mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-08 22:00:46 -08:00
Compare commits
19 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
42f795fa34 | ||
|
|
8f737cc6eb | ||
|
|
76249bdcf0 | ||
|
|
59957d4c6b | ||
|
|
da8b72d2e7 | ||
|
|
b713ad0fd3 | ||
|
|
56115e9d4f | ||
|
|
7f859afacb | ||
|
|
628a7964d5 | ||
|
|
82fba77141 | ||
|
|
d5269da5ee | ||
|
|
8e57dee86b | ||
|
|
8bfbc84a41 | ||
|
|
1e811de263 | ||
|
|
8b5796f770 | ||
|
|
a2199bb417 | ||
|
|
279e76f704 | ||
|
|
5262590831 | ||
|
|
c275a841fd |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -27,3 +27,6 @@ integration/testdata/fixtures/images
|
||||
|
||||
# SBOMs generated during CI
|
||||
/bom.json
|
||||
|
||||
# goreleaser output
|
||||
dist
|
||||
|
||||
@@ -9,12 +9,14 @@ for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
|
||||
echo "Removing deb package of $release"
|
||||
reprepro -A i386 remove $release trivy
|
||||
reprepro -A amd64 remove $release trivy
|
||||
reprepro -A arm64 remove $release trivy
|
||||
done
|
||||
|
||||
for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
|
||||
echo "Adding deb package to $release"
|
||||
reprepro includedeb $release ../../dist/*Linux-64bit.deb
|
||||
reprepro includedeb $release ../../dist/*Linux-32bit.deb
|
||||
reprepro includedeb $release ../../dist/*Linux-ARM64.deb
|
||||
done
|
||||
|
||||
git add .
|
||||
|
||||
@@ -112,6 +112,31 @@
|
||||
</tr>
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if (eq (len .Misconfigurations ) 0) }}
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
{{- else }}
|
||||
<tr class="sub-header">
|
||||
<th>Type</th>
|
||||
<th>Misconf ID</th>
|
||||
<th>Check</th>
|
||||
<th>Severity</th>
|
||||
<th>Message</th>
|
||||
</tr>
|
||||
{{- range .Misconfigurations }}
|
||||
<tr class="severity-{{ escapeXML .Severity }}">
|
||||
<td class="misconf-type">{{ escapeXML .Type }}</td>
|
||||
<td>{{ escapeXML .ID }}</td>
|
||||
<td class="misconf-check">{{ escapeXML .Title }}</td>
|
||||
<td class="severity">{{ escapeXML .Severity }}</td>
|
||||
<td class="link" data-more-links="off" style="white-space:normal;"">
|
||||
{{ escapeXML .Message }}
|
||||
<br>
|
||||
<a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a>
|
||||
</br>
|
||||
</td>
|
||||
</tr>
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
</table>
|
||||
{{- else }}
|
||||
|
||||
@@ -50,11 +50,12 @@ $ rm trivy-offline.db.tgz
|
||||
|
||||
In an air-gapped environment it is your responsibility to update the Trivy database on a regular basis, so that the scanner can detect recently-identified vulnerabilities.
|
||||
|
||||
### Run Trivy with --skip-update option
|
||||
### Run Trivy with --skip-update and --offline-scan option
|
||||
In an air-gapped environment, specify `--skip-update` so that Trivy doesn't attempt to download the latest database file.
|
||||
In addition, if you want to scan Java dependencies such as JAR and pom.xml, you need to specify `--offline-scan` since Trivy tries to issue API requests for scanning Java applications by default.
|
||||
|
||||
```
|
||||
$ trivy image --skip-update alpine:3.12
|
||||
$ trivy image --skip-update --offline-scan alpine:3.12
|
||||
```
|
||||
|
||||
## Air-Gapped Environment for misconfigurations
|
||||
|
||||
@@ -10,6 +10,13 @@ Have you created a tool that’s not listed? Add the name and description of you
|
||||
| [gitrivy][gitrivy] | GitHub Issue + Trivy |
|
||||
| [trivy-github-issues][trivy-github-issues] | GitHub Actions for creating GitHub Issues according to the Trivy scanning result |
|
||||
|
||||
## Semaphore
|
||||
|
||||
| Name | Description |
|
||||
| -------------------------------------------------------| ----------------------------------------- |
|
||||
| [Continuous Vulnerability Testing with Trivy][semaphore-tutorial] | Tutorial on scanning code, containers, infrastructure, and Kubernetes with Semaphore CI/CD. |
|
||||
|
||||
|
||||
## CircleCI
|
||||
|
||||
| Orb | Description |
|
||||
@@ -26,4 +33,5 @@ Have you created a tool that’s not listed? Add the name and description of you
|
||||
[trivy-github-issues]: https://github.com/marketplace/actions/trivy-github-issues
|
||||
[fifteen5/trivy-orb]: https://circleci.com/developer/orbs/orb/fifteen5/trivy-orb
|
||||
[gitrivy]: https://github.com/marketplace/actions/trivy-action
|
||||
[explorer]: https://dbsystel.github.io/trivy-vulnerability-explorer/
|
||||
[explorer]: https://dbsystel.github.io/trivy-vulnerability-explorer/
|
||||
[semaphore-tutorial]: https://semaphoreci.com/blog/continuous-container-vulnerability-testing-with-trivy
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Unpacked Filesystem
|
||||
|
||||
Scan aan unpacked container image filesystem.
|
||||
Scan an unpacked container image filesystem.
|
||||
|
||||
In this case, Trivy works the same way when scanning containers
|
||||
|
||||
|
||||
@@ -22,6 +22,7 @@ OPTIONS:
|
||||
--timeout value timeout (default: 5m0s) [$TRIVY_TIMEOUT]
|
||||
--ignore-policy value specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
|
||||
--list-all-pkgs enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
|
||||
--offline-scan do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
|
||||
--token value for authentication [$TRIVY_TOKEN]
|
||||
--token-header value specify a header name for token (default: "Trivy-Token") [$TRIVY_TOKEN_HEADER]
|
||||
--remote value server address (default: "http://localhost:4954") [$TRIVY_REMOTE]
|
||||
|
||||
@@ -25,6 +25,7 @@ OPTIONS:
|
||||
--no-progress suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
|
||||
--ignore-policy value specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
|
||||
--list-all-pkgs enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
|
||||
--offline-scan do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
|
||||
--skip-files value specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
|
||||
--skip-dirs value specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
|
||||
--config-policy value specify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
|
||||
|
||||
@@ -27,6 +27,7 @@ OPTIONS:
|
||||
--light light mode: it's faster, but vulnerability descriptions and references are not displayed (default: false) [$TRIVY_LIGHT]
|
||||
--ignore-policy value specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
|
||||
--list-all-pkgs enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
|
||||
--offline-scan do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
|
||||
--skip-files value specify the file path to skip traversal [$TRIVY_SKIP_FILES]
|
||||
--skip-dirs value specify the directory where the traversal is skipped [$TRIVY_SKIP_DIRS]
|
||||
--cache-backend value cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
|
||||
|
||||
@@ -25,6 +25,7 @@ OPTIONS:
|
||||
--no-progress suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
|
||||
--ignore-policy value specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
|
||||
--list-all-pkgs enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
|
||||
--offline-scan do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
|
||||
--skip-files value specify the file path to skip traversal [$TRIVY_SKIP_FILES]
|
||||
--skip-dirs value specify the directory where the traversal is skipped [$TRIVY_SKIP_DIRS]
|
||||
--help, -h show help (default: false)
|
||||
|
||||
@@ -25,6 +25,7 @@ OPTIONS:
|
||||
--no-progress suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
|
||||
--ignore-policy value specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
|
||||
--list-all-pkgs enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
|
||||
--offline-scan do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]
|
||||
--skip-files value specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
|
||||
--skip-dirs value specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
|
||||
--config-policy value specify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
|
||||
|
||||
@@ -39,6 +39,22 @@ https://developer.github.com/v3/#rate-limiting
|
||||
$ GITHUB_TOKEN=XXXXXXXXXX trivy alpine:3.10
|
||||
```
|
||||
|
||||
### Maven rate limiting
|
||||
|
||||
!!! error
|
||||
``` bash
|
||||
$ trivy image ...
|
||||
...
|
||||
status 403 Forbidden from http://search.maven.org/solrsearch/select
|
||||
```
|
||||
|
||||
Trivy calls Maven API for better detection of JAR files, but many requests may exceed rate limiting.
|
||||
If it happens frequently, try the `--offline-scan` option to stop Trivy from making API requests.
|
||||
This option affects only vulnerability scanning. The vulnerability database and builtin policies are downloaded as usual.
|
||||
If you want to skip them as well, you can try `--skip-update` and `--skip-policy-update`.
|
||||
|
||||
Note that a number of vulnerabilities might be fewer than without the `--offline-scan` option.
|
||||
|
||||
### Running in parallel takes same time as series run
|
||||
When running trivy on multiple images simultaneously, it will take same time as running trivy in series.
|
||||
This is because of a limitation of boltdb.
|
||||
|
||||
@@ -68,6 +68,6 @@
|
||||
[nodejs]: https://github.com/nodejs/security-wg
|
||||
[gitlab]: https://gitlab.com/gitlab-org/advisories-community
|
||||
[go]: https://github.com/golang/vulndb
|
||||
[rust]: (https://github.com/RustSec/advisory-db)
|
||||
[rust]: https://github.com/RustSec/advisory-db
|
||||
|
||||
[nvd]: https://nvd.nist.gov/
|
||||
|
||||
@@ -2,23 +2,24 @@
|
||||
|
||||
`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
|
||||
|
||||
| Language | File | Image[^6] | Rootfs[^7] | Filesystem[^8] | Repository[^9] |Dev dependencies |
|
||||
|----------|--------------------------|:---------:|:----------:|:--------------:|:---------------:|-----------------|
|
||||
| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included |
|
||||
| | gemspec | ✅ | ✅ | - | - | included |
|
||||
| Python | Pipfile.lock | - | - | ✅ | ✅ | excluded |
|
||||
| | poetry.lock | - | - | ✅ | ✅ | included |
|
||||
| | requirements.txt | - | - | ✅ | ✅ | included |
|
||||
| | egg package[^1] | ✅ | ✅ | - | - | excluded |
|
||||
| | wheel package[^2] | ✅ | ✅ | - | - | excluded |
|
||||
| PHP | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded |
|
||||
| Node.js | package-lock.json | - | - | ✅ | ✅ | excluded |
|
||||
| | yarn.lock | - | - | ✅ | ✅ | included |
|
||||
| | package.json | ✅ | ✅ | - | - | excluded |
|
||||
| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included |
|
||||
| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | ✅ | ✅ | included |
|
||||
| Go | Binaries built by Go[^5] | ✅ | ✅ | - | - | excluded |
|
||||
| | go.sum | - | - | ✅ | ✅ | included |
|
||||
| Language | File | Image[^7] | Rootfs[^8] | Filesystem[^9] | Repository[^10] |Dev dependencies |
|
||||
|----------|--------------------------|:---------:|:----------:|:--------------:|:--------------:|-----------------|
|
||||
| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included |
|
||||
| | gemspec | ✅ | ✅ | - | - | included |
|
||||
| Python | Pipfile.lock | - | - | ✅ | ✅ | excluded |
|
||||
| | poetry.lock | - | - | ✅ | ✅ | included |
|
||||
| | requirements.txt | - | - | ✅ | ✅ | included |
|
||||
| | egg package[^1] | ✅ | ✅ | - | - | excluded |
|
||||
| | wheel package[^2] | ✅ | ✅ | - | - | excluded |
|
||||
| PHP | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded |
|
||||
| Node.js | package-lock.json | - | - | ✅ | ✅ | excluded |
|
||||
| | yarn.lock | - | - | ✅ | ✅ | included |
|
||||
| | package.json | ✅ | ✅ | - | - | excluded |
|
||||
| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included |
|
||||
| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | - | - | included |
|
||||
| | pom.xml[^5] | - | - | ✅ | ✅ | excluded |
|
||||
| Go | Binaries built by Go[^6] | ✅ | ✅ | - | - | excluded |
|
||||
| | go.sum | - | - | ✅ | ✅ | included |
|
||||
|
||||
The path of these files does not matter.
|
||||
|
||||
@@ -27,9 +28,10 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
|
||||
[^1]: `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO`
|
||||
[^2]: `.dist-info/META-DATA`
|
||||
[^3]: `*.jar`, `*.war`, and `*.ear`
|
||||
[^4]: It requires the Internet access
|
||||
[^5]: UPX-compressed binaries don't work
|
||||
[^6]: ✅ means "enabled" and `-` means "disabled" in the image scanning
|
||||
[^7]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
|
||||
[^8]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
|
||||
[^9]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
|
||||
[^4]: It requires Internet access
|
||||
[^5]: It requires Internet access when the POM doesn't exist in your local repository
|
||||
[^6]: UPX-compressed binaries don't work
|
||||
[^7]: ✅ means "enabled" and `-` means "disabled" in the image scanning
|
||||
[^8]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
|
||||
[^9]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
|
||||
[^10]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
|
||||
|
||||
6
go.mod
6
go.mod
@@ -7,8 +7,8 @@ require (
|
||||
github.com/Masterminds/sprig v2.22.0+incompatible
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
|
||||
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
|
||||
github.com/aquasecurity/fanal v0.0.0-20211130145558-2c76718ef52e
|
||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3
|
||||
github.com/aquasecurity/fanal v0.0.0-20211224205755-c94f68b6d71a
|
||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff
|
||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
|
||||
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
|
||||
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
|
||||
@@ -17,7 +17,6 @@ require (
|
||||
github.com/caarlos0/env/v6 v6.0.0
|
||||
github.com/cenkalti/backoff v2.2.1+incompatible
|
||||
github.com/cheggaaa/pb/v3 v3.0.3
|
||||
github.com/containerd/containerd v1.5.7 // indirect
|
||||
github.com/docker/cli v20.10.9+incompatible // indirect
|
||||
github.com/docker/docker v20.10.10+incompatible
|
||||
github.com/docker/go-connections v0.4.0
|
||||
@@ -29,6 +28,7 @@ require (
|
||||
github.com/google/go-github/v33 v33.0.0
|
||||
github.com/google/wire v0.4.0
|
||||
github.com/hashicorp/go-getter v1.5.2
|
||||
github.com/hashicorp/go-hclog v0.15.0 // indirect
|
||||
github.com/huandu/xstrings v1.3.2 // indirect
|
||||
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
|
||||
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
|
||||
|
||||
74
go.sum
74
go.sum
@@ -144,8 +144,8 @@ github.com/Microsoft/hcsshim v0.8.10/go.mod h1:g5uw8EV2mAlzqe94tfNBNdr89fnbD/n3H
|
||||
github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
|
||||
github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
|
||||
github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
|
||||
github.com/Microsoft/hcsshim v0.8.21 h1:btRfUDThBE5IKcvI8O8jOiIkujUsAMBSRsYDYmEi6oM=
|
||||
github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
|
||||
github.com/Microsoft/hcsshim v0.8.23 h1:47MSwtKGXet80aIn+7h4YI6fwPmwIghAnsx2aOUrG2M=
|
||||
github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
|
||||
github.com/Microsoft/hcsshim/test v0.0.0-20200826032352-301c83a30e7c/go.mod h1:30A5igQ91GEmhYJF8TaRP79pMBOYynRsyOByfVV0dU4=
|
||||
github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
|
||||
github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
|
||||
@@ -170,8 +170,9 @@ github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmx
|
||||
github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
|
||||
github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
|
||||
github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
|
||||
github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=
|
||||
github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
|
||||
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
|
||||
github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
|
||||
github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
@@ -206,10 +207,10 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz
|
||||
github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
|
||||
github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
|
||||
github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
|
||||
github.com/aquasecurity/fanal v0.0.0-20211130145558-2c76718ef52e h1:8cdrjNJ3aMcNglPK80y37T9B733dBoe7118hLC2XWBA=
|
||||
github.com/aquasecurity/fanal v0.0.0-20211130145558-2c76718ef52e/go.mod h1:tfiYxqoK/3PDW8Ut3UnxP7rKqFaSw1X6owKjAHjM1NA=
|
||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3 h1:zYNhYU4HUqJq+Lqhwf68gvd+v0cKqM2XOmggtHYLkoU=
|
||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU=
|
||||
github.com/aquasecurity/fanal v0.0.0-20211224205755-c94f68b6d71a h1:SAGMaeEgtCWrv8VD9tq+fbCjiSdTHPXjHXY9eTv/U7o=
|
||||
github.com/aquasecurity/fanal v0.0.0-20211224205755-c94f68b6d71a/go.mod h1:xKJMgVsb+TgCMoiv3u7aethmPTkZiryr2nSShtMdRmA=
|
||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4=
|
||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk=
|
||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
|
||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
|
||||
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc=
|
||||
@@ -221,8 +222,8 @@ github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 h1:rcEG5HI
|
||||
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
|
||||
github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
|
||||
github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
|
||||
github.com/aquasecurity/tfsec v0.61.4-0.20211130135821-0a1997e494fa h1:mgG6allqccyBmaE0qnWFl39ju156yqNVTd0D/xwuVko=
|
||||
github.com/aquasecurity/tfsec v0.61.4-0.20211130135821-0a1997e494fa/go.mod h1:MR3uDlWu+fBTisFndR+NwjSGt06RBhkE++JzKRJ0Ggs=
|
||||
github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64=
|
||||
github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20210916043317-726b7b72a47b h1:RaS93vlHzgreZk3CYqcNgoqukwbsBEYhAiE6qmhLwB0=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20210916043317-726b7b72a47b/go.mod h1:5h8GV7Qxp/SMJ4awWHs0KRxwVkKzcwOnRkORWOnCXRU=
|
||||
github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2/go.mod h1:6NhOP0CjZJL27bZZcaHECtzWdwDDm2g6yCY0QgXEGQQ=
|
||||
@@ -289,6 +290,7 @@ github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMS
|
||||
github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A=
|
||||
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
|
||||
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
|
||||
github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
|
||||
@@ -347,14 +349,14 @@ github.com/containerd/containerd v1.4.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMX
|
||||
github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
|
||||
github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
|
||||
github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
|
||||
github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
|
||||
github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
|
||||
github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
|
||||
github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
|
||||
github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
|
||||
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
|
||||
github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
|
||||
github.com/containerd/containerd v1.5.7 h1:rQyoYtj4KddB3bxG6SAqd4+08gePNyJjRqvOIfV3rkM=
|
||||
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
|
||||
github.com/containerd/containerd v1.5.8 h1:NmkCC1/QxyZFBny8JogwLpOy2f+VEbO/f6bV2Mqtwuw=
|
||||
github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
|
||||
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
@@ -369,6 +371,7 @@ github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZ
|
||||
github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
|
||||
github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
|
||||
github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
|
||||
github.com/containerd/fuse-overlayfs-snapshotter v1.0.2/go.mod h1:nRZceC8a7dRm3Ao6cJAwuJWPFiBPaibHiFntRUnzhwU=
|
||||
github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
|
||||
github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
|
||||
github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
|
||||
@@ -383,8 +386,10 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ
|
||||
github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
|
||||
github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
|
||||
github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
|
||||
github.com/containerd/stargz-snapshotter v0.0.0-20201027054423-3a04e4c2c116 h1:cj2qTm4k9TlXzzwCROQK0puJc2oauyjUiegQiqpNkuk=
|
||||
github.com/containerd/stargz-snapshotter v0.0.0-20201027054423-3a04e4c2c116/go.mod h1:o59b3PCKVAf9jjiKtCc/9hLAd+5p/rfhBfm6aBcTEr4=
|
||||
github.com/containerd/stargz-snapshotter v0.6.4 h1:mox1Ozl/LicA5j0O5Xk9Q8z+nOQQLnClarhxokyw9hI=
|
||||
github.com/containerd/stargz-snapshotter v0.6.4/go.mod h1:1t0SF1gAHJhCSftWKDLVitvfF3c2qhL5hymG7C50wto=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.6.4/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.7.0 h1:1d/rydzTywc76lnjJb6qbPCiTiCwts49AzKps/Ecblw=
|
||||
github.com/containerd/stargz-snapshotter/estargz v0.7.0/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw=
|
||||
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
|
||||
@@ -392,6 +397,7 @@ github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDG
|
||||
github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
|
||||
github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
|
||||
github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
|
||||
github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
|
||||
github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
|
||||
github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
|
||||
github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
|
||||
@@ -461,10 +467,12 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
||||
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
|
||||
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
|
||||
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
|
||||
github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
|
||||
github.com/docker/cli v0.0.0-20190925022749-754388324470/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
|
||||
github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
|
||||
github.com/docker/cli v20.10.0-beta1.0.20201029214301-1d20b15adc38+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
|
||||
github.com/docker/cli v20.10.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
|
||||
github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
|
||||
github.com/docker/cli v20.10.9+incompatible h1:OJ7YkwQA+k2Oi51lmCojpjiygKpi76P7bg91b2eJxYU=
|
||||
github.com/docker/cli v20.10.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
|
||||
@@ -479,6 +487,8 @@ github.com/docker/docker v1.4.2-0.20180531152204-71cd53e4a197/go.mod h1:eEKB0N0r
|
||||
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v17.12.0-ce-rc1.0.20200730172259-9f28837c1d93+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.0-beta1.0.20201110211921-af34b94a78a1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.3-0.20210609071616-4c2ec79bf2a8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.10+incompatible h1:GKkP0T7U4ks6X3lmmHKC2QDprnpRJor2Z5a8m62R9ZM=
|
||||
github.com/docker/docker v20.10.10+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
@@ -524,6 +534,7 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
|
||||
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
|
||||
github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg=
|
||||
github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
|
||||
github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||
github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
|
||||
@@ -684,6 +695,7 @@ github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw
|
||||
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
|
||||
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golang/snappy v0.0.4-0.20210608040537-544b4180ac70/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
|
||||
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
|
||||
@@ -818,6 +830,7 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFb
|
||||
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
|
||||
github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFisZH3Ok=
|
||||
github.com/hanwen/go-fuse/v2 v2.0.3/go.mod h1:0EQM6aH2ctVpvZ6a+onrQ/vaykxh2GH7hy3e13vzTUY=
|
||||
github.com/hanwen/go-fuse/v2 v2.1.0/go.mod h1:oRyA5eK+pvJyv5otpO/DgccS8y/RvYMaO00GgRLGryc=
|
||||
github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
|
||||
github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
|
||||
github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||
@@ -833,6 +846,7 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
|
||||
github.com/hashicorp/go-hclog v0.15.0 h1:qMuK0wxsoW4D0ddCCYwPSTm4KQv1X1ke3WmPWZ0Mvsk=
|
||||
github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
|
||||
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
|
||||
github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
|
||||
github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
|
||||
github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
|
||||
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
|
||||
@@ -863,8 +877,8 @@ github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uG
|
||||
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/hashicorp/hcl/v2 v2.6.0/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
|
||||
github.com/hashicorp/hcl/v2 v2.10.1 h1:h4Xx4fsrRE26ohAk/1iGF/JBqRQbyUqu5Lvj60U54ys=
|
||||
github.com/hashicorp/hcl/v2 v2.10.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
|
||||
github.com/hashicorp/hcl/v2 v2.11.1 h1:yTyWcXcm9XB0TEkyU/JCRU6rYy4K+mgLtzn2wlrJbcc=
|
||||
github.com/hashicorp/hcl/v2 v2.11.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
|
||||
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
|
||||
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
|
||||
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
|
||||
@@ -885,6 +899,7 @@ github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
|
||||
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
|
||||
github.com/ishidawataru/sctp v0.0.0-20210226210310-f2269e66cdee/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
|
||||
github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
|
||||
github.com/jaguilar/vt100 v0.0.0-20150826170717-2703a27b14ea/go.mod h1:QMdK4dGB3YhEW2BmA1wgGpPYI3HZy/5gD705PXKUVSg=
|
||||
github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
|
||||
@@ -945,8 +960,8 @@ github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4
|
||||
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
|
||||
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 h1:HDjRqotkViMNcGMGicb7cgxklx8OwnjtCBmyWEqrRvM=
|
||||
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936/go.mod h1:i4sF0l1fFnY1aiw08QQSwVAFxHEm311Me3WsU/X7nL0=
|
||||
github.com/knqyf263/go-rpmdb v0.0.0-20210911072402-73bd0ce46c49 h1:QazJZdFn/ApQh8OHepQiCKXGZ0QE08Bu8BnS10aHgvE=
|
||||
github.com/knqyf263/go-rpmdb v0.0.0-20210911072402-73bd0ce46c49/go.mod h1:RDPNeIkU5NWXtt0OMEoILyxwUC/DyXeRtK295wpqSi0=
|
||||
github.com/knqyf263/go-rpmdb v0.0.0-20211216113947-1369b2ee40b7 h1:xVowqxH8FU6XAG1YIIjeWiUlbDh9ZQZWpk5pz6IcxEU=
|
||||
github.com/knqyf263/go-rpmdb v0.0.0-20211216113947-1369b2ee40b7/go.mod h1:RDPNeIkU5NWXtt0OMEoILyxwUC/DyXeRtK295wpqSi0=
|
||||
github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=
|
||||
github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
@@ -1058,8 +1073,9 @@ github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
|
||||
github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
|
||||
github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE=
|
||||
github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/moby/buildkit v0.8.1 h1:zrGxLwffKM8nVxBvaJa7H404eQLfqlg1GB6YVIzXVQ0=
|
||||
github.com/moby/buildkit v0.8.1/go.mod h1:/kyU1hKy/aYCuP39GZA9MaKioovHku57N6cqlKZIaiQ=
|
||||
github.com/moby/buildkit v0.9.3 h1:0JmMLY45KIKFogJXv4LyWo+KmIMuvhit5TDrwBlxDp0=
|
||||
github.com/moby/buildkit v0.9.3/go.mod h1:5dZQUHg9STw/Fhl4zZiusDJKn8uje/0x952Nce4a8cg=
|
||||
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
|
||||
github.com/moby/sys/mount v0.1.0/go.mod h1:FVQFLDRWwyBjDTBNQXDlWnSFREqOo3OKX9aqhmeoo74=
|
||||
github.com/moby/sys/mount v0.1.1/go.mod h1:FVQFLDRWwyBjDTBNQXDlWnSFREqOo3OKX9aqhmeoo74=
|
||||
@@ -1073,6 +1089,7 @@ github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2J
|
||||
github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
|
||||
github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
|
||||
github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2/go.mod h1:TjQg8pa4iejrUrjiz0MCtMV38jdMNW4doKSiBrEvCQQ=
|
||||
github.com/moby/term v0.0.0-20201110203204-bea5bbe245bf/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
|
||||
github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 h1:rzf0wL0CHVc8CEsgyygG0Mn9CNCCPZqOPaz8RiiHYQk=
|
||||
github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
@@ -1176,6 +1193,7 @@ github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP
|
||||
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
||||
github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs=
|
||||
github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
|
||||
github.com/pelletier/go-toml v1.9.1/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
|
||||
github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
|
||||
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
|
||||
github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
|
||||
@@ -1367,7 +1385,10 @@ github.com/tmccombs/hcl2json v0.3.1/go.mod h1:ljY0/prd2IFUF3cagQjV3cpPEEQKzqyGqn
|
||||
github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
|
||||
github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85/go.mod h1:a7cilN64dG941IOXfhJhlH0qB92hxJ9A1ewrdUmJ6xo=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20210609172227-d72af97c0eaf/go.mod h1:lJAxK//iyZ3yGbQswdrPTxugZIDM7sd4bEsD0x3XMHk=
|
||||
github.com/tonistiigi/go-actions-cache v0.0.0-20211002214948-4d48f2ff622a/go.mod h1:YiIBjH5gP7mao3t0dBrNNBGuKYdeJmcAJjYLXr43k6A=
|
||||
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea/go.mod h1:WPnis/6cRcDZSUvVmezrxJPkiO87ThFYsoUiMwWNDJk=
|
||||
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f/go.mod h1:ulncasL3N9uLrVann0m+CDlJKWsIAP34MPcOJF6VRvc=
|
||||
github.com/twitchtv/twirp v8.1.0+incompatible h1:KGXanpa9LXdVE/V5P/tA27rkKFmXRGCtSNT7zdeeVOY=
|
||||
github.com/twitchtv/twirp v8.1.0+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
|
||||
github.com/uber/jaeger-client-go v2.25.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
|
||||
@@ -1465,12 +1486,28 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
|
||||
go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
|
||||
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
|
||||
go.opentelemetry.io/contrib v0.21.0/go.mod h1:EH4yDYeNoaTqn/8yCWQmfNB78VHfGX2Jt2bvnvzBlGM=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.21.0/go.mod h1:Vm5u/mtkj1OMhtao0v+BGo2LUoLCgHYXvRmj0jWITlE=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.21.0/go.mod h1:a9cocRplhIBkUAJmak+BPDx+LVL7cTmqUPB0uBcTA4k=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.21.0/go.mod h1:JQAtechjxLEL81EjmbRwxBq/XEzGaHcsPuDHAx54hg4=
|
||||
go.opentelemetry.io/otel v1.0.0-RC1/go.mod h1:x9tRa9HK4hSSq7jf2TKbqFbtt58/TGk0f9XiEYISI1I=
|
||||
go.opentelemetry.io/otel/exporters/jaeger v1.0.0-RC1/go.mod h1:FXJnjGCoTQL6nQ8OpFJ0JI1DrdOvMoVx49ic0Hg4+D4=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.0.0-RC1/go.mod h1:FliQjImlo7emZVjixV8nbDMAa4iAkcWTE9zzSEOiEPw=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.0.0-RC1/go.mod h1:cDwRc2Jrh5Gku1peGK8p9rRuX/Uq2OtVmLicjlw2WYU=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.0.0-RC1/go.mod h1:OYKzEoxgXFvehW7X12WYT4/a2BlASJK9l7RtG4A91fg=
|
||||
go.opentelemetry.io/otel/internal/metric v0.21.0/go.mod h1:iOfAaY2YycsXfYD4kaRSbLx2LKmfpKObWBEv9QK5zFo=
|
||||
go.opentelemetry.io/otel/metric v0.21.0/go.mod h1:JWCt1bjivC4iCrz/aCrM1GSw+ZcvY44KCbaeeRhzHnc=
|
||||
go.opentelemetry.io/otel/oteltest v1.0.0-RC1/go.mod h1:+eoIG0gdEOaPNftuy1YScLr1Gb4mL/9lpDkZ0JjMRq4=
|
||||
go.opentelemetry.io/otel/sdk v1.0.0-RC1/go.mod h1:kj6yPn7Pgt5ByRuwesbaWcRLA+V7BSDg3Hf8xRvsvf8=
|
||||
go.opentelemetry.io/otel/trace v1.0.0-RC1/go.mod h1:86UHmyHWFEtWjfWPSbu0+d0Pf9Q6e1U+3ViBOc+NXAg=
|
||||
go.opentelemetry.io/proto/otlp v0.9.0/go.mod h1:1vKfU9rv61e9EVGthD1zNvUbiwPcimSsOPU9brfSHJg=
|
||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
|
||||
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
|
||||
go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
|
||||
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
|
||||
go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4=
|
||||
go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
|
||||
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
|
||||
@@ -1748,6 +1785,7 @@ golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210313202042-bd2e13477e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: trivy
|
||||
version: 0.4.7
|
||||
version: 0.4.8
|
||||
appVersion: "0.21.0"
|
||||
description: Trivy helm chart
|
||||
keywords:
|
||||
|
||||
23
helm/trivy/templates/configmap.yaml
Normal file
23
helm/trivy/templates/configmap.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "trivy.fullname" . }}
|
||||
labels:
|
||||
{{ include "trivy.labels" . | indent 4 }}
|
||||
data:
|
||||
TRIVY_LISTEN: "0.0.0.0:{{ .Values.service.port }}"
|
||||
TRIVY_CACHE_DIR: "/home/scanner/.cache/trivy"
|
||||
{{- if .Values.trivy.cache.redis.enabled }}
|
||||
TRIVY_CACHE_BACKEND: {{ .Values.trivy.cache.redis.url | quote }}
|
||||
{{- end }}
|
||||
TRIVY_DEBUG: {{ .Values.trivy.debugMode | quote }}
|
||||
TRIVY_SKIP_UPDATE: {{ .Values.trivy.skipUpdate | quote }}
|
||||
{{- if .Values.httpProxy }}
|
||||
HTTP_PROXY: {{ .Values.httpProxy | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.httpsProxy }}
|
||||
HTTPS_PROXY: {{ .Values.httpsProxy | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.noProxy }}
|
||||
NO_PROXY: {{ .Values.noProxy | quote }}
|
||||
{{- end }}
|
||||
@@ -6,4 +6,4 @@ metadata:
|
||||
{{ include "trivy.labels" . | indent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
gitHubToken: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }}
|
||||
GITHUB_TOKEN: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }}
|
||||
|
||||
@@ -62,30 +62,11 @@ spec:
|
||||
{{- end }}
|
||||
args:
|
||||
- server
|
||||
env:
|
||||
- name: "TRIVY_LISTEN"
|
||||
value: "0.0.0.0:{{ .Values.service.port | default 4954 }}"
|
||||
- name: "TRIVY_CACHE_DIR"
|
||||
value: "/home/scanner/.cache/trivy"
|
||||
{{- if .Values.trivy.cache.redis.enabled }}
|
||||
- name: "TRIVY_CACHE_BACKEND"
|
||||
value: {{ .Values.trivy.cache.redis.url | quote }}
|
||||
{{- end }}
|
||||
- name: "TRIVY_DEBUG"
|
||||
value: {{ .Values.trivy.debugMode | default false | quote }}
|
||||
- name: "TRIVY_SKIP_UPDATE"
|
||||
value: {{ .Values.trivy.skipUpdate | default false | quote }}
|
||||
- name: "GITHUB_TOKEN"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "trivy.fullname" . }}
|
||||
key: gitHubToken
|
||||
- name: "HTTP_PROXY"
|
||||
value: {{ .Values.httpProxy | quote }}
|
||||
- name: "HTTPS_PROXY"
|
||||
value: {{ .Values.httpsProxy | quote }}
|
||||
- name: "NO_PROXY"
|
||||
value: {{ .Values.noProxy | quote }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "trivy.fullname" . }}
|
||||
- secretRef:
|
||||
name: {{ include "trivy.fullname" . }}
|
||||
ports:
|
||||
- name: trivy-http
|
||||
containerPort: {{ .Values.service.port }}
|
||||
|
||||
1
integration/testdata/alpine-310.html.golden
vendored
1
integration/testdata/alpine-310.html.golden
vendored
@@ -232,6 +232,7 @@
|
||||
<a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
4
integration/testdata/nodejs.json.golden
vendored
4
integration/testdata/nodejs.json.golden
vendored
@@ -92,7 +92,7 @@
|
||||
"PkgName": "lodash",
|
||||
"InstalledVersion": "4.17.4",
|
||||
"FixedVersion": "4.17.12",
|
||||
"SeveritySource": "nvd",
|
||||
"SeveritySource": "ghsa-npm",
|
||||
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744",
|
||||
"Title": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties",
|
||||
"Description": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.",
|
||||
@@ -164,7 +164,7 @@
|
||||
"PkgName": "lodash",
|
||||
"InstalledVersion": "4.17.4",
|
||||
"FixedVersion": "4.17.11",
|
||||
"SeveritySource": "nvd",
|
||||
"SeveritySource": "ghsa-npm",
|
||||
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010266",
|
||||
"Title": "Moderate severity vulnerability that affects lodash",
|
||||
"Description": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.",
|
||||
|
||||
@@ -18,6 +18,7 @@ import (
|
||||
"github.com/aquasecurity/trivy/pkg/commands/plugin"
|
||||
"github.com/aquasecurity/trivy/pkg/commands/server"
|
||||
tdb "github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
"github.com/aquasecurity/trivy/pkg/result"
|
||||
"github.com/aquasecurity/trivy/pkg/types"
|
||||
"github.com/aquasecurity/trivy/pkg/utils"
|
||||
@@ -225,6 +226,12 @@ var (
|
||||
EnvVars: []string{"TRIVY_SKIP_DIRS"},
|
||||
}
|
||||
|
||||
offlineScan = cli.BoolFlag{
|
||||
Name: "offline-scan",
|
||||
Usage: "do not issue API requests to identify dependencies",
|
||||
EnvVars: []string{"TRIVY_OFFLINE_SCAN"},
|
||||
}
|
||||
|
||||
// For misconfigurations
|
||||
configPolicy = cli.StringSliceFlag{
|
||||
Name: "config-policy",
|
||||
@@ -309,6 +316,7 @@ var (
|
||||
&ignorePolicy,
|
||||
&listAllPackages,
|
||||
&cacheBackendFlag,
|
||||
&offlineScan,
|
||||
stringSliceFlag(skipFiles),
|
||||
stringSliceFlag(skipDirs),
|
||||
}
|
||||
@@ -344,7 +352,10 @@ func NewApp(version string) *cli.App {
|
||||
|
||||
runAsPlugin := os.Getenv("TRIVY_RUN_AS_PLUGIN")
|
||||
if runAsPlugin == "" {
|
||||
app.Action = artifact.ImageRun
|
||||
app.Action = func(ctx *cli.Context) error {
|
||||
log.Logger.Warn("The root command will be removed. Please migrate to 'trivy image' command. See https://github.com/aquasecurity/trivy/discussions/1515")
|
||||
return artifact.ImageRun(ctx)
|
||||
}
|
||||
} else {
|
||||
app.Action = func(ctx *cli.Context) error {
|
||||
return plugin.RunWithArgs(ctx.Context, runAsPlugin, ctx.Args().Slice())
|
||||
@@ -465,6 +476,7 @@ func NewFilesystemCommand() *cli.Command {
|
||||
&noProgressFlag,
|
||||
&ignorePolicy,
|
||||
&listAllPackages,
|
||||
&offlineScan,
|
||||
stringSliceFlag(skipFiles),
|
||||
stringSliceFlag(skipDirs),
|
||||
stringSliceFlag(configPolicy),
|
||||
@@ -499,6 +511,7 @@ func NewRootfsCommand() *cli.Command {
|
||||
&noProgressFlag,
|
||||
&ignorePolicy,
|
||||
&listAllPackages,
|
||||
&offlineScan,
|
||||
stringSliceFlag(skipFiles),
|
||||
stringSliceFlag(skipDirs),
|
||||
stringSliceFlag(configPolicy),
|
||||
@@ -536,6 +549,7 @@ func NewRepositoryCommand() *cli.Command {
|
||||
&noProgressFlag,
|
||||
&ignorePolicy,
|
||||
&listAllPackages,
|
||||
&offlineScan,
|
||||
stringSliceFlag(skipFiles),
|
||||
stringSliceFlag(skipDirs),
|
||||
},
|
||||
@@ -569,6 +583,7 @@ func NewClientCommand() *cli.Command {
|
||||
stringSliceFlag(skipDirs),
|
||||
stringSliceFlag(configPolicy),
|
||||
&listAllPackages,
|
||||
&offlineScan,
|
||||
|
||||
// original flags
|
||||
&token,
|
||||
@@ -667,6 +682,18 @@ func NewPluginCommand() *cli.Command {
|
||||
ArgsUsage: "PLUGIN_NAME",
|
||||
Action: plugin.Uninstall,
|
||||
},
|
||||
{
|
||||
Name: "list",
|
||||
Aliases: []string{"l"},
|
||||
Usage: "list installed plugin",
|
||||
Action: plugin.List,
|
||||
},
|
||||
{
|
||||
Name: "info",
|
||||
Usage: "information about a plugin",
|
||||
ArgsUsage: "PLUGIN_NAME",
|
||||
Action: plugin.Information,
|
||||
},
|
||||
{
|
||||
Name: "run",
|
||||
Aliases: []string{"r"},
|
||||
@@ -674,6 +701,12 @@ func NewPluginCommand() *cli.Command {
|
||||
ArgsUsage: "PLUGIN_NAME [PLUGIN_OPTIONS]",
|
||||
Action: plugin.Run,
|
||||
},
|
||||
{
|
||||
Name: "update",
|
||||
Usage: "update an existing plugin",
|
||||
ArgsUsage: "PLUGIN_NAME",
|
||||
Action: plugin.Update,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -203,6 +203,7 @@ func scan(ctx context.Context, opt Option, initializeScanner InitializeScanner,
|
||||
DisabledAnalyzers: disabledAnalyzers(opt),
|
||||
SkipFiles: opt.SkipFiles,
|
||||
SkipDirs: opt.SkipDirs,
|
||||
Offline: opt.OfflineScan,
|
||||
}
|
||||
|
||||
s, cleanup, err := initializeScanner(ctx, target, cacheClient, cacheClient, opt.Timeout, artifactOpt, configScannerOptions)
|
||||
|
||||
@@ -143,7 +143,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func()
|
||||
// ScannerOptions is filled only when config scanning is enabled.
|
||||
var configScannerOptions config.ScannerOption
|
||||
if utils.StringInSlice(types.SecurityCheckConfig, opt.SecurityChecks) {
|
||||
builtinPolicyPaths, err := operation.InitBuiltinPolicies(ctx, false)
|
||||
builtinPolicyPaths, err := operation.InitBuiltinPolicies(ctx, opt.SkipPolicyUpdate)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, nil, xerrors.Errorf("failed to initialize default policies: %w", err)
|
||||
}
|
||||
@@ -161,6 +161,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func()
|
||||
DisabledAnalyzers: disabledAnalyzers(opt),
|
||||
SkipFiles: opt.SkipFiles,
|
||||
SkipDirs: opt.SkipDirs,
|
||||
Offline: opt.OfflineScan,
|
||||
}
|
||||
|
||||
if opt.Input != "" {
|
||||
|
||||
@@ -15,8 +15,9 @@ type ArtifactOption struct {
|
||||
Timeout time.Duration
|
||||
ClearCache bool
|
||||
|
||||
SkipDirs []string
|
||||
SkipFiles []string
|
||||
SkipDirs []string
|
||||
SkipFiles []string
|
||||
OfflineScan bool
|
||||
|
||||
// this field is populated in Init()
|
||||
Target string
|
||||
@@ -25,11 +26,12 @@ type ArtifactOption struct {
|
||||
// NewArtifactOption is the factory method to return artifact option
|
||||
func NewArtifactOption(c *cli.Context) ArtifactOption {
|
||||
return ArtifactOption{
|
||||
Input: c.String("input"),
|
||||
Timeout: c.Duration("timeout"),
|
||||
ClearCache: c.Bool("clear-cache"),
|
||||
SkipFiles: c.StringSlice("skip-files"),
|
||||
SkipDirs: c.StringSlice("skip-dirs"),
|
||||
Input: c.String("input"),
|
||||
Timeout: c.Duration("timeout"),
|
||||
ClearCache: c.Bool("clear-cache"),
|
||||
SkipFiles: c.StringSlice("skip-files"),
|
||||
SkipDirs: c.StringSlice("skip-dirs"),
|
||||
OfflineScan: c.Bool("offline-scan"),
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,6 +2,8 @@ package plugin
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
"golang.org/x/xerrors"
|
||||
@@ -47,6 +49,65 @@ func Uninstall(c *cli.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Information displays information about the plugin
|
||||
func Information(c *cli.Context) error {
|
||||
if c.NArg() != 1 {
|
||||
cli.ShowSubcommandHelpAndExit(c, 1)
|
||||
}
|
||||
|
||||
if err := initLogger(c); err != nil {
|
||||
return xerrors.Errorf("initialize logger error: %w", err)
|
||||
}
|
||||
|
||||
pluginName := c.Args().First()
|
||||
info, err := plugin.Information(pluginName)
|
||||
if err != nil {
|
||||
return xerrors.Errorf("plugin information display error: %w", err)
|
||||
}
|
||||
|
||||
if _, err = fmt.Fprintf(os.Stdout, info); err != nil {
|
||||
return xerrors.Errorf("print error: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// List displays a list of all of installed plugins
|
||||
func List(c *cli.Context) error {
|
||||
if err := initLogger(c); err != nil {
|
||||
return xerrors.Errorf("initialize error: %w", err)
|
||||
}
|
||||
|
||||
info, err := plugin.List()
|
||||
if err != nil {
|
||||
return xerrors.Errorf("plugin list display error: %w", err)
|
||||
}
|
||||
|
||||
if _, err = fmt.Fprintf(os.Stdout, info); err != nil {
|
||||
return xerrors.Errorf("print error: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Update updates an existing plugin
|
||||
func Update(c *cli.Context) error {
|
||||
if c.NArg() != 1 {
|
||||
cli.ShowSubcommandHelpAndExit(c, 1)
|
||||
}
|
||||
|
||||
if err := initLogger(c); err != nil {
|
||||
return xerrors.Errorf("initialize error: %w", err)
|
||||
}
|
||||
|
||||
pluginName := c.Args().First()
|
||||
if err := plugin.Update(pluginName); err != nil {
|
||||
return xerrors.Errorf("plugin update error: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Run runs the plugin
|
||||
func Run(c *cli.Context) error {
|
||||
if c.NArg() < 1 {
|
||||
|
||||
@@ -37,7 +37,7 @@ func NewDriver(libType string) (Driver, error) {
|
||||
driver = newPipDriver()
|
||||
case ftypes.NuGet:
|
||||
driver = newNugetDriver()
|
||||
case ftypes.Jar:
|
||||
case ftypes.Jar, ftypes.Pom:
|
||||
driver = newMavenDriver()
|
||||
case ftypes.GoBinary, ftypes.GoMod:
|
||||
driver = Driver{
|
||||
|
||||
@@ -2,13 +2,15 @@ package plugin
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/xerrors"
|
||||
yaml "gopkg.in/yaml.v3"
|
||||
"gopkg.in/yaml.v3"
|
||||
|
||||
"github.com/aquasecurity/trivy/pkg/downloader"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
@@ -183,6 +185,79 @@ func Uninstall(name string) error {
|
||||
return os.RemoveAll(pluginDir)
|
||||
}
|
||||
|
||||
// Information gets the information about an installed plugin
|
||||
func Information(name string) (string, error) {
|
||||
pluginDir := filepath.Join(dir(), name)
|
||||
|
||||
if _, err := os.Stat(pluginDir); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
return "", xerrors.Errorf("could not find a plugin called '%s', did you install it?", name)
|
||||
}
|
||||
return "", xerrors.Errorf("stat error: %w", err)
|
||||
}
|
||||
|
||||
plugin, err := loadMetadata(pluginDir)
|
||||
if err != nil {
|
||||
return "", xerrors.Errorf("unable to load metadata: %w", err)
|
||||
}
|
||||
|
||||
return fmt.Sprintf(`
|
||||
Plugin: %s
|
||||
Description: %s
|
||||
Version: %s
|
||||
Usage: %s
|
||||
`, plugin.Name, plugin.Description, plugin.Version, plugin.Usage), nil
|
||||
}
|
||||
|
||||
// List gets a list of all installed plugins
|
||||
func List() (string, error) {
|
||||
if _, err := os.Stat(dir()); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
return "No Installed Plugins\n", nil
|
||||
}
|
||||
return "", xerrors.Errorf("stat error: %w", err)
|
||||
}
|
||||
plugins, err := LoadAll()
|
||||
if err != nil {
|
||||
return "", xerrors.Errorf("unable to load plugins: %w", err)
|
||||
}
|
||||
pluginList := []string{"Installed Plugins:"}
|
||||
for _, plugin := range plugins {
|
||||
pluginList = append(pluginList, fmt.Sprintf(" Name: %s\n Version: %s\n", plugin.Name, plugin.Version))
|
||||
}
|
||||
|
||||
return strings.Join(pluginList, "\n"), nil
|
||||
}
|
||||
|
||||
// Update updates an existing plugin
|
||||
func Update(name string) error {
|
||||
pluginDir := filepath.Join(dir(), name)
|
||||
|
||||
if _, err := os.Stat(pluginDir); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
return xerrors.Errorf("could not find a plugin called '%s' to update: %w", name, err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
plugin, err := loadMetadata(pluginDir)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
log.Logger.Infof("Updating plugin '%s'", name)
|
||||
updated, err := Install(nil, plugin.Repository, true)
|
||||
if err != nil {
|
||||
return xerrors.Errorf("unable to perform an update installation: %w", err)
|
||||
}
|
||||
|
||||
if plugin.Version == updated.Version {
|
||||
log.Logger.Infof("The %s plugin is the latest version. [%s]", name, plugin.Version)
|
||||
} else {
|
||||
log.Logger.Infof("Updated '%s' from %s to %s", name, plugin.Version, updated.Version)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// LoadAll loads all plugins
|
||||
func LoadAll() ([]Plugin, error) {
|
||||
pluginsDir := dir()
|
||||
|
||||
@@ -291,6 +291,39 @@ func TestUninstall(t *testing.T) {
|
||||
assert.NoFileExists(t, pluginDir)
|
||||
}
|
||||
|
||||
func TestInformation(t *testing.T) {
|
||||
pluginName := "test_plugin"
|
||||
|
||||
tempDir := t.TempDir()
|
||||
pluginDir := filepath.Join(tempDir, ".trivy", "plugins", pluginName)
|
||||
|
||||
t.Setenv("XDG_DATA_HOME", tempDir)
|
||||
|
||||
// Create the test plugin directory
|
||||
err := os.MkdirAll(pluginDir, os.ModePerm)
|
||||
require.NoError(t, err)
|
||||
|
||||
// write the plugin name
|
||||
pluginMetadata := `name: "test_plugin"
|
||||
repository: github.com/aquasecurity/trivy-plugin-test
|
||||
version: "0.1.0"
|
||||
usage: test
|
||||
description: A simple test plugin`
|
||||
|
||||
err = os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(pluginMetadata), os.ModePerm)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Get Information for the plugin
|
||||
info, err := plugin.Information(pluginName)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "\nPlugin: test_plugin\n Description: A simple test plugin\n Version: 0.1.0\n Usage: test\n", info)
|
||||
|
||||
// Get Information for unknown plugin
|
||||
info, err = plugin.Information("unknown")
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, "could not find a plugin called 'unknown', did you install it?", err.Error())
|
||||
}
|
||||
|
||||
func TestLoadAll1(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
@@ -345,3 +378,46 @@ func TestLoadAll1(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdate(t *testing.T) {
|
||||
pluginName := "test_plugin"
|
||||
|
||||
tempDir := t.TempDir()
|
||||
pluginDir := filepath.Join(tempDir, ".trivy", "plugins", pluginName)
|
||||
|
||||
t.Setenv("XDG_DATA_HOME", tempDir)
|
||||
|
||||
// Create the test plugin directory
|
||||
err := os.MkdirAll(pluginDir, os.ModePerm)
|
||||
require.NoError(t, err)
|
||||
|
||||
// write the plugin name
|
||||
pluginMetadata := `name: "test_plugin"
|
||||
repository: testdata/test_plugin
|
||||
version: "0.0.5"
|
||||
usage: test
|
||||
description: A simple test plugin`
|
||||
|
||||
err = os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(pluginMetadata), os.ModePerm)
|
||||
require.NoError(t, err)
|
||||
|
||||
// verify initial version
|
||||
verifyVersion(t, pluginName, "0.0.5")
|
||||
|
||||
// Update the existing plugin
|
||||
err = plugin.Update(pluginName)
|
||||
require.NoError(t, err)
|
||||
|
||||
// verify plugin updated
|
||||
verifyVersion(t, pluginName, "0.1.0")
|
||||
}
|
||||
|
||||
func verifyVersion(t *testing.T, pluginName, expectedVersion string) {
|
||||
plugins, err := plugin.LoadAll()
|
||||
require.NoError(t, err)
|
||||
for _, plugin := range plugins {
|
||||
if plugin.Name == pluginName {
|
||||
assert.Equal(t, expectedVersion, plugin.Version)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/open-policy-agent/opa/rego"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
ftypes "github.com/aquasecurity/fanal/types"
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
|
||||
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
|
||||
@@ -66,10 +67,10 @@ func (c Client) FillVulnerabilityInfo(vulns []types.DetectedVulnerability, repor
|
||||
}
|
||||
|
||||
// Detect which data source should be used.
|
||||
source := c.detectSource(reportType)
|
||||
sources := c.detectSource(reportType)
|
||||
|
||||
// Select the severity according to the detected source.
|
||||
severity, severitySource := c.getVendorSeverity(&vuln, source)
|
||||
severity, severitySource := c.getVendorSeverity(&vuln, sources)
|
||||
|
||||
// The vendor might provide package-specific severity like Debian.
|
||||
// For example, CVE-2015-2328 in Debian has "unimportant" for mongodb and "low" for pcre3.
|
||||
@@ -84,38 +85,42 @@ func (c Client) FillVulnerabilityInfo(vulns []types.DetectedVulnerability, repor
|
||||
|
||||
vulns[i].Severity = severity
|
||||
vulns[i].SeveritySource = severitySource
|
||||
vulns[i].PrimaryURL = c.getPrimaryURL(vulnID, vuln.References, source)
|
||||
vulns[i].PrimaryURL = c.getPrimaryURL(vulnID, vuln.References, sources)
|
||||
vulns[i].Vulnerability.VendorSeverity = nil // Remove VendorSeverity from Results
|
||||
}
|
||||
}
|
||||
func (c Client) detectSource(reportType string) string {
|
||||
var source string
|
||||
func (c Client) detectSource(reportType string) []string {
|
||||
var sources []string
|
||||
switch reportType {
|
||||
case vulnerability.Ubuntu, vulnerability.Alpine, vulnerability.RedHat, vulnerability.RedHatOVAL,
|
||||
vulnerability.Debian, vulnerability.DebianOVAL, vulnerability.Fedora, vulnerability.Amazon,
|
||||
vulnerability.OracleOVAL, vulnerability.SuseCVRF, vulnerability.OpenSuseCVRF, vulnerability.Photon:
|
||||
source = reportType
|
||||
sources = []string{reportType}
|
||||
case vulnerability.CentOS: // CentOS doesn't have its own so we use RedHat
|
||||
source = vulnerability.RedHat
|
||||
sources = []string{vulnerability.RedHat}
|
||||
case "npm", "yarn":
|
||||
source = vulnerability.NodejsSecurityWg
|
||||
sources = []string{vulnerability.NodejsSecurityWg, vulnerability.GHSANpm, vulnerability.GLAD}
|
||||
case "nuget":
|
||||
source = vulnerability.GHSANuget
|
||||
sources = []string{vulnerability.GHSANuget, vulnerability.GLAD}
|
||||
case "pipenv", "poetry":
|
||||
source = vulnerability.PythonSafetyDB
|
||||
sources = []string{vulnerability.PythonSafetyDB, vulnerability.GHSAPip, vulnerability.GLAD}
|
||||
case "bundler":
|
||||
source = vulnerability.RubySec
|
||||
sources = []string{vulnerability.RubySec, vulnerability.GHSARubygems, vulnerability.GLAD}
|
||||
case "cargo":
|
||||
source = vulnerability.RustSec
|
||||
sources = []string{vulnerability.RustSec}
|
||||
case "composer":
|
||||
source = vulnerability.PhpSecurityAdvisories
|
||||
sources = []string{vulnerability.PhpSecurityAdvisories, vulnerability.GHSAComposer, vulnerability.GLAD}
|
||||
case ftypes.Jar:
|
||||
sources = []string{vulnerability.GHSAMaven, vulnerability.GLAD}
|
||||
}
|
||||
return source
|
||||
return sources
|
||||
}
|
||||
|
||||
func (c Client) getVendorSeverity(vuln *dbTypes.Vulnerability, source string) (string, string) {
|
||||
if vs, ok := vuln.VendorSeverity[source]; ok {
|
||||
return vs.String(), source
|
||||
func (c Client) getVendorSeverity(vuln *dbTypes.Vulnerability, sources []string) (string, string) {
|
||||
for _, source := range sources {
|
||||
if vs, ok := vuln.VendorSeverity[source]; ok {
|
||||
return vs.String(), source
|
||||
}
|
||||
}
|
||||
|
||||
// Try NVD as a fallback if it exists
|
||||
@@ -130,7 +135,7 @@ func (c Client) getVendorSeverity(vuln *dbTypes.Vulnerability, source string) (s
|
||||
return vuln.Severity, ""
|
||||
}
|
||||
|
||||
func (c Client) getPrimaryURL(vulnID string, refs []string, source string) string {
|
||||
func (c Client) getPrimaryURL(vulnID string, refs []string, sources []string) string {
|
||||
switch {
|
||||
case strings.HasPrefix(vulnID, "CVE-"):
|
||||
return "https://avd.aquasec.com/nvd/" + strings.ToLower(vulnID)
|
||||
@@ -142,11 +147,13 @@ func (c Client) getPrimaryURL(vulnID string, refs []string, source string) strin
|
||||
return "https://security-tracker.debian.org/tracker/" + vulnID
|
||||
}
|
||||
|
||||
prefixes := primaryURLPrefixes[source]
|
||||
for _, pre := range prefixes {
|
||||
for _, ref := range refs {
|
||||
if strings.HasPrefix(ref, pre) {
|
||||
return ref
|
||||
for _, source := range sources {
|
||||
prefixes := primaryURLPrefixes[source]
|
||||
for _, pre := range prefixes {
|
||||
for _, ref := range refs {
|
||||
if strings.HasPrefix(ref, pre) {
|
||||
return ref
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -263,9 +263,9 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) {
|
||||
|
||||
func TestClient_getPrimaryURL(t *testing.T) {
|
||||
type args struct {
|
||||
vulnID string
|
||||
refs []string
|
||||
source string
|
||||
vulnID string
|
||||
refs []string
|
||||
sources []string
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
@@ -275,36 +275,36 @@ func TestClient_getPrimaryURL(t *testing.T) {
|
||||
{
|
||||
name: "CVE-ID",
|
||||
args: args{
|
||||
vulnID: "CVE-2014-8484",
|
||||
refs: []string{"http://linux.oracle.com/cve/CVE-2014-8484.html"},
|
||||
source: vulnerability.OracleOVAL,
|
||||
vulnID: "CVE-2014-8484",
|
||||
refs: []string{"http://linux.oracle.com/cve/CVE-2014-8484.html"},
|
||||
sources: []string{vulnerability.OracleOVAL},
|
||||
},
|
||||
want: "https://avd.aquasec.com/nvd/cve-2014-8484",
|
||||
},
|
||||
{
|
||||
name: "RUSTSEC",
|
||||
args: args{
|
||||
vulnID: "RUSTSEC-2018-0017",
|
||||
refs: []string{"https://github.com/rust-lang-deprecated/tempdir/pull/46"},
|
||||
source: vulnerability.RustSec,
|
||||
vulnID: "RUSTSEC-2018-0017",
|
||||
refs: []string{"https://github.com/rust-lang-deprecated/tempdir/pull/46"},
|
||||
sources: []string{vulnerability.RustSec},
|
||||
},
|
||||
want: "https://rustsec.org/advisories/RUSTSEC-2018-0017",
|
||||
},
|
||||
{
|
||||
name: "GHSA",
|
||||
args: args{
|
||||
vulnID: "GHSA-28fw-88hq-6jmm",
|
||||
refs: []string{},
|
||||
source: vulnerability.PhpSecurityAdvisories,
|
||||
vulnID: "GHSA-28fw-88hq-6jmm",
|
||||
refs: []string{},
|
||||
sources: []string{vulnerability.PhpSecurityAdvisories},
|
||||
},
|
||||
want: "https://github.com/advisories/GHSA-28fw-88hq-6jmm",
|
||||
},
|
||||
{
|
||||
name: "Debian temp vulnerability",
|
||||
args: args{
|
||||
vulnID: "TEMP-0841856-B18BAF",
|
||||
refs: []string{},
|
||||
source: vulnerability.DebianOVAL,
|
||||
vulnID: "TEMP-0841856-B18BAF",
|
||||
refs: []string{},
|
||||
sources: []string{vulnerability.DebianOVAL},
|
||||
},
|
||||
want: "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF",
|
||||
},
|
||||
@@ -317,7 +317,7 @@ func TestClient_getPrimaryURL(t *testing.T) {
|
||||
"https://github.com/lodash/lodash/pull/4759",
|
||||
"https://www.npmjs.com/advisories/1523",
|
||||
},
|
||||
source: vulnerability.NodejsSecurityWg,
|
||||
sources: []string{vulnerability.NodejsSecurityWg},
|
||||
},
|
||||
want: "https://www.npmjs.com/advisories/1523",
|
||||
},
|
||||
@@ -329,7 +329,7 @@ func TestClient_getPrimaryURL(t *testing.T) {
|
||||
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00076.html",
|
||||
"https://www.suse.com/support/security/rating/",
|
||||
},
|
||||
source: vulnerability.OpenSuseCVRF,
|
||||
sources: []string{vulnerability.OpenSuseCVRF},
|
||||
},
|
||||
want: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00076.html",
|
||||
},
|
||||
@@ -337,7 +337,7 @@ func TestClient_getPrimaryURL(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
c := Client{}
|
||||
got := c.getPrimaryURL(tt.args.vulnID, tt.args.refs, tt.args.source)
|
||||
got := c.getPrimaryURL(tt.args.vulnID, tt.args.refs, tt.args.sources)
|
||||
assert.Equal(t, tt.want, got)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -308,6 +308,8 @@ func toDetectedMisconfiguration(res ftypes.MisconfResult, defaultSeverity dbType
|
||||
Traces: res.Traces,
|
||||
IacMetadata: ftypes.IacMetadata{
|
||||
Resource: res.Resource,
|
||||
Provider: res.Provider,
|
||||
Service: res.Service,
|
||||
StartLine: res.StartLine,
|
||||
EndLine: res.EndLine,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user