c feat: Adding --module-dir and --enable-modules (#3677) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-03-01 12:09:53 +02:00
Teppei Fukuda
34120f4201 feat: add special IDs for filtering secrets (#3702) 2023-03-01 09:51:11 +02:00
Teppei Fukuda
b791362871 feat: summarize vulnerabilities in compliance reports (#3651) 2023-02-28 00:09:00 +02:00
Teppei Fukuda
793cc43d4c feat(go): license support (#3683) 2023-02-24 17:52:35 +02:00
chenk
92eaf636ca feat: config outdated-api result filtered by k8s version (#3578) 
Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-02-22 15:41:37 +02:00
Jack Lin
32acd293fd feat(flag): add exit-on-eosl option (#3423) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-02-15 10:51:15 +02:00
Alexej Disterhoft
86603bb9c5 fix(cli): make java db repository configurable (#3595) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-02-14 15:01:15 +02:00
Teppei Fukuda
7f8868b7d8 fix(sbom): download the Java DB when generating SBOM (#3539) 2023-02-01 17:33:09 +02:00
DmitriyLewen
7bf1e192ec feat(java): use trivy-java-db to get GAV (#3484) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-02-01 11:48:05 +02:00
Teppei Fukuda
cb5af0b33b feat(image): add support for Docker CIS Benchmark (#3496) 
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-01-31 07:31:59 +02:00
Teppei Fukuda
fb0d8f3f30 feat(image): scan misconfigurations in image config (#3437) 2023-01-30 04:48:29 +02:00
Teppei Fukuda
e1076085d9 refactor: rename security-checks to scanners (#3467) 2023-01-23 16:53:06 +02:00
simar7
a1d4427c8b feat(misconf): Fetch policies from OCI registry (#3015) 
Signed-off-by: Simar <simar@linux.com>
 2023-01-15 13:37:04 +02:00
behara
c110c4e028 revert: cache merged layers (#3334) 
This reverts commit 6b4ddaaef2.
 2022-12-28 10:01:01 +02:00
tockn
e92266f2c8 feat(vm): add region option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2022-12-15 12:21:05 +02:00