gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 23:26:39 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,025 Commits 29 Branches 178 Tags
fd8348d610f20c6c33da81cd7b0e7d5504ce26be
Commit Graph

130 Commits

Author SHA1 Message Date
Teppei Fukuda
fd8348d610 feat(vuln): Add --detection-priority flag for accuracy tuning (#7288) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-08-02 10:41:56 +00:00
Teppei Fukuda
5c37361600 feat(vuln): add --pkg-relationships (#7237) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-07-29 06:18:59 +00:00
Teppei Fukuda
88ba46047c feat(vex): VEX Repository support (#7206) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2024-07-25 12:18:37 +00:00
DmitriyLewen
7cbdb0a0b5 feat(cli): rename --vuln-type flag to --pkg-types flag (#7104) 2024-07-09 08:06:29 +00:00
Teppei Fukuda
fc6b3a760b refactor: pass DB dir to trivy-db (#7057) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-07-02 04:32:46 +00:00
Teppei Fukuda
4be02bab8c refactor: use google/wire for cache (#7024) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-06-27 07:04:01 +00:00
Teppei Fukuda
8d0ae1f5de feat!: add clean subcommand (#6993) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-06-25 09:06:27 +00:00
Teppei Fukuda
648ead9553 refactor: replace global cache directory with parameter passing (#6986) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-06-21 09:45:39 +00:00
Teppei Fukuda
6dff4223ed refactor: unify cache implementations (#6977) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-06-21 06:35:33 +00:00
Teppei Fukuda
30bcb95350 refactor: use version-specific URLs for documentation references (#6966) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-06-20 10:41:43 +00:00
Teppei Fukuda
983ac15f22 ci: add depguard (#6963) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-06-20 02:48:08 +00:00
Teppei Fukuda
56dbe1f676 fix: include packages unless it is not needed (#6765) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-05-28 07:22:45 +00:00
simar7
88702cfd59 feat(misconf): Add support for deprecating a check (#6664) 
Signed-off-by: Simar <simar@linux.com>
 2024-05-16 01:14:51 +00:00
Katrin Leinweber
38e2fbf7f9 docs: link warning to both timeout config options (#6620) 2024-05-06 08:26:37 +00:00
DmitriyLewen
14c1024b47 refactor: move setting scanners when using compliance reports to flag parsing (#6619) 2024-05-03 11:27:37 +00:00
simar7
37da98df45 feat(misconf): Use updated terminology for misconfiguration checks (#6476) 
Signed-off-by: Simar <simar@linux.com>
 2024-05-02 18:16:17 +00:00
Teppei Fukuda
f0961d54f6 feat: respect custom exit code from plugin (#6584) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-05-02 05:07:49 +00:00
Nikita Pivkin
12ec0dfe9e feat(misconf): loading embedded checks as a fallback (#6502) 2024-04-19 06:22:31 +00:00
Teppei Fukuda
13e72eca58 refactor: remove parallel walk (#5180) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-04-17 18:24:18 +00:00
Teppei Fukuda
94d6e8ced6 refactor: replace zap with slog (#6466) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-04-11 18:59:09 +00:00
Jan-Otto Kröpke
53517d622b feat(misconf): add helm-api-version and helm-kube-version flag (#6332) 
Co-authored-by: Simar <simar@linux.com>
 2024-04-06 05:07:56 +00:00
Jeff Rescignano
f23ed77598 feat(misconf): Support private registries for misconf check bundle (#6327) 2024-04-01 05:45:58 +00:00
Parvez
9d2057a7c2 feat(image): customer podman host or socket option (#6256) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-03-11 04:27:57 +00:00
saso
7694df11fb fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) 2024-02-20 06:44:35 +00:00
Teppei Fukuda
99c04c4383 feat(report): output plugin (#4863) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-12-04 11:04:43 +00:00
simar7
b5874e3ad3 feat(misconf): Add --misconfig-scanners option (#5670) 2023-11-29 23:59:17 +00:00
simar7
13362233c8 feat(misconf): Expose misconf engine debug logs with --debug option (#5550) 
Signed-off-by: Simar <simar@linux.com>
 2023-11-16 02:29:38 +00:00
simar7
e3c28f8ee3 feat(misconf): Add support for --cf-params for CFT (#5507) 
Signed-off-by: Simar <simar@linux.com>
Co-authored-by: nikpivkin <nikita.pivkin@smartforce.io>
 2023-11-15 07:04:22 +00:00
Teppei Fukuda
ac0e327492 feat(flag): replace '--slow' with '--parallel' (#5572) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-11-15 06:41:13 +00:00
Michel Meyer
908a4914c7 feat(db): allow passing registry options (#5226) 
* feat(db): allow passing registry options

Signed-off-by: Michel Meyer <meyer_michel@outlook.com>

* feat(db): pass cli registry options to javaDB

---------

Signed-off-by: Michel Meyer <meyer_michel@outlook.com>
 2023-09-27 13:17:11 +00:00
Teppei Fukuda
9628b1cbf3 feat: add support for .trivyignore.yaml (#5070) 
* feat: add support for .trivyignore.yaml

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* add test for trivyignore.yaml

* Add doublestar support

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* go mod tidy

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* update docs

* test: fix

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: load .trivyignore once

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: add a debug log

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: add a table for fields

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: skip empty results

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* revert the change

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-08-31 11:53:37 +00:00
Nikita Pivkin
e8cf281471 fix(aws): resolve endpoint if endpoint is passed (#4925) 
* fix(aws): resolve endpoint to get identity if endpoint is passed

* resolve endpoint for ami and ebs

* return an error if aws region is missing
 2023-08-08 07:19:40 +00:00
simar7
11618c9408 feat(misconf): Support custom URLs for policy bundle (#4834) 
* feat(misconf): Support custom URLs for policy bundle

This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: https://github.com/aquasecurity/trivy/issues/4672

Signed-off-by: Simar <simar@linux.com>

* update docs

Signed-off-by: Simar <simar@linux.com>

* rename flag to `--policy-bundle-repository`

Signed-off-by: Simar <simar@linux.com>

* fix field

* rebase and update docs

Signed-off-by: Simar <simar@linux.com>

* set policyBundleRepo on client

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
 2023-07-26 08:45:49 +00:00
Teppei Fukuda
20c2246a61 fix(report): close the file (#4842) 
* fix(report): close the file

* refactor: add the format type

* fix: return errors in version printing

* fix: lint issues

* fix: do not fail on bogus cache dir

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-07-23 13:37:18 +00:00
simar7
a7bd7bb65f feat(misconf): Add support for independently enabling libraries (#4070) 
* feat(misconf): Add support for independently enabling libraries

Implements: https://github.com/aquasecurity/trivy/issues/4181

Signed-off-by: Simar <simar@linux.com>

* update tests

Signed-off-by: Simar <simar@linux.com>

* fix lint

Signed-off-by: Simar <simar@linux.com>

* fix tests

Signed-off-by: Simar <simar@linux.com>

* update defsec

Signed-off-by: Simar <simar@linux.com>

* fix test

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-23 09:44:59 +00:00
simar7
4bc8d29c15 feat(misconf): Support custom data for rego policies for cloud (#4745) 
* feat(misconf): Support custom data for cloud policies

Signed-off-by: Simar <simar@linux.com>

* use policyfs

Signed-off-by: Simar <simar@linux.com>

* refactor to reduce cyclomatic complexity

Signed-off-by: Simar <simar@linux.com>

* bump defsec

* update docs

Signed-off-by: Simar <simar@linux.com>

* update test assertion

Signed-off-by: Simar <simar@linux.com>

* update test

Need this as OPA is currently broken on Windows

https://github.com/open-policy-agent/opa/issues/4521

Signed-off-by: Simar <simar@linux.com>

* fix data path

* fix(mapfs): convert volume names into dirs

* revert creating temp dirs

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2023-07-17 12:34:20 +00:00
Nikita Pivkin
3c7d988d71 feat(cli): add --tf-exclude-downloaded-modules flag (#4810) 
* feat(cli): add --tf-exclude-downloaded-modules flag

* fix typo

* generate docs
 2023-07-16 08:56:03 +00:00
DmitriyLewen
22463ababd feat(cli): add include-dev-deps flag (#4700) 
* add Dev field for Package

* fix integration test

* update docs

* feat(cli): add include-dev flag

* bump go-dep-parser

* update docs

* add integration test

* refactor

* refactor

* fix integration test

* refactor: rename flag to include-dev-deps

* update docs

* update docs

* filter dev deps when scanning packages

* add flag support for server mode

* refactor: remove comment that might confuse

* refactor: move --include-dev-deps to the scanner flag group

* refactor: not return apps

* docs: update

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-29 13:15:52 +00:00
Tung Bui (Leo)
904f1cf24e fix: Show the correct URL of the secret scanning (#4682) 2023-06-21 10:57:54 +00:00
Teppei Fukuda
9ef01133c8 feat: add SBOM analyzer (#4210) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-06-02 09:34:07 +03:00
Teppei Fukuda
50fe43f14c feat(cli): convert JSON reports into a different format (#4452) 
Co-authored-by: Aurelien LAJOIE <aurelien.lajoie@kili-technology.com>
 2023-05-24 11:45:26 +03:00
simar7
92f9e98d04 feat(misconf): Add --reset-policy-bundle for policy bundle (#4167) 2023-05-18 11:54:01 +03:00
guangwu
56a01ec6f7 refactor: code-optimization (#4214) 2023-05-15 14:48:09 +03:00
Peter Engelbert
6a0e152657 feat(image): Add image-src flag to specify which runtime(s) to use (#4047) 
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-05-15 14:42:42 +03:00
Teppei Fukuda
55fb723a6e feat(image): enforce image platform (#4083) 2023-05-08 21:04:22 +03:00
Teppei Fukuda
11a5b91a1a feat(sbom): add VEX support (#4053) 2023-04-27 10:21:06 +03:00
Adarsh A
0650e0e1d5 feat(license): add new flag for classifier confidence level (#4073) 
Co-authored-by: Aswath S <aswath.s@thoughtworks.com>
 2023-04-24 13:41:08 +03:00
Teppei Fukuda
bd0c60364a perf(misconf): replace with post-analyzers (#4090) 
Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Simar <simar@linux.com>
 2023-04-23 19:22:46 +03:00
aswath-s-tw
be47b688c7 feat(image): custom docker host option (#3599) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-04-20 22:10:51 +03:00
Teppei Fukuda
f0df725c5a fix: lock downloading policies and database (#4017) 2023-04-10 15:37:13 +03:00