gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-13 00:00:19 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:v0.58.1
Branches Tags
gitea-mirror:main gitea-mirror:gh-pages gitea-mirror:release-please--branches--main gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/docker-fd300ea992 gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1
..
compare: gitea-mirror:v0.43
Branches Tags
gitea-mirror:gh-pages gitea-mirror:release-please--branches--main gitea-mirror:main gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/docker-fd300ea992 gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1

6 Commits
v0.58.1 ... v0.43

Author SHA1 Message Date
knqyf263
15e15fe399 feat: re-add time.Sleep 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-12-07 18:25:59 +04:00
knqyf263
904ada351d refactor: replace if-else with switch 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-12-07 15:38:42 +04:00
knqyf263
d24caa409d fix(walk): call error callback on all errors 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-12-07 15:37:06 +04:00
knqyf263
bfa830061e refactor: remove parallel walk 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-12-07 15:34:52 +04:00
knqyf263
50503b00ef feat: configure parallelism 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-12-05 19:38:56 +04:00
knqyf263
1da7b3a09a feat: configure delay 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2023-12-05 19:16:06 +04:00
2806 changed files with 36510 additions and 251804 deletions
Expand all files Collapse all files

32
.github/CODEOWNERS vendored
View File

@@ -1,22 +1,24 @@
# Global
* @knqyf263
# SBOM/Vulnerability scanning
pkg/dependency/ @knqyf263 @DmitriyLewen
pkg/fanal/ @knqyf263 @DmitriyLewen
pkg/sbom/ @knqyf263 @DmitriyLewen
pkg/scanner/ @knqyf263 @DmitriyLewen
# Misconfiguration scanning
docs/docs/scanner/misconfiguration/ @simar7 @nikpivkin
docs/docs/target/aws.md @simar7 @nikpivkin
pkg/fanal/analyzer/config/ @simar7 @nikpivkin
pkg/cloud/ @simar7 @nikpivkin
pkg/iac/ @simar7 @nikpivkin
# Docs
/docs/** @knqyf263 @AnaisUrlichs @itaysk
/mkdocs.yml @knqyf263 @AnaisUrlichs @itaysk
/README.md @knqyf263 @AnaisUrlichs @itaysk
# Helm chart
helm/trivy/ @afdesk
helm/trivy/ @chen-keinan
# Misconfiguration scanning
examples/misconf/ @knqyf263
docs/docs/misconfiguration @knqyf263
docs/docs/cloud @knqyf263
pkg/fanal/analyzer/config @knqyf263
pkg/fanal/handler/misconf @knqyf263
pkg/cloud @knqyf263
pkg/flag/aws_flags.go @knqyf263
pkg/flag/misconf_flags.go @knqyf263
# Kubernetes scanning
pkg/k8s/ @afdesk
docs/docs/target/kubernetes.md @afdesk
pkg/k8s/ @josedonizetti @chen-keinan @knqyf263
docs/docs/kubernetes/ @josedonizetti @chen-keinan @knqyf263

47
.github/DISCUSSION_TEMPLATE/adopters.yml vendored
View File

@@ -1,47 +0,0 @@
title: "<company name>"
labels: ["adopters"]
body:
- type: textarea
id: info
attributes:
label: "[Optional] How do you use Trivy?"
validations:
required: false
- type: textarea
id: info
attributes:
label: "[Optional] Can you provide us with a quote on your favourite part of Trivy? This may be used on the trivy.dev website, posted on Twitter (@AquaTrivy) or similar marketing material."
validations:
required: false
- type: checkboxes
attributes:
label: "[Optional] Which targets are you scanning with Trivy?"
options:
- label: "Container Image"
- label: "Filesystem"
- label: "Git Repository"
- label: "Virtual Machine Image"
- label: "Kubernetes"
- label: "AWS"
- label: "SBOM"
validations:
required: false
- type: checkboxes
attributes:
label: "[Optional] What kind of issues are scanning with Trivy?"
options:
- label: "Software Bill of Materials (SBOM)"
- label: "Known vulnerabilities (CVEs)"
- label: "IaC issues and misconfigurations"
- label: "Sensitive information and secrets"
- label: "Software licenses"
- type: markdown
attributes:
value: |
## Get in touch
We are always looking for
* User feedback
* Collaboration with other companies and organisations
* Or just to have a chat with you about trivy.
If any of this interests you or your marketing team, please reach out at: oss@aquasec.com
We would love to hear from you!

6
.github/DISCUSSION_TEMPLATE/bugs.yml vendored
View File

@@ -8,8 +8,6 @@ body:
Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
If you see any false positives or false negatives, please file a ticket [here](https://github.com/aquasecurity/trivy/discussions/new?category=false-detection).
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
- type: textarea
attributes:
@@ -116,9 +114,9 @@ body:
label: Checklist
description: Have you tried the following?
options:
- label: Run `trivy clean --all`
- label: Run `trivy image --reset`
- label: Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters).
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=show-and-tell).

4
.github/DISCUSSION_TEMPLATE/false-detection.yml vendored
View File

@@ -6,8 +6,6 @@ body:
Feel free to raise a bug report if something doesn't work as expected.
Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
- type: input
attributes:
@@ -93,4 +91,4 @@ body:
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters).
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=show-and-tell).

4
.github/DISCUSSION_TEMPLATE/ideas.yml vendored
View File

@@ -7,8 +7,6 @@ body:
Feel free to share your idea.
Please ensure that you're not creating a duplicate ticket by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
- type: textarea
attributes:
@@ -44,4 +42,4 @@ body:
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters).
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=show-and-tell).

4
.github/DISCUSSION_TEMPLATE/q-a.yml vendored
View File

@@ -7,8 +7,6 @@ body:
If you have any troubles/questions, feel free to ask.
Please ensure that you're not asking a duplicate question by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
- type: textarea
attributes:
@@ -81,4 +79,4 @@ body:
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters.
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=show-and-tell).

53
.github/DISCUSSION_TEMPLATE/show-and-tell.yml vendored Normal file
View File

@@ -0,0 +1,53 @@
title: "<company name> "
labels: ["adopters"]
body:
- type: textarea
id: links
attributes:
label: "Share Links"
description: "If you would like to share a link to your project or company, please paste it below 🌐"
value: |
...
validations:
required: false
- type: textarea
id: logo
attributes:
label: "Share Logo"
description: "If you have a link to your logo, please provide it in the following text-box 🌐"
value: |
...
validations:
required: false
- type: checkboxes
attributes:
label: Please select all the scan targets that you are using
options:
- label: Container Images
- label: Filesystem
- label: Git Repository
- label: Virtual Machine Images
- label: Kubernetes
- label: AWS
validations:
required: false
- type: checkboxes
attributes:
label: Which scanners are you using on those scan targets?
options:
- label: OS packages and software dependencies in use (SBOM)
- label: Known vulnerabilities (CVEs)
- label: IaC issues and misconfigurations
- label: Sensitive information and secrets
- label: Software licenses
validations:
required: false
- type: textarea
id: info
attributes:
label: "Additional Information"
description: "Please tell us more about your use case of Trivy -- anything that you would like to share 🎉"
value: |
...
validations:
required: false

3
.github/actions/trivy-triage/Makefile vendored
View File

@@ -1,3 +0,0 @@
.PHONEY: test
test: helpers.js helpers.test.js
node --test helpers.test.js

29
.github/actions/trivy-triage/action.yaml vendored
View File

@@ -1,29 +0,0 @@
name: 'trivy-discussion-triage'
description: 'automatic triage of Trivy discussions'
inputs:
discussion_num:
description: 'Discussion number to triage'
required: false
runs:
using: "composite"
steps:
- name: Conditionally label discussions based on category and content
env:
GH_TOKEN: ${{ github.token }}
uses: actions/github-script@v6
with:
script: |
const {detectDiscussionLabels, fetchDiscussion, labelDiscussion } = require('${{ github.action_path }}/helpers.js');
const config = require('${{ github.action_path }}/config.json');
discussionNum = parseInt(${{ inputs.discussion_num }});
let discussion;
if (discussionNum > 0) {
discussion = (await fetchDiscussion(github, context.repo.owner, context.repo.repo, discussionNum)).repository.discussion;
} else {
discussion = context.payload.discussion;
}
const labels = detectDiscussionLabels(discussion, config.discussionLabels);
if (labels.length > 0) {
console.log(`Adding labels ${labels} to discussion ${discussion.node_id}`);
labelDiscussion(github, discussion.node_id, labels);
}

14
.github/actions/trivy-triage/config.json vendored
View File

@@ -1,14 +0,0 @@
{
"discussionLabels": {
"Container Image":"LA_kwDOCsUTCM75TTQU",
"Filesystem":"LA_kwDOCsUTCM75TTQX",
"Git Repository":"LA_kwDOCsUTCM75TTQk",
"Virtual Machine Image":"LA_kwDOCsUTCM8AAAABMpz1bw",
"Kubernetes":"LA_kwDOCsUTCM75TTQv",
"AWS":"LA_kwDOCsUTCM8AAAABMpz1aA",
"Vulnerability":"LA_kwDOCsUTCM75TTPa",
"Misconfiguration":"LA_kwDOCsUTCM75TTP8",
"License":"LA_kwDOCsUTCM77ztRR",
"Secret":"LA_kwDOCsUTCM75TTQL"
}
}

70
.github/actions/trivy-triage/helpers.js vendored
View File

@@ -1,70 +0,0 @@
module.exports = {
detectDiscussionLabels: (discussion, configDiscussionLabels) => {
res = [];
const discussionId = discussion.id;
const category = discussion.category.name;
const body = discussion.body;
if (category !== "Ideas") {
console.log(`skipping discussion with category ${category} and body ${body}`);
return [];
}
const scannerPattern = /### Scanner\n\n(.+)/;
const scannerFound = body.match(scannerPattern);
if (scannerFound && scannerFound.length > 1) {
res.push(configDiscussionLabels[scannerFound[1]]);
}
const targetPattern = /### Target\n\n(.+)/;
const targetFound = body.match(targetPattern);
if (targetFound && targetFound.length > 1) {
res.push(configDiscussionLabels[targetFound[1]]);
}
return res;
},
fetchDiscussion: async (github, owner, repo, discussionNum) => {
const query = `query Discussion ($owner: String!, $repo: String!, $discussion_num: Int!){
repository(name: $repo, owner: $owner) {
discussion(number: $discussion_num) {
number,
id,
body,
category {
id,
name
},
labels(first: 100) {
edges {
node {
id,
name
}
}
}
}
}
}`;
const vars = {
owner: owner,
repo: repo,
discussion_num: discussionNum
};
return github.graphql(query, vars);
},
labelDiscussion: async (github, discussionId, labelIds) => {
const query = `mutation AddLabels($labelId: ID!, $labelableId:ID!) {
addLabelsToLabelable(
input: {labelIds: [$labelId], labelableId: $labelableId}
) {
clientMutationId
}
}`;
// TODO: add all labels in one call
labelIds.forEach((labelId) => {
const vars = {
labelId: labelId,
labelableId: discussionId
};
github.graphql(query, vars);
});
}
};

87
.github/actions/trivy-triage/helpers.test.js vendored
View File

@@ -1,87 +0,0 @@
const assert = require('node:assert/strict');
const { describe, it } = require('node:test');
const {detectDiscussionLabels} = require('./helpers.js');
const configDiscussionLabels = {
"Container Image":"ContainerImageLabel",
"Filesystem":"FilesystemLabel",
"Vulnerability":"VulnerabilityLabel",
"Misconfiguration":"MisconfigurationLabel",
};
describe('trivy-triage', async function() {
describe('detectDiscussionLabels', async function() {
it('detect scanner label', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('VulnerabilityLabel'));
});
it('detect target label', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
});
it('detect label when it is first', async function() {
const discussion = {
body: '### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
});
it('detect label when it is last', async function() {
const discussion = {
body: '### Scanner\n\nVulnerability\n### Target\n\nContainer Image',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
});
it('detect scanner and target labels', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
assert(labels.includes('VulnerabilityLabel'));
});
it('not detect other labels', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(!labels.includes('FilesystemLabel'));
assert(!labels.includes('MisconfigurationLabel'));
});
it('process only relevant categories', async function() {
const discussion = {
body: 'hello world',
category: {
name: 'Announcements'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.length === 0);
});
});
});

65
.github/actions/trivy-triage/testutils/discussion-payload-sample.json vendored
View File

@@ -1,65 +0,0 @@
{
"active_lock_reason": null,
"answer_chosen_at": null,
"answer_chosen_by": null,
"answer_html_url": null,
"author_association": "OWNER",
"body": "### Description\n\nlfdjs lfkdj dflsakjfd ';djk \r\nfadfd \r\nasdlkf \r\na;df \r\ndfsal;kfd ;akjl\n\n### Target\n\nContainer Image\n\n### Scanner\n\nMisconfiguration",
"category": {
"created_at": "2023-07-02T10:14:46.000+03:00",
"description": "Share ideas for new features",
"emoji": ":bulb:",
"id": 39743708,
"is_answerable": false,
"name": "Ideas",
"node_id": "DIC_kwDOE0GiPM4CXnDc",
"repository_id": 323068476,
"slug": "ideas",
"updated_at": "2023-07-02T10:14:46.000+03:00"
},
"comments": 0,
"created_at": "2023-09-11T08:40:11Z",
"html_url": "https://github.com/itaysk/testactions/discussions/9",
"id": 5614504,
"locked": false,
"node_id": "D_kwDOE0GiPM4AVauo",
"number": 9,
"reactions": {
"+1": 0,
"-1": 0,
"confused": 0,
"eyes": 0,
"heart": 0,
"hooray": 0,
"laugh": 0,
"rocket": 0,
"total_count": 0,
"url": "https://api.github.com/repos/itaysk/testactions/discussions/9/reactions"
},
"repository_url": "https://api.github.com/repos/itaysk/testactions",
"state": "open",
"state_reason": null,
"timeline_url": "https://api.github.com/repos/itaysk/testactions/discussions/9/timeline",
"title": "Title title",
"updated_at": "2023-09-11T08:40:11Z",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/1161307?v=4",
"events_url": "https://api.github.com/users/itaysk/events{/privacy}",
"followers_url": "https://api.github.com/users/itaysk/followers",
"following_url": "https://api.github.com/users/itaysk/following{/other_user}",
"gists_url": "https://api.github.com/users/itaysk/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/itaysk",
"id": 1161307,
"login": "itaysk",
"node_id": "MDQ6VXNlcjExNjEzMDc=",
"organizations_url": "https://api.github.com/users/itaysk/orgs",
"received_events_url": "https://api.github.com/users/itaysk/received_events",
"repos_url": "https://api.github.com/users/itaysk/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/itaysk/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/itaysk/subscriptions",
"type": "User",
"url": "https://api.github.com/users/itaysk"
}
}

29
.github/actions/trivy-triage/testutils/fetchDiscussion.sh vendored
View File

@@ -1,29 +0,0 @@
#! /bin/bash
# fetch discussion by discussion number
# requires authenticated gh cli, assumes repo but current git repository
# args:
# $1: discussion number, e.g 123, required
discussion_num="$1"
gh api graphql -F discussion_num="$discussion_num" -F repo="{repo}" -F owner="{owner}" -f query='
query Discussion ($owner: String!, $repo: String!, $discussion_num: Int!){
repository(name: $repo, owner: $owner) {
discussion(number: $discussion_num) {
number,
id,
body,
category {
id,
name
},
labels(first: 100) {
edges {
node {
id,
name
}
}
}
}
}
}'

16
.github/actions/trivy-triage/testutils/fetchLabels.sh vendored
View File

@@ -1,16 +0,0 @@
#! /bin/bash
# fetch labels and their IDs
# requires authenticated gh cli, assumes repo but current git repository
gh api graphql -F repo="{repo}" -F owner="{owner}" -f query='
query GetLabelIds($owner: String!, $repo: String!) {
repository(name: $repo, owner: $owner) {
id
labels(first: 100) {
nodes {
id
name
}
}
}
}'

16
.github/actions/trivy-triage/testutils/labelDiscussion.sh vendored
View File

@@ -1,16 +0,0 @@
#! /bin/bash
# add a label to a discussion
# requires authenticated gh cli, assumes repo but current git repository
# args:
# $1: discussion ID (not number!), e.g DIC_kwDOE0GiPM4CXnDc, required
# $2: label ID, e.g. MDU6TGFiZWwzNjIzNjY0MjQ=, required
discussion_id="$1"
label_id="$2"
gh api graphql -F labelableId="$discussion_id" -F labelId="$label_id" -F repo="{repo}" -F owner="{owner}" -f query='
mutation AddLabels($labelId: ID!, $labelableId:ID!) {
addLabelsToLabelable(
input: {labelIds: [$labelId], labelableId: $labelableId}
) {
clientMutationId
}
}'

28
.github/dependabot.yml vendored
View File

@@ -4,38 +4,12 @@ updates:
directory: /
schedule:
interval: monthly
groups:
github-actions:
patterns:
- "*"
- package-ecosystem: docker
directory: /
schedule:
interval: monthly
groups:
docker:
patterns:
- "*"
- package-ecosystem: gomod
open-pull-requests-limit: 10
directory: /
schedule:
interval: weekly
ignore:
- dependency-name: "github.com/aquasecurity/trivy-*" ## `trivy-*` dependencies are updated manually
groups:
aws:
patterns:
- "github.com/aws/*"
docker:
patterns:
- "github.com/docker/*"
- "github.com/moby/*"
testcontainers:
patterns:
- "github.com/testcontainers/*"
common:
exclude-patterns:
- "github.com/aquasecurity/trivy-*"
patterns:
- "*"
interval: monthly

46
.github/workflows/auto-close-issue.yaml vendored
View File

@@ -1,46 +0,0 @@
name: Auto-close issues
on:
issues:
types: [opened]
jobs:
close_issue:
runs-on: ubuntu-latest
steps:
- name: Close issue if user does not have write or admin permissions
uses: actions/github-script@v7
with:
script: |
// Get the issue creator's username
const issueCreator = context.payload.issue.user.login;
// Check the user's permissions for the repository
const repoPermissions = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: issueCreator
});
const permission = repoPermissions.data.permission;
// If the user does not have write or admin permissions, leave a comment and close the issue
if (permission !== 'write' && permission !== 'admin') {
const commentBody = "Please see https://aquasecurity.github.io/trivy/latest/community/contribute/issue/";
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.issue.number,
body: commentBody
});
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.issue.number,
state: 'closed',
state_reason: 'not_planned'
});
console.log(`Issue #${context.payload.issue.number} closed because ${issueCreator} does not have sufficient permissions.`);
}

33
.github/workflows/auto-update-labels.yaml vendored
View File

@@ -1,33 +0,0 @@
name: Auto-update labels
on:
push:
paths:
- 'misc/triage/labels.yaml'
branches:
- main
env:
GO_VERSION: '1.22'
jobs:
deploy:
name: Auto-update labels
runs-on: ubuntu-latest
steps:
- name: Checkout main
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
# cf. https://github.com/aquasecurity/trivy/pull/6711
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Install aqua tools
uses: aquaproj/aqua-installer@v3.0.1
with:
aqua_version: v1.25.0
- name: update labels
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: mage label

58
.github/workflows/backport.yaml vendored
View File

@@ -1,58 +0,0 @@
name: Automatic Backporting
on:
issue_comment:
types: [created]
jobs:
check_permission:
name: Check comment author permissions
runs-on: ubuntu-latest
outputs:
is_maintainer: ${{ steps.check_permission.outputs.is_maintainer }}
steps:
- name: Check permission
id: check_permission
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
echo "is_maintainer=true" >> $GITHUB_OUTPUT
else
echo "is_maintainer=false" >> $GITHUB_OUTPUT
fi
backport:
name: Backport PR
needs: check_permission # run this job after checking permissions
if: |
needs.check_permission.outputs.is_maintainer == 'true' &&
github.event.issue.pull_request &&
github.event.issue.pull_request.merged_at != null &&
startsWith(github.event.comment.body, '@aqua-bot backport release/')
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract branch name
run: |
BRANCH_NAME=$(echo ${{ github.event.comment.body }} | grep -oE '@aqua-bot backport\s+(\S+)' | awk '{print $3}')
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
- name: Set up Git user
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
- name: Run backport script
run: ./misc/backport/backport.sh ${{ env.BRANCH_NAME }} ${{ github.event.issue.number }}
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}

4
.github/workflows/bypass-test.yaml vendored
View File

@@ -8,16 +8,12 @@ on:
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json'
- 'helm/trivy/Chart.yaml'
pull_request:
paths:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json'
- 'helm/trivy/Chart.yaml'
jobs:
test:
name: Test

88
.github/workflows/cache-test-images.yaml vendored
View File

@@ -1,88 +0,0 @@
name: Cache test images
on:
schedule:
- cron: "0 0 * * *" # Run this workflow every day at 00:00 to avoid cache deletion.
workflow_dispatch:
jobs:
test-images:
name: Cache test images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
with:
aqua_version: v1.25.0
- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
## We need to work with test image cache only for main branch
- name: Restore and save test images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-
- name: Download test images
if: github.ref_name == 'main'
run: mage test:fixtureContainerImages
test-vm-images:
name: Cache test VM images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
with:
aqua_version: v1.25.0
- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
## We need to work with test VM image cache only for main branch
- name: Restore and save test VM images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-vm-images-
- name: Download test VM images
if: github.ref_name == 'main'
run: mage test:fixtureVMImages

10
.github/workflows/canary.yaml vendored
View File

@@ -25,35 +25,35 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Restore Trivy binaries from cache
uses: actions/cache@v4.0.2
uses: actions/cache@v3.3.1
with:
path: dist/
key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
# Upload artifacts
- name: Upload artifacts (trivy_Linux-64bit)
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
with:
name: trivy_Linux-64bit
path: dist/trivy_*_Linux-64bit.tar.gz
if-no-files-found: error
- name: Upload artifacts (trivy_Linux-ARM64)
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
with:
name: trivy_Linux-ARM64
path: dist/trivy_*_Linux-ARM64.tar.gz
if-no-files-found: error
- name: Upload artifacts (trivy_macOS-64bit)
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
with:
name: trivy_macOS-64bit
path: dist/trivy_*_macOS-64bit.tar.gz
if-no-files-found: error
- name: Upload artifacts (trivy_macOS-ARM64)
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v3
with:
name: trivy_macOS-ARM64
path: dist/trivy_*_macOS-ARM64.tar.gz

7
.github/workflows/mkdocs-dev.yaml vendored
View File

@@ -12,17 +12,16 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout main
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v5
- uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git@9.5.44-insiders-4.53.14
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
pip install -r docs/build/requirements.txt
env:
GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}

7
.github/workflows/mkdocs-latest.yaml vendored
View File

@@ -14,17 +14,16 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout main
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v5
- uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git@9.5.44-insiders-4.53.14
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
pip install -r docs/build/requirements.txt
env:
GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}

58
.github/workflows/publish-chart.yaml vendored
View File

@@ -4,11 +4,6 @@ name: Publish Helm chart
on:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
- reopened
- closed
branches:
- main
paths:
@@ -23,29 +18,26 @@ env:
KIND_VERSION: "v0.14.0"
KIND_IMAGE: "kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae"
jobs:
# `test-chart` job starts if a PR with Helm Chart is created, merged etc.
test-chart:
if: github.event_name != 'push'
runs-on: ubuntu-24.04
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78
with:
version: v3.14.4
version: v3.5.0
- name: Set up python
uses: actions/setup-python@v5
uses: actions/setup-python@v4
with:
python-version: '3.x'
check-latest: true
python-version: 3.7
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76
- name: Setup Kubernetes cluster (KIND)
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde
uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67
with:
version: ${{ env.KIND_VERSION }}
image: ${{ env.KIND_IMAGE }}
@@ -56,42 +48,14 @@ jobs:
sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml
ct lint-and-install --validate-maintainers=false --charts helm/trivy
# `update-chart-version` job starts if a new tag is pushed
update-chart-version:
if: github.event_name == 'push'
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Set up Git user
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
with:
aqua_version: v1.25.0
aqua_opts: ""
- name: Create a PR with Trivy version
run: mage helm:updateVersion
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
# `publish-chart` job starts if a PR with a new Helm Chart is merged or manually
publish-chart:
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
needs:
- test-chart
runs-on: ubuntu-24.04
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
- name: Install chart-releaser

109
.github/workflows/release-please.yaml vendored
View File

@@ -1,109 +0,0 @@
name: Release Please
on:
push:
branches:
- main
- 'release/v*'
workflow_dispatch:
inputs:
version:
required: true
description: 'Release version without the "v" prefix (e.g., 0.51.0)'
type: string
jobs:
release-please:
runs-on: ubuntu-latest
if: ${{ !startsWith(github.event.head_commit.message, 'release:') && !github.event.inputs.version }}
steps:
- name: Release Please
id: release
uses: googleapis/release-please-action@v4
with:
token: ${{ secrets.ORG_REPO_TOKEN }}
target-branch: ${{ github.ref_name }}
manual-release-please:
runs-on: ubuntu-latest
if: ${{ github.event.inputs.version }}
steps:
- name: Install Release Please CLI
run: npm install release-please -g
- name: Release Please
run: |
release-please release-pr --repo-url=${{ github.server_url }}/${{ github.repository }} \
--token=${{ secrets.ORG_REPO_TOKEN }} \
--release-as=${{ github.event.inputs.version }} \
--target-branch=${{ github.ref_name }}
release-tag:
runs-on: ubuntu-latest
if: ${{ startsWith(github.event.head_commit.message, 'release:') }}
steps:
# Since skip-github-release is specified, the outputs of googleapis/release-please-action cannot be used.
# Therefore, we need to parse the version ourselves.
- name: Extract version and PR number from commit message
id: extract_info
shell: bash
run: |
echo "version=$( echo "${{ github.event.head_commit.message }}" | sed 's/^release: v\([0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' )" >> $GITHUB_OUTPUT
echo "pr_number=$( echo "${{ github.event.head_commit.message }}" | sed 's/.*(\#\([0-9]\+\)).*$/\1/' )" >> $GITHUB_OUTPUT
echo "release_branch=release/v$( echo "${{ github.event.head_commit.message }}" | sed 's/^release: v\([0-9]\+\.[0-9]\+\).*$/\1/' )" >> $GITHUB_OUTPUT
- name: Tag release
if: ${{ steps.extract_info.outputs.version }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.ORG_REPO_TOKEN }} # To trigger another workflow
script: |
await github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `refs/tags/v${{ steps.extract_info.outputs.version }}`,
sha: context.sha
});
# When v0.50.0 is released, a release branch "release/v0.50" is created.
- name: Create release branch for patch versions
if: ${{ endsWith(steps.extract_info.outputs.version, '.0') }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Should not trigger the workflow again
script: |
const releaseBranch = '${{ steps.extract_info.outputs.release_branch }}';
await github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `refs/heads/${releaseBranch}`,
sha: context.sha
});
# Add release branch to rulesets to enable merge queue
- name: Add release branch to rulesets
if: ${{ endsWith(steps.extract_info.outputs.version, '.0') }}
env:
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
shell: bash
run: |
RULESET_ID=$(gh api /repos/${{ github.repository }}/rulesets --jq '.[] | select(.name=="release") | .id')
gh api /repos/${{ github.repository }}/rulesets/$RULESET_ID | jq '{conditions}' | jq '.conditions.ref_name.include += ["refs/heads/${{ steps.extract_info.outputs.release_branch }}"]' | gh api --method put --input - /repos/${{ github.repository }}/rulesets/$RULESET_ID
# Since skip-github-release is specified, googleapis/release-please-action doesn't delete the label from PR.
# This label prevents the subsequent PRs from being created. Therefore, we need to delete it ourselves.
# cf. https://github.com/googleapis/release-please?tab=readme-ov-file#release-please-bot-does-not-create-a-release-pr-why
- name: Remove the label from PR
if: ${{ steps.extract_info.outputs.pr_number }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const prNumber = parseInt('${{ steps.extract_info.outputs.pr_number }}', 10);
github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
name: 'autorelease: pending'
});

6
.github/workflows/release.yaml vendored
View File

@@ -19,12 +19,12 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
- name: Restore Trivy binaries from cache
uses: actions/cache@v4.0.2
uses: actions/cache@v3.3.1
with:
path: dist/
key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
@@ -35,7 +35,7 @@ jobs:
sudo apt-get -y install rpm reprepro createrepo-c distro-info
- name: Checkout trivy-repo
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
repository: ${{ github.repository_owner }}/trivy-repo
path: trivy-repo

36
.github/workflows/reusable-release.yaml vendored
View File

@@ -14,12 +14,11 @@ on:
env:
GH_USER: "aqua-bot"
GO_VERSION: '1.22'
jobs:
release:
name: Release
runs-on: ubuntu-latest-m
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
permissions:
@@ -28,48 +27,47 @@ jobs:
contents: read # Not required for public repositories, but for clarity
steps:
- name: Cosign install
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da
uses: sigstore/cosign-installer@ef0e9691595ea19ec990a46b1a591dcafe568f34
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v2
- name: Show available Docker Buildx platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Login to docker.io registry
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to ghcr.io registry
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ env.GH_USER }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to ECR
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: public.ecr.aws
username: ${{ secrets.ECR_ACCESS_KEY_ID }}
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
- name: Checkout code
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false # Disable cache to avoid free space issues during `Post Setup Go` step.
go-version-file: go.mod
- name: Generate SBOM
uses: CycloneDX/gh-gomod-generate-sbom@v2
@@ -83,21 +81,15 @@ jobs:
run: |
echo "$GPG_KEY" > gpg.key
# Create tmp dir for GoReleaser
- name: "create tmp dir"
run: |
mkdir tmp
- name: GoReleaser
uses: goreleaser/goreleaser-action@v6
uses: goreleaser/goreleaser-action@v4
with:
version: v2.1.0
version: v1.16.2
args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
env:
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_FILE: "gpg.key"
TMPDIR: "tmp"
- name: "remove gpg key"
run: |
@@ -108,7 +100,7 @@ jobs:
# because GoReleaser Free doesn't support pushing images with the `--snapshot` flag.
- name: Build and push
if: ${{ inputs.goreleaser_config == 'goreleaser-canary.yml' }}
uses: docker/build-push-action@v6
uses: docker/build-push-action@v4
with:
platforms: linux/amd64, linux/arm64
file: ./Dockerfile.canary # path to Dockerfile
@@ -120,7 +112,7 @@ jobs:
public.ecr.aws/aquasecurity/trivy:canary
- name: Cache Trivy binaries
uses: actions/cache@v4.0.2
uses: actions/cache@v3.3.1
with:
path: dist/
# use 'github.sha' to create a unique cache folder for each run.

8
.github/workflows/roadmap.yaml vendored
View File

@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# 'kind/feature' AND 'priority/backlog' labels -> 'Backlog' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
- uses: actions/add-to-project@v0.4.1 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
@@ -28,7 +28,7 @@ jobs:
field-values: Backlog
# 'kind/feature' AND 'priority/important-longterm' labels -> 'Important (long-term)' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
- uses: actions/add-to-project@v0.4.1 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
field-values: Important (long-term)
# 'kind/feature' AND 'priority/important-soon' labels -> 'Important (soon)' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
- uses: actions/add-to-project@v0.4.1 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
@@ -62,7 +62,7 @@ jobs:
field-values: Important (soon)
# 'kind/feature' AND 'priority/critical-urgent' labels -> 'Urgent' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
- uses: actions/add-to-project@v0.4.1 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}

4
.github/workflows/scan.yaml vendored
View File

@@ -10,10 +10,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
- name: Run Trivy vulnerability scanner and create GitHub issues
uses: knqyf263/trivy-issue-action@v0.0.6
uses: knqyf263/trivy-issue-action@v0.0.5
with:
assignee: knqyf263
severity: CRITICAL

9
.github/workflows/semantic-pr.yaml vendored
View File

@@ -28,7 +28,7 @@ jobs:
ci
chore
revert
release
BREAKING
scopes: |
vuln
@@ -44,7 +44,6 @@ jobs:
k8s
aws
vm
plugin
alpine
wolfi
@@ -74,10 +73,6 @@ jobs:
c\+\+
elixir
dart
swift
bitnami
conda
julia
os
lang
@@ -98,10 +93,8 @@ jobs:
cyclonedx
spdx
purl
vex
helm
report
db
parser
deps

9
.github/workflows/stale-issues.yaml vendored
View File

@@ -1,4 +1,4 @@
name: "Stale PR's"
name: "Stale issues"
on:
schedule:
- cron: '0 0 * * *'
@@ -7,13 +7,14 @@ jobs:
timeout-minutes: 1
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9
- uses: actions/stale@v8
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been labeled with inactivity.'
stale-pr-message: 'This PR is stale because it has been labeled with inactivity.'
exempt-issue-labels: 'lifecycle/frozen,lifecycle/active,priority/critical-urgent,priority/important-soon,priority/important-longterm,priority/backlog,priority/awaiting-more-evidence'
exempt-pr-labels: 'lifecycle/active'
stale-pr-label: 'lifecycle/stale'
stale-issue-label: 'lifecycle/stale'
days-before-stale: 60
days-before-issue-stale: '-1'
days-before-close: 20
days-before-issue-close: '-1'

5
.github/workflows/test-docs.yaml vendored
View File

@@ -10,16 +10,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v5
- uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install -r docs/build/requirements.txt
- name: Configure the git user
run: |

135
.github/workflows/test.yaml vendored
View File

@@ -1,18 +1,21 @@
name: Test
on:
push:
branches-ignore:
- 'main'
- 'gh-readonly-queue/**'
paths-ignore:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
pull_request:
paths-ignore:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json' ## don't run tests for release-please PRs
- 'helm/trivy/Chart.yaml'
merge_group:
workflow_dispatch:
env:
GO_VERSION: '1.22'
jobs:
test:
name: Test
@@ -21,13 +24,12 @@ jobs:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- uses: actions/checkout@v4.1.6
- uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
go-version: oldstable
- name: go mod tidy
run: |
@@ -39,21 +41,15 @@ jobs:
if: matrix.operating-system == 'ubuntu-latest'
- name: Lint
id: lint
uses: golangci/golangci-lint-action@v6.1.1
uses: golangci/golangci-lint-action@v3.6.0
with:
version: v1.61
args: --verbose --out-format=line-number
version: v1.52
args: --deadline=30m
skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778
if: matrix.operating-system == 'ubuntu-latest'
- name: Check if linter failed
run: |
echo "Linter failed, running 'mage lint:fix' might help to correct some errors"
exit 1
if: ${{ failure() && steps.lint.conclusion == 'failure' }}
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
aqua_opts: ""
@@ -75,35 +71,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
- name: Generate image list digest
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-
- name: Run integration tests
run: mage test:integration
@@ -112,16 +91,15 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
@@ -133,35 +111,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
- name: Generate image list digest
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-
- name: Run module integration tests
shell: bash
run: |
@@ -172,35 +133,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
go-version-file: go.mod
- name: Install tools
uses: aquaproj/aqua-installer@v3.0.1
uses: aquaproj/aqua-installer@v2.1.2
with:
aqua_version: v1.25.0
- name: Generate image list digest
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags | sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test VM images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-vm-images-
- name: Run vm integration tests
run: |
mage test:vm
@@ -215,13 +157,12 @@ jobs:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
uses: actions/checkout@v3.5.3
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
cache: false
go-version-file: go.mod
- name: Determine GoReleaser ID
id: goreleaser_id
@@ -236,7 +177,7 @@ jobs:
fi
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
uses: goreleaser/goreleaser-action@v4
with:
version: v2.1.0
version: v1.16.2
args: build --snapshot --clean --timeout 90m ${{ steps.goreleaser_id.outputs.id }}

16
.github/workflows/triage.yaml vendored
View File

@@ -1,16 +0,0 @@
name: Triage Discussion
on:
discussion:
types: [created]
workflow_dispatch:
inputs:
discussion_num:
required: true
jobs:
label:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/trivy-triage
with:
discussion_num: ${{ github.event.inputs.discussion_num }}

3
.gitignore vendored
View File

@@ -39,6 +39,3 @@ dist
# Signing
gpg.key
cmd/trivy/trivy
# RPM
*.rpm

161
.golangci.yaml
View File

@@ -1,144 +1,73 @@
linters-settings:
depguard:
rules:
main:
list-mode: lax
deny:
# Cannot use gomodguard, which examines go.mod, as "golang.org/x/exp/slices" is not a module and doesn't appear in go.mod.
- pkg: "golang.org/x/exp/slices"
desc: "Use 'slices' instead"
- pkg: "golang.org/x/exp/maps"
desc: "Use 'maps' or 'github.com/samber/lo' instead"
dupl:
threshold: 100
errcheck:
check-type-assertions: true
check-blank: true
gci:
sections:
- standard
- default
- prefix(github.com/aquasecurity/)
- blank
- dot
govet:
check-shadowing: false
gofmt:
simplify: false
revive:
ignore-generated-header: true
gocyclo:
min-complexity: 20
dupl:
threshold: 100
goconst:
min-len: 3
min-occurrences: 3
gocritic:
disabled-checks:
- appendAssign
- unnamedResult
- whyNoLint
- indexAlloc
- octalLiteral
- hugeParam
- rangeValCopy
- regexpSimplify
- sloppyReassign
- commentedOutCode
enabled-tags:
- diagnostic
- style
- performance
- experimental
- opinionated
settings:
ruleguard:
failOn: all
rules: '${configDir}/misc/lint/rules.go'
gocyclo:
min-complexity: 20
gofmt:
simplify: false
rewrite-rules:
- pattern: 'interface{}'
replacement: 'any'
gomodguard:
blocked:
modules:
- github.com/hashicorp/go-version:
recommendations:
- github.com/aquasecurity/go-version
reason: "`aquasecurity/go-version` is designed for our use-cases"
- github.com/Masterminds/semver:
recommendations:
- github.com/aquasecurity/go-version
reason: "`aquasecurity/go-version` is designed for our use-cases"
misspell:
locale: US
goimports:
local-prefixes: github.com/aquasecurity
gosec:
excludes:
- G101
- G114
- G115
- G204
- G304
- G402
govet:
check-shadowing: false
misspell:
locale: US
ignore-words:
- behaviour
- licence
- optimise
- simmilar
revive:
ignore-generated-header: true
testifylint:
enable-all: true
linters:
disable-all: true
enable:
- bodyclose
- depguard
- gci
- unused
- ineffassign
- typecheck
- govet
- revive
- gosec
- unconvert
- goconst
- gocritic
- gocyclo
- gofmt
- gomodguard
- gosec
- govet
- ineffassign
- goimports
- misspell
- revive
- tenv
- testifylint
- typecheck
- unconvert
- unused
- usestdlibvars
run:
go: '1.22'
timeout: 30m
go: 1.19
skip-files:
- ".*._mock.go$"
- ".*._test.go$"
- "integration/*"
- "examples/*"
issues:
exclude-files:
- "mock_*.go$"
- "examples/*"
exclude-dirs:
- "pkg/iac/scanners/terraform/parser/funcs" # copies of Terraform functions
exclude-rules:
- path: ".*_test.go$"
linters:
- goconst
- linters:
- gosec
- unused
- path: ".*_test.go$"
linters:
- govet
text: "copylocks:"
- path: ".*_test.go$"
linters:
- gocritic
text: "commentFormatting:"
- path: ".*_test.go$"
linters:
- gocritic
text: "exitAfterDefer:"
- path: ".*_test.go$"
linters:
- gocritic
text: "importShadow:"
text: "G304: Potential file inclusion"
- linters:
- gosec
text: "Deferring unsafe method"
- linters:
- errcheck
text: "Close` is not checked"
- linters:
- errcheck
text: "os.*` is not checked"
- linters:
- golint
text: "a blank import should be only in a main or test package"
exclude:
- "should have a package comment, unless it's in another file for this package"
exclude-use-default: false
max-same-issues: 0

1
.release-please-manifest.json
View File

@@ -1 +0,0 @@
{".":"0.58.1"}

244
.vex/oci.openvex.json
View File

@@ -1,244 +0,0 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/public/vex-8e30ed756ae8e4196af93bf43edf68360f396a98c0268787453a3443b26e7d6c",
"author": "Aqua Security",
"timestamp": "2024-07-10T12:17:44.60495+04:00",
"version": 1,
"statements": [
{
"vulnerability": {
"name": "CVE-2023-42363"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2023-42364"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2023-42365"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2023-42366"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2024-4741"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
},
{
"vulnerability": {
"name": "CVE-2024-5535"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
},
{
"vulnerability": {
"name": "CVE-2024-6119"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
}
]
}

545
.vex/trivy.openvex.json
View File

@@ -1,545 +0,0 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "aquasecurity/trivy:613fd55abbc2857b5ca28b07a26f3cd4c8b0ddc4c8a97c57497a2d4c4880d7fc",
"author": "Aqua Security",
"timestamp": "2024-07-09T11:38:00.115697+04:00",
"version": 1,
"tooling": "https://github.com/aquasecurity/trivy/tree/main/magefiles/vex.go",
"statements": [
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2575",
"name": "GO-2024-2575",
"description": "Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3",
"aliases": [
"CVE-2024-26147",
"GHSA-r53h-jv2g-vpx6"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/helm.sh/helm/v3",
"identifiers": {
"purl": "pkg:golang/helm.sh/helm/v3"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-1765",
"name": "GO-2023-1765",
"description": "Leaked shared secret and weak blinding in github.com/cloudflare/circl",
"aliases": [
"CVE-2023-1732",
"GHSA-2q89-485c-9j2x"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/cloudflare/circl",
"identifiers": {
"purl": "pkg:golang/github.com/cloudflare/circl"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2512",
"name": "GO-2024-2512",
"description": "Classic builder cache poisoning in github.com/docker/docker",
"aliases": [
"CVE-2024-24557",
"GHSA-xw73-rw38-6vjc"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/docker/docker",
"identifiers": {
"purl": "pkg:golang/github.com/docker/docker"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2453",
"name": "GO-2024-2453",
"description": "Timing side channel in github.com/cloudflare/circl",
"aliases": [
"GHSA-9763-4f94-gfch"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/cloudflare/circl",
"identifiers": {
"purl": "pkg:golang/github.com/cloudflare/circl"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2048",
"name": "GO-2023-2048",
"description": "Paths outside of the rootfs could be produced on Windows in github.com/cyphar/filepath-securejoin",
"aliases": [
"GHSA-6xv5-86q9-7xr8"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/cyphar/filepath-securejoin",
"identifiers": {
"purl": "pkg:golang/github.com/cyphar/filepath-securejoin"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2497",
"name": "GO-2024-2497",
"description": "Privilege escalation in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23653",
"GHSA-wr6v-9f75-vh2g"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2102",
"name": "GO-2023-2102",
"description": "HTTP/2 rapid reset can cause excessive work in net/http",
"aliases": [
"CVE-2023-39325",
"GHSA-4374-p667-p6c8"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/golang.org/x/net",
"identifiers": {
"purl": "pkg:golang/golang.org/x/net"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2493",
"name": "GO-2024-2493",
"description": "Host system file access in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23651",
"GHSA-m3r6-h7wv-7xxv"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2491",
"name": "GO-2024-2491",
"description": "Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc",
"aliases": [
"CVE-2024-21626",
"GHSA-xr7r-f8xq-vfvv"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/opencontainers/runc",
"identifiers": {
"purl": "pkg:golang/github.com/opencontainers/runc"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2494",
"name": "GO-2024-2494",
"description": "Host system modification in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23652",
"GHSA-4v98-7qmw-rqr8"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2412",
"name": "GO-2023-2412",
"description": "RAPL accessibility in github.com/containerd/containerd",
"aliases": [
"GHSA-7ww5-4wqc-m92c"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/containerd/containerd",
"identifiers": {
"purl": "pkg:golang/github.com/containerd/containerd"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-1988",
"name": "GO-2023-1988",
"description": "Improper rendering of text nodes in golang.org/x/net/html",
"aliases": [
"CVE-2023-3978",
"GHSA-2wrh-6pvc-2jm9"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/golang.org/x/net",
"identifiers": {
"purl": "pkg:golang/golang.org/x/net"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2492",
"name": "GO-2024-2492",
"description": "Panic in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23650",
"GHSA-9p26-698r-w4hx"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2022-0646",
"name": "GO-2022-0646",
"description": "Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go",
"aliases": [
"CVE-2020-8911",
"CVE-2020-8912",
"GHSA-7f33-f4f5-xwgw",
"GHSA-f5pg-7wfw-84q9"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/aws/aws-sdk-go",
"identifiers": {
"purl": "pkg:golang/github.com/aws/aws-sdk-go"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2153",
"name": "GO-2023-2153",
"description": "Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc",
"aliases": [
"GHSA-m425-mq94-257g"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/google.golang.org/grpc",
"identifiers": {
"purl": "pkg:golang/google.golang.org/grpc"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3105",
"name": "GO-2024-3105",
"description": "Stack exhaustion in all Parse functions in go/parser",
"aliases": [
"CVE-2024-34155"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/stdlib",
"identifiers": {
"purl": "pkg:golang/stdlib"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3106",
"name": "GO-2024-3106",
"description": "Stack exhaustion in Decoder.Decode in encoding/gob",
"aliases": [
"CVE-2024-34156"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/stdlib",
"identifiers": {
"purl": "pkg:golang/stdlib"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck incorrectly marks this vulnerability as affected. The vulnerable code isn't called. See https://github.com/aquasecurity/trivy/issues/7478"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3107",
"name": "GO-2024-3107",
"description": "Stack exhaustion in Parse in go/build/constraint",
"aliases": [
"CVE-2024-34158"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/stdlib",
"identifiers": {
"purl": "pkg:golang/stdlib"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
}
]
}

356
CHANGELOG.md
View File

@@ -1,356 +0,0 @@
# Changelog
## [0.58.1](https://github.com/aquasecurity/trivy/compare/v0.58.0...v0.58.1) (2024-12-24)
### Bug Fixes
* handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] ([#8121](https://github.com/aquasecurity/trivy/issues/8121)) ([9a56e7c](https://github.com/aquasecurity/trivy/commit/9a56e7cd6964ffd4187a8e44a36d49b54587db56))
* **java:** correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] ([#8119](https://github.com/aquasecurity/trivy/issues/8119)) ([4278a09](https://github.com/aquasecurity/trivy/commit/4278a09f59590ee16494e0a1ad31fb374f2e243f))
* **oracle:** add architectures support for advisories [backport: release/v0.58] ([#8125](https://github.com/aquasecurity/trivy/issues/8125)) ([89b341f](https://github.com/aquasecurity/trivy/commit/89b341f0c6dc7f24239f9a9e4809524ec289a864))
* **python:** skip dev group's deps for poetry [backport: release/v0.58] ([#8158](https://github.com/aquasecurity/trivy/issues/8158)) ([8b93081](https://github.com/aquasecurity/trivy/commit/8b930816bc527166ced5d57754ad7fccb1cef832))
* **redhat:** correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] ([#8135](https://github.com/aquasecurity/trivy/issues/8135)) ([33818e1](https://github.com/aquasecurity/trivy/commit/33818e121f989fd12c15aa65affd2d01b867db61))
* **sbom:** attach nested packages to Application [backport: release/v0.58] ([#8168](https://github.com/aquasecurity/trivy/issues/8168)) ([03160e4](https://github.com/aquasecurity/trivy/commit/03160e4fd1b0a6aef8c4f3d96529e68fed7e70ee))
* **sbom:** fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] ([#8124](https://github.com/aquasecurity/trivy/issues/8124)) ([f842fe1](https://github.com/aquasecurity/trivy/commit/f842fe1675b434e72a8194628525c42fd3e155af))
* **sbom:** use root package for `unknown` dependencies (if exists) [backport: release/v0.58] ([#8156](https://github.com/aquasecurity/trivy/issues/8156)) ([18cd1a5](https://github.com/aquasecurity/trivy/commit/18cd1a59cbb32d87371fe8ab24497f06855e0c80))
## [0.58.0](https://github.com/aquasecurity/trivy/compare/v0.57.0...v0.58.0) (2024-12-02)
### Features
* add `workspaceRelationship` ([#7889](https://github.com/aquasecurity/trivy/issues/7889)) ([d622ca2](https://github.com/aquasecurity/trivy/commit/d622ca2b1fe40a0eb588478ba9e15d3bd8471a78))
* add cvss v4 score and vector in scan response ([#7968](https://github.com/aquasecurity/trivy/issues/7968)) ([e0f2054](https://github.com/aquasecurity/trivy/commit/e0f2054f9d12dce87e8a0226350f6317f7167195))
* **go:** construct dependencies in the parser ([#7973](https://github.com/aquasecurity/trivy/issues/7973)) ([bcdc0bb](https://github.com/aquasecurity/trivy/commit/bcdc0bbf1f63777ff79d3ecadb8d4f916f376b7d))
* **go:** construct dependencies of `go.mod` main module in the parser ([#7977](https://github.com/aquasecurity/trivy/issues/7977)) ([5448ba2](https://github.com/aquasecurity/trivy/commit/5448ba2a5c1ee36cbcf74ee1c2e83409092c5715))
* **k8s:** add default commands for unknown platform ([#7863](https://github.com/aquasecurity/trivy/issues/7863)) ([b1c7f55](https://github.com/aquasecurity/trivy/commit/b1c7f5516fc39c6cbb76cbeae5c8677ccc9ce5dd))
* **misconf:** log causes of HCL file parsing errors ([#7634](https://github.com/aquasecurity/trivy/issues/7634)) ([e9a899a](https://github.com/aquasecurity/trivy/commit/e9a899a3cfe41a622202808a0241b7f40b54d338))
* **oracle:** add `flavors` support ([#7858](https://github.com/aquasecurity/trivy/issues/7858)) ([b9b383e](https://github.com/aquasecurity/trivy/commit/b9b383eb2714e88357af75900c856db2900b83ec))
* **secret:** Add built-in secrets rules for Private Packagist ([#7826](https://github.com/aquasecurity/trivy/issues/7826)) ([132d9df](https://github.com/aquasecurity/trivy/commit/132d9dfa19a8835c94f332c6939ab7f64641ee5f))
* **suse:** Align SUSE/OpenSUSE OS Identifiers ([#7965](https://github.com/aquasecurity/trivy/issues/7965)) ([45d3b40](https://github.com/aquasecurity/trivy/commit/45d3b40044202dec91384847ce2b50a7271f5977))
* Update registry fallbacks ([#7679](https://github.com/aquasecurity/trivy/issues/7679)) ([5ba9a83](https://github.com/aquasecurity/trivy/commit/5ba9a83a447c4f9e577ae6235c315df71f50b452))
### Bug Fixes
* **alpine:** add `UID` for removed packages ([#7887](https://github.com/aquasecurity/trivy/issues/7887)) ([07915da](https://github.com/aquasecurity/trivy/commit/07915da4816d4d9ec8a6c5e4cba17be2a0f4ad65))
* **aws:** change CPU and Memory type of ContainerDefinition to a string ([#7995](https://github.com/aquasecurity/trivy/issues/7995)) ([aeeba70](https://github.com/aquasecurity/trivy/commit/aeeba70d15c11443d9fe7c26f90fc7d9dcc7f92c))
* **cli:** Handle empty ignore files more gracefully ([#7962](https://github.com/aquasecurity/trivy/issues/7962)) ([4cfb2a9](https://github.com/aquasecurity/trivy/commit/4cfb2a97b27923182ab45c178544542ec65981d4))
* **debian:** infinite loop ([#7928](https://github.com/aquasecurity/trivy/issues/7928)) ([d982e6a](https://github.com/aquasecurity/trivy/commit/d982e6ab89967629f71ec09100cdc61e30a27c63))
* **fs:** add missing defered Cleanup() call to post analyzer fs ([#7882](https://github.com/aquasecurity/trivy/issues/7882)) ([ab32297](https://github.com/aquasecurity/trivy/commit/ab32297e0a8220a427fa330025f8625281e02275))
* Improve version comparisons when build identifiers are present ([#7873](https://github.com/aquasecurity/trivy/issues/7873)) ([eda4d76](https://github.com/aquasecurity/trivy/commit/eda4d7660d8908705bc08a6edc55d8144d02806a))
* **k8s:** check all results for vulnerabilities ([#7946](https://github.com/aquasecurity/trivy/issues/7946)) ([797b36f](https://github.com/aquasecurity/trivy/commit/797b36fbad90b8e7f04e16e2cf08d6bdc0255ac7))
* **misconf:** do not erase variable type for child modules ([#7941](https://github.com/aquasecurity/trivy/issues/7941)) ([de3b7ea](https://github.com/aquasecurity/trivy/commit/de3b7ea24c282bce22ce9cacb49a43d8d90e2bde))
* **misconf:** handle null properties in CloudFormation templates ([#7813](https://github.com/aquasecurity/trivy/issues/7813)) ([99b2db3](https://github.com/aquasecurity/trivy/commit/99b2db3978562689cef956a71281abb84ff0ce47))
* **misconf:** load full Terraform module ([#7925](https://github.com/aquasecurity/trivy/issues/7925)) ([fbc42a0](https://github.com/aquasecurity/trivy/commit/fbc42a04ea24e2246f81491434a965846d55ed69))
* **misconf:** properly resolve local Terraform cache ([#7983](https://github.com/aquasecurity/trivy/issues/7983)) ([fe3a897](https://github.com/aquasecurity/trivy/commit/fe3a8971b6697d896c1ec30b5326a10c20349d14))
* **misconf:** Update trivy-checks default repo to `mirror.gcr.io` ([#7953](https://github.com/aquasecurity/trivy/issues/7953)) ([9988147](https://github.com/aquasecurity/trivy/commit/9988147b8b0e463464fe494122bfcc66ccdf04e0))
* **misconf:** wrap AWS EnvVar to iac types ([#7407](https://github.com/aquasecurity/trivy/issues/7407)) ([54130dc](https://github.com/aquasecurity/trivy/commit/54130dcc1d775506d34b83a558952176fc549914))
* **redhat:** don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files ([#7912](https://github.com/aquasecurity/trivy/issues/7912)) ([38775a5](https://github.com/aquasecurity/trivy/commit/38775a5ed985eefe2b410e72407c454cdad3d075))
* **report:** handle `git@github.com` schema for misconfigs in `sarif` report ([#7898](https://github.com/aquasecurity/trivy/issues/7898)) ([19aea4b](https://github.com/aquasecurity/trivy/commit/19aea4b01f3ce5a3cd05d5a1091da5b0b3ba4af6))
* **sbom:** Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details ([#7871](https://github.com/aquasecurity/trivy/issues/7871)) ([461a68a](https://github.com/aquasecurity/trivy/commit/461a68afd60b77dd67e91047b3b4d558fa5bd2ec))
* **terraform:** set null value as fallback for missing variables ([#7669](https://github.com/aquasecurity/trivy/issues/7669)) ([611558e](https://github.com/aquasecurity/trivy/commit/611558e4ce61818330118684274534f26b1fda99))
## [0.57.0](https://github.com/aquasecurity/trivy/compare/v0.56.0...v0.57.0) (2024-10-31)
### ⚠ BREAKING CHANGES
* **k8s:** support k8s multi container ([#7444](https://github.com/aquasecurity/trivy/issues/7444))
### Features
* add end of life date for Ubuntu 24.10 ([#7787](https://github.com/aquasecurity/trivy/issues/7787)) ([ad3c09e](https://github.com/aquasecurity/trivy/commit/ad3c09e006e134f3c5b879ffc34ce9895a8c860f))
* **cli:** add `trivy auth` ([#7664](https://github.com/aquasecurity/trivy/issues/7664)) ([27117f8](https://github.com/aquasecurity/trivy/commit/27117f81d52483c3ceec56fe56ac298e242fbc9a))
* **cli:** error out when ignore file cannot be found ([#7624](https://github.com/aquasecurity/trivy/issues/7624)) ([cb0b3a9](https://github.com/aquasecurity/trivy/commit/cb0b3a9279b31810ecd686a385e5140e567ce86f))
* **cli:** rename `trivy auth` to `trivy registry` ([#7727](https://github.com/aquasecurity/trivy/issues/7727)) ([633a7ab](https://github.com/aquasecurity/trivy/commit/633a7abeea4287899392a24f2705f96dfeb7e312))
* **cyclonedx:** add file checksums to `CycloneDX` reports ([#7507](https://github.com/aquasecurity/trivy/issues/7507)) ([c225883](https://github.com/aquasecurity/trivy/commit/c225883649f58128a99fa2c1cef327d0e57940be))
* **db:** append errors ([#7843](https://github.com/aquasecurity/trivy/issues/7843)) ([5e78b6c](https://github.com/aquasecurity/trivy/commit/5e78b6c12fb5740c12dedeea3d335d48ec2f752b))
* **misconf:** export unresolvable field of IaC types to Rego ([#7765](https://github.com/aquasecurity/trivy/issues/7765)) ([9514148](https://github.com/aquasecurity/trivy/commit/9514148767865baddd73a49245385574927f7a74))
* **misconf:** public network support for Azure Storage Account ([#7601](https://github.com/aquasecurity/trivy/issues/7601)) ([ad91412](https://github.com/aquasecurity/trivy/commit/ad914123c4d203af1e1da6b7e2d3e49d9d3831d8))
* **misconf:** Show misconfig ID in output ([#7762](https://github.com/aquasecurity/trivy/issues/7762)) ([f75c0d1](https://github.com/aquasecurity/trivy/commit/f75c0d1f0069d4856cb4826d6049f32c5b9409d9))
* **misconf:** ssl_mode support for GCP SQL DB instance ([#7564](https://github.com/aquasecurity/trivy/issues/7564)) ([2eaa17e](https://github.com/aquasecurity/trivy/commit/2eaa17e0717940b27a79050e2efd9213b71178c9))
* **parser:** ignore white space in pom.xml files ([#7747](https://github.com/aquasecurity/trivy/issues/7747)) ([a7baa93](https://github.com/aquasecurity/trivy/commit/a7baa93b00b8636aa097e64cdb8eed97dbd68511))
* **report:** update gitlab template to populate operating_system value ([#7735](https://github.com/aquasecurity/trivy/issues/7735)) ([c0d79fa](https://github.com/aquasecurity/trivy/commit/c0d79fa09e645f3a3dbff878e393b8631fb17b64))
### Bug Fixes
* **cli:** `clean --all` deletes only relevant dirs ([#7704](https://github.com/aquasecurity/trivy/issues/7704)) ([672e886](https://github.com/aquasecurity/trivy/commit/672e886aed152ae0f09a16941706746f3053ca94))
* **cli:** add config name to skip-policy-update alias ([#7820](https://github.com/aquasecurity/trivy/issues/7820)) ([b661d68](https://github.com/aquasecurity/trivy/commit/b661d680ff0372c8e4beea0db13bf69d6a2203a8))
* **db:** fix javadb downloading error handling ([#7642](https://github.com/aquasecurity/trivy/issues/7642)) ([2c87f0c](https://github.com/aquasecurity/trivy/commit/2c87f0cb794acd77446a273582ba1a45b9f18980))
* enable usestdlibvars linter ([#7770](https://github.com/aquasecurity/trivy/issues/7770)) ([57e24aa](https://github.com/aquasecurity/trivy/commit/57e24aa85382f749df7f673e241caaf3fcbb45cb))
* **go:** Do not trim v prefix from versions in Go Mod Analyzer ([#7733](https://github.com/aquasecurity/trivy/issues/7733)) ([e872ec0](https://github.com/aquasecurity/trivy/commit/e872ec006c0745a5a142728af0096c6d6bb9ddf3))
* **helm:** properly handle multiple archived dependencies ([#7782](https://github.com/aquasecurity/trivy/issues/7782)) ([6fab88d](https://github.com/aquasecurity/trivy/commit/6fab88dd56c257ef2cc63b617c2a5decb1c4cf98))
* **java:** correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents ([#7541](https://github.com/aquasecurity/trivy/issues/7541)) ([778df82](https://github.com/aquasecurity/trivy/commit/778df828eaad9827cb833c6285058a33aa2b83ca))
* **k8s:** skip resources without misconfigs ([#7797](https://github.com/aquasecurity/trivy/issues/7797)) ([7882776](https://github.com/aquasecurity/trivy/commit/78827768a612ab305bf9c55409ce76d6774302a5))
* **k8s:** support k8s multi container ([#7444](https://github.com/aquasecurity/trivy/issues/7444)) ([c434775](https://github.com/aquasecurity/trivy/commit/c4347759234dcb5f372b07f92fb4230ef391d710))
* **k8s:** support kubernetes v1.31 ([#7810](https://github.com/aquasecurity/trivy/issues/7810)) ([7a4f4d8](https://github.com/aquasecurity/trivy/commit/7a4f4d8b12996687f3095a2042cdf2f5985332c9))
* **license:** fix license normalization for Universal Permissive License ([#7766](https://github.com/aquasecurity/trivy/issues/7766)) ([f6acdf7](https://github.com/aquasecurity/trivy/commit/f6acdf713991f8ffdbe765178fcb8a9cde433cba))
* **misconf:** change default ACL of digitalocean_spaces_bucket to private ([#7577](https://github.com/aquasecurity/trivy/issues/7577)) ([9da84f5](https://github.com/aquasecurity/trivy/commit/9da84f54fadbe6ad0d73983952e945ed63b666f3))
* **misconf:** check if property is not nil before conversion ([#7578](https://github.com/aquasecurity/trivy/issues/7578)) ([c8c14d3](https://github.com/aquasecurity/trivy/commit/c8c14d36245623019f29d258f813d2325f7490f7))
* **misconf:** fix for Azure Storage Account network acls adaptation ([#7602](https://github.com/aquasecurity/trivy/issues/7602)) ([35fd018](https://github.com/aquasecurity/trivy/commit/35fd018ae7ad86823f114f0ac2f1376726aee444))
* **misconf:** properly expand dynamic blocks ([#7612](https://github.com/aquasecurity/trivy/issues/7612)) ([8d5dbc9](https://github.com/aquasecurity/trivy/commit/8d5dbc9fec3569b22ed81a03c40eaf732768718b))
* **redhat:** include arch in PURL qualifiers ([#7654](https://github.com/aquasecurity/trivy/issues/7654)) ([a585e95](https://github.com/aquasecurity/trivy/commit/a585e95f3398631d9ad10505c5ff642fde21aef7))
* **repo:** `git clone` output to Stderr ([#7561](https://github.com/aquasecurity/trivy/issues/7561)) ([fdf203c](https://github.com/aquasecurity/trivy/commit/fdf203cd209aeb40f454bd12d121a54d6ed7a542))
* **report:** Fix invalid URI in SARIF report ([#7645](https://github.com/aquasecurity/trivy/issues/7645)) ([015bb88](https://github.com/aquasecurity/trivy/commit/015bb885ac414b91201fa9791eead395d878149c))
* **sbom:** add options for DBs in private registries ([#7660](https://github.com/aquasecurity/trivy/issues/7660)) ([1f2e91b](https://github.com/aquasecurity/trivy/commit/1f2e91b02b3606dd11963002a8cfac7962f3478f))
* **sbom:** use `Annotation` instead of `AttributionTexts` for `SPDX` formats ([#7811](https://github.com/aquasecurity/trivy/issues/7811)) ([f2bb9c6](https://github.com/aquasecurity/trivy/commit/f2bb9c6227743dd61f44eb591d4b15192fe110c6))
## [0.56.0](https://github.com/aquasecurity/trivy/compare/v0.55.0...v0.56.0) (2024-10-03)
### Features
* **java:** add empty versions if `pom.xml` dependency versions can't be detected ([#7520](https://github.com/aquasecurity/trivy/issues/7520)) ([b836232](https://github.com/aquasecurity/trivy/commit/b8362321adb2af220830c5de31c29978423d47da))
* **license:** improve license normalization ([#7131](https://github.com/aquasecurity/trivy/issues/7131)) ([6472e3c](https://github.com/aquasecurity/trivy/commit/6472e3c9da2a8e7ba41598a45c80df8f18e57d4c))
* **misconf:** add ability to disable checks by ID ([#7536](https://github.com/aquasecurity/trivy/issues/7536)) ([ef0a27d](https://github.com/aquasecurity/trivy/commit/ef0a27d515ff80762bf1959d44a8bde017ae06ec))
* **misconf:** Register checks only when needed ([#7435](https://github.com/aquasecurity/trivy/issues/7435)) ([f768d3a](https://github.com/aquasecurity/trivy/commit/f768d3a767a99a86b0372f19d9f49a2de35dbe59))
* **misconf:** Support `--skip-*` for all included modules ([#7579](https://github.com/aquasecurity/trivy/issues/7579)) ([c0e8da3](https://github.com/aquasecurity/trivy/commit/c0e8da3828e9d3a0b30d1f6568037db8dc827765))
* **secret:** enhance secret scanning for python binary files ([#7223](https://github.com/aquasecurity/trivy/issues/7223)) ([60725f8](https://github.com/aquasecurity/trivy/commit/60725f879ba014c5c57583db6afc290b78facae8))
* support multiple DB repositories for vulnerability and Java DB ([#7605](https://github.com/aquasecurity/trivy/issues/7605)) ([3562529](https://github.com/aquasecurity/trivy/commit/3562529ddfb26d301311ed450c192e17011353df))
* support RPM archives ([#7628](https://github.com/aquasecurity/trivy/issues/7628)) ([69bf7e0](https://github.com/aquasecurity/trivy/commit/69bf7e00ea5ab483692db830fdded26a31f03183))
* **suse:** added SUSE Linux Enterprise Micro support ([#7294](https://github.com/aquasecurity/trivy/issues/7294)) ([efdb68d](https://github.com/aquasecurity/trivy/commit/efdb68d3b9ddf9dfaf45ea5855b31c43a4366bab))
### Bug Fixes
* allow access to '..' in mapfs ([#7575](https://github.com/aquasecurity/trivy/issues/7575)) ([a8fbe46](https://github.com/aquasecurity/trivy/commit/a8fbe46119adbd89f827a75c75b9e97d392f1842))
* **db:** check `DownloadedAt` for `trivy-java-db` ([#7592](https://github.com/aquasecurity/trivy/issues/7592)) ([13ef3e7](https://github.com/aquasecurity/trivy/commit/13ef3e7d62ba2bcb3a04d7b44f79b1299674b480))
* **java:** use `dependencyManagement` from root/child pom's for dependencies from parents ([#7497](https://github.com/aquasecurity/trivy/issues/7497)) ([5442949](https://github.com/aquasecurity/trivy/commit/54429497e7d6a87eac236771d4efb8a5a7faaac5))
* **license:** stop spliting a long license text ([#7336](https://github.com/aquasecurity/trivy/issues/7336)) ([4926da7](https://github.com/aquasecurity/trivy/commit/4926da79de901fba73819d71845ec0355b68ae0f))
* **misconf:** Disable deprecated checks by default ([#7632](https://github.com/aquasecurity/trivy/issues/7632)) ([82e2adc](https://github.com/aquasecurity/trivy/commit/82e2adc6f8e68d0cc0021031170c2adb60d213ba))
* **misconf:** disable DS016 check for image history analyzer ([#7540](https://github.com/aquasecurity/trivy/issues/7540)) ([de40df9](https://github.com/aquasecurity/trivy/commit/de40df9408d6d856a3ad384ec9f086edce3aa382))
* **misconf:** escape all special sequences ([#7558](https://github.com/aquasecurity/trivy/issues/7558)) ([ea0cf03](https://github.com/aquasecurity/trivy/commit/ea0cf0379aff0348fde87356dab37947800fc1b6))
* **misconf:** Fix logging typo ([#7473](https://github.com/aquasecurity/trivy/issues/7473)) ([56db43c](https://github.com/aquasecurity/trivy/commit/56db43c24f4f6be92891be85faaf9492cad516ac))
* **misconf:** Fixed scope for China Cloud ([#7560](https://github.com/aquasecurity/trivy/issues/7560)) ([37d549e](https://github.com/aquasecurity/trivy/commit/37d549e5b86a1c5dce6710fbfd2310aec9abe949))
* **misconf:** not to warn about missing selectors of libraries ([#7638](https://github.com/aquasecurity/trivy/issues/7638)) ([fcaea74](https://github.com/aquasecurity/trivy/commit/fcaea740808d5784c120e5c5d65f5f94e1d931d4))
* **oracle:** Update EOL date for Oracle 7 ([#7480](https://github.com/aquasecurity/trivy/issues/7480)) ([dd0a64a](https://github.com/aquasecurity/trivy/commit/dd0a64a1cf0cd76e6f81e3ff55fa6ccb95ce3c3d))
* **report:** change a receiver of MarshalJSON ([#7483](https://github.com/aquasecurity/trivy/issues/7483)) ([927c6e0](https://github.com/aquasecurity/trivy/commit/927c6e0c9d4d4a3f1be00f0f661c1d18325d9440))
* **report:** fix error with unmarshal of `ExperimentalModifiedFindings` ([#7463](https://github.com/aquasecurity/trivy/issues/7463)) ([7ff9aff](https://github.com/aquasecurity/trivy/commit/7ff9aff2739b2eee4a98175b98914795e4077060))
* **sbom:** export bom-ref when converting a package to a component ([#7340](https://github.com/aquasecurity/trivy/issues/7340)) ([5dd94eb](https://github.com/aquasecurity/trivy/commit/5dd94ebc1ffe3f1df511dee6381f92a5daefadf2))
* **sbom:** parse type `framework` as `library` when unmarshalling `CycloneDX` files ([#7527](https://github.com/aquasecurity/trivy/issues/7527)) ([aeb7039](https://github.com/aquasecurity/trivy/commit/aeb7039d7ce090e243d29f0bf16c9e4e24252a01))
* **secret:** change grafana token regex to find them without unquoted ([#7627](https://github.com/aquasecurity/trivy/issues/7627)) ([3e1fa21](https://github.com/aquasecurity/trivy/commit/3e1fa2100074e840bacdd65947425b08750b7d9a))
### Performance Improvements
* **misconf:** use port ranges instead of enumeration ([#7549](https://github.com/aquasecurity/trivy/issues/7549)) ([1f9fc13](https://github.com/aquasecurity/trivy/commit/1f9fc13da4a1e7c76c978e4f8e119bfd61a0480e))
### Reverts
* **java:** stop supporting of `test` scope for `pom.xml` files ([#7488](https://github.com/aquasecurity/trivy/issues/7488)) ([b0222fe](https://github.com/aquasecurity/trivy/commit/b0222feeb586ec59904bb321fda8f3f22496d07b))
## [0.55.0](https://github.com/aquasecurity/trivy/compare/v0.54.0...v0.55.0) (2024-09-03)
### ⚠ BREAKING CHANGES
* **cli:** delete deprecated SBOM flags ([#7266](https://github.com/aquasecurity/trivy/issues/7266))
### Features
* **cli:** delete deprecated SBOM flags ([#7266](https://github.com/aquasecurity/trivy/issues/7266)) ([7024572](https://github.com/aquasecurity/trivy/commit/70245721372720027b7089bd61c693df48add865))
* **go:** use `toolchain` as `stdlib` version for `go.mod` files ([#7163](https://github.com/aquasecurity/trivy/issues/7163)) ([2d80769](https://github.com/aquasecurity/trivy/commit/2d80769c34b118851640411fff9dac0b3e353e82))
* **java:** add `test` scope support for `pom.xml` files ([#7414](https://github.com/aquasecurity/trivy/issues/7414)) ([2d97700](https://github.com/aquasecurity/trivy/commit/2d97700d10665142d2f66d7910202bec82116209))
* **misconf:** Add support for using spec from on-disk bundle ([#7179](https://github.com/aquasecurity/trivy/issues/7179)) ([be86126](https://github.com/aquasecurity/trivy/commit/be861265cafc89787fda09c59b2ef175e3d04204))
* **misconf:** ignore duplicate checks ([#7317](https://github.com/aquasecurity/trivy/issues/7317)) ([9ef05fc](https://github.com/aquasecurity/trivy/commit/9ef05fc6b171a264516a025b0b0bcbbc8cff10bc))
* **misconf:** iterator argument support for dynamic blocks ([#7236](https://github.com/aquasecurity/trivy/issues/7236)) ([fe92072](https://github.com/aquasecurity/trivy/commit/fe9207255a4f7f984ec1447f8a9219ae60e560c4))
* **misconf:** port and protocol support for EC2 networks ([#7146](https://github.com/aquasecurity/trivy/issues/7146)) ([98e136e](https://github.com/aquasecurity/trivy/commit/98e136eb7baa2b66f4233d96875c1490144e1594))
* **misconf:** scanning support for YAML and JSON ([#7311](https://github.com/aquasecurity/trivy/issues/7311)) ([efdbd8f](https://github.com/aquasecurity/trivy/commit/efdbd8f19ab0ab0c3b48293d43e51c81b7b03b89))
* **misconf:** support for ignore by nested attributes ([#7205](https://github.com/aquasecurity/trivy/issues/7205)) ([44e4686](https://github.com/aquasecurity/trivy/commit/44e468603d44b077cc4606327fb3e7d7ca435e05))
* **misconf:** support for policy and bucket grants ([#7284](https://github.com/aquasecurity/trivy/issues/7284)) ([a817fae](https://github.com/aquasecurity/trivy/commit/a817fae85b7272b391b737ec86673a7cab722bae))
* **misconf:** variable support for Terraform Plan ([#7228](https://github.com/aquasecurity/trivy/issues/7228)) ([db2c955](https://github.com/aquasecurity/trivy/commit/db2c95598da098ca610825089eb4ab63b789b215))
* **python:** use minimum version for pip packages ([#7348](https://github.com/aquasecurity/trivy/issues/7348)) ([e9b43f8](https://github.com/aquasecurity/trivy/commit/e9b43f81e67789b067352fcb6aa55bc9478bc518))
* **report:** export modified findings in JSON ([#7383](https://github.com/aquasecurity/trivy/issues/7383)) ([7aea79d](https://github.com/aquasecurity/trivy/commit/7aea79dd93cfb61453766dbbb2e3fc0fbd317852))
* **sbom:** set User-Agent header on requests to Rekor ([#7396](https://github.com/aquasecurity/trivy/issues/7396)) ([af1d257](https://github.com/aquasecurity/trivy/commit/af1d257730422d238871beb674767f8f83c5d06a))
* **server:** add internal `--path-prefix` flag for client/server mode ([#7321](https://github.com/aquasecurity/trivy/issues/7321)) ([24a4563](https://github.com/aquasecurity/trivy/commit/24a45636867b893ff54c5ce07197f3b5c6db1d9b))
* **server:** Make Trivy Server Multiplexer Exported ([#7389](https://github.com/aquasecurity/trivy/issues/7389)) ([4c6e8ca](https://github.com/aquasecurity/trivy/commit/4c6e8ca9cc9591799907cc73075f2d740e303b8f))
* **vm:** Support direct filesystem ([#7058](https://github.com/aquasecurity/trivy/issues/7058)) ([45b3f34](https://github.com/aquasecurity/trivy/commit/45b3f344042bcd90ca63ab696b69bff0e9ab4e36))
* **vm:** support the Ext2/Ext3 filesystems ([#6983](https://github.com/aquasecurity/trivy/issues/6983)) ([35c60f0](https://github.com/aquasecurity/trivy/commit/35c60f030fa48de8d8e57958e5ba379814126831))
* **vuln:** Add `--detection-priority` flag for accuracy tuning ([#7288](https://github.com/aquasecurity/trivy/issues/7288)) ([fd8348d](https://github.com/aquasecurity/trivy/commit/fd8348d610f20c6c33da81cd7b0e7d5504ce26be))
### Bug Fixes
* **aws:** handle ECR repositories in different regions ([#6217](https://github.com/aquasecurity/trivy/issues/6217)) ([feaef96](https://github.com/aquasecurity/trivy/commit/feaef9699df5d8ca399770e701a59d7c0ff979a3))
* **flag:** incorrect behavior for deprected flag `--clear-cache` ([#7281](https://github.com/aquasecurity/trivy/issues/7281)) ([2a0e529](https://github.com/aquasecurity/trivy/commit/2a0e529c36057b572119815af59c28e4790034ca))
* **helm:** explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element ([#7362](https://github.com/aquasecurity/trivy/issues/7362)) ([da4ebfa](https://github.com/aquasecurity/trivy/commit/da4ebfa1a741f3f8b0b43289b4028afe763f7d43))
* **java:** Return error when trying to find a remote pom to avoid segfault ([#7275](https://github.com/aquasecurity/trivy/issues/7275)) ([49d5270](https://github.com/aquasecurity/trivy/commit/49d5270163e305f88fedcf50412973736e69dc69))
* **license:** add license handling to JUnit template ([#7409](https://github.com/aquasecurity/trivy/issues/7409)) ([f80183c](https://github.com/aquasecurity/trivy/commit/f80183c1139b21bb95bc64e216358f4a76001a65))
* logger initialization before flags parsing ([#7372](https://github.com/aquasecurity/trivy/issues/7372)) ([c929290](https://github.com/aquasecurity/trivy/commit/c929290c3c0e4e91337264d69e75ccb60522bc65))
* **misconf:** change default TLS values for the Azure storage account ([#7345](https://github.com/aquasecurity/trivy/issues/7345)) ([aadb090](https://github.com/aquasecurity/trivy/commit/aadb09078843250c66087f46db9a2aa48094a118))
* **misconf:** do not filter Terraform plan JSON by name ([#7406](https://github.com/aquasecurity/trivy/issues/7406)) ([9d7264a](https://github.com/aquasecurity/trivy/commit/9d7264af8e85bcc0dba600b8366d0470d455251c))
* **misconf:** do not recreate filesystem map ([#7416](https://github.com/aquasecurity/trivy/issues/7416)) ([3a5d091](https://github.com/aquasecurity/trivy/commit/3a5d091759564496992a83fb2015a21c84a22213))
* **misconf:** do not register Rego libs in checks registry ([#7420](https://github.com/aquasecurity/trivy/issues/7420)) ([a5aa63e](https://github.com/aquasecurity/trivy/commit/a5aa63eff7e229744090f9ad300c1bec3259397e))
* **misconf:** do not set default value for default_cache_behavior ([#7234](https://github.com/aquasecurity/trivy/issues/7234)) ([f0ed5e4](https://github.com/aquasecurity/trivy/commit/f0ed5e4ced7e60af35c88d5d084aa4b7237f4973))
* **misconf:** fix infer type for null value ([#7424](https://github.com/aquasecurity/trivy/issues/7424)) ([0cac3ac](https://github.com/aquasecurity/trivy/commit/0cac3ac7075017628a21a7990941df04cbc16dbe))
* **misconf:** init frameworks before updating them ([#7376](https://github.com/aquasecurity/trivy/issues/7376)) ([b65b32d](https://github.com/aquasecurity/trivy/commit/b65b32ddfa6fc62ac81ad9fa580e1f5a327864f5))
* **misconf:** load only submodule if it is specified in source ([#7112](https://github.com/aquasecurity/trivy/issues/7112)) ([a4180bd](https://github.com/aquasecurity/trivy/commit/a4180bddd43d86e479edf0afe0c362021d071482))
* **misconf:** support deprecating for Go checks ([#7377](https://github.com/aquasecurity/trivy/issues/7377)) ([2a6c7ab](https://github.com/aquasecurity/trivy/commit/2a6c7ab3b338ce4a8f99d6ac3508c2531dcbe812))
* **misconf:** use module to log when metadata retrieval fails ([#7405](https://github.com/aquasecurity/trivy/issues/7405)) ([0799770](https://github.com/aquasecurity/trivy/commit/0799770b8827a8276ad0d6d9ac7e0381c286757c))
* **misconf:** wrap Azure PortRange in iac types ([#7357](https://github.com/aquasecurity/trivy/issues/7357)) ([c5c62d5](https://github.com/aquasecurity/trivy/commit/c5c62d5ff05420321f9cdbfb93e2591e0866a342))
* **nodejs:** check all `importers` to detect dev deps from pnpm-lock.yaml file ([#7387](https://github.com/aquasecurity/trivy/issues/7387)) ([fd9ed3a](https://github.com/aquasecurity/trivy/commit/fd9ed3a330bc66e229bcbdc262dc296a3bf01f54))
* **plugin:** do not call GitHub content API for releases and tags ([#7274](https://github.com/aquasecurity/trivy/issues/7274)) ([b3ee6da](https://github.com/aquasecurity/trivy/commit/b3ee6dac269bd7847674f3ce985a5ff7f8f0ba38))
* **report:** escape `Message` field in `asff.tpl` template ([#7401](https://github.com/aquasecurity/trivy/issues/7401)) ([dd9733e](https://github.com/aquasecurity/trivy/commit/dd9733e950d3127aa2ac90c45ec7e2b88a2b47ca))
* safely check if the directory exists ([#7353](https://github.com/aquasecurity/trivy/issues/7353)) ([05a8297](https://github.com/aquasecurity/trivy/commit/05a829715f99cd90b122c64cd2f40157854e467b))
* **sbom:** use `NOASSERTION` for licenses fields in SPDX formats ([#7403](https://github.com/aquasecurity/trivy/issues/7403)) ([c96dcdd](https://github.com/aquasecurity/trivy/commit/c96dcdd440a14cdd1b01ac473b2c15e4698e387b))
* **secret:** use `.eyJ` keyword for JWT secret ([#7410](https://github.com/aquasecurity/trivy/issues/7410)) ([bf64003](https://github.com/aquasecurity/trivy/commit/bf64003ac8b209f34b88f228918a96d4f9dac5e0))
* **secret:** use only line with secret for long secret lines ([#7412](https://github.com/aquasecurity/trivy/issues/7412)) ([391448a](https://github.com/aquasecurity/trivy/commit/391448aba9fcb0a4138225e5ab305e4e6707c603))
* **terraform:** add aws_region name to presets ([#7184](https://github.com/aquasecurity/trivy/issues/7184)) ([bb2e26a](https://github.com/aquasecurity/trivy/commit/bb2e26a0ab707b718f6a890cbc87e2492298b6e5))
### Performance Improvements
* **misconf:** do not convert contents of a YAML file to string ([#7292](https://github.com/aquasecurity/trivy/issues/7292)) ([85dadf5](https://github.com/aquasecurity/trivy/commit/85dadf56265647c000191561db10b08a4948c140))
* **misconf:** optimize work with context ([#6968](https://github.com/aquasecurity/trivy/issues/6968)) ([2b6d8d9](https://github.com/aquasecurity/trivy/commit/2b6d8d9227fb6ecc9386a14333964c23c0370a52))
* **misconf:** use json.Valid to check validity of JSON ([#7308](https://github.com/aquasecurity/trivy/issues/7308)) ([c766831](https://github.com/aquasecurity/trivy/commit/c766831069e188226efafeec184e41498685ed85))
## [0.54.0](https://github.com/aquasecurity/trivy/compare/v0.53.0...v0.54.0) (2024-07-30)
### Features
* add `log.FilePath()` function for logger ([#7080](https://github.com/aquasecurity/trivy/issues/7080)) ([1f5f348](https://github.com/aquasecurity/trivy/commit/1f5f34895823fae81bf521fc939bee743a50e304))
* add openSUSE tumbleweed detection and scanning ([#6965](https://github.com/aquasecurity/trivy/issues/6965)) ([17b5dbf](https://github.com/aquasecurity/trivy/commit/17b5dbfa12180414b87859c6c46bfe6cc5ecf7ba))
* **cli:** rename `--vuln-type` flag to `--pkg-types` flag ([#7104](https://github.com/aquasecurity/trivy/issues/7104)) ([7cbdb0a](https://github.com/aquasecurity/trivy/commit/7cbdb0a0b5dff33e506e1c1f3119951fa241b432))
* **mariner:** Add support for Azure Linux ([#7186](https://github.com/aquasecurity/trivy/issues/7186)) ([5cbc452](https://github.com/aquasecurity/trivy/commit/5cbc452a09822d1bf300ead88f0d613d4cf0349a))
* **misconf:** enabled China configuration for ACRs ([#7156](https://github.com/aquasecurity/trivy/issues/7156)) ([d1ec89d](https://github.com/aquasecurity/trivy/commit/d1ec89d1db4b039f0e31076ccd1ca969fb15628e))
* **nodejs:** add license parser to pnpm analyser ([#7036](https://github.com/aquasecurity/trivy/issues/7036)) ([03ac93d](https://github.com/aquasecurity/trivy/commit/03ac93dc208f1b40896f3fa11fa1d45293176dca))
* **sbom:** add image labels into `SPDX` and `CycloneDX` reports ([#7257](https://github.com/aquasecurity/trivy/issues/7257)) ([4a2f492](https://github.com/aquasecurity/trivy/commit/4a2f492c6e685ff577fb96a7006cd0c43755baf4))
* **sbom:** add vulnerability support for SPDX formats ([#7213](https://github.com/aquasecurity/trivy/issues/7213)) ([efb1f69](https://github.com/aquasecurity/trivy/commit/efb1f6938321eec3529ef4fea6608261f6771ae0))
* share build-in rules ([#7207](https://github.com/aquasecurity/trivy/issues/7207)) ([bff317c](https://github.com/aquasecurity/trivy/commit/bff317c77bf4a5f615a80d9875d129213bd52f6d))
* **vex:** retrieve VEX attestations from OCI registries ([#7249](https://github.com/aquasecurity/trivy/issues/7249)) ([c2fd2e0](https://github.com/aquasecurity/trivy/commit/c2fd2e0d89567a0ccd996dda8790f3c3305ea6f7))
* **vex:** VEX Repository support ([#7206](https://github.com/aquasecurity/trivy/issues/7206)) ([88ba460](https://github.com/aquasecurity/trivy/commit/88ba46047c93e6046292523ae701de774dfdc4dc))
* **vuln:** add `--pkg-relationships` ([#7237](https://github.com/aquasecurity/trivy/issues/7237)) ([5c37361](https://github.com/aquasecurity/trivy/commit/5c37361600d922db27dd594b2a80c010a19b3a6e))
### Bug Fixes
* Add dependencyManagement exclusions to the child exclusions ([#6969](https://github.com/aquasecurity/trivy/issues/6969)) ([dc68a66](https://github.com/aquasecurity/trivy/commit/dc68a662a701980d6529f61a65006f1e4728a3e5))
* add missing platform and type to spec ([#7149](https://github.com/aquasecurity/trivy/issues/7149)) ([c8a7abd](https://github.com/aquasecurity/trivy/commit/c8a7abd3b508975fcf10c254d13d1a2cd42da657))
* **cli:** error on missing config file ([#7154](https://github.com/aquasecurity/trivy/issues/7154)) ([7fa5e7d](https://github.com/aquasecurity/trivy/commit/7fa5e7d0ab67f20d434b2922725988695e32e6af))
* close file when failed to open gzip ([#7164](https://github.com/aquasecurity/trivy/issues/7164)) ([2a577a7](https://github.com/aquasecurity/trivy/commit/2a577a7bae37e5731dceaea8740683573b6b70a5))
* **dotnet:** don't include non-runtime libraries into report for `*.deps.json` files ([#7039](https://github.com/aquasecurity/trivy/issues/7039)) ([5bc662b](https://github.com/aquasecurity/trivy/commit/5bc662be9a8f072599f90abfd3b400c8ab055ed6))
* **dotnet:** show `nuget package dir not found` log only when checking `nuget` packages ([#7194](https://github.com/aquasecurity/trivy/issues/7194)) ([d76feba](https://github.com/aquasecurity/trivy/commit/d76febaee107c645e864da0f4d74a8f6ae4ad232))
* ignore nodes when listing permission is not allowed ([#7107](https://github.com/aquasecurity/trivy/issues/7107)) ([25f8143](https://github.com/aquasecurity/trivy/commit/25f8143f120965c636c5ea8386398b211b082398))
* **java:** avoid panic if deps from `pom` in `it` dir are not found ([#7245](https://github.com/aquasecurity/trivy/issues/7245)) ([4e54a7e](https://github.com/aquasecurity/trivy/commit/4e54a7e84c33c1be80c52c6db78c634bc3911715))
* **java:** use `go-mvn-version` to remove `Package` duplicates ([#7088](https://github.com/aquasecurity/trivy/issues/7088)) ([a7a304d](https://github.com/aquasecurity/trivy/commit/a7a304d53e1ce230f881c28c4f35885774cf3b9a))
* **misconf:** do not evaluate TF when a load error occurs ([#7109](https://github.com/aquasecurity/trivy/issues/7109)) ([f27c236](https://github.com/aquasecurity/trivy/commit/f27c236d6e155cb366aeef619b6ea96d20fb93da))
* **nodejs:** detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` ([#7110](https://github.com/aquasecurity/trivy/issues/7110)) ([54bb8bd](https://github.com/aquasecurity/trivy/commit/54bb8bdfb934d114b5570005853bf4bc0d40c609))
* **report:** hide empty table when all secrets/license/misconfigs are ignored ([#7171](https://github.com/aquasecurity/trivy/issues/7171)) ([c3036de](https://github.com/aquasecurity/trivy/commit/c3036de6d7719323d306a9666ccc8d928d936f9a))
* **secret:** skip regular strings contain secret patterns ([#7182](https://github.com/aquasecurity/trivy/issues/7182)) ([174b1e3](https://github.com/aquasecurity/trivy/commit/174b1e3515a6394cf8d523216d6267c1aefb820a))
* **secret:** trim excessively long lines ([#7192](https://github.com/aquasecurity/trivy/issues/7192)) ([92b13be](https://github.com/aquasecurity/trivy/commit/92b13be668bd20f8e9dac2f0cb8e5a2708b9b3b5))
* **secret:** update length of `hugging-face-access-token` ([#7216](https://github.com/aquasecurity/trivy/issues/7216)) ([8c87194](https://github.com/aquasecurity/trivy/commit/8c87194f0a6b194bc5d340c8a65bd99a3132d973))
* **server:** pass license categories to options ([#7203](https://github.com/aquasecurity/trivy/issues/7203)) ([9d52018](https://github.com/aquasecurity/trivy/commit/9d5201808da89607ae43570bdf1f335b482a6b79))
### Performance Improvements
* **debian:** use `bytes.Index` in `emptyLineSplit` to cut allocation ([#7065](https://github.com/aquasecurity/trivy/issues/7065)) ([acbec05](https://github.com/aquasecurity/trivy/commit/acbec053c985388a26d899e73b4b7f5a6d1fa210))
## [0.53.0](https://github.com/aquasecurity/trivy/compare/v0.52.0...v0.53.0) (2024-07-01)
### ⚠ BREAKING CHANGES
* **k8s:** node-collector dynamic commands support ([#6861](https://github.com/aquasecurity/trivy/issues/6861))
* add clean subcommand ([#6993](https://github.com/aquasecurity/trivy/issues/6993))
* **aws:** Remove aws subcommand ([#6995](https://github.com/aquasecurity/trivy/issues/6995))
### Features
* add clean subcommand ([#6993](https://github.com/aquasecurity/trivy/issues/6993)) ([8d0ae1f](https://github.com/aquasecurity/trivy/commit/8d0ae1f5de72d92a043dcd6b7c164d30e51b6047))
* Add local ImageID to SARIF metadata ([#6522](https://github.com/aquasecurity/trivy/issues/6522)) ([f144e91](https://github.com/aquasecurity/trivy/commit/f144e912d34234f00b5a13b7a11a0019fa978b27))
* add memory cache backend ([#7048](https://github.com/aquasecurity/trivy/issues/7048)) ([55ccd06](https://github.com/aquasecurity/trivy/commit/55ccd06df43f6ff28685f46d215ccb70f55916d2))
* **aws:** Remove aws subcommand ([#6995](https://github.com/aquasecurity/trivy/issues/6995)) ([979e118](https://github.com/aquasecurity/trivy/commit/979e118a9e0ca8943bef9143f492d7eb1fd4d863))
* **conda:** add licenses support for `environment.yml` files ([#6953](https://github.com/aquasecurity/trivy/issues/6953)) ([654217a](https://github.com/aquasecurity/trivy/commit/654217a65485ca0a07771ea61071977894eb4920))
* **dart:** use first version of constraint for dependencies using SDK version ([#6239](https://github.com/aquasecurity/trivy/issues/6239)) ([042d6b0](https://github.com/aquasecurity/trivy/commit/042d6b08c283105c258a3dda98983b345a5305c3))
* **image:** Set User-Agent header for Trivy container registry requests ([#6868](https://github.com/aquasecurity/trivy/issues/6868)) ([9b31697](https://github.com/aquasecurity/trivy/commit/9b31697274c8743d6e5a8f7a1a05daf60cd15910))
* **java:** add support for `maven-metadata.xml` files for remote snapshot repositories. ([#6950](https://github.com/aquasecurity/trivy/issues/6950)) ([1f8fca1](https://github.com/aquasecurity/trivy/commit/1f8fca1fc77b989bb4e3ba820b297464dbdd825f))
* **java:** add support for sbt projects using sbt-dependency-lock ([#6882](https://github.com/aquasecurity/trivy/issues/6882)) ([f18d035](https://github.com/aquasecurity/trivy/commit/f18d035ae13b281c96aa4ed69ca32e507d336e66))
* **k8s:** node-collector dynamic commands support ([#6861](https://github.com/aquasecurity/trivy/issues/6861)) ([8d618e4](https://github.com/aquasecurity/trivy/commit/8d618e48a2f1b60c2e4c49cdd9deb8eb45c972b0))
* **misconf:** add metadata to Cloud schema ([#6831](https://github.com/aquasecurity/trivy/issues/6831)) ([02d5404](https://github.com/aquasecurity/trivy/commit/02d540478d495416b50d7e8b187ff9f5bba41f45))
* **misconf:** add support for AWS::EC2::SecurityGroupIngress/Egress ([#6755](https://github.com/aquasecurity/trivy/issues/6755)) ([55fa610](https://github.com/aquasecurity/trivy/commit/55fa6109cd0463fd3221aae41ca7b1d8c44ad430))
* **misconf:** API Gateway V1 support for CloudFormation ([#6874](https://github.com/aquasecurity/trivy/issues/6874)) ([8491469](https://github.com/aquasecurity/trivy/commit/8491469f0b35bd9df706a433669f5b62239d4ef3))
* **misconf:** support of selectors for all providers for Rego ([#6905](https://github.com/aquasecurity/trivy/issues/6905)) ([bc3741a](https://github.com/aquasecurity/trivy/commit/bc3741ae2c68cdd00fc0aef7e51985568b2eb78a))
* **php:** add installed.json file support ([#4865](https://github.com/aquasecurity/trivy/issues/4865)) ([edc556b](https://github.com/aquasecurity/trivy/commit/edc556b85e3554c31e19b1ece189effb9ba2be12))
* **plugin:** add support for nested archives ([#6845](https://github.com/aquasecurity/trivy/issues/6845)) ([622c67b](https://github.com/aquasecurity/trivy/commit/622c67b7647f94d0a0ca3acf711d8f847cdd8d98))
* **sbom:** migrate to `CycloneDX v1.6` ([#6903](https://github.com/aquasecurity/trivy/issues/6903)) ([09e50ce](https://github.com/aquasecurity/trivy/commit/09e50ce6a82073ba62f1732d5aa0cd2701578693))
### Bug Fixes
* **c:** don't skip conan files from `file-patterns` and scan `.conan2` cache dir ([#6949](https://github.com/aquasecurity/trivy/issues/6949)) ([38b35dd](https://github.com/aquasecurity/trivy/commit/38b35dd3c804027e7a6e6a9d3c87b7ac333896c5))
* **cli:** show info message only when --scanners is available ([#7032](https://github.com/aquasecurity/trivy/issues/7032)) ([e9fc3e3](https://github.com/aquasecurity/trivy/commit/e9fc3e3397564512038ddeca2adce0efcb3f93c5))
* **cyclonedx:** trim non-URL info for `advisory.url` ([#6952](https://github.com/aquasecurity/trivy/issues/6952)) ([417212e](https://github.com/aquasecurity/trivy/commit/417212e0930aa52a27ebdc1b9370d2943ce0f8fa))
* **debian:** take installed files from the origin layer ([#6849](https://github.com/aquasecurity/trivy/issues/6849)) ([089b953](https://github.com/aquasecurity/trivy/commit/089b953462260f01c40bdf588b2568ae0ef658bc))
* **image:** parse `image.inspect.Created` field only for non-empty values ([#6948](https://github.com/aquasecurity/trivy/issues/6948)) ([0af5730](https://github.com/aquasecurity/trivy/commit/0af5730cbe56686417389c2fad643c1bdbb33999))
* **license:** return license separation using separators `,`, `or`, etc. ([#6916](https://github.com/aquasecurity/trivy/issues/6916)) ([52f7aa5](https://github.com/aquasecurity/trivy/commit/52f7aa54b520a90a19736703f8ea63cc20fab104))
* **misconf:** fix caching of modules in subdirectories ([#6814](https://github.com/aquasecurity/trivy/issues/6814)) ([0bcfedb](https://github.com/aquasecurity/trivy/commit/0bcfedbcaa9bbe30ee5ecade5b98e9ce3cc54c9b))
* **misconf:** fix parsing of engine links and frameworks ([#6937](https://github.com/aquasecurity/trivy/issues/6937)) ([ec68c9a](https://github.com/aquasecurity/trivy/commit/ec68c9ab4580d057720179173d58734402c92af4))
* **misconf:** handle source prefix to ignore ([#6945](https://github.com/aquasecurity/trivy/issues/6945)) ([c3192f0](https://github.com/aquasecurity/trivy/commit/c3192f061d7e84eaf38df8df7c879dc00b4ca137))
* **misconf:** parsing numbers without fraction as int ([#6834](https://github.com/aquasecurity/trivy/issues/6834)) ([8141a13](https://github.com/aquasecurity/trivy/commit/8141a137ba50b553a9da877d95c7ccb491d041c6))
* **nodejs:** fix infinite loop when package link from `package-lock.json` file is broken ([#6858](https://github.com/aquasecurity/trivy/issues/6858)) ([cf5aa33](https://github.com/aquasecurity/trivy/commit/cf5aa336e660e4c98481ebf8d15dd4e54c38581e))
* **nodejs:** fix infinity loops for `pnpm` with cyclic imports ([#6857](https://github.com/aquasecurity/trivy/issues/6857)) ([7d083bc](https://github.com/aquasecurity/trivy/commit/7d083bc890eccc3bf32765c6d7e922cab2e2ef94))
* **plugin:** respect `--insecure` ([#7022](https://github.com/aquasecurity/trivy/issues/7022)) ([3d02a31](https://github.com/aquasecurity/trivy/commit/3d02a31b44924f9e2495aae087f7ca9de3314db4))
* **purl:** add missed os types ([#6955](https://github.com/aquasecurity/trivy/issues/6955)) ([2d85a00](https://github.com/aquasecurity/trivy/commit/2d85a003b22298d1101f84559f7c6b470f2b3909))
* **python:** compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase ([#6852](https://github.com/aquasecurity/trivy/issues/6852)) ([faa9d92](https://github.com/aquasecurity/trivy/commit/faa9d92cfeb8d924deda2dac583b6c97099c08d9))
* **sbom:** don't overwrite `srcEpoch` when decoding SBOM files ([#6866](https://github.com/aquasecurity/trivy/issues/6866)) ([04af59c](https://github.com/aquasecurity/trivy/commit/04af59c2906bcfc7f7970b4e8f45a90f04313170))
* **sbom:** fix panic when scanning SBOM file without root component into SBOM format ([#7051](https://github.com/aquasecurity/trivy/issues/7051)) ([3d4ae8b](https://github.com/aquasecurity/trivy/commit/3d4ae8b5be94cd9b00badeece8d86c2258b2cd90))
* **sbom:** take pkg name from `purl` for maven pkgs ([#7008](https://github.com/aquasecurity/trivy/issues/7008)) ([a76e328](https://github.com/aquasecurity/trivy/commit/a76e3286c413de3dec55394fb41dd627dfee37ae))
* **sbom:** use `purl` for `bitnami` pkg names ([#6982](https://github.com/aquasecurity/trivy/issues/6982)) ([7eabb92](https://github.com/aquasecurity/trivy/commit/7eabb92ec2e617300433445718be07ac74956454))
* **sbom:** use package UIDs for uniqueness ([#7042](https://github.com/aquasecurity/trivy/issues/7042)) ([14d71ba](https://github.com/aquasecurity/trivy/commit/14d71ba63c39e51dd4179ba2d6002b46e1816e90))
* **secret:** `Asymmetric Private Key` shouldn't start with space ([#6867](https://github.com/aquasecurity/trivy/issues/6867)) ([bb26445](https://github.com/aquasecurity/trivy/commit/bb26445e3df198df77930329f532ac5ab7a67af2))
* **suse:** Add SLES 15.6 and Leap 15.6 ([#6964](https://github.com/aquasecurity/trivy/issues/6964)) ([5ee4e9d](https://github.com/aquasecurity/trivy/commit/5ee4e9d30ea814f60fd5705361cabf2e83a47a78))
* use embedded when command path not found ([#7037](https://github.com/aquasecurity/trivy/issues/7037)) ([137c916](https://github.com/aquasecurity/trivy/commit/137c9164238ffd989a0c5ed24f23a55bbf341f6e))
## [0.52.0](https://github.com/aquasecurity/trivy/compare/v0.51.1...v0.52.0) (2024-06-03)
### Features
* Add Julia language analyzer support ([#5635](https://github.com/aquasecurity/trivy/issues/5635)) ([fecafb1](https://github.com/aquasecurity/trivy/commit/fecafb1fc5bb129c7485342a0775f0dd8bedd28e))
* add support for plugin index ([#6674](https://github.com/aquasecurity/trivy/issues/6674)) ([26faf8f](https://github.com/aquasecurity/trivy/commit/26faf8f3f04b1c5f9f81c03ffc6b2008732207e2))
* **misconf:** Add support for deprecating a check ([#6664](https://github.com/aquasecurity/trivy/issues/6664)) ([88702cf](https://github.com/aquasecurity/trivy/commit/88702cfd5918b093defc5b5580f7cbf16f5f2417))
* **misconf:** add Terraform 'removed' block to schema ([#6640](https://github.com/aquasecurity/trivy/issues/6640)) ([b7a0a13](https://github.com/aquasecurity/trivy/commit/b7a0a131a03ed49c08d3b0d481bc9284934fd6e1))
* **misconf:** register builtin Rego funcs from trivy-checks ([#6616](https://github.com/aquasecurity/trivy/issues/6616)) ([7c22ee3](https://github.com/aquasecurity/trivy/commit/7c22ee3df5ee51beb90e44428a99541b3d19ab98))
* **misconf:** resolve tf module from OpenTofu compatible registry ([#6743](https://github.com/aquasecurity/trivy/issues/6743)) ([ac74520](https://github.com/aquasecurity/trivy/commit/ac7452009bf7ca0fa8ee1de8807c792eabad405a))
* **misconf:** support for VPC resources for inbound/outbound rules ([#6779](https://github.com/aquasecurity/trivy/issues/6779)) ([349caf9](https://github.com/aquasecurity/trivy/commit/349caf96bc3dd81551d488044f1adfdb947f39fb))
* **misconf:** support symlinks inside of Helm archives ([#6621](https://github.com/aquasecurity/trivy/issues/6621)) ([4eae37c](https://github.com/aquasecurity/trivy/commit/4eae37c52b035b3576361c12f70d3d9517d0a73c))
* **nodejs:** add v9 pnpm lock file support ([#6617](https://github.com/aquasecurity/trivy/issues/6617)) ([1e08648](https://github.com/aquasecurity/trivy/commit/1e0864842e32a709941d4b4e8f521602bcee684d))
* **plugin:** specify plugin version ([#6683](https://github.com/aquasecurity/trivy/issues/6683)) ([d6dc567](https://github.com/aquasecurity/trivy/commit/d6dc56732babbc9d7f788c280a768d8648aa093d))
* **python:** add license support for `requirement.txt` files ([#6782](https://github.com/aquasecurity/trivy/issues/6782)) ([29615be](https://github.com/aquasecurity/trivy/commit/29615be85e8bfeaf5a0cd51829b1898c55fa4274))
* **python:** add line number support for `requirement.txt` files ([#6729](https://github.com/aquasecurity/trivy/issues/6729)) ([2bc54ad](https://github.com/aquasecurity/trivy/commit/2bc54ad2752aba5de4380cb92c13b09c0abefd73))
* **report:** Include licenses and secrets filtered by rego to ModifiedFindings ([#6483](https://github.com/aquasecurity/trivy/issues/6483)) ([fa3cf99](https://github.com/aquasecurity/trivy/commit/fa3cf993eace4be793f85907b42365269c597b91))
* **vex:** improve relationship support in CSAF VEX ([#6735](https://github.com/aquasecurity/trivy/issues/6735)) ([a447f6b](https://github.com/aquasecurity/trivy/commit/a447f6ba94b6f8b14177dc5e4369a788e2020d90))
* **vex:** support non-root components for products in OpenVEX ([#6728](https://github.com/aquasecurity/trivy/issues/6728)) ([9515695](https://github.com/aquasecurity/trivy/commit/9515695d45e9b5c20890e27e21e3ab45bfd4ce5f))
### Bug Fixes
* clean up golangci lint configuration ([#6797](https://github.com/aquasecurity/trivy/issues/6797)) ([62de6f3](https://github.com/aquasecurity/trivy/commit/62de6f3feba6e4c56ad3922441d5b0f150c3d6b7))
* **cli:** always output fatal errors to stderr ([#6827](https://github.com/aquasecurity/trivy/issues/6827)) ([c2b9132](https://github.com/aquasecurity/trivy/commit/c2b9132a7e933a68df4cc0eb86aab23719ded1b5))
* close APKINDEX archive file ([#6672](https://github.com/aquasecurity/trivy/issues/6672)) ([5caf437](https://github.com/aquasecurity/trivy/commit/5caf4377f3a7fcb1f6e1a84c67136ae62d100be3))
* close settings.xml ([#6768](https://github.com/aquasecurity/trivy/issues/6768)) ([9c3e895](https://github.com/aquasecurity/trivy/commit/9c3e895fcb0852c00ac03ed21338768f76b5273b))
* close testfile ([#6830](https://github.com/aquasecurity/trivy/issues/6830)) ([aa0c413](https://github.com/aquasecurity/trivy/commit/aa0c413814e8915b38d2285c6a8ba5bc3f0705b4))
* **conda:** add support `pip` deps for `environment.yml` files ([#6675](https://github.com/aquasecurity/trivy/issues/6675)) ([150a773](https://github.com/aquasecurity/trivy/commit/150a77313e980cd63797a89a03afcbc97b285f38))
* **go:** add only non-empty root modules for `gobinaries` ([#6710](https://github.com/aquasecurity/trivy/issues/6710)) ([c96f2a5](https://github.com/aquasecurity/trivy/commit/c96f2a5b3de820da37e14594dd537c3b0949ae9c))
* **go:** include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` ([#6705](https://github.com/aquasecurity/trivy/issues/6705)) ([afb4f9d](https://github.com/aquasecurity/trivy/commit/afb4f9dc4730671ba004e1734fa66422c4c86dad))
* Golang version parsing from binaries w/GOEXPERIMENT ([#6696](https://github.com/aquasecurity/trivy/issues/6696)) ([696f2ae](https://github.com/aquasecurity/trivy/commit/696f2ae0ecdd4f90303f41249924a09ace70dd78))
* include packages unless it is not needed ([#6765](https://github.com/aquasecurity/trivy/issues/6765)) ([56dbe1f](https://github.com/aquasecurity/trivy/commit/56dbe1f6768fe67fbc1153b74fde0f83eaa1b281))
* **misconf:** don't shift ignore rule related to code ([#6708](https://github.com/aquasecurity/trivy/issues/6708)) ([39a746c](https://github.com/aquasecurity/trivy/commit/39a746c77837f873e87b81be40676818030f44c5))
* **misconf:** skip Rego errors with a nil location ([#6638](https://github.com/aquasecurity/trivy/issues/6638)) ([a2c522d](https://github.com/aquasecurity/trivy/commit/a2c522ddb229f049999c4ce74ef75a0e0f9fdc62))
* **misconf:** skip Rego errors with a nil location ([#6666](https://github.com/aquasecurity/trivy/issues/6666)) ([a126e10](https://github.com/aquasecurity/trivy/commit/a126e1075a44ef0e40c0dc1e214d1c5955f80242))
* node-collector high and critical cves ([#6707](https://github.com/aquasecurity/trivy/issues/6707)) ([ff32deb](https://github.com/aquasecurity/trivy/commit/ff32deb7bf9163c06963f557228260b3b8c161ed))
* **plugin:** initialize logger ([#6836](https://github.com/aquasecurity/trivy/issues/6836)) ([728e77a](https://github.com/aquasecurity/trivy/commit/728e77a7261dc3fcda1e61e79be066c789bbba0c))
* **python:** add package name and version validation for `requirements.txt` files. ([#6804](https://github.com/aquasecurity/trivy/issues/6804)) ([ea3a124](https://github.com/aquasecurity/trivy/commit/ea3a124fc7162c30c7f1a59bdb28db0b3c8bb86d))
* **report:** hide empty tables if all vulns has been filtered ([#6352](https://github.com/aquasecurity/trivy/issues/6352)) ([3d388d8](https://github.com/aquasecurity/trivy/commit/3d388d8552ef42d4d54176309a38c1879008527b))
* **sbom:** fix panic for `convert` mode when scanning json file derived from sbom file ([#6808](https://github.com/aquasecurity/trivy/issues/6808)) ([f92ea09](https://github.com/aquasecurity/trivy/commit/f92ea096856c7c262b05bd4d31c62689ebafac82))
* use of specified context to obtain cluster name ([#6645](https://github.com/aquasecurity/trivy/issues/6645)) ([39ebed4](https://github.com/aquasecurity/trivy/commit/39ebed45f8c218509d264bd3f3ca548fc33d2b3a))
### Performance Improvements
* **misconf:** parse rego input once ([#6615](https://github.com/aquasecurity/trivy/issues/6615)) ([67c6b1d](https://github.com/aquasecurity/trivy/commit/67c6b1d473999003d682bdb42657bbf3a4a69a9c))

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM alpine:3.20.3
FROM alpine:3.18.2
RUN apk --no-cache add ca-certificates git
COPY trivy /usr/local/bin/trivy
COPY contrib/*.tpl contrib/

2
Dockerfile.canary
View File

@@ -1,4 +1,4 @@
FROM alpine:3.20.0
FROM alpine:3.18.2
RUN apk --no-cache add ca-certificates git
# binaries were created with GoReleaser

15
Dockerfile.protoc
View File

@@ -1,20 +1,15 @@
FROM --platform=linux/amd64 golang:1.22
FROM golang:1.19
# Set environment variable for protoc
# Install protoc (cf. http://google.github.io/proto-lens/installing-protoc.html)
ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip
# Install unzip for protoc installation and clean up cache
RUN apt-get update && apt-get install -y unzip && rm -rf /var/lib/apt/lists/*
# Download and install protoc
RUN apt-get update && apt-get install -y unzip
RUN curl --retry 5 -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/$PROTOC_ZIP \
&& unzip -o $PROTOC_ZIP -d /usr/local bin/protoc \
&& unzip -o $PROTOC_ZIP -d /usr/local 'include/*' \
&& rm -f $PROTOC_ZIP
# Install Go tools
RUN go install github.com/twitchtv/twirp/protoc-gen-twirp@v8.1.0
RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.0
RUN go install github.com/magefile/mage@v1.15.0
RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
RUN go install github.com/magefile/mage@v1.14.0
ENV TRIVY_PROTOC_CONTAINER=true

5
README.md
View File

@@ -21,6 +21,7 @@ Targets (what Trivy can scan):
- Git Repository (remote)
- Virtual Machine Image
- Kubernetes
- AWS
Scanners (what Trivy can find there):
@@ -77,7 +78,7 @@ https://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-a
</details>
```bash
trivy fs --scanners vuln,secret,misconfig myproject/
trivy fs --scanners vuln,secret,config myproject/
```
<details>
@@ -138,7 +139,7 @@ Please ensure to abide by our [Code of Conduct][code-of-conduct] during all inte
[Installation]:https://aquasecurity.github.io/trivy/latest/getting-started/installation/
[Ecosystem]: https://aquasecurity.github.io/trivy/latest/ecosystem/
[Scanning Coverage]: https://aquasecurity.github.io/trivy/latest/docs/coverage/
[Scanning Coverage]: https://aquasecurity.github.io/trivy/latest/getting-started/coverage/
[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[rego]: https://www.openpolicyagent.org/docs/latest/#rego

2
aqua.yaml
View File

@@ -5,6 +5,6 @@ registries:
- type: standard
ref: v3.157.0 # renovate: depName=aquaproj/aqua-registry
packages:
- name: tinygo-org/tinygo@v0.31.1
- name: tinygo-org/tinygo@v0.27.0
- name: WebAssembly/binaryen@version_112
- name: magefile/mage@v1.14.0

BIN
brand/Trivy-OSS-Logo-Color-Horizontal-RGB-2022.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

56
brand/Trivy-OSS-Logo-Color-Horizontal-RGB-2022.svg Normal file
View File

@@ -0,0 +1,56 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Generator: Adobe Illustrator 26.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="_x30_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 265 135" enable-background="new 0 0 265 135" xml:space="preserve">
<g>
<path fill="#07242D" d="M148.629,103.076v5.928c-4.038,0-7.676-1.454-10.545-3.863c-3.605-3.025-5.894-7.565-5.894-12.638V62.815
h5.894v13.471h10.545v5.966h-10.545v10.395C138.164,98.419,142.84,103.076,148.629,103.076z"/>
<path fill="#07242D" d="M169.65,76.285v5.889c-5.591,0.011-10.143,4.446-10.345,9.984v16.845h-5.908V76.285h5.908v3.735
C162.113,77.689,165.718,76.291,169.65,76.285z"/>
<path fill="#07242D" d="M173.447,68.698v-5.9h5.897v5.9H173.447z M173.447,109.003V76.285h5.897v32.719H173.447z"/>
<path fill="#07242D" d="M215.508,76.285l-16.348,32.719l-16.364-32.719h6.699l9.665,19.32l9.646-19.32L215.508,76.285z"/>
<path fill="#07242D" d="M250.874,76.285c0,0,0,35.771,0,38.135c0,9.136-7.493,16.428-16.37,16.423
c-4.157,0-8.009-1.576-10.934-4.196l4.24-4.24c1.809,1.532,4.143,2.464,6.693,2.459c5.745,0,10.396-4.696,10.396-10.446v-9.141
c-2.85,2.359-6.488,3.724-10.396,3.724c-8.894,0.005-16.384-7.171-16.384-16.372c0-0.194,0-16.345,0-16.345h5.972
c0,0,0.003,15.907,0.003,16.345c0,5.722,4.659,10.451,10.409,10.446c5.745,0,10.396-4.701,10.396-10.446V76.285H250.874z"/>
</g>
<g>
<polygon fill="#FFFFFF" points="65.469,5.431 10.124,37.409 10.125,101.877 65.462,134.109 120.813,101.895 120.813,37.407 "/>
<g>
<path fill="#1904DA" d="M63.957,92.94V79.575c-6.048-2.856-9.846-8.792-9.768-15.27l-12.456-7.193
c-0.783,7.101,0.852,14.447,4.636,20.771C50.545,84.86,56.46,89.923,63.957,92.94z"/>
<path fill="#1904DA" d="M63.957,111.255V95.742c-8.438-3.162-15.089-8.73-19.77-16.553c-4.275-7.141-5.989-15.458-4.842-23.457
l-11.564-6.678C21.14,74.652,36.57,101.186,63.957,111.255z"/>
<path fill="#08B1D5" d="M66.804,95.596v15.649c26.877-10.306,42.715-37.348,36.372-62.1l-11.488,6.693
c1.481,8.635,0.079,16.879-4.065,23.865C83.476,86.697,76.281,92.188,66.804,95.596z"/>
<path fill="#08B1D5" d="M66.804,79.551v13.402c8.456-3.219,14.89-8.239,18.632-14.548c3.675-6.197,5.016-13.512,3.896-21.2
L76.888,64.38C76.826,70.53,73.171,76.032,66.804,79.551z"/>
<path fill="#FFC900" d="M78.53,41.442c5.228,2.549,9.501,6.608,12.373,11.749l11.183-6.458c-0.075-0.106-0.146-0.211-0.211-0.316
c-4.4-7.116-10.209-12.47-17.267-15.913c-19.641-9.576-44.026-2.441-55.772,16.23l11.227,6.481
C48.47,40.151,65.268,34.975,78.53,41.442z"/>
<path fill="#FFC900" d="M65.771,55.646c1.762,0,3.527,0.385,5.182,1.193h0.001c2.175,1.062,3.954,2.75,5.158,4.894L88.7,54.463
c-2.618-4.7-6.516-8.409-11.285-10.735c-12.078-5.888-27.409-1.16-35.147,10.76l12.525,7.229
C57.397,57.836,61.572,55.646,65.771,55.646z"/>
<path fill="#08B1D5" d="M66.804,130.848l51.828-30.205V40.14l-13.177,7.677c7.242,26.586-9.654,55.513-38.651,66.142V130.848z"/>
<path fill="#1904DA" d="M25.5,47.738l-13.196-7.621v60.509l51.653,30.22v-16.883C34.902,103.736,18.087,74.773,25.5,47.738z"/>
<path fill="#FFC900" d="M85.722,28.218c7.498,3.656,13.661,9.329,18.316,16.859c0.074,0.12,0.164,0.245,0.263,0.376l13.056-7.539
L65.469,7.948l-51.9,29.973l13.061,7.54C39.042,25.644,64.896,18.062,85.722,28.218z"/>
<path fill="#FF0036" d="M74.264,64.806c0.001-0.014,0.022-0.508-0.015-1.301c-0.104-0.324-1.328-2.715-4.385-4.383
c-2.089-1.139-4.769-1.27-7.357-0.362c-2.536,0.891-4.688,2.664-5.922,4.873c-0.015,0.192-0.044,0.647-0.022,1.173
c0.167,4.129,2.721,9.743,7.931,12.311l0.802,0.383l0.696-0.372C71.055,74.294,74.07,69.803,74.264,64.806z"/>
</g>
</g>
<g>
<path fill="#07242D" d="M149.768,48.152h-8.789c-4.846,0-8.789-3.943-8.789-8.789c0-4.846,3.943-8.789,8.789-8.789
s8.789,3.943,8.789,8.789V48.152z M140.979,34.143c-2.878,0-5.22,2.342-5.22,5.22c0,2.878,2.342,5.22,5.22,5.22h5.22v-5.22
C146.199,36.485,143.858,34.143,140.979,34.143z"/>
<path fill="#07242D" d="M208.745,48.152h-8.789c-4.846,0-8.789-3.943-8.789-8.789c0-4.846,3.943-8.789,8.789-8.789
c4.846,0,8.789,3.943,8.789,8.789V48.152z M199.956,34.143c-2.878,0-5.22,2.342-5.22,5.22c0,2.878,2.342,5.22,5.22,5.22h5.22v-5.22
C205.176,36.485,202.835,34.143,199.956,34.143z"/>
<path fill="#07242D" d="M180.296,48.156c-4.848,0-8.793-3.944-8.793-8.793v-8.248h3.571v8.248c0,2.879,2.343,5.222,5.222,5.222
c2.879,0,5.222-2.343,5.222-5.222v-8.248h3.571v8.248C189.089,44.211,185.144,48.156,180.296,48.156z"/>
<path fill="#07242D" d="M160.636,30.574c-4.846,0-8.789,3.943-8.789,8.789c0,4.846,3.943,8.789,8.789,8.789l3.569-3.569h-3.569
c-2.878,0-5.22-2.342-5.22-5.22c0-2.878,2.342-5.22,5.22-5.22c2.878,0,5.22,2.342,5.22,5.22V56.54h3.569V39.363
C169.425,34.516,165.482,30.574,160.636,30.574z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.7 KiB

BIN
brand/Trivy-OSS-Logo-Color-Horizontal-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

85
brand/Trivy-OSS-Logo-Color-Horizontal-RGB.svg
View File

@@ -1,85 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891;" xml:space="preserve">
<style type="text/css">
.st0{fill:#031730;}
.st1{fill:#08B1D5;}
.st2{fill:#1904DA;}
.st3{fill:#FFC900;}
.st4{fill:#FF0036;}
</style>
<g>
<g>
<g>
<g>
<g>
<path class="st0" d="M1437.8,277.53h-46.05c-25.39,0-46.05-20.66-46.05-46.05c0-25.39,20.66-46.05,46.05-46.05
c25.39,0,46.05,20.66,46.05,46.05V277.53z M1391.75,204.13c-15.08,0-27.35,12.27-27.35,27.35c0,15.08,12.27,27.35,27.35,27.35
h27.35v-27.35C1419.1,216.4,1406.84,204.13,1391.75,204.13z"/>
</g>
</g>
<g>
<g>
<path class="st0" d="M1746.82,277.53h-46.05c-25.39,0-46.05-20.66-46.05-46.05c0-25.39,20.66-46.05,46.05-46.05
c25.39,0,46.05,20.66,46.05,46.05V277.53z M1700.77,204.13c-15.08,0-27.35,12.27-27.35,27.35c0,15.08,12.27,27.35,27.35,27.35
h27.35v-27.35C1728.12,216.4,1715.85,204.13,1700.77,204.13z"/>
</g>
</g>
<g>
<path class="st0" d="M1597.76,277.55c-25.4,0-46.07-20.66-46.07-46.07v-43.22h18.71v43.22c0,15.09,12.28,27.36,27.36,27.36
s27.36-12.28,27.36-27.36v-43.22h18.71v43.22C1643.83,256.88,1623.16,277.55,1597.76,277.55z"/>
</g>
<g>
<path class="st0" d="M1494.75,185.43c-25.39,0-46.05,20.66-46.05,46.05c0,25.39,20.66,46.05,46.05,46.05l18.7-18.7h-18.7
c-15.08,0-27.35-12.27-27.35-27.35c0-15.08,12.27-27.35,27.35-27.35s27.35,12.27,27.35,27.35v90h18.7v-90
C1540.8,206.09,1520.14,185.43,1494.75,185.43z"/>
</g>
</g>
</g>
<g>
<g>
<path class="st0" d="M968.09,578.05v45.38c-30.92,0-58.76-11.12-80.72-29.55c-27.59-23.17-45.14-57.93-45.14-96.78V269.82h45.14
v103.14h80.72v45.68h-80.72v79.6C887.98,542.42,923.77,578.05,968.09,578.05z"/>
<path class="st0" d="M1128.93,372.97v45.08c-42.79,0.09-77.63,34.03-79.2,76.45v128.94h-45.21V372.96h45.21v28.59
C1071.24,383.73,1098.84,373.01,1128.93,372.97z"/>
<path class="st0" d="M1157.94,347.93v-39.5h45.14v39.5H1157.94z M1157.94,623.44V372.96h45.14v250.48H1157.94z"/>
<path class="st0" d="M1479.86,372.96l-125.14,250.48l-125.3-250.48h51.3l73.99,147.93l73.84-147.93H1479.86z"/>
<path class="st0" d="M1750.5,372.96c0,0,0,273.85,0,291.97c0,69.91-57.37,125.75-125.32,125.69
c-31.84,0.03-61.33-12.05-83.7-32.11l32.45-32.45c13.85,11.74,31.73,18.85,51.25,18.82c43.98,0,79.58-35.97,79.58-79.95v-69.99
c-21.82,18.06-49.68,28.52-79.58,28.49c-68.1,0.06-125.44-54.9-125.44-125.35c0-1.49,0-125.13,0-125.13h45.73
c0,0,0.02,121.79,0.02,125.13c0,43.8,35.68,80,79.69,79.96c43.98,0,79.58-35.97,79.58-79.96V372.96H1750.5z"/>
</g>
</g>
<g>
<g>
<g>
<path class="st1" d="M463.95,358.89c0.04,0,0.08,0,0.12,0c6.43,0.01,11.75-4.93,11.75-11.36V134.47l-11.99-6.7l-11.94,6.67
v213.1c0,6.43,5.32,11.38,11.75,11.35C463.73,358.89,463.84,358.89,463.95,358.89z"/>
<path class="st2" d="M392.02,455.6L194.35,588.27v15.11l11.26,6.17L405.34,475.5c5.13-3.44,6.41-10.31,3.09-15.52
c-0.14-0.22-0.28-0.44-0.42-0.67C404.58,453.78,397.42,451.98,392.02,455.6z"/>
<path class="st3" d="M522.51,475.6l199.56,133.93l11.23-6.15v-15.14L535.83,455.71c-5.4-3.62-12.56-1.83-16,3.69
c-0.13,0.21-0.26,0.42-0.4,0.63C516.09,465.26,517.36,472.15,522.51,475.6z"/>
<path class="st0" d="M757.23,277.9V264.2l-12.26-6.85l-0.91-0.48L475.5,106.89l-11.68-6.51l-11.63,6.51L183.58,256.88
l-0.91,0.48l-12.25,6.85v13.69l-0.91,0.53l0.91,0.48v13.64v325.01l12.45,6.8l261.62,143.33l3.3,1.82l16.08,8.81l16.04-8.81
l3.3-1.82l261.62-143.33l12.4-6.8V292.55v-13.6l0.96-0.53L757.23,277.9z M476.11,744.33V502.51c0-6.59-5.39-11.98-11.98-11.97
l-0.18,0l-0.12,0c-6.59-0.01-11.98,5.38-11.98,11.97v241.81L205.61,609.55l-11.26-6.17v-15.11V290.06l196.06,107.42
c5.66,3.1,12.84,1.02,15.97-4.63l0.14-0.25c3.16-5.71,1.06-12.96-4.67-16.1L208.33,270.47l243.55-136.03l11.94-6.67l11.99,6.7
l243.5,136.01L525.64,376.58c-5.7,3.12-7.48,10.25-4.32,15.92c0.05,0.1,0.11,0.19,0.16,0.29c3.1,5.62,10.02,7.85,15.65,4.77
l196.16-107.5v298.19v15.14l-11.23,6.15L476.11,744.33z"/>
</g>
<circle class="st4" cx="463.95" cy="424.72" r="34.73"/>
</g>
<path class="st1" d="M649.35,258.97L461.77,153.83c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59
l187.58,105.15c5.77,3.23,7.82,10.53,4.59,16.29v0C662.41,260.15,655.12,262.2,649.35,258.97z"/>
<path class="st1" d="M567.15,267.09l-105.38-59.07c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59
l105.38,59.07c5.77,3.23,7.82,10.53,4.59,16.29l0,0C580.21,268.26,572.92,270.32,567.15,267.09z"/>
<path class="st1" d="M601.67,286.44L601.67,286.44c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59l0,0
c5.77,3.23,7.82,10.53,4.59,16.29v0C614.73,287.61,607.44,289.67,601.67,286.44z"/>
<path class="st1" d="M497.04,283.82l-35-19.62c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59l35,19.62
c5.77,3.23,7.82,10.53,4.59,16.29l0,0C510.1,284.99,502.8,287.05,497.04,283.82z"/>
<path class="st1" d="M549.85,316.05l-20.26-11.36c-5.77-3.23-7.82-10.53-4.59-16.29h0c3.23-5.77,10.53-7.82,16.29-4.59
l20.26,11.36c5.77,3.23,7.82,10.53,4.59,16.29v0C562.91,317.23,555.61,319.28,549.85,316.05z"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 5.3 KiB

BIN
brand/Trivy-OSS-Logo-Color-Stacked-RGB-2022.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 81 KiB

202
brand/Trivy-OSS-Logo-Color-Stacked-RGB-2022.svg Normal file
View File

@@ -0,0 +1,202 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Generator: Adobe Illustrator 26.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="_x30_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 500 524" enable-background="new 0 0 500 524" xml:space="preserve">
<g display="none">
<g display="inline">
<path fill="#07242D" d="M-483.763,450.803h-11.559l-22.557-22.807c-0.919,0.114-1.853,0.174-2.802,0.174v22.632h-8.238v-63.931
h8.239c0,0-0.016,33.158,0,33.158c4.013,0,7.684-1.656,10.29-4.32l9.86-10.073h11.814l-16.032,15.918
c-1.42,1.421-3.031,2.655-4.787,3.659L-483.763,450.803z"/>
<path fill="#07242D" d="M-438.316,405.517v22.819c0,0,0,0.033,0,0.049c0,12.39-10.039,22.418-22.429,22.418
c-12.389,0-22.421-10.059-22.421-22.448c0-0.017,0-22.837,0-22.837h7.989v22.819c0,7.967,6.466,14.457,14.433,14.457
c7.966,0,14.424-6.491,14.424-14.457v-22.819H-438.316z"/>
<path fill="#07242D" d="M-385.244,428.166c0,12.501-10.133,22.636-22.636,22.636c-5.485,0-10.514-1.95-14.431-5.196v5.196h-8.218
c0.005-0.516,0.005-63.931,0.005-63.931h8.217l-0.004,23.854c3.918-3.246,8.947-5.196,14.432-5.196
C-395.377,405.529-385.242,415.664-385.244,428.166z M-393.437,428.166c0-7.976-6.466-14.441-14.442-14.441
c-7.793,0-14.443,6.329-14.443,14.418c0,8.089,6.649,14.464,14.443,14.464C-399.903,442.607-393.437,436.142-393.437,428.166z"/>
<path fill="#07242D" d="M-335.539,431.11h-36.518c1.375,6.517,7.157,11.435,14.075,11.435c4.514,0,8.538-2.095,11.172-5.362h9.577
c-3.496,8.008-11.475,13.619-20.748,13.619c-12.489,0-22.644-10.173-22.644-22.676c0-12.503,10.155-22.608,22.644-22.608
C-344.426,405.411-333.664,417.688-335.539,431.11z M-344.611,422.85c-2.103-5.316-7.296-9.06-13.371-9.06
c-6.076,0-11.275,3.746-13.382,9.06H-344.611z"/>
<path fill="#07242D" d="M-306.194,420.895v7.548h-23.302v-7.548H-306.194z"/>
<path fill="#07242D" d="M-252.987,428.166c0,12.501-10.133,22.636-22.636,22.636c-5.485,0-10.514-1.95-14.431-5.196v5.196h-8.218
c0.005-0.516,0.005-63.931,0.005-63.931h8.218l-0.004,23.854c3.918-3.246,8.946-5.196,14.431-5.196
C-263.12,405.529-252.985,415.664-252.987,428.166z M-261.181,428.166c0-7.976-6.467-14.441-14.442-14.441
c-7.794,0-14.443,6.329-14.443,14.418c0,8.089,6.649,14.464,14.443,14.464C-267.647,442.607-261.181,436.142-261.181,428.166z"/>
<path fill="#07242D" d="M-203.283,431.11h-36.518c1.375,6.517,7.157,11.435,14.075,11.435c4.514,0,8.538-2.095,11.172-5.362h9.577
c-3.496,8.008-11.475,13.619-20.748,13.619c-12.489,0-22.644-10.173-22.644-22.676c0-12.503,10.155-22.608,22.644-22.608
C-212.17,405.411-201.408,417.688-203.283,431.11z M-212.355,422.85c-2.103-5.316-7.296-9.06-13.371-9.06
c-6.076,0-11.275,3.746-13.382,9.06H-212.355z"/>
<path fill="#07242D" d="M-151.113,428.114c0,15.871,0,22.688,0,22.688h-8.262c0,0,0-14.878,0-22.688
c0-8.095-6.591-14.327-14.363-14.327c-7.772,0-14.393,6.163-14.393,14.327c0,7.814,0,22.688,0,22.688h-8.26v-45.285
c0,0,3.539,0,8.26,0v5.101c0,0,5.421-5.101,14.393-5.101C-163.095,405.517-151.113,413.789-151.113,428.114z"/>
<path fill="#07242D" d="M-112.598,438.373l5.799,5.798c-4.098,4.097-9.758,6.632-16.01,6.632c-6.252,0-11.912-2.534-16.01-6.632
c-4.097-4.098-6.632-9.758-6.632-16.01s2.534-11.912,6.632-16.01c4.098-4.097,9.758-6.632,16.01-6.632
c6.252,0,11.912,2.534,16.01,6.632l-5.799,5.799c-2.613-2.615-6.224-4.231-10.212-4.231c-3.988,0-7.599,1.617-10.212,4.231
c-2.614,2.613-4.23,6.224-4.23,10.212s1.616,7.599,4.23,10.213c2.613,2.613,6.224,4.229,10.212,4.229
C-118.821,442.602-115.211,440.986-112.598,438.373z"/>
<path fill="#07242D" d="M-55.678,428.174c0,15.827,0,22.626,0,22.626h-8.239c0,0,0-14.838,0-22.626
c0-8.072-6.575-14.287-14.324-14.287c-7.751,0-14.353,6.146-14.353,14.287c0,7.793,0,22.626,0,22.626h-8.238v-63.929h8.238v23.856
c0,0,5.405-5.086,14.353-5.086C-67.626,405.641-55.678,413.889-55.678,428.174z"/>
</g>
<g display="inline">
<path fill="#07242D" d="M186.582,442.579v8.203c-5.588,0-10.623-2.012-14.594-5.346c-4.989-4.186-8.157-10.469-8.157-17.489
v-41.085h8.157v18.642h14.594v8.257h-14.594v14.386C172.1,436.134,178.571,442.579,186.582,442.579z"/>
<path fill="#07242D" d="M215.674,405.503v8.149c-7.739,0.015-14.037,6.152-14.317,13.818v23.312h-8.176v-45.279h8.176v5.169
C205.243,407.446,210.232,405.51,215.674,405.503z"/>
<path fill="#07242D" d="M220.928,395.003v-8.165h8.161v8.165H220.928z M220.928,450.782v-45.279h8.161v45.279H220.928z"/>
<path fill="#07242D" d="M279.137,405.503l-22.624,45.279l-22.647-45.279h9.271l13.376,26.737l13.349-26.737H279.137z"/>
<path fill="#07242D" d="M328.08,405.503c0,0,0,49.504,0,52.776c0,12.643-10.369,22.736-22.655,22.728
c-5.753,0-11.084-2.181-15.131-5.807l5.868-5.868c2.504,2.12,5.734,3.41,9.263,3.403c7.95,0,14.386-6.498,14.386-14.456v-12.651
c-3.944,3.264-8.979,5.154-14.386,5.154c-12.309,0.008-22.674-9.924-22.674-22.659c0-0.269,0-22.62,0-22.62h8.265
c0,0,0.004,22.014,0.004,22.62c0,7.919,6.448,14.463,14.406,14.456c7.95,0,14.386-6.506,14.386-14.456v-22.62H328.08z"/>
</g>
<g display="inline">
<path fill="#07242D" d="M1186.898,438.384c-0.411,4.687-4.656,12.67-15.302,12.67c-10.092,0-16.135-6.761-16.135-6.761
l5.797-5.801c4.906,4.664,10.338,4.372,10.338,4.372c3.473-0.238,6.258-2.643,6.469-5.471c0.242-3.235-2.009-5.486-6.469-6.124
c-2.098-0.307-7.184-0.791-11.36-4.533c-1.36-1.222-6.489-6.577-2.217-14.191c0.834-1.491,4.556-6.769,13.577-6.769
c0,0,7.434-0.53,14.311,5.086l-5.866,5.863c-1.16-0.96-4.46-2.904-8.444-2.881c-7.207,0.046-7.007,4.011-7.007,4.011
c0.061,3.166,2.874,4.864,7.007,5.409C1185.672,425.114,1187.309,433.743,1186.898,438.384z"/>
<path fill="#07242D" d="M1215.419,442.848v8.206c-5.59,0-10.626-2.013-14.599-5.348c-4.99-4.188-8.16-10.473-8.16-17.495v-41.099
h8.16v18.648h14.599v8.26h-14.599v14.391C1200.932,436.401,1207.405,442.848,1215.419,442.848z"/>
<path fill="#07242D" d="M1263.522,428.372v22.682h-22.705c-0.5,0-0.999-0.015-1.495-0.054c-6.431-0.423-12.128-3.527-15.985-8.214
c-3.289-4.003-5.171-8.928-5.186-14.414c0.526-25.548,35.106-31.264,44.03-7.699
C1263.068,423.132,1263.522,425.76,1263.522,428.372z M1255.131,428.372c0.054-12.824-15.563-19.132-24.433-10.135l-0.004-0.008
c-2.609,2.605-4.226,6.17-4.226,10.142c0,7.937,6.435,14.399,14.368,14.399c3.976,0,14.295,0,14.295,0
S1255.131,432.352,1255.131,428.372z"/>
<path fill="#07242D" d="M1293.898,405.76v8.152c-7.741,0.015-14.042,6.154-14.322,13.823v23.319h-8.179V405.76h8.179v5.171
C1283.464,407.704,1288.454,405.767,1293.898,405.76z"/>
<path fill="#07242D" d="M1344.448,428.411c0,12.509-10.135,22.643-22.639,22.643c-5.486,0-10.515-1.952-14.433-5.194v5.194h-8.221
c0.008-0.515,0.008-63.942,0.008-63.942h8.217l-0.004,23.857c3.919-3.25,8.947-5.202,14.433-5.202
C1334.313,405.767,1344.452,415.91,1344.448,428.411z M1336.254,428.411c0-7.975-6.466-14.445-14.445-14.445
c-7.795,0-14.445,6.331-14.445,14.422c0,8.091,6.65,14.468,14.445,14.468C1329.788,442.856,1336.254,436.394,1336.254,428.411z"/>
<path fill="#07242D" d="M1394.394,428.411c0,12.509-10.15,22.643-22.643,22.643s-22.651-10.135-22.651-22.643
s10.157-22.651,22.651-22.651S1394.394,415.91,1394.394,428.411z M1386.127,428.411c0-7.937-6.431-14.376-14.376-14.376
c-7.941,0-14.387,6.431-14.387,14.376s6.446,14.383,14.387,14.383C1379.696,442.794,1386.127,436.355,1386.127,428.411z"/>
<path fill="#07242D" d="M1444.414,428.372v22.682h-22.705c-0.499,0-0.999-0.015-1.494-0.054
c-6.431-0.423-12.128-3.527-15.985-8.214c-3.289-4.003-5.171-8.928-5.186-14.414c0.526-25.548,35.106-31.264,44.03-7.699
C1443.961,423.132,1444.414,425.76,1444.414,428.372z M1436.024,428.372c0.054-12.824-15.563-19.132-24.433-10.135l-0.004-0.008
c-2.609,2.605-4.226,6.17-4.226,10.142c0,7.937,6.435,14.399,14.368,14.399c3.976,0,14.295,0,14.295,0
S1436.024,432.352,1436.024,428.372z"/>
<path fill="#07242D" d="M1474.791,405.76v8.152c-7.741,0.015-14.042,6.154-14.322,13.823v23.319h-8.179V405.76h8.179v5.171
C1464.356,407.704,1469.347,405.767,1474.791,405.76z"/>
<path fill="#07242D" d="M1521.556,451.031h-8.214v-5.194c-3.919,3.242-8.951,5.194-14.43,5.194
c-12.501,0-22.635-10.127-22.635-22.628s10.135-22.636,22.635-22.636c5.478,0,10.511,1.952,14.43,5.194l0.008-23.85h8.221
C1521.572,387.112,1521.556,450.516,1521.556,451.031z M1513.35,428.38c0-8.091-6.646-14.422-14.437-14.422
c-7.975,0-14.445,6.469-14.445,14.445s6.469,14.437,14.445,14.437C1506.704,442.84,1513.35,436.471,1513.35,428.38z"/>
</g>
<g display="inline">
<path fill="#07242D" d="M1711.171,438.276l5.802,5.802c-4.1,4.096-9.763,6.632-16.014,6.632c-6.255,0-11.918-2.536-16.018-6.632
c-4.1-4.103-6.635-9.759-6.635-16.014s2.536-11.918,6.635-16.022c4.1-4.096,9.763-6.632,16.018-6.632
c6.251,0,11.915,2.536,16.014,6.632l-5.802,5.802c-2.613-2.613-6.224-4.234-10.213-4.234c-3.992,0-7.604,1.621-10.216,4.234
c-2.617,2.613-4.234,6.224-4.234,10.22c0,3.988,1.618,7.6,4.234,10.213c2.613,2.613,6.224,4.234,10.216,4.234
C1704.947,442.511,1708.559,440.889,1711.171,438.276z"/>
<path fill="#07242D" d="M1722.967,450.71v-63.95h8.241v63.95H1722.967z"/>
<path fill="#07242D" d="M1783.282,428.064c0,12.51-10.151,22.646-22.646,22.646c-12.495,0-22.654-10.136-22.654-22.646
s10.159-22.654,22.654-22.654C1773.131,405.41,1783.282,415.561,1783.282,428.064z M1775.013,428.064
c0-7.938-6.432-14.378-14.378-14.378c-7.942,0-14.389,6.432-14.389,14.378c0,7.946,6.447,14.385,14.389,14.385
C1768.581,442.449,1775.013,436.01,1775.013,428.064z"/>
<path fill="#07242D" d="M1833.833,405.41v22.823c0,0,0,0.038,0,0.054c0,12.395-10.04,22.423-22.435,22.423
c-12.395,0-22.427-10.059-22.427-22.454c0-0.015,0-22.846,0-22.846h7.992v22.823c0,7.976,6.466,14.462,14.435,14.462
c7.969,0,14.431-6.486,14.431-14.462V405.41H1833.833z"/>
<path fill="#07242D" d="M1884.777,450.687h-8.218v-5.195c-3.915,3.243-8.945,5.195-14.431,5.195
c-12.503,0-22.634-10.128-22.634-22.631c0-12.503,10.132-22.638,22.634-22.638c5.487,0,10.516,1.952,14.431,5.195l0.011-23.852
h8.219C1884.789,386.76,1884.773,450.172,1884.777,450.687z M1876.574,428.033c0-8.092-6.651-14.424-14.447-14.424
c-7.973,0-14.443,6.47-14.443,14.447c0,7.976,6.466,14.439,14.443,14.439C1869.923,442.495,1876.574,436.125,1876.574,428.033z"/>
<path fill="#07242D" d="M1922.865,438.038c-0.411,4.687-4.657,12.672-15.303,12.672c-10.094,0-16.137-6.762-16.137-6.762
l5.798-5.802c4.906,4.664,10.339,4.372,10.339,4.372c3.473-0.238,6.259-2.643,6.47-5.471c0.242-3.235-2.009-5.487-6.47-6.124
c-2.098-0.307-7.185-0.792-11.361-4.534c-1.36-1.222-6.489-6.578-2.217-14.193c0.834-1.491,4.557-6.77,13.578-6.77
c0,0,7.435-0.53,14.312,5.087l-5.867,5.863c-1.16-0.961-4.461-2.905-8.445-2.882c-7.208,0.046-7.008,4.011-7.008,4.011
c0.062,3.166,2.874,4.864,7.008,5.41C1921.639,424.767,1923.276,433.397,1922.865,438.038z"/>
<path fill="#07242D" d="M1975.107,428.041c0,12.526-10.151,22.73-22.661,22.73c-5.471,0-10.493-1.952-14.416-5.195v35.371h-8.276
V405.41h8.276v5.156c3.923-3.22,8.945-5.156,14.416-5.156C1964.956,405.41,1975.107,415.523,1975.107,428.041z M1966.831,428.041
c0-7.953-6.432-14.347-14.385-14.347s-14.416,6.393-14.416,14.347s6.463,14.462,14.416,14.462S1966.831,435.994,1966.831,428.041z
"/>
<path fill="#07242D" d="M1981.877,450.71v-63.95h8.245v63.95H1981.877z"/>
<path fill="#07242D" d="M2042.192,428.064c0,12.51-10.151,22.646-22.646,22.646c-12.495,0-22.654-10.136-22.654-22.646
s10.159-22.654,22.654-22.654C2032.041,405.41,2042.192,415.561,2042.192,428.064z M2033.916,428.064
c0-7.938-6.432-14.378-14.37-14.378c-7.946,0-14.393,6.432-14.393,14.378c0,7.946,6.447,14.385,14.393,14.385
C2027.484,442.449,2033.916,436.01,2033.916,428.064z"/>
<path fill="#07242D" d="M2049.016,394.906v-8.168h8.168v8.168H2049.016z M2049.016,450.71v-45.3h8.168v45.3H2049.016z"/>
<path fill="#07242D" d="M2087.737,442.503v8.207c-5.594,0-10.627-2.013-14.6-5.348c-4.987-4.188-8.161-10.474-8.161-17.497V386.76
h8.161v18.65h14.6v8.261h-14.6v14.393C2073.252,436.056,2079.722,442.503,2087.737,442.503z"/>
</g>
<g display="inline">
<path fill="#07242D" d="M690.837,442.596v8.206c-5.59,0-10.626-2.013-14.599-5.348c-4.99-4.188-8.16-10.473-8.16-17.495V386.86
h8.16v18.648h14.599v8.26h-14.599v14.391C676.35,436.15,682.823,442.596,690.837,442.596z"/>
<path fill="#07242D" d="M719.939,405.508v8.152c-7.737,0.015-14.042,6.154-14.322,13.823v23.319h-8.179v-45.294h8.179v5.171
C709.504,407.452,714.495,405.516,719.939,405.508z"/>
<path fill="#07242D" d="M766.789,428.12v22.682h-22.705c-0.499,0-0.999-0.015-1.494-0.054c-6.431-0.423-12.128-3.527-15.985-8.214
c-3.289-4.003-5.171-8.928-5.183-14.414c0.523-25.548,35.102-31.264,44.026-7.699C766.335,422.88,766.789,425.508,766.789,428.12z
M758.398,428.12c0.054-12.824-15.563-19.132-24.433-10.135l-0.004-0.008c-2.609,2.605-4.226,6.17-4.226,10.142
c0,7.937,6.435,14.399,14.368,14.399c3.976,0,14.295,0,14.295,0S758.398,432.101,758.398,428.12z"/>
<path fill="#07242D" d="M805.36,438.37l5.801,5.801c-4.099,4.095-9.762,6.631-16.016,6.631c-6.254,0-11.913-2.536-16.012-6.631
c-4.099-4.103-6.631-9.766-6.631-16.02c0-6.247,2.532-11.909,6.631-16.012c4.099-4.095,9.758-6.631,16.012-6.631
c6.254,0,11.917,2.536,16.016,6.631l-5.801,5.801c-2.612-2.612-6.224-4.234-10.215-4.234c-3.988,0-7.599,1.621-10.211,4.234
c-2.616,2.612-4.234,6.224-4.234,10.211c0,3.995,1.617,7.607,4.234,10.219c2.612,2.612,6.224,4.234,10.211,4.234
C799.136,442.604,802.747,440.983,805.36,438.37z"/>
<path fill="#07242D" d="M858.664,431.109h-36.527c1.375,6.516,7.161,11.433,14.08,11.433c4.514,0,8.54-2.098,11.172-5.363h9.581
c-3.5,8.014-11.479,13.623-20.753,13.623c-12.493,0-22.647-10.173-22.647-22.682c0-12.501,10.154-22.612,22.647-22.612
C849.774,405.4,860.539,417.679,858.664,431.109z M849.59,422.842c-2.105-5.317-7.295-9.059-13.373-9.059
s-11.276,3.742-13.385,9.059H849.59z"/>
<path fill="#07242D" d="M908.514,431.109h-36.527c1.375,6.516,7.161,11.433,14.08,11.433c4.514,0,8.54-2.098,11.172-5.363h9.581
c-3.5,8.014-11.479,13.623-20.753,13.623c-12.493,0-22.647-10.173-22.647-22.682c0-12.501,10.154-22.612,22.647-22.612
C899.625,405.4,910.389,417.679,908.514,431.109z M899.44,422.842c-2.105-5.317-7.295-9.059-13.373-9.059
s-11.276,3.742-13.385,9.059H899.44z"/>
</g>
</g>
<g>
<path fill="#07242D" d="M186.351,471.553v8.229c-5.606,0-10.656-2.019-14.639-5.363c-5.005-4.199-8.182-10.502-8.182-17.544v-41.21
h8.182v18.699h14.639v8.282h-14.639v14.43C171.824,465.089,178.316,471.553,186.351,471.553z"/>
<path fill="#07242D" d="M215.533,434.363v8.175c-7.762,0.016-14.08,6.172-14.361,13.86v23.384h-8.202v-45.419h8.202v5.185
C205.069,436.313,210.074,434.371,215.533,434.363z"/>
<path fill="#07242D" d="M220.803,423.832v-8.191h8.186v8.191H220.803z M220.803,479.782v-45.419h8.186v45.419H220.803z"/>
<path fill="#07242D" d="M279.191,434.363l-22.694,45.419l-22.716-45.419h9.3l13.417,26.82l13.39-26.82H279.191z"/>
<path fill="#07242D" d="M328.286,434.363c0,0,0,49.656,0,52.938c0,12.682-10.402,22.805-22.725,22.798
c-5.771,0-11.118-2.188-15.178-5.824l5.887-5.887c2.512,2.126,5.751,3.42,9.291,3.413c7.975,0,14.431-6.519,14.431-14.5v-12.689
c-3.956,3.275-9.006,5.17-14.431,5.17c-12.346,0.007-22.743-9.954-22.743-22.728c0-0.27,0-22.69,0-22.69h8.291
c0,0,0.004,22.082,0.004,22.69c0,7.944,6.468,14.508,14.45,14.5c7.975,0,14.431-6.526,14.431-14.5v-22.691H328.286z"/>
</g>
<g>
<polygon fill="#FFFFFF" points="250.554,44.159 116.876,121.396 116.877,277.11 250.537,354.962 384.229,277.154 384.229,121.392
"/>
<g>
<path fill="#1904DA" d="M246.902,255.524v-32.282c-14.609-6.898-23.783-21.236-23.594-36.882l-30.086-17.374
c-1.892,17.15,2.057,34.896,11.198,50.171C214.507,236.009,228.793,248.237,246.902,255.524z"/>
<path fill="#1904DA" d="M246.902,299.761v-37.468c-20.381-7.638-36.445-21.086-47.752-39.981
c-10.325-17.249-14.466-37.337-11.695-56.657l-27.931-16.129C143.482,211.352,180.751,275.442,246.902,299.761z"/>
<path fill="#08B1D5" d="M253.779,261.938v37.797c64.918-24.892,103.171-90.209,87.852-149.994l-27.747,16.165
c3.578,20.856,0.191,40.77-9.818,57.644C294.046,240.446,276.67,253.707,253.779,261.938z"/>
<path fill="#08B1D5" d="M253.779,223.185v32.371c20.424-7.774,35.964-19.9,45.004-35.138c8.877-14.969,12.116-32.637,9.411-51.205
l-30.06,17.33C277.985,201.395,269.156,214.685,253.779,223.185z"/>
<path fill="#FFC900" d="M282.1,131.138c12.628,6.157,22.948,15.961,29.885,28.378l27.012-15.598
c-0.182-0.255-0.351-0.51-0.509-0.764c-10.628-17.188-24.658-30.12-41.707-38.435c-47.439-23.13-106.339-5.896-134.71,39.2
l27.117,15.654C209.496,128.018,250.069,115.518,282.1,131.138z"/>
<path fill="#FFC900" d="M251.284,165.445c4.256,0,8.519,0.931,12.516,2.881h0.002c5.253,2.564,9.549,6.643,12.458,11.821
l30.404-17.558c-6.323-11.352-15.738-20.312-27.257-25.93c-29.172-14.223-66.203-2.802-84.893,25.99l30.251,17.46
C231.056,170.735,241.141,165.445,251.284,165.445z"/>
<path fill="#08B1D5" d="M253.779,347.086l125.184-72.957V127.993l-31.828,18.542c17.491,64.215-23.319,134.084-93.356,159.757
V347.086z"/>
<path fill="#1904DA" d="M154.014,146.345l-31.873-18.406v146.151l124.761,72.993v-40.779
C176.723,281.599,136.109,211.643,154.014,146.345z"/>
<path fill="#FFC900" d="M299.471,99.198c18.111,8.832,32.995,22.533,44.241,40.722c0.179,0.289,0.397,0.592,0.636,0.908
l31.536-18.21l-125.33-72.378l-125.358,72.395l31.548,18.211C186.722,92.98,249.169,74.667,299.471,99.198z"/>
<path fill="#FF0036" d="M271.797,187.57c0.002-0.035,0.052-1.226-0.036-3.143c-0.251-0.783-3.208-6.558-10.592-10.586
c-5.045-2.751-11.518-3.068-17.769-0.874c-6.124,2.152-11.322,6.434-14.303,11.769c-0.036,0.464-0.105,1.563-0.052,2.832
c0.404,9.974,6.573,23.534,19.156,29.736l1.938,0.925l1.682-0.899C264.046,210.487,271.328,199.641,271.797,187.57z"/>
</g>
</g>
<g>
<path fill="#07242D" d="M186.846,398.474H175.2c-6.421,0-11.646-5.224-11.646-11.646c0-6.422,5.224-11.646,11.646-11.646
s11.646,5.224,11.646,11.646V398.474z M175.2,379.912c-3.814,0-6.916,3.103-6.916,6.916c0,3.814,3.103,6.916,6.916,6.916h6.916
v-6.916C182.117,383.015,179.014,379.912,175.2,379.912z"/>
<path fill="#07242D" d="M264.991,398.474h-11.646c-6.421,0-11.646-5.224-11.646-11.646c0-6.422,5.224-11.646,11.646-11.646
c6.421,0,11.646,5.224,11.646,11.646V398.474z M253.345,379.912c-3.814,0-6.916,3.103-6.916,6.916c0,3.814,3.103,6.916,6.916,6.916
h6.916v-6.916C260.261,383.015,257.159,379.912,253.345,379.912z"/>
<path fill="#07242D" d="M227.295,398.479c-6.424,0-11.651-5.226-11.651-11.651V375.9h4.731v10.928c0,3.815,3.104,6.919,6.919,6.919
c3.815,0,6.919-3.104,6.919-6.919V375.9h4.731v10.928C238.946,393.253,233.719,398.479,227.295,398.479z"/>
<path fill="#07242D" d="M201.245,375.183c-6.421,0-11.645,5.224-11.645,11.646c0,6.421,5.224,11.646,11.645,11.646l4.729-4.729
h-4.729c-3.814,0-6.916-3.103-6.916-6.916c0-3.814,3.103-6.916,6.916-6.916c3.814,0,6.916,3.103,6.916,6.916v22.76h4.729v-22.76
C212.891,380.407,207.666,375.183,201.245,375.183z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
brand/Trivy-OSS-Logo-Color-Stacked-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

3206
brand/Trivy-OSS-Logo-Color-Stacked-RGB.svg
View File

File diff suppressed because it is too large Load Diff
Side by Side

Before

Width:  |  Height:  |  Size: 233 KiB

BIN
brand/Trivy-OSS-Logo-White-Horizontal-RGB-2022.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

84
brand/Trivy-OSS-Logo-White-Horizontal-RGB-2022.svg Normal file
View File

@@ -0,0 +1,84 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Generator: Adobe Illustrator 26.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="_x30_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 265 135" enable-background="new 0 0 265 135" xml:space="preserve">
<g display="none">
<polygon display="inline" fill="#FFFFFF" points="65.469,9.61 12.669,40.117 12.669,101.621 65.463,132.371 118.268,101.639
118.268,40.115 "/>
<g display="inline">
<path fill="#08B1D5" d="M64.511,80.035c-5.972-2.687-9.502-8.433-9.313-14.534l-12.765-7.371c-0.952,7.062,0.569,14.449,4.4,20.85
c4.078,6.813,9.966,11.887,17.678,14.825V80.035L64.511,80.035z"/>
<path fill="#08B1D5" d="M64.511,111.257V95.432c-8.26-3.017-14.588-8.448-18.931-15.703c-4.108-6.864-5.671-14.819-4.507-22.384
l-11.864-6.851C22.412,75.299,37.662,101.72,64.511,111.257z"/>
<path fill="#0D819B" d="M66.259,95.288v15.969c26.352-9.758,42.17-36.132,35.489-60.682l-11.8,6.874
c1.473,8.16,0.189,16.115-3.759,22.77C82.134,87.057,75.052,92.189,66.259,95.288z"/>
<path fill="#0D819B" d="M75.879,65.569c0.053,5.924-3.429,11.136-9.62,14.466v13.769c8.227-2.999,14.873-7.918,18.675-14.329
c3.681-6.207,4.934-13.613,3.671-21.243L75.879,65.569z"/>
<path fill="#F69421" d="M77.717,44.4c4.977,2.427,9.031,6.315,11.724,11.244c0.035,0.065,0.069,0.132,0.104,0.198l11.574-6.684
c-0.184-0.232-0.361-0.466-0.506-0.701c-4.246-6.868-9.855-12.036-16.673-15.361c-19.245-9.385-42.827-2.309-54.094,16.087
l11.546,6.665C49.232,43.242,65.013,38.204,77.717,44.4z"/>
<path fill="#F69421" d="M70.489,59.089c2.06,1.005,3.731,2.627,4.832,4.692c0.037,0.07,0.07,0.143,0.105,0.214l12.854-7.423
c-0.04-0.076-0.079-0.153-0.12-0.228c-2.546-4.662-6.379-8.339-11.082-10.632c-12.018-5.861-26.965-1.08-34.421,10.866
l12.783,7.379C58.771,58.613,65.217,56.518,70.489,59.089z"/>
<path fill="#0D819B" d="M116.672,41.881l-13.621,7.936c7.185,25.544-9.291,53.076-36.791,62.992v17.294l50.413-29.381V41.881z"/>
<path fill="#08B1D5" d="M14.265,41.864v58.842l50.245,29.397v-17.294C36.51,103.127,20.607,75.545,27.905,49.74l-13.001-7.508
L14.265,41.864z"/>
<path fill="#F69421" d="M14.987,40.606l1.484,0.857l12.109,6.989C40.23,29.398,64.649,22.066,84.579,31.784
c7.069,3.448,12.881,8.799,17.274,15.904c0.139,0.225,0.333,0.472,0.543,0.731l13.542-7.82l-50.47-29.146L14.987,40.606z"/>
<path fill="#F0DF36" d="M66.202,78.433c4.968-2.778,7.95-7.226,8.141-12.159c0,0,0.022-0.489-0.015-1.283
c-0.007-0.163-1.102-2.766-4.435-4.583c-4.476-2.441-10.828-0.093-13.372,4.583c0,0-0.061,0.574-0.033,1.283
c0.182,4.483,2.945,9.749,7.836,12.159l0.991,0.473L66.202,78.433z"/>
</g>
</g>
<g>
<path fill="#FFFFFF" d="M148.629,103.076v5.928c-4.038,0-7.676-1.454-10.545-3.863c-3.605-3.025-5.894-7.565-5.894-12.638V62.815
h5.894v13.471h10.545v5.966h-10.545v10.395C138.164,98.419,142.84,103.076,148.629,103.076z"/>
<path fill="#FFFFFF" d="M169.65,76.285v5.889c-5.591,0.011-10.143,4.446-10.345,9.984v16.845h-5.908V76.285h5.908v3.735
C162.113,77.689,165.718,76.291,169.65,76.285z"/>
<path fill="#FFFFFF" d="M173.447,68.698v-5.9h5.897v5.9H173.447z M173.447,109.003V76.285h5.897v32.719H173.447z"/>
<path fill="#FFFFFF" d="M215.508,76.285l-16.348,32.719l-16.364-32.719h6.699l9.665,19.32l9.646-19.32L215.508,76.285z"/>
<path fill="#FFFFFF" d="M250.874,76.285c0,0,0,35.771,0,38.135c0,9.136-7.493,16.428-16.37,16.423
c-4.157,0-8.009-1.576-10.934-4.196l4.24-4.24c1.809,1.532,4.143,2.464,6.693,2.459c5.745,0,10.396-4.696,10.396-10.446v-9.141
c-2.85,2.359-6.488,3.724-10.396,3.724c-8.894,0.005-16.384-7.171-16.384-16.372c0-0.194,0-16.345,0-16.345h5.972
c0,0,0.003,15.907,0.003,16.345c0,5.722,4.659,10.451,10.409,10.446c5.745,0,10.396-4.701,10.396-10.446V76.285H250.874z"/>
</g>
<g>
<polygon fill="#FFFFFF" points="65.469,5.431 10.124,37.409 10.125,101.877 65.462,134.109 120.813,101.895 120.813,37.407 "/>
<g>
<path fill="#1904DA" d="M63.957,92.94V79.575c-6.048-2.856-9.846-8.792-9.768-15.27l-12.456-7.193
c-0.783,7.101,0.852,14.447,4.636,20.771C50.545,84.86,56.46,89.923,63.957,92.94z"/>
<path fill="#1904DA" d="M63.957,111.255V95.742c-8.438-3.162-15.089-8.73-19.77-16.553c-4.275-7.141-5.989-15.458-4.842-23.457
l-11.564-6.678C21.14,74.652,36.57,101.186,63.957,111.255z"/>
<path fill="#08B1D5" d="M66.804,95.596v15.649c26.877-10.306,42.715-37.348,36.372-62.1l-11.488,6.693
c1.481,8.635,0.079,16.879-4.065,23.865C83.476,86.697,76.281,92.188,66.804,95.596z"/>
<path fill="#08B1D5" d="M66.804,79.551v13.402c8.456-3.219,14.89-8.239,18.632-14.548c3.675-6.197,5.016-13.512,3.896-21.2
L76.888,64.38C76.826,70.53,73.171,76.032,66.804,79.551z"/>
<path fill="#FFC900" d="M78.53,41.442c5.228,2.549,9.501,6.608,12.373,11.749l11.183-6.458c-0.075-0.105-0.146-0.211-0.211-0.316
c-4.4-7.116-10.209-12.47-17.267-15.913c-19.641-9.576-44.026-2.441-55.772,16.23l11.227,6.481
C48.47,40.15,65.268,34.975,78.53,41.442z"/>
<path fill="#FFC900" d="M65.771,55.646c1.762,0,3.527,0.385,5.182,1.193h0.001c2.175,1.062,3.954,2.75,5.158,4.894L88.7,54.463
c-2.618-4.7-6.516-8.409-11.285-10.735c-12.078-5.888-27.409-1.16-35.147,10.76l12.525,7.229
C57.397,57.836,61.572,55.646,65.771,55.646z"/>
<path fill="#08B1D5" d="M66.804,130.848l51.828-30.205V40.14l-13.177,7.677c7.242,26.586-9.654,55.513-38.651,66.142V130.848z"/>
<path fill="#1904DA" d="M25.5,47.738l-13.196-7.621v60.509l51.653,30.22v-16.883C34.902,103.736,18.087,74.773,25.5,47.738z"/>
<path fill="#FFC900" d="M85.722,28.218c7.498,3.656,13.661,9.329,18.316,16.859c0.074,0.12,0.164,0.245,0.263,0.376l13.056-7.539
L65.469,7.948l-51.9,29.973l13.061,7.54C39.042,25.644,64.896,18.062,85.722,28.218z"/>
<path fill="#FF0036" d="M74.264,64.806c0.001-0.014,0.022-0.508-0.015-1.301c-0.104-0.324-1.328-2.715-4.385-4.383
c-2.089-1.139-4.769-1.27-7.357-0.362c-2.536,0.891-4.688,2.664-5.922,4.873c-0.015,0.192-0.044,0.647-0.022,1.173
c0.167,4.129,2.721,9.743,7.931,12.311l0.802,0.383l0.696-0.372C71.055,74.294,74.07,69.803,74.264,64.806z"/>
</g>
</g>
<g>
<path fill="#FFFFFF" d="M149.768,48.152h-8.789c-4.846,0-8.789-3.943-8.789-8.789c0-4.846,3.943-8.789,8.789-8.789
s8.789,3.943,8.789,8.789V48.152z M140.979,34.143c-2.878,0-5.22,2.342-5.22,5.22c0,2.878,2.342,5.22,5.22,5.22h5.22v-5.22
C146.199,36.485,143.858,34.143,140.979,34.143z"/>
<path fill="#FFFFFF" d="M208.745,48.152h-8.789c-4.846,0-8.789-3.943-8.789-8.789c0-4.846,3.943-8.789,8.789-8.789
c4.846,0,8.789,3.943,8.789,8.789V48.152z M199.956,34.143c-2.878,0-5.22,2.342-5.22,5.22c0,2.878,2.342,5.22,5.22,5.22h5.22v-5.22
C205.176,36.485,202.835,34.143,199.956,34.143z"/>
<path fill="#FFFFFF" d="M180.296,48.156c-4.848,0-8.793-3.944-8.793-8.793v-8.248h3.571v8.248c0,2.879,2.343,5.222,5.222,5.222
c2.879,0,5.222-2.343,5.222-5.222v-8.248h3.571v8.248C189.089,44.211,185.144,48.156,180.296,48.156z"/>
<path fill="#FFFFFF" d="M160.636,30.574c-4.846,0-8.789,3.943-8.789,8.789c0,4.846,3.943,8.789,8.789,8.789l3.569-3.569h-3.569
c-2.878,0-5.22-2.342-5.22-5.22c0-2.878,2.342-5.22,5.22-5.22c2.878,0,5.22,2.342,5.22,5.22V56.54h3.569V39.363
C169.425,34.516,165.482,30.574,160.636,30.574z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 7.0 KiB

BIN
brand/Trivy-OSS-Logo-White-Horizontal-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

69
brand/Trivy-OSS-Logo-White-Horizontal-RGB.svg
View File

@@ -1,69 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891;" xml:space="preserve">
<style type="text/css">
.st0{fill:#FFFFFF;}
.st1{fill:#50F0FF;}
.st2{fill:#0744DD;}
.st3{fill:#FFC900;}
.st4{fill:#FF0036;}
</style>
<g>
<g>
<path class="st0" d="M1421.86,281.92h-46.97c-25.9,0-46.97-21.07-46.97-46.97c0-25.9,21.07-46.97,46.97-46.97
c25.9,0,46.97,21.07,46.97,46.97V281.92z M1374.89,207.05c-15.38,0-27.9,12.52-27.9,27.9c0,15.38,12.52,27.9,27.9,27.9h27.9v-27.9
C1402.79,219.57,1390.28,207.05,1374.89,207.05z"/>
<path class="st0" d="M1737.06,281.92h-46.97c-25.9,0-46.97-21.07-46.97-46.97c0-25.9,21.07-46.97,46.97-46.97
c25.9,0,46.97,21.07,46.97,46.97V281.92z M1690.09,207.05c-15.38,0-27.9,12.52-27.9,27.9c0,15.38,12.52,27.9,27.9,27.9h27.9v-27.9
C1717.98,219.57,1705.47,207.05,1690.09,207.05z"/>
<path class="st0" d="M1585.02,281.94c-25.91,0-46.99-21.08-46.99-46.99v-44.08h19.08v44.08c0,15.39,12.52,27.91,27.91,27.91
c15.39,0,27.91-12.52,27.91-27.91v-44.08h19.09v44.08C1632.01,260.86,1610.92,281.94,1585.02,281.94z"/>
<path class="st0" d="M1479.94,187.98c-25.9,0-46.97,21.07-46.97,46.97c0,25.9,21.07,46.97,46.97,46.97l19.07-19.07h-19.07
c-15.38,0-27.9-12.52-27.9-27.9c0-15.38,12.52-27.9,27.9-27.9c15.38,0,27.9,12.52,27.9,27.9v91.8h19.07v-91.8
C1526.91,209.05,1505.84,187.98,1479.94,187.98z"/>
</g>
<g>
<path class="st0" d="M942.76,588.45v46.29c-31.53,0-59.94-11.34-82.34-30.14c-28.15-23.63-46.04-59.08-46.04-98.71V274.06h46.04
v105.2h82.34v46.59h-82.34v81.19C861.05,552.1,897.55,588.45,942.76,588.45z"/>
<path class="st0" d="M1106.82,379.26v45.98c-43.65,0.1-79.18,34.71-80.78,77.98v131.52h-46.12V379.26h46.12v29.16
C1047.97,390.24,1076.12,379.3,1106.82,379.26z"/>
<path class="st0" d="M1136.4,353.72v-40.29h46.05v40.29H1136.4z M1136.4,634.74V379.26h46.05v255.48H1136.4z"/>
<path class="st0" d="M1464.76,379.26l-127.64,255.48l-127.8-255.48h52.33l75.47,150.88l75.31-150.88H1464.76z"/>
<path class="st0" d="M1740.81,379.26c0,0,0,279.32,0,297.8c0,71.31-58.52,128.26-127.83,128.2
c-32.47,0.03-62.55-12.29-85.37-32.76l33.1-33.09c14.13,11.97,32.36,19.22,52.28,19.2c44.86,0,81.17-36.69,81.17-81.55v-71.39
c-22.26,18.42-50.67,29.09-81.17,29.06c-69.46,0.06-127.95-56-127.95-127.85c0-1.51,0-127.64,0-127.64h46.64
c0,0,0.02,124.23,0.02,127.64c0,44.67,36.39,81.6,81.28,81.55c44.86,0,81.17-36.69,81.17-81.55V379.26H1740.81z"/>
</g>
<g>
<g>
<g>
<path class="st1" d="M428.54,364.9c0.04,0,0.08,0,0.12,0c6.56,0.01,11.98-5.03,11.98-11.58V135.99l-12.23-6.83l-12.18,6.8
v217.36c0,6.56,5.43,11.61,11.98,11.58C428.32,364.9,428.43,364.9,428.54,364.9z"/>
<path class="st2" d="M355.18,463.55L153.55,598.87v15.41l11.49,6.29l203.73-136.73c5.23-3.51,6.53-10.52,3.15-15.84
c-0.14-0.23-0.29-0.45-0.43-0.68C367.99,461.7,360.68,459.86,355.18,463.55z"/>
<path class="st3" d="M488.27,483.95l203.55,136.61l11.45-6.28v-15.44L501.86,463.66c-5.51-3.7-12.82-1.87-16.32,3.76
c-0.13,0.21-0.27,0.43-0.4,0.64C481.73,473.4,483.02,480.43,488.27,483.95z"/>
<path class="st0" d="M727.69,282.29v-13.96l-12.5-6.98l-0.93-0.49L440.33,107.87l-11.92-6.64l-11.87,6.64L142.56,260.86
l-0.93,0.49l-12.5,6.98v13.96l-0.93,0.54l0.93,0.49v13.92v331.5l12.69,6.94l266.85,146.2l3.37,1.85l16.41,8.98l16.36-8.98
l3.37-1.85l266.85-146.2l12.65-6.94v-331.5v-13.87l0.98-0.54L727.69,282.29z M440.95,758.05V511.4c0-6.72-5.5-12.22-12.22-12.21
l-0.19,0l-0.13,0c-6.72-0.01-12.22,5.49-12.22,12.21v246.64L165.04,620.57l-11.49-6.29v-15.41V294.7l199.98,109.56
c5.77,3.16,13.1,1.04,16.28-4.72l0.14-0.26c3.22-5.83,1.08-13.22-4.76-16.42L167.81,274.72l248.42-138.75l12.18-6.8l12.23,6.83
l248.37,138.73L491.47,382.95c-5.81,3.18-7.63,10.45-4.41,16.24c0.05,0.1,0.11,0.2,0.16,0.29c3.16,5.73,10.22,8.01,15.96,4.86
L703.27,294.7v304.15v15.44l-11.45,6.28L440.95,758.05z"/>
</g>
<circle class="st4" cx="428.54" cy="432.05" r="35.42"/>
</g>
<path class="st1" d="M617.65,262.99L426.32,155.74c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68
l191.33,107.25c5.88,3.3,7.98,10.74,4.68,16.62l0,0C630.97,264.19,623.53,266.29,617.65,262.99z"/>
<path class="st1" d="M533.81,271.27l-107.48-60.25c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68
l107.48,60.25c5.88,3.3,7.98,10.74,4.68,16.62v0C547.13,272.47,539.69,274.56,533.81,271.27z"/>
<path class="st1" d="M569.02,291L569.02,291c-5.88-3.3-7.98-10.74-4.68-16.62l0,0c3.3-5.88,10.74-7.98,16.62-4.68v0
c5.88,3.3,7.98,10.74,4.68,16.62v0C582.34,292.2,574.9,294.3,569.02,291z"/>
<path class="st1" d="M462.29,288.33l-35.7-20.01c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68l35.7,20.01
c5.88,3.3,7.98,10.74,4.68,16.62v0C475.61,289.53,468.17,291.63,462.29,288.33z"/>
<path class="st1" d="M516.16,321.21l-20.67-11.58c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68l20.67,11.58
c5.88,3.3,7.98,10.74,4.68,16.62v0C529.48,322.41,522.04,324.51,516.16,321.21z"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 5.1 KiB

BIN
brand/Trivy-OSS-Logo-White-Stacked-RGB-2022.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

59
brand/Trivy-OSS-Logo-White-Stacked-RGB-2022.svg Normal file
View File

@@ -0,0 +1,59 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Generator: Adobe Illustrator 26.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="_x30_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 500 524" enable-background="new 0 0 500 524" xml:space="preserve">
<g>
<path fill="#FFFFFF" d="M186.351,471.553v8.229c-5.606,0-10.656-2.019-14.639-5.363c-5.005-4.199-8.182-10.502-8.182-17.544v-41.21
h8.182v18.699h14.639v8.282h-14.639v14.43C171.824,465.089,178.316,471.553,186.351,471.553z"/>
<path fill="#FFFFFF" d="M215.533,434.363v8.175c-7.762,0.016-14.08,6.172-14.361,13.86v23.384h-8.202v-45.419h8.202v5.185
C205.069,436.313,210.074,434.371,215.533,434.363z"/>
<path fill="#FFFFFF" d="M220.803,423.832v-8.191h8.186v8.191H220.803z M220.803,479.782v-45.419h8.186v45.419H220.803z"/>
<path fill="#FFFFFF" d="M279.191,434.363l-22.694,45.419l-22.716-45.419h9.3l13.417,26.82l13.39-26.82H279.191z"/>
<path fill="#FFFFFF" d="M328.286,434.363c0,0,0,49.656,0,52.938c0,12.682-10.402,22.805-22.725,22.798
c-5.771,0-11.118-2.188-15.178-5.824l5.887-5.887c2.512,2.126,5.751,3.42,9.291,3.413c7.975,0,14.431-6.519,14.431-14.5v-12.689
c-3.956,3.275-9.006,5.17-14.431,5.17c-12.346,0.007-22.743-9.954-22.743-22.728c0-0.27,0-22.69,0-22.69h8.291
c0,0,0.004,22.082,0.004,22.69c0,7.944,6.468,14.508,14.45,14.5c7.975,0,14.431-6.526,14.431-14.5v-22.691H328.286z"/>
</g>
<g>
<polygon fill="#FFFFFF" points="250.554,44.159 116.876,121.396 116.877,277.11 250.537,354.962 384.229,277.154 384.229,121.392
"/>
<g>
<path fill="#1904DA" d="M246.902,255.524v-32.282c-14.609-6.898-23.783-21.236-23.594-36.882l-30.086-17.374
c-1.892,17.15,2.057,34.896,11.198,50.171C214.507,236.009,228.793,248.237,246.902,255.524z"/>
<path fill="#1904DA" d="M246.902,299.761v-37.468c-20.381-7.638-36.445-21.086-47.752-39.981
c-10.325-17.249-14.466-37.337-11.695-56.657l-27.931-16.129C143.482,211.352,180.751,275.442,246.902,299.761z"/>
<path fill="#08B1D5" d="M253.779,261.938v37.797c64.918-24.892,103.171-90.209,87.852-149.994l-27.747,16.165
c3.578,20.856,0.191,40.77-9.818,57.644C294.046,240.446,276.67,253.707,253.779,261.938z"/>
<path fill="#08B1D5" d="M253.779,223.185v32.371c20.424-7.774,35.964-19.9,45.004-35.138c8.877-14.969,12.116-32.637,9.411-51.205
l-30.06,17.33C277.985,201.395,269.156,214.685,253.779,223.185z"/>
<path fill="#FFC900" d="M282.1,131.138c12.628,6.157,22.948,15.961,29.885,28.378l27.012-15.598
c-0.182-0.255-0.351-0.51-0.509-0.764c-10.628-17.188-24.658-30.12-41.707-38.435c-47.439-23.13-106.339-5.896-134.71,39.2
l27.117,15.654C209.496,128.018,250.069,115.518,282.1,131.138z"/>
<path fill="#FFC900" d="M251.284,165.445c4.256,0,8.519,0.931,12.516,2.881h0.002c5.253,2.564,9.549,6.643,12.458,11.821
l30.404-17.558c-6.323-11.352-15.738-20.312-27.257-25.93c-29.172-14.223-66.203-2.802-84.893,25.99l30.251,17.46
C231.056,170.735,241.141,165.445,251.284,165.445z"/>
<path fill="#08B1D5" d="M253.779,347.086l125.184-72.957V127.993l-31.828,18.542c17.491,64.215-23.319,134.084-93.356,159.757
V347.086z"/>
<path fill="#1904DA" d="M154.014,146.345l-31.873-18.406v146.151l124.761,72.993v-40.779
C176.723,281.599,136.109,211.643,154.014,146.345z"/>
<path fill="#FFC900" d="M299.471,99.198c18.111,8.832,32.995,22.533,44.241,40.722c0.179,0.289,0.397,0.592,0.636,0.908
l31.536-18.21l-125.33-72.378l-125.358,72.395l31.548,18.211C186.722,92.98,249.169,74.667,299.471,99.198z"/>
<path fill="#FF0036" d="M271.797,187.57c0.002-0.035,0.052-1.226-0.036-3.143c-0.251-0.783-3.208-6.558-10.592-10.586
c-5.045-2.751-11.518-3.068-17.769-0.874c-6.124,2.152-11.322,6.434-14.303,11.769c-0.036,0.464-0.105,1.563-0.052,2.832
c0.404,9.974,6.573,23.534,19.156,29.736l1.938,0.925l1.682-0.899C264.046,210.487,271.328,199.641,271.797,187.57z"/>
</g>
</g>
<g>
<path fill="#FFFFFF" d="M186.846,398.474H175.2c-6.421,0-11.646-5.224-11.646-11.646c0-6.422,5.224-11.646,11.646-11.646
s11.646,5.224,11.646,11.646V398.474z M175.2,379.912c-3.814,0-6.916,3.103-6.916,6.916c0,3.814,3.103,6.916,6.916,6.916h6.916
v-6.916C182.117,383.015,179.014,379.912,175.2,379.912z"/>
<path fill="#FFFFFF" d="M264.991,398.474h-11.646c-6.421,0-11.646-5.224-11.646-11.646c0-6.422,5.224-11.646,11.646-11.646
c6.421,0,11.646,5.224,11.646,11.646V398.474z M253.345,379.912c-3.814,0-6.916,3.103-6.916,6.916c0,3.814,3.103,6.916,6.916,6.916
h6.916v-6.916C260.261,383.015,257.159,379.912,253.345,379.912z"/>
<path fill="#FFFFFF" d="M227.295,398.479c-6.424,0-11.651-5.226-11.651-11.651V375.9h4.731v10.928c0,3.815,3.104,6.919,6.919,6.919
c3.815,0,6.919-3.104,6.919-6.919V375.9h4.731v10.928C238.946,393.253,233.719,398.479,227.295,398.479z"/>
<path fill="#FFFFFF" d="M201.245,375.183c-6.421,0-11.645,5.224-11.645,11.646c0,6.421,5.224,11.646,11.645,11.646l4.729-4.729
h-4.729c-3.814,0-6.916-3.103-6.916-6.916c0-3.814,3.103-6.916,6.916-6.916c3.814,0,6.916,3.103,6.916,6.916v22.76h4.729v-22.76
C212.891,380.407,207.666,375.183,201.245,375.183z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
brand/Trivy-OSS-Logo-White-Stacked-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

3179
brand/Trivy-OSS-Logo-White-Stacked-RGB.svg
View File

File diff suppressed because it is too large Load Diff
Side by Side

Before

Width:  |  Height:  |  Size: 232 KiB

6
ci/deploy-deb.sh
View File

@@ -5,16 +5,14 @@ UBUNTU_RELEASES=$(sort -u <(ubuntu-distro-info --supported-esm) <(ubuntu-distro-
cd trivy-repo/deb
for release in generic ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Removing deb package of $release"
reprepro -A i386 remove $release trivy
reprepro -A amd64 remove $release trivy
reprepro -A arm64 remove $release trivy
done
for release in generic ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Adding deb package to $release"
reprepro includedeb $release ../../dist/*Linux-32bit.deb
reprepro includedeb $release ../../dist/*Linux-64bit.deb
reprepro includedeb $release ../../dist/*Linux-ARM64.deb
done

20
cmd/trivy/main.go
View File

@@ -2,7 +2,6 @@ package main
import (
"context"
"errors"
"os"
"golang.org/x/xerrors"
@@ -10,32 +9,33 @@ import (
"github.com/aquasecurity/trivy/pkg/commands"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/plugin"
"github.com/aquasecurity/trivy/pkg/types"
_ "modernc.org/sqlite" // sqlite driver for RPM DB and Java DB
)
var (
version = "dev"
)
func main() {
if err := run(); err != nil {
var exitError *types.ExitError
if errors.As(err, &exitError) {
os.Exit(exitError.Code)
}
log.Fatal("Fatal error", log.Err(err))
log.Fatal(err)
}
}
func run() error {
// Trivy behaves as the specified plugin.
if runAsPlugin := os.Getenv("TRIVY_RUN_AS_PLUGIN"); runAsPlugin != "" {
log.InitLogger(false, false)
if err := plugin.Run(context.Background(), runAsPlugin, plugin.Options{Args: os.Args[1:]}); err != nil {
if !plugin.IsPredefined(runAsPlugin) {
return xerrors.Errorf("unknown plugin: %s", runAsPlugin)
}
if err := plugin.RunWithArgs(context.Background(), runAsPlugin, os.Args[1:]); err != nil {
return xerrors.Errorf("plugin error: %w", err)
}
return nil
}
app := commands.NewApp()
app := commands.NewApp(version)
if err := app.Execute(); err != nil {
return err
}

2
contrib/Trivy.gitlab-ci.yml
View File

@@ -12,9 +12,9 @@ Trivy_container_scanning:
before_script:
- export TRIVY_VERSION=${TRIVY_VERSION:-v0.19.2}
- apk add --no-cache curl docker-cli
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
- curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
- trivy registry login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
cache:

8
contrib/asff.tpl
View File

@@ -91,7 +91,7 @@
"Severity": {
"Label": "{{ $severity }}"
},
"Title": "Trivy found a misconfiguration in {{ $target }}: {{ escapeString .Title }}",
"Title": "Trivy found a misconfiguration in {{ $target }}: {{ .Title }}",
"Description": {{ escapeString $description | printf "%q" }},
"Remediation": {
"Recommendation": {
@@ -108,7 +108,7 @@
"Region": "{{ env "AWS_REGION" }}",
"Details": {
"Other": {
"Message": "{{ escapeString .Message }}",
"Message": "{{ .Message }}",
"Filename": "{{ $target }}",
"StartLine": "{{ .CauseMetadata.StartLine }}",
"EndLine": "{{ .CauseMetadata.EndLine }}"
@@ -128,7 +128,7 @@
{
"SchemaVersion": "2018-10-08",
"Id": "{{ $target }}",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_DEFAULT_REGION" }}::product/aquasecurity/aquasecurity",
"GeneratorId": "Trivy",
"AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
"Types": [ "Sensitive Data Identifications" ],
@@ -145,7 +145,7 @@
"Type": "Other",
"Id": "{{ $target }}",
"Partition": "aws",
"Region": "{{ env "AWS_REGION" }}",
"Region": "{{ env "AWS_DEFAULT_REGION" }}",
"Details": {
"Other": {
"Filename": "{{ $target }}"

0
examples/ignore-policies/advanced.rego → contrib/example_policy/advanced.rego
View File

18
examples/ignore-policies/basic.rego → contrib/example_policy/basic.rego
View File

@@ -56,21 +56,3 @@ ignore {
# https://cwe.mitre.org/data/definitions/352.html
input.CweIDs[_] == "CWE-352"
}
# Ignore a license
ignore {
input.PkgName == "alpine-baselayout"
input.Name == "GPL-2.0"
}
# Ignore loose file license
ignore {
input.Name == "AGPL-3.0"
input.FilePath == "/usr/share/grafana/LICENSE"
}
# Ignore secret
ignore {
input.RuleID == "aws-access-key-id"
input.Match == "AWS_ACCESS_KEY_ID=\"********************\""
}

58
contrib/gitlab.tpl
View File

@@ -1,41 +1,11 @@
{{- /* Template based on https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format */ -}}
{
"version": "15.0.7",
"scan": {
"analyzer": {
"id": "trivy",
"name": "Trivy",
"vendor": {
"name": "Aqua Security"
},
"version": "{{ appVersion }}"
},
"end_time": "{{ now | date "2006-01-02T15:04:05" }}",
"scanner": {
"id": "trivy",
"name": "Trivy",
"url": "https://github.com/aquasecurity/trivy/",
"vendor": {
"name": "Aqua Security"
},
"version": "{{ appVersion }}"
},
"start_time": "{{ now | date "2006-01-02T15:04:05" }}",
"status": "success",
"type": "container_scanning"
},
{{- $image := "Unknown" -}}
{{- $os := "Unknown" -}}
{{- range . }}
{{- if eq .Class "os-pkgs" -}}
{{- $target := .Target }}
{{- $image = $target | regexFind "[^\\s]+" }}
{{- $os = $target | splitList "(" | last | trimSuffix ")" }}
{{- end }}
{{- end }}
"version": "14.0.6",
"vulnerabilities": [
{{- $t_first := true }}
{{- range . }}
{{- $target := .Target }}
{{- $image := $target | regexFind "[^\\s]+" }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
@@ -44,8 +14,11 @@
{{- end }}
{
"id": "{{ .VulnerabilityID }}",
"name": {{ .Title | printf "%q" }},
"category": "container_scanning",
"message": {{ .Title | printf "%q" }},
"description": {{ .Description | printf "%q" }},
{{- /* cve is a deprecated key, use id instead */}}
"cve": "{{ .VulnerabilityID }}",
"severity": {{ if eq .Severity "UNKNOWN" -}}
"Unknown"
{{- else if eq .Severity "LOW" -}}
@@ -64,6 +37,10 @@
{{- else -}}
"No solution provided"
{{- end }},
"scanner": {
"id": "trivy",
"name": "trivy"
},
"location": {
"dependency": {
"package": {
@@ -72,7 +49,7 @@
"version": "{{ .InstalledVersion }}"
},
{{- /* TODO: No mapping available - https://github.com/aquasecurity/trivy/issues/332 */}}
"operating_system": "{{ $os }}",
"operating_system": "Unknown",
"image": "{{ $image }}"
},
"identifiers": [
@@ -80,11 +57,8 @@
{{- /* TODO: Type not extractable - https://github.com/aquasecurity/trivy-db/pull/24 */}}
"type": "cve",
"name": "{{ .VulnerabilityID }}",
"value": "{{ .VulnerabilityID }}"
{{- /* cf. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/e3d280d7f0862ca66a1555ea8b24016a004bb914/dist/container-scanning-report-format.json#L157-179 */}}
{{- if .PrimaryURL | regexMatch "^(https?|ftp)://.+" -}},
"value": "{{ .VulnerabilityID }}",
"url": "{{ .PrimaryURL }}"
{{- end }}
}
],
"links": [
@@ -95,13 +69,9 @@
{{- else -}}
,
{{- end -}}
{{- if . | regexMatch "^(https?|ftp)://.+" -}}
{
"url": "{{ . }}"
"url": "{{ regexFind "[^ ]+" . }}"
}
{{- else -}}
{{- $l_first = true }}
{{- end -}}
{{- end }}
]
}

4
contrib/html.tpl
View File

@@ -85,7 +85,7 @@
<h1>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }}</h1>
<table>
{{- range . }}
<tr class="group-header"><th colspan="6">{{ .Type | toString | escapeXML }}</th></tr>
<tr class="group-header"><th colspan="6">{{ escapeXML .Type }}</th></tr>
{{- if (eq (len .Vulnerabilities) 0) }}
<tr><th colspan="6">No Vulnerabilities found</th></tr>
{{- else }}
@@ -128,7 +128,7 @@
<td>{{ escapeXML .ID }}</td>
<td class="misconf-check">{{ escapeXML .Title }}</td>
<td class="severity">{{ escapeXML .Severity }}</td>
<td class="link" data-more-links="off" style="white-space:normal;">
<td class="link" data-more-links="off" style="white-space:normal;"">
{{ escapeXML .Message }}
<br>
<a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a>

21
contrib/junit.tpl
View File

@@ -14,12 +14,8 @@
</testcase>
{{- end }}
</testsuite>
{{- if .MisconfSummary }}
<testsuite tests="{{ add .MisconfSummary.Successes .MisconfSummary.Failures }}" failures="{{ .MisconfSummary.Failures }}" name="{{ .Target }}" errors="0" time="">
{{- else }}
<testsuite tests="0" failures="0" name="{{ .Target }}" errors="0" skipped="0" time="">
{{- end }}
{{- $failures := len .Misconfigurations }}
<testsuite tests="{{ $failures }}" failures="{{ $failures }}" name="{{ .Target }}" errors="0" skipped="0" time="">
{{- if not (eq .Type "") }}
<properties>
<property name="type" value="{{ .Type }}"></property>
@@ -27,22 +23,9 @@
{{- end -}}
{{ range .Misconfigurations }}
<testcase classname="{{ .Type }}" name="[{{ .Severity }}] {{ .ID }}" time="">
{{- if (eq .Status "FAIL") }}
<failure message="{{ escapeXML .Title }}" type="description">{{ escapeXML .Description }}</failure>
{{- end }}
</testcase>
{{- end }}
</testsuite>
{{- if .Licenses }}
{{- $licenses := len .Licenses }}
<testsuite tests="{{ $licenses }}" failures="{{ $licenses }}" name="{{ .Target }}" time="0">{{ range .Licenses }}
<testcase classname="{{ .PkgName }}" name="[{{ .Severity }}] {{ .Name }}">
<failure/>
</testcase>
{{- end }}
</testsuite>
{{- end }}
{{- end }}
</testsuites>

1
docs/assets/css/trivy_v1_homepage.min.css vendored
View File

File diff suppressed because one or more lines are too long

693
docs/assets/css/trivy_v1_homepage.scss
View File

@@ -1,693 +0,0 @@
/* trivy homepage */
//aqua brand colors
$aq-royal-blue: #1904da;
$aq-legacy-blue: #08b1d5;
$aq-coral-red: #ff445f;
$aq-starfish-yellow: #ffc900;
$aq-dark-abyss: #07242d;
$aq-deep-sea-blue: #183278;
$aq-ocean-ash: #405a75;
$aq-sea-foam: #00ffe4;
$aq-neo-background: #ebf3fa;
$aq-neo-background-hover: #f0f8ff;
$aq-royal-blue-dark: #1503ba;
$aq-trivy-dark: #0a0b23;
$weight-normal: 400;
$weight-semibold: 600;
$weight-bold: 700;
$gap: 32px;
// 960, 1152, and 1344 have been chosen because they are divisible by both 12 and 16
$tablet: 769px;
// 960px container + 4rem
$desktop: 960px + 2 * $gap;
// 1152px container + 4rem
$widescreen: 1152px + 2 * $gap;
$widescreen-enabled: true;
// 1344px container + 4rem
$fullhd: 1344px + 2 * $gap;
$fullhd-enabled: true;
body {
font-family: "Inter", sans-serif;
}
.trivy_v1_homepage_wrap {
position: relative;
z-index: 3;
* {
transition: all 0.2s ease !important;
}
.container {
width: 100%;
margin: 0 auto;
max-width: 1440px;
@media screen and (max-width: $tablet), print { //769
padding: 0 24px;
max-width: $tablet; //769
} //until tablet
}
.button {
background-color: #ebf3fa;
border: 1px solid #dbdbdb;
border-width: 1px;
color: #363636;
cursor: pointer;
justify-content: center;
padding-bottom: calc(.5em - 1px);
padding-left: 1em;
padding-right: 1em;
padding-top: calc(.5em - 1px);
text-align: center;
white-space: nowrap;
border-radius: 4px;
transition: all .2s ease;
font-size: 16px;
display: inline-block;
font-weight: 700;
&.is-seafoam {
background-color: $aq-sea-foam;
border-color: $aq-sea-foam;
color: $aq-dark-abyss;
&.is-outlined {
background-color: rgba(0,0,0,0);
border-color: $aq-sea-foam;
color: $aq-sea-foam;
border-width: 2px;
&:hover {
background-color: $aq-sea-foam;
color: $aq-dark-abyss;
}
} //is-outlines
} //is-seafoam
&.large_btn {
font-size: 22px;
padding: 16px 27px;
margin-right: 12px;
@media screen and (max-width: $tablet), print {
font-size: 18px;
} //until tablet
}
&.solidseafoamarrowbutton {
background-color: $aq-sea-foam;
font-weight: 700;
border: 2px solid $aq-sea-foam;
font-size: 22px; //1.375rem; //1.125rem;
padding: 16px 27px;
color: $aq-dark-abyss;
&:after {
content: "";
border: solid $aq-dark-abyss;
border-width: 0 2px 2px 0;
display: inline-block;
padding: 4px;
transform: rotate(-45deg);
margin-left: 30px;
vertical-align: middle;
transition: all .2s;
}
} //solidseafoamarrowbutton
} //button
.margin-bottom-20 {
margin-bottom: 20px;
}
.hero_wrap {
background-color: $aq-trivy-dark;
background-image: radial-gradient(1600px at 70% 120%, #031145 10%, $aq-trivy-dark 100%);
min-height: 1050px;
position: relative;
z-index: 10;
.homepage_background_image_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
pointer-events: none;
.stars_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
overflow: hidden;
.stars_bg {
position: absolute;
width: 400vw;
height: 400vh;
top: 50%;
left: 50%;
margin-top: -200vh;
margin-left: -200vw;
animation: stars_ani 240s linear infinite;
background-size: 240px;
backface-visibility: visible;
background-image:url(../images/homepage_hero_stars_02.svg);
background-repeat: repeat;
}
@keyframes stars_ani {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
} //stars_wrap
.terrain_wrap {
position: absolute;
left: 0px;
bottom: 0px;
width: 100%;
height: 680px;
background-image:url(../images/homepage_hero_terrain_08.svg);
background-repeat: no-repeat;
background-position: center top;
background-size: cover;
z-index: 2;
} // terrain_wrap
.beams_wrap {
position: absolute;
left: 0px;
bottom: 0px;
width: 100%;
height: 100%;
z-index: 3;
overflow: hidden;
.beam {
position: absolute;
right: 200px;
top: 270px;
width: 3px;
height: 350%;
background: rgba(#3eabff,0.6);
box-shadow: 0px 0px 55px 0px rgba(#3eabff,1);
transform-origin: 0 0;
animation: beam_ani 10s infinite;
&.num2 {animation: beam_ani 11s infinite;}
&.num3 {animation: beam_ani 12s infinite;}
&.num4 {animation: beam_ani 13s infinite;}
} //beam
@keyframes beam_ani {
0% { transform: rotate(75deg); }
50% { transform: rotate(-15deg); }
100% { transform: rotate(75deg); }
}
.sphere {
z-index:999;
position: absolute;
top: 60px;
right: 50px;
width: 280px;
height: 280px;
background-image:url(../images/homepage_hero_orb_03.png);
background-position: center center;
background-repeat: no-repeat;
}
} //beams_wrap
.person_wrap {
position: absolute;
left: 0px;
bottom: 0px;
width: 100%;
height: 595px;
background-image:url(../images/homepage_v1_hero_person_01.png);
background-repeat: no-repeat;
background-position: center bottom;
z-index: 4;
} // person_wrap
} //hero_background_image_wrap
}
.hero {
.hero-body {
padding: 80px 0px;
// border: 1px solid red;
.header_title_wrap {
.header_title_content_wrap {
width: 50%;
position: relative;
z-index: 3;
.page_title {
color: #ffffff;
font-weight: $weight-bold;
font-size: 48px; //3rem;
line-height: 1.3;
}//page_title
.page_subtitle {
color: #ffffff;
font-weight: $weight-normal;
font-size: 24px; //1.5rem;
line-height: 1.3;
margin-bottom: 30px;
} //page_subtitle
@media screen and (max-width: $widescreen), print {
width: 70%;
} //until widescreen
@media screen and (max-width: $tablet), print { //769
width: 100%;
.page_title {
font-size: 32px; //2rem;
}//page_title
.page_subtitle {
font-size: 18px; //1.125rem;
}//page_subtitle
} //until tablet
} //header_title_content_wrap
} //header_title_wrap
@media screen and (min-width: $tablet), print { //769
padding: 48px 24px; //3rem 1.5rem;
}
}
} //hero
// } //page-trivy_homepage
/* homepage_community */
.homepage_community_wrap {
position: relative;
background-color: $aq-trivy-dark;
color: #ffffff;
z-index: 5;
padding-top: 60px;
padding-bottom: 20px;
.container.wide_container {
max-width: 1640px;
padding-left: 20px;
padding-right: 20px;
display: flex;
flex-direction: row;
flex-wrap: wrap;
}
.community_titles_column {
width: 33.3333%;
padding-right: 32px;
@media screen and (max-width: $desktop), print {
width: 41.6666666667%;
} //until desktop
@media screen and (max-width: $tablet), print {
width: 100%;
} //until tablet
}
.community_slider_column {
width: 66.6666%;
@media screen and (max-width: $desktop), print {
width: 58.3333333333%;
} //until desktop
@media screen and (max-width: $tablet), print {
width: 100%;
} //until tablet
}
.community_title {
color: $aq-sea-foam;
font-size: 60px; //3.75rem;
font-weight: $weight-bold;
margin-bottom: 24px; ////1.5rem;
line-height: 1.2;
}
.community_subtitle {
color: #ffffff;
font-size: 26px; //1.625rem;
margin-bottom: 24px; ////1.5rem;
}
.community_cta_wrap {
.button {
font-weight: $weight-bold;
margin-right: 10px;
}
}
.community_quotes_wrap {
position: relative;
.community_quotes {
column-count: 3;
column-gap: 20px;
@media screen and (max-width: $widescreen), print { //1216
column-count: 2;
}
@media screen and (max-width: $tablet), print { //769
column-count: 1;
}
.quote_item_wrap {
display: inline-block;
margin: 0px 0px 20px 0px;
width: 100%;
}
.quote_item {
display: block;
position: relative;
color: #ffffff;
border: 1px solid rgba($aq-sea-foam,0.2);
background-color: rgba($aq-sea-foam,0.05);
border-radius: 4px;
padding: 25px;
.quote_name {
font-size: 16px; //1rem;
font-weight: $weight-semibold;
}
.quote_twitter_handle {
opacity: 0.6;
font-size: 13px; //0.8125rem;
}
.quote_company {
opacity: 0.6;
font-size: 13px; //0.8125rem;
}
.quote_text {
font-size: 16px; //1rem;
font-weight: $weight-normal;
line-height: 1.3;
}
.quote_avatar {
display: block;
position: absolute;
top: 25px;
left: 25px;
width: 40px;
height: 40px;
border-radius: 50%;
background-repeat: no-repeat;
background-position: center center;
background-size: cover;
}
&.is_tweet {
.quote_text {
padding-top: 10px;
}
&.has_avatar {
.quote_name,
.quote_twitter_handle {
padding-left: 50px;
}
} //has_avatar
} //&is_tweet
&.is_quote {
.quote_text {
position: relative;
padding-top: 40px;
padding-bottom: 10px;
&:before {
content: "";
display: block;
position: absolute;
top: -10px;
left: 0px;
width: 56px;
height: 42px;
background-image: url(../images/community_quote.png);
background-position: center center;
background-repeat: no-repeat;
}
} //quote_text
} //&is_quote
} //quote_item
}
} //community_quotes_wrap
@media screen and (max-width: $tablet), print { //tablet
.community_title {
font-size: 32px; //2rem;
}
.community_subtitle {
font-size: 18px; //1.125rem;
}
} //until
} //homepage_community_wrap
} //trivy_homepage_wrap
/* Slider */
.slick-slider{position:relative;display:block;box-sizing:border-box;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-touch-callout:none;-khtml-user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-tap-highlight-color:transparent;}
.slick-list{position:relative;display:block;overflow:hidden;margin:0;padding:0;}
.slick-list:focus{outline:none;}
.slick-list.dragging{cursor:hand;}
.slick-slider .slick-track,.slick-slider .slick-list{transform:translate3d(0,0,0);}
.slick-track{position:relative;top:0;left:0;display:block;margin-left:auto;margin-right:auto;}
.slick-track:before,.slick-track:after{display:table;content:'';}
.slick-track:after{clear:both;}
.slick-loading .slick-track{visibility:hidden;}
.slick-slide{display:none;float:left;height:100%;min-height:1px;}
.slick-slide:focus{outline:none;}
.slick-slide img{display:block;}
.slick-slide.slick-loading img{display:none;}
.slick-slide.dragging img{pointer-events:none;}
.slick-initialized .slick-slide{display:block;}
.slick-loading .slick-slide{visibility:hidden;}
.slick-vertical .slick-slide{display:block;height:auto;border:1px solid transparent;}
.slick-arrow.slick-hidden{display:none;}
.slick-arrow {display:block;background-color:transparent;border:none;color:transparent;cursor:pointer;position:absolute;top:0px;height:330px;width:80px;z-index:20;outline:none;}
.slick-arrow:focus, .slick-arrow:active {outline:none;}
.slick-arrow.slick-prev {left:0px;background-image:linear-gradient(to right, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow.slick-next {right:0px;background-image:linear-gradient(to left, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow:before {content:"";display:block;position:absolute;left:0px;top:0px;width:100%;height:100%;z-index:21;background-repeat:no-repeat;}
.slick-arrow.slick-prev:before {background-image:url(../images/arrow_left.png);background-position:center left;}
.slick-arrow.slick-next:before {background-image:url(../images/arrow_right.png);background-position:center right;}
/* dots */
.slick-dotted.slick-slider
{
margin-bottom: 0px;
}
.slick-dots
{
//position: absolute;
//bottom: -25px;
position: relative;
display: block;
width: 100%;
padding: 0;
margin: 0;
list-style: none;
text-align: center;
}
.slick-dots li {
position: relative;
display: inline-block;
width: 24px;
height: 24px;
margin: 0px 4px;
padding: 0;
cursor: pointer;
}
.slick-dots li button
{
font-size: 0;
line-height: 0;
display: block;
width: 24px;
height: 24px;
padding: 0px;
cursor: pointer;
color: transparent;
border: 0;
outline: none;
background: transparent;
&:before {
position: relative;
top: 0px;
left: 0px;
width: 20px;
height: 20px;
content: "";
background-color: transparent;
border: 2px solid $aq-sea-foam;
border-radius: 50%;
display: block;
opacity: 0.7;
}
&:after {
position: absolute;
top: 7px;
left: 5px;
width: 10px;
height: 10px;
content: "";
background-color: $aq-sea-foam;
//border: 1px solid #666;
border-radius: 50%;
//box-shadow: inset 1px 1px 1px #888;
display: block;
opacity: 0;
transition: 0.2s ease-out;
}
}
.slick-dots li button:hover,
.slick-dots li button:focus
{
outline: none;
&:after {
opacity: 1;
}
}
.slick-dots li.slick-active button:after {
opacity: 1;
}

BIN
docs/assets/images/homepage_hero_orb_03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

1
docs/assets/images/homepage_hero_stars_02.svg
View File

@@ -1 +0,0 @@
<svg version="1.1" id="Layer_2" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 240 240" enable-background="new 0 0 240 240" xml:space="preserve"><rect x="106" y="90" fill="#00ffe4" width="2" height="2"/><rect x="74" y="63" fill="#00ffe4" width="1" height="1"/><rect x="23" y="66" fill="#00ffe4" width="1" height="1"/><rect x="50" y="110" fill="#00ffe4" width="1" height="1"/><rect x="63" y="128" fill="#00ffe4" width="1" height="1"/><rect x="45" y="149" fill="#00ffe4" width="1" height="1"/><rect x="92" y="151" fill="#00ffe4" width="1" height="1"/><rect x="58" y="8" fill="#00ffe4" width="1" height="1"/><rect x="147" y="33" fill="#00ffe4" width="2" height="2"/><rect x="91" y="43" fill="#00ffe4" width="1" height="1"/><rect x="169" y="29" fill="#ffffff" width="1" height="1"/><rect x="182" y="19" fill="#00ffe4" width="1" height="1"/><rect x="161" y="59" fill="#00ffe4" width="1" height="1"/><rect x="138" y="95" fill="#00ffe4" width="1" height="1"/><rect x="199" y="71" fill="#ffffff" width="3" height="3"/><rect x="213" y="153" fill="#00ffe4" width="2" height="2"/><rect x="128" y="163" fill="#ffffff" width="1" height="1"/><rect x="205" y="174" fill="#00ffe4" width="1" height="1"/><rect x="152" y="200" fill="#00ffe4" width="1" height="1"/><rect x="52" y="211" fill="#00ffe4" width="2" height="2"/><rect y="191" fill="#00ffe4" width="1" height="1"/><rect x="110" y="184" fill="#00ffe4" width="1" height="1"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.4 KiB

1
docs/assets/images/homepage_hero_terrain_08.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 336 KiB

BIN
docs/assets/images/homepage_v1_hero_person_01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 55 KiB

1
docs/assets/images/trivy_logo_horizontal_white.svg
View File

@@ -1 +0,0 @@
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891" xml:space="preserve"><style>.st0{fill:#fff}.st1{fill:#50f0ff}</style><path class="st0" d="M1421.86 281.92h-46.97c-25.9 0-46.97-21.07-46.97-46.97s21.07-46.97 46.97-46.97 46.97 21.07 46.97 46.97v46.97zm-46.97-74.87c-15.38 0-27.9 12.52-27.9 27.9 0 15.38 12.52 27.9 27.9 27.9h27.9v-27.9c0-15.38-12.51-27.9-27.9-27.9zM1737.06 281.92h-46.97c-25.9 0-46.97-21.07-46.97-46.97s21.07-46.97 46.97-46.97 46.97 21.07 46.97 46.97v46.97zm-46.97-74.87c-15.38 0-27.9 12.52-27.9 27.9 0 15.38 12.52 27.9 27.9 27.9h27.9v-27.9c-.01-15.38-12.52-27.9-27.9-27.9zM1585.02 281.94c-25.91 0-46.99-21.08-46.99-46.99v-44.08h19.08v44.08c0 15.39 12.52 27.91 27.91 27.91s27.91-12.52 27.91-27.91v-44.08h19.09v44.08c-.01 25.91-21.1 46.99-47 46.99zM1479.94 187.98c-25.9 0-46.97 21.07-46.97 46.97s21.07 46.97 46.97 46.97l19.07-19.07h-19.07c-15.38 0-27.9-12.52-27.9-27.9 0-15.38 12.52-27.9 27.9-27.9 15.38 0 27.9 12.52 27.9 27.9v91.8h19.07v-91.8c0-25.9-21.07-46.97-46.97-46.97zM942.76 588.45v46.29c-31.53 0-59.94-11.34-82.34-30.14-28.15-23.63-46.04-59.08-46.04-98.71V274.06h46.04v105.2h82.34v46.59h-82.34v81.19c.63 45.06 37.13 81.41 82.34 81.41zM1106.82 379.26v45.98c-43.65.1-79.18 34.71-80.78 77.98v131.52h-46.12V379.26h46.12v29.16c21.93-18.18 50.08-29.12 80.78-29.16zM1136.4 353.72v-40.29h46.05v40.29h-46.05zm0 281.02V379.26h46.05v255.48h-46.05zM1464.76 379.26l-127.64 255.48-127.8-255.48h52.33l75.47 150.88 75.31-150.88h52.33zM1740.81 379.26v297.8c0 71.31-58.52 128.26-127.83 128.2-32.47.03-62.55-12.29-85.37-32.76l33.1-33.09c14.13 11.97 32.36 19.22 52.28 19.2 44.86 0 81.17-36.69 81.17-81.55v-71.39c-22.26 18.42-50.67 29.09-81.17 29.06-69.46.06-127.95-56-127.95-127.85V379.24h46.64l.02 127.64c0 44.67 36.39 81.6 81.28 81.55 44.86 0 81.17-36.69 81.17-81.55V379.26h46.66z"/><path class="st1" d="M428.54 364.9h.12c6.56.01 11.98-5.03 11.98-11.58V135.99l-12.23-6.83-12.18 6.8v217.36c0 6.56 5.43 11.61 11.98 11.58h.33z"/><path d="M355.18 463.55 153.55 598.87v15.41l11.49 6.29 203.73-136.73c5.23-3.51 6.53-10.52 3.15-15.84-.14-.23-.29-.45-.43-.68-3.5-5.62-10.81-7.46-16.31-3.77z" style="fill:#0744dd"/><path d="m488.27 483.95 203.55 136.61 11.45-6.28v-15.44L501.86 463.66c-5.51-3.7-12.82-1.87-16.32 3.76-.13.21-.27.43-.4.64-3.41 5.34-2.12 12.37 3.13 15.89z" style="fill:#ffc900"/><path class="st0" d="M727.69 282.29v-13.96l-12.5-6.98-.93-.49-273.93-152.99-11.92-6.64-11.87 6.64-273.98 152.99-.93.49-12.5 6.98v13.96l-.93.54.93.49v345.42l12.69 6.94 266.85 146.2 3.37 1.85 16.41 8.98 16.36-8.98 3.37-1.85 266.85-146.2 12.65-6.94V283.37l.98-.54-.97-.54zM440.95 758.05V511.4c0-6.72-5.5-12.22-12.22-12.21h-.32c-6.72-.01-12.22 5.49-12.22 12.21v246.64L165.04 620.57l-11.49-6.29V294.7l199.98 109.56c5.77 3.16 13.1 1.04 16.28-4.72l.14-.26c3.22-5.83 1.08-13.22-4.76-16.42L167.81 274.72l248.42-138.75 12.18-6.8 12.23 6.83 248.37 138.73-197.54 108.22c-5.81 3.18-7.63 10.45-4.41 16.24.05.1.11.2.16.29 3.16 5.73 10.22 8.01 15.96 4.86L703.27 294.7v319.59l-11.45 6.28-250.87 137.48z"/><circle cx="428.54" cy="432.05" r="35.42" style="fill:#ff0036"/><path class="st1" d="M617.65 262.99 426.32 155.74c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l191.33 107.25c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM533.81 271.27l-107.48-60.25c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l107.48 60.25c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.97-16.62 4.68zM569.02 291c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68 5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM462.29 288.33l-35.7-20.01c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l35.7 20.01c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM516.16 321.21l-20.67-11.58c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l20.67 11.58c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.9 KiB

9
docs/assets/javascripts/trivy_v1_homepage.js
View File

File diff suppressed because one or more lines are too long

8
docs/build/Dockerfile vendored
View File

@@ -1,6 +1,10 @@
FROM squidfunk/mkdocs-material:9.5.44
FROM squidfunk/mkdocs-material:8.3.9
# https://squidfunk.github.io/mkdocs-material/getting-started/?h=macros#with-docker-material-for-mkdocs
## If you want to see exactly the same version as is published to GitHub pages
## use a private image for insiders, which requires authentication.
# docker login -u ${GITHUB_USERNAME} -p ${GITHUB_TOKEN} ghcr.io
# FROM ghcr.io/squidfunk/mkdocs-material-insiders
COPY requirements.txt .
RUN pip install -r requirements.txt

3
docs/build/requirements.in vendored
View File

@@ -1,3 +0,0 @@
mkdocs-material==9.5.44
mkdocs-macros-plugin
mike

136
docs/build/requirements.txt vendored
View File

@@ -1,114 +1,30 @@
#
# This file is autogenerated by pip-compile with Python 3.13
# by the following command:
#
# pip-compile --output-file=docs/build/requirements.txt docs/build/requirements.in
#
babel==2.16.0
# via mkdocs-material
certifi==2024.8.30
# via requests
charset-normalizer==3.4.0
# via requests
click==8.1.7
# via mkdocs
colorama==0.4.6
# via mkdocs-material
ghp-import==2.1.0
# via mkdocs
hjson==3.1.0
# via
# mkdocs-macros-plugin
# super-collections
idna==3.10
# via requests
importlib-metadata==8.5.0
# via mike
importlib-resources==6.4.5
# via mike
jinja2==3.1.4
# via
# mike
# mkdocs
# mkdocs-macros-plugin
# mkdocs-material
markdown==3.7
# via
# mkdocs
# mkdocs-material
# pymdown-extensions
markupsafe==3.0.2
# via
# jinja2
# mkdocs
click==8.1.2
csscompressor==0.9.5
ghp-import==2.0.2
htmlmin==0.1.12
importlib-metadata==4.11.3
Jinja2==3.1.1
jsmin==3.0.1
Markdown==3.3.6
MarkupSafe==2.1.1
mergedeep==1.3.4
# via
# mkdocs
# mkdocs-get-deps
mike==2.1.3
# via -r docs/build/requirements.in
mkdocs==1.6.1
# via
# mike
# mkdocs-macros-plugin
# mkdocs-material
mkdocs-get-deps==0.2.0
# via mkdocs
mkdocs-macros-plugin==1.3.7
# via -r docs/build/requirements.in
mkdocs-material==9.5.44
# via -r docs/build/requirements.in
mkdocs-material-extensions==1.3.1
# via mkdocs-material
packaging==24.2
# via
# mkdocs
# mkdocs-macros-plugin
paginate==0.5.7
# via mkdocs-material
pathspec==0.12.1
# via
# mkdocs
# mkdocs-macros-plugin
platformdirs==4.3.6
# via mkdocs-get-deps
pygments==2.18.0
# via mkdocs-material
pymdown-extensions==10.12
# via mkdocs-material
pyparsing==3.2.0
# via mike
python-dateutil==2.9.0.post0
# via
# ghp-import
# mkdocs-macros-plugin
pyyaml==6.0.2
# via
# mike
# mkdocs
# mkdocs-get-deps
# mkdocs-macros-plugin
# pymdown-extensions
# pyyaml-env-tag
mike==1.1.2
mkdocs==1.3.0
mkdocs-macros-plugin==0.7.0
mkdocs-material==8.3.9
mkdocs-material-extensions==1.0.3
mkdocs-minify-plugin==0.5.0
mkdocs-redirects==1.0.4
packaging==21.3
Pygments==2.12.0
pymdown-extensions==9.5
pyparsing==3.0.8
python-dateutil==2.8.2
PyYAML==6.0
pyyaml-env-tag==0.1
# via
# mike
# mkdocs
regex==2024.11.6
# via mkdocs-material
requests==2.32.3
# via mkdocs-material
six==1.16.0
# via python-dateutil
super-collections==0.5.3
# via mkdocs-macros-plugin
termcolor==2.5.0
# via mkdocs-macros-plugin
urllib3==2.2.3
# via requests
termcolor==1.1.0
verspec==0.1.0
# via mike
watchdog==6.0.0
# via mkdocs
zipp==3.21.0
# via importlib-metadata
watchdog==2.1.7
zipp==3.8.0

130
docs/community/contribute/checks/overview.md
View File

@@ -1,130 +0,0 @@
# Contribute Rego Checks
The following guide provides an overview of contributing checks to the default checks in Trivy.
All of the checks in Trivy can be found in the [trivy-checks](https://github.com/aquasecurity/trivy-checks/tree/main) repository on GitHub. Before you begin writing a check, ensure:
1. The check does not already exist as part of the default checks in the [trivy-checks](https://github.com/aquasecurity/trivy-checks/tree/main) repository.
2. The pull requests in the [trivy-checks](https://github.com/aquasecurity/trivy-checks/pulls) repository to see whether someone else is already contributing the check that you wanted to add.
3. The [issues in Trivy](https://github.com/aquasecurity/trivy/issues) to see whether any specific checks are missing in Trivy that you can contribute.
If anything is unclear, please [start a discussion](https://github.com/aquasecurity/trivy/discussions/new) and we will do our best to help.
## Check structure
Checks are written in Rego and follow a particular structure in Trivy. Below is an example check for AWS:
```rego
# METADATA
# title: "RDS IAM Database Authentication Disabled"
# description: "Ensure IAM Database Authentication is enabled for RDS database instances to manage database access"
# scope: package
# schemas:
# - input: schema["aws"]
# related_resources:
# - https://docs.aws.amazon.com/neptune/latest/userguide/iam-auth.html
# custom:
# id: AVD-AWS-0176
# avd_id: AVD-AWS-0176
# provider: aws
# service: rds
# severity: MEDIUM
# short_code: enable-iam-auth
# recommended_action: "Modify the PostgreSQL and MySQL type RDS instances to enable IAM database authentication."
# input:
# selector:
# - type: cloud
# subtypes:
# - service: rds
# provider: aws
package builtin.aws.rds.aws0176
deny[res] {
instance := input.aws.rds.instances[_]
instance.engine.value == ["postgres", "mysql"][_]
not instance.iamauthenabled.value
res := result.new("Instance does not have IAM Authentication enabled", instance.iamauthenabled)
}
```
## Verify the provider and service exists
Every check for a cloud service references a cloud provider. The list of providers are found in the [Trivy](https://github.com/aquasecurity/trivy/tree/main/pkg/iac/providers) repository.
Before writing a new check for a cloud provider, you need to verify if the cloud provider or resource type that your check targets is supported by Trivy. If it's not, you'll need to add support for it. Additionally, if the provider that you want to target exists, you need to check whether the service your policy will target is supported. As a reference you can take a look at the AWS provider [here](https://github.com/aquasecurity/trivy/blob/main/pkg/iac/providers/aws/aws.go).
???+ note
New Kubernetes and Dockerfile checks do not require any additional provider definitions. You can find an example of a Dockerfile check [here](https://github.com/aquasecurity/trivy-checks/blob/main/checks/docker/add_instead_of_copy.rego) and a Kubernetes check [here](https://github.com/aquasecurity/trivy-checks/blob/main/checks/kubernetes/general/CPU_not_limited.rego).
### Add Support for a New Service in an existing Provider
[Please reference the documentation on adding Support for a New Service](./service-support.md).
This guide also showcases how to add new properties for an existing Service.
## Create a new .rego file
The following directory in the trivy-checks repository contains all of our custom checks. Depending on what type of check you want to create, you will need to nest a new `.rego` file in either of the [subdirectories](https://github.com/aquasecurity/trivy-checks/tree/main/checks):
* cloud: All checks related to cloud providers and their services
* docker: Docker specific checks
* kubernetes: Kubernetes specific checks
## Check Package name
Have a look at the existing package names in the [built in checks](https://github.com/aquasecurity/trivy-checks/tree/main/checks).
The package name should be in the format `builtin.PROVIDER.SERVICE.ID`, e.g. `builtin.aws.rds.aws0176`.
## Generating an ID
Every check has a custom ID that is referenced throughout the metadata of the check to uniquely identify the check. If you plan to contribue your check back into the [trivy-checks](https://github.com/aquasecurity/trivy-checks) repository, it will require a valid ID.
Running `make id` in the root of the trivy-checks repository will provide you with the next available _ID_ for your rule.
## Check Schemas
Rego Checks for Trivy can utilise Schemas to map the input to specific objects. The schemas available are listed [here.](https://github.com/aquasecurity/trivy/tree/main/pkg/iac/rego/schemas).
More information on using the builtin schemas is provided in the [main documentation.](../../../docs/scanner/misconfiguration/custom/schema.md)
## Check Metadata
The metadata is the top section that starts with `# METADATA`, and has to be placed on top of the check. You can copy and paste from another check as a starting point. This format is effectively _yaml_ within a Rego comment, and is [defined as part of Rego itself](https://www.openpolicyagent.org/docs/latest/policy-language/#metadata).
For detailed information on each component of the Check Metadata, please refer to the [main documentation.](../../../docs/scanner/misconfiguration/custom/index.md)
Note that while the Metadata is optional in your own custom checks for Trivy, if you are contributing your check to the Trivy builtin checks, the Metadata section will be required.
## Writing Rego Rules
Rules are defined using _OPA Rego_. You can find a number of examples in the `checks` directory ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/checks)). The [OPA documentation](https://www.openpolicyagent.org/docs/latest/policy-language/) is a great place to start learning Rego. You can also check out the [Rego Playground](https://play.openpolicyagent.org/) to experiment with Rego, and [join the OPA Slack](https://slack.openpolicyagent.org/).
```rego
deny[res] {
instance := input.aws.rds.instances[_]
instance.engine.value == ["postgres", "mysql"][_]
not instance.iamauthenabled.value
res := result.new("Instance does not have IAM Authentication enabled", instance.iamauthenabled)
}
```
The rule should return a result, which can be created using `result.new`. This function does not need to be imported, it is defined internally and provided at runtime. The first argument is the message to display and the second argument is the resource that the issue was detected on.
It is possible to pass any rego variable that references a field of the input document.
## Generate docs
Finally, you'll want to generate documentation for your newly added rule. Please run `make docs` in the [trivy-checks](https://github.com/aquasecurity/trivy-checks) directory to generate the documentation for your new policy and submit a PR for us to take a look at.
## Adding Tests
All Rego checks need to have tests. There are many examples of these in the `checks` directory for each check ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/checks)). More information on how to write tests for Rego checks is provided in the [custom misconfiguration](../../../docs/scanner/misconfiguration/custom/testing.md) section of the docs.
## Example PR
You can see a full example PR for a new rule being added here: [https://github.com/aquasecurity/defsec/pull/1000](https://github.com/aquasecurity/defsec/pull/1000).

69
docs/community/contribute/checks/service-support.md
View File

@@ -1,69 +0,0 @@
# Add Service Support
A service refers to a service by a cloud provider. This section details how to add a new service to an existing provider. All contributions need to be made to the [trivy repository](https://github.com/aquasecurity/trivy/).
## Prerequisites
Before you begin, verify that the [provider](https://github.com/aquasecurity/trivy/tree/main/pkg/iac/providers) does not already have the service that you plan to add.
## Adding a new service to an existing provider
Adding a new service involves two steps. The service will need a data structure to store information about the required resources that will be scanned. Additionally, the service will require one or more adapters to convert the scan targetes as input(s) into the aforementioned data structure.
### Create a new file in the provider directory
In this example, we are adding the CodeBuild service to the AWS provider.
First, create a new directory and file for your new service under the provider directory: e.g. [aws/codebuild/codebuild.go](https://github.com/aquasecurity/trivy/blob/main/pkg/iac/providers/aws/codebuild/codebuild.go)
The CodeBuild service will require a structure `struct` to hold the information on the input that is scanned. The input is the CodeBuild resource that a user configured and wants to scan for misconfiguration.
```
type CodeBuild struct {
Projects []Project
}
```
The CodeBuild service manages `Project` resources. The `Project` struct has been added to hold information about each Project resources; `Project` Resources in turn manage `ArtifactSettings`:
```
type Project struct {
Metadata iacTypes.Metadata
ArtifactSettings ArtifactSettings
SecondaryArtifactSettings []ArtifactSettings
}
type ArtifactSettings struct {
Metadata iacTypes.Metadata
EncryptionEnabled iacTypes.BoolValue
}
```
The `iacTypes.Metadata` struct is embedded in all of the Trivy types and provides a common set of metadata for all resources. This includes the file and line number where the resource was defined and the name of the resource.
A resource in this example `Project` can have a name and can optionally be encrypted. Instead of using raw string and bool types respectively, we use the trivy types `iacTypes.Metadata` and `iacTypes.BoolValue`. These types wrap the raw values and provide additional metadata about the value. For instance, whether it was set by the user and the file and line number where the resource was defined.
Have a look at the other providers and services in the [`iac/providers`](https://github.com/aquasecurity/trivy/tree/main/pkg/iac/providers) directory in Trivy.
Next you'll need to add a reference to your new service struct in the [provider struct](https://github.com/aquasecurity/trivy/blob/main/pkg/iac/providers/aws/aws.go) at `pkg/iac/providers/aws/aws.go`:
```
type AWS struct {
...
CodeBuild codebuild.CodeBuild
...
}
```
### Update Adapters
Now you'll need to update all of the [adapters](https://github.com/aquasecurity/trivy/tree/main/pkg/iac/adapters) which populate the struct of the provider that you have been using. Following the example above, if you want to add support for CodeBuild in Terraform, you'll need to update the Terraform AWS adatper as shown here: [`trivy/pkg/iac/adapters/terraform/aws/codebuild/adapt.go`](https://github.com/aquasecurity/trivy/blob/main/pkg/iac/adapters/terraform/aws/codebuild/adapt.go).
Another example for updating the adapters is provided in the [following PR.](https://github.com/aquasecurity/defsec/pull/1000/files) Additionally, please refer to the respective Terraform documentation on the provider to which you are adding the service. For instance, the Terraform documentation for AWS CodeBuild is provided [here.](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project)
## Create a new Schema for your provider
Once the new service has been added to the provider, you need to create the schema for the service as part of the provider schema.
This process has been automated with mage commands. In the Trivy root directory run `mage schema:generate` to generate the schema for your new service and `mage schema:verify`.

4
docs/community/contribute/discussion.md
View File

@@ -24,7 +24,7 @@ There are 4 categories:
If you find any false positives or false negatives, please make sure to report them under the "False Detection" category, not "Bugs".
## False detection
Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#data-sources).
Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/).
Sometime these databases contain mistakes.
If Trivy can't detect any CVE-IDs or shows false positive result, at first please follow the next steps:
@@ -42,7 +42,7 @@ If you find a problem, it'll be nice to fix it: [How to contribute to a GitHub s
### GitLab Advisory Database
Visit [here](https://advisories.gitlab.com/) and search CVE-ID.
If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues)
If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new)
### Red Hat CVE Database
Visit [here](https://access.redhat.com/security/security-updates/?cwe=476#/cve) and search CVE-ID.

3
docs/community/contribute/issue.md
View File

@@ -2,6 +2,3 @@
Thank you for taking interest in contributing to Trivy!
Trivy uses [GitHub Discussion](./discussion.md) for bug reports, feature requests, and questions.
!!! warning
Issues created by non-maintainers will be immediately closed.

23
docs/community/contribute/pr.md
View File

@@ -1,6 +1,7 @@
Thank you for taking interest in contributing to Trivy!
1. Every Pull Request should have an associated GitHub issue link in the PR description. Note that issues are created by Trivy maintainers based on feedback provided in a GitHub discussion. Please refer to the [issue](./issue.md) and [discussion](./discussion.md) pages for explanation about this process. If you think your change is trivial enough, you can skip the issue and instead add justification and explanation in the PR description.
1. Every Pull Request should have an associated bug or feature issue unless you are fixing a trivial documentation issue.
1. Please add the associated Issue link in the PR description.
1. Your PR is more likely to be accepted if it focuses on just one change.
1. There's no need to add or tag reviewers.
1. If a reviewer commented on your code or asked for changes, please remember to respond with comment. Do not mark discussion as resolved. It's up to reviewer to mark it resolved (in case if suggested fix addresses problem properly). PRs with unresolved issues should not be merged (even if the comment is unclear or requires no action from your side).
@@ -26,7 +27,7 @@ $ ./trivy -h
You must pass the linter checks:
```shell
$ mage lint:run
$ mage lint
```
Additionally, you need to have run `go mod tidy`, so execute the following command as well:
@@ -35,11 +36,6 @@ Additionally, you need to have run `go mod tidy`, so execute the following comma
$ mage tidy
```
To autofix linters use the following command:
```shell
$ mage lint:fix
```
### Unit tests
Your PR must pass all the unit tests. You can test it as below.
@@ -113,7 +109,6 @@ mode:
- server
- aws
- vm
- plugin
os:
@@ -121,7 +116,7 @@ os:
- redhat
- alma
- rocky
- azure
- mariner
- oracle
- debian
- ubuntu
@@ -142,7 +137,6 @@ language:
- go
- elixir
- dart
- julia
vuln:
@@ -179,25 +173,16 @@ others:
- helm
- report
- db
- parser
- deps
The `<scope>` can be empty (e.g. if the change is a global or difficult to assign to a single component), in which case the parentheses are omitted.
**Breaking changes**
A PR, introducing a breaking API change, needs to append a `!` after the type/scope.
### Example titles
```
feat(alma): add support for AlmaLinux
```
```
feat(vuln)!: delete the existing CLI flag
```
```
fix(oracle): handle advisories with ksplice versions
```

59
docs/community/maintainer/backporting.md
View File

@@ -1,59 +0,0 @@
# Backporting Process
This document outlines the backporting process for Trivy, including when to create patch releases and how to perform the backporting.
## When to Create Patch Releases
In general, small changes should not be backported and should be included in the next minor release.
However, patch releases should be made in the following cases:
* Fixes for HIGH or CRITICAL vulnerabilities in Trivy itself or Trivy's dependencies
* Fixes for bugs that cause panic during Trivy execution or otherwise interfere with normal usage
In these cases, the fixes should be backported using the procedure [described below](#backporting-procedure).
At the maintainer's discretion, other bug fixes may be included in the patch release containing these hotfixes.
## Versioning
Trivy follows [Semantic Versioning](https://semver.org/), using version numbers in the format MAJOR.MINOR.PATCH.
When creating a patch release, the PATCH part of the version number is incremented.
For example, if a fix is being distributed for v0.50.0, the patch release would be v0.50.1.
## Backporting Procedure
1. A release branch (e.g., `release/v0.50`) is automatically created when a new minor version is released.
1. Create a pull request (PR) against the main branch with the necessary fixes. If the fixes are already merged into the main branch, skip this step.
1. Once the PR with the fixes is merged, comment `@aqua-bot backport <release-branch>` on the PR (e.g., `@aqua-bot backport release/v0.50`). This will trigger the automated backporting process using GitHub Actions.
1. The automated process will create a new PR with the backported changes. Ensure that all tests pass for this PR.
1. Once the tests pass, merge the automatically created PR into the release branch.
1. Merge [a release PR](release-flow.md) on the release branch and release the patch version.
!!! note
Even if a conflict occurs, a PR is created by forceful commit, in which case the conflict should be resolved manually.
If you want to re-run a backport of the same PR, close the existing PR, delete the branch and re-run it.
### Example
To better understand the backporting procedure, let's walk through an example using the releases of v0.50.
```mermaid
gitGraph:
commit id:"Feature 1"
commit id:"v0.50.0 release" tag:"v0.50.0"
branch "release/v0.50"
checkout main
commit id:"Bugfix 1"
checkout "release/v0.50"
cherry-pick id:"Bugfix 1"
checkout main
commit id:"Feature 2"
commit id:"Bugfix 2"
commit id:"Feature 3"
checkout "release/v0.50"
cherry-pick id:"Bugfix 2"
commit id:"v0.50.1 release" tag:"v0.50.1"
```

83
docs/community/maintainer/release-flow.md
View File

@@ -1,83 +0,0 @@
# Release Flow
## Overview
Trivy adopts [conventional commit messages][conventional-commits], and [Release Please][release-please] automatically creates a [release PR](https://github.com/googleapis/release-please?tab=readme-ov-file#whats-a-release-pr) based on the messages of the merged commits.
This release PR is automatically updated every time a new commit is added to the release branch.
If a commit has the prefix `feat:`, a PR is automatically created to increment the minor version, and if a commit has the prefix `fix:`, a PR is created to increment the patch version.
When the PR is merged, GitHub Actions automatically creates a version tag and the release is performed.
For detailed behavior, please refer to [the GitHub Actions configuration][workflows].
!!! note
Commits with prefixes like `chore` or `build` are not considered releasable, and no release PR is created.
To include such commits in a release, you need to either include commits with `feat` or `fix` prefixes or perform a manual release as described [below](#manual-release-pr-creation).
## Flow
The release flow consists of the following main steps:
1. Creating the release PR (automatically or manually)
1. Drafting the release notes in GitHub Discussions
1. Merging the release PR
1. Updating the release notes in GitHub Discussions
1. Navigating to the release notes in GitHub Releases page
### Automatic Release PR Creation
When a releasable commit (a commit with `feat` or `fix` prefix) is merged, a release PR is automatically created.
These Release PRs are kept up-to-date as additional work is merged.
When it's ready to tag a release, simply merge the release PR.
See the [Release Please documentation][release-please] for more information.
The title of the PR will be in the format `release: v${version} [${branch}]` (e.g., `release: v0.51.0 [main]`).
The format of the PR title is important for identifying the release commit, so it should not be changed.
The `release/vX.Y` release branches are also subject to automatic release PR creation for patch releases.
The PR title will be like `release: v0.51.1 [release/v0.51]`.
### Manual Release PR Creation
If you want to release commits like `chore`, a release PR is not automatically created, so you need to manually trigger the creation of a release PR.
The [Release Please workflow](https://github.com/aquasecurity/trivy/actions/workflows/release-please.yaml) supports `workflow_dispatch` and can be triggered manually.
Click "Run workflow" in the top right corner and specify the release branch.
In Trivy, the following branches are the release branches.
- `main`
- `release/vX.Y` (e.g. `release/v0.51`)
Specify the release version (without the `v` prefix) and click "Run workflow" to create a release PR for the specified version.
### Drafting the Release Notes
Next, create release notes for this version.
Draft a new post in GitHub Discussions, and maintainers edit these release notes (e.g., https://github.com/aquasecurity/trivy/discussions/6605).
Currently, the creation of this draft is done manually.
For patch version updates, this step can be skipped since they only involve bug fixes.
### Merging the Release PR
Once the draft of the release notes is complete, merge the release PR.
When the PR is merged, a tag is automatically created, and [GoReleaser][goreleaser] releases binaries, container images, etc.
### Updating the Release Notes
If the release completes without errors, a page for the release notes is created in GitHub Discussions (e.g., https://github.com/aquasecurity/trivy/discussions/6622).
Copy the draft release notes, adjust the formatting, and finalize the release notes.
### Navigating to the Release Notes
To navigate to the release highlights and summary in GitHub Discussions, place a link in the GitHub Releases page as below:
```
## ⚡Release highlights and summary⚡
👉 https://github.com/aquasecurity/trivy/discussions/6838
## Changelog
https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0520-2024-06-03
```
Replace URLs with appropriate ones.
Example: https://github.com/aquasecurity/trivy/releases/tag/v0.52.0
The release is now complete.
[conventional-commits]: https://www.conventionalcommits.org/en/v1.0.0/
[release-please]: https://github.com/googleapis/release-please
[goreleaser]: https://goreleaser.com/
[workflows]: https://github.com/aquasecurity/trivy/tree/main/.github/workflows

2
docs/community/maintainer/triage.md
View File

@@ -188,7 +188,7 @@ We use two labels [help wanted](https://github.com/aquasecurity/trivy/issues?q=i
and [good first issue](https://github.com/aquasecurity/trivy/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
to identify issues that have been specially groomed for new contributors.
We have specific [guidelines](./help-wanted.md)
We have specific [guidelines](/docs/community/maintainer/help-wanted.md)
for how to use these labels. If you see an issue that satisfies these
guidelines, you can add the `help wanted` label and the `good first issue` label.
Please note that adding the `good first issue` label must also

53
docs/community/principles.md
View File

@@ -1,53 +0,0 @@
# Trivy Project Principles
This document outlines the guiding principles and governance framework for the Trivy project.
## Core Principles
Trivy is a security scanner focused on static analysis and designed with simplicity and security at its core.
All new proposals to the project must adhere to the following principles.
### Static Analysis (No Runtime Required)
Trivy operates without requiring container or VM image startups, eliminating the need for Docker or similar runtimes, except for scanning images stored within a container runtime.
This approach enhances security and efficiency by minimizing dependencies.
### External Dependency Free (Single Binary)
Operating as a single binary, Trivy is independent of external environments and avoids executing external OS commands or processes.
If specific functionality, like Maven's, is needed, Trivy opts for internal reimplementations or processing outputs of the tool without direct execution of external tools.
This approach obviously requires more effort but significantly reduces security risks associated with executing OS commands and dependency errors due to external environment versions.
Simplifying the scanner's use by making it operational immediately upon binary download facilitates easier initiation of scans.
### No Setup Required
Trivy must be ready to use immediately after installation.
It's unacceptable for Trivy not to function without setting up a database or writing configuration files by default.
Such setups should only be necessary for users requiring specific customizations.
Security often isn't a top priority for many organizations and can be easily deferred.
Trivy aims to lower the barrier to entry by simplifying the setup process, making it easier for users to start securing their projects.
### Security Focus
Trivy prioritizes the identification of security issues, excluding features unrelated to security, such as performance metrics or content listings of container images.
It can, however, produce and output intermediate representations like SBOMs for comprehensive security assessments.
Trivy serves as a tool with opinions on security, used to warn users about potential issues.
### Detecting Unintended States
Trivy is designed to detect unintended vulnerable states in projects, such as the use of vulnerable versions of dependencies or misconfigurations in Infrastructure as Code (IaC) that may unintentionally expose servers to the internet.
The focus is on identifying developer mistakes or undesirable states, not on detecting intentional attacks, such as malicious images and malware.
## Out of Scope Features
Aqua Security offers a premium version with several features not available in the open-source Trivy project.
While detailed information can be found [here][trivy-aqua], it's beneficial to highlight specific functionalities frequently inquired about:
### Runtime Security
As mentioned in [the Core Principles](#static-analysis-no-runtime-required), Trivy is a static analysis security scanner, making runtime security outside its scope.
Runtime security needs are addressed by [Tracee][tracee] or [the commercial version of Aqua Security]().
### Intentional Attacks
As mentioned in [the Core Principles](#detecting-unintended-states), detection of intentional attacks, such as malware or malicious container images, is not covered by Trivy and is supported in [the commercial version][aqua].
### User Interface
Trivy primarily operates via CLI for displaying results, with a richer UI available in [the commercial version][aqua].
[trivy-aqua]: https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md
[tracee]: https://github.com/aquasecurity/tracee
[aqua]: https://www.aquasec.com/

155
docs/docs/advanced/air-gap.md
View File

@@ -1,77 +1,142 @@
# Connectivity and Network considerations
# Air-Gapped Environment
Trivy requires internet connectivity in order to function normally. If your organizations blocks or restricts network traffic, that could prevent Trivy from working correctly.
This document explains Trivy's network connectivity requirements, and how to configure Trivy to work in restricted networks environments, including completely air-gapped environments.
Trivy can be used in air-gapped environments. Note that an allowlist is [here][allowlist].
The following table lists all external resources that are required by Trivy:
## Air-Gapped Environment for vulnerabilities
External Resource | Feature | Details
--- | --- | ---
Vulnerability Database | Vulnerability scanning | [Trivy DB](../scanner/vulnerability.md)
Java Vulnerability Database | Java vulnerability scanning | [Trivy Java DB](../coverage/language/java.md)
Checks Bundle | Misconfigurations scanning | [Trivy Checks](../scanner/misconfiguration/check/builtin.md)
VEX Hub | VEX Hub | [VEX Hub](../supply-chain/vex/repo/#vex-hub)
Maven Central / Remote Repositories | Java vulnerability scanning | [Java Scanner/Remote Repositories](../coverage/language/java.md#remote-repositories)
### Download the vulnerability database
At first, you need to download the vulnerability database for use in air-gapped environments.
=== "Trivy"
```
TRIVY_TEMP_DIR=$(mktemp -d)
trivy --cache-dir $TRIVY_TEMP_DIR image --download-db-only
tar -cf ./db.tar.gz -C $TRIVY_TEMP_DIR/db metadata.json trivy.db
rm -rf $TRIVY_TEMP_DIR
```
=== "oras >= v0.13.0"
Please follow [oras installation instruction][oras].
Download `db.tar.gz`:
```
$ oras pull ghcr.io/aquasecurity/trivy-db:2
```
=== "oras < v0.13.0"
Please follow [oras installation instruction][oras].
Download `db.tar.gz`:
```
$ oras pull -a ghcr.io/aquasecurity/trivy-db:2
```
### Download the Java index database[^1]
Java users also need to download the Java index database for use in air-gapped environments.
!!! note
Trivy is an open source project that relies on public free infrastructure. In case of extreme load, you may encounter rate limiting when Trivy attempts to connect to external resources.
You container image may contain JAR files even though you don't use Java directly.
In that case, you also need to download the Java index database.
The rest of this document details each resource's connectivity requirements and network related considerations.
=== "Trivy"
## OCI Databases
```
TRIVY_TEMP_DIR=$(mktemp -d)
trivy --cache-dir $TRIVY_TEMP_DIR image --download-java-db-only
tar -cf ./javadb.tar.gz -C $TRIVY_TEMP_DIR/java-db metadata.json trivy-java.db
rm -rf $TRIVY_TEMP_DIR
```
=== "oras >= v0.13.0"
Please follow [oras installation instruction][oras].
Trivy's Vulnerability, Java, and Checks Bundle are packaged as OCI images and stored in public container registries.
Download `javadb.tar.gz`:
### Connectivity requirements
```
$ oras pull ghcr.io/aquasecurity/trivy-java-db:1
```
The specific registries and locations are detailed in the [databases document](../configuration/db.md).
=== "oras < v0.13.0"
Please follow [oras installation instruction][oras].
Communication with OCI Registries follows the [OCI Distribution](https://github.com/opencontainers/distribution-spec) spec.
Download `javadb.tar.gz`:
The following hosts are known to be used by the default container registries:
```
$ oras pull -a ghcr.io/aquasecurity/trivy-java-db:1
```
Registry | Hosts | Additional info
--- | --- | ---
Google Artifact Registry | <ul><li>`mirror.gcr.io`</li><li>`googlecode.l.googleusercontent.com`</li></ul> | [Google's IP addresses](https://support.google.com/a/answer/10026322?hl=en)
GitHub Container Registry | <ul><li>`ghcr.io`</li><li>`pkg-containers.githubusercontent.com`</li></ul> | [GitHub's IP addresses](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses)
### Self-hosting
### Transfer the DB files into the air-gapped environment
The way of transfer depends on the environment.
You can host Trivy's databases in your own container registry. Please refer to [Self-hosting document](./self-hosting.md#oci-databases) for a detailed guide.
=== "Vulnerability db"
```
$ rsync -av -e ssh /path/to/db.tar.gz [user]@[host]:dst
```
## Embedded Checks
=== "Java index db[^1]"
```
$ rsync -av -e ssh /path/to/javadb.tar.gz [user]@[host]:dst
```
Checks Bundle is embedded in the Trivy binary (at build time), and will be used as a fallback if the external database is not available. This means that you can still scan for misconfigurations in an air-gapped environment using the database from the time of the Trivy release you are using.
### Put the DB files in Trivy's cache directory
You have to know where to put the DB files. The following command shows the default cache directory.
## VEX Hub
```
$ ssh user@host
$ trivy -h | grep cache
--cache-dir value cache directory (default: "/home/myuser/.cache/trivy") [$TRIVY_CACHE_DIR]
```
=== "Vulnerability db"
Put the DB file in the cache directory + `/db`.
### Connectivity Requirements
```
$ mkdir -p /home/myuser/.cache/trivy/db
$ cd /home/myuser/.cache/trivy/db
$ tar xvf /path/to/db.tar.gz -C /home/myuser/.cache/trivy/db
x trivy.db
x metadata.json
$ rm /path/to/db.tar.gz
```
VEX Hub is hosted as at <https://github.com/aquasecurity/vexhub>.
=== "Java index db[^1]"
Put the DB file in the cache directory + `/java-db`.
Trivy is fetching VEX Hub GitHub Repository directly using simple HTTPS requests.
```
$ mkdir -p /home/myuser/.cache/trivy/java-db
$ cd /home/myuser/.cache/trivy/java-db
$ tar xvf /path/to/javadb.tar.gz -C /home/myuser/.cache/trivy/java-db
x trivy-java.db
x metadata.json
$ rm /path/to/javadb.tar.gz
```
The following hosts are known to be used by GitHub's services:
- `api.github.com`
- `codeload.github.com`
For more information about GitHub connectivity (including specific IP addresses), please refer to [GitHub's connectivity troubleshooting guide](https://docs.github.com/en/get-started/using-github/troubleshooting-connectivity-problems).
In an air-gapped environment it is your responsibility to update the Trivy databases on a regular basis, so that the scanner can detect recently-identified vulnerabilities.
### Self-hosting
### Run Trivy with the specific flags.
In an air-gapped environment, you have to specify `--skip-db-update` and `--skip-java-db-update`[^1] so that Trivy doesn't attempt to download the latest database files.
In addition, if you want to scan `pom.xml` dependencies, you need to specify `--offline-scan` since Trivy tries to issue API requests for scanning Java applications by default.
You can host a copy of VEX Hub on your own internal server. Please refer to the [self-hosting document](./self-hosting.md#vex-hub) for a detailed guide.
```
$ trivy image --skip-db-update --skip-java-db-update --offline-scan alpine:3.12
```
## Maven Central / Remote Repositories
## Air-Gapped Environment for misconfigurations
Trivy might call out to Maven central or other remote repositories to fetch in order to correctly identify Java packages during a vulnerability scan.
No special measures are required to detect misconfigurations in an air-gapped environment.
### Connectivity requirements
### Run Trivy with `--skip-policy-update` option
In an air-gapped environment, specify `--skip-policy-update` so that Trivy doesn't attempt to download the latest misconfiguration policies.
Trivy might attempt to connect (over HTTPS) to the following URLs:
```
$ trivy conf --skip-policy-update /path/to/conf
```
- `https://repo.maven.apache.org/maven2`
[allowlist]: ../references/troubleshooting.md
[oras]: https://oras.land/cli/
### Offline mode
There's no way to leverage Maven Central in a network-restricted environment, but you can prevent Trivy from trying to connect to it by using the `--offline-scan` flag.
[^1]: This is only required to scan `jar` files. More information about `Java index db` [here](../scanner/vulnerability/language/java.md)

2
docs/docs/advanced/modules.md
View File

@@ -328,7 +328,7 @@ Put the built binary to the module directory that is under the home directory by
```bash
$ mkdir -p ~/.trivy/modules
$ cp wordpress.wasm ~/.trivy/modules
$ cp spring4shell.wasm ~/.trivy/modules
```
## Distribute Your Module

193
docs/docs/advanced/plugins.md Normal file
View File

@@ -0,0 +1,193 @@
# Plugins
Trivy provides a plugin feature to allow others to extend the Trivy CLI without the need to change the Trivycode base.
This plugin system was inspired by the plugin system used in [kubectl][kubectl], [Helm][helm], and [Conftest][conftest].
## Overview
Trivy plugins are add-on tools that integrate seamlessly with Trivy.
They provide a way to extend the core feature set of Trivy, but without requiring every new feature to be written in Go and added to the core tool.
- They can be added and removed from a Trivy installation without impacting the core Trivy tool.
- They can be written in any programming language.
- They integrate with Trivy, and will show up in Trivy help and subcommands.
!!! warning
Trivy plugins available in public are not audited for security.
You should install and run third-party plugins at your own risk, since they are arbitrary programs running on your machine.
## Installing a Plugin
A plugin can be installed using the `trivy plugin install` command.
This command takes a url and will download the plugin and install it in the plugin cache.
Trivy adheres to the XDG specification, so the location depends on whether XDG_DATA_HOME is set.
Trivy will now search XDG_DATA_HOME for the location of the Trivy plugins cache.
The preference order is as follows:
- XDG_DATA_HOME if set and .trivy/plugins exists within the XDG_DATA_HOME dir
- ~/.trivy/plugins
Under the hood Trivy leverages [go-getter][go-getter] to download plugins.
This means the following protocols are supported for downloading plugins:
- OCI Registries
- Local Files
- Git
- HTTP/HTTPS
- Mercurial
- Amazon S3
- Google Cloud Storage
For example, to download the Kubernetes Trivy plugin you can execute the following command:
```bash
$ trivy plugin install github.com/aquasecurity/trivy-plugin-kubectl
```
Also, Trivy plugin can be installed from a local archive:
```bash
$ trivy plugin install myplugin.tar.gz
```
## Using Plugins
Once the plugin is installed, Trivy will load all available plugins in the cache on the start of the next Trivy execution.
A plugin will be made in the Trivy CLI based on the plugin name.
To display all plugins, you can list them by `trivy --help`
```bash
$ trivy --help
NAME:
trivy - A simple and comprehensive vulnerability scanner for containers
USAGE:
trivy [global options] command [command options] target
VERSION:
dev
COMMANDS:
image, i scan an image
filesystem, fs scan local filesystem
repository, repo scan remote repository
client, c client mode
server, s server mode
plugin, p manage plugins
kubectl scan kubectl resources
help, h Shows a list of commands or help for one command
```
As shown above, `kubectl` subcommand exists in the `COMMANDS` section.
To call the kubectl plugin and scan existing Kubernetes deployments, you can execute the following command:
```
$ trivy kubectl deployment <deployment-id> -- --ignore-unfixed --severity CRITICAL
```
Internally the kubectl plugin calls the kubectl binary to fetch information about that deployment and passes the using images to Trivy.
You can see the detail [here][trivy-plugin-kubectl].
If you want to omit even the subcommand, you can use `TRIVY_RUN_AS_PLUGIN` environment variable.
```bash
$ TRIVY_RUN_AS_PLUGIN=kubectl trivy job your-job -- --format json
```
## Installing and Running Plugins on the fly
`trivy plugin run` installs a plugin and runs it on the fly.
If the plugin is already present in the cache, the installation is skipped.
```bash
trivy plugin run github.com/aquasecurity/trivy-plugin-kubectl pod your-pod -- --exit-code 1
```
## Uninstalling Plugins
Specify a plugin name with `trivy plugin uninstall` command.
```bash
$ trivy plugin uninstall kubectl
```
## Building Plugins
Each plugin has a top-level directory, and then a plugin.yaml file.
```bash
your-plugin/
|
|- plugin.yaml
|- your-plugin.sh
```
In the example above, the plugin is contained inside of a directory named `your-plugin`.
It has two files: plugin.yaml (required) and an executable script, your-plugin.sh (optional).
The core of a plugin is a simple YAML file named plugin.yaml.
Here is an example YAML of trivy-plugin-kubectl plugin that adds support for Kubernetes scanning.
```yaml
name: "kubectl"
repository: github.com/aquasecurity/trivy-plugin-kubectl
version: "0.1.0"
usage: scan kubectl resources
description: |-
A Trivy plugin that scans the images of a kubernetes resource.
Usage: trivy kubectl TYPE[.VERSION][.GROUP] NAME
platforms:
- selector: # optional
os: darwin
arch: amd64
uri: ./trivy-kubectl # where the execution file is (local file, http, git, etc.)
bin: ./trivy-kubectl # path to the execution file
- selector: # optional
os: linux
arch: amd64
uri: https://github.com/aquasecurity/trivy-plugin-kubectl/releases/download/v0.1.0/trivy-kubectl.tar.gz
bin: ./trivy-kubectl
```
The `plugin.yaml` field should contain the following information:
- name: The name of the plugin. This also determines how the plugin will be made available in the Trivy CLI. For example, if the plugin is named kubectl, you can call the plugin with `trivy kubectl`. (required)
- version: The version of the plugin. (required)
- usage: A short usage description. (required)
- description: A long description of the plugin. This is where you could provide a helpful documentation of your plugin. (required)
- platforms: (required)
- selector: The OS/Architecture specific variations of a execution file. (optional)
- os: OS information based on GOOS (linux, darwin, etc.) (optional)
- arch: The architecture information based on GOARCH (amd64, arm64, etc.) (optional)
- uri: Where the executable file is. Relative path from the root directory of the plugin or remote URL such as HTTP and S3. (required)
- bin: Which file to call when the plugin is executed. Relative path from the root directory of the plugin. (required)
The following rules will apply in deciding which platform to select:
- If both `os` and `arch` under `selector` match the current platform, search will stop and the platform will be used.
- If `selector` is not present, the platform will be used.
- If `os` matches and there is no more specific `arch` match, the platform will be used.
- If no `platform` match is found, Trivy will exit with an error.
After determining platform, Trivy will download the execution file from `uri` and store it in the plugin cache.
When the plugin is called via Trivy CLI, `bin` command will be executed.
The plugin is responsible for handling flags and arguments. Any arguments are passed to the plugin from the `trivy` command.
A plugin should be archived `*.tar.gz`.
```bash
$ tar -czvf myplugin.tar.gz plugin.yaml script.py
plugin.yaml
script.py
$ trivy plugin install myplugin.tar.gz
2023-03-03T19:04:42.026+0600 INFO Installing the plugin from myplugin.tar.gz...
2023-03-03T19:04:42.026+0600 INFO Loading the plugin metadata...
$ trivy myplugin
Hello from Trivy demo plugin!
```
## Example
https://github.com/aquasecurity/trivy-plugin-kubectl
[kubectl]: https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/
[helm]: https://helm.sh/docs/topics/plugins/
[conftest]: https://www.conftest.dev/plugins/
[go-getter]: https://github.com/hashicorp/go-getter
[trivy-plugin-kubectl]: https://github.com/aquasecurity/trivy-plugin-kubectl

10
docs/docs/advanced/private-registries/acr.md
View File

@@ -12,9 +12,9 @@ export SP_DATA=$(az ad sp create-for-rbac --name TrivyTest --role AcrPull --scop
# Usage
```bash
# must set TRIVY_USERNAME empty char
export AZURE_CLIENT_ID=$(echo $SP_DATA | jq -r '.appId')
export AZURE_CLIENT_SECRET=$(echo $SP_DATA | jq -r '.password')
export AZURE_TENANT_ID=$(echo $SP_DATA | jq -r '.tenant')
export AZURE_CLIENT_ID$(echo $SP_DATA | jq -r .appId)
export AZURE_CLIENT_SECRET$(echo $SP_DATA | jq -r .password)
export AZURE_TENANT_ID$(echo $SP_DATA | jq -r .tenant)
```
# Testing
@@ -22,6 +22,6 @@ You can test credentials in the following manner.
```bash
docker run -it --rm -v /tmp:/tmp\
-e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_TENANT_ID \
aquasec/trivy image your_special_project.azurecr.io/your_special_image:your_special_tag
-e AZURE_CLIENT_ID=${AZURE_CLIENT_ID} -e AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET} \
-e AZURE_TENANT_ID=${AZURE_TENANT_ID} aquasec/trivy image your_special_project.azurecr.io/your_special_image:your_special_tag
```

34
docs/docs/advanced/private-registries/index.md
View File

@@ -1,30 +1,13 @@
Trivy can download images from a private registry without the need for installing Docker or any other 3rd party tools.
This makes it easy to run within a CI process.
## Login
You can log in to a private registry using the `trivy registry login` command.
It uses the Docker configuration file (`~/.docker/config.json`) to store the credentials under the hood, and the configuration file path can be configured by `DOCKER_CONFIG` environment variable.
```shell
$ cat ~/my_password.txt | trivy registry login --username foo --password-stdin ghcr.io
$ trivy image ghcr.io/your/private_image
```
## Passing Credentials
You can also provide your credentials when scanning.
## Credential
To use Trivy with private images, simply install it and provide your credentials:
```shell
$ TRIVY_USERNAME=YOUR_USERNAME TRIVY_PASSWORD=YOUR_PASSWORD trivy image YOUR_PRIVATE_IMAGE
```
!!! warning
When passing credentials via environment variables or CLI flags, Trivy will attempt to use these credentials for all registries encountered during scanning, regardless of the target registry.
This can potentially lead to unintended credential exposure.
To mitigate this risk:
1. Set credentials cautiously and only when necessary.
2. Prefer using `trivy registry login` to pre-configure credentials with specific registries, which ensures credentials are only sent to appropriate registries.
Trivy also supports providing credentials through CLI flags:
```shell
@@ -34,7 +17,6 @@ $ TRIVY_PASSWORD=YOUR_PASSWORD trivy image --username YOUR_USERNAME YOUR_PRIVATE
!!! warning
The CLI flag `--password` is available, but its use is not recommended for security reasons.
You can also store your credentials in `trivy.yaml`.
For more information, please refer to [the documentation](../../references/configuration/config-file.md).
@@ -53,5 +35,15 @@ In the example above, Trivy attempts to use two pairs of credentials:
Please note that the number of usernames and passwords must be the same.
## docker login
If you have Docker configured locally and have set up the credentials, Trivy can access them.
```shell
$ docker login ghcr.io
Username:
Password:
$ trivy image ghcr.io/your/private_image
```
!!! note
`--password-stdin` doesn't support comma-separated passwords.
`docker login` can be used with any container runtime, such as Podman.

132
docs/docs/advanced/self-hosting.md
View File

@@ -1,132 +0,0 @@
# Self-Hosting Trivy's Databases
This document explains how to host Trivy's [external dependencies](./air-gap.md) in your own infrastructure to prevent external network access. If you haven't already, please familiarize yourself with the [Databases document](../configuration/db.md) that explains about the different databases used by Trivy and the different configuration options that control them. This guide assumes you are already familiar with the concepts explained there.
## OCI databases
The following [Trivy Databases](../configuration/db.md) are packaged as OCI images:
- `trivy-db`
- `trivy-java-db`
- `trivy-checks`
To host these databases in your own infrastructure:
### Make a local copy
Use any container registry manipulation tool (e.g , [crane](https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md, [ORAS](https://oras.land), [regclient](https://github.com/regclient/regclient/tree/main)) to copy the images to your destination registry.
!!! note
You will need to keep the databases updated in order to maintain relevant scanning results over time.
### Configure Trivy
Use the appropriate [database location flags](../configuration/db.md#database-locations) to change the db-repository location:
- `--db-repository`
- `--java-db-repository`
- `--checks-bundle-repository`
### Authentication
If the registry requires authentication, you can configure it as described in the [private registry authentication document](../advanced/private-registries/index.md).
### OCI Media Types
When serving, proxying, or manipulating Trivy's databases, note that the media type of the OCI layer is not a standard container image type:
DB | Media Type | Reference
--- | --- | ---
`trivy-db` | `application/vnd.aquasec.trivy.db.layer.v1.tar+gzip` | <https://github.com/aquasecurity/trivy-db/pkgs/container/trivy-db>
`trivy-java-db` | `application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip` | https://github.com/aquasecurity/trivy-java-db/pkgs/container/trivy-java-db
`trivy-checks` | `application/vnd.oci.image.manifest.v1+json` | https://github.com/aquasecurity/trivy-checks/pkgs/container/trivy-checks
## Manual cache population
Trivy uses a local cache directory to store the database files, as described in the [cache](../configuration/cache.md) document.
You can download the databases files and surgically populate the Trivy cache directory with them.
### Downloading the DB files
On a machine with internet access, pull the database container archive from the public registry into your local workspace:
Note that these examples operate in the current working directory.
=== "Using ORAS"
This example uses [ORAS](https://oras.land), but you can use any other container registry manipulation tool.
```shell
oras pull ghcr.io/aquasecurity/trivy-db:2
```
You should now have a file called `db.tar.gz`. Next, extract it to reveal the db files:
```shell
tar -xzf db.tar.gz
```
=== "Using Trivy"
This example uses Trivy to pull the database container archive. The `--cache-dir` flag makes Trivy download the database files into our current working directory. The `--download-db-only` flag tells Trivy to only download the database files, not to scan any images.
```shell
trivy image --cache-dir . --download-db-only
```
You should now have 2 new files, `metadata.json` and `trivy.db`. These are the Trivy DB files, copy them over to the air-gapped environment.
### Populating the Trivy Cache
In order to populate the cache, you need to identify the location of the cache directory. If it is under the default location, you can run the following command to find it:
```shell
trivy -h | grep cache
```
For the example, we will assume the `TRIVY_CACHE_DIR` variable holds the cache location:
```shell
TRIVY_CACHE_DIR=/home/user/.cache/trivy
```
Put the Trivy DB files in the Trivy cache directory under a `db` subdirectory:
```shell
# ensure cache db directory exists
mkdir -p ${TRIVY_CACHE_DIR}/db
# copy the db files
cp /path/to/trivy.db /path/to/metadata.json ${TRIVY_CACHE_DIR}/db/
```
### Java DB adaptations
For Java DB the process is the same, except for the following:
1. Image location is `ghcr.io/aquasecurity/trivy-java-db:1`
2. Archive file name is `javadb.tar.gz`
3. DB file name is `trivy-java.db`
## VEX Hub
### Make a local copy
To make a copy of VEX Hub in a location that is accessible to Trivy.
1. Download the [VEX Hub](https://github.com/aquasecurity/vexhub) archive from: <https://github.com/aquasecurity/vexhub/archive/refs/heads/main.zip>.
1. Download the [VEX Hub Repository Manifest](https://github.com/aquasecurity/vex-repo-spec#2-repository-manifest) file from: <https://github.com/aquasecurity/vexhub/blob/main/vex-repository.json>.
1. Create or identify an internal HTTP server that can serve the VEX Hub repository in your environment (e.g `https://server.local`).
1. Make the downloaded archive file available for serving from your server (e.g `https://server.local/main.zip`).
1. Modify the downloaded manifest file's [Location URL](https://github.com/aquasecurity/vex-repo-spec?tab=readme-ov-file#locations-subfields) field to the URL of the archive file on your server (e.g `url: https://server.local/main.zip`).
1. Make the manifest file available for serving from your server under the `/.well-known` path (e.g `https://server.local/.well-known/vex-repository.json`).
### Configure Trivy
To configure Trivy to use the local VEX Repository:
1. Locate your [Trivy VEX configuration file](../supply-chain/vex/repo/#configuration-file) by running `trivy vex repo init`. Make the following changes to the file.
1. Disable the default VEX Hub repo (`enabled: false`)
1. Add your internal VEX Hub repository as a [custom repository](../supply-chain/vex/repo/#custom-repositories) with the URL pointing to your local server (e.g `url: https://server.local`).
### Authentication
If your server requires authentication, you can configure it as described in the [VEX Repository Authentication document](../supply-chain/vex/repo/#authentication).

225
docs/docs/compliance/compliance.md
View File

@@ -1,4 +1,4 @@
# Built-in Compliance Reports
# Compliance Reports
!!! warning "EXPERIMENTAL"
This feature might change without preserving backwards compatibility.
@@ -10,6 +10,7 @@ Trivys compliance flag lets you curate a specific set of checks into a report
Compliance report is currently supported in the following targets (trivy sub-commands):
- `trivy image`
- `trivy aws`
- `trivy k8s`
Add the `--compliance` flag to the command line, and set it's value to desired report.
@@ -37,228 +38,6 @@ For the list of built-in compliance reports, please see the relevant section:
- [Kubernetes compliance](../target/kubernetes.md#compliance)
- [AWS compliance](../target/aws.md#compliance)
## Contribute a Built-in Compliance Report
### Define a Compliance spec, based on CIS benchmark or other specs
Here is an example for CIS compliance report:
```yaml
---
spec:
id: k8s-cis-1.23
title: CIS Kubernetes Benchmarks v1.23
description: CIS Kubernetes Benchmarks
platform: k8s
type: cis
version: '1.23'
relatedResources:
- https://www.cisecurity.org/benchmark/kubernetes
controls:
- id: 1.1.1
name: Ensure that the API server pod specification file permissions are set to
600 or more restrictive
description: Ensure that the API server pod specification file has permissions
of 600 or more restrictive
checks:
- id: AVD-KCV-0073
commands:
- id: CMD-0001
severity: HIGH
```
### Compliance ID
ID field is the name used to execute the compliance scan via trivy
example:
```sh
trivy k8s --compliance k8s-cis-1.23
```
ID naming convention: {platform}-{type}-{version}
### Compliance Platform
The platform field specifies the type of platform on which to run this compliance report.
Supported platforms:
- k8s (native kubernetes cluster)
- eks (elastic kubernetes service)
- aks (azure kubernetes service)
- gke (google kubernetes engine)
- rke2 (rancher kubernetes engine v2)
- ocp (OpenShift Container Platform)
- docker (docker engine)
- aws (amazon web services)
### Compliance Type
The type field specifies the kind compliance report.
- cis (Center for Internet Security)
- nsa (National Security Agency)
- pss (Pod Security Standards)
### Compliance Version
The version field specifies the version of the compliance report.
- 1.23
### Compliance Check ID
Specify the check ID that needs to be evaluated based on the information collected from the command data output to assess the control.
Example of how to define check data under [checks folder](https://github.com/aquasecurity/trivy-checks/tree/main/checks):
```sh
# METADATA
# title: "Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive"
# description: "Ensure that the kubelet.conf file has permissions of 600 or more restrictive."
# scope: package
# schemas:
# - input: schema["kubernetes"]
# related_resources:
# - https://www.cisecurity.org/benchmark/kubernetes
# custom:
# id: KCV0073
# avd_id: AVD-KCV-0073
# severity: HIGH
# short_code: ensure-kubelet.conf-file-permissions-600-or-more-restrictive.
# recommended_action: "Change the kubelet.conf file permissions to 600 or more restrictive if exist"
# input:
# selector:
# - type: kubernetes
package builtin.kubernetes.KCV0073
import data.lib.kubernetes
types := ["master", "worker"]
validate_kubelet_file_permission(sp) := {"kubeletConfFilePermissions": violation} {
sp.kind == "NodeInfo"
sp.type == types[_]
violation := {permission | permission = sp.info.kubeletConfFilePermissions.values[_]; permission > 600}
count(violation) > 0
}
deny[res] {
output := validate_kubelet_file_permission(input)
msg := "Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive"
res := result.new(msg, output)
}
```
### Compliance Command ID
***Note:*** This field is not mandatory, it is relevant to k8s compliance report when node-collector is in use
Specify the command ID (#ref) that needs to be executed to collect the information required to evaluate the control.
Example of how to define command data under [commands folder](https://github.com/aquasecurity/trivy-checks/tree/main/commands)
```yaml
---
- id: CMD-0001
key: kubeletConfFilePermissions
title: kubelet.conf file permissions
nodeType: worker
audit: stat -c %a $kubelet.kubeconfig
platfroms:
- k8s
- aks
```
#### Command ID
Find the next command ID by running the command on [trivy-checks project](https://github.com/aquasecurity/trivy-checks).
```sh
make command-id
```
#### Command Key
- Re-use an existing key or specifiy a new one (make sure key name has no spaces)
Note: The key value should match the key name evaluated by the Rego check.
### Command Title
Represent the purpose of the command
### Command NodeType
Specify the node type on which the command is supposed to run.
- worker
- master
### Command Audit
Specify here the shell command to be used please make sure to add error supression (2>/dev/null)
### Command Platforms
The list of platforms that support this command. Name should be taken from this list [Platforms](#compliance-platform)
### Command Config Files
The commands use a configuration file that helps obtain the paths to binaries and configuration files based on different platforms (e.g., Rancher, native Kubernetes, etc.).
For example:
```yaml
kubelet:
bins:
- kubelet
- hyperkube kubelet
confs:
- /etc/kubernetes/kubelet-config.yaml
- /var/lib/kubelet/config.yaml
```
### Commands Files Location
Currently checks files location are :`https://github.com/aquasecurity/trivy-checks/tree/main/checks`
Command files location: `https://github.com/aquasecurity/trivy-checks/tree/main/commands`
under command file
Note: command config files will be located under `https://github.com/aquasecurity/trivy-checks/tree/main/commands` as well
### Node-collector output
The node collector will read commands and execute each command, and incorporate the output into the NodeInfo resource.
example:
```json
{
"apiVersion": "v1",
"kind": "NodeInfo",
"metadata": {
"creationTimestamp": "2023-01-04T11:37:11+02:00"
},
"type": "master",
"info": {
"adminConfFileOwnership": {
"values": [
"root:root"
]
},
"adminConfFilePermissions": {
"values": [
600
]
}
...
}
}
```
## Custom compliance
You can create your own custom compliance report. A compliance report is a simple YAML document in the following format:

101
docs/docs/compliance/contrib-compliance.md
View File

@@ -1,101 +0,0 @@
# Custom Compliance Spec
Trivy supports several different compliance specs. The details on compliance scanning with Trivy are provided in the [compliance documentation](../../docs/compliance/compliance.md).
All of the Compliance Specs currently available in Trivy can be found in the `trivy-checks/pkg/specs/compliance/` directory ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/pkg/specs/compliance)).
New checks are based on the custom compliance report detailed in the [main documentation.](./compliance.md#custom-compliance)
If you would like to create your custom compliance report, please reference the information in the main documentation. This section details how community members can contribute new Compliance Specs to Trivy.
All compliance specs in Trivy are based on formal compliance reports such as CIS Benchmarks.
## Contributing new Compliance Specs
Compliance specs can be based on new compliance reports becoming available e.g. a new CIS Benchmark version, or identifying missing compliance specs that Trivy users would like to access.
### Create a new Compliance Spec
The existing compliance specs in Trivy are located under the `trivy-checks/pkg/specs/compliance/` directory ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/pkg/specs/compliance)).
Create a new file under `trivy-checks/specs/compliance/` and name the file in the format of "provider-resource-spectype-version.yaml". For example, the file name for AWS CIS Benchmarks for EKS version 1.4 is: `aws-eks-cis-1.4.yaml`. Note that if the compliance spec is not specific to a provider, the `provider` field can be ignored.
### Minimum spec structure
The structure of the compliance spec is detailed in the [main documentation](./compliance.md#custom-compliance).
The first section in the spec is focused on the metadata of the spec. Replace all the fields of the metadata with the information relevant to the compliance spec that will be added. This information can be taken from the official report e.g. the CIS Benchmark report.
### Populating the `control` section
Compliance specs detail a set of checks that should pass so that the resource is compliant with the official benchmark specifications. There are two ways in which Trivy compliance checks can enforce the compliance specification:
1. The check is available in Trivy, as part of the `trivy-checks` and can be referenced in the Compliance Spec
2. The check is not available in Trivy and a manual check has to be added to the Compliance Spec
Additional information is provided below.
#### 1. Referencing a check that is already part of Trivy
Trivy has a comprehensive list of checks as part of its misconfiguration scanning. These can be found in the `trivy-checks/checks` directory ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/checks)). If the check is present, the `AVD_ID` and other information from the check has to be used.
Note: Take a look at the more generic compliance specs that are already available in Trivy. If you are adding new compliance spec to Kubernetes e.g. AWS EKS CIS Benchmarks, chances are high that the check you would like to add to the new spec has already been defined in the general `k8s-ci-v.000.yaml` compliance spec. The same applies for creating specific Cloud Provider Compliance Specs and the [generic compliance specs](https://github.com/aquasecurity/trivy-checks/tree/main/pkg/specs/compliance) available.
For example, the following check is detailed in the AWS EKS CIS v1.4 Benchmark:
`3.1.2 Ensure that the kubelet kubeconfig file ownership is set to root:root (Manual)`
This check can be found in the general K8s CIS Compliance Benchmark: `k8s-cis-1.23.yaml` ([Link](https://github.com/aquasecurity/trivy-checks/blob/31e779916f3863dd74a28cee869ea24fdc4ca8c2/specs/compliance/k8s-cis-1.23.yaml#L480))
Thus, we can use the information already present:
```
- id: 3.1.2
name: Ensure that the kubelet service file ownership is set to root:root (Manual)
description: Ensure that the kubelet service file ownership is set to root:root
checks:
- id: AVD-KCV-0070
severity: HIGH
```
- The `ID`, `name`, and `description` is taken directly from the AWS EKS CIS Benchmarks
- The `check` and `severity` are taken from the existing complaince check in the `k8s-cis-1.23.yaml`
#### 2. Referencing a check manually that is not part of the Trivy default checks
If the check does not already exist in the [Aqua Vulnerability Database](https://avd.aquasec.com/) (AVD) and is not part of the trivy-checks, the fields in the compliance spec for the check have to be populated manually. This is done by referencing the information in the official compliance specification.
Below is the beginning of the information of the EKS CIS Benchmarks v1.4.0:
![EKS Benchmarks 2.1.1](../../imgs/eks-benchmarks.png)
The corresponding check in the `control` section will look like this:
```
- id: 2.1.1
name: Enable audit Logs (Manual)
description: |
Control plane logs provide visibility into operation of the EKS Control plane components systems.
The API server audit logs record all accepted and rejected requests in the cluster.
When enabled via EKS configuration the control plane logs for a cluster are exported to a CloudWatch
Log Group for persistence.
checks: null
severity: MEDIUM
```
- Again, the `id`, `name` and `description` are taken directly from the EKS CIS Benchmarks v1.4.0
- The `checks` is in this case `null` as the check is not currently present in the AVD and does not have a check in the [trivy policies](https://github.com/aquasecurity/trivy-checks/tree/main/checks) repository
- Since the check does not exist in Trivy, the `severity` will be `MEDIUM`. However, in some cases, the compliance report e.g. the CIS Benchmark report will specify the severity
#### Contributing new checks to trivy-checks
All of the checks in trivy-policies can be referenced in the compliance specs.
To write new Rego checks for Trivy, please take a look at the contributing documentation for checks.
### Test the Compliance Spec
To test the compliance check, pass the new path into the Trivy scan through the `--compliance` flag. For instance, to pass the check to the Trivy Kubernetes scan use the following command structure:
```
trivy k8s cluster --compliance @</path/to/compliance.yaml> --report summary
```
Note: The `@` is required before the filepath.

Some files were not shown because too many files have changed in this diff Show More