gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-07 05:10:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:v0.42.0
Branches Tags
gitea-mirror:main gitea-mirror:gh-pages gitea-mirror:release-please--branches--main gitea-mirror:dependabot/go_modules/common-cc771e60f7 gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/go_modules/docker-27a0fd26b0 gitea-mirror:dependabot/go_modules/aws-180b2af62a gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1
...
compare: gitea-mirror:v0.44.0
Branches Tags
gitea-mirror:gh-pages gitea-mirror:release-please--branches--main gitea-mirror:main gitea-mirror:dependabot/go_modules/common-cc771e60f7 gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/go_modules/docker-27a0fd26b0 gitea-mirror:dependabot/go_modules/aws-180b2af62a gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1

117 Commits
v0.42.0 ... v0.44.0

Author SHA1 Message Date
Teppei Fukuda
d19c7d9f29 feat(repo): support local repositories (#4890) 
* feat(repo): support local repositories

* fix tests

* test: fix client/server tests

* docs: update

* test: add fs tests

* test: do not update golden files if overridden

* docs: remove a comment about fs deprecation
 2023-07-31 11:27:36 +00:00
DmitriyLewen
3c19761875 bump go-dep-parser (#4893) 2023-07-31 11:08:25 +00:00
Nikita Pivkin
e1c2a8c804 fix(misconf): add missing fields to proto (#4861) 
* fix(misconf): add missing fields to proto

* mark deleted fields as reserved
 2023-07-30 11:15:36 +00:00
Nikita Pivkin
8b8e0e83d1 fix: remove trivy-db package replacement (#4877) 
* fix: remove trivy-db package replacement

* fix: remove trivy-db package replacement
 2023-07-30 07:37:14 +00:00
Nikita Pivkin
f9efe44fd3 chore(test): bump the integration test timeout to 15m (#4880) 2023-07-30 07:34:48 +00:00
simar7
7271d682fb chore(deps): Update defsec to v0.91.0 (#4886) 
* chore(deps): Update defsec to v0.91.0

* update tests

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
 2023-07-30 07:31:34 +00:00
Teppei Fukuda
c3bc67c89a chore: update CODEOWNERS (#4871) 
* Update CODEOWNERS

* Add simar7
 2023-07-27 07:05:15 +00:00
Teppei Fukuda
232ba823e1 feat(vuln): support vulnerability status (#4867) 
* feat: support vulnerability status

* feat: show status in table

* don't add `fixed` status in debian/redhat

* update test golden files

* add Status in rpc

* update docs

* update ignore-status example

* add ignore-status in integration test

* docs: add the explanation for statuses

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-07-26 11:55:03 +00:00
simar7
11618c9408 feat(misconf): Support custom URLs for policy bundle (#4834) 
* feat(misconf): Support custom URLs for policy bundle

This PR adds support for custom policy bundles to be specified
with a flag `--policy-bundle-url` as an option to Trivy.

Fixes: https://github.com/aquasecurity/trivy/issues/4672

Signed-off-by: Simar <simar@linux.com>

* update docs

Signed-off-by: Simar <simar@linux.com>

* rename flag to `--policy-bundle-repository`

Signed-off-by: Simar <simar@linux.com>

* fix field

* rebase and update docs

Signed-off-by: Simar <simar@linux.com>

* set policyBundleRepo on client

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
 2023-07-26 08:45:49 +00:00
Teppei Fukuda
07075696d1 refactor: replace with sortable packages (#4858) 2023-07-24 07:09:14 +00:00
Damian E
fbe1c9eb1f docs: correct license scanning sample command (#4855) 2023-07-24 05:02:55 +00:00
Teppei Fukuda
20c2246a61 fix(report): close the file (#4842) 
* fix(report): close the file

* refactor: add the format type

* fix: return errors in version printing

* fix: lint issues

* fix: do not fail on bogus cache dir

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-07-23 13:37:18 +00:00
DmitriyLewen
24a3e547d9 feat(nodejs): add support for include-dev-deps flag for yarn (#4812) 
* add support for include-dev-deps flag

* remove go.mod replace

* refactor

* bump go-dep-parser

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-23 13:07:49 +00:00
simar7
a7bd7bb65f feat(misconf): Add support for independently enabling libraries (#4070) 
* feat(misconf): Add support for independently enabling libraries

Implements: https://github.com/aquasecurity/trivy/issues/4181

Signed-off-by: Simar <simar@linux.com>

* update tests

Signed-off-by: Simar <simar@linux.com>

* fix lint

Signed-off-by: Simar <simar@linux.com>

* fix tests

Signed-off-by: Simar <simar@linux.com>

* update defsec

Signed-off-by: Simar <simar@linux.com>

* fix test

Signed-off-by: Simar <simar@linux.com>

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-23 09:44:59 +00:00
DmitriyLewen
4aa9ea0961 feat(secret): add secret config file for cache calculation (#4837) 
* move parse secret config to initScannerConfig + add secret to cache key

* add calc cache test

* just read config file and add to cache

* refactor comments

* refactor
 2023-07-23 08:26:22 +00:00
Sogo Kato
5d349d8147 Fix a link in gitlab-ci.md (#4850) 2023-07-23 08:20:29 +00:00
Nikita Pivkin
a61531c1f7 fix(flag): use globalstar to skip directories (#4854) 2023-07-23 06:11:46 +00:00
DmitriyLewen
78cc20937d chore(deps): bump github.com/docker/docker from v23.0.5+incompatible to v23.0.7-0.20230714215826-f00e7af96042+incompatible (#4849) 
* use 1.19.10 version for integration tests

* fix go-version field

* revert test workflow changes

* bump docker/docker
 2023-07-21 09:00:35 +00:00
afdesk
93996041b2 fix(license): using common way for splitting licenses (#4434) 
* fix(license): using common way for splitting licenses

* add test cases

* TEST new regex

* extract function

* fix version detection

---------

Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2023-07-19 08:05:43 +00:00
AliDatadog
3e2416d77c fix(containerd): Use img platform in exporter instead of strict host platform (#4477) 
* match with img platform instead of host platform

* client matching pull spec

* use default platform

* pull with platforms default strict

* use withplatform to pull and add debug log

* looks like we are trying to scan a i386 image

* revert changes on test, use the right platform match

* try with Config.Platform

* use spect.platform

* fix function usage

* try another way to retrieve the platform

* fix compilation

* read platforms from config manifest

* use platform from RegistryOptions if available, otherwise get the actual platform

* goimport

* put platform in containerd client

* fix panic

* use DefaultStrict as default
 2023-07-19 07:54:24 +00:00
DmitriyLewen
ce77bb46c3 remove govulndb (#4783) 2023-07-19 07:24:35 +00:00
Nikita Pivkin
c05caae43f fix(java): inherit licenses from parents (#4817) 2023-07-19 06:51:58 +00:00
Teppei Fukuda
aca11b95d0 refactor: add allowed values for CLI flags (#4800) 
* refactor: rename Value to Default

* refactor: support allowed values for CLI flags

* docs: auto-generate

* test: fix

* test: add tests for flags
 2023-07-17 13:13:23 +00:00
DmitriyLewen
4cecd17ea5 add example regex to allow rules (#4827) 2023-07-17 12:36:22 +00:00
simar7
4bc8d29c15 feat(misconf): Support custom data for rego policies for cloud (#4745) 
* feat(misconf): Support custom data for cloud policies

Signed-off-by: Simar <simar@linux.com>

* use policyfs

Signed-off-by: Simar <simar@linux.com>

* refactor to reduce cyclomatic complexity

Signed-off-by: Simar <simar@linux.com>

* bump defsec

* update docs

Signed-off-by: Simar <simar@linux.com>

* update test assertion

Signed-off-by: Simar <simar@linux.com>

* update test

Need this as OPA is currently broken on Windows

https://github.com/open-policy-agent/opa/issues/4521

Signed-off-by: Simar <simar@linux.com>

* fix data path

* fix(mapfs): convert volume names into dirs

* revert creating temp dirs

---------

Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2023-07-17 12:34:20 +00:00
Anais Urlichs
88243a0ad6 docs: correcting the trivy k8s tutorial (#4815) 
* correcting the trivy k8s tutorial

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>

* docs: fix

---------

Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-16 09:06:28 +00:00
Nikita Pivkin
3c7d988d71 feat(cli): add --tf-exclude-downloaded-modules flag (#4810) 
* feat(cli): add --tf-exclude-downloaded-modules flag

* fix typo

* generate docs
 2023-07-16 08:56:03 +00:00
DmitriyLewen
fd0fd104f8 fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794) 
* add all fixed versions to recommendations

* fix tests
 2023-07-13 11:16:11 +00:00
Nikita Pivkin
d0d543b881 feat(misconf): enable --policy flag to accept directory and files both (#4777) 
* feat(misconf): enable --policy flag to accept directory and files both

* fix test

* Revert "clarifying a dir path is required for custom policies (#4716)"

This reverts commit 8a1aa448a1.

* update doc

* update the flag description
 2023-07-13 10:59:21 +00:00
Nikita Pivkin
b43a3e6237 feat(python): add license fields (#4722) 
* bump go-dep-parser

* update tests

* fix testdata
 2023-07-13 10:55:36 +00:00
chenk
aef7b148af fix: support trivy k8s-version on k8s sub-command (#4786) 
* fix: support trivy k8s-version on k8s sub-command

Signed-off-by: chenk <hen.keinan@gmail.com>

* fix: support last applied configuration

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-07-13 08:28:09 +00:00
simar7
5d76abadc9 chore(deps): Update defsec to v0.90.3 (#4793) 
* chore(deps): Update defsec to v0.90.2

Signed-off-by: Simar <simar@linux.com>

* go mod tidy

---------

Signed-off-by: Simar <simar@linux.com>
 2023-07-07 08:13:56 +00:00
dependabot[bot]
fed446c515 chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#4752) 
Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-07 04:56:30 +00:00
dependabot[bot]
df62927e58 chore(deps): bump alpine from 3.18.0 to 3.18.2 (#4748) 
Bumps alpine from 3.18.0 to 3.18.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-07 04:05:43 +00:00
dependabot[bot]
1b9b9a84f7 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 (#4758) 
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.30.3 to 2.30.4.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.3...v2.30.4)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-06 13:23:01 +00:00
zunlongzhou
3c16ca821b docs(image): fix the comment on the soft/hard link (#4740) 
* Update tar.go

The comment before the following w.processFile(filePath, tr, hdr.FileInfo(), analyzeFn) call says: // A symbolic/hard link or regular file will reach here. 
But defualt's processing causes the symbolic/hard link to not reach the processFile function location

* Update tar.go

update tar.go comment

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-06 10:49:48 +00:00
DmitriyLewen
e5bee5cccd check Type when filling pkgs in vulns (#4776) 2023-07-06 10:45:52 +00:00
Bill Wang
4b9f310b9c feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770) 
* feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script #4747

* feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script #4747
 2023-07-06 09:05:37 +00:00
dependabot[bot]
8e7fb7cc84 chore(deps): bump modernc.org/sqlite from 1.20.3 to 1.23.1 (#4756) 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.20.3 to 1.23.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.20.3...v1.23.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-04 19:45:34 +00:00
DmitriyLewen
a9badeaba8 fix(rocky): add architectures support for advisories (#4691) 
* add multi-arch support for rocky linux advisories

* feat: comply with the new signagure

* bump trivy-db

* fix tests

* chore(deps): remove fork replace

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-07-03 08:48:57 +00:00
dependabot[bot]
f8ebccc680 chore(deps): bump github.com/opencontainers/image-spec (#4751) 
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc3 to 1.1.0-rc4.
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0-rc3...v1.1.0-rc4)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-03 07:19:56 +00:00
dependabot[bot]
1c81948e03 chore(deps): bump github.com/package-url/packageurl-go (#4754) 
Bumps [github.com/package-url/packageurl-go](https://github.com/package-url/packageurl-go) from 0.1.1-0.20220428063043-89078438f170 to 0.1.1.
- [Release notes](https://github.com/package-url/packageurl-go/releases)
- [Commits](https://github.com/package-url/packageurl-go/commits/v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/package-url/packageurl-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-03 04:06:44 +00:00
dependabot[bot]
497cc10d8e chore(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (#4750) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.3.0.
- [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-02 14:57:57 +00:00
dependabot[bot]
065f0afa54 chore(deps): bump github.com/tetratelabs/wazero from 1.2.0 to 1.2.1 (#4755) 
Bumps [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/tetratelabs/wazero/releases)
- [Commits](https://github.com/tetratelabs/wazero/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/tetratelabs/wazero
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-02 14:52:44 +00:00
dependabot[bot]
e2603056dd chore(deps): bump github.com/testcontainers/testcontainers-go (#4759) 
Bumps [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) from 0.20.1 to 0.21.0.
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.20.1...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-02 13:57:46 +00:00
Alexandre
0621402bf7 fix: documentation about reseting trivy image (#4733) 2023-07-02 12:29:23 +00:00
Dirk Mueller
798fdbc013 fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744) 
Taken directly from https://en.opensuse.org/Lifetime
 2023-07-02 11:22:26 +00:00
Teppei Fukuda
34a89293d5 fix: update Amazon Linux 1 EOL (#4761) 2023-07-02 11:00:20 +00:00
simar7
600819248d chore(deps): Update defsec to v0.90.1 (#4739) 
Fixes: https://github.com/aquasecurity/trivy/issues/4628

Signed-off-by: Simar <simar@linux.com>
 2023-06-30 06:48:47 +00:00
Nikita Pivkin
73734eab21 feat(nodejs): support yarn workspaces (#4664) 
* feat(nodejs): add the workspaces field to the package

* fix go.mod

* update go.mod

* compare workspaces by length
 2023-06-30 06:40:28 +00:00
DmitriyLewen
22463ababd feat(cli): add include-dev-deps flag (#4700) 
* add Dev field for Package

* fix integration test

* update docs

* feat(cli): add include-dev flag

* bump go-dep-parser

* update docs

* add integration test

* refactor

* refactor

* fix integration test

* refactor: rename flag to include-dev-deps

* update docs

* update docs

* filter dev deps when scanning packages

* add flag support for server mode

* refactor: remove comment that might confuse

* refactor: move --include-dev-deps to the scanner flag group

* refactor: not return apps

* docs: update

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-29 13:15:52 +00:00
Nikita Pivkin
790c8054ec fix(image): pass the secret scanner option to scan the img config (#4735) 2023-06-29 08:37:45 +00:00
chenk
86fec9c4a9 fix: scan job pod it not found on k8s-1.27.x (#4729) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-28 14:38:39 +00:00
Manveer Singh
26bc91160b feat(docker): add support for mTLS authentication when connecting to registry (#4649) 
* feat: add support for mTLS authentication when connecting to registry

* feat: add support for mTLS authentication when connecting to registry - added error handling

* feat: add support for mTLS authentication when connecting to registry
- code quality improvements

* feat: add support for mTLS authentication when connecting to registry
- code quality improvements

* wrap errors

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-28 11:21:26 +00:00
simar7
d699e8c101 chore(deps): Update defsec to v0.90.0 (#4723) 
Signed-off-by: Simar <simar@linux.com>
 2023-06-28 08:34:56 +00:00
DmitriyLewen
1777878e83 fix: skip scanning the gpg-pubkey package (#4720) 2023-06-28 07:06:08 +00:00
Makhonin Alexey
9be08253a2 Fix http registry oci pull (#4701) 
Signed-off-by: alexey.makhonin <alexey.makhonin@flant.com>
 2023-06-26 12:40:40 +00:00
simar7
5d73b47dbc feat(misconf): Support skipping services (#4686) 
* feat(misconf): Add support for `--skip-service` flag.

Fixes: https://github.com/aquasecurity/trivy/issues/4619
Signed-off-by: Simar <simar@linux.com>

* update docs

Signed-off-by: Simar <simar@linux.com>

* update go mod

* refactor processOptions to reduce cyclo complexity

Signed-off-by: Simar <simar@linux.com>

* fix a bug with multiple skip services

Signed-off-by: Simar <simar@linux.com>

* refactor tests

Signed-off-by: Simar <simar@linux.com>

* use x/slice and x/xerrors

Signed-off-by: Simar <simar@linux.com>

* go mod tidy

* lint

---------

Signed-off-by: Simar <simar@linux.com>
 2023-06-26 11:11:59 +00:00
DmitriyLewen
46e784c8a9 docs: fix supported modes for pubspec.lock files (#4713) 2023-06-26 11:04:45 +00:00
Teppei Fukuda
0f61a84712 fix(misconf): disable the terraform plan analyzer for other scanners (#4714) 2023-06-26 11:03:25 +00:00
Anais Urlichs
8a1aa448a1 clarifying a dir path is required for custom policies (#4716) 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
 2023-06-26 10:56:57 +00:00
Sandro
fbab9eea3a chore: update alpine base images (#4715) 2023-06-26 10:34:50 +00:00
AliDatadog
f84417bba0 fix last-history-created (#4697) 2023-06-26 03:57:54 +00:00
chenk
85c681d443 feat: kbom and cyclonedx v1.5 spec support (#4708) 
* feat: kbom and cyclonedx v1.5 spec support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kbom and cyclonedx v1.5 spec support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kbom and cyclonedx v1.5 spec support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: feat: kbom and cyclonedx 1.5 spec support

Signed-off-by: chenk <hen.keinan@gmail.com>

* fix: unmarshal bom on v1.5 return invalid specification version

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: cyclonedx-1.5 spec support

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-25 13:47:06 +00:00
Itay Shakury
46748ce6ea docs: add information about Aqua (#4590) 
* docs: add information about Aqua

* update link
 2023-06-25 10:40:45 +00:00
chenk
c6741bddff fix: k8s escape resource filename on windows os (#4693) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-22 11:16:24 +00:00
Teppei Fukuda
a21acc7e08 ci: ignore merge queue branches (#4696) 2023-06-22 11:02:22 +00:00
dependabot[bot]
32a3a3311c chore(deps): bump actions/checkout from 2.4.0 to 3.5.3 (#4695) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3.5.3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-22 10:56:11 +00:00
dependabot[bot]
cbb47dc7c4 chore(deps): bump aquaproj/aqua-installer from 2.1.1 to 2.1.2 (#4694) 
Bumps [aquaproj/aqua-installer](https://github.com/aquaproj/aqua-installer) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/aquaproj/aqua-installer/releases)
- [Commits](https://github.com/aquaproj/aqua-installer/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: aquaproj/aqua-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-22 10:31:20 +00:00
chenk
e3d10d2512 feat: cyclondx sbom custom property support (#4688) 
* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: custom property support

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-22 08:33:27 +00:00
Teppei Fukuda
e1770e046c ci: do not trigger tests in main (#4692) 2023-06-22 08:25:58 +00:00
Dirk Mueller
337c0b70d5 add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690) 
all dates are taken from https://www.suse.com/lifecycle#suse-linux-enterprise-server-15
 2023-06-22 07:34:59 +00:00
DmitriyLewen
5ccee14304 use group field for jar in cyclonedx (#4674) 2023-06-22 07:19:38 +00:00
Nikita Pivkin
96db52c3f6 feat(java): capture licenses from pom.xml (#4681) 
* feat(java): capture licenses from pom.xml

* update doc
 2023-06-21 13:12:37 +00:00
Leroy Shirto
3e902a57a9 feat(helm): make sessionAffinity configurable (#4623) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-21 11:14:36 +00:00
Tung Bui (Leo)
904f1cf24e fix: Show the correct URL of the secret scanning (#4682) 2023-06-21 10:57:54 +00:00
Meisam
7d48c5d5d4 document expected file pattern definition format (#4654) 2023-06-20 14:02:55 +00:00
guangwu
dcc73e964a fix: format arg error (#4642) 
* fix: format arg error

* fix: xerrors.Errorf
 2023-06-19 10:52:38 +00:00
chenk
35c4262d0b feat(k8s): cyclonedx kbom support (#4557) 
* feat: cyclonedx kbom support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: cyclonedx kbom support

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sum db

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sum db

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sumdb

Signed-off-by: chenk <hen.keinan@gmail.com>

* chore: update sumdb

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

* feat: kubernetes bill of materials

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-19 10:48:26 +00:00
Nikita Pivkin
0e01851e9e fix(nodejs): remove unused fields for the pnpm lockfile (#4630) 
* refactor(nodejs): remove unused fields for the pnpm lockfile

* run go mod tidy

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-19 03:17:31 +00:00
Masahiro331
4d9b444499 fix(vm): update ext4-filesystem parser for parse multi block extents (#4616) 
* chore(deps): update ext4-filesystem parser for parse multi block extents

* test(vm): update integration-vm test fixtures

* test(vm): add gzip decompresser for sparse file

* test(vm): add mage command update golden file for vm integration test

* chore(magefile): [WIP] change test repository

* Revert "chore(magefile): [WIP] change test repository"

This reverts commit c015c8892f.

* fix(test): update fixtures and golden file

* fix(test): revert fixVersion and PkgID
 2023-06-18 16:41:55 +00:00
afdesk
c29197ab7d ci: update build IDs (#4641) 2023-06-18 11:24:29 +00:00
Chris Novakovic
d7637adc6b fix(debian): update EOL for Debian 12 (#4647) 
* fix(debian): update EOL for Debian 12

Debian 12 was released on 2023-06-10 and will be supported for five
years - see https://www.debian.org/News/2023/20230610.

* Update docs
 2023-06-16 04:18:55 +00:00
Teppei Fukuda
ef39eeedf3 chore(deps): bump go-containerregistry (#4639) 2023-06-15 09:44:24 +00:00
guangwu
1ce8bb535a chore: unnecessary use of fmt.Sprintf (S1039) (#4637) 2023-06-15 08:36:15 +00:00
Björn Wenzel
bc9513fc57 fix(db): change argument order in Exists query for JavaDB (#4595) 2023-06-14 02:26:10 +00:00
simar7
aecd2f0bf0 feat(aws): Add support to see successes in results (#4427) 
Fixes: https://github.com/aquasecurity/trivy/discussions/4417

Signed-off-by: Simar <simar@linux.com>
 2023-06-13 17:36:05 +00:00
dependabot[bot]
2cbf402b6a chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4613) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-12 13:52:43 +00:00
Teppei Fukuda
0099b20e31 ci: do not trigger tests in main (#4614) 2023-06-12 13:00:32 +00:00
dependabot[bot]
a597a54fb6 chore(deps): bump sigstore/cosign-installer (#4609) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 204a51a57a74d190b284a0ce69b44bc37201f343 to ef0e9691595ea19ec990a46b1a591dcafe568f34.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](204a51a57a...ef0e969159)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-12 12:16:20 +00:00
dependabot[bot]
b453fbec37 chore(deps): bump CycloneDX/gh-gomod-generate-sbom from 1 to 2 (#4608) 
Bumps [CycloneDX/gh-gomod-generate-sbom](https://github.com/CycloneDX/gh-gomod-generate-sbom) from 1 to 2.
- [Release notes](https://github.com/CycloneDX/gh-gomod-generate-sbom/releases)
- [Commits](https://github.com/CycloneDX/gh-gomod-generate-sbom/compare/v1...v2)

---
updated-dependencies:
- dependency-name: CycloneDX/gh-gomod-generate-sbom
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-06-12 11:40:58 +00:00
Teppei Fukuda
0e876d5aa0 ci: bypass the required status checks (#4611) 2023-06-12 14:39:47 +03:00
Teppei Fukuda
a4f27d24a3 ci: support merge queue (#3652) 2023-06-12 11:39:08 +03:00
Teppei Fukuda
9e6411e9f5 ci: matrix build for testing (#4587) 2023-06-12 10:49:13 +03:00
chenk
ef6538a171 feat: trivy k8s private registry support (#4567) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-12 05:40:25 +03:00
Itay Shakury
139f3e1e32 docs: add general coverage page (#3859) 2023-06-11 08:49:29 +03:00
Itay Shakury
479cfdd40e chore: create SECURITY.md (#4601) 2023-06-11 06:16:42 +03:00
afdesk
9a279fa7bb ci: remove 32bit packages (#4585) 2023-06-08 16:52:37 +03:00
Teppei Fukuda
d52b0b7bc0 fix(misconf): deduplicate misconf results (#4588) 2023-06-08 15:15:21 +03:00
Amir Ben Nun
9b531fa27b fix(vm): support sector size of 4096 (#4564) 
Co-authored-by: masahiro331 <m_fujimura@r.recruit.co.jp>
 2023-06-08 11:31:13 +03:00
Teppei Fukuda
8ca1bfdd23 fix(misconf): terraform relative paths (#4571) 2023-06-08 11:24:52 +03:00
Nikita Pivkin
c20d466044 fix(purl): skip unsupported library type (#4577) 2023-06-08 08:45:32 +03:00
Jonathan Lassoff
52cbe79759 fix(terraform): recursively detect all Root Modules (#4457) 
Signed-off-by: Simar <simar@linux.com>
Co-authored-by: Simar <simar@linux.com>
 2023-06-08 07:06:00 +03:00
Masahiro331
4a5b915578 fix(vm): support post analyzer for vm command (#4544) 2023-06-07 16:16:27 +03:00
Nikita Pivkin
56cdc55f77 fix(nodejs): change the type of the devDependencies field (#4560) 2023-06-06 15:51:39 +03:00
Nikita Pivkin
17d753676b fix(sbom): export empty dependencies in CycloneDX (#4568) 2023-06-06 15:49:23 +03:00
Teppei Fukuda
2796abe1ed refactor: add composite fs for post-analyzers (#4556) 2023-06-06 08:19:15 +03:00
dependabot[bot]
22a1573807 chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4554) 2023-06-04 16:17:54 +03:00
dependabot[bot]
43586659a1 chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#4526) 2023-06-04 14:50:38 +03:00
dependabot[bot]
5081399659 chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0 (#4528) 2023-06-04 14:48:41 +03:00
dependabot[bot]
e1a38128ab chore(deps): bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.3 (#4529) 2023-06-04 11:19:53 +03:00
dependabot[bot]
283eef6372 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 (#4536) 2023-06-04 11:13:44 +03:00
dependabot[bot]
bbd7b98741 chore(deps): bump github.com/tetratelabs/wazero from 1.0.0 to 1.2.0 (#4549) 2023-06-04 11:12:49 +03:00
dependabot[bot]
11c81bf2f6 chore(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#4532) 2023-06-04 11:11:32 +03:00
dependabot[bot]
2d8d63e61a chore(deps): bump github.com/testcontainers/testcontainers-go (#4537) 2023-06-04 09:27:43 +03:00
dependabot[bot]
a46839b1ce chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#4530) 2023-06-04 09:25:43 +03:00
dependabot[bot]
19715f5de8 chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#4534) 2023-06-04 09:25:04 +03:00
445 changed files with 10651 additions and 4940 deletions
Expand all files Collapse all files

19
.github/CODEOWNERS vendored
View File

@@ -1,24 +1,15 @@
# Global
* @knqyf263
# Docs
/docs/** @knqyf263 @AnaisUrlichs @itaysk
/mkdocs.yml @knqyf263 @AnaisUrlichs @itaysk
/README.md @knqyf263 @AnaisUrlichs @itaysk
# Misconfiguration scanning
docs/docs/scanner/misconfiguration @knqyf263 @simar7
docs/docs/target/aws.md @knqyf263 @simar7
pkg/fanal/analyzer/config @knqyf263 @simar7
pkg/cloud @knqyf263 @simar7
# Helm chart
helm/trivy/ @chen-keinan
# Misconfiguration scanning
examples/misconf/ @knqyf263
docs/docs/misconfiguration @knqyf263
docs/docs/cloud @knqyf263
pkg/fanal/analyzer/config @knqyf263
pkg/fanal/handler/misconf @knqyf263
pkg/cloud @knqyf263
pkg/flag/aws_flags.go @knqyf263
pkg/flag/misconf_flags.go @knqyf263
# Kubernetes scanning
pkg/k8s/ @josedonizetti @chen-keinan @knqyf263
docs/docs/kubernetes/ @josedonizetti @chen-keinan @knqyf263

2
.github/DISCUSSION_TEMPLATE/bugs.yml vendored
View File

@@ -114,7 +114,7 @@ body:
label: Checklist
description: Have you tried the following?
options:
- label: Run `trivy --reset`
- label: Run `trivy image --reset`
- label: Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
- type: markdown
attributes:

12
.github/workflows/bypass-cla.yaml vendored Normal file
View File

@@ -0,0 +1,12 @@
# This workflow is used to bypass the required status checks in merge queue.
# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
name: CLA
on:
merge_group:
jobs:
cla:
name: license/cla
runs-on: ubuntu-latest
steps:
- run: 'echo "No test required"'

31
.github/workflows/bypass-test.yaml vendored Normal file
View File

@@ -0,0 +1,31 @@
# This workflow is used to bypass the required status checks.
# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
name: Test
on:
push:
paths:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
pull_request:
paths:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
jobs:
test:
name: Test
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- run: 'echo "No test required"'
integration:
name: Integration Test
runs-on: ubuntu-latest
steps:
- run: 'echo "No test required"'

2
.github/workflows/mkdocs-dev.yaml vendored
View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout main
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
persist-credentials: true

2
.github/workflows/mkdocs-latest.yaml vendored
View File

@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout main
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
persist-credentials: true

6
.github/workflows/publish-chart.yaml vendored
View File

@@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
- name: Install Helm
@@ -37,7 +37,7 @@ jobs:
id: lint
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76
- name: Setup Kubernetes cluster (KIND)
uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00
uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67
with:
version: ${{ env.KIND_VERSION }}
image: ${{ env.KIND_IMAGE }}
@@ -55,7 +55,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
- name: Install chart-releaser

4
.github/workflows/release.yaml vendored
View File

@@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
@@ -35,7 +35,7 @@ jobs:
sudo apt-get -y install rpm reprepro createrepo-c distro-info
- name: Checkout trivy-repo
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
with:
repository: ${{ github.repository_owner }}/trivy-repo
path: trivy-repo

6
.github/workflows/reusable-release.yaml vendored
View File

@@ -27,7 +27,7 @@ jobs:
contents: read # Not required for public repositories, but for clarity
steps:
- name: Cosign install
uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343
uses: sigstore/cosign-installer@ef0e9691595ea19ec990a46b1a591dcafe568f34
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
@@ -60,7 +60,7 @@ jobs:
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
@@ -70,7 +70,7 @@ jobs:
go-version-file: go.mod
- name: Generate SBOM
uses: CycloneDX/gh-gomod-generate-sbom@v1
uses: CycloneDX/gh-gomod-generate-sbom@v2
with:
args: mod -licenses -json -output bom.json
version: ^v1

2
.github/workflows/scan.yaml vendored
View File

@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
- name: Run Trivy vulnerability scanner and create GitHub issues
uses: knqyf263/trivy-issue-action@v0.0.5

2
.github/workflows/test-docs.yaml vendored
View File

@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
persist-credentials: true

76
.github/workflows/test.yaml vendored
View File

@@ -1,8 +1,9 @@
name: Test
on:
push:
branches:
- main
branches-ignore:
- 'main'
- 'gh-readonly-queue/**'
paths-ignore:
- '**.md'
- 'docs/**'
@@ -14,6 +15,7 @@ on:
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
merge_group:
jobs:
test:
name: Test
@@ -22,7 +24,7 @@ jobs:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v4
@@ -39,7 +41,7 @@ jobs:
if: matrix.operating-system == 'ubuntu-latest'
- name: Lint
uses: golangci/golangci-lint-action@v3.4.0
uses: golangci/golangci-lint-action@v3.6.0
with:
version: v1.52
args: --deadline=30m
@@ -47,7 +49,7 @@ jobs:
if: matrix.operating-system == 'ubuntu-latest'
- name: Install tools
uses: aquaproj/aqua-installer@v2.1.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
aqua_opts: ""
@@ -69,7 +71,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v4
@@ -77,7 +79,7 @@ jobs:
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v2.1.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
@@ -89,7 +91,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v4
@@ -97,7 +99,7 @@ jobs:
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v2.1.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
@@ -109,7 +111,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v4
@@ -117,7 +119,7 @@ jobs:
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v2.1.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
@@ -126,34 +128,56 @@ jobs:
run: |
mage test:module
vm-test:
name: VM Integration Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
- name: Run vm integration tests
run: |
mage test:vm
build-test:
name: Build Test
runs-on: ubuntu-latest
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Show available Docker Buildx platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Determine GoReleaser ID
id: goreleaser_id
shell: bash
run: |
if [ "${{ matrix.operating-system }}" == "windows-latest" ]; then
echo "id=--id build-windows" >> $GITHUB_OUTPUT
elif [ "${{ matrix.operating-system }}" == "macos-latest" ]; then
echo "id=--id build-macos --id build-bsd" >> $GITHUB_OUTPUT
else
echo "id=--id build-linux" >> $GITHUB_OUTPUT
fi
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
version: v1.16.2
args: release --skip-sign --snapshot --clean --skip-publish --timeout 90m
env:
GPG_FILE: "nogpg.key"
args: build --snapshot --clean --timeout 90m ${{ steps.goreleaser_id.outputs.id }}

36
.github/workflows/vm-test.yaml vendored
View File

@@ -1,36 +0,0 @@
name: VM Test
on:
push:
branches:
- main
paths:
- 'pkg/fanal/vm/**'
- 'pkg/fanal/walker/vm.go'
- 'pkg/fanal/artifact/vm/**'
- 'integration/vm_test.go'
pull_request:
paths:
- 'pkg/fanal/vm/**'
- 'pkg/fanal/walker/vm.go'
- 'pkg/fanal/artifact/vm/**'
- 'integration/vm_test.go'
jobs:
vm-test:
name: VM Integration Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v2.1.1
with:
aqua_version: v1.25.0
- name: Run vm integration tests
run: |
mage test:vm

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM alpine:3.18.0
FROM alpine:3.18.2
RUN apk --no-cache add ca-certificates git
COPY trivy /usr/local/bin/trivy
COPY contrib/*.tpl contrib/

2
Dockerfile.canary
View File

@@ -1,4 +1,4 @@
FROM alpine:3.18.0
FROM alpine:3.18.2
RUN apk --no-cache add ca-certificates git
# binaries were created with GoReleaser

2
Dockerfile.protoc
View File

@@ -1,4 +1,4 @@
FROM golang:1.19
FROM --platform=linux/amd64 golang:1.19
# Install protoc (cf. http://google.github.io/proto-lens/installing-protoc.html)
ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip

10
README.md
View File

@@ -31,6 +31,8 @@ Scanners (what Trivy can find there):
- Sensitive information and secrets
- Software licenses
Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page.
To learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information.
## Quick Start
@@ -103,6 +105,13 @@ trivy k8s --report summary cluster
`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.
## Want more? Check out Aqua
If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
You can find a high level comparison table specific to Trivy users [here](https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md).
In addition check out the <https://aquasec.com> website for more information about our products and services.
If you'd like to contact Aqua or request a demo, please use this form: <https://www.aquasec.com/demo>
## Community
Trivy is an [Aqua Security][aquasec] open source project.
@@ -130,6 +139,7 @@ Please ensure to abide by our [Code of Conduct][code-of-conduct] during all inte
[Installation]:https://aquasecurity.github.io/trivy/latest/getting-started/installation/
[Ecosystem]: https://aquasecurity.github.io/trivy/latest/ecosystem/
[Scanning Coverage]: https://aquasecurity.github.io/trivy/latest/getting-started/coverage/
[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[rego]: https://www.openpolicyagent.org/docs/latest/#rego

10
SECURITY.md Normal file
View File

@@ -0,0 +1,10 @@
# Security Policy
## Supported Versions
This is an open source project that is provided as-is without warrenty or liability.
As such no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
## Reporting a Vulnerability
Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).

2
ci/deploy-deb.sh
View File

@@ -7,7 +7,6 @@ cd trivy-repo/deb
for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Removing deb package of $release"
reprepro -A i386 remove $release trivy
reprepro -A amd64 remove $release trivy
reprepro -A arm64 remove $release trivy
done
@@ -15,7 +14,6 @@ done
for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Adding deb package to $release"
reprepro includedeb $release ../../dist/*Linux-64bit.deb
reprepro includedeb $release ../../dist/*Linux-32bit.deb
reprepro includedeb $release ../../dist/*Linux-ARM64.deb
done

8
contrib/install.sh
View File

@@ -75,6 +75,7 @@ get_binaries() {
linux/ppc64le) BINARIES="trivy" ;;
linux/arm64) BINARIES="trivy" ;;
linux/armv7) BINARIES="trivy" ;;
linux/s390x) BINARIES="trivy" ;;
openbsd/386) BINARIES="trivy" ;;
openbsd/amd64) BINARIES="trivy" ;;
openbsd/arm64) BINARIES="trivy" ;;
@@ -115,7 +116,8 @@ adjust_os() {
amd64) OS=64bit ;;
arm) OS=ARM ;;
arm64) OS=ARM64 ;;
ppc64le) OS=PPC64LE ;;
ppc64le) OS=Linux ;;
s390x) OS=Linux ;;
darwin) OS=macOS ;;
dragonfly) OS=DragonFlyBSD ;;
freebsd) OS=FreeBSD ;;
@@ -133,7 +135,8 @@ adjust_arch() {
arm) ARCH=ARM ;;
armv7) ARCH=ARM ;;
arm64) ARCH=ARM64 ;;
ppc64le) OS=PPC64LE ;;
ppc64le) ARCH=PPC64LE ;;
s390x) ARCH=s390x ;;
darwin) ARCH=macOS ;;
dragonfly) ARCH=DragonFlyBSD ;;
freebsd) ARCH=FreeBSD ;;
@@ -222,6 +225,7 @@ uname_arch() {
armv5*) arch="armv5" ;;
armv6*) arch="armv6" ;;
armv7*) arch="armv7" ;;
s390*) arch="s390x" ;;
esac
echo ${arch}
}

77
docs/docs/configuration/filtering.md
View File

@@ -2,7 +2,7 @@
Trivy provides various methods for filtering the results.
## Hide Unfixed Vulnerabilities
## By Status
| Scanner | Supported |
|:----------------:|:---------:|
@@ -11,53 +11,70 @@ Trivy provides various methods for filtering the results.
| Secret | |
| License | |
By default, `Trivy` also detects unpatched/unfixed vulnerabilities.
This means you can't fix these vulnerabilities even if you update all packages.
If you would like to ignore them, use the `--ignore-unfixed` option.
Trivy supports the following vulnerability statuses:
- `unknown`
- `not_affected`: this package is not affected by this vulnerability on this platform
- `affected`: this package is affected by this vulnerability on this platform, but there is no patch released yet
- `fixed`: this vulnerability is fixed on this platform
- `under_investigation`: it is currently unknown whether or not this vulnerability affects this package on this platform, and it is under investigation
- `will_not_fix`: this package is affected by this vulnerability on this platform, but there is currently no intention to fix it (this would primarily be for flaws that are of Low or Moderate impact that pose no significant risk to customers)
- `fix_deferred`: this package is affected by this vulnerability on this platform, and may be fixed in the future
- `end_of_life`: this package has been identified to contain the impacted component, but analysis to determine whether it is affected or not by this vulnerability was not performed
Note that vulnerabilities with the `unknown`, `not_affected` or `under_investigation` status are not detected.
These are only defined for comprehensiveness, and you will not have the opportunity to specify these statuses.
Some statuses are supported in limited distributions.
| OS | Fixed | Affected | Under Investigation | Will Not Fix | Fix Deferred | End of Life |
|:----------:|:-----:|:--------:|:-------------------:|:------------:|:------------:|:-----------:|
| Debian | ✓ | ✓ | | | ✓ | ✓ |
| RHEL | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Other OSes | ✓ | ✓ | | | | |
To ignore vulnerabilities with specific statuses, use the `--ignore-status <list_of_statuses>` option.
```bash
$ trivy image --ignore-unfixed ruby:2.4.0
$ trivy image --ignore-status affected,fixed ruby:2.4.0
```
<details>
<summary>Result</summary>
```
2019-05-16T12:49:52.656+0900 INFO Updating vulnerability database...
2019-05-16T12:50:14.786+0900 INFO Detecting Debian vulnerabilities...
ruby:2.4.0 (debian 8.7)
=======================
Total: 4730 (UNKNOWN: 1, LOW: 145, MEDIUM: 3487, HIGH: 1014, CRITICAL: 83)
Total: 527 (UNKNOWN: 0, LOW: 276, MEDIUM: 83, HIGH: 158, CRITICAL: 10)
+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
| apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of the |
| | | | | | 302 redirect field in HTTP |
| | | | | | transport method of... |
+ +------------------+----------+ +----------------------------------+-----------------------------------------------------+
| | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |
| | | | | | jessie before 1.0.9.8.4, in |
| | | | | | Debian unstable before... |
+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
| bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |
| | | | | | restricted bash shells |
+ +------------------+ + +----------------------------------+-----------------------------------------------------+
| | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |
| | | | | | SHELLOPTS+PS4 variables allows |
| | | | | | command substitution |
+ +------------------+----------+ + +-----------------------------------------------------+
| | CVE-2016-0634 | MEDIUM | | | bash: Arbitrary code execution |
| | | | | | via malicious hostname |
+ +------------------+----------+ +----------------------------------+-----------------------------------------------------+
| | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |
+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
┌─────────────────────────────┬──────────────────┬──────────┬──────────────┬────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
Library │ Vulnerability │ Severity │ Status │ Installed Version Fixed Version │ Title
├─────────────────────────────┼──────────────────┼──────────┼──────────────┼────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ binutils CVE-2014-9939 CRITICAL │ will_not_fix │ 2.25-5 │ binutils: buffer overflow in ihex.c
│ │ │ https://avd.aquasec.com/nvd/cve-2014-9939
├──────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ CVE-2017-6969 │ │ │ │ binutils: Heap-based buffer over-read in readelf when │
│ │ │ │ processing corrupt RL78 binaries
│ https://avd.aquasec.com/nvd/cve-2017-6969
├──────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
...
```
</details>
!!! tip
To skip all unfixed vulnerabilities, you can use the `--ignore-unfixed` flag .
It is a shorthand of `-ignore-status affected,will_not_fix,fix_deferred,end_of_life`.
It displays "fixed" vulnerabilities only.
```bash
$ trivy image --ignore-unfixed ruby:2.4.0
```
## By Severity
| Scanner | Supported |

65
docs/docs/references/configuration/cli/trivy_aws.md
View File

@@ -65,37 +65,40 @@ trivy aws [flags]
### Options
```
--account string The AWS account to scan. It's useful to specify this when reviewing cached results for multiple accounts.
--arn string The AWS ARN to show results for. Useful to filter results once a scan is cached.
--compliance string compliance report to generate (aws-cis-1.2, aws-cis-1.4)
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--endpoint string AWS Endpoint override
--exit-code int specify exit code when any security issues are found
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for aws
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--max-cache-age duration The maximum age of the cloud cache. Cached data will be requeried from the cloud provider if it is older than this. (default 24h0m0s)
-o, --output string output file name
--policy-namespaces strings Rego namespaces
--region string AWS Region to scan
--report string specify a report format for the output. (all,summary) (default "all")
--reset-policy-bundle remove policy bundle
--service strings Only scan AWS Service(s) specified with this flag. Can specify multiple services using --service A --service B etc.
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-policy-update skip fetching rego policy updates
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--trace enable more verbose trace output for custom queries
--update-cache Update the cache for the applicable cloud provider instead of using cached results.
--account string The AWS account to scan. It's useful to specify this when reviewing cached results for multiple accounts.
--arn string The AWS ARN to show results for. Useful to filter results once a scan is cached.
--compliance string compliance report to generate (aws-cis-1.2,aws-cis-1.4)
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--endpoint string AWS Endpoint override
--exit-code int specify exit code when any security issues are found
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for aws
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--max-cache-age duration The maximum age of the cloud cache. Cached data will be requeried from the cloud provider if it is older than this. (default 24h0m0s)
-o, --output string output file name
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--region string AWS Region to scan
--report string specify a report format for the output (all,summary) (default "all")
--reset-policy-bundle remove policy bundle
--service strings Only scan AWS Service(s) specified with this flag. Can specify multiple services using --service A --service B etc.
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-policy-update skip fetching rego policy updates
--skip-service strings Skip selected AWS Service(s) specified with this flag. Can specify multiple services using --skip-service A --skip-service B etc.
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--trace enable more verbose trace output for custom queries
--update-cache Update the cache for the applicable cloud provider instead of using cached results.
```
### Options inherited from parent commands

76
docs/docs/references/configuration/cli/trivy_config.md
View File

@@ -9,43 +9,45 @@ trivy config [flags] DIR
### Options
```
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for config
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--k8s-version string specify k8s version to validate outdated api by it (example: 1.21.0)
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--report string specify a compliance report format for the output. (all,summary) (default "all")
--reset-policy-bundle remove policy bundle
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-policy-update skip fetching rego policy updates
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for config
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--k8s-version string specify k8s version to validate outdated api by it (example: 1.21.0)
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--report string specify a compliance report format for the output (all,summary) (default "all")
--reset-policy-bundle remove policy bundle
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-policy-update skip fetching rego policy updates
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
```
### Options inherited from parent commands

6
docs/docs/references/configuration/cli/trivy_convert.md
View File

@@ -22,14 +22,14 @@ trivy convert [flags] RESULT_JSON
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
-h, --help help for convert
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignorefile string specify .trivyignore file (default ".trivyignore")
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
-o, --output string output file name
--report string specify a report format for the output. (all,summary) (default "all")
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--report string specify a report format for the output (all,summary) (default "all")
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
-t, --template string output template
```

128
docs/docs/references/configuration/cli/trivy_filesystem.md
View File

@@ -19,68 +19,72 @@ trivy filesystem [flags] PATH
### Options
```
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for filesystem
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--report string specify a compliance report format for the output. (all,summary) (default "all")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for filesystem
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-dev-deps include development dependencies in the report (supported: npm, yarn)
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--report string specify a compliance report format for the output (all,summary) (default "all")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

141
docs/docs/references/configuration/cli/trivy_image.md
View File

@@ -34,75 +34,78 @@ trivy image [flags] IMAGE_NAME
### Options
```
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate (docker-cis)
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--docker-host string unix domain socket path to use for docker scanning
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for image
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--image-config-scanners string comma-separated list of what security issues to detect on container image configurations (config,secret)
--image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
--include-non-failures include successes and exceptions, available with '--scanners config'
--input string input file path instead of image name
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--platform string set platform in the form os/arch if image is multi-platform capable
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--removed-pkgs detect vulnerabilities of removed packages (only for Alpine)
--report string specify a format for the compliance report. (default "summary")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate (docker-cis)
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--docker-host string unix domain socket path to use for docker scanning
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for image
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--image-config-scanners strings comma-separated list of what security issues to detect on container image configurations (config,secret)
--image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
--include-non-failures include successes and exceptions, available with '--scanners config'
--input string input file path instead of image name
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--platform string set platform in the form os/arch if image is multi-platform capable
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--removed-pkgs detect vulnerabilities of removed packages (only for Alpine)
--report string specify a format for the compliance report. (all,summary) (default "summary")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

18
docs/docs/references/configuration/cli/trivy_kubernetes.md
View File

@@ -31,10 +31,10 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate (k8s-nsa,k8s-cis, k8s-pss-baseline, k8s-pss-restricted)
--components strings specify which components to scan (default [workload,infra])
--compliance string compliance report to generate (k8s-nsa,k8s-cis,k8s-pss-baseline,k8s-pss-restricted)
--components strings specify which components to scan (workload,infra) (default [workload,infra])
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--context string specify a context to scan
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
@@ -43,13 +43,14 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
--exclude-nodes strings indicate the node labels that the node-collector job should exclude from scanning (example: kubernetes.io/arch:arm64,team:dev)
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
-f, --format string format (table,json,cyclonedx) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for kubernetes
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignorefile string specify .trivyignore file (default ".trivyignore")
--image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote])
@@ -64,19 +65,22 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--parallel int number (between 1-20) of goroutines enabled for parallel scanning (default 5)
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--report string specify a report format for the output. (all,summary) (default "all")
--report string specify a report format for the output (all,summary) (default "all")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners string comma-separated list of what security issues to detect (vuln,config,secret,license) (default "vuln,config,secret,rbac")
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
@@ -84,9 +88,11 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg:
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--tolerations strings specify node-collector job tolerations (example: key1=value1:NoExecute,key2=value2:NoSchedule)
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```

130
docs/docs/references/configuration/cli/trivy_repository.md
View File

@@ -16,69 +16,73 @@ trivy repository [flags] REPO_URL
### Options
```
--branch string pass the branch name to be scanned
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--commit string pass the commit hash to be scanned
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for repository
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
--tag string pass the tag name to be scanned
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
--branch string pass the branch name to be scanned
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--commit string pass the commit hash to be scanned
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for repository
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-dev-deps include development dependencies in the report (supported: npm, yarn)
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
--tag string pass the tag name to be scanned
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

125
docs/docs/references/configuration/cli/trivy_rootfs.md
View File

@@ -22,67 +22,70 @@ trivy rootfs [flags] ROOTDIR
### Options
```
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify paths to the Rego policy files directory, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for rootfs
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--config-data strings specify paths from which data for the Rego policies will be recursively loaded
--config-policy strings specify the paths to the Rego policy files or to the directories containing them, applying config files
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for rootfs
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignored-licenses strings specify a list of license to ignore
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--license-confidence-level float specify license classifier's confidence level (default 0.9)
--license-full eagerly look for licenses in source code headers and license files
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--policy-namespaces strings Rego namespaces
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--registry-token string registry token
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--skip-policy-update skip fetching rego policy updates
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

6
docs/docs/references/configuration/cli/trivy_sbom.md
View File

@@ -31,9 +31,10 @@ trivy sbom [flags] SBOM_PATH
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
-h, --help help for sbom
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignorefile string specify .trivyignore file (default ".trivyignore")
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
@@ -48,9 +49,8 @@ trivy sbom [flags] SBOM_PATH
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal

107
docs/docs/references/configuration/cli/trivy_vm.md
View File

@@ -20,58 +20,61 @@ trivy vm [flags] VM_IMAGE
### Options
```
--aws-region string AWS region to scan
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table, json, template, sarif, cyclonedx, spdx, spdx-json, github, cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for vm
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-unfixed display only fixed vulnerabilities
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity string severities of security issues to be displayed (comma separated) (default "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL")
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
--aws-region string AWS region to scan
--cache-backend string cache backend (e.g. redis://localhost:6379) (default "fs")
--cache-ttl duration cache TTL when using redis as cache backend
--clear-cache clear image caches without scanning
--compliance string compliance report to generate
--custom-headers strings custom headers in client mode
--db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db")
--dependency-tree [EXPERIMENTAL] show dependency origin tree of vulnerable packages
--download-db-only download/update vulnerability database but don't run a scan
--download-java-db-only download/update Java index database but don't run a scan
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--exit-on-eol int exit with the specified code when the OS reaches end of service/life
--file-patterns strings specify config file patterns
-f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table")
--helm-set strings specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-set-file strings specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)
--helm-set-string strings specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)
--helm-values strings specify paths to override the Helm values.yaml files
-h, --help help for vm
--ignore-policy string specify the Rego file path to evaluate each vulnerability
--ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life)
--ignore-unfixed display only fixed vulnerabilities
--ignorefile string specify .trivyignore file (default ".trivyignore")
--include-non-failures include successes and exceptions, available with '--scanners config'
--java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db")
--list-all-pkgs enabling the option will output all packages regardless of vulnerability
--module-dir string specify directory to the wasm modules that will be loaded (default "$HOME/.trivy/modules")
--no-progress suppress progress bar
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--policy-bundle-repository string OCI registry URL to retrieve policy bundle from (default "ghcr.io/aquasecurity/defsec:0")
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
--redis-tls enable redis TLS with public certificates, if using redis as cache backend
--rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev")
--reset remove all caches and database
--reset-policy-bundle remove policy bundle
--sbom-sources strings [EXPERIMENTAL] try to retrieve SBOM from the specified sources (oci,rekor)
--scanners strings comma-separated list of what security issues to detect (vuln,config,secret,license) (default [vuln,secret])
--secret-config string specify a path to config file for secret scanning (default "trivy-secret.yaml")
--server string server address in client mode
-s, --severity strings severities of security issues to be displayed (UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL) (default [UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL])
--skip-db-update skip updating vulnerability database
--skip-dirs strings specify the directories where the traversal is skipped
--skip-files strings specify the file paths to skip traversal
--skip-java-db-update skip updating Java index database
--slow scan over time with lower CPU and memory utilization
-t, --template string output template
--tf-exclude-downloaded-modules remove results for downloaded modules in .terraform folder
--tf-vars strings specify paths to override the Terraform tfvars files
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

6
docs/docs/references/configuration/config-file.md
View File

@@ -243,6 +243,7 @@ rego
policy:
- policy/repository
- policy/custom
- policy/some-policy.rego
# Same as '--config-data'
# Default is empty
@@ -291,6 +292,11 @@ misconfiguration:
vars:
- dev-terraform.tfvars
- common-terraform.tfvars
# Same as '--tf-exclude-downloaded-modules'
# Default is false
terraform:
exclude-downloaded-modules: false
```
## Kubernetes Options

2
docs/docs/scanner/license.md
View File

@@ -143,7 +143,7 @@ Trivy has number of configuration flags for use with license scanning;
Trivy license scanning can ignore licenses that are identified to explicitly remove them from the results using the `--ignored-licenses` flag;
```shell
$ trivy image --scanners license --ignored-licenses MPL-2.0,MIT --severity LOW grafana/grafana:latest
$ trivy image --scanners license --ignored-licenses MPL-2.0,MIT --severity HIGH grafana/grafana:latest
2022-07-13T18:15:28.605Z INFO License scanning is enabled
OS Packages (license)

2
docs/docs/scanner/misconfiguration/custom/data.md
View File

@@ -3,7 +3,7 @@
Custom policies may require additional data in order to determine an answer.
For example, an allowed list of resources that can be created.
Instead of hardcoding this information inside of your policy, Trivy allows passing paths to data files with the `--data` flag.
Instead of hardcoding this information inside your policy, Trivy allows passing paths to data files with the `--data` flag.
Given the following yaml file:

4
docs/docs/scanner/misconfiguration/custom/index.md
View File

@@ -2,10 +2,10 @@
## Overview
You can write custom policies in [Rego][rego].
Once you finish writing custom policies, you can pass the directory where those policies are stored with `--policy` option.
Once you finish writing custom policies, you can pass the policy files or the directory where those policies are stored with `--policy` option.
``` bash
trivy conf --policy /path/to/custom_policies --namespaces user /path/to/config_dir
trivy conf --policy /path/to/policy.rego --policy /path/to/custom_policies --namespaces user /path/to/config_dir
```
As for `--namespaces` option, the detail is described as below.

3
docs/docs/scanner/misconfiguration/custom/schema.md
View File

@@ -83,8 +83,7 @@ The policies can be placed in a structure as follows
└── barschema.json
```
To use such a policy with Trivy, use the `--config-policy` flag that points to the directory where the schemas and policies
are contained.
To use such a policy with Trivy, use the `--config-policy` flag that points to the policy file or to the directory where the schemas and policies are contained.
```bash
$ trivy --config-policy=/Users/user/my-custom-policies <path/to/iac>

12
docs/docs/scanner/misconfiguration/index.md
View File

@@ -316,12 +316,12 @@ This section describes misconfiguration-specific configuration.
Other common options are documented [here](../../configuration/index.md).
### Pass custom policies
You can pass directories including your custom policies through `--policy` option.
This can be repeated for specifying multiple directories.
You can pass policy files or directories including your custom policies through `--policy` option.
This can be repeated for specifying multiple files or directories.
```bash
cd examplex/misconf/
trivy conf --policy custom-policy/policy --policy combine/policy --namespaces user misconf/mixed
trivy conf --policy custom-policy/policy --policy combine/policy --policy policy.rego --namespaces user misconf/mixed
```
For more details, see [Custom Policies](./custom/index.md).
@@ -356,6 +356,12 @@ You can pass `tf-vars` files to Trivy to override default values found in the Te
trivy conf --tf-vars dev.terraform.tfvars ./infrastructure/tf
```
### Exclude downloaded Terraform modules
You can remove results for downloaded modules in `.terraform` folder.
```bash
trivy conf --tf-exclude-downloaded-modules ./configs
```
### Helm value overrides
There are a number of options for overriding values in Helm charts. When override values are passed to the Helm scanner, the values will be used during the Manifest rendering process and will become part of the scanned artifact.

56
docs/docs/scanner/vulnerability/language/index.md
View File

@@ -4,33 +4,33 @@
## Supported languages
| Language | File | Image[^7] | Rootfs[^8] | Filesystem[^9] | Repository[^10] | Dev dependencies | Dependency location[^11] |
|----------------------|--------------------------------------------------------------------------------------------|:---------:|:----------:|:--------------:|:---------------:|------------------|:------------------------:|
| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included | - |
| | gemspec | ✅ | ✅ | - | - | included | - |
| [Python](python.md) | Pipfile.lock | - | - | ✅ | ✅ | excluded | ✅ |
| | poetry.lock | - | - | ✅ | ✅ | excluded | - |
| | requirements.txt | - | - | ✅ | ✅ | included | - |
| | egg package[^1] | ✅ | ✅ | - | - | excluded | - |
| | wheel package[^2] | ✅ | ✅ | - | - | excluded | - |
| [PHP](php.md) | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded | ✅ |
| [Node.js](nodejs.md) | package-lock.json | - | - | ✅ | ✅ | excluded | ✅ |
| | yarn.lock | - | - | ✅ | ✅ | included | ✅ |
| | pnpm-lock.yaml | - | - | ✅ | ✅ | excluded | - |
| | package.json | ✅ | ✅ | - | - | excluded | - |
| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included | ✅ |
| | packages.config | ✅ | ✅ | ✅ | ✅ | excluded | - |
| | .deps.json | ✅ | ✅ | ✅ | ✅ | excluded | ✅ |
| [Java](java.md) | JAR/WAR/PAR/EAR[^3] | ✅ | ✅ | - | - | included | - |
| | pom.xml[^4] | - | - | ✅ | ✅ | excluded | - |
| | *gradle.lockfile | - | - | ✅ | ✅ | excluded | - |
| [Go](golang.md) | Binaries built by Go[^5] | ✅ | ✅ | - | - | excluded | - |
| | go.mod[^6] | - | - | ✅ | ✅ | included | - |
| [Rust](rust.md) | Cargo.lock | ✅ | ✅ | ✅ | ✅ | excluded | ✅ |
| | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) | ✅ | ✅ | - | - | excluded | - |
| C/C++ | conan.lock[^12] | - | - | ✅ | ✅ | excluded | - |
| Elixir | mix.lock[^12] | - | - | ✅ | ✅ | excluded | ✅ |
| Dart | pubspec.lock | | | - | - | included | - |
| Language | File | Image[^7] | Rootfs[^8] | Filesystem[^9] | Repository[^10] | Dev dependencies | Dependency location[^11] |
|----------------------|--------------------------------------------------------------------------------------------|:---------:|:----------:|:--------------:|:---------------:|------------------------------|:------------------------:|
| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included | - |
| | gemspec | ✅ | ✅ | - | - | included | - |
| [Python](python.md) | Pipfile.lock | - | - | ✅ | ✅ | excluded | ✅ |
| | poetry.lock | - | - | ✅ | ✅ | excluded | - |
| | requirements.txt | - | - | ✅ | ✅ | included | - |
| | egg package[^1] | ✅ | ✅ | - | - | excluded | - |
| | wheel package[^2] | ✅ | ✅ | - | - | excluded | - |
| [PHP](php.md) | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded | ✅ |
| [Node.js](nodejs.md) | package-lock.json | - | - | ✅ | ✅ | [excluded](./nodejs.md#npm) | ✅ |
| | yarn.lock | - | - | ✅ | ✅ | [excluded](./nodejs.md#yarn) | ✅ |
| | pnpm-lock.yaml | - | - | ✅ | ✅ | excluded | - |
| | package.json | ✅ | ✅ | - | - | excluded | - |
| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included | ✅ |
| | packages.config | ✅ | ✅ | ✅ | ✅ | excluded | - |
| | .deps.json | ✅ | ✅ | ✅ | ✅ | excluded | ✅ |
| [Java](java.md) | JAR/WAR/PAR/EAR[^3] | ✅ | ✅ | - | - | included | - |
| | pom.xml[^4] | - | - | ✅ | ✅ | excluded | - |
| | *gradle.lockfile | - | - | ✅ | ✅ | excluded | - |
| [Go](golang.md) | Binaries built by Go[^5] | ✅ | ✅ | - | - | excluded | - |
| | go.mod[^6] | - | - | ✅ | ✅ | included | - |
| [Rust](rust.md) | Cargo.lock | ✅ | ✅ | ✅ | ✅ | excluded | ✅ |
| | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) | ✅ | ✅ | - | - | excluded | - |
| C/C++ | conan.lock[^12] | - | - | ✅ | ✅ | excluded | - |
| Elixir | mix.lock[^12] | - | - | ✅ | ✅ | excluded | ✅ |
| Dart | pubspec.lock | - | - | | | included | - |
The path of these files does not matter.
@@ -65,7 +65,6 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
| Java | [GitLab Advisories Community][gitlab] | ✅ | 1 month |
| | [GitHub Advisory Database (Maven)][java-ghsa] | ✅ | - |
| Go | [GitHub Advisory Database (Go)][go-ghsa] | ✅ | - |
| | [The Go Vulnerability Database][go] | ✅ | - |
| Rust | [Open Source Vulnerabilities (crates.io)][rust-osv] | ✅ | - |
| .NET | [GitHub Advisory Database (NuGet)][dotnet-ghsa] | ✅ | - |
| C/C++ | [GitLab Advisories Community][gitlab] | ✅ | 1 month |
@@ -88,7 +87,6 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
[ruby]: https://github.com/rubysec/ruby-advisory-db
[nodejs]: https://github.com/nodejs/security-wg
[gitlab]: https://gitlab.com/gitlab-org/advisories-community
[go]: https://github.com/golang/vulndb
[python-osv]: https://osv.dev/list?q=&ecosystem=PyPI
[rust-osv]: https://osv.dev/list?q=&ecosystem=crates.io

10
docs/docs/scanner/vulnerability/language/java.md
View File

@@ -4,11 +4,11 @@ Trivy supports three types of Java scanning: `JAR/WAR/PAR/EAR`, `pom.xml` and `*
The following table provides an outline of the features Trivy offers.
| Artifact | Internet access | Dev dependencies |
|------------------|:---------------------:|:-----------------|
| JAR/WAR/PAR/EAR | Trivy Java DB | Include |
| pom.xml | Maven repository [^1] | Exclude |
| *gradle.lockfile | - | Exclude |
| Artifact | Internet access | Dev dependencies | License |
|------------------|:---------------------:|:-----------------|:-------:|
| JAR/WAR/PAR/EAR | Trivy Java DB | Include | - |
| pom.xml | Maven repository [^1] | Exclude | ✅ |
| *gradle.lockfile | - | Exclude | - |
These may be enabled or disabled depending on the target.
See [here](./index.md) for the detail.

14
docs/docs/scanner/vulnerability/language/nodejs.md
View File

@@ -3,11 +3,11 @@
Trivy supports three types of Node.js package managers: `npm`, `Yarn` and `pnpm`.
The following table provides an outline of the features Trivy offers.
| Package manager | File | Transitive dependencies | Dev dependencies | Dependency graph | Position | License |
|:---------------:|-------------------|:-----------------------:|:----------------:|:----------------:|:--------:|:-------:|
| npm | package-lock.json | ✅ | Excluded | ✅ | ✅ | ✅ |
| Yarn | yarn.lock | ✅ | Excluded | ✅ | ✅ | - |
| pnpm | pnpm-lock.yaml | ✅ | Excluded | ✅ | - | - |
| Package manager | File | Transitive dependencies | Dev dependencies | Dependency graph | Position | License |
|:---------------:|-------------------|:-----------------------:|:-----------------:|:----------------:|:--------:|:-------:|
| npm | package-lock.json | ✅ | [Excluded](#npm) | ✅ | ✅ | ✅ |
| Yarn | yarn.lock | ✅ | [Excluded](#yarn) | ✅ | ✅ | - |
| pnpm | pnpm-lock.yaml | ✅ | Excluded | ✅ | - | - |
In addition, Trivy scans installed packages with `package.json`.
@@ -29,10 +29,14 @@ Trivy parses `package-lock.json`.
To identify licenses, you need to download dependencies to `node_modules` beforehand.
Trivy analyzes `node_modules` for licenses.
By default, Trivy doesn't report development dependencies. Use the `--include-dev-deps` flag to include them.
### Yarn
Trivy parses `yarn.lock`, which doesn't contain information about development dependencies.
To exclude devDependencies, `package.json` also needs to be present next to `yarn.lock`.
By default, Trivy doesn't report development dependencies. Use the `--include-dev-deps` flag to include them.
### pnpm
Trivy parses `pnpm-lock.yaml`, then finds production dependencies and builds a [tree] of dependencies with vulnerabilities.

38
docs/docs/scanner/vulnerability/os.md
View File

@@ -9,25 +9,25 @@ To hide unfixed/unfixable vulnerabilities, you can use the `--ignore-unfixed` fl
Trivy doesn't support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.
| OS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities |
|----------------------------------|-------------------------------------------|-------------------------------|:------------------------------------:|
| Alpine Linux | 2.2 - 2.7, 3.0 - 3.18, edge | Installed by apk | NO |
| Wolfi Linux | (n/a) | Installed by apk | NO |
| Chainguard | (n/a) | Installed by apk | NO |
| Red Hat Universal Base Image[^1] | 7, 8, 9 | Installed by yum/rpm | YES |
| Red Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES |
| CentOS | 6, 7, 8 | Installed by yum/rpm | YES |
| AlmaLinux | 8, 9 | Installed by yum/rpm | NO |
| Rocky Linux | 8, 9 | Installed by yum/rpm | NO |
| Oracle Linux | 5, 6, 7, 8 | Installed by yum/rpm | NO |
| CBL-Mariner | 1.0, 2.0 | Installed by yum/rpm | YES |
| Amazon Linux | 1, 2, 2023 | Installed by yum/rpm | NO |
| openSUSE Leap | 42, 15 | Installed by zypper/rpm | NO |
| SUSE Enterprise Linux | 11, 12, 15 | Installed by zypper/rpm | NO |
| Photon OS | 1.0, 2.0, 3.0, 4.0 | Installed by tdnf/yum/rpm | NO |
| Debian GNU/Linux | wheezy, jessie, stretch, buster, bullseye | Installed by apt/apt-get/dpkg | YES |
| Ubuntu | All versions supported by Canonical | Installed by apt/apt-get/dpkg | YES |
| Distroless[^2] | Any | Installed by apt/apt-get/dpkg | YES |
| OS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities |
|----------------------------------|-------------------------------------|-------------------------------|:------------------------------------:|
| Alpine Linux | 2.2 - 2.7, 3.0 - 3.18, edge | Installed by apk | NO |
| Wolfi Linux | (n/a) | Installed by apk | NO |
| Chainguard | (n/a) | Installed by apk | NO |
| Red Hat Universal Base Image[^1] | 7, 8, 9 | Installed by yum/rpm | YES |
| Red Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES |
| CentOS | 6, 7, 8 | Installed by yum/rpm | YES |
| AlmaLinux | 8, 9 | Installed by yum/rpm | NO |
| Rocky Linux | 8, 9 | Installed by yum/rpm | NO |
| Oracle Linux | 5, 6, 7, 8 | Installed by yum/rpm | NO |
| CBL-Mariner | 1.0, 2.0 | Installed by yum/rpm | YES |
| Amazon Linux | 1, 2, 2023 | Installed by yum/rpm | NO |
| openSUSE Leap | 42, 15 | Installed by zypper/rpm | NO |
| SUSE Enterprise Linux | 11, 12, 15 | Installed by zypper/rpm | NO |
| Photon OS | 1.0, 2.0, 3.0, 4.0 | Installed by tdnf/yum/rpm | NO |
| Debian GNU/Linux | 7, 8, 9, 10, 11, 12 | Installed by apt/apt-get/dpkg | YES |
| Ubuntu | All versions supported by Canonical | Installed by apt/apt-get/dpkg | YES |
| Distroless[^2] | Any | Installed by apt/apt-get/dpkg | YES |
## Data Sources

2
docs/docs/supply-chain/sbom.md
View File

@@ -224,7 +224,7 @@ $ trivy image --format cyclonedx --output result.json alpine:3.15
$ cat result.json | jq .
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"specVersion": "1.5",
"serialNumber": "urn:uuid:2be5773d-7cd3-4b4b-90a5-e165474ddace",
"version": 1,
"metadata": {

2
docs/docs/supply-chain/vex.md
View File

@@ -43,7 +43,7 @@ Take a look at the example below.
$ cat <<EOF > trivy.vex.cdx
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"specVersion": "1.5",
"version": 1,
"vulnerabilities": [
{

4
docs/docs/target/aws.md
View File

@@ -103,5 +103,7 @@ Regardless of whether the cache is used or not, rules will be evaluated again wi
You can write custom policies for Trivy to evaluate against your AWS account.
These policies are written in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/), the same language used by [Open Policy Agent](https://www.openpolicyagent.org/).
See the [Custom Policies](../scanner/misconfiguration/custom/index.md) page for more information.
See the [Custom Policies](../scanner/misconfiguration/custom/index.md) page for more information on how to write custom policies.
Custom policies in cloud scanning also support passing in custom data. This can be useful when you want to selectively enable/disable certain aspects of your cloud policies.
See the [Custom Data](../scanner/misconfiguration/custom/data.md) page for more information on how to provide custom data to custom policies.

236
docs/docs/target/git-repository.md
View File

@@ -1,236 +0,0 @@
# Git Repository
Scan your remote git repositories for
- Vulnerabilities
- Misconfigurations
- Secrets
- Licenses
By default, vulnerability and secret scanning are enabled, and you can configure that with `--scanners`.
```bash
$ trivy repo [YOUR_REPO_URL]
```
## Scanners
### Vulnerabilities
It is enabled by default.
Trivy will look for vulnerabilities based on lock files such as Gemfile.lock and package-lock.json.
See [here](../scanner/vulnerability/index.md) for the detail.
```
$ trivy repo https://github.com/knqyf263/trivy-ci-test
```
<details>
<summary>Result</summary>
```
2021-03-09T15:04:19.003+0200 INFO Detecting cargo vulnerabilities...
2021-03-09T15:04:19.005+0200 INFO Detecting pipenv vulnerabilities...
Cargo.lock
==========
Total: 7 (UNKNOWN: 7, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
+----------+-------------------+----------+-------------------+------------------------------+---------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------+-------------------+----------+-------------------+------------------------------+---------------------------------------------+
| ammonia | RUSTSEC-2019-0001 | UNKNOWN | 1.9.0 | >= 2.1.0 | Uncontrolled recursion leads |
| | | | | | to abort in HTML serialization |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2019-0001 |
+----------+-------------------+ +-------------------+------------------------------+---------------------------------------------+
| openssl | RUSTSEC-2016-0001 | | 0.8.3 | >= 0.9.0 | SSL/TLS MitM vulnerability |
| | | | | | due to insecure defaults |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2016-0001 |
+----------+-------------------+ +-------------------+------------------------------+---------------------------------------------+
| smallvec | RUSTSEC-2018-0018 | | 0.6.9 | >= 0.6.13 | smallvec creates uninitialized |
| | | | | | value of any type |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2018-0018 |
+ +-------------------+ + +------------------------------+---------------------------------------------+
| | RUSTSEC-2019-0009 | | | >= 0.6.10 | Double-free and use-after-free |
| | | | | | in SmallVec::grow() |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2019-0009 |
+ +-------------------+ + + +---------------------------------------------+
| | RUSTSEC-2019-0012 | | | | Memory corruption in SmallVec::grow() |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2019-0012 |
+ +-------------------+ + +------------------------------+---------------------------------------------+
| | RUSTSEC-2021-0003 | | | >= 0.6.14, < 1.0.0, >= 1.6.1 | Buffer overflow in SmallVec::insert_many |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2021-0003 |
+----------+-------------------+ +-------------------+------------------------------+---------------------------------------------+
| tempdir | RUSTSEC-2018-0017 | | 0.3.7 | | `tempdir` crate has been |
| | | | | | deprecated; use `tempfile` instead |
| | | | | | -->rustsec.org/advisories/RUSTSEC-2018-0017 |
+----------+-------------------+----------+-------------------+------------------------------+---------------------------------------------+
Pipfile.lock
============
Total: 20 (UNKNOWN: 3, LOW: 0, MEDIUM: 7, HIGH: 5, CRITICAL: 5)
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| django | CVE-2019-19844 | CRITICAL | 2.0.9 | 3.0.1, 2.2.9, 1.11.27 | Django: crafted email address |
| | | | | | allows account takeover |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19844 |
+ +------------------+ + +------------------------+---------------------------------------+
| | CVE-2020-7471 | | | 3.0.3, 2.2.10, 1.11.28 | django: potential SQL injection |
| | | | | | via StringAgg(delimiter) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-7471 |
+ +------------------+----------+ +------------------------+---------------------------------------+
| | CVE-2019-6975 | HIGH | | 2.1.6, 2.0.11, 1.11.19 | python-django: memory exhaustion in |
| | | | | | django.utils.numberformat.format() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-6975 |
+ +------------------+ + +------------------------+---------------------------------------+
| | CVE-2020-9402 | | | 3.0.4, 2.2.11, 1.11.29 | django: potential SQL injection |
| | | | | | via "tolerance" parameter in |
| | | | | | GIS functions and aggregates... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9402 |
+ +------------------+----------+ +------------------------+---------------------------------------+
| | CVE-2019-3498 | MEDIUM | | 2.1.5, 2.0.10, 1.11.18 | python-django: Content spoofing |
| | | | | | via URL path in default 404 page |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3498 |
+ +------------------+ + +------------------------+---------------------------------------+
| | CVE-2020-13254 | | | 3.0.7, 2.2.13 | django: potential data leakage |
| | | | | | via malformed memcached keys |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13254 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2020-13596 | | | | django: possible XSS via |
| | | | | | admin ForeignKeyRawIdWidget |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13596 |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| django-cors-headers | pyup.io-37132 | UNKNOWN | 2.5.2 | 3.0.0 | In django-cors-headers |
| | | | | | version 3.0.0, |
| | | | | | ``CORS_ORIGIN_WHITELIST`` |
| | | | | | requires URI schemes, and |
| | | | | | optionally ports. This... |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| djangorestframework | CVE-2020-25626 | MEDIUM | 3.9.2 | 3.11.2 | django-rest-framework: XSS |
| | | | | | Vulnerability in API viewer |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25626 |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| httplib2 | CVE-2021-21240 | HIGH | 0.12.1 | 0.19.0 | python-httplib2: Regular |
| | | | | | expression denial of |
| | | | | | service via malicious header |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-21240 |
+ +------------------+----------+ +------------------------+---------------------------------------+
| | CVE-2020-11078 | MEDIUM | | 0.18.0 | python-httplib2: CRLF injection |
| | | | | | via an attacker controlled |
| | | | | | unescaped part of uri for... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11078 |
+ +------------------+----------+ + +---------------------------------------+
| | pyup.io-38303 | UNKNOWN | | | Httplib2 0.18.0 is an |
| | | | | | important security update to |
| | | | | | patch a CWE-93 CRLF... |
+---------------------+------------------+ +-------------------+------------------------+---------------------------------------+
| jinja2 | pyup.io-39525 | | 2.10.1 | 2.11.3 | This affects the package |
| | | | | | jinja2 from 0.0.0 and before |
| | | | | | 2.11.3. The ReDOS... |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| py | CVE-2020-29651 | HIGH | 1.8.0 | | python-py: ReDoS in the py.path.svnwc |
| | | | | | component via malicious input |
| | | | | | to blame functionality... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-29651 |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| pyyaml | CVE-2019-20477 | CRITICAL | 5.1 | | PyYAML: command execution |
| | | | | | through python/object/apply |
| | | | | | constructor in FullLoader |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20477 |
+ +------------------+ + +------------------------+---------------------------------------+
| | CVE-2020-14343 | | | 5.4 | PyYAML: incomplete |
| | | | | | fix for CVE-2020-1747 |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14343 |
+ +------------------+ + +------------------------+---------------------------------------+
| | CVE-2020-1747 | | | 5.3.1 | PyYAML: arbitrary command |
| | | | | | execution through python/object/new |
| | | | | | when FullLoader is used |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1747 |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
| urllib3 | CVE-2019-11324 | HIGH | 1.24.1 | 1.24.2 | python-urllib3: Certification |
| | | | | | mishandle when error should be thrown |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-11324 |
+ +------------------+----------+ +------------------------+---------------------------------------+
| | CVE-2019-11236 | MEDIUM | | | python-urllib3: CRLF injection |
| | | | | | due to not encoding the |
| | | | | | '\r\n' sequence leading to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-11236 |
+ +------------------+ + +------------------------+---------------------------------------+
| | CVE-2020-26137 | | | 1.25.9 | python-urllib3: CRLF injection |
| | | | | | via HTTP request method |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-26137 |
+---------------------+------------------+----------+-------------------+------------------------+---------------------------------------+
```
</details>
### Misconfigurations
It is disabled by default and can be enabled with `--scanners config`.
See [here](../scanner/misconfiguration/index.md) for the detail.
```shell
$ trivy repo --scanners config [YOUR_REPO_URL]
```
### Secrets
It is enabled by default.
See [here](../scanner/secret.md) for the detail.
```shell
$ trivy repo [YOUR_REPO_URL]
```
### Licenses
It is disabled by default.
See [here](../scanner/license.md) for the detail.
```shell
$ trivy repo --scanners license [YOUR_REPO_URL]
```
## SBOM generation
Trivy can generate SBOM for git repositories.
See [here](../supply-chain/sbom.md) for the detail.
## References
### Scanning a Branch
Pass a `--branch` argument with a valid branch name on the remote repository provided:
```
$ trivy repo --branch <branch-name> <repo-name>
```
### Scanning upto a Commit
Pass a `--commit` argument with a valid commit hash on the remote repository provided:
```
$ trivy repo --commit <commit-hash> <repo-name>
```
### Scanning a Tag
Pass a `--tag` argument with a valid tag on the remote repository provided:
```
$ trivy repo --tag <tag-name> <repo-name>
```
### Scanning Private Repositories
In order to scan private GitHub or GitLab repositories, the environment variable `GITHUB_TOKEN` or `GITLAB_TOKEN` must be set, respectively, with a valid token that has access to the private repository being scanned.
The `GITHUB_TOKEN` environment variable will take precedence over `GITLAB_TOKEN`, so if a private GitLab repository will be scanned, then `GITHUB_TOKEN` must be unset.
You can find how to generate your GitHub Token in the following [GitHub documentation.](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
For example:
```
$ export GITHUB_TOKEN="your_private_github_token"
$ trivy repo <your private GitHub repo URL>
$
$ # or
$ export GITLAB_TOKEN="your_private_gitlab_token"
$ trivy repo <your private GitLab repo URL>
```

13
docs/docs/target/kubernetes.md
View File

@@ -343,3 +343,16 @@ Trivy has a native [Kubernetes Operator][operator] which continuously scans your
[operator]: https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
[crd]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/
[trivy-operator]: https://aquasecurity.github.io/trivy-operator/latest
## SBOM
Trivy supports the generation of Kubernetes Bill of Materials (KBOM) for kubernetes cluster control plane components, node components and addons.
## KBOM
KBOM, Kubernetes Bill of Materials, is a manifest of all the important components that make up your Kubernetes cluster Control plane components, Node Components, and Addons, including their versions and images. Which “api-server” version are you currently running? Which flavor of “kubelet” is running on each node? What kind of etcd or storage are you currently using? And most importantly are there any vulnerabilities known to affect these components? These are all questions that KBOM can help you answer.
Trivy can generate KBOM in CycloneDX format:
```sh
trivy k8s cluster --format cyclonedx
```

155
docs/docs/target/repository.md Normal file
View File

@@ -0,0 +1,155 @@
# Code Repository
Scan your local or remote code repositories for
- Vulnerabilities
- Misconfigurations
- Secrets
- Licenses
By default, vulnerability and secret scanning are enabled, and you can configure that with `--scanners`.
```bash
$ trivy repo (REPO_PATH | REPO_URL)
```
For example, you can scan a local repository as below.
```bash
$ trivy repo ./
```
It's also possible to scan a single file.
```
$ trivy repo ./trivy-ci-test/Pipfile.lock
```
To scan remote code repositories, you need to specify the URL.
```bash
$ trivy repo https://github.com/aquasecurity/trivy-ci-test
```
## Rationale
`trivy repo` is designed to scan code repositories, and it is intended to be used for scanning local/remote repositories in your machine or in your CI environment.
Therefore, unlike container/VM image scanning, it targets lock files such as package-lock.json and does not target artifacts like JAR files, binary files, etc.
See [here](../scanner/vulnerability/language/index.md) for the detail.
## Scanners
### Vulnerabilities
It is enabled by default.
Trivy will look for vulnerabilities based on lock files such as Gemfile.lock and package-lock.json.
See [here](../scanner/vulnerability/index.md) for the detail.
```
$ trivy repo ~/src/github.com/aquasecurity/trivy-ci-test
```
<details>
<summary>Result</summary>
```
2020-06-01T17:06:58.652+0300 WARN OS is not detected and vulnerabilities in OS packages are not detected.
2020-06-01T17:06:58.652+0300 INFO Detecting pipenv vulnerabilities...
2020-06-01T17:06:58.691+0300 INFO Detecting cargo vulnerabilities...
Pipfile.lock
============
Total: 10 (UNKNOWN: 2, LOW: 0, MEDIUM: 6, HIGH: 2, CRITICAL: 0)
+---------------------+------------------+----------+-------------------+------------------------+------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------+------------------+----------+-------------------+------------------------+------------------------------------+
| django | CVE-2020-7471 | HIGH | 2.0.9 | 3.0.3, 2.2.10, 1.11.28 | django: potential |
| | | | | | SQL injection via |
| | | | | | StringAgg(delimiter) |
+ +------------------+----------+ +------------------------+------------------------------------+
| | CVE-2019-19844 | MEDIUM | | 3.0.1, 2.2.9, 1.11.27 | Django: crafted email address |
| | | | | | allows account takeover |
+ +------------------+ + +------------------------+------------------------------------+
| | CVE-2019-3498 | | | 2.1.5, 2.0.10, 1.11.18 | python-django: Content |
| | | | | | spoofing via URL path in |
| | | | | | default 404 page |
+ +------------------+ + +------------------------+------------------------------------+
| | CVE-2019-6975 | | | 2.1.6, 2.0.11, 1.11.19 | python-django: |
| | | | | | memory exhaustion in |
| | | | | | django.utils.numberformat.format() |
+---------------------+------------------+----------+-------------------+------------------------+------------------------------------+
...
```
</details>
### Misconfigurations
It is disabled by default and can be enabled with `--scanners config`.
See [here](../scanner/misconfiguration/index.md) for the detail.
```shell
$ trivy repo --scanners config [YOUR_REPO_URL]
```
### Secrets
It is enabled by default.
See [here](../scanner/secret.md) for the detail.
```shell
$ trivy repo [YOUR_REPO_URL]
```
### Licenses
It is disabled by default.
See [here](../scanner/license.md) for the detail.
```shell
$ trivy repo --scanners license [YOUR_REPO_URL]
```
## SBOM generation
Trivy can generate SBOM for code repositories.
See [here](../supply-chain/sbom.md) for the detail.
## References
The following flags and environmental variables are available for remote git repositories.
### Scanning a Branch
Pass a `--branch` argument with a valid branch name on the remote repository provided:
```
$ trivy repo --branch <branch-name> <repo-name>
```
### Scanning upto a Commit
Pass a `--commit` argument with a valid commit hash on the remote repository provided:
```
$ trivy repo --commit <commit-hash> <repo-name>
```
### Scanning a Tag
Pass a `--tag` argument with a valid tag on the remote repository provided:
```
$ trivy repo --tag <tag-name> <repo-name>
```
### Scanning Private Repositories
In order to scan private GitHub or GitLab repositories, the environment variable `GITHUB_TOKEN` or `GITLAB_TOKEN` must be set, respectively, with a valid token that has access to the private repository being scanned.
The `GITHUB_TOKEN` environment variable will take precedence over `GITLAB_TOKEN`, so if a private GitLab repository will be scanned, then `GITHUB_TOKEN` must be unset.
You can find how to generate your GitHub Token in the following [GitHub documentation.](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
For example:
```
$ export GITHUB_TOKEN="your_private_github_token"
$ trivy repo <your private GitHub repo URL>
# or
$ export GITLAB_TOKEN="your_private_gitlab_token"
$ trivy repo <your private GitLab repo URL>
```

58
docs/getting-started/coverage.md Normal file
View File

@@ -0,0 +1,58 @@
# Scanning Coverage
Trivy can detect security issues in many different platforms and languages. This page gives a general overview of that coverage, and can help answer the frequently asked question "Does Trivy support X?". For more detailed information about the specific features and options, check the relevant scanner documentation.
## Vulnerabilities & SBOM
### Programming languages
Trivy detects code dependencies for the purpose of SBOM generation and vulnerability detection. The following programming languages have some level of support:
- Ruby
- Python
- PHP
- Node.js
- .NET
- Java
- Go
- Rust
- C/C++
- Elixir
- Dart
- Swift
Some features might be not be universally supported. For a full supportability matrix, [see here](../docs/scanner/vulnerability/language/index.md).
### OS
Trivy detects installed packages for the purpose of vulnerability detection. The following package managers are supported:
- Alpine Linux
- Wolfi Linux
- Chainguard
- Red Hat Universal Base Image
- Red Hat Enterprise Linux
- CentOS
- AlmaLinux
- Rocky Linux
- Oracle Linux
- CBL-Mariner
- Amazon Linux
- openSUSE Leap
- SUSE Enterprise Linux
- Photon OS
- Debian GNU/Linux
- Ubuntu
- Distroless
Some features might be not be universally supported. For a full supportability matrix, [see here](../docs/scanner/vulnerability/os.md).
## IaC & configuration
Trivy reads IaC & configuration languages for the purpose of misconfiguration detection and custom checks.
- Kubernetes
- Dockerfile, Containerfile
- Terraform
- CloudFormation
- Azure ARM Template
- Helm Chart
For more information about checks [see here](../docs/scanner/misconfiguration/policy/builtin.md).

16
docs/getting-started/faq.md
View File

@@ -4,8 +4,22 @@
`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.
### Does Trivy support X?
Check out the [Scanning coverage page](./coverage.md)
### Is there a paid version of Trivy?
If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
You can find a high level comparison table specific to Trivy users [here](https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md).
In addition check out the <https://aquasec.com> website for more information about our products and services.
If you'd like to contact Aqua or request a demo, please use this form: <https://www.aquasec.com/demo>
### How to generate multiple reports?
See [here](../docs/configuration/reporting.md#converting).
### How to run Trivy under air-gapped environment?
See [here](../docs/advanced/air-gap.md).
See [here](../docs/advanced/air-gap.md).
### Why `trivy fs` and `trivy repo` does not scan JAR files for vulnerabilities?
See [here](../docs/target/repository.md#rationale).

11
docs/index.md
View File

@@ -35,6 +35,8 @@ Scanners (what Trivy can find there):
- Sensitive information and secrets
- Software licenses
Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page.
To learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][Docs] for detailed information.
## Quick Start
@@ -108,6 +110,14 @@ trivy k8s --report summary cluster
</figure>
</details>
# Want more? Check out Aqua
If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
You can find a high level comparison table specific to Trivy users [here](https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md).
In addition check out the <https://aquasec.com> website for more information about our products and services.
If you'd like to contact Aqua or request a demo, please use this form: <https://www.aquasec.com/demo>
---
Trivy is an [Aqua Security][aquasec] open source project.
@@ -117,6 +127,7 @@ Contact us about any matter by opening a GitHub Discussion [here][discussions]
[Ecosystem]: ./ecosystem/index.md
[Installation]: getting-started/installation.md
[pronunciation]: #how-to-pronounce-the-name-trivy
[Scanning Coverage]: getting-started/coverage.md
[aquasec]: https://aquasec.com
[oss]: https://www.aquasec.com/products/open-source-projects/

4
docs/tutorials/integrations/gitlab-ci.md
View File

@@ -74,8 +74,8 @@ container_scanning:
name: docker.io/aquasec/trivy:latest
entrypoint: [""]
variables:
# No need to clone the repo, we exclusively work on artifacts. See
# https://docs.gitlab.com/ee/ci/runners/README.html#git-strategy
# No need to clone the repo, we exclusively work on artifacts. See
# https://docs.gitlab.com/ee/ci/runners/configure_runners.html#git-strategy
GIT_STRATEGY: none
TRIVY_USERNAME: "$CI_REGISTRY_USER"
TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"

15
docs/tutorials/kubernetes/cluster-scanning.md
View File

@@ -10,19 +10,18 @@ Pro tip: The output of the commands will be even more interesting if you have so
Trivy K8s is great to get an overview of all the vulnerabilities and misconfiguration issues or to scan specific workloads that are running in your cluster. You would want to use the Trivy K8s command either on your own local cluster or in your CI/CD pipeline post deployments.
The Trivy K8s command is part of the Trivy CLI:
The `trivy k8s` command is part of the Trivy CLI.
With the following command, we can scan our entire Kubernetes cluster for vulnerabilities and get a summary of the scan:
```
trivy k8s --report=summary
trivy k8s --report=summary cluster
```
To get detailed information for all your resources, just replace summary with all:
```
trivy k8s --report=all
trivy k8s --report=all cluster
```
However, we recommend displaying all information only in case you scan a specific namespace or resource since you can get overwhelmed with additional details.
@@ -30,19 +29,19 @@ However, we recommend displaying all information only in case you scan a specifi
Furthermore, we can specify the namespace that Trivy is supposed to scan to focus on specific resources in the scan result:
```
trivy k8s -n kube-system --report=summary
trivy k8s -n kube-system --report=summary cluster
```
Again, if youd like to receive additional details, use the --report=all flag:
```
trivy k8s -n kube-system --report=all
trivy k8s -n kube-system --report=all cluster
```
Like with scanning for vulnerabilities, we can also filter in-cluster security issues by severity of the vulnerabilities:
```
trivy k8s --severity=CRITICAL --report=summary
trivy k8s --severity=CRITICAL --report=summary cluster
```
Note that you can use any of the Trivy flags on the Trivy K8s command.
@@ -50,7 +49,7 @@ Note that you can use any of the Trivy flags on the Trivy K8s command.
With the Trivy K8s command, you can also scan specific workloads that are running within your cluster, such as our deployment:
```
trivy k8s n app --report=summary deployments/react-application
trivy k8s --namespace app --report=summary deployments/react-application
```
## Trivy Operator

172
go.mod
View File

@@ -6,15 +6,15 @@ require (
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
github.com/BurntSushi/toml v1.2.1
github.com/CycloneDX/cyclonedx-go v0.7.0
github.com/BurntSushi/toml v1.3.2
github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3
github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible
github.com/Masterminds/sprig/v3 v3.2.3
github.com/NYTimes/gziphandler v1.1.1
github.com/alicebob/miniredis/v2 v2.30.2
github.com/alicebob/miniredis/v2 v2.30.4
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/defsec v0.89.0
github.com/aquasecurity/go-dep-parser v0.0.0-20230531031752-12c25a7270cc
github.com/aquasecurity/defsec v0.91.0
github.com/aquasecurity/go-dep-parser v0.0.0-20230731081423-69e49e750d15
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
@@ -23,28 +23,28 @@ require (
github.com/aquasecurity/table v1.8.0
github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da
github.com/aquasecurity/tml v0.6.1
github.com/aquasecurity/trivy-db v0.0.0-20230515061101-378ab9ed302c
github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728
github.com/aquasecurity/trivy-kubernetes v0.5.4
github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9
github.com/aws/aws-sdk-go v1.44.245
github.com/aws/aws-sdk-go-v2 v1.18.0
github.com/aws/aws-sdk-go-v2/config v1.18.24
github.com/aws/aws-sdk-go-v2/service/ec2 v1.89.1
github.com/aws/aws-sdk-go-v2 v1.19.0
github.com/aws/aws-sdk-go-v2/config v1.18.25
github.com/aws/aws-sdk-go-v2/service/ec2 v1.98.0
github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
github.com/bmatcuk/doublestar v1.3.4
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cheggaaa/pb/v3 v3.1.2
github.com/containerd/containerd v1.7.0
github.com/docker/docker v23.0.5+incompatible
github.com/docker/docker v23.0.7-0.20230714215826-f00e7af96042+incompatible
github.com/docker/go-connections v0.4.0
github.com/fatih/color v1.14.1
github.com/go-git/go-git/v5 v5.6.1
github.com/go-git/go-git/v5 v5.7.0
github.com/go-openapi/runtime v0.26.0
github.com/go-openapi/strfmt v0.21.7
github.com/go-redis/redis/v8 v8.11.5
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/protobuf v1.5.3
github.com/google/go-containerregistry v0.14.0
github.com/google/go-containerregistry v0.15.2
github.com/google/licenseclassifier/v2 v2.0.0
github.com/google/uuid v1.3.0
github.com/google/wire v0.5.0
@@ -62,18 +62,19 @@ require (
github.com/mailru/easyjson v0.7.7
github.com/masahiro331/go-disk v0.0.0-20220919035250-c8da316f91ac
github.com/masahiro331/go-ebs-file v0.0.0-20221225061409-5ef263bb2cc3
github.com/masahiro331/go-ext4-filesystem v0.0.0-20221225060520-c150f5eacfe1
github.com/masahiro331/go-ext4-filesystem v0.0.0-20230612143131-27ccd485b7a1
github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08
github.com/masahiro331/go-vmdk-parser v0.0.0-20221225061455-612096e4bbbd
github.com/masahiro331/go-xfs-filesystem v0.0.0-20221225060805-c02764233454
github.com/masahiro331/go-xfs-filesystem v0.0.0-20230608043311-a335f4599b70
github.com/mitchellh/hashstructure/v2 v2.0.2
github.com/moby/buildkit v0.11.5
github.com/mitchellh/mapstructure v1.5.0
github.com/moby/buildkit v0.11.6
github.com/open-policy-agent/opa v0.45.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221020182949-4df8887994e8
github.com/opencontainers/image-spec v1.1.0-rc4
github.com/openvex/go-vex v0.2.0
github.com/owenrumney/go-sarif/v2 v2.2.0
github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170
github.com/package-url/packageurl-go v0.1.1
github.com/samber/lo v1.38.1
github.com/saracen/walker v0.1.3
github.com/secure-systems-lab/go-securesystemslib v0.6.0
@@ -81,34 +82,34 @@ require (
github.com/sirupsen/logrus v1.9.0
github.com/sosedoff/gitkit v0.3.0
github.com/spdx/tools-golang v0.5.0
github.com/spf13/cast v1.5.0
github.com/spf13/cast v1.5.1
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.15.0
github.com/stretchr/testify v1.8.3
github.com/testcontainers/testcontainers-go v0.19.0
github.com/tetratelabs/wazero v1.0.0
github.com/stretchr/testify v1.8.4
github.com/testcontainers/testcontainers-go v0.21.0
github.com/tetratelabs/wazero v1.2.1
github.com/twitchtv/twirp v8.1.2+incompatible
github.com/xlab/treeprint v1.1.0
go.etcd.io/bbolt v1.3.7
go.uber.org/zap v1.24.0
golang.org/x/exp v0.0.0-20230321023759-10a507213a29
golang.org/x/mod v0.10.0
golang.org/x/sync v0.2.0
golang.org/x/term v0.8.0
golang.org/x/text v0.9.0
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
golang.org/x/mod v0.12.0
golang.org/x/sync v0.3.0
golang.org/x/term v0.10.0
golang.org/x/text v0.11.0
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
google.golang.org/protobuf v1.30.0
google.golang.org/protobuf v1.31.0
gopkg.in/yaml.v3 v3.0.1
gotest.tools v2.2.0+incompatible
k8s.io/api v0.26.3
k8s.io/api v0.27.3
k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5
modernc.org/sqlite v1.20.3
modernc.org/sqlite v1.23.1
)
require (
cloud.google.com/go v0.110.0 // indirect
cloud.google.com/go/compute v1.19.0 // indirect
cloud.google.com/go/compute v1.19.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v0.13.0 // indirect
cloud.google.com/go/storage v1.29.0 // indirect
@@ -126,12 +127,12 @@ require (
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver v1.5.0 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
github.com/Masterminds/squirrel v1.5.3 // indirect
github.com/Microsoft/go-winio v0.6.0 // indirect
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Masterminds/squirrel v1.5.4 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.10.0-rc.7 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/agext/levenshtein v1.2.3 // indirect
@@ -143,44 +144,44 @@ require (
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.23 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14 // indirect
github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.16.0 // indirect
github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.24 // indirect
github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.13.11 // indirect
github.com/aws/aws-sdk-go-v2/service/athena v1.18.10 // indirect
github.com/aws/aws-sdk-go-v2/service/athena v1.30.4 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.5 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.24.4 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.21.10 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.27.1 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.26.2 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.20 // indirect
github.com/aws/aws-sdk-go-v2/service/codebuild v1.19.17 // indirect
github.com/aws/aws-sdk-go-v2/service/docdb v1.19.11 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.17.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ebs v1.15.19 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.17.18 // indirect
github.com/aws/aws-sdk-go-v2/service/ecs v1.18.26 // indirect
github.com/aws/aws-sdk-go-v2/service/efs v1.20.1 // indirect
github.com/aws/aws-sdk-go-v2/service/eks v1.22.1 // indirect
github.com/aws/aws-sdk-go-v2/service/ecs v1.28.1 // indirect
github.com/aws/aws-sdk-go-v2/service/efs v1.20.3 // indirect
github.com/aws/aws-sdk-go-v2/service/eks v1.27.14 // indirect
github.com/aws/aws-sdk-go-v2/service/elasticache v1.26.8 // indirect
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.19.11 // indirect
github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.19.0 // indirect
github.com/aws/aws-sdk-go-v2/service/emr v1.24.4 // indirect
github.com/aws/aws-sdk-go-v2/service/iam v1.19.12 // indirect
github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.10 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.18 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.23 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17 // indirect
github.com/aws/aws-sdk-go-v2/service/kafka v1.19.4 // indirect
github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.19 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.23.0 // indirect
github.com/aws/aws-sdk-go-v2/service/lambda v1.24.6 // indirect
github.com/aws/aws-sdk-go-v2/service/mq v1.13.15 // indirect
github.com/aws/aws-sdk-go-v2/service/neptune v1.17.12 // indirect
github.com/aws/aws-sdk-go-v2/service/mq v1.15.0 // indirect
github.com/aws/aws-sdk-go-v2/service/neptune v1.20.7 // indirect
github.com/aws/aws-sdk-go-v2/service/rds v1.26.1 // indirect
github.com/aws/aws-sdk-go-v2/service/redshift v1.27.7 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.27.11 // indirect
@@ -212,7 +213,7 @@ require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/dlclark/regexp2 v1.4.0 // indirect
github.com/docker/cli v23.0.1+incompatible // indirect
github.com/docker/cli v23.0.5+incompatible // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -226,16 +227,16 @@ require (
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-errors/errors v1.0.1 // indirect
github.com/go-git/gcfg v1.5.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.4.1 // indirect
github.com/go-gorp/gorp/v3 v3.0.2 // indirect
github.com/go-gorp/gorp/v3 v3.0.5 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.21.4 // indirect
github.com/go-openapi/errors v0.20.3 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.1 // indirect
github.com/go-openapi/loads v0.21.2 // indirect
github.com/go-openapi/spec v0.20.9 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
@@ -264,8 +265,8 @@ require (
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/hcl/v2 v2.14.1 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -274,13 +275,13 @@ require (
github.com/json-iterator/go v1.1.12 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/klauspost/compress v1.16.5 // indirect
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
github.com/liamg/iamgo v0.0.9 // indirect
github.com/liamg/jfather v0.0.7 // indirect
github.com/liamg/memoryfs v1.4.3 // indirect
github.com/lib/pq v1.10.7 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 // indirect
github.com/magiconair/properties v1.8.7 // indirect
@@ -294,7 +295,6 @@ require (
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/patternmatcher v0.5.0 // indirect
@@ -302,7 +302,7 @@ require (
github.com/moby/sys/mountinfo v0.6.2 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -326,21 +326,21 @@ require (
github.com/prometheus/common v0.42.0 // indirect
github.com/prometheus/procfs v0.9.0 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230126093431-47fa9a501578 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rubenv/sql-migrate v1.2.0 // indirect
github.com/rubenv/sql-migrate v1.3.1 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
github.com/skeema/knownhosts v1.1.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/skeema/knownhosts v1.1.1 // indirect
github.com/spf13/afero v1.9.3 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/stretchr/objx v0.5.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/vbatts/tar-split v0.11.3 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -356,12 +356,12 @@ require (
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/crypto v0.9.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/crypto v0.11.0 // indirect
golang.org/x/net v0.12.0 // indirect
golang.org/x/oauth2 v0.7.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/sys v0.10.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.8.0 // indirect
golang.org/x/tools v0.10.0 // indirect
google.golang.org/api v0.121.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
@@ -371,34 +371,32 @@ require (
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gotest.tools/v3 v3.1.0 // indirect
helm.sh/helm/v3 v3.11.1 // indirect
k8s.io/apiextensions-apiserver v0.26.0 // indirect
k8s.io/apimachinery v0.26.3 // indirect
k8s.io/apiserver v0.26.2 // indirect
k8s.io/cli-runtime v0.26.3 // indirect
k8s.io/client-go v0.26.3 // indirect
k8s.io/component-base v0.26.3 // indirect
helm.sh/helm/v3 v3.12.1 // indirect
k8s.io/apiextensions-apiserver v0.27.2 // indirect
k8s.io/apimachinery v0.27.3 // indirect
k8s.io/apiserver v0.27.2 // indirect
k8s.io/cli-runtime v0.27.3 // indirect
k8s.io/client-go v0.27.3 // indirect
k8s.io/component-base v0.27.3 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
k8s.io/kubectl v0.26.3 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/kubectl v0.27.3 // indirect
lukechampine.com/uint128 v1.2.0 // indirect
modernc.org/cc/v3 v3.40.0 // indirect
modernc.org/ccgo/v3 v3.16.13 // indirect
modernc.org/libc v1.22.2 // indirect
modernc.org/libc v1.22.5 // indirect
modernc.org/mathutil v1.5.0 // indirect
modernc.org/memory v1.5.0 // indirect
modernc.org/opt v0.1.3 // indirect
modernc.org/strutil v1.1.3 // indirect
modernc.org/token v1.0.1 // indirect
oras.land/oras-go v1.2.2 // indirect
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
sigs.k8s.io/kustomize/api v0.12.1 // indirect
sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.2 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)
// v1.2.0 is taken from github.com/open-policy-agent/opa v0.42.0
// v1.2.0 incompatible with github.com/docker/docker v23.0.0-rc.1+incompatible
replace oras.land/oras-go => oras.land/oras-go v1.1.1
// oras 1.2.2 is incompatible with github.com/docker/docker v23.0.0-rc.1+incompatible
replace oras.land/oras-go => oras.land/oras-go v1.2.3

421
go.sum
View File

@@ -71,8 +71,8 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz
cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ=
cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU=
cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY=
cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
@@ -231,29 +231,30 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg=
github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg=
github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 h1:NqeV+ZMqpcosu0Xg2VW14Ru9ayBs/toe2oihS7sN6Xo=
github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3/go.mod h1:fGXSp1lCDfMQ8KR1EjxT4ewc5HHhGczRF2pWhLSWohs=
github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible h1:juIaKLLVhqzP55d8x4cSVgwyQv76Z55/fRv/UBr2KkQ=
github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -264,8 +265,8 @@ github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JP
github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
@@ -283,14 +284,15 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek=
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
@@ -306,12 +308,11 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk=
github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
github.com/alicebob/miniredis/v2 v2.30.2 h1:lc1UAUT9ZA7h4srlfBmBt2aorm5Yftk9nBjxz7EyY9I=
github.com/alicebob/miniredis/v2 v2.30.2/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg=
github.com/alicebob/miniredis/v2 v2.30.4 h1:8S4/o1/KoUArAGbGwPxcwf0krlzceva2XVOSchFS7Eo=
github.com/alicebob/miniredis/v2 v2.30.4/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg=
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc=
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=
github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
@@ -320,10 +321,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.89.0 h1:5B0mJYraNa2n5zlYuShqOwRt5kqFXdVfGPRYiZJPDuw=
github.com/aquasecurity/defsec v0.89.0/go.mod h1:te+KhIV8w1pDIjTsUQwlc6xRn8gC7f+TJUiFhLlcEHM=
github.com/aquasecurity/go-dep-parser v0.0.0-20230531031752-12c25a7270cc h1:viyHnEh6c6G7NHXpDyGsB1NRnCL2YpmtvpQgbDfwNeg=
github.com/aquasecurity/go-dep-parser v0.0.0-20230531031752-12c25a7270cc/go.mod h1:2Yfi9sB8TSwxM/KQDTpy4xFM6zG4yBjc1jS966uMIP8=
github.com/aquasecurity/defsec v0.91.0 h1:JGTiKL2UgnANZ4RoQQKokzpZ2vFv2LlXGoNjIypz9RQ=
github.com/aquasecurity/defsec v0.91.0/go.mod h1:l/srzxtuuyb6c6FlqUvMp3xw2ZbvuZ0l9972MNJM7V8=
github.com/aquasecurity/go-dep-parser v0.0.0-20230731081423-69e49e750d15 h1:kHCZ2eQkRMm08Kkg6U12s0cqthclWDGEwohM2mb4hhk=
github.com/aquasecurity/go-dep-parser v0.0.0-20230731081423-69e49e750d15/go.mod h1:Cl6aYro+Ddzh1MB451j/C6rvwKdn/Ifa7z98sFirJ9I=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg=
@@ -342,20 +343,20 @@ github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da h1:pj/adfN
github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da/go.mod h1:852lbQLpK2nCwlR4ZLYIccxYCfoQao6q9Nl6tjz54v8=
github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
github.com/aquasecurity/trivy-db v0.0.0-20230515061101-378ab9ed302c h1:mFMfHmb5GC6xrnUGk2mJcKNt5vBaFSzJx1MMW47uzB0=
github.com/aquasecurity/trivy-db v0.0.0-20230515061101-378ab9ed302c/go.mod h1:s7x7CTxYeiFf6gPOakSsg4mCD93au4dbYplG4h0FGrs=
github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb h1:uz2+9G7E0/mjf5Q0MB/BwbpdObU34CKGUdnypTYWTfs=
github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb/go.mod h1:st35g9O0ecDGBqnRHNFFz8imlDD3GWTCwo1WyJixI2c=
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 h1:0eS+V7SXHgqoT99tV1mtMW6HL4HdoB9qGLMCb1fZp8A=
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
github.com/aquasecurity/trivy-kubernetes v0.5.4 h1:1UwEjcIxkY+VixlV734zixStq7oNjy5C4qJ5wy1mXU8=
github.com/aquasecurity/trivy-kubernetes v0.5.4/go.mod h1:rc2mGtn71vS+FDVXS3RjEpWXR+nph6GBS6fXdqhitFc=
github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9 h1:PA91rctNeAZY0hb2tPK68lAEpau3ItSto4FnqFXPF4g=
github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9/go.mod h1:R7LNrrjSc4PEs0suUd+pXSqSUMMU/eY5byWHfKSZyjQ=
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
@@ -367,35 +368,38 @@ github.com/aws/aws-sdk-go v1.44.245/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8
github.com/aws/aws-sdk-go-v2 v1.16.16/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k=
github.com/aws/aws-sdk-go-v2 v1.17.1/go.mod h1:JLnGeGONAyi2lWXI1p0PCIOIy333JMVK1U7Hf0aRFLw=
github.com/aws/aws-sdk-go-v2 v1.17.5/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2 v1.17.7/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2 v1.17.8/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyDJ+k=
github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8 h1:tcFliCWne+zOuUfKNRn8JdFBuWPDuISDH08wD2ULkhk=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.8/go.mod h1:JTnlBSot91steJeti4ryyu/tLd4Sk84O5W22L7O2EQU=
github.com/aws/aws-sdk-go-v2/config v1.18.24 h1:G0mJzpMjJFtK+7KtAky2kAjio21BdzNXblQSm2ZKsy0=
github.com/aws/aws-sdk-go-v2/config v1.18.24/go.mod h1:+9/RIaxGG2let2y9lIYEwOTBhaXqArOakom2TVytvFE=
github.com/aws/aws-sdk-go-v2/credentials v1.13.23 h1:uKTIH4RmFIo04Pijn132WEMaboVLAg96H4l2KFRGzZU=
github.com/aws/aws-sdk-go-v2/credentials v1.13.23/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
github.com/aws/aws-sdk-go-v2/config v1.18.25 h1:JuYyZcnMPBiFqn87L2cRppo+rNwgah6YwD3VuyvaW6Q=
github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
github.com/aws/aws-sdk-go-v2/credentials v1.13.24 h1:PjiYyls3QdCrzqUN35jMWtUK1vqVZ+zLfdOa/UPFDp0=
github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.23/go.mod h1:2DFxAQ9pfIRy0imBCJv+vZ2X6RKxves6fbnEuSry6b4=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.25/go.mod h1:Zb29PYkf42vVYQY6pvSyJCJcFHlPIiY+YKdPtwnvMkY=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29/go.mod h1:Dip3sIGv485+xerzVv24emnjX5Sg88utCL8fwGmCeWg=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31/go.mod h1:QT0BqUvX1Bh2ABdTGnjqEjvjzrCfIniM9Sc8zn9Yndo=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32/go.mod h1:RudqOgadTWdcS3t/erPQo24pcVEoYyqj/kKW5Vya21I=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 h1:hMUCiE3Zi5AHrRNGf5j985u0WyqI6r2NULhUfo0N/No=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.17/go.mod h1:pRwaTYCJemADaqCbUAxltMoHKata7hmB5PjEXeu0kfg=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.19/go.mod h1:6Q0546uHDp421okhmmGfbxzq2hBqbXFNpi4k+Q1JnQA=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23/go.mod h1:mr6c4cHC+S/MMkrjtSlG4QA36kOznDep+0fga5L/fGQ=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25/go.mod h1:zBHOPwhBc3FlQjQJE/D3IfPWiWaQmT06Vq9aNukDo0k=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26/go.mod h1:vq86l7956VgFr0/FWQ2BWnK07QC3WYsepKzy33qqY5U=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 h1:yOpYx+FTBdpk/g+sBU6Cb1H0U/TLEcYYp66mYqsPpcc=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.14 h1:ZSIPAkAsCCjYrhqfw2+lNzWDzxzHXEckFkTePL5RSWQ=
@@ -406,14 +410,14 @@ github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.24 h1:eWwaF3m67oAJGBhfzVC9
github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.24/go.mod h1:3olVANhEv+CFhEvC/TTkqh+1kg+r0px3CbH5eRKx7J4=
github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.13.11 h1:1L2042GftNVyI3TtWclGodfN5zBQjBNXsTQxDNaPXs8=
github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.13.11/go.mod h1:Cs+mG0DXkVYPWsWIE8Ga78C/HeN5zFBbPHdOnJPwZ4M=
github.com/aws/aws-sdk-go-v2/service/athena v1.18.10 h1:s8cE1HX3Pi53iMg+A+d7gGvmjA+Z4nH6u0BbbuFwXXE=
github.com/aws/aws-sdk-go-v2/service/athena v1.18.10/go.mod h1:LiVr7tVQ2lrlv82VQhyuulN8uysLHsEeptFjA5PY1Pc=
github.com/aws/aws-sdk-go-v2/service/athena v1.30.4 h1:x6pNnhCWXrkGX43gkJkcdCtlYSFx3tzqJKnm2QBqz6k=
github.com/aws/aws-sdk-go-v2/service/athena v1.30.4/go.mod h1:XyrQmcmWx6BNhu1K5la/Zub8gX29MqiIMQ9silULHjk=
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.5 h1:nLAPA7/DSmDWYP/MGtRNP6bHjiL8Fmyg8qeDxW90nm0=
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.20.5/go.mod h1:HYQXu2AKM7RLCn3APoQ5EvL2N/RlI4LSNN8pIGbdaDQ=
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.24.4 h1:4n6EhYGGPyNHffNcz1glTQWa7jU5yLfCgDCb2fmXPno=
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.24.4/go.mod h1:qv5TNLKArfckMdJqnZ2Wy6DiZBoYbn8OXhf6Si1IUGg=
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.21.10 h1:P4IjsoKGRL2iqqFrcHMXDW31nlzN+k8CMwpyGFtiLy8=
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.21.10/go.mod h1:b2EPXU2jyxD7StcbEemizK7A5wYYDKhdp6zpSUKUjJ0=
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.27.1 h1:Qw1G/M7eanpm6s/URkG1UuRLKEnRnpUvkUb7NMVvWb8=
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.27.1/go.mod h1:oKRYqorIUkfAVmX03+lpv3tW5WelDpaliqzTwmCj/k8=
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.26.2 h1:PWGu2JhCb/XJlJ7SSFJq76pxk4xWsN76nZxh7TzMHx0=
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.26.2/go.mod h1:2KOZkkzMDZCo/aLzPhys06mHNkiU74u85aMJA3PLRvg=
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.20 h1:yPyXdrZaB4SW+pn2CmqyAbhuqGM4Pv4fsMhLOt8cOj8=
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.20/go.mod h1:p2i2jyYZzFBJeOOQ5ji2k/Yc6IvlQsG/CuHRwEi8whs=
github.com/aws/aws-sdk-go-v2/service/codebuild v1.19.17 h1:Phl0QyhBW8mzNpQxin1Dyp+rXBultaQqkGEsmDCWYGQ=
@@ -424,16 +428,16 @@ github.com/aws/aws-sdk-go-v2/service/dynamodb v1.17.7 h1:/TwGWNd3vnjXaPMau8eY7s5
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.17.7/go.mod h1:BiglbKCG56L8tmMnUEyEQo422BO9xnNR8vVHnOsByf8=
github.com/aws/aws-sdk-go-v2/service/ebs v1.15.19 h1:6S06aB1xyXs3C9RE5RyJROw1v1ByXGHo/cxTZ13VRp0=
github.com/aws/aws-sdk-go-v2/service/ebs v1.15.19/go.mod h1:pJhytP5qZaPIqCF2BewXttD4bc29KIPm6LMSIBhMCFI=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.89.1 h1:2CO0T8ReHjH5TFjk9RHmAafJt4vk/wMlQtn3c9bNL5Y=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.89.1/go.mod h1:zDr1uSSLVYc6KqXvrmqYkeqnfbmOOrbVloz4Eqsc83k=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.98.0 h1:WblDV33AG9dhv0zFEPEmGtD5UECSNpKMxtdENULfR8M=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.98.0/go.mod h1:L3ZT0N/vBsw77mOAawXmRnREpEjcHd2v5Hzf7AkIH8M=
github.com/aws/aws-sdk-go-v2/service/ecr v1.17.18 h1:uiF/RI+Up8H2xdgT2GWa20YzxiKEalHieqNjm6HC3Xk=
github.com/aws/aws-sdk-go-v2/service/ecr v1.17.18/go.mod h1:DQtDYmexqR+z+B6HBCvY7zK/tuXKv6Zy/IwOXOK3eow=
github.com/aws/aws-sdk-go-v2/service/ecs v1.18.26 h1:EHJAYkUnlFJ/KwuFMvUs/bPbb0DaqAI+gTfXxffTPZ0=
github.com/aws/aws-sdk-go-v2/service/ecs v1.18.26/go.mod h1:NpR78BP2STxvF/R1GXLDM4gAEfjz68W/h0nC5b6Jk3s=
github.com/aws/aws-sdk-go-v2/service/efs v1.20.1 h1:fJFdGkf0Xj04IBnps3YlL6mGPSjzfgAZ7ZX+mbsrPDc=
github.com/aws/aws-sdk-go-v2/service/efs v1.20.1/go.mod h1:7szMjYu35IWLaJEG23z6x/KOFckAF4/oQdNuDni99Pk=
github.com/aws/aws-sdk-go-v2/service/eks v1.22.1 h1:f07Bk+xMm0Q8PCzvrBg8Bd6m67CTvZSxQWB0H7ZEJOU=
github.com/aws/aws-sdk-go-v2/service/eks v1.22.1/go.mod h1:YoafRRQM4SnTFwb49e4LCAel6n99q2DMxkeAfbgvq8s=
github.com/aws/aws-sdk-go-v2/service/ecs v1.28.1 h1:PxWgrtfQvct60NjxSrFsSWG/Yg1HATRKP4IeUPiLlrE=
github.com/aws/aws-sdk-go-v2/service/ecs v1.28.1/go.mod h1:eZBCsRjzc+ZX8x3h0beHOu+uxRWRwnEHzzvDgKy9v0E=
github.com/aws/aws-sdk-go-v2/service/efs v1.20.3 h1:+rQHxWkGK5GyanoetOyOG/U0sgXjlt3vw+jufY7wp4k=
github.com/aws/aws-sdk-go-v2/service/efs v1.20.3/go.mod h1:UpiMmYILiWWe5wfcz6dJded9/K1XVmcOD3LB1ZCLVdw=
github.com/aws/aws-sdk-go-v2/service/eks v1.27.14 h1:47HQVuJXgwvuoc4AT3rVdm77H0qGFbFnsuE4PRT+xX0=
github.com/aws/aws-sdk-go-v2/service/eks v1.27.14/go.mod h1:QxuWcm9rlLkW3aEV8tiDzqZewnNSNUZfnqJvo1Nv9A0=
github.com/aws/aws-sdk-go-v2/service/elasticache v1.26.8 h1:QBi/EzjmsZAm2qWCftCDHQ5DW1iDd4IwLDvXA6ikj8E=
github.com/aws/aws-sdk-go-v2/service/elasticache v1.26.8/go.mod h1:HPSFSw7eCcEJFRaNZxnlMxOOctdrSNttq5JR/Q9yusU=
github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.19.11 h1:IN2XMTLmhIEL5e3o+tY9JsLFSAxmjgM8gI7W2+CPrpw=
@@ -442,8 +446,8 @@ github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.19.0 h1:XE/MewOiHgW
github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.19.0/go.mod h1:2GKcrxIvmAf07PsxbJ7tccJDXzVj0oHT/MuBQ9835X8=
github.com/aws/aws-sdk-go-v2/service/emr v1.24.4 h1:C6I3p2ENt01I5iO5oEXyfzSk1VIEKADXSMgNdiW1Tw8=
github.com/aws/aws-sdk-go-v2/service/emr v1.24.4/go.mod h1:hvWrBVsomnNf7Y0Onrl+wGAkcOAH81Ybcy8FSQrvARM=
github.com/aws/aws-sdk-go-v2/service/iam v1.19.12 h1:JH1H7POlsZt41X9JYIBLZoXW0Qv+WOuC48xsafsls2Q=
github.com/aws/aws-sdk-go-v2/service/iam v1.19.12/go.mod h1:kAnokExGCYs7zfvZEZdFHvQ/x4ZKIci0Raps6mZI1Ag=
github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 h1:VTCWgsrromZqnlRgfziqqWWcW7LFkQLwJVYgf/5zgWA=
github.com/aws/aws-sdk-go-v2/service/iam v1.21.1/go.mod h1:LBsjrFczXiQLASO6FtDGTeHuZh6oHuIH6VKaOozFghg=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.9/go.mod h1:a9j48l6yL5XINLHLcOKInjdvknN+vWqPBxqeIDw7ktw=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.10 h1:dpiPHgmFstgkLG07KaYAewvuptq5kvo52xn7tVSrtrQ=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.10/go.mod h1:9cBNUHI2aW4ho0A5T87O294iPDuuUOSIEDjnd1Lq/z0=
@@ -453,23 +457,23 @@ github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.19/go.mod
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.23 h1:5AwQnYQT3ZX/N7hPTAx4ClWyucaiqr2esQRMNbJIby0=
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.23/go.mod h1:s8OUYECPoPpevQHmRmMBemFIx6Oc91iapsw56KiXIMY=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.17/go.mod h1:4nYOrY41Lrbk2170/BGkcJKBhws9Pfn8MG3aGqjjeFI=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24/go.mod h1:HMA4FZG6fyib+NDo5bpIxX1EhYjrAOveZJY2YR0xrNE=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17 h1:HfVVR1vItaG6le+Bpw6P4midjBDMKnjMyZnw9MXYUcE=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.17/go.mod h1:YqMdV+gEKCQ59NrB7rzrJdALeBIsYiVi8Inj3+KcqHI=
github.com/aws/aws-sdk-go-v2/service/kafka v1.19.4 h1:EmEk3gRJzSEK8DUnkvTGDn/RQc/Ud+yimUFIG+PSvTI=
github.com/aws/aws-sdk-go-v2/service/kafka v1.19.4/go.mod h1:+O9qi0UC83Lk0KAnC/ixNcw4piXfUtPzXpYn/KC2Mhg=
github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.19 h1:qVaBkJxFxm6o/9DPNnJU6L9O3V7ycEKhCvRm2BFBQTU=
github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.19/go.mod h1:9rLNg+J9SEe7rhge/YzKU3QTovlLqOmqH8akb0IB1ko=
github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 h1:Q03Jqh1enA8keCiGZpLetpk58Ll9iGejE5bOErxyGAU=
github.com/aws/aws-sdk-go-v2/service/kms v1.21.1/go.mod h1:EEfb4gfSphdVpRo5sGf2W3KvJbelYUno5VaXR5MJ3z4=
github.com/aws/aws-sdk-go-v2/service/kms v1.23.0 h1:NXYeZBNg35rDBhcus60DFkIP7q6RNSkarLx+37ERX1g=
github.com/aws/aws-sdk-go-v2/service/kms v1.23.0/go.mod h1:aNfh11Smy55o65PB3MyKbkM8BFyFUcZmj1k+4g8eNfg=
github.com/aws/aws-sdk-go-v2/service/lambda v1.24.6 h1:N7RkXX2SJbN+TCp295J3LdMR0KRFd2Bhi5nIO+svLQY=
github.com/aws/aws-sdk-go-v2/service/lambda v1.24.6/go.mod h1:oTJIIluTaJCRT6xP1AZpuU3JwRHBC0Q5O4Hg+SUxFHw=
github.com/aws/aws-sdk-go-v2/service/mq v1.13.15 h1:K0UbxNfaPHoIXo0T4L4jrbE+TKcVPYp55nEnMLxVRPk=
github.com/aws/aws-sdk-go-v2/service/mq v1.13.15/go.mod h1:ycghPMXYItx5Y74iehFgGwDNUMXdq0xCxLaYC5uYZO0=
github.com/aws/aws-sdk-go-v2/service/neptune v1.17.12 h1:QxMwblYXBaAUnQsSbGGmGlqj5/lHJKaEr1HcMXnnaok=
github.com/aws/aws-sdk-go-v2/service/neptune v1.17.12/go.mod h1:0arQRjGdCQgRNLiCIv5FEFCgQkDMUiLkv0mkrUbSrNE=
github.com/aws/aws-sdk-go-v2/service/mq v1.15.0 h1:Z1q5y9q4feZb/h2H4D+MHqGflTEeyZH6MarBG6o00ng=
github.com/aws/aws-sdk-go-v2/service/mq v1.15.0/go.mod h1:CT2bVyhH6LN35rLvJ98OxFtjMruG1zCtn5rDi9rZs9M=
github.com/aws/aws-sdk-go-v2/service/neptune v1.20.7 h1:cZ5WMVZeKBJZDNliJiEXjU3A+5sqCkXm8UE7ZsZGZN8=
github.com/aws/aws-sdk-go-v2/service/neptune v1.20.7/go.mod h1:N1cuDqSpLRxxf3RUIKUvG7MFORReZmLFyskIXMeUCLY=
github.com/aws/aws-sdk-go-v2/service/rds v1.26.1 h1:tiXsw36GaRUWMcH5uRM2uM7vo+bNsa1mEOn68ZOBjWA=
github.com/aws/aws-sdk-go-v2/service/rds v1.26.1/go.mod h1:d8jJiNpy2cyl52sw5msQQ12ajEbPAK+twYPR7J35slw=
github.com/aws/aws-sdk-go-v2/service/redshift v1.27.7 h1:fKg773iDMTGUxd8UNkEfwYGNjT6H6KFSmqV97Yte+jc=
@@ -715,8 +719,8 @@ github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55k
github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM=
github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
@@ -724,8 +728,8 @@ github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m3
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v23.0.0-rc.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v23.0.7-0.20230714215826-f00e7af96042+incompatible h1:j7cPAKd+yLS4f16Jqri/wXRK+7TtFQCt89WPqECWnIM=
github.com/docker/docker v23.0.7-0.20230714215826-f00e7af96042+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
@@ -749,8 +753,8 @@ github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:Htrtb
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
@@ -774,14 +778,16 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwC
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42SwLmrW0QByONfGynWuzBvm86BoB9z8=
github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -793,23 +799,20 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/glebarez/go-sqlite v1.20.3 h1:89BkqGOXR9oRmG58ZrzgoY/Fhy5x0M+/WV48U5zVrZ4=
github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE=
github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gorp/gorp/v3 v3.0.2 h1:ULqJXIekoqMx29FI5ekXXFoH1dT2Vc8UhnRzBg+Emz4=
github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmncaR6rwBY=
github.com/go-gorp/gorp/v3 v3.0.5 h1:PUjzYdYu3HBOh8LE+UUmRG2P0IRDak9XMeGNvaeq4Ow=
github.com/go-gorp/gorp/v3 v3.0.5/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
@@ -834,13 +837,15 @@ github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2uj
github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
@@ -870,11 +875,10 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
@@ -1002,8 +1006,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw=
github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw=
github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk=
github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@@ -1103,7 +1107,7 @@ github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
@@ -1132,16 +1136,18 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=
github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -1150,7 +1156,6 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -1191,8 +1196,8 @@ github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg=
github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8=
github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 h1:PPPlUUqPP6fLudIK4n0l0VU4KT2cQGnheW9x8pNiCHI=
@@ -1212,7 +1217,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -1234,9 +1241,9 @@ github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB
github.com/liamg/memoryfs v1.4.3 h1:+ChjcuPRYpjJSulD13PXDNR3JeJ5HUYKjLHyWVK0bqU=
github.com/liamg/memoryfs v1.4.3/go.mod h1:z7mfqXFQS8eSeBBsFjYLlxYRMRyiPktytvYCYTb3BSk=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 h1:EnfXoSqDfSNJv0VBNqY/88RNnhSGYkrHaO0mmFGbVsc=
@@ -1265,19 +1272,20 @@ github.com/masahiro331/go-disk v0.0.0-20220919035250-c8da316f91ac h1:QyRucnGOLHJ
github.com/masahiro331/go-disk v0.0.0-20220919035250-c8da316f91ac/go.mod h1:J7Vb0sf0JzOhT0uHTeCqO6dqP/ELVcQvQ6yQ/56ZRGw=
github.com/masahiro331/go-ebs-file v0.0.0-20221225061409-5ef263bb2cc3 h1:CCX8exCYIPHrMKba1KDhM37PxC3/amBUZXH8yoJOAMQ=
github.com/masahiro331/go-ebs-file v0.0.0-20221225061409-5ef263bb2cc3/go.mod h1:5NOkqebMwu8UiOTSjwqam1Ykdr7fci52TVE2xDQnIiM=
github.com/masahiro331/go-ext4-filesystem v0.0.0-20221225060520-c150f5eacfe1 h1:GBZZSY8xEoAf76ZOlxqKi/OMufpZnTxpTf7ectT1eNM=
github.com/masahiro331/go-ext4-filesystem v0.0.0-20221225060520-c150f5eacfe1/go.mod h1:X08d9nmB+eg7Gj2XWAOkiG8lbMFbgGXPsDKEvkFwyF8=
github.com/masahiro331/go-ext4-filesystem v0.0.0-20230612143131-27ccd485b7a1 h1:jQ0px48V+wp35FSimlg9e/bB8XSrBz0SxPLbnYCq6/4=
github.com/masahiro331/go-ext4-filesystem v0.0.0-20230612143131-27ccd485b7a1/go.mod h1:3XMMY1M486mWGTD13WPItg6FsgflQR72ZMAkd+gsyoQ=
github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 h1:AevUBW4cc99rAF8q8vmddIP8qd/0J5s/UyltGbp66dg=
github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08/go.mod h1:JOkBRrE1HvgTyjk6diFtNGgr8XJMtIfiBzkL5krqzVk=
github.com/masahiro331/go-vmdk-parser v0.0.0-20221225061455-612096e4bbbd h1:Y30EzvuoVp97b0unb/GOFXzBUKRXZXUN2e0wYmvC+ic=
github.com/masahiro331/go-vmdk-parser v0.0.0-20221225061455-612096e4bbbd/go.mod h1:5f7mCJGW9cJb8SDn3z8qodGxpMCOo8d/2nls/tiwRrw=
github.com/masahiro331/go-xfs-filesystem v0.0.0-20221225060805-c02764233454 h1:XHFL/6QXvGlsBZ6xZvLPSsQW5QIzrOnNUKgkjRo7KWo=
github.com/masahiro331/go-xfs-filesystem v0.0.0-20221225060805-c02764233454/go.mod h1:QKBZqdn6teT0LK3QhAf3K6xakItd1LonOShOEC44idQ=
github.com/masahiro331/go-xfs-filesystem v0.0.0-20230608043311-a335f4599b70 h1:X6W6raTo07X0q4pvSI/68Pj/Ic4iIU2CfQU65OH0Zhc=
github.com/masahiro331/go-xfs-filesystem v0.0.0-20230608043311-a335f4599b70/go.mod h1:QKBZqdn6teT0LK3QhAf3K6xakItd1LonOShOEC44idQ=
github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@@ -1286,6 +1294,7 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -1296,10 +1305,9 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
@@ -1312,7 +1320,7 @@ github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7Xn
github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@@ -1338,9 +1346,8 @@ github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQ
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM=
github.com/moby/buildkit v0.11.5 h1:S6YrFJ0bfBT2w9e8kOxqsDV8Bw+HtfqdB6eHL17BXRI=
github.com/moby/buildkit v0.11.5/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo=
github.com/moby/buildkit v0.11.6 h1:VYNdoKk5TVxN7k4RvZgdeM4GOyRvIi4Z8MXOY7xvyUs=
github.com/moby/buildkit v0.11.6/go.mod h1:GCqKfHhz+pddzfgaR7WmHVEE3nKKZMMDPpK8mh3ZLv4=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
@@ -1358,8 +1365,8 @@ github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI
github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -1379,6 +1386,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -1395,13 +1404,13 @@ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc=
github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E=
github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
github.com/open-policy-agent/opa v0.45.0 h1:P5nuhVRtR+e58fk3CMMbiqr6ZFyWQPNOC3otsorGsFs=
github.com/open-policy-agent/opa v0.45.0/go.mod h1:/OnsYljNEWJ6DXeFOOnoGn8CvwZGMUS4iRqzYdJvmBI=
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -1412,8 +1421,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221020182949-4df8887994e8 h1:l9vfzobI7tZtG164u1Jf6NqDErHZoqAw8rlvBYQJpVI=
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221020182949-4df8887994e8/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@@ -1444,8 +1453,8 @@ github.com/owenrumney/go-sarif/v2 v2.2.0 h1:1DmZaijK0HBZCR1fgcDSGa7VzYkU9NDmbZ7q
github.com/owenrumney/go-sarif/v2 v2.2.0/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=
github.com/owenrumney/squealer v1.1.1 h1:e+fg29IxdNARSc4s7CbYnqVSepm9eOqErLNNNR5XbAs=
github.com/owenrumney/squealer v1.1.1/go.mod h1:Q5ekVoyFSG2FlnCVIBGsyk/FSMA/ATv8PtwKIVX7t/o=
github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o=
github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
github.com/package-url/packageurl-go v0.1.1 h1:KTRE0bK3sKbFKAk3yy63DpeskU7Cvs/x/Da5l+RtzyU=
github.com/package-url/packageurl-go v0.1.1/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
@@ -1471,8 +1480,10 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg=
github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -1514,8 +1525,8 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/remyoudompheng/bigfft v0.0.0-20230126093431-47fa9a501578 h1:VstopitMQi3hZP0fzvnsLmzXZdQGc4bEcgu24cp+d4M=
github.com/remyoudompheng/bigfft v0.0.0-20230126093431-47fa9a501578/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -1523,10 +1534,12 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
github.com/rubenv/sql-migrate v1.2.0 h1:fOXMPLMd41sK7Tg75SXDec15k3zg5WNV6SjuDRiNfcU=
github.com/rubenv/sql-migrate v1.2.0/go.mod h1:Z5uVnq7vrIrPmHbVFfR4YLHRZquxeHpckCnRq0P/K9Y=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -1547,8 +1560,9 @@ github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=
github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE=
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sigstore/rekor v1.2.1 h1:cEI4qn9IBvM7EkPQYl3YzCwCw97Mx8O2nHrv02XiI8U=
github.com/sigstore/rekor v1.2.1/go.mod h1:zcFO54qIg2G1/i0sE/nvmELUOng/n0MPjTszRYByVPo=
@@ -1563,8 +1577,8 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag=
github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE=
github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@@ -1582,10 +1596,12 @@ github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
@@ -1623,8 +1639,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
@@ -1634,10 +1650,11 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG
github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
github.com/testcontainers/testcontainers-go v0.19.0 h1:3bmFPuQRgVIQwxZJERyzB8AogmJW3Qzh8iDyfJbPhi8=
github.com/testcontainers/testcontainers-go v0.19.0/go.mod h1:3YsSoxK0rGEUzbGD4gUVt1Nm3GJpCIq94GX+2LSf3d4=
github.com/tetratelabs/wazero v1.0.0 h1:sCE9+mjFex95Ki6hdqwvhyF25x5WslADjDKIFU5BXzI=
github.com/tetratelabs/wazero v1.0.0/go.mod h1:wYx2gNRg8/WihJfSDxA1TIL8H+GkfLYm+bIfbblu9VQ=
github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo=
github.com/testcontainers/testcontainers-go v0.21.0 h1:syePAxdeTzfkap+RrJaQZpJQ/s/fsUgn11xIvHrOE9U=
github.com/testcontainers/testcontainers-go v0.21.0/go.mod h1:c1ez3WVRHq7T/Aj+X3TIipFBwkBaNT5iNCY8+1b83Ng=
github.com/tetratelabs/wazero v1.2.1 h1:J4X2hrGzJvt+wqltuvcSjHQ7ujQxA9gb6PeMs4qlUWs=
github.com/tetratelabs/wazero v1.2.1/go.mod h1:wYx2gNRg8/WihJfSDxA1TIL8H+GkfLYm+bIfbblu9VQ=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -1651,10 +1668,10 @@ github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
@@ -1708,8 +1725,6 @@ github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0
github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
github.com/zclconf/go-cty-yaml v1.0.2 h1:dNyg4QLTrv2IfJpm7Wtxi55ed5gLGOlPrZ6kMd51hY0=
github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
@@ -1756,7 +1771,6 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1782,15 +1796,14 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1801,8 +1814,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1829,9 +1842,9 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1896,15 +1909,15 @@ golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug
golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1948,8 +1961,9 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2073,22 +2087,26 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2100,9 +2118,11 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2153,6 +2173,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200313205530-4303120df7d8/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -2178,9 +2199,9 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2417,8 +2438,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2473,10 +2494,9 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
gotest.tools/v3 v3.1.0 h1:rVV8Tcg/8jHUkPUorwjaMTtemIMVXfIPKiOqnhEhakk=
gotest.tools/v3 v3.1.0/go.mod h1:fHy7eyTmJFO5bQbUsEGQ1v4m2J3Jz9eWL54TP2/ZuYQ=
helm.sh/helm/v3 v3.11.1 h1:cmL9fFohOoNQf+wnp2Wa0OhNFH0KFnSzEkVxi3fcc3I=
helm.sh/helm/v3 v3.11.1/go.mod h1:z/Bu/BylToGno/6dtNGuSmjRqxKq5gaH+FU0BPO+AQ8=
gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
helm.sh/helm/v3 v3.12.1 h1:lzU7etZX24A6BTMXYQF3bFq0ECfD8s+fKlNBBL8AbEc=
helm.sh/helm/v3 v3.12.1/go.mod h1:qhmSY9kcX7yH1xebe+FDMZa7E5NAeZ+LvK5j1gSln48=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2487,32 +2507,32 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo=
k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ=
k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k=
k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
k8s.io/apiserver v0.26.2 h1:Pk8lmX4G14hYqJd1poHGC08G03nIHVqdJMR0SD3IH3o=
k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8=
k8s.io/cli-runtime v0.26.3 h1:3ULe0oI28xmgeLMVXIstB+ZL5CTGvWSMVMLeHxitIuc=
k8s.io/cli-runtime v0.26.3/go.mod h1:5YEhXLV4kLt/OSy9yQwtSSNZU2Z7aTEYta1A+Jg4VC4=
k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
k8s.io/cli-runtime v0.27.3 h1:h592I+2eJfXj/4jVYM+tu9Rv8FEc/dyCoD80UJlMW2Y=
k8s.io/cli-runtime v0.27.3/go.mod h1:LzXud3vFFuDFXn2LIrWnscPgUiEj7gQQcYZE2UPn9Kw=
k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s=
k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ=
k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g=
k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E=
k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k=
k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY=
k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
@@ -2523,10 +2543,10 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
k8s.io/kubectl v0.26.3 h1:bZ5SgFyeEXw6XTc1Qji0iNdtqAC76lmeIIQULg2wNXM=
k8s.io/kubectl v0.26.3/go.mod h1:02+gv7Qn4dupzN3fi/9OvqqdW+uG/4Zi56vc4Zmsp1g=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw=
k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4=
k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
@@ -2539,36 +2559,35 @@ modernc.org/ccgo/v3 v3.16.13 h1:Mkgdzl46i5F/CNR/Kj80Ri59hC8TKAhZrYSaqvkwzUw=
modernc.org/ccgo/v3 v3.16.13/go.mod h1:2Quk+5YgpImhPjv2Qsob1DnZ/4som1lJTodubIcoUkY=
modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
modernc.org/libc v1.22.2 h1:4U7v51GyhlWqQmwCHj28Rdq2Yzwk55ovjFrdPjs8Hb0=
modernc.org/libc v1.22.2/go.mod h1:uvQavJ1pZ0hIoC/jfqNoMLURIMhKzINIWypNM17puug=
modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE=
modernc.org/libc v1.22.5/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
modernc.org/memory v1.5.0 h1:N+/8c5rE6EqugZwHii4IFsaJ7MUhoWX07J5tC/iI5Ds=
modernc.org/memory v1.5.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
modernc.org/sqlite v1.20.3 h1:SqGJMMxjj1PHusLxdYxeQSodg7Jxn9WWkaAQjKrntZs=
modernc.org/sqlite v1.20.3/go.mod h1:zKcGyrICaxNTMEHSr1HQ2GUraP0j+845GYw37+EyT6A=
modernc.org/sqlite v1.23.1 h1:nrSBg4aRQQwq59JpvGEQ15tNxoO5pX/kUjcRNwSAGQM=
modernc.org/sqlite v1.23.1/go.mod h1:OrDj17Mggn6MhE+iPbBNf7RGKODDE9NFT0f3EwDzJqk=
modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
modernc.org/tcl v1.15.0 h1:oY+JeD11qVVSgVvodMJsu7Edf8tr5E/7tuhF5cNYz34=
modernc.org/tcl v1.15.2 h1:C4ybAYCGJw968e+Me18oW55kD/FexcHbqH2xak1ROSY=
modernc.org/token v1.0.1 h1:A3qvTqOwexpfZZeyI0FeGPDlSWX5pjZu9hF4lU+EKWg=
modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
modernc.org/z v1.7.0 h1:xkDw/KepgEjeizO2sNco+hqYkU12taxQFqPEmgm1GWE=
oras.land/oras-go v1.1.1 h1:gI00ftziRivKXaw1BdMeEoIA4uBgga33iVlOsEwefFs=
oras.land/oras-go v1.1.1/go.mod h1:n2TE1ummt9MUyprGhT+Q7kGZUF4kVUpYysPFxeV2IpQ=
modernc.org/z v1.7.3 h1:zDJf6iHjrnB+WRD88stbXokugjyc0/pB91ri1gO6LZY=
oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=
sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA=
sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw=
sigs.k8s.io/kustomize/kyaml v0.14.1 h1:c8iibius7l24G2wVAGZn/Va2wNys03GXLjYVIcFVxKA=
sigs.k8s.io/kustomize/kyaml v0.14.1/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=

86
goreleaser.yml
View File

@@ -1,6 +1,38 @@
project_name: trivy
builds:
-
- id: build-linux
main: cmd/trivy/main.go
binary: trivy
ldflags:
- -s -w
- "-extldflags '-static'"
- -X main.version={{.Version}}
env:
- CGO_ENABLED=0
goos:
- linux
goarch:
- amd64
- arm64
- s390x
- ppc64le
goarm:
- 7
- id: build-bsd
main: cmd/trivy/main.go
binary: trivy
ldflags:
- -s -w
- "-extldflags '-static'"
- -X main.version={{.Version}}
env:
- CGO_ENABLED=0
goos:
- freebsd
goarch:
# modernc.org/sqlite doesn't support freebsd/arm64, etc.
- amd64
- id: build-macos
main: cmd/trivy/main.go
binary: trivy
ldflags:
@@ -11,36 +43,26 @@ builds:
- CGO_ENABLED=0
goos:
- darwin
- linux
- freebsd
goarch:
- amd64
- arm64
goarm:
- 7
- id: build-windows
main: cmd/trivy/main.go
binary: trivy
ldflags:
- -s -w
- "-extldflags '-static'"
- -X main.version={{.Version}}
env:
- CGO_ENABLED=0
goos:
- windows
goarch:
- amd64
- 386
- arm
- arm64
- s390x
- ppc64le
goarm:
- 7
ignore:
- goos: darwin
goarch: 386
# modernc.org/sqlite doesn't support the following pairs
- goos: freebsd
goarch: arm
- goos: freebsd
goarch: arm64
- goos: windows
goarch: 386
- goos: windows
goarch: arm
- goos: windows
goarch: arm64
- goos: windows
goarch: s390x
- goos: windows
goarch: ppc64le
release:
extra_files:
@@ -66,7 +88,6 @@ nfpms:
{{- else if eq .Os "dragonfly" }}DragonFlyBSD
{{- else}}{{- title .Os }}{{ end }}-
{{- if eq .Arch "amd64" }}64bit
{{- else if eq .Arch "386" }}32bit
{{- else if eq .Arch "arm" }}ARM
{{- else if eq .Arch "arm64" }}ARM64
{{- else if eq .Arch "ppc64le" }}PPC64LE
@@ -79,7 +100,7 @@ nfpms:
key_file: '{{ .Env.GPG_FILE }}'
archives:
-
- id: archive
format: tar.gz
name_template: >-
{{ .ProjectName }}_{{ .Version }}_
@@ -91,7 +112,6 @@ archives:
{{- else if eq .Os "dragonfly" }}DragonFlyBSD
{{- else}}{{- .Os }}{{ end }}-
{{- if eq .Arch "amd64" }}64bit
{{- else if eq .Arch "386" }}32bit
{{- else if eq .Arch "arm" }}ARM
{{- else if eq .Arch "arm64" }}ARM64
{{- else if eq .Arch "ppc64le" }}PPC64LE
@@ -127,7 +147,7 @@ dockers:
goos: linux
goarch: amd64
ids:
- trivy
- build-linux
build_flag_templates:
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
@@ -152,7 +172,7 @@ dockers:
goos: linux
goarch: arm64
ids:
- trivy
- build-linux
build_flag_templates:
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
@@ -177,7 +197,7 @@ dockers:
goos: linux
goarch: s390x
ids:
- trivy
- build-linux
build_flag_templates:
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
@@ -202,7 +222,7 @@ dockers:
goos: linux
goarch: ppc64le
ids:
- trivy
- build-linux
build_flag_templates:
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"

1
helm/trivy/README.md
View File

@@ -81,6 +81,7 @@ The following table lists the configurable parameters of the Trivy chart and the
| `service.name` | If specified, the name used for the Trivy service | |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Kubernetes service port | `4954` |
| `service.sessionAffinity` | Kubernetes service session affinity | `ClientIP` |
| `httpProxy` | The URL of the HTTP proxy server | |
| `httpsProxy` | The URL of the HTTPS proxy server | |
| `noProxy` | The URLs that the proxy settings do not apply to | |

3
helm/trivy/templates/service.yaml
View File

@@ -14,4 +14,5 @@ spec:
protocol: TCP
port: {{ .Values.service.port | default 4954 }}
targetPort: {{ .Values.service.port | default 4954 }}
sessionAffinity: ClientIP
sessionAffinity: {{ .Values.service.sessionAffinity | default "ClientIP" }}

2
helm/trivy/values.yaml
View File

@@ -136,6 +136,8 @@ service:
type: ClusterIP
# port Kubernetes service port
port: 4954
# sessionAffinity Kubernetes service session affinity
sessionAffinity: ClientIP
ingress:
enabled: false

24
integration/client_server_test.go
View File

@@ -236,21 +236,21 @@ func TestClientServer(t *testing.T) {
golden: "testdata/busybox-with-lockfile.json.golden",
},
{
name: "scan pox.xml with fs command in client/server mode",
name: "scan pox.xml with repo command in client/server mode",
args: csArgs{
Command: "fs",
Command: "repo",
RemoteAddrOption: "--server",
Target: "testdata/fixtures/fs/pom/",
Target: "testdata/fixtures/repo/pom/",
},
golden: "testdata/pom.json.golden",
},
{
name: "scan sample.pem with fs command in client/server mode",
name: "scan sample.pem with repo command in client/server mode",
args: csArgs{
Command: "fs",
Command: "repo",
RemoteAddrOption: "--server",
secretConfig: "testdata/fixtures/fs/secrets/trivy-secret.yaml",
Target: "testdata/fixtures/fs/secrets/",
secretConfig: "testdata/fixtures/repo/secrets/trivy-secret.yaml",
Target: "testdata/fixtures/repo/secrets/",
},
golden: "testdata/secrets.json.golden",
},
@@ -279,7 +279,7 @@ func TestClientServer(t *testing.T) {
err := execute(osArgs)
require.NoError(t, err)
compareReports(t, c.golden, outputFile)
compareReports(t, c.golden, outputFile, nil)
})
}
}
@@ -328,11 +328,11 @@ func TestClientServerWithFormat(t *testing.T) {
{
name: "scan secrets with ASFF template",
args: csArgs{
Command: "fs",
Command: "repo",
RemoteAddrOption: "--server",
Format: "template",
TemplatePath: "@../contrib/asff.tpl",
Target: "testdata/fixtures/fs/secrets/",
Target: "testdata/fixtures/repo/secrets/",
},
golden: "testdata/secrets.asff.golden",
},
@@ -501,7 +501,7 @@ func TestClientServerWithToken(t *testing.T) {
}
require.NoError(t, err, c.name)
compareReports(t, c.golden, outputFile)
compareReports(t, c.golden, outputFile, nil)
})
}
}
@@ -528,7 +528,7 @@ func TestClientServerWithRedis(t *testing.T) {
err := execute(osArgs)
require.NoError(t, err)
compareReports(t, golden, outputFile)
compareReports(t, golden, outputFile, nil)
})
// Terminate the Redis container

23
integration/docker_engine_test.go
View File

@@ -26,6 +26,7 @@ func TestDockerEngine(t *testing.T) {
imageTag string
invalidImage bool
ignoreUnfixed bool
ignoreStatus []string
severity []string
ignoreIDs []string
input string
@@ -101,6 +102,13 @@ func TestDockerEngine(t *testing.T) {
input: "testdata/fixtures/images/centos-7.tar.gz",
golden: "testdata/centos-7-ignore-unfixed.json.golden",
},
{
name: "centos 7, with --ignore-status option",
imageTag: "ghcr.io/aquasecurity/trivy-test-images:centos-7",
ignoreStatus: []string{"will_not_fix"},
input: "testdata/fixtures/images/centos-7.tar.gz",
golden: "testdata/centos-7-ignore-unfixed.json.golden",
},
{
name: "centos 7, with --ignore-unfixed option, with medium severity",
imageTag: "ghcr.io/aquasecurity/trivy-test-images:centos-7",
@@ -128,6 +136,13 @@ func TestDockerEngine(t *testing.T) {
input: "testdata/fixtures/images/debian-buster.tar.gz",
golden: "testdata/debian-buster-ignore-unfixed.json.golden",
},
{
name: "debian buster/10, with --ignore-status option",
ignoreStatus: []string{"affected"},
imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-buster",
input: "testdata/fixtures/images/debian-buster.tar.gz",
golden: "testdata/debian-buster-ignore-unfixed.json.golden",
},
{
name: "debian stretch/9",
imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-stretch",
@@ -240,6 +255,12 @@ func TestDockerEngine(t *testing.T) {
if tt.ignoreUnfixed {
osArgs = append(osArgs, "--ignore-unfixed")
}
if len(tt.ignoreStatus) != 0 {
osArgs = append(osArgs,
[]string{"--ignore-status", strings.Join(tt.ignoreStatus, ",")}...,
)
}
if len(tt.severity) != 0 {
osArgs = append(osArgs,
[]string{"--severity", strings.Join(tt.severity, ",")}...,
@@ -264,7 +285,7 @@ func TestDockerEngine(t *testing.T) {
assert.NoError(t, err, tt.name)
// check for vulnerability output info
compareReports(t, tt.golden, output)
compareReports(t, tt.golden, output, nil)
// cleanup
_, err = cli.ImageRemove(ctx, tt.input, api.ImageRemoveOptions{

5
integration/integration_test.go
View File

@@ -199,9 +199,12 @@ func execute(osArgs []string) error {
return app.Execute()
}
func compareReports(t *testing.T, wantFile, gotFile string) {
func compareReports(t *testing.T, wantFile, gotFile string, override func(*types.Report)) {
want := readReport(t, wantFile)
got := readReport(t, gotFile)
if override != nil {
override(&want)
}
assert.Equal(t, want, got)
}

128
integration/k8s_test.go
View File

@@ -8,63 +8,105 @@ import (
"path/filepath"
"testing"
cdx "github.com/CycloneDX/cyclonedx-go"
"github.com/aquasecurity/trivy/pkg/k8s/report"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/samber/lo"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/pkg/k8s/report"
"github.com/aquasecurity/trivy/pkg/types"
)
// Note: the test required k8s (kind) cluster installed.
// "mage test:k8s" will run this test.
func TestK8s(t *testing.T) {
// Set up the output file
outputFile := filepath.Join(t.TempDir(), "output.json")
t.Run("misconfig and vulnerability scan", func(t *testing.T) {
// Set up the output file
outputFile := filepath.Join(t.TempDir(), "output.json")
osArgs := []string{
"k8s",
"cluster",
"--report",
"summary",
"-q",
"--timeout",
"5m0s",
"--format",
"json",
"--components",
"workload",
"--context",
"kind-kind-test",
"--output",
outputFile,
}
osArgs := []string{
"k8s",
"cluster",
"--report",
"summary",
"-q",
"--timeout",
"5m0s",
"--format",
"json",
"--components",
"workload",
"--context",
"kind-kind-test",
"--output",
outputFile,
}
// Run Trivy
err := execute(osArgs)
require.NoError(t, err)
// Run Trivy
err := execute(osArgs)
require.NoError(t, err)
var got report.ConsolidatedReport
f, err := os.Open(outputFile)
require.NoError(t, err)
defer f.Close()
var got report.ConsolidatedReport
f, err := os.Open(outputFile)
require.NoError(t, err)
defer f.Close()
err = json.NewDecoder(f).Decode(&got)
require.NoError(t, err)
err = json.NewDecoder(f).Decode(&got)
require.NoError(t, err)
// Flatten findings
results := lo.FlatMap(got.Findings, func(resource report.Resource, _ int) []types.Result {
return resource.Results
// Flatten findings
results := lo.FlatMap(got.Findings, func(resource report.Resource, _ int) []types.Result {
return resource.Results
})
// Has vulnerabilities
assert.True(t, lo.SomeBy(results, func(r types.Result) bool {
return len(r.Vulnerabilities) > 0
}))
// Has misconfigurations
assert.True(t, lo.SomeBy(results, func(r types.Result) bool {
return len(r.Misconfigurations) > 0
}))
})
t.Run("kbom cycloneDx", func(t *testing.T) {
// Set up the output file
outputFile := filepath.Join(t.TempDir(), "output.json")
osArgs := []string{
"k8s",
"cluster",
"--format",
"cyclonedx",
"-q",
"--context",
"kind-kind-test",
"--output",
outputFile,
}
// Has vulnerabilities
assert.True(t, lo.SomeBy(results, func(r types.Result) bool {
return len(r.Vulnerabilities) > 0
}))
// Run Trivy
err := execute(osArgs)
require.NoError(t, err)
// Has misconfigurations
assert.True(t, lo.SomeBy(results, func(r types.Result) bool {
return len(r.Misconfigurations) > 0
}))
}
var got *cdx.BOM
f, err := os.Open(outputFile)
require.NoError(t, err)
defer f.Close()
err = json.NewDecoder(f).Decode(&got)
require.NoError(t, err)
assert.Equal(t, got.Metadata.Component.Name, "kind-kind-test")
assert.Equal(t, got.Metadata.Component.Type, cdx.ComponentType("platform"))
// Has components
assert.True(t, len(*got.Components) > 0)
// Has dependecies
assert.True(t, lo.SomeBy(*got.Dependencies, func(r cdx.Dependency) bool {
return len(*r.Dependencies) > 0
}))
})
}

3
integration/module_test.go
View File

@@ -1,4 +1,5 @@
//go:build module_integration
package integration
import (
@@ -70,7 +71,7 @@ func TestModule(t *testing.T) {
}()
// Compare want and got
compareReports(t, tt.golden, outputFile)
compareReports(t, tt.golden, outputFile, nil)
})
}
}

143
integration/fs_test.go → integration/repo_test.go
View File

@@ -1,5 +1,4 @@
//go:build integration
// +build integration
package integration
@@ -12,13 +11,14 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
)
func TestFilesystem(t *testing.T) {
// TestRepository tests `trivy repo` with the local code repositories
func TestRepository(t *testing.T) {
type args struct {
scanner types.Scanner
severity []string
ignoreIDs []string
policyPaths []string
namespaces []string
@@ -32,17 +32,19 @@ func TestFilesystem(t *testing.T) {
skipDirs []string
command string
format string
includeDevDeps bool
}
tests := []struct {
name string
args args
golden string
name string
args args
golden string
override func(*types.Report)
}{
{
name: "gomod",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/gomod",
input: "testdata/fixtures/repo/gomod",
},
golden: "testdata/gomod.json.golden",
},
@@ -50,8 +52,8 @@ func TestFilesystem(t *testing.T) {
name: "gomod with skip files",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/gomod",
skipFiles: []string{"testdata/fixtures/fs/gomod/submod2/go.mod"},
input: "testdata/fixtures/repo/gomod",
skipFiles: []string{"testdata/fixtures/repo/gomod/submod2/go.mod"},
},
golden: "testdata/gomod-skip.json.golden",
},
@@ -59,8 +61,8 @@ func TestFilesystem(t *testing.T) {
name: "gomod with skip dirs",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/gomod",
skipDirs: []string{"testdata/fixtures/fs/gomod/submod2"},
input: "testdata/fixtures/repo/gomod",
skipDirs: []string{"testdata/fixtures/repo/gomod/submod2"},
},
golden: "testdata/gomod-skip.json.golden",
},
@@ -68,16 +70,26 @@ func TestFilesystem(t *testing.T) {
name: "npm",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/npm",
input: "testdata/fixtures/repo/npm",
listAllPkgs: true,
},
golden: "testdata/npm.json.golden",
},
{
name: "npm with dev deps",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm",
listAllPkgs: true,
includeDevDeps: true,
},
golden: "testdata/npm-with-dev.json.golden",
},
{
name: "yarn",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/yarn",
input: "testdata/fixtures/repo/yarn",
listAllPkgs: true,
},
golden: "testdata/yarn.json.golden",
@@ -86,7 +98,7 @@ func TestFilesystem(t *testing.T) {
name: "pnpm",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/pnpm",
input: "testdata/fixtures/repo/pnpm",
},
golden: "testdata/pnpm.json.golden",
},
@@ -95,7 +107,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/pip",
input: "testdata/fixtures/repo/pip",
},
golden: "testdata/pip.json.golden",
},
@@ -104,7 +116,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/pipenv",
input: "testdata/fixtures/repo/pipenv",
},
golden: "testdata/pipenv.json.golden",
},
@@ -113,7 +125,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/poetry",
input: "testdata/fixtures/repo/poetry",
},
golden: "testdata/poetry.json.golden",
},
@@ -121,7 +133,7 @@ func TestFilesystem(t *testing.T) {
name: "pom",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/pom",
input: "testdata/fixtures/repo/pom",
},
golden: "testdata/pom.json.golden",
},
@@ -129,7 +141,7 @@ func TestFilesystem(t *testing.T) {
name: "gradle",
args: args{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/fs/gradle",
input: "testdata/fixtures/repo/gradle",
},
golden: "testdata/gradle.json.golden",
},
@@ -138,7 +150,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/conan",
input: "testdata/fixtures/repo/conan",
},
golden: "testdata/conan.json.golden",
},
@@ -147,7 +159,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/nuget",
input: "testdata/fixtures/repo/nuget",
},
golden: "testdata/nuget.json.golden",
},
@@ -156,7 +168,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/dotnet",
input: "testdata/fixtures/repo/dotnet",
},
golden: "testdata/dotnet.json.golden",
},
@@ -165,7 +177,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/cocoapods",
input: "testdata/fixtures/repo/cocoapods",
},
golden: "testdata/cocoapods.json.golden",
},
@@ -174,7 +186,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/pubspec",
input: "testdata/fixtures/repo/pubspec",
},
golden: "testdata/pubspec.lock.json.golden",
},
@@ -183,7 +195,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/mixlock",
input: "testdata/fixtures/repo/mixlock",
},
golden: "testdata/mix.lock.json.golden",
},
@@ -192,7 +204,7 @@ func TestFilesystem(t *testing.T) {
args: args{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/fs/composer",
input: "testdata/fixtures/repo/composer",
},
golden: "testdata/composer.lock.json.golden",
},
@@ -200,7 +212,7 @@ func TestFilesystem(t *testing.T) {
name: "dockerfile",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/dockerfile",
input: "testdata/fixtures/repo/dockerfile",
namespaces: []string{"testing"},
},
golden: "testdata/dockerfile.json.golden",
@@ -209,7 +221,7 @@ func TestFilesystem(t *testing.T) {
name: "dockerfile with custom file pattern",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/dockerfile_file_pattern",
input: "testdata/fixtures/repo/dockerfile_file_pattern",
namespaces: []string{"testing"},
filePatterns: []string{"dockerfile:Customfile"},
},
@@ -219,8 +231,8 @@ func TestFilesystem(t *testing.T) {
name: "dockerfile with rule exception",
args: args{
scanner: types.MisconfigScanner,
policyPaths: []string{"testdata/fixtures/fs/rule-exception/policy"},
input: "testdata/fixtures/fs/rule-exception",
policyPaths: []string{"testdata/fixtures/repo/rule-exception/policy"},
input: "testdata/fixtures/repo/rule-exception",
},
golden: "testdata/dockerfile-rule-exception.json.golden",
},
@@ -228,8 +240,8 @@ func TestFilesystem(t *testing.T) {
name: "dockerfile with namespace exception",
args: args{
scanner: types.MisconfigScanner,
policyPaths: []string{"testdata/fixtures/fs/namespace-exception/policy"},
input: "testdata/fixtures/fs/namespace-exception",
policyPaths: []string{"testdata/fixtures/repo/namespace-exception/policy"},
input: "testdata/fixtures/repo/namespace-exception",
},
golden: "testdata/dockerfile-namespace-exception.json.golden",
},
@@ -237,9 +249,9 @@ func TestFilesystem(t *testing.T) {
name: "dockerfile with custom policies",
args: args{
scanner: types.MisconfigScanner,
policyPaths: []string{"testdata/fixtures/fs/custom-policy/policy"},
policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"},
namespaces: []string{"user"},
input: "testdata/fixtures/fs/custom-policy",
input: "testdata/fixtures/repo/custom-policy",
},
golden: "testdata/dockerfile-custom-policies.json.golden",
},
@@ -247,7 +259,7 @@ func TestFilesystem(t *testing.T) {
name: "tarball helm chart scanning with builtin policies",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/helm",
input: "testdata/fixtures/repo/helm",
},
golden: "testdata/helm.json.golden",
},
@@ -255,7 +267,7 @@ func TestFilesystem(t *testing.T) {
name: "helm chart directory scanning with builtin policies",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/helm_testchart",
input: "testdata/fixtures/repo/helm_testchart",
},
golden: "testdata/helm_testchart.json.golden",
},
@@ -263,7 +275,7 @@ func TestFilesystem(t *testing.T) {
name: "helm chart directory scanning with value overrides using set",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/helm_testchart",
input: "testdata/fixtures/repo/helm_testchart",
helmSet: []string{"securityContext.runAsUser=0"},
},
golden: "testdata/helm_testchart.overridden.json.golden",
@@ -272,8 +284,8 @@ func TestFilesystem(t *testing.T) {
name: "helm chart directory scanning with value overrides using value file",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/helm_testchart",
helmValuesFile: []string{"testdata/fixtures/fs/helm_values/values.yaml"},
input: "testdata/fixtures/repo/helm_testchart",
helmValuesFile: []string{"testdata/fixtures/repo/helm_values/values.yaml"},
},
golden: "testdata/helm_testchart.overridden.json.golden",
},
@@ -281,7 +293,7 @@ func TestFilesystem(t *testing.T) {
name: "helm chart directory scanning with builtin policies and non string Chart name",
args: args{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/fs/helm_badname",
input: "testdata/fixtures/repo/helm_badname",
},
golden: "testdata/helm_badname.json.golden",
},
@@ -289,8 +301,8 @@ func TestFilesystem(t *testing.T) {
name: "secrets",
args: args{
scanner: "vuln,secret",
input: "testdata/fixtures/fs/secrets",
secretConfig: "testdata/fixtures/fs/secrets/trivy-secret.yaml",
input: "testdata/fixtures/repo/secrets",
secretConfig: "testdata/fixtures/repo/secrets/trivy-secret.yaml",
},
golden: "testdata/secrets.json.golden",
},
@@ -299,7 +311,7 @@ func TestFilesystem(t *testing.T) {
args: args{
command: "rootfs",
format: "cyclonedx",
input: "testdata/fixtures/fs/conda",
input: "testdata/fixtures/repo/conda",
},
golden: "testdata/conda-cyclonedx.json.golden",
},
@@ -308,10 +320,37 @@ func TestFilesystem(t *testing.T) {
args: args{
command: "rootfs",
format: "spdx-json",
input: "testdata/fixtures/fs/conda",
input: "testdata/fixtures/repo/conda",
},
golden: "testdata/conda-spdx.json.golden",
},
{
name: "gomod with fs subcommand",
args: args{
command: "fs",
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
skipFiles: []string{"testdata/fixtures/repo/gomod/submod2/go.mod"},
},
golden: "testdata/gomod-skip.json.golden",
override: func(report *types.Report) {
report.ArtifactType = ftypes.ArtifactFilesystem
},
},
{
name: "dockerfile with fs subcommand",
args: args{
command: "fs",
scanner: types.MisconfigScanner,
policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"},
namespaces: []string{"user"},
input: "testdata/fixtures/repo/custom-policy",
},
golden: "testdata/dockerfile-custom-policies.json.golden",
override: func(report *types.Report) {
report.ArtifactType = ftypes.ArtifactFilesystem
},
},
}
// Set up testing DB
@@ -323,7 +362,7 @@ func TestFilesystem(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
command := "fs"
command := "repo"
if tt.args.command != "" {
command = tt.args.command
}
@@ -361,10 +400,6 @@ func TestFilesystem(t *testing.T) {
}
}
if len(tt.args.severity) != 0 {
osArgs = append(osArgs, "--severity", strings.Join(tt.args.severity, ","))
}
if len(tt.args.ignoreIDs) != 0 {
trivyIgnore := ".trivyignore"
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.ignoreIDs, "\n")), 0444)
@@ -404,7 +439,7 @@ func TestFilesystem(t *testing.T) {
// Setup the output file
outputFile := filepath.Join(t.TempDir(), "output.json")
if *update {
if *update && tt.override == nil {
outputFile = tt.golden
}
@@ -412,6 +447,10 @@ func TestFilesystem(t *testing.T) {
osArgs = append(osArgs, "--list-all-pkgs")
}
if tt.args.includeDevDeps {
osArgs = append(osArgs, "--include-dev-deps")
}
if tt.args.secretConfig != "" {
osArgs = append(osArgs, "--secret-config", tt.args.secretConfig)
}
@@ -419,7 +458,7 @@ func TestFilesystem(t *testing.T) {
osArgs = append(osArgs, "--output", outputFile)
osArgs = append(osArgs, tt.args.input)
// Run "trivy fs"
// Run "trivy repo"
err := execute(osArgs)
require.NoError(t, err)
@@ -430,7 +469,7 @@ func TestFilesystem(t *testing.T) {
case "spdx-json":
compareSpdxJson(t, tt.golden, outputFile)
case "json":
compareReports(t, tt.golden, outputFile)
compareReports(t, tt.golden, outputFile, tt.override)
default:
require.Fail(t, "invalid format", "format: %s", format)
}

6
integration/standalone_tar_test.go
View File

@@ -418,7 +418,7 @@ func TestTar(t *testing.T) {
require.NoError(t, err)
// Compare want and got
compareReports(t, tt.golden, outputFile)
compareReports(t, tt.golden, outputFile, nil)
})
}
}
@@ -513,7 +513,7 @@ func TestTarWithEnv(t *testing.T) {
require.NoError(t, err)
// Compare want and got
compareReports(t, tt.golden, outputFile)
compareReports(t, tt.golden, outputFile, nil)
})
}
}
@@ -588,7 +588,7 @@ cache:
require.NoError(t, err)
// Compare want and got
compareReports(t, tt.golden, outputFile)
compareReports(t, tt.golden, outputFile, nil)
})
}
}

1
integration/testdata/almalinux-8.json.golden vendored
View File

@@ -57,6 +57,7 @@
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.1.1k-4.el8",
"FixedVersion": "1:1.1.1k-5.el8_5",
"Status": "fixed",
"Layer": {
"Digest": "sha256:a1f18d9dc5496c63197eb9a4f1d4bf5cc88c6a34f64f0fe11ea233070392ce48",
"DiffID": "sha256:124d41c237c5e823577dda97e87cebaecce62d585c725d07e709ce410681de4d"

4
integration/testdata/alpine-310-registry.json.golden vendored
View File

@@ -65,6 +65,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
@@ -125,6 +126,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
@@ -195,6 +197,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
@@ -255,6 +258,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"

4
integration/testdata/alpine-310.json.golden vendored
View File

@@ -59,6 +59,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
@@ -119,6 +120,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
@@ -189,6 +191,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
@@ -249,6 +252,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"

2
integration/testdata/alpine-39-high-critical.json.golden vendored
View File

@@ -59,6 +59,7 @@
"PkgName": "musl",
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -97,6 +98,7 @@
"PkgName": "musl-utils",
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"

2
integration/testdata/alpine-39-ignore-cveids.json.golden vendored
View File

@@ -59,6 +59,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -129,6 +130,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"

6
integration/testdata/alpine-39.json.golden vendored
View File

@@ -59,6 +59,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -119,6 +120,7 @@
"PkgName": "libcrypto1.1",
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -189,6 +191,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -249,6 +252,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -319,6 +323,7 @@
"PkgName": "musl",
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"
@@ -357,6 +362,7 @@
"PkgName": "musl-utils",
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10",
"DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81"

1
integration/testdata/alpine-distroless.json.golden vendored
View File

@@ -54,6 +54,7 @@
"PkgName": "git",
"InstalledVersion": "2.35.1-r2",
"FixedVersion": "2.35.2-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:6c6f69aa25501b090c54c62a9c17e978064c2f1328f67a7ef88c81ce5f2d7983",
"DiffID": "sha256:89da7cc836da4b53ab1ceb572576458c005e7e444b8bb79abda196668a2f0c92"

1
integration/testdata/amazon-1.json.golden vendored
View File

@@ -58,6 +58,7 @@
"PkgName": "curl",
"InstalledVersion": "7.61.1-11.91.amzn1",
"FixedVersion": "7.61.1-12.93.amzn1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:105ff6bf468b1422ad7c47ea9d63eae82f875c93310cb8d34551951e754ef43b",
"DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf"

2
integration/testdata/amazon-2.json.golden vendored
View File

@@ -58,6 +58,7 @@
"PkgName": "curl",
"InstalledVersion": "7.61.1-9.amzn2.0.1",
"FixedVersion": "7.61.1-12.amzn2.0.1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:72d97abdfae3b3c933ff41e39779cc72853d7bd9dc1e4800c5294d6715257799",
"DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6"
@@ -116,6 +117,7 @@
"PkgName": "curl",
"InstalledVersion": "7.61.1-9.amzn2.0.1",
"FixedVersion": "7.61.1-11.amzn2.0.2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:72d97abdfae3b3c933ff41e39779cc72853d7bd9dc1e4800c5294d6715257799",
"DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6"

36
integration/testdata/amazonlinux2-gp2-x86-vm.json.golden vendored
View File

@@ -25,40 +25,42 @@
"Type": "amazon",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2022-21233",
"PkgID": "microcode_ctl@2.1-47.amzn2.0.12.x86_64",
"PkgName": "microcode_ctl",
"InstalledVersion": "2:2.1-47.amzn2.0.12",
"FixedVersion": "2:2.1-47.amzn2.0.13",
"VulnerabilityID": "CVE-2022-38177",
"PkgID": "bind-export-libs@9.11.4-26.P2.amzn2.5.2.x86_64",
"PkgName": "bind-export-libs",
"InstalledVersion": "32:9.11.4-26.P2.amzn2.5.2",
"FixedVersion": "99:9.11.4-26.P2.amzn2.13",
"Status": "fixed",
"Layer": {},
"SeveritySource": "nvd",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-21233",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-38177",
"DataSource": {
"ID": "amazon",
"Name": "Amazon Linux Security Center",
"URL": "https://alas.aws.amazon.com/"
},
"Title": "hw: cpu: Intel: Stale Data Read from legacy xAPIC vulnerability",
"Description": "Improper isolation of shared resources in some Intel(R) Processors may allow",
"Title": "bind: memory leak in ECDSA DNSSEC verification code",
"Description": "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"Severity": "MEDIUM",
"CVSS": {
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.5
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"V3Score": 6
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2022-21233",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21233",
"https://security.netapp.com/advisory/ntap-20220923-0002/",
"https://ubuntu.com/security/notices/USN-5612-1"
"http://www.openwall.com/lists/oss-security/2022/09/21/3",
"https://access.redhat.com/errata/RHSA-2022:6763",
"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38177.json",
"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json",
"https://access.redhat.com/security/cve/CVE-2022-38177"
],
"PublishedDate": "2022-08-18T20:15:00Z",
"LastModifiedDate": "2022-09-23T15:15:00Z"
"PublishedDate": "2022-09-21T11:15:00Z",
"LastModifiedDate": "2022-09-21T11:15:00Z"
}
]
}

2
integration/testdata/busybox-with-lockfile.json.golden vendored
View File

@@ -58,6 +58,7 @@
"PkgName": "ammonia",
"InstalledVersion": "1.9.0",
"FixedVersion": "\u003e= 2.1.0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee",
"DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"
@@ -96,6 +97,7 @@
"PkgName": "ammonia",
"InstalledVersion": "1.9.0",
"FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee",
"DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f"

2
integration/testdata/centos-6.json.golden vendored
View File

@@ -79,6 +79,7 @@
"PkgID": "glibc@2.12-1.212.el6.x86_64",
"PkgName": "glibc",
"InstalledVersion": "2.12-1.212.el6",
"Status": "end_of_life",
"Layer": {
"Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e",
"DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"
@@ -124,6 +125,7 @@
"PkgName": "openssl",
"InstalledVersion": "1.0.1e-57.el6",
"FixedVersion": "1.0.1e-58.el6_10",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e",
"DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"

2
integration/testdata/centos-7-ignore-unfixed.json.golden vendored
View File

@@ -73,6 +73,7 @@
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
"DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"
@@ -154,6 +155,7 @@
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
"DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"

1
integration/testdata/centos-7-medium.json.golden vendored
View File

@@ -73,6 +73,7 @@
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
"DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"

3
integration/testdata/centos-7.json.golden vendored
View File

@@ -69,6 +69,7 @@
"PkgID": "bash@4.2.46-31.el7.x86_64",
"PkgName": "bash",
"InstalledVersion": "4.2.46-31.el7",
"Status": "will_not_fix",
"Layer": {
"Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
"DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"
@@ -118,6 +119,7 @@
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
"DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"
@@ -199,6 +201,7 @@
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b",
"DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a"

4
integration/testdata/cocoapods.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/cocoapods",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/cocoapods",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",

5
integration/testdata/composer.lock.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/composer",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/composer",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",
@@ -62,6 +62,7 @@
"PkgName": "guzzlehttp/psr7",
"InstalledVersion": "1.8.3",
"FixedVersion": "1.8.4",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24775",

5
integration/testdata/conan.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/conan",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/conan",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",
@@ -87,6 +87,7 @@
"PkgName": "pcre",
"InstalledVersion": "8.43",
"FixedVersion": "8.45",
"Status": "fixed",
"Layer": {},
"Severity": "UNKNOWN"
}

4
integration/testdata/conda-cyclonedx.json.golden vendored
View File

@@ -1,6 +1,6 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"specVersion": "1.5",
"serialNumber": "urn:uuid:e1f49b6f-018f-4bf3-97c8-85cd92a82c7c",
"version": 1,
"metadata": {
@@ -15,7 +15,7 @@
"component": {
"bom-ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51",
"type": "application",
"name": "testdata/fixtures/fs/conda",
"name": "testdata/fixtures/repo/conda",
"properties": [
{
"name": "aquasecurity:trivy:SchemaVersion",

26
integration/testdata/conda-spdx.json.golden vendored
View File

@@ -2,15 +2,15 @@
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "testdata/fixtures/fs/conda",
"documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/fs/conda-8864fdf2-1c56-4e86-bc35-c89a0a4c22b9",
"name": "testdata/fixtures/repo/conda",
"documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/repo/conda-08df146c-0996-4718-8648-b2a45769ab79",
"creationInfo": {
"licenseListVersion": "",
"creators": [
"Organization: aquasecurity",
"Tool: trivy-dev"
],
"created": "2023-05-31T07:16:47Z"
"created": "2023-06-27T05:37:40Z"
},
"packages": [
{
@@ -23,7 +23,7 @@
},
{
"name": "openssl",
"SPDXID": "SPDXRef-Package-b1088cb4090e3a55",
"SPDXID": "SPDXRef-Package-950f99cb9edd281",
"versionInfo": "1.1.1q",
"supplier": "NOASSERTION",
"downloadLocation": "NONE",
@@ -41,7 +41,7 @@
},
{
"name": "pip",
"SPDXID": "SPDXRef-Package-6b677e82217fb5bd",
"SPDXID": "SPDXRef-Package-39020c06af94ca53",
"versionInfo": "22.2.2",
"supplier": "NOASSERTION",
"downloadLocation": "NONE",
@@ -58,8 +58,8 @@
"primaryPackagePurpose": "LIBRARY"
},
{
"name": "testdata/fixtures/fs/conda",
"SPDXID": "SPDXRef-Filesystem-6e0ac6a0fab50ab4",
"name": "testdata/fixtures/repo/conda",
"SPDXID": "SPDXRef-Filesystem-2e2426fd0f2580ef",
"downloadLocation": "NONE",
"copyrightText": "",
"attributionTexts": [
@@ -95,31 +95,31 @@
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relatedSpdxElement": "SPDXRef-Filesystem-6e0ac6a0fab50ab4",
"relatedSpdxElement": "SPDXRef-Filesystem-2e2426fd0f2580ef",
"relationshipType": "DESCRIBES"
},
{
"spdxElementId": "SPDXRef-Filesystem-6e0ac6a0fab50ab4",
"spdxElementId": "SPDXRef-Filesystem-2e2426fd0f2580ef",
"relatedSpdxElement": "SPDXRef-Application-ee5ef1aa4ac89125",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Application-ee5ef1aa4ac89125",
"relatedSpdxElement": "SPDXRef-Package-b1088cb4090e3a55",
"relatedSpdxElement": "SPDXRef-Package-950f99cb9edd281",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package-b1088cb4090e3a55",
"spdxElementId": "SPDXRef-Package-950f99cb9edd281",
"relatedSpdxElement": "SPDXRef-File-600e5e0110a84891",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Application-ee5ef1aa4ac89125",
"relatedSpdxElement": "SPDXRef-Package-6b677e82217fb5bd",
"relatedSpdxElement": "SPDXRef-Package-39020c06af94ca53",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package-6b677e82217fb5bd",
"spdxElementId": "SPDXRef-Package-39020c06af94ca53",
"relatedSpdxElement": "SPDXRef-File-7eb62e2a3edddc0a",
"relationshipType": "CONTAINS"
}

1
integration/testdata/debian-buster-ignore-unfixed.json.golden vendored
View File

@@ -61,6 +61,7 @@
"PkgName": "libidn2-0",
"InstalledVersion": "2.0.5-1",
"FixedVersion": "2.0.5-1+deb10u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:4a56a430b2bac33260d6449e162017e2b23076c6411a17b46db67f5b84dde2bd",
"DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d"

2
integration/testdata/debian-buster.json.golden vendored
View File

@@ -57,6 +57,7 @@
"PkgID": "bash@5.0-4",
"PkgName": "bash",
"InstalledVersion": "5.0-4",
"Status": "affected",
"Layer": {
"Digest": "sha256:4a56a430b2bac33260d6449e162017e2b23076c6411a17b46db67f5b84dde2bd",
"DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d"
@@ -111,6 +112,7 @@
"PkgName": "libidn2-0",
"InstalledVersion": "2.0.5-1",
"FixedVersion": "2.0.5-1+deb10u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:4a56a430b2bac33260d6449e162017e2b23076c6411a17b46db67f5b84dde2bd",
"DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d"

5
integration/testdata/debian-stretch.json.golden vendored
View File

@@ -58,6 +58,7 @@
"PkgID": "bash@4.4-5",
"PkgName": "bash",
"InstalledVersion": "4.4-5",
"Status": "end_of_life",
"Layer": {
"Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e",
"DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307"
@@ -112,6 +113,7 @@
"PkgName": "e2fslibs",
"InstalledVersion": "1.43.4-2",
"FixedVersion": "1.43.4-2+deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e",
"DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307"
@@ -172,6 +174,7 @@
"PkgName": "e2fsprogs",
"InstalledVersion": "1.43.4-2",
"FixedVersion": "1.43.4-2+deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e",
"DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307"
@@ -232,6 +235,7 @@
"PkgName": "libcomerr2",
"InstalledVersion": "1.43.4-2",
"FixedVersion": "1.43.4-2+deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e",
"DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307"
@@ -292,6 +296,7 @@
"PkgName": "libss2",
"InstalledVersion": "1.43.4-2",
"FixedVersion": "1.43.4-2+deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e",
"DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307"

4
integration/testdata/distroless-base.json.golden vendored
View File

@@ -56,6 +56,7 @@
"PkgID": "libssl1.1@1.1.0k-1~deb9u1",
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.0k-1~deb9u1",
"Status": "affected",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
@@ -129,6 +130,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.0k-1~deb9u1",
"FixedVersion": "1.1.0l-1~deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
@@ -206,6 +208,7 @@
"PkgID": "openssl@1.1.0k-1~deb9u1",
"PkgName": "openssl",
"InstalledVersion": "1.1.0k-1~deb9u1",
"Status": "affected",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
@@ -279,6 +282,7 @@
"PkgName": "openssl",
"InstalledVersion": "1.1.0k-1~deb9u1",
"FixedVersion": "1.1.0l-1~deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"

4
integration/testdata/distroless-python27.json.golden vendored
View File

@@ -73,6 +73,7 @@
"PkgID": "libssl1.1@1.1.0k-1~deb9u1",
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.0k-1~deb9u1",
"Status": "affected",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
@@ -146,6 +147,7 @@
"PkgName": "libssl1.1",
"InstalledVersion": "1.1.0k-1~deb9u1",
"FixedVersion": "1.1.0l-1~deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
@@ -223,6 +225,7 @@
"PkgID": "openssl@1.1.0k-1~deb9u1",
"PkgName": "openssl",
"InstalledVersion": "1.1.0k-1~deb9u1",
"Status": "affected",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
@@ -296,6 +299,7 @@
"PkgName": "openssl",
"InstalledVersion": "1.1.0k-1~deb9u1",
"FixedVersion": "1.1.0l-1~deb9u1",
"Status": "fixed",
"Layer": {
"Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db",
"DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"

4
integration/testdata/dockerfile-custom-policies.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/custom-policy",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/custom-policy",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",

4
integration/testdata/dockerfile-namespace-exception.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/namespace-exception",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/namespace-exception",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",

4
integration/testdata/dockerfile-rule-exception.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/rule-exception",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/rule-exception",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",

4
integration/testdata/dockerfile.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/dockerfile",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/dockerfile",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",

4
integration/testdata/dockerfile_file_pattern.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/dockerfile_file_pattern",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/dockerfile_file_pattern",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",

5
integration/testdata/dotnet.json.golden vendored
View File

@@ -1,7 +1,7 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/dotnet",
"ArtifactType": "filesystem",
"ArtifactName": "testdata/fixtures/repo/dotnet",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",
@@ -38,6 +38,7 @@
"PkgName": "Newtonsoft.Json",
"InstalledVersion": "9.0.1",
"FixedVersion": "13.0.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr",

6
integration/testdata/fixtures/db/amazon.yaml vendored
View File

@@ -18,8 +18,8 @@
- key: CVE-2019-5481
value:
FixedVersion: 7.61.1-12.amzn2.0.1
- bucket: microcode_ctl
- bucket: bind-export-libs
pairs:
- key: CVE-2022-21233
- key: CVE-2022-38177
value:
FixedVersion: 2:2.1-47.amzn2.0.13
FixedVersion: 99:9.11.4-26.P2.amzn2.13

15
integration/testdata/fixtures/db/data-source.yaml vendored
View File

@@ -40,6 +40,11 @@
ID: "ghsa"
Name: "GitHub Security Advisory Erlang"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Aerlang"
- key: "go::GitHub Security Advisory Go"
value:
ID: "ghsa"
Name: "GitHub Security Advisory Go"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
- key: Oracle Linux 8
value:
ID: "oracle-oval"
@@ -89,16 +94,6 @@
ID: "debian"
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: go::GitLab Advisory Database Community
value:
ID: "glad"
Name: "GitLab Advisory Database Community"
URL: "https://gitlab.com/gitlab-org/advisories-community"
- key: go::The Go Vulnerability Database
value:
ID: "go-vulndb"
Name: "The Go Vulnerability Database"
URL: "https://github.com/golang/vulndb"
- key: maven::GitLab Advisory Database Community
value:
ID: "glad"

1
integration/testdata/fixtures/db/debian.yaml vendored
View File

@@ -5,6 +5,7 @@
- key: CVE-2019-18276
value:
Severity: 1.0
Status: 7 # changed for test
- bucket: openssl
pairs:
- key: CVE-2019-1551

4
integration/testdata/fixtures/db/go-vulndb.yaml → integration/testdata/fixtures/db/go.yaml vendored
View File

@@ -1,4 +1,4 @@
- bucket: go::The Go Vulnerability Database
- bucket: go::GitHub Security Advisory Go
pairs:
- bucket: golang.org/x/text
pairs:
@@ -8,8 +8,6 @@
- "0.3.7"
VulnerableVersions:
- ">= 0, < 0.3.7"
- bucket: go::GitLab Advisory Database Community
pairs:
- bucket: github.com/docker/distribution
pairs:
- key: GMS-2022-20

Some files were not shown because too many files have changed in this diff Show More