release: v0.61.1 [release/v0.61] (#8704 )

fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748 )
Co-authored-by: afdesk <work@afdesk.com> Co-authored-by: Simar <simar@linux.com>
2025-12-07 13:20:46 -08:00 · 2025-04-18 05:57:04 +00:00 · 2025-04-17 06:55:56 +00:00 · 2025-04-08 10:49:56 +00:00 · 2025-04-08 07:47:44 +00:00
9 changed files with 37 additions and 31 deletions
--- a/.github/workflows/cache-test-images.yaml
+++ b/.github/workflows/cache-test-images.yaml
@@ -27,7 +27,7 @@ jobs:
        run: |
          source integration/testimages.ini
          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

      ## We need to work with test image cache only for main branch
@@ -37,8 +37,6 @@ jobs:
        with:
          path: integration/testdata/fixtures/images
          key: cache-test-images-${{ steps.image-digest.outputs.digest }}
-          restore-keys:
-            cache-test-images-

      - name: Download test images
        if: github.ref_name == 'main'
@@ -66,7 +64,7 @@ jobs:
        run: |
          source integration/testimages.ini
          IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags |= sort' | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

      ## We need to work with test VM image cache only for main branch
@@ -76,8 +74,6 @@ jobs:
        with:
          path: integration/testdata/fixtures/vm-images
          key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
-          restore-keys:
-            cache-test-vm-images-

      - name: Download test VM images
        if: github.ref_name == 'main'
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -86,7 +86,7 @@ jobs:
        run: |
          source integration/testimages.ini
          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

      - name: Restore test images from cache
@@ -94,8 +94,6 @@ jobs:
        with:
          path: integration/testdata/fixtures/images
          key: cache-test-images-${{ steps.image-digest.outputs.digest }}
-          restore-keys:
-            cache-test-images-

      - name: Run integration tests
        run: mage test:integration
@@ -140,7 +138,7 @@ jobs:
        run: |
          source integration/testimages.ini
          IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

      - name: Restore test images from cache
@@ -148,8 +146,6 @@ jobs:
        with:
          path: integration/testdata/fixtures/images
          key: cache-test-images-${{ steps.image-digest.outputs.digest }}
-          restore-keys:
-            cache-test-images-

      - name: Run module integration tests
        shell: bash
@@ -177,7 +173,7 @@ jobs:
        run: |
          source integration/testimages.ini
          IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
-          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
+          DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags |= sort' | sha256sum | cut -d' ' -f1)
          echo "digest=$DIGEST" >> $GITHUB_OUTPUT

      - name: Restore test VM images from cache
@@ -185,8 +181,6 @@ jobs:
        with:
          path: integration/testdata/fixtures/vm-images
          key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
-          restore-keys:
-            cache-test-vm-images-

      - name: Run vm integration tests
        run: |
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1 +1 @@
-{".":"0.61.0"}
+{".":"0.61.1"}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog

+## [0.61.1](https://github.com/aquasecurity/trivy/compare/v0.61.0...v0.61.1) (2025-04-17)
+
+
+### Bug Fixes
+
+* **k8s:** correct compare artifact versions [backport: release/v0.61] ([#8699](https://github.com/aquasecurity/trivy/issues/8699)) ([9d6290b](https://github.com/aquasecurity/trivy/commit/9d6290b31977b1bd4ab47349cd26498bc3b079c3))
+* **k8s:** skip passed misconfigs for the summary report [backport: release/v0.61] ([#8748](https://github.com/aquasecurity/trivy/issues/8748)) ([80d120f](https://github.com/aquasecurity/trivy/commit/80d120fa0f96695e09eb97f43fb7413e5c773e50))
+
 ## [0.61.0](https://github.com/aquasecurity/trivy/compare/v0.60.0...v0.61.0) (2025-03-28)


--- a/go.mod
+++ b/go.mod
@@ -24,10 +24,10 @@ require (
 	github.com/aquasecurity/table v1.8.0
 	github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8
 	github.com/aquasecurity/tml v0.6.1
-	github.com/aquasecurity/trivy-checks v1.8.0
+	github.com/aquasecurity/trivy-checks v1.8.1
 	github.com/aquasecurity/trivy-db v0.0.0-20250227071930-8bd8a9b89e2d
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
-	github.com/aquasecurity/trivy-kubernetes v0.8.0
+	github.com/aquasecurity/trivy-kubernetes v0.8.1
 	github.com/aws/aws-sdk-go-v2 v1.36.3
 	github.com/aws/aws-sdk-go-v2/config v1.29.9
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.62
--- a/go.sum
+++ b/go.sum
@@ -802,14 +802,14 @@ github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8 h1:b43UVqY
 github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8/go.mod h1:wXA9k3uuaxY3yu7gxrxZDPo/04FEMJtwyecdAlYrEIo=
 github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
-github.com/aquasecurity/trivy-checks v1.8.0 h1:frMR06SEeDff1oEO6wBaTCqZCTBmZ+j8QAAl5EM1M4w=
-github.com/aquasecurity/trivy-checks v1.8.0/go.mod h1:zc1DGUFDUP/NUEMXlfaMsnVAEEEsygJrcd4SRQ7Mpko=
+github.com/aquasecurity/trivy-checks v1.8.1 h1:7df8KhZ0du2WAdGCUNcKYdz74iubAmP89+vaCUmxGbU=
+github.com/aquasecurity/trivy-checks v1.8.1/go.mod h1:zc1DGUFDUP/NUEMXlfaMsnVAEEEsygJrcd4SRQ7Mpko=
 github.com/aquasecurity/trivy-db v0.0.0-20250227071930-8bd8a9b89e2d h1:T16WrTi21YsMLQVhtp1r1hOIYK3x4BjnftpL9cp64Eo=
 github.com/aquasecurity/trivy-db v0.0.0-20250227071930-8bd8a9b89e2d/go.mod h1:4bTsQPtMBN8v+UfUlE1aQBN1imftefnDafHBF85+aT8=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
-github.com/aquasecurity/trivy-kubernetes v0.8.0 h1:GWnRPSPCmXnd5NTMZdobQx6xO2XzEtvxcv0gjS2tYnY=
-github.com/aquasecurity/trivy-kubernetes v0.8.0/go.mod h1:ueJJboNlUyi99DJvO5ZyZ/jnJWvZ0eTA6AzKxHHqMF8=
+github.com/aquasecurity/trivy-kubernetes v0.8.1 h1:MMy4bUSAoWJ4rQUANPu6dhao2AC81SnIfi3jxIHBk00=
+github.com/aquasecurity/trivy-kubernetes v0.8.1/go.mod h1:FOrdN3IKBcyRoFPtmTFyDx8U3eBch+djCvmmBW4awM4=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
--- a/integration/testimages.ini
+++ b/integration/testimages.ini
@@ -1,3 +1,3 @@
 # Configuration file for both shell scripts and Go programs
-TEST_IMAGES=ghcr.io/knqyf263/trivy-test-images
-TEST_VM_IMAGES=ghcr.io/knqyf263/trivy-test-vm-images
+TEST_IMAGES=ghcr.io/aquasecurity/trivy-test-images
+TEST_VM_IMAGES=ghcr.io/aquasecurity/trivy-test-vm-images
--- a/pkg/k8s/report/summary.go
+++ b/pkg/k8s/report/summary.go
@@ -170,6 +170,9 @@ func accumulateSeverityCounts(finding Resource) (map[string]int, map[string]int,
 			vCount[rv.Severity]++
 		}
 		for _, rv := range r.Misconfigurations {
+			if rv.Status == types.MisconfStatusPassed {
+				continue
+			}
 			mCount[rv.Severity]++
 		}
 		for _, rv := range r.Secrets {
--- a/pkg/k8s/writer_test.go
+++ b/pkg/k8s/writer_test.go
@@ -53,6 +53,11 @@ var (
 						Status:   types.MisconfStatusFailure,
 						Severity: "HIGH",
 					},
+					{
+						ID:       "KSV-ID103",
+						Status:   types.MisconfStatusPassed,
+						Severity: "HIGH",
+					},

 					{
 						ID:       "KCV-ID100",
@@ -265,7 +270,7 @@ func TestReportWrite_Table(t *testing.T) {
 		expectedOutput string
 	}{
 		{
-			name: "Only config, all serverities",
+			name: "Only config, all severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{deployOrionWithMisconfigs},
@@ -319,7 +324,7 @@ See https://google.com/search?q=bad%20config
 ────────────────────────────────────────`,
 		},
 		{
-			name: "Only vuln, all serverities",
+			name: "Only vuln, all severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{deployOrionWithVulns},
@@ -371,7 +376,7 @@ Total: 1 (LOW: 1)
 └─────────┴───────────────┴──────────┴─────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘`,
 		},
 		{
-			name: "Only rbac, all serverities",
+			name: "Only rbac, all severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{roleWithMisconfig},
@@ -393,7 +398,7 @@ RBAC Assessment
 Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`,
 		},
 		{
-			name: "Only secret, all serverities",
+			name: "Only secret, all severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{deployLuaWithSecrets},
@@ -424,7 +429,7 @@ Infra Assessment
 Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`,
 		},
 		{
-			name: "apiserver, only infra and serverities",
+			name: "apiserver, only infra and severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{apiseverPodWithMisconfigAndInfra},
@@ -455,7 +460,7 @@ Infra Assessment
 Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`,
 		},
 		{
-			name: "apiserver, vuln,config,secret and serverities",
+			name: "apiserver, vuln,config,secret and severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{apiseverPodWithMisconfigAndInfra},
@@ -490,7 +495,7 @@ Infra Assessment
 Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`,
 		},
 		{
-			name: "apiserver, all misconfig and vuln scanners and serverities",
+			name: "apiserver, all misconfig and vuln scanners and severities",
 			report: report.Report{
 				ClusterName: "test",
 				Resources:   []report.Resource{apiseverPodWithMisconfigAndInfra},
Author	SHA1	Message	Date
Aqua Security automated builds	7d3b4ffdd6	release: v0.61.1 [release/v0.61] (#8704 )	2025-04-18 05:57:04 +00:00
Aqua Security automated builds	80d120fa0f	fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748 ) Co-authored-by: afdesk <work@afdesk.com> Co-authored-by: Simar <simar@linux.com>	2025-04-17 06:55:56 +00:00
Aqua Security automated builds	9d6290b319	fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699 ) Co-authored-by: afdesk <work@afdesk.com>	2025-04-08 10:49:56 +00:00
Aqua Security automated builds	3799ebbb5a	test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698 ) Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>	2025-04-08 07:47:44 +00:00