gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-08 13:50:49 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:v0.64.0
Branches Tags
gitea-mirror:main gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/common-56595ea561 gitea-mirror:dependabot/go_modules/docker-fd300ea992 gitea-mirror:release-please--branches--main gitea-mirror:gh-pages gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1
..
compare: gitea-mirror:v0.0.1
Branches Tags
gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/common-56595ea561 gitea-mirror:dependabot/go_modules/docker-fd300ea992 gitea-mirror:main gitea-mirror:release-please--branches--main gitea-mirror:gh-pages gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1

1 Commits
v0.64.0 ... v0.0.1

Author SHA1 Message Date
knqyf263
3b8aedad58 Update README 2019-05-07 15:48:22 +09:00
3421 changed files with 3969 additions and 563951 deletions
Expand all files Collapse all files

42
.circleci/config.yml Normal file
View File

@@ -0,0 +1,42 @@
defaults: &defaults
docker :
- image: knqyf263/ci-trivy:latest
environment:
CGO_ENABLED: "1"
jobs:
release:
<<: *defaults
steps:
- checkout
- run:
name: Release
command: goreleaser --rm-dist
- run:
name: Clone trivy repository
command: git clone git@github.com:knqyf263/trivy-repo.git
- run:
name: Setup git settings
command: |
git config --global user.email "knqyf263@gmail.com"
git config --global user.name "Teppei Fukuda"
- run:
name: Create rpm repository
command: ci/deploy-rpm.sh
- run:
name: Import GPG key
command: echo -e "$GPG_KEY" | gpg --import
- run:
name: Create deb repository
command: ci/deploy-deb.sh
workflows:
version: 2
release:
jobs:
- release:
filters:
branches:
ignore: /.*/
tags:
only: /.*/

5
.clang-format
View File

@@ -1,5 +0,0 @@
---
Language: Proto
BasedOnStyle: Google
AlignConsecutiveAssignments: true
AlignConsecutiveDeclarations: true

6
.dockerignore
View File

@@ -1,6 +0,0 @@
.git
.github
.cache
.circleci
integration
imgs

1
.gitattributes vendored
View File

@@ -1 +0,0 @@
* text=auto eol=lf

22
.github/CODEOWNERS vendored
View File

@@ -1,22 +0,0 @@
# Global
* @knqyf263
# SBOM/Vulnerability scanning
pkg/dependency/ @knqyf263 @DmitriyLewen
pkg/fanal/ @knqyf263 @DmitriyLewen
pkg/sbom/ @knqyf263 @DmitriyLewen
pkg/scanner/ @knqyf263 @DmitriyLewen
# Misconfiguration scanning
docs/docs/scanner/misconfiguration/ @simar7 @nikpivkin
docs/docs/target/aws.md @simar7 @nikpivkin
pkg/fanal/analyzer/config/ @simar7 @nikpivkin
pkg/cloud/ @simar7 @nikpivkin
pkg/iac/ @simar7 @nikpivkin
# Helm chart
helm/trivy/ @afdesk @simar7
# Kubernetes scanning
pkg/k8s/ @afdesk @simar7
docs/docs/target/kubernetes.md @afdesk @simar7

47
.github/DISCUSSION_TEMPLATE/adopters.yml vendored
View File

@@ -1,47 +0,0 @@
title: "<company name>"
labels: ["adopters"]
body:
- type: textarea
id: info
attributes:
label: "[Optional] How do you use Trivy?"
validations:
required: false
- type: textarea
id: info
attributes:
label: "[Optional] Can you provide us with a quote on your favourite part of Trivy? This may be used on the trivy.dev website, posted on Twitter (@AquaTrivy) or similar marketing material."
validations:
required: false
- type: checkboxes
attributes:
label: "[Optional] Which targets are you scanning with Trivy?"
options:
- label: "Container Image"
- label: "Filesystem"
- label: "Git Repository"
- label: "Virtual Machine Image"
- label: "Kubernetes"
- label: "AWS"
- label: "SBOM"
validations:
required: false
- type: checkboxes
attributes:
label: "[Optional] What kind of issues are scanning with Trivy?"
options:
- label: "Software Bill of Materials (SBOM)"
- label: "Known vulnerabilities (CVEs)"
- label: "IaC issues and misconfigurations"
- label: "Sensitive information and secrets"
- label: "Software licenses"
- type: markdown
attributes:
value: |
## Get in touch
We are always looking for
* User feedback
* Collaboration with other companies and organisations
* Or just to have a chat with you about trivy.
If any of this interests you or your marketing team, please reach out at: oss@aquasec.com
We would love to hear from you!

124
.github/DISCUSSION_TEMPLATE/bugs.yml vendored
View File

@@ -1,124 +0,0 @@
labels: ["kind/bug"]
body:
- type: markdown
attributes:
value: |
#### Note
Feel free to raise a bug report if something doesn't work as expected.
Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
If you see any false positives or false negatives, please file a ticket [here](https://github.com/aquasecurity/trivy/discussions/new?category=false-detection).
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
- type: textarea
attributes:
label: Description
description: Briefly describe the problem you are having in a few paragraphs.
validations:
required: true
- type: textarea
attributes:
label: Desired Behavior
description: What did you expect to happen?
validations:
required: true
- type: textarea
attributes:
label: Actual Behavior
description: What happened instead?
validations:
required: true
- type: textarea
attributes:
label: Reproduction Steps
description: How do you trigger this bug? Please walk us through it step by step.
value: |
1.
2.
3.
...
render: bash
validations:
required: true
- type: dropdown
attributes:
label: Target
description: Which target are you scanning? It is equal to which subcommand you are using.
options:
- Container Image
- Filesystem
- Git Repository
- Virtual Machine Image
- Kubernetes
- AWS
- SBOM
validations:
required: false
- type: dropdown
attributes:
label: Scanner
description: Which scanner are you using?
options:
- Vulnerability
- Misconfiguration
- Secret
- License
validations:
required: false
- type: dropdown
attributes:
label: Output Format
description: Which output format are you using?
options:
- Table
- JSON
- Template
- SARIF
- CycloneDX
- SPDX
validations:
required: false
- type: dropdown
attributes:
label: Mode
description: Which mode are you using? Specify "Standalone" if you are not using `trivy server`.
options:
- Standalone
- Client/Server
validations:
required: false
- type: textarea
attributes:
label: Debug Output
description: Output of run with `--debug`
placeholder: "$ trivy <target> <subject> --debug"
render: bash
validations:
required: true
- type: input
attributes:
label: Operating System
description: On what operating system are you running Trivy?
placeholder: "e.g. macOS Big Sur"
validations:
required: true
- type: textarea
attributes:
label: Version
description: Output of `trivy --version`
placeholder: "$ trivy --version"
render: bash
validations:
required: true
- type: checkboxes
attributes:
label: Checklist
description: Have you tried the following?
options:
- label: Run `trivy clean --all`
- label: Read [the troubleshooting](https://trivy.dev/latest/docs/references/troubleshooting/)
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters).

28
.github/DISCUSSION_TEMPLATE/documentation.yml vendored
View File

@@ -1,28 +0,0 @@
labels: ["kind/documentation"]
body:
- type: markdown
attributes:
value: |
#### Note
Feel free to create a docs report if something doesn't work as expected or is unclear in the documentation.
Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
- type: textarea
attributes:
label: Description
description: Briefly describe the what has been unclear in the existing documentation
validations:
required: true
- type: textarea
attributes:
label: Link
description: Please provide a link to the current documentation or where you thought to find the information you were looking for
validations:
required: false
- type: textarea
attributes:
label: Suggestions
description: What would you like to have added or changed in the documentation?
validations:
required: true

96
.github/DISCUSSION_TEMPLATE/false-detection.yml vendored
View File

@@ -1,96 +0,0 @@
body:
- type: markdown
attributes:
value: |
#### Note
Feel free to raise a bug report if something doesn't work as expected.
Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
- type: input
attributes:
label: IDs
description: List the IDs of vulnerabilities, misconfigurations, secrets, or licenses that are either not detected or mistakenly detected.
placeholder: "e.g. CVE-2021-44228, CVE-2022-22965"
validations:
required: true
- type: textarea
attributes:
label: Description
description: Describe the false detection.
validations:
required: true
- type: textarea
attributes:
label: Reproduction Steps
description: How do you trigger this bug? Please walk us through it step by step.
value: |
1.
2.
3.
...
render: bash
validations:
required: true
- type: dropdown
attributes:
label: Target
description: Which target are you scanning? It is equal to which subcommand you are using.
options:
- Container Image
- Filesystem
- Git Repository
- Virtual Machine Image
- Kubernetes
- AWS
- SBOM
validations:
required: true
- type: dropdown
attributes:
label: Scanner
description: Which scanner are you using?
options:
- Vulnerability
- Misconfiguration
- Secret
- License
validations:
required: true
- type: input
attributes:
label: Target OS
description: What operating system are you scanning? Fill in this field if the scanning target is an operating system.
placeholder: "Example: Ubuntu 22.04"
validations:
required: false
- type: textarea
attributes:
label: Debug Output
description: Output of run with `--debug`
placeholder: "$ trivy <target> <subject> --debug"
render: bash
validations:
required: true
- type: textarea
attributes:
label: Version
description: Output of `trivy --version`
placeholder: "$ trivy --version"
render: bash
validations:
required: true
- type: checkboxes
attributes:
label: Checklist
options:
- label: Read [the documentation regarding wrong detection](https://trivy.dev/dev/community/contribute/discussion/#false-detection)
- label: Ran Trivy with `-f json` that shows data sources and confirmed that the security advisory in data sources was correct
validations:
required: true
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters).

47
.github/DISCUSSION_TEMPLATE/ideas.yml vendored
View File

@@ -1,47 +0,0 @@
labels: ["kind/feature"]
body:
- type: markdown
attributes:
value: |
#### Note
Feel free to share your idea.
Please ensure that you're not creating a duplicate ticket by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
- type: textarea
attributes:
label: Description
description: Describe your idea.
validations:
required: true
- type: dropdown
attributes:
label: Target
description: Which target is your idea related to?
options:
- Container Image
- Filesystem
- Git Repository
- Virtual Machine Image
- Kubernetes
- AWS
- SBOM
validations:
required: false
- type: dropdown
attributes:
label: Scanner
description: Which scanner is your idea related to?
options:
- Vulnerability
- Misconfiguration
- Secret
- License
validations:
required: false
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters).

84
.github/DISCUSSION_TEMPLATE/q-a.yml vendored
View File

@@ -1,84 +0,0 @@
labels: ["triage/support"]
body:
- type: markdown
attributes:
value: |
#### Note
If you have any troubles/questions, feel free to ask.
Please ensure that you're not asking a duplicate question by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
**Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
Please also check [our contribution guidelines](https://trivy.dev/latest/community/contribute/discussion/).
- type: textarea
attributes:
label: Question
description: What kind of problem are you facing? Or, what questions do you have?
validations:
required: true
- type: dropdown
attributes:
label: Target
description: Which target are you scanning? It is equal to which subcommand you are using.
options:
- Container Image
- Filesystem
- Git Repository
- Virtual Machine Image
- Kubernetes
- AWS
- SBOM
validations:
required: false
- type: dropdown
attributes:
label: Scanner
description: Which scanner are you using?
options:
- Vulnerability
- Misconfiguration
- Secret
- License
validations:
required: false
- type: dropdown
attributes:
label: Output Format
description: Which output format are you using?
options:
- Table
- JSON
- Template
- SARIF
- CycloneDX
- SPDX
validations:
required: false
- type: dropdown
attributes:
label: Mode
description: Which mode are you using? Specify "Standalone" if you are not using `trivy server`.
options:
- Standalone
- Client/Server
validations:
required: false
- type: input
attributes:
label: Operating System
description: What operating system are you using?
placeholder: "Example: macOS Big Sur"
validations:
required: false
- type: textarea
attributes:
label: Version
description: Output of `trivy --version`
placeholder: "$ trivy --version"
render: bash
validations:
required: false
- type: markdown
attributes:
value: |
We would be happy if you could share how you are using Trivy [here](https://github.com/aquasecurity/trivy/discussions/new?category=adopters.

17
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,17 +0,0 @@
blank_issues_enabled: false
contact_links:
- name: Report a false detection
url: https://github.com/aquasecurity/trivy/discussions/new?category=false-detection
about: Report false positives/negatives
- name: Report a bug
url: https://github.com/aquasecurity/trivy/discussions/new?category=bugs
about: Report bugs
- name: Enhance documentation
url: https://github.com/aquasecurity/trivy/discussions/new?category=documentation
about: Make suggestions to the documentation
- name: Request a feature enhancement
url: https://github.com/aquasecurity/trivy/discussions/new?category=ideas
about: Share ideas for new features
- name: Ask the community for help
url: https://github.com/aquasecurity/trivy/discussions/new?category=q-a
about: Ask questions and discuss with other community members

11
.github/ISSUE_TEMPLATE/maintainer.md vendored
View File

@@ -1,11 +0,0 @@
---
name: Maintainer
about: Create an issue by maintainers
title: ''
labels: ''
assignees: ''
---
## Are you a maintainer of the Trivy project?
If not, please open [a discussion](https://github.com/aquasecurity/trivy/discussions); if you are, please review [the guideline](https://trivy.dev/latest/community/contribute/discussion/).

3
.github/actions/trivy-triage/Makefile vendored
View File

@@ -1,3 +0,0 @@
.PHONEY: test
test: helpers.js helpers.test.js
node --test helpers.test.js

29
.github/actions/trivy-triage/action.yaml vendored
View File

@@ -1,29 +0,0 @@
name: 'trivy-discussion-triage'
description: 'automatic triage of Trivy discussions'
inputs:
discussion_num:
description: 'Discussion number to triage'
required: false
runs:
using: "composite"
steps:
- name: Conditionally label discussions based on category and content
env:
GH_TOKEN: ${{ github.token }}
uses: actions/github-script@v6
with:
script: |
const {detectDiscussionLabels, fetchDiscussion, labelDiscussion } = require('${{ github.action_path }}/helpers.js');
const config = require('${{ github.action_path }}/config.json');
discussionNum = parseInt(${{ inputs.discussion_num }});
let discussion;
if (discussionNum > 0) {
discussion = (await fetchDiscussion(github, context.repo.owner, context.repo.repo, discussionNum)).repository.discussion;
} else {
discussion = context.payload.discussion;
}
const labels = detectDiscussionLabels(discussion, config.discussionLabels);
if (labels.length > 0) {
console.log(`Adding labels ${labels} to discussion ${discussion.node_id}`);
labelDiscussion(github, discussion.node_id, labels);
}

14
.github/actions/trivy-triage/config.json vendored
View File

@@ -1,14 +0,0 @@
{
"discussionLabels": {
"Container Image":"LA_kwDOCsUTCM75TTQU",
"Filesystem":"LA_kwDOCsUTCM75TTQX",
"Git Repository":"LA_kwDOCsUTCM75TTQk",
"Virtual Machine Image":"LA_kwDOCsUTCM8AAAABMpz1bw",
"Kubernetes":"LA_kwDOCsUTCM75TTQv",
"AWS":"LA_kwDOCsUTCM8AAAABMpz1aA",
"Vulnerability":"LA_kwDOCsUTCM75TTPa",
"Misconfiguration":"LA_kwDOCsUTCM75TTP8",
"License":"LA_kwDOCsUTCM77ztRR",
"Secret":"LA_kwDOCsUTCM75TTQL"
}
}

70
.github/actions/trivy-triage/helpers.js vendored
View File

@@ -1,70 +0,0 @@
module.exports = {
detectDiscussionLabels: (discussion, configDiscussionLabels) => {
res = [];
const discussionId = discussion.id;
const category = discussion.category.name;
const body = discussion.body;
if (category !== "Ideas") {
console.log(`skipping discussion with category ${category} and body ${body}`);
return [];
}
const scannerPattern = /### Scanner\n\n(.+)/;
const scannerFound = body.match(scannerPattern);
if (scannerFound && scannerFound.length > 1) {
res.push(configDiscussionLabels[scannerFound[1]]);
}
const targetPattern = /### Target\n\n(.+)/;
const targetFound = body.match(targetPattern);
if (targetFound && targetFound.length > 1) {
res.push(configDiscussionLabels[targetFound[1]]);
}
return res;
},
fetchDiscussion: async (github, owner, repo, discussionNum) => {
const query = `query Discussion ($owner: String!, $repo: String!, $discussion_num: Int!){
repository(name: $repo, owner: $owner) {
discussion(number: $discussion_num) {
number,
id,
body,
category {
id,
name
},
labels(first: 100) {
edges {
node {
id,
name
}
}
}
}
}
}`;
const vars = {
owner: owner,
repo: repo,
discussion_num: discussionNum
};
return github.graphql(query, vars);
},
labelDiscussion: async (github, discussionId, labelIds) => {
const query = `mutation AddLabels($labelId: ID!, $labelableId:ID!) {
addLabelsToLabelable(
input: {labelIds: [$labelId], labelableId: $labelableId}
) {
clientMutationId
}
}`;
// TODO: add all labels in one call
labelIds.forEach((labelId) => {
const vars = {
labelId: labelId,
labelableId: discussionId
};
github.graphql(query, vars);
});
}
};

87
.github/actions/trivy-triage/helpers.test.js vendored
View File

@@ -1,87 +0,0 @@
const assert = require('node:assert/strict');
const { describe, it } = require('node:test');
const {detectDiscussionLabels} = require('./helpers.js');
const configDiscussionLabels = {
"Container Image":"ContainerImageLabel",
"Filesystem":"FilesystemLabel",
"Vulnerability":"VulnerabilityLabel",
"Misconfiguration":"MisconfigurationLabel",
};
describe('trivy-triage', async function() {
describe('detectDiscussionLabels', async function() {
it('detect scanner label', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('VulnerabilityLabel'));
});
it('detect target label', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
});
it('detect label when it is first', async function() {
const discussion = {
body: '### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
});
it('detect label when it is last', async function() {
const discussion = {
body: '### Scanner\n\nVulnerability\n### Target\n\nContainer Image',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
});
it('detect scanner and target labels', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.includes('ContainerImageLabel'));
assert(labels.includes('VulnerabilityLabel'));
});
it('not detect other labels', async function() {
const discussion = {
body: 'hello hello\nbla bla.\n### Scanner\n\nVulnerability\n### Target\n\nContainer Image\nbye bye.',
category: {
name: 'Ideas'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(!labels.includes('FilesystemLabel'));
assert(!labels.includes('MisconfigurationLabel'));
});
it('process only relevant categories', async function() {
const discussion = {
body: 'hello world',
category: {
name: 'Announcements'
}
};
const labels = detectDiscussionLabels(discussion, configDiscussionLabels);
assert(labels.length === 0);
});
});
});

65
.github/actions/trivy-triage/testutils/discussion-payload-sample.json vendored
View File

@@ -1,65 +0,0 @@
{
"active_lock_reason": null,
"answer_chosen_at": null,
"answer_chosen_by": null,
"answer_html_url": null,
"author_association": "OWNER",
"body": "### Description\n\nlfdjs lfkdj dflsakjfd ';djk \r\nfadfd \r\nasdlkf \r\na;df \r\ndfsal;kfd ;akjl\n\n### Target\n\nContainer Image\n\n### Scanner\n\nMisconfiguration",
"category": {
"created_at": "2023-07-02T10:14:46.000+03:00",
"description": "Share ideas for new features",
"emoji": ":bulb:",
"id": 39743708,
"is_answerable": false,
"name": "Ideas",
"node_id": "DIC_kwDOE0GiPM4CXnDc",
"repository_id": 323068476,
"slug": "ideas",
"updated_at": "2023-07-02T10:14:46.000+03:00"
},
"comments": 0,
"created_at": "2023-09-11T08:40:11Z",
"html_url": "https://github.com/itaysk/testactions/discussions/9",
"id": 5614504,
"locked": false,
"node_id": "D_kwDOE0GiPM4AVauo",
"number": 9,
"reactions": {
"+1": 0,
"-1": 0,
"confused": 0,
"eyes": 0,
"heart": 0,
"hooray": 0,
"laugh": 0,
"rocket": 0,
"total_count": 0,
"url": "https://api.github.com/repos/itaysk/testactions/discussions/9/reactions"
},
"repository_url": "https://api.github.com/repos/itaysk/testactions",
"state": "open",
"state_reason": null,
"timeline_url": "https://api.github.com/repos/itaysk/testactions/discussions/9/timeline",
"title": "Title title",
"updated_at": "2023-09-11T08:40:11Z",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/1161307?v=4",
"events_url": "https://api.github.com/users/itaysk/events{/privacy}",
"followers_url": "https://api.github.com/users/itaysk/followers",
"following_url": "https://api.github.com/users/itaysk/following{/other_user}",
"gists_url": "https://api.github.com/users/itaysk/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/itaysk",
"id": 1161307,
"login": "itaysk",
"node_id": "MDQ6VXNlcjExNjEzMDc=",
"organizations_url": "https://api.github.com/users/itaysk/orgs",
"received_events_url": "https://api.github.com/users/itaysk/received_events",
"repos_url": "https://api.github.com/users/itaysk/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/itaysk/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/itaysk/subscriptions",
"type": "User",
"url": "https://api.github.com/users/itaysk"
}
}

29
.github/actions/trivy-triage/testutils/fetchDiscussion.sh vendored
View File

@@ -1,29 +0,0 @@
#! /bin/bash
# fetch discussion by discussion number
# requires authenticated gh cli, assumes repo but current git repository
# args:
# $1: discussion number, e.g 123, required
discussion_num="$1"
gh api graphql -F discussion_num="$discussion_num" -F repo="{repo}" -F owner="{owner}" -f query='
query Discussion ($owner: String!, $repo: String!, $discussion_num: Int!){
repository(name: $repo, owner: $owner) {
discussion(number: $discussion_num) {
number,
id,
body,
category {
id,
name
},
labels(first: 100) {
edges {
node {
id,
name
}
}
}
}
}
}'

16
.github/actions/trivy-triage/testutils/fetchLabels.sh vendored
View File

@@ -1,16 +0,0 @@
#! /bin/bash
# fetch labels and their IDs
# requires authenticated gh cli, assumes repo but current git repository
gh api graphql -F repo="{repo}" -F owner="{owner}" -f query='
query GetLabelIds($owner: String!, $repo: String!) {
repository(name: $repo, owner: $owner) {
id
labels(first: 100) {
nodes {
id
name
}
}
}
}'

16
.github/actions/trivy-triage/testutils/labelDiscussion.sh vendored
View File

@@ -1,16 +0,0 @@
#! /bin/bash
# add a label to a discussion
# requires authenticated gh cli, assumes repo but current git repository
# args:
# $1: discussion ID (not number!), e.g DIC_kwDOE0GiPM4CXnDc, required
# $2: label ID, e.g. MDU6TGFiZWwzNjIzNjY0MjQ=, required
discussion_id="$1"
label_id="$2"
gh api graphql -F labelableId="$discussion_id" -F labelId="$label_id" -F repo="{repo}" -F owner="{owner}" -f query='
mutation AddLabels($labelId: ID!, $labelableId:ID!) {
addLabelsToLabelable(
input: {labelIds: [$labelId], labelableId: $labelableId}
) {
clientMutationId
}
}'

41
.github/dependabot.yml vendored
View File

@@ -1,41 +0,0 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
groups:
github-actions:
patterns:
- "*"
- package-ecosystem: docker
directory: /
schedule:
interval: monthly
groups:
docker:
patterns:
- "*"
- package-ecosystem: gomod
open-pull-requests-limit: 10
directory: /
schedule:
interval: weekly
ignore:
- dependency-name: "github.com/aquasecurity/trivy-*" ## `trivy-*` dependencies are updated manually
groups:
aws:
patterns:
- "github.com/aws/*"
docker:
patterns:
- "github.com/docker/*"
- "github.com/moby/*"
testcontainers:
patterns:
- "github.com/testcontainers/*"
common:
exclude-patterns:
- "github.com/aquasecurity/trivy-*"
patterns:
- "*"

18
.github/pull_request_template.md vendored
View File

@@ -1,18 +0,0 @@
## Description
## Related issues
- Close #XXX
## Related PRs
- [ ] #XXX
- [ ] #YYY
Remove this section if you don't have related PRs.
## Checklist
- [ ] I've read the [guidelines for contributing](https://trivy.dev/latest/community/contribute/pr/) to this repository.
- [ ] I've followed the [conventions](https://trivy.dev/latest/community/contribute/pr/#title) in the PR title.
- [ ] I've added tests that prove my fix is effective or that my feature works.
- [ ] I've updated the [documentation](https://github.com/aquasecurity/trivy/blob/main/docs) with the relevant information (if needed).
- [ ] I've added usage information (if the PR introduces new options)
- [ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).

46
.github/workflows/auto-close-issue.yaml vendored
View File

@@ -1,46 +0,0 @@
name: Auto-close issues
on:
issues:
types: [opened]
jobs:
close_issue:
runs-on: ubuntu-latest
steps:
- name: Close issue if user does not have write or admin permissions
uses: actions/github-script@v7
with:
script: |
// Get the issue creator's username
const issueCreator = context.payload.issue.user.login;
// Check the user's permissions for the repository
const repoPermissions = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: issueCreator
});
const permission = repoPermissions.data.permission;
// If the user does not have write or admin permissions, leave a comment and close the issue
if (permission !== 'write' && permission !== 'admin') {
const commentBody = "Please see https://trivy.dev/latest/community/contribute/issue/";
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.issue.number,
body: commentBody
});
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.issue.number,
state: 'closed',
state_reason: 'not_planned'
});
console.log(`Issue #${context.payload.issue.number} closed because ${issueCreator} does not have sufficient permissions.`);
}

28
.github/workflows/auto-update-labels.yaml vendored
View File

@@ -1,28 +0,0 @@
name: Auto-update labels
on:
push:
paths:
- 'misc/triage/labels.yaml'
branches:
- main
jobs:
deploy:
name: Auto-update labels
runs-on: ubuntu-latest
steps:
- name: Checkout main
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: update labels
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: mage label

60
.github/workflows/backport.yaml vendored
View File

@@ -1,60 +0,0 @@
name: Automatic Backporting
on:
issue_comment:
types: [created]
jobs:
check_permission:
name: Check comment author permissions
runs-on: ubuntu-latest
outputs:
is_maintainer: ${{ steps.check_permission.outputs.is_maintainer }}
steps:
- name: Check permission
id: check_permission
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
echo "is_maintainer=true" >> $GITHUB_OUTPUT
else
echo "is_maintainer=false" >> $GITHUB_OUTPUT
fi
backport:
name: Backport PR
needs: check_permission # run this job after checking permissions
if: |
needs.check_permission.outputs.is_maintainer == 'true' &&
github.event.issue.pull_request &&
github.event.issue.pull_request.merged_at != null &&
startsWith(github.event.comment.body, '@aqua-bot backport release/')
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract branch name
env:
COMMENT_BODY: ${{ github.event.comment.body }}
run: |
BRANCH_NAME=$(echo $COMMENT_BODY | grep -oE '@aqua-bot backport\s+(\S+)' | awk '{print $3}')
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
- name: Set up Git user
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
- name: Run backport script
run: ./misc/backport/backport.sh ${{ env.BRANCH_NAME }} ${{ github.event.issue.number }}
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}

12
.github/workflows/bypass-cla.yaml vendored
View File

@@ -1,12 +0,0 @@
# This workflow is used to bypass the required status checks in merge queue.
# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
name: CLA
on:
merge_group:
jobs:
cla:
name: license/cla
runs-on: ubuntu-latest
steps:
- run: 'echo "No test required"'

35
.github/workflows/bypass-test.yaml vendored
View File

@@ -1,35 +0,0 @@
# This workflow is used to bypass the required status checks.
# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
name: Test
on:
push:
paths:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json'
- 'helm/trivy/Chart.yaml'
pull_request:
paths:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json'
- 'helm/trivy/Chart.yaml'
jobs:
test:
name: Test
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- run: 'echo "No test required"'
integration:
name: Integration Test
runs-on: ubuntu-latest
steps:
- run: 'echo "No test required"'

80
.github/workflows/cache-test-images.yaml vendored
View File

@@ -1,80 +0,0 @@
name: Cache test images
on:
schedule:
- cron: "0 0 * * *" # Run this workflow every day at 00:00 to avoid cache deletion.
workflow_dispatch:
jobs:
test-images:
name: Cache test images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
## We need to work with test image cache only for main branch
- name: Restore and save test images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
- name: Download test images
if: github.ref_name == 'main'
run: mage test:fixtureContainerImages
test-vm-images:
name: Cache test VM images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags |= sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
## We need to work with test VM image cache only for main branch
- name: Restore and save test VM images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
- name: Download test VM images
if: github.ref_name == 'main'
run: mage test:fixtureVMImages

60
.github/workflows/canary.yaml vendored
View File

@@ -1,60 +0,0 @@
name: Canary build
on:
push:
branches:
- 'main'
paths:
- '**.go'
- 'go.mod'
- 'Dockerfile.canary'
- '.github/workflows/canary.yaml'
workflow_dispatch:
jobs:
build-binaries:
name: Build binaries
uses: ./.github/workflows/reusable-release.yaml
with:
goreleaser_config: goreleaser-canary.yml
goreleaser_options: '--snapshot --clean --timeout 60m' # will not release
secrets: inherit
upload-binaries:
name: Upload binaries
needs: build-binaries # run this job after 'build-binaries' job completes
runs-on: ubuntu-latest
steps:
- name: Restore Trivy binaries from cache
uses: actions/cache@v4
with:
path: dist/
key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
# Upload artifacts
- name: Upload artifacts (trivy_Linux-64bit)
uses: actions/upload-artifact@v4
with:
name: trivy_Linux-64bit
path: dist/trivy_*_Linux-64bit.tar.gz
if-no-files-found: error
- name: Upload artifacts (trivy_Linux-ARM64)
uses: actions/upload-artifact@v4
with:
name: trivy_Linux-ARM64
path: dist/trivy_*_Linux-ARM64.tar.gz
if-no-files-found: error
- name: Upload artifacts (trivy_macOS-64bit)
uses: actions/upload-artifact@v4
with:
name: trivy_macOS-64bit
path: dist/trivy_*_macOS-64bit.tar.gz
if-no-files-found: error
- name: Upload artifacts (trivy_macOS-ARM64)
uses: actions/upload-artifact@v4
with:
name: trivy_macOS-ARM64
path: dist/trivy_*_macOS-ARM64.tar.gz
if-no-files-found: error

34
.github/workflows/mkdocs-dev.yaml vendored
View File

@@ -1,34 +0,0 @@
name: Deploy the dev documentation
on:
push:
paths:
- 'docs/**'
- mkdocs.yml
branches:
- main
jobs:
deploy:
name: Deploy the dev documentation
runs-on: ubuntu-22.04
steps:
- name: Checkout main
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git@9.5.44-insiders-4.53.14
pip install -r docs/build/requirements.txt
env:
GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}
- name: Configure the git user
run: |
git config user.name "knqyf263"
git config user.email "knqyf263@gmail.com"
- name: Deploy the dev documents
run: mike deploy --push dev

42
.github/workflows/mkdocs-latest.yaml vendored
View File

@@ -1,42 +0,0 @@
name: Deploy the latest documentation
on:
workflow_dispatch:
inputs:
version:
description: Version to be deployed
required: true
push:
tags:
- "v*"
jobs:
deploy:
name: Deploy the latest documentation
runs-on: ubuntu-22.04
steps:
- name: Checkout main
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git@9.5.44-insiders-4.53.14
pip install -r docs/build/requirements.txt
env:
GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}
- name: Configure the git user
run: |
git config user.name "knqyf263"
git config user.email "knqyf263@gmail.com"
- name: Deploy the latest documents from new tag push
if: ${{ github.event.inputs.version == '' }}
run: |
VERSION=$(echo ${{ github.ref }} | sed -e "s#refs/tags/##g")
mike deploy --push --update-aliases ${VERSION%.*} latest
- name: Deploy the latest documents from manual trigger
if: ${{ github.event.inputs.version != '' }}
run: mike deploy --push --update-aliases ${{ github.event.inputs.version }} latest

93
.github/workflows/publish-chart.yaml vendored
View File

@@ -1,93 +0,0 @@
name: Publish Helm chart
on:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
- reopened
- closed
branches:
- main
paths:
- 'helm/trivy/**'
env:
HELM_REP: helm-charts
GH_OWNER: aquasecurity
CHART_DIR: helm/trivy
KIND_VERSION: "v0.14.0"
KIND_IMAGE: "kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae"
jobs:
# `test-chart` job starts if a PR with Helm Chart is created, merged etc.
test-chart:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112
with:
version: v3.14.4
- name: Set up python
uses: actions/setup-python@v5
with:
python-version: '3.x'
check-latest: true
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Setup Kubernetes cluster (KIND)
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
with:
version: ${{ env.KIND_VERSION }}
image: ${{ env.KIND_IMAGE }}
- name: Run chart-testing
run: ct lint-and-install --validate-maintainers=false --charts helm/trivy
- name: Run chart-testing (Ingress enabled)
run: |
sed -i -e '136s,false,'true',g' ./helm/trivy/values.yaml
ct lint-and-install --validate-maintainers=false --charts helm/trivy
# `publish-chart` job starts if a PR with a new Helm Chart is merged or manually
publish-chart:
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
needs:
- test-chart
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Install chart-releaser
run: |
wget https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_linux_amd64.tar.gz
echo "baed2315a9bb799efb71d512c5198a2a3b8dcd139d7f22f878777cffcd649a37 chart-releaser_1.3.0_linux_amd64.tar.gz" | sha256sum -c -
tar xzvf chart-releaser_1.3.0_linux_amd64.tar.gz cr
- name: Package helm chart
run: |
./cr package ${{ env.CHART_DIR }}
- name: Upload helm chart
# Failed with upload the same version: https://github.com/helm/chart-releaser/issues/101
continue-on-error: true
run: |
./cr upload -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} --token ${{ secrets.ORG_REPO_TOKEN }} -p .cr-release-packages
- name: Index helm chart
run: |
./cr index -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} -c https://${{ env.GH_OWNER }}.github.io/${{ env.HELM_REP }}/ -i index.yaml
- name: Push index file
uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37 #v1.1.1
env:
API_TOKEN_GITHUB: ${{ secrets.ORG_REPO_TOKEN }}
with:
source_file: 'index.yaml'
destination_repo: '${{ env.GH_OWNER }}/${{ env.HELM_REP }}'
destination_folder: '.'
destination_branch: 'gh-pages'
user_email: aqua-bot@users.noreply.github.com
user_name: 'aqua-bot'

111
.github/workflows/release-please.yaml vendored
View File

@@ -1,111 +0,0 @@
name: Release Please
on:
push:
branches:
- main
- 'release/v*'
workflow_dispatch:
inputs:
version:
required: true
description: 'Release version without the "v" prefix (e.g., 0.51.0)'
type: string
jobs:
release-please:
runs-on: ubuntu-latest
if: ${{ !startsWith(github.event.head_commit.message, 'release:') && !github.event.inputs.version }}
steps:
- name: Release Please
id: release
uses: googleapis/release-please-action@v4
with:
token: ${{ secrets.ORG_REPO_TOKEN }}
target-branch: ${{ github.ref_name }}
manual-release-please:
runs-on: ubuntu-latest
if: ${{ github.event.inputs.version }}
steps:
- name: Install Release Please CLI
run: npm install release-please -g
- name: Release Please
run: |
release-please release-pr --repo-url=${{ github.server_url }}/${{ github.repository }} \
--token=${{ secrets.ORG_REPO_TOKEN }} \
--release-as=${{ github.event.inputs.version }} \
--target-branch=${{ github.ref_name }}
release-tag:
runs-on: ubuntu-latest
if: ${{ startsWith(github.event.head_commit.message, 'release:') }}
steps:
# Since skip-github-release is specified, the outputs of googleapis/release-please-action cannot be used.
# Therefore, we need to parse the version ourselves.
- name: Extract version and PR number from commit message
id: extract_info
shell: bash
env:
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
run: |
echo "version=$( echo "$COMMIT_MESSAGE" | sed 's/^release: v\([0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' )" >> $GITHUB_OUTPUT
echo "pr_number=$( echo "$COMMIT_MESSAGE" | sed 's/.*(\#\([0-9]\+\)).*$/\1/' )" >> $GITHUB_OUTPUT
echo "release_branch=release/v$( echo "$COMMIT_MESSAGE" | sed 's/^release: v\([0-9]\+\.[0-9]\+\).*$/\1/' )" >> $GITHUB_OUTPUT
- name: Tag release
if: ${{ steps.extract_info.outputs.version }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.ORG_REPO_TOKEN }} # To trigger another workflow
script: |
await github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `refs/tags/v${{ steps.extract_info.outputs.version }}`,
sha: context.sha
});
# When v0.50.0 is released, a release branch "release/v0.50" is created.
- name: Create release branch for patch versions
if: ${{ endsWith(steps.extract_info.outputs.version, '.0') }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # Should not trigger the workflow again
script: |
const releaseBranch = '${{ steps.extract_info.outputs.release_branch }}';
await github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `refs/heads/${releaseBranch}`,
sha: context.sha
});
# Add release branch to rulesets to enable merge queue
- name: Add release branch to rulesets
if: ${{ endsWith(steps.extract_info.outputs.version, '.0') }}
env:
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
shell: bash
run: |
RULESET_ID=$(gh api /repos/${{ github.repository }}/rulesets --jq '.[] | select(.name=="release") | .id')
gh api /repos/${{ github.repository }}/rulesets/$RULESET_ID | jq '{conditions}' | jq '.conditions.ref_name.include += ["refs/heads/${{ steps.extract_info.outputs.release_branch }}"]' | gh api --method put --input - /repos/${{ github.repository }}/rulesets/$RULESET_ID
# Since skip-github-release is specified, googleapis/release-please-action doesn't delete the label from PR.
# This label prevents the subsequent PRs from being created. Therefore, we need to delete it ourselves.
# cf. https://github.com/googleapis/release-please?tab=readme-ov-file#release-please-bot-does-not-create-a-release-pr-why
- name: Remove the label from PR
if: ${{ steps.extract_info.outputs.pr_number }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const prNumber = parseInt('${{ steps.extract_info.outputs.pr_number }}', 10);
github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
name: 'autorelease: pending'
});

21
.github/workflows/release-pr-check.yaml vendored
View File

@@ -1,21 +0,0 @@
name: Backport PR Check
on:
pull_request:
branches:
- 'release/v*'
jobs:
check-pr-author:
runs-on: ubuntu-latest
steps:
- name: Check PR author
id: check_author
env:
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
run: |
if [ "$PR_AUTHOR" != "aqua-bot" ]; then
echo "::error::This branch is intended for automated backporting by bot. Please refer to the documentation:"
echo "::error::https://trivy.dev/latest/community/maintainer/backporting/"
exit 1
fi

87
.github/workflows/release.yaml vendored
View File

@@ -1,87 +0,0 @@
name: Release
on:
push:
tags:
- "v*"
jobs:
release:
name: Release
uses: ./.github/workflows/reusable-release.yaml
with:
goreleaser_config: goreleaser.yml
goreleaser_options: '--clean --timeout 90m'
secrets: inherit
deploy-packages:
name: Deploy rpm/dep packages
needs: release # run this job after 'release' job completes
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Restore Trivy binaries from cache
uses: actions/cache@v4
with:
path: dist/
key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}
- name: Install dependencies
run: |
sudo apt-get -y update
sudo apt-get -y install rpm reprepro createrepo-c distro-info
- name: Checkout trivy-repo
uses: actions/checkout@v4.1.6
with:
repository: ${{ github.repository_owner }}/trivy-repo
path: trivy-repo
fetch-depth: 0
token: ${{ secrets.ORG_REPO_TOKEN }}
- name: Setup git settings
run: |
git config --global user.email "knqyf263@gmail.com"
git config --global user.name "Teppei Fukuda"
- name: Create rpm repository
run: ci/deploy-rpm.sh
- name: Import GPG key
run: echo -e "${{ secrets.GPG_KEY }}" | gpg --import
- name: Create deb repository
run: ci/deploy-deb.sh
# `update-chart-version` creates a new PR for updating the helm chart
update-chart-version:
needs: deploy-packages
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Set up Git user
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Create a PR with Trivy version
run: mage helm:updateVersion
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}

128
.github/workflows/reusable-release.yaml vendored
View File

@@ -1,128 +0,0 @@
name: Reusable release
on:
workflow_call:
inputs:
goreleaser_config:
description: 'file path to GoReleaser config'
required: true
type: string
goreleaser_options:
description: 'GoReleaser options separated by spaces'
default: ''
required: false
type: string
env:
GH_USER: "aqua-bot"
jobs:
release:
name: Release
runs-on: ubuntu-latest-m
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
permissions:
id-token: write # For cosign
packages: write # For GHCR
contents: read # Not required for public repositories, but for clarity
steps:
- name: Cosign install
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Show available Docker Buildx platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Login to docker.io registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to ghcr.io registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.GH_USER }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to ECR
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ secrets.ECR_ACCESS_KEY_ID }}
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
- name: Checkout code
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false # Disable cache to avoid free space issues during `Post Setup Go` step.
- name: Generate SBOM
uses: CycloneDX/gh-gomod-generate-sbom@v2
with:
args: mod -licenses -json -output bom.json
version: ^v1
- name: "save gpg key"
env:
GPG_KEY: ${{ secrets.GPG_KEY }}
run: |
echo "$GPG_KEY" > gpg.key
# Create tmp dir for GoReleaser
- name: "create tmp dir"
run: |
mkdir tmp
- name: GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: v2.1.0
args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
env:
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
NFPM_DEFAULT_RPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_FILE: "gpg.key"
TMPDIR: "tmp"
- name: "remove gpg key"
run: |
rm gpg.key
# Push images to registries (only for canary build)
# The custom Dockerfile.canary is necessary
# because GoReleaser Free doesn't support pushing images with the `--snapshot` flag.
- name: Build and push
if: ${{ inputs.goreleaser_config == 'goreleaser-canary.yml' }}
uses: docker/build-push-action@v6
with:
platforms: linux/amd64, linux/arm64
file: ./Dockerfile.canary # path to Dockerfile
context: .
push: true
tags: |
aquasec/trivy:canary
ghcr.io/aquasecurity/trivy:canary
public.ecr.aws/aquasecurity/trivy:canary
- name: Cache Trivy binaries
uses: actions/cache@v4
with:
path: dist/
# use 'github.sha' to create a unique cache folder for each run.
# use 'github.workflow' to create a unique cache folder if some runs have same commit sha.
# e.g. build and release runs
key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}

79
.github/workflows/roadmap.yaml vendored
View File

@@ -1,79 +0,0 @@
name: Add issues to the roadmap project
on:
issues:
types:
- labeled
jobs:
add-issue-to-roadmap-project:
name: Add issue to the roadmap project
runs-on: ubuntu-latest
steps:
# 'kind/feature' AND 'priority/backlog' labels -> 'Backlog' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
labeled: kind/feature, priority/backlog
label-operator: AND
id: add-backlog-issue
- uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
if: ${{ steps.add-backlog-issue.outputs.itemId }}
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
item-id: ${{ steps.add-backlog-issue.outputs.itemId }} # Use the item-id output of the previous step
field-keys: Priority
field-values: Backlog
# 'kind/feature' AND 'priority/important-longterm' labels -> 'Important (long-term)' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
labeled: kind/feature, priority/important-longterm
label-operator: AND
id: add-longterm-issue
- uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
if: ${{ steps.add-longterm-issue.outputs.itemId }}
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
item-id: ${{ steps.add-longterm-issue.outputs.itemId }} # Use the item-id output of the previous step
field-keys: Priority
field-values: Important (long-term)
# 'kind/feature' AND 'priority/important-soon' labels -> 'Important (soon)' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
labeled: kind/feature, priority/important-soon
label-operator: AND
id: add-soon-issue
- uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
if: ${{ steps.add-soon-issue.outputs.itemId }}
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
item-id: ${{ steps.add-soon-issue.outputs.itemId }} # Use the item-id output of the previous step
field-keys: Priority
field-values: Important (soon)
# 'kind/feature' AND 'priority/critical-urgent' labels -> 'Urgent' column
- uses: actions/add-to-project@v1.0.2 # add new issue to project
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
labeled: kind/feature, priority/critical-urgent
label-operator: AND
id: add-urgent-issue
- uses: titoportas/update-project-fields@v0.1.0 # change Priority(column) of added issue
if: ${{ steps.add-urgent-issue.outputs.itemId }}
with:
project-url: https://github.com/orgs/aquasecurity/projects/25
github-token: ${{ secrets.ORG_PROJECT_TOKEN }}
item-id: ${{ steps.add-urgent-issue.outputs.itemId }} # Use the item-id output of the previous step
field-keys: Priority
field-values: Urgent

23
.github/workflows/scan.yaml vendored
View File

@@ -1,23 +0,0 @@
name: Scan vulnerabilities
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
build:
name: Scan Go vulnerabilities
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4.1.6
- name: Run Trivy vulnerability scanner and create GitHub issues
uses: knqyf263/trivy-issue-action@v0.0.6
with:
assignee: knqyf263
severity: CRITICAL
skip-dirs: integration,examples,pkg
label: kind/security
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

165
.github/workflows/semantic-pr.yaml vendored
View File

@@ -1,165 +0,0 @@
name: "Validate PR Title"
on:
pull_request:
types:
- opened
- edited
- synchronize
jobs:
validate:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- name: Validate PR title
shell: bash
env:
PR_TITLE: ${{ github.event.pull_request.title }}
# Valid types
VALID_TYPES: |
feat
fix
docs
style
refactor
perf
test
build
ci
chore
revert
release
# Valid scopes categorized by area
VALID_SCOPES: |
# Scanners
vuln
misconf
secret
license
# Targets
image
fs
repo
sbom
server
k8s
aws
vm
plugin
# OS
alpine
wolfi
chainguard
redhat
alma
rocky
mariner
oracle
debian
ubuntu
amazon
suse
photon
echo
distroless
windows
minimos
# Languages
ruby
php
python
nodejs
rust
dotnet
java
go
c
c++
elixir
dart
swift
bitnami
conda
julia
# Package types
os
lang
# IaC
kubernetes
dockerfile
terraform
cloudformation
# Container
docker
podman
containerd
oci
# SBOM
sbom
spdx
cyclonedx
# Misc
cli
flag
purl
vex
helm
report
db
parser
deps
run: |
set -euo pipefail
# Convert env vars to regex alternatives, excluding comments and empty lines
TYPES_REGEX=$(echo "$VALID_TYPES" | grep -v '^$' | paste -sd '|')
SCOPES_REGEX=$(echo "$VALID_SCOPES" | grep -v '^$' | grep -v '^#' | paste -sd '|')
# Basic format check (should match: type(scope): description or type: description)
FORMAT_REGEX="^[a-z]+(\([a-z0-9+]+\))?!?: .+$"
if ! echo "$PR_TITLE" | grep -qE "$FORMAT_REGEX"; then
echo "Error: Invalid PR title format"
echo "Expected format: <type>(<scope>): <description> or <type>: <description>"
echo "Examples:"
echo " feat(vuln): add new vulnerability detection"
echo " fix: correct parsing logic"
echo " docs(kubernetes): update installation guide"
echo -e "\nCurrent title: $PR_TITLE"
exit 1
fi
# Extract type and scope for validation
TYPE=$(echo "$PR_TITLE" | sed -E 's/^([a-z]+)(\([a-z0-9+]+\))?!?: .+$/\1/')
SCOPE=$(echo "$PR_TITLE" | sed -E 's/^[a-z]+\(([a-z0-9+]+)\)!?: .+$/\1/; t; s/.*//')
# Validate type
if ! echo "$VALID_TYPES" | grep -qx "$TYPE"; then
echo "Error: Invalid type '${TYPE}'"
echo -e "\nValid types:"
echo "$VALID_TYPES" | grep -v '^$' | sed 's/^/- /'
echo -e "\nCurrent title: $PR_TITLE"
exit 1
fi
# Validate scope if present
if [ -n "$SCOPE" ]; then
if ! echo "$VALID_SCOPES" | grep -v '^#' | grep -qx "$SCOPE"; then
echo "Error: Invalid scope '${SCOPE}'"
echo -e "\nValid scopes:"
echo "$VALID_SCOPES" | grep -v '^$' | grep -v '^#' | sed 's/^/- /'
echo -e "\nCurrent title: $PR_TITLE"
exit 1
fi
fi
echo "PR title validation passed ✅"
echo "Current title: $PR_TITLE"

38
.github/workflows/spdx-cron.yaml vendored
View File

@@ -1,38 +0,0 @@
name: SPDX licenses cron
on:
schedule:
- cron: '0 0 * * 0' # every Sunday at 00:00
workflow_dispatch:
jobs:
build:
name: Check if SPDX exceptions
runs-on: ubuntu-24.04
steps:
- name: Check out code
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Check if SPDX exceptions are up-to-date
run: |
mage spdx:updateLicenseExceptions
if [ -n "$(git status --porcelain)" ]; then
echo "Run 'mage spdx:updateLicenseExceptions' and push it"
exit 1
fi
- name: Microsoft Teams Notification
uses: Skitionek/notify-microsoft-teams@e7a2493ac87dad8aa7a62f079f295e54ff511d88
if: failure()
with:
webhook_url: ${{ secrets.TRIVY_MSTEAMS_WEBHOOK }}
needs: ${{ toJson(needs) }}
job: ${{ toJson(job) }}
steps: ${{ toJson(steps) }}

19
.github/workflows/stale-issues.yaml vendored
View File

@@ -1,19 +0,0 @@
name: "Stale PR's"
on:
schedule:
- cron: '0 0 * * *'
jobs:
stale:
timeout-minutes: 1
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: 'This PR is stale because it has been labeled with inactivity.'
exempt-pr-labels: 'lifecycle/active'
stale-pr-label: 'lifecycle/stale'
days-before-stale: 60
days-before-issue-stale: '-1'
days-before-close: 20
days-before-issue-close: '-1'

29
.github/workflows/test-docs.yaml vendored
View File

@@ -1,29 +0,0 @@
name: Test docs
on:
pull_request:
paths:
- 'docs/**'
- 'mkdocs.yml'
jobs:
build-documents:
name: Documentation Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install dependencies
run: |
python -m pip install --upgrade pip setuptools wheel
pip install -r docs/build/requirements.txt
- name: Configure the git user
run: |
git config user.name "knqyf263"
git config user.email "knqyf263@gmail.com"
- name: Deploy the dev documents
run: mike deploy test

223
.github/workflows/test.yaml vendored
View File

@@ -1,223 +0,0 @@
name: Test
on:
pull_request:
paths-ignore:
- '**.md'
- 'docs/**'
- 'mkdocs.yml'
- 'LICENSE'
- '.release-please-manifest.json' ## don't run tests for release-please PRs
- 'helm/trivy/Chart.yaml'
merge_group:
workflow_dispatch:
jobs:
test:
name: Test
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: go mod tidy
run: |
go mod tidy
if [ -n "$(git status --porcelain)" ]; then
echo "Run 'go mod tidy' and push it"
exit 1
fi
if: matrix.operating-system == 'ubuntu-latest'
- name: Lint
id: lint
uses: golangci/golangci-lint-action@v7.0.0
with:
version: v2.1
args: --verbose
if: matrix.operating-system == 'ubuntu-latest'
- name: Check if linter failed
run: |
echo "Linter failed, running 'mage lint:fix' might help to correct some errors"
exit 1
if: ${{ failure() && steps.lint.conclusion == 'failure' }}
- name: Install tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Check if CLI references are up-to-date
run: |
mage docs:generate
if [ -n "$(git status --porcelain)" ]; then
echo "Run 'mage docs:generate' and push it"
exit 1
fi
if: matrix.operating-system == 'ubuntu-latest'
- name: Run unit tests
run: mage test:unit
integration:
name: Integration Test
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Generate image list digest
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
- name: Run integration tests
run: mage test:integration
k8s-integration:
name: K8s Integration Test
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Run k8s integration tests
run: mage test:k8s
module-test:
name: Module Integration Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Generate image list digest
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags += ["containerd"] | .Tags |= sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
- name: Run module integration tests
shell: bash
run: |
mage test:module
vm-test:
name: VM Integration Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Install Go tools
run: go install tool # GOBIN is added to the PATH by the setup-go action
- name: Generate image list digest
id: image-digest
run: |
source integration/testimages.ini
IMAGE_LIST=$(skopeo list-tags docker://$TEST_VM_IMAGES)
DIGEST=$(echo "$IMAGE_LIST" | jq '.Tags |= sort' | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Restore test VM images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
- name: Run vm integration tests
run: |
mage test:vm
build-test:
name: Build Test
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: Determine GoReleaser ID
id: goreleaser_id
shell: bash
run: |
if [ "${{ matrix.operating-system }}" == "windows-latest" ]; then
echo "id=--id build-windows" >> $GITHUB_OUTPUT
elif [ "${{ matrix.operating-system }}" == "macos-latest" ]; then
echo "id=--id build-macos --id build-bsd" >> $GITHUB_OUTPUT
else
echo "id=--id build-linux" >> $GITHUB_OUTPUT
fi
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: v2.1.0
args: build --snapshot --clean --timeout 90m ${{ steps.goreleaser_id.outputs.id }}

16
.github/workflows/triage.yaml vendored
View File

@@ -1,16 +0,0 @@
name: Triage Discussion
on:
discussion:
types: [created]
workflow_dispatch:
inputs:
discussion_num:
required: true
jobs:
label:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/trivy-triage
with:
discussion_num: ${{ github.event.inputs.discussion_num }}

31
.gitignore vendored
View File

@@ -4,10 +4,6 @@
*.dll
*.so
*.dylib
/trivy
## chart release
.cr-release-packages
# Test binary, build with `go test -c`
*.test
@@ -16,30 +12,3 @@
*.out
.idea
.vscode
# Directory Cache Files
.DS_Store
thumbs.db
# test fixtures
coverage.txt
integration/testdata/fixtures/images
integration/testdata/fixtures/vm-images
internal/gittest/testdata/test-repo
# SBOMs generated during CI
/bom.json
# goreleaser output
dist
# WebAssembly
*.wasm
# Signing
gpg.key
cmd/trivy/trivy
# RPM
*.rpm

218
.golangci.yaml
View File

@@ -1,218 +0,0 @@
issues:
max-issues-per-linter: 0
max-same-issues: 0
linters:
settings:
depguard:
rules:
main:
list-mode: lax
deny:
# Cannot use gomodguard, which examines go.mod, as "golang.org/x/exp/slices" is not a module and doesn't appear in go.mod.
- pkg: "golang.org/x/exp/slices"
desc: "Use 'slices' instead"
- pkg: "golang.org/x/exp/maps"
desc: "Use 'maps' or 'github.com/samber/lo' instead"
- pkg: "io/ioutil"
desc: "io/ioutil is deprecated. Use 'io' or 'os' instead"
dupl:
threshold: 100
errcheck:
check-type-assertions: true
check-blank: true
goconst:
min-len: 3
min-occurrences: 3
gocritic:
disabled-checks:
- appendAssign
- commentedOutCode
- hugeParam
- importShadow # FIXME
- indexAlloc
- rangeValCopy
- regexpSimplify
- sloppyReassign
- unnamedResult
- whyNoLint
enabled-tags:
- diagnostic
- style
- performance
- experimental
- opinionated
settings:
ruleguard:
failOn: all
rules: '${base-path}/misc/lint/rules.go'
gocyclo:
min-complexity: 20
gomodguard:
blocked:
modules:
- github.com/hashicorp/go-version:
recommendations:
- github.com/aquasecurity/go-version
reason: "`aquasecurity/go-version` is designed for our use-cases"
- github.com/Masterminds/semver:
recommendations:
- github.com/aquasecurity/go-version
reason: "`aquasecurity/go-version` is designed for our use-cases"
gosec:
excludes:
- G101
- G114
- G115
- G204
- G304
- G402
govet:
disable:
- shadow
misspell:
locale: US
ignore-rules:
- behaviour
- licence
- optimise
- simmilar
perfsprint:
# Optimizes even if it requires an int or uint type cast.
int-conversion: true
# Optimizes into `err.Error()` even if it is only equivalent for non-nil errors.
err-error: true
# Optimizes `fmt.Errorf`.
errorf: true
# Optimizes `fmt.Sprintf` with only one argument.
sprintf1: false
# Optimizes into strings concatenation.
strconcat: false
revive:
max-open-files: 2048
# https://github.com/mgechev/revive/blob/HEAD/RULES_DESCRIPTIONS.md
rules:
- name: bool-literal-in-expr
- name: context-as-argument
arguments:
- allowTypesBefore: "*testing.T"
- name: duplicated-imports
- name: early-return
arguments:
- preserve-scope
- name: if-return
- name: increment-decrement
- name: indent-error-flow
arguments:
- preserve-scope
- name: range
- name: range-val-address
- name: superfluous-else
arguments:
- preserve-scope
- name: time-equal
- name: unnecessary-stmt
- name: unused-parameter
- name: use-any
staticcheck:
checks:
- all
- -QF1008 # Omit embedded fields from selector expression
- -S1007 # Simplify regular expression by using raw string literal
- -S1011 # Use a single append to concatenate two slices
- -S1023 # Omit redundant control flow
- -SA1019 # Using a deprecated function, variable, constant or field
- -SA1024 # A string cutset contains duplicate characters
- -SA4004 # The loop exits unconditionally after one iteration
- -SA4023 # Impossible comparison of interface value with untyped nil
- -SA4032 # Comparing runtime.GOOS or runtime.GOARCH against impossible value
- -SA5011 # Possible nil pointer dereference
- -ST1003 # Poorly chosen identifier
- -ST1012 # Poorly chosen name for error variable
testifylint:
enable-all: true
default: none
enable:
- bodyclose
- depguard
- goconst
- gocritic
- gocyclo
- gomodguard
- gosec
- govet
- ineffassign
- misspell
- perfsprint
- revive
- staticcheck
- testifylint
- unconvert
- unused
- usestdlibvars
- usetesting
exclusions:
generated: lax
paths:
- "pkg/iac/scanners/terraform/parser/funcs" # copies of Terraform functions
rules:
- path: ".*_test.go$"
linters:
- goconst
- gosec
- unused
- path: ".*_test.go$"
linters:
- govet
text: "copylocks:"
- path: ".*_test.go$"
linters:
- gocritic
text: "commentFormatting:"
- path: ".*_test.go$"
linters:
- gocritic
text: "exitAfterDefer:"
- path: ".*_test.go$"
linters:
- gocritic
text: "importShadow:"
- linters:
- goconst
text: "string `each` has 3 occurrences, make it a constant" # FIXME
presets:
- comments
- common-false-positives
- legacy
- std-error-handling
warn-unused: true
run:
go: '1.24'
timeout: 30m
formatters:
enable:
- gci
- gofmt
exclusions:
generated: lax
settings:
gci:
sections:
- standard
- default
- prefix(github.com/aquasecurity/)
- blank
- dot
gofmt:
simplify: false
version: "2"

1
.release-please-manifest.json
View File

@@ -1 +0,0 @@
{".":"0.64.0"}

244
.vex/oci.openvex.json
View File

@@ -1,244 +0,0 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/public/vex-8e30ed756ae8e4196af93bf43edf68360f396a98c0268787453a3443b26e7d6c",
"author": "Aqua Security",
"timestamp": "2024-07-10T12:17:44.60495+04:00",
"version": 1,
"statements": [
{
"vulnerability": {
"name": "CVE-2023-42363"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2023-42364"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2023-42365"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2023-42366"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2024-4741"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
},
{
"vulnerability": {
"name": "CVE-2024-5535"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
},
{
"vulnerability": {
"name": "CVE-2024-6119"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
}
]
}

604
.vex/trivy.openvex.json
View File

@@ -1,604 +0,0 @@
{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "aquasecurity/trivy:613fd55abbc2857b5ca28b07a26f3cd4c8b0ddc4c8a97c57497a2d4c4880d7fc",
"author": "Aqua Security",
"timestamp": "2024-07-09T11:38:00.115697+04:00",
"version": 1,
"tooling": "https://github.com/aquasecurity/trivy/tree/main/magefiles/vex.go",
"statements": [
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2575",
"name": "GO-2024-2575",
"description": "Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3",
"aliases": [
"CVE-2024-26147",
"GHSA-r53h-jv2g-vpx6"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/helm.sh/helm/v3",
"identifiers": {
"purl": "pkg:golang/helm.sh/helm/v3"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-1765",
"name": "GO-2023-1765",
"description": "Leaked shared secret and weak blinding in github.com/cloudflare/circl",
"aliases": [
"CVE-2023-1732",
"GHSA-2q89-485c-9j2x"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/cloudflare/circl",
"identifiers": {
"purl": "pkg:golang/github.com/cloudflare/circl"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2512",
"name": "GO-2024-2512",
"description": "Classic builder cache poisoning in github.com/docker/docker",
"aliases": [
"CVE-2024-24557",
"GHSA-xw73-rw38-6vjc"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/docker/docker",
"identifiers": {
"purl": "pkg:golang/github.com/docker/docker"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2453",
"name": "GO-2024-2453",
"description": "Timing side channel in github.com/cloudflare/circl",
"aliases": [
"GHSA-9763-4f94-gfch"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/cloudflare/circl",
"identifiers": {
"purl": "pkg:golang/github.com/cloudflare/circl"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2048",
"name": "GO-2023-2048",
"description": "Paths outside of the rootfs could be produced on Windows in github.com/cyphar/filepath-securejoin",
"aliases": [
"GHSA-6xv5-86q9-7xr8"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/cyphar/filepath-securejoin",
"identifiers": {
"purl": "pkg:golang/github.com/cyphar/filepath-securejoin"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2497",
"name": "GO-2024-2497",
"description": "Privilege escalation in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23653",
"GHSA-wr6v-9f75-vh2g"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2102",
"name": "GO-2023-2102",
"description": "HTTP/2 rapid reset can cause excessive work in net/http",
"aliases": [
"CVE-2023-39325",
"GHSA-4374-p667-p6c8"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/golang.org/x/net",
"identifiers": {
"purl": "pkg:golang/golang.org/x/net"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2493",
"name": "GO-2024-2493",
"description": "Host system file access in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23651",
"GHSA-m3r6-h7wv-7xxv"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2491",
"name": "GO-2024-2491",
"description": "Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc",
"aliases": [
"CVE-2024-21626",
"GHSA-xr7r-f8xq-vfvv"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/opencontainers/runc",
"identifiers": {
"purl": "pkg:golang/github.com/opencontainers/runc"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2494",
"name": "GO-2024-2494",
"description": "Host system modification in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23652",
"GHSA-4v98-7qmw-rqr8"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2412",
"name": "GO-2023-2412",
"description": "RAPL accessibility in github.com/containerd/containerd",
"aliases": [
"GHSA-7ww5-4wqc-m92c"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/containerd/containerd",
"identifiers": {
"purl": "pkg:golang/github.com/containerd/containerd"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-1988",
"name": "GO-2023-1988",
"description": "Improper rendering of text nodes in golang.org/x/net/html",
"aliases": [
"CVE-2023-3978",
"GHSA-2wrh-6pvc-2jm9"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/golang.org/x/net",
"identifiers": {
"purl": "pkg:golang/golang.org/x/net"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-2492",
"name": "GO-2024-2492",
"description": "Panic in github.com/moby/buildkit",
"aliases": [
"CVE-2024-23650",
"GHSA-9p26-698r-w4hx"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/moby/buildkit",
"identifiers": {
"purl": "pkg:golang/github.com/moby/buildkit"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2022-0646",
"name": "GO-2022-0646",
"description": "Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go",
"aliases": [
"CVE-2020-8911",
"CVE-2020-8912",
"GHSA-7f33-f4f5-xwgw",
"GHSA-f5pg-7wfw-84q9"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/github.com/aws/aws-sdk-go",
"identifiers": {
"purl": "pkg:golang/github.com/aws/aws-sdk-go"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_present",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2023-2153",
"name": "GO-2023-2153",
"description": "Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc",
"aliases": [
"GHSA-m425-mq94-257g"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/google.golang.org/grpc",
"identifiers": {
"purl": "pkg:golang/google.golang.org/grpc"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3105",
"name": "GO-2024-3105",
"description": "Stack exhaustion in all Parse functions in go/parser",
"aliases": [
"CVE-2024-34155"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/stdlib",
"identifiers": {
"purl": "pkg:golang/stdlib"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3106",
"name": "GO-2024-3106",
"description": "Stack exhaustion in Decoder.Decode in encoding/gob",
"aliases": [
"CVE-2024-34156"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/stdlib",
"identifiers": {
"purl": "pkg:golang/stdlib"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck incorrectly marks this vulnerability as affected. The vulnerable code isn't called. See https://github.com/aquasecurity/trivy/issues/7478"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3107",
"name": "GO-2024-3107",
"description": "Stack exhaustion in Parse in go/build/constraint",
"aliases": [
"CVE-2024-34158"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/stdlib",
"identifiers": {
"purl": "pkg:golang/stdlib"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3321",
"name": "GO-2024-3321",
"description": "Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"aliases": [
"CVE-2024-45337",
"GHSA-v778-237x-gjrc"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/golang.org/x/crypto",
"identifiers": {
"purl": "pkg:golang/golang.org/x/crypto"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
},
{
"vulnerability": {
"@id": "https://pkg.go.dev/vuln/GO-2024-3333",
"name": "GO-2024-3333",
"description": "Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"aliases": [
"CVE-2024-45338"
]
},
"products": [
{
"@id": "pkg:golang/github.com/aquasecurity/trivy",
"identifiers": {
"purl": "pkg:golang/github.com/aquasecurity/trivy"
},
"subcomponents": [
{
"@id": "pkg:golang/golang.org/x/net",
"identifiers": {
"purl": "pkg:golang/golang.org/x/net"
}
}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_not_in_execute_path",
"impact_statement": "Govulncheck determined that the vulnerable code isn't called"
}
]
}

585
CHANGELOG.md
View File

@@ -1,585 +0,0 @@
# Changelog
## [0.64.0](https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.0) (2025-06-30)
### Features
* **cli:** add version constraints to annoucements ([#9023](https://github.com/aquasecurity/trivy/issues/9023)) ([19efa9f](https://github.com/aquasecurity/trivy/commit/19efa9fd372242d2ec582a248e9e6573d2caef00))
* **java:** dereference all maven settings.xml env placeholders ([#9024](https://github.com/aquasecurity/trivy/issues/9024)) ([5aade69](https://github.com/aquasecurity/trivy/commit/5aade698c71450badf8db028be61e12ec85c6248))
* **misconf:** add OpenTofu file extension support ([#8747](https://github.com/aquasecurity/trivy/issues/8747)) ([57801d0](https://github.com/aquasecurity/trivy/commit/57801d0324384d990889ba39d856c881e5b8b070))
* **misconf:** normalize CreatedBy for buildah and legacy docker builder ([#8953](https://github.com/aquasecurity/trivy/issues/8953)) ([65e155f](https://github.com/aquasecurity/trivy/commit/65e155fdaf0ad02ec82f00a004427f126faf65ed))
* **redhat:** Add EOL date for RHEL 10. ([#8910](https://github.com/aquasecurity/trivy/issues/8910)) ([48258a7](https://github.com/aquasecurity/trivy/commit/48258a701a7adb210c433310de52f48568ccee19))
* reject unsupported artifact types in remote image retrieval ([#9052](https://github.com/aquasecurity/trivy/issues/9052)) ([1e1e1b5](https://github.com/aquasecurity/trivy/commit/1e1e1b5fa6a884da978fe1ed4c222d613d6eafbd))
* **sbom:** add manufacturer field to CycloneDX tools metadata ([#9019](https://github.com/aquasecurity/trivy/issues/9019)) ([41d0f94](https://github.com/aquasecurity/trivy/commit/41d0f949c874609641c08fa2620fa10bf4ceef78))
* **terraform:** add partial evaluation for policy templates ([#8967](https://github.com/aquasecurity/trivy/issues/8967)) ([a9f7dcd](https://github.com/aquasecurity/trivy/commit/a9f7dcdb9c5973746c3737f2bbc3306a74be5408))
* **ubuntu:** add end of life date for Ubuntu 25.04 ([#9077](https://github.com/aquasecurity/trivy/issues/9077)) ([367564a](https://github.com/aquasecurity/trivy/commit/367564a3bec0c202566c59598dcff087bf50a23d))
* **ubuntu:** add eol date for 20.04-ESM ([#8981](https://github.com/aquasecurity/trivy/issues/8981)) ([87118a0](https://github.com/aquasecurity/trivy/commit/87118a0ec4a6ae492523b7bac9834c2b93a14557))
* **vuln:** add Root.io support for container image scanning ([#9073](https://github.com/aquasecurity/trivy/issues/9073)) ([3a0ec0f](https://github.com/aquasecurity/trivy/commit/3a0ec0f2acff6a13ed6ab348b6b220d49e14a298))
### Bug Fixes
* Add missing version check flags ([#8951](https://github.com/aquasecurity/trivy/issues/8951)) ([ef5f8de](https://github.com/aquasecurity/trivy/commit/ef5f8de8dadf5534a2c965aecca01c7067e5baca))
* **cli:** add some values to the telemetry call ([#9056](https://github.com/aquasecurity/trivy/issues/9056)) ([fd2bc91](https://github.com/aquasecurity/trivy/commit/fd2bc91e133f846bc9f0910c19ac3be3fbfe4009))
* Correctly check for semver versions for trivy version check ([#8948](https://github.com/aquasecurity/trivy/issues/8948)) ([b813527](https://github.com/aquasecurity/trivy/commit/b813527449c4604f5afad71ae82b13399bb48680))
* don't show corrupted trivy-db warning for first run ([#8991](https://github.com/aquasecurity/trivy/issues/8991)) ([4ed78e3](https://github.com/aquasecurity/trivy/commit/4ed78e39afe57e81c12482fef9102dc3f85d1493))
* **misconf:** .Config.User always takes precedence over USER in .History ([#9050](https://github.com/aquasecurity/trivy/issues/9050)) ([371b8cc](https://github.com/aquasecurity/trivy/commit/371b8cc02f2ffa3f42534a437ce8727519e7b9b9))
* **misconf:** correct Azure value-to-time conversion in AsTimeValue ([#9015](https://github.com/aquasecurity/trivy/issues/9015)) ([40d017b](https://github.com/aquasecurity/trivy/commit/40d017b67da38131734eab90c42ad945ac3b5013))
* **misconf:** move disabled checks filtering after analyzer scan ([#9002](https://github.com/aquasecurity/trivy/issues/9002)) ([a58c36d](https://github.com/aquasecurity/trivy/commit/a58c36de124cba7250e1a5ae0cc32d83018391fe))
* **misconf:** reduce log noise on incompatible check ([#9029](https://github.com/aquasecurity/trivy/issues/9029)) ([99c5151](https://github.com/aquasecurity/trivy/commit/99c5151d6ea1dabe85cce75ff9bb91166532b11f))
* **nodejs:** correctly parse `packages` array of `bun.lock` file ([#8998](https://github.com/aquasecurity/trivy/issues/8998)) ([875ec3a](https://github.com/aquasecurity/trivy/commit/875ec3a9d2568e15a6824c8f84ad6a59f03eb212))
* **report:** don't panic when report contains vulns, but doesn't contain packages for `table` format ([#8549](https://github.com/aquasecurity/trivy/issues/8549)) ([87fda76](https://github.com/aquasecurity/trivy/commit/87fda76f38a3a6939a87828c3df0c5ac2cf7fce3))
* **sbom:** remove unnecessary OS detection check in SBOM decoding ([#9034](https://github.com/aquasecurity/trivy/issues/9034)) ([198789a](https://github.com/aquasecurity/trivy/commit/198789a07b857b053c73f8fcd1f508902fac344d))
## [0.63.0](https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.63.0) (2025-05-29)
### Features
* add Bottlerocket OS package analyzer ([#8653](https://github.com/aquasecurity/trivy/issues/8653)) ([07ef63b](https://github.com/aquasecurity/trivy/commit/07ef63b4830f9f3d791a07433287a99118d7590a))
* add JSONC support for comments and trailing commas ([#8862](https://github.com/aquasecurity/trivy/issues/8862)) ([0b0e406](https://github.com/aquasecurity/trivy/commit/0b0e4061ef955efc0f94280d2d390f11ff6e2409))
* **alpine:** add maintainer field extraction for APK packages ([#8930](https://github.com/aquasecurity/trivy/issues/8930)) ([104bbc1](https://github.com/aquasecurity/trivy/commit/104bbc18ea85caec17125296dc4fe2dea9c49826))
* **cli:** Add available version checking ([#8553](https://github.com/aquasecurity/trivy/issues/8553)) ([5a0bf9e](https://github.com/aquasecurity/trivy/commit/5a0bf9ed31ad34248895e69231da602935e66785))
* **echo:** Add Echo Support ([#8833](https://github.com/aquasecurity/trivy/issues/8833)) ([c7b8cc3](https://github.com/aquasecurity/trivy/commit/c7b8cc392eb28eb63e10561cf1ff7991e5e3c548))
* **go:** support license scanning in both GOPATH and vendor ([#8843](https://github.com/aquasecurity/trivy/issues/8843)) ([26437be](https://github.com/aquasecurity/trivy/commit/26437be083960d17bee8b1b37b8a6780eff07981))
* **k8s:** get components from namespaced resources ([#8918](https://github.com/aquasecurity/trivy/issues/8918)) ([4f1ab23](https://github.com/aquasecurity/trivy/commit/4f1ab238693919772a65450de9fb9fb2f873c0d6))
* **license:** improve work text licenses with custom classification ([#8888](https://github.com/aquasecurity/trivy/issues/8888)) ([ee52230](https://github.com/aquasecurity/trivy/commit/ee522300b73a2afc72829fc2fa7ff419712fc89a))
* **license:** improve work with custom classification of licenses from config file ([#8861](https://github.com/aquasecurity/trivy/issues/8861)) ([c321fdf](https://github.com/aquasecurity/trivy/commit/c321fdfcdd58f34d076fc730e2b63fdd13e426a9))
* **license:** scan vendor directory for license for go.mod files ([#8689](https://github.com/aquasecurity/trivy/issues/8689)) ([dd6a6e5](https://github.com/aquasecurity/trivy/commit/dd6a6e50a44b7b543fd9dba634da599a76650acb))
* **license:** Support compound licenses (licenses using SPDX operators) ([#8816](https://github.com/aquasecurity/trivy/issues/8816)) ([39f9ed1](https://github.com/aquasecurity/trivy/commit/39f9ed128b2c0fb599ad9092a3cf5675106bffdc))
* **minimos:** Add support for MinimOS ([#8792](https://github.com/aquasecurity/trivy/issues/8792)) ([c2dde33](https://github.com/aquasecurity/trivy/commit/c2dde33c3f19d499258a7089d7658a9f90722acf))
* **misconf:** add misconfiguration location to junit template ([#8793](https://github.com/aquasecurity/trivy/issues/8793)) ([a516775](https://github.com/aquasecurity/trivy/commit/a516775da6fda92a55a62418a081561127a1d5ca))
* **misconf:** Add support for `Minimum Trivy Version` ([#8880](https://github.com/aquasecurity/trivy/issues/8880)) ([3b2a397](https://github.com/aquasecurity/trivy/commit/3b2a3976ac7e7785828655903b132e84ebd9d727))
* **misconf:** export raw Terraform data to Rego ([#8741](https://github.com/aquasecurity/trivy/issues/8741)) ([aaecc29](https://github.com/aquasecurity/trivy/commit/aaecc29e909db4d5dac03caa0daf223035bfb877))
* **nodejs:** add a bun.lock analyzer ([#8897](https://github.com/aquasecurity/trivy/issues/8897)) ([7ca656d](https://github.com/aquasecurity/trivy/commit/7ca656d54b99346253fc6ac6422eecaca169514e))
* **nodejs:** add bun.lock parser ([#8851](https://github.com/aquasecurity/trivy/issues/8851)) ([1dcf816](https://github.com/aquasecurity/trivy/commit/1dcf81666f1c814600702b9ab603b4070da0b940))
* terraform parser option to set current working directory ([#8909](https://github.com/aquasecurity/trivy/issues/8909)) ([8939451](https://github.com/aquasecurity/trivy/commit/893945117464bf6e090a55e3822f8299825f26d4))
### Bug Fixes
* check post-analyzers for StaticPaths ([#8904](https://github.com/aquasecurity/trivy/issues/8904)) ([93e6680](https://github.com/aquasecurity/trivy/commit/93e6680b1c6bbb590157f521c667c0f611775143))
* **cli:** disable `--skip-dir` and `--skip-files` flags for `sbom` command ([#8886](https://github.com/aquasecurity/trivy/issues/8886)) ([69a5fa1](https://github.com/aquasecurity/trivy/commit/69a5fa18ca86ff7e5206abacf98732d46c000c7a))
* **cli:** don't use allow values for `--compliance` flag ([#8881](https://github.com/aquasecurity/trivy/issues/8881)) ([35e8889](https://github.com/aquasecurity/trivy/commit/35e88890c3c201b3eb11f95376172e57bf44df4b))
* filter all files when processing files installed from package managers ([#8842](https://github.com/aquasecurity/trivy/issues/8842)) ([6ebde88](https://github.com/aquasecurity/trivy/commit/6ebde88dbcaf22f25932bad4844b3c9eaca90560))
* **java:** exclude dev dependencies in gradle lockfile ([#8803](https://github.com/aquasecurity/trivy/issues/8803)) ([8995838](https://github.com/aquasecurity/trivy/commit/8995838e8d184ee9178d5b52d2d3fa9b4e403015))
* julia parser panicing ([#8883](https://github.com/aquasecurity/trivy/issues/8883)) ([be8c7b7](https://github.com/aquasecurity/trivy/commit/be8c7b796dbe36d8dc3889e0bdea23336de9a1ab))
* **julia:** add `Relationship` field support ([#8939](https://github.com/aquasecurity/trivy/issues/8939)) ([22f040f](https://github.com/aquasecurity/trivy/commit/22f040f94790060132c7b0a635f44c35d5a35fb6))
* **k8s:** use in-memory cache backend during misconfig scanning ([#8873](https://github.com/aquasecurity/trivy/issues/8873)) ([fe12771](https://github.com/aquasecurity/trivy/commit/fe127715e505d753e0d878d52c5f280cdc326b76))
* **misconf:** check if for-each is known when expanding dyn block ([#8808](https://github.com/aquasecurity/trivy/issues/8808)) ([5706603](https://github.com/aquasecurity/trivy/commit/570660314698472ab831a7e0d55044e0b1e9c6c0))
* **misconf:** use argument value in WithIncludeDeprecatedChecks ([#8942](https://github.com/aquasecurity/trivy/issues/8942)) ([7e9a54c](https://github.com/aquasecurity/trivy/commit/7e9a54cd6bf4bc15e485c6233d140b389e432fe5))
* more revive rules ([#8814](https://github.com/aquasecurity/trivy/issues/8814)) ([3ab459e](https://github.com/aquasecurity/trivy/commit/3ab459e3b674f319bf349d478917a531a69754c0))
* octalLiteral from go-critic ([#8811](https://github.com/aquasecurity/trivy/issues/8811)) ([a19e0aa](https://github.com/aquasecurity/trivy/commit/a19e0aa1ba0350198c898fd57c9405fbf38fa432))
* **redhat:** Also try to find buildinfo in root layer (layer 0) ([#8924](https://github.com/aquasecurity/trivy/issues/8924)) ([906b037](https://github.com/aquasecurity/trivy/commit/906b037cff97060267d20f8947f429e078419d66))
* **redhat:** save contentSets for OS packages in fs/vm modes ([#8820](https://github.com/aquasecurity/trivy/issues/8820)) ([9256804](https://github.com/aquasecurity/trivy/commit/9256804df8577d8a746fb8b97c508c247ab82f8f))
* **redhat:** trim invalid suffix from content_sets in manifest parsing ([#8818](https://github.com/aquasecurity/trivy/issues/8818)) ([fa1077b](https://github.com/aquasecurity/trivy/commit/fa1077bbf5863a519f6f180a600afe5e2d6180d8))
* **server:** add missed Relationship field for `rpc` ([#8872](https://github.com/aquasecurity/trivy/issues/8872)) ([38f17c9](https://github.com/aquasecurity/trivy/commit/38f17c945e3ef7784607037c0457fb1e06a99959))
* use-any from revive ([#8810](https://github.com/aquasecurity/trivy/issues/8810)) ([883c63b](https://github.com/aquasecurity/trivy/commit/883c63bf29568f0feab37e5d36ae1c417eef88f5))
* **vex:** use `lo.IsNil` to check `VEX` from OCI artifact ([#8858](https://github.com/aquasecurity/trivy/issues/8858)) ([e97af98](https://github.com/aquasecurity/trivy/commit/e97af9806ab13e1ec8b792e0586b486c4982c170))
* **wolfi:** support new APK database location ([#8937](https://github.com/aquasecurity/trivy/issues/8937)) ([b15d9a6](https://github.com/aquasecurity/trivy/commit/b15d9a60e6a3ed40811d5ca6387082266ae92ea7))
### Performance Improvements
* **secret:** only match secrets of meaningful length, allow example strings to not be matched ([#8602](https://github.com/aquasecurity/trivy/issues/8602)) ([60fef1b](https://github.com/aquasecurity/trivy/commit/60fef1b615a765248c5870b814ba0c4345220c0e))
## [0.62.0](https://github.com/aquasecurity/trivy/compare/v0.61.0...v0.62.0) (2025-04-30)
### Features
* **image:** save layers metadata into report ([#8394](https://github.com/aquasecurity/trivy/issues/8394)) ([a95cab0](https://github.com/aquasecurity/trivy/commit/a95cab0eab0fcaab57eb554e74e17da71bc4809f))
* **misconf:** add option to pass Rego scanner to IaC scanner ([#8369](https://github.com/aquasecurity/trivy/issues/8369)) ([890a360](https://github.com/aquasecurity/trivy/commit/890a3602444ad2e5320044c9b8cc79ca883d17ec))
* **misconf:** convert AWS managed policy to document ([#8757](https://github.com/aquasecurity/trivy/issues/8757)) ([7abf5f0](https://github.com/aquasecurity/trivy/commit/7abf5f0199ec65c40056d4f9addc3d27e373725a))
* **misconf:** support auto_provisioning_defaults in google_container_cluster ([#8705](https://github.com/aquasecurity/trivy/issues/8705)) ([9792611](https://github.com/aquasecurity/trivy/commit/9792611b36271efbf79f635deebae7e51f497b70))
* **nodejs:** add root and workspace for `yarn` packages ([#8535](https://github.com/aquasecurity/trivy/issues/8535)) ([bf4cd4f](https://github.com/aquasecurity/trivy/commit/bf4cd4f2d2dda0bb3a7018606db9a6c1e56e4f38))
* **rust:** add root and workspace relationships/package for `cargo` lock files ([#8676](https://github.com/aquasecurity/trivy/issues/8676)) ([93efe07](https://github.com/aquasecurity/trivy/commit/93efe0789ed9d9a71e04e93d87be63032ad9cae7))
### Bug Fixes
* early-return, indent-error-flow and superfluous-else rules from revive ([#8796](https://github.com/aquasecurity/trivy/issues/8796)) ([43350dd](https://github.com/aquasecurity/trivy/commit/43350dd9b487b39d7d19bd0875274c90262dbed9))
* **k8s:** correct compare artifact versions ([#8682](https://github.com/aquasecurity/trivy/issues/8682)) ([cc47711](https://github.com/aquasecurity/trivy/commit/cc4771158b72b88258057fa379deba9f39190994))
* **k8s:** remove using `last-applied-configuration` ([#8791](https://github.com/aquasecurity/trivy/issues/8791)) ([7a58ccb](https://github.com/aquasecurity/trivy/commit/7a58ccbc7fffdfb1e5ccff9fd4cb6ca08c03a9ea))
* **k8s:** skip passed misconfigs for the summary report ([#8684](https://github.com/aquasecurity/trivy/issues/8684)) ([bff0e9b](https://github.com/aquasecurity/trivy/commit/bff0e9b034f39d0d1ca02457558b1f89847009ac))
* **misconf:** add missing variable as unknown ([#8683](https://github.com/aquasecurity/trivy/issues/8683)) ([9dcd06f](https://github.com/aquasecurity/trivy/commit/9dcd06fda717347eab1ac8ef0710687a3bfd8588))
* **misconf:** check if metadata is not nil ([#8647](https://github.com/aquasecurity/trivy/issues/8647)) ([b7dfd64](https://github.com/aquasecurity/trivy/commit/b7dfd64987b94b4bdd8b7c5a68ba2b8f1a0a9198))
* **misconf:** filter null nodes when parsing json manifest ([#8785](https://github.com/aquasecurity/trivy/issues/8785)) ([e10929a](https://github.com/aquasecurity/trivy/commit/e10929a669f43861bae80652bdfc9f39fad7225f))
* **misconf:** perform operations on attribute safely ([#8774](https://github.com/aquasecurity/trivy/issues/8774)) ([3ce7d59](https://github.com/aquasecurity/trivy/commit/3ce7d59bb16553ab487762a5a660a046bcd63334))
* **misconf:** populate context correctly for module instances ([#8656](https://github.com/aquasecurity/trivy/issues/8656)) ([efd177b](https://github.com/aquasecurity/trivy/commit/efd177b300950d82e381992e1dea39308cc39bc3))
* **report:** clean buffer after flushing ([#8725](https://github.com/aquasecurity/trivy/issues/8725)) ([9a5383e](https://github.com/aquasecurity/trivy/commit/9a5383e993222d919d63f8d9934729cf4e291c06))
* **secret:** ignore .dist-info directories during secret scanning ([#8646](https://github.com/aquasecurity/trivy/issues/8646)) ([a032ad6](https://github.com/aquasecurity/trivy/commit/a032ad696aa58850b9576d889128559149282ad3))
* **server:** fix redis key when trying to delete blob ([#8649](https://github.com/aquasecurity/trivy/issues/8649)) ([36f8d0f](https://github.com/aquasecurity/trivy/commit/36f8d0fd6705bb0da5b43507128c772b153dafec))
* **terraform:** `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks ([#8555](https://github.com/aquasecurity/trivy/issues/8555)) ([e25de25](https://github.com/aquasecurity/trivy/commit/e25de25262fd1cd559879dee07bb2db2747eedd4))
* **terraform:** hcl object expressions to return references ([#8271](https://github.com/aquasecurity/trivy/issues/8271)) ([0d3efa5](https://github.com/aquasecurity/trivy/commit/0d3efa5dc150dba437d975a2f8335de8786f94d6))
* testifylint last issues ([#8768](https://github.com/aquasecurity/trivy/issues/8768)) ([ee4f7dc](https://github.com/aquasecurity/trivy/commit/ee4f7dc6b4be437666e91383406bba8443eec199))
* unused-parameter rule from revive ([#8794](https://github.com/aquasecurity/trivy/issues/8794)) ([6562082](https://github.com/aquasecurity/trivy/commit/6562082e280a9df6199892927f2e3f7dc8f0c8ce))
## [0.61.0](https://github.com/aquasecurity/trivy/compare/v0.60.0...v0.61.0) (2025-03-28)
### Features
* **fs:** optimize scanning performance by direct file access for known paths ([#8525](https://github.com/aquasecurity/trivy/issues/8525)) ([8bf6caf](https://github.com/aquasecurity/trivy/commit/8bf6caf98e2b1eff7bd16987f6791122d827747c))
* **k8s:** add support for controllers ([#8614](https://github.com/aquasecurity/trivy/issues/8614)) ([1bf0117](https://github.com/aquasecurity/trivy/commit/1bf0117f776953bbfe67cf32e4231360010fdf33))
* **misconf:** adapt aws_default_security_group ([#8538](https://github.com/aquasecurity/trivy/issues/8538)) ([b57eccb](https://github.com/aquasecurity/trivy/commit/b57eccb09c33df4ad0423fb148ddeaa292028401))
* **misconf:** adapt aws_opensearch_domain ([#8550](https://github.com/aquasecurity/trivy/issues/8550)) ([9913465](https://github.com/aquasecurity/trivy/commit/9913465a535c29b377bd2f2563163ccf7cbcd6a4))
* **misconf:** adapt AWS::DynamoDB::Table ([#8529](https://github.com/aquasecurity/trivy/issues/8529)) ([8112cdf](https://github.com/aquasecurity/trivy/commit/8112cdf8d638fa2bf57e5687e32f54b704c7e6b7))
* **misconf:** adapt AWS::EC2::VPC ([#8534](https://github.com/aquasecurity/trivy/issues/8534)) ([0d9865f](https://github.com/aquasecurity/trivy/commit/0d9865f48f46e85595af40140faa5ff6f02b9a02))
* **misconf:** Add support for aws_ami ([#8499](https://github.com/aquasecurity/trivy/issues/8499)) ([573502e](https://github.com/aquasecurity/trivy/commit/573502e2e83ff18020d5e7dcad498468a548733e))
* replace TinyGo with standard Go for WebAssembly modules ([#8496](https://github.com/aquasecurity/trivy/issues/8496)) ([529957e](https://github.com/aquasecurity/trivy/commit/529957eac1fc790c57fa3d93524a901ce842a9f5))
### Bug Fixes
* **debian:** don't include empty licenses for `dpkgs` ([#8623](https://github.com/aquasecurity/trivy/issues/8623)) ([346f5b3](https://github.com/aquasecurity/trivy/commit/346f5b3553b9247f99f89d859d4f835e955d34e9))
* **fs:** check postAnalyzers for StaticPaths ([#8543](https://github.com/aquasecurity/trivy/issues/8543)) ([c228307](https://github.com/aquasecurity/trivy/commit/c22830766e8cf1532f20198864757161eed6fda4))
* **k8s:** show report for `--report all` ([#8613](https://github.com/aquasecurity/trivy/issues/8613)) ([dbb6f28](https://github.com/aquasecurity/trivy/commit/dbb6f288712240ef5dec59952e33b73e3a6d5b06))
* **misconf:** add ephemeral block type to config schema ([#8513](https://github.com/aquasecurity/trivy/issues/8513)) ([41512f8](https://github.com/aquasecurity/trivy/commit/41512f846e75bae73984138ad7b3d03284a53f19))
* **misconf:** Check values wholly prior to evalution ([#8604](https://github.com/aquasecurity/trivy/issues/8604)) ([ad58cf4](https://github.com/aquasecurity/trivy/commit/ad58cf4457ebef80ff0bc4c113d4ab4c86a9fe56))
* **misconf:** do not skip loading documents from subdirectories ([#8526](https://github.com/aquasecurity/trivy/issues/8526)) ([de7eb13](https://github.com/aquasecurity/trivy/commit/de7eb13938f2709983a27ab3f59dbfac3fb74651))
* **misconf:** do not use cty.NilVal for non-nil values ([#8567](https://github.com/aquasecurity/trivy/issues/8567)) ([400a79c](https://github.com/aquasecurity/trivy/commit/400a79c2c693e462ad2e1cfc21305ef13d2ec224))
* **misconf:** identify the chart file exactly by name ([#8590](https://github.com/aquasecurity/trivy/issues/8590)) ([ba77dbe](https://github.com/aquasecurity/trivy/commit/ba77dbe5f952d67bbbbc0f43543d5f34135bc280))
* **misconf:** Improve logging for unsupported checks ([#8634](https://github.com/aquasecurity/trivy/issues/8634)) ([5b7704d](https://github.com/aquasecurity/trivy/commit/5b7704d1d091a12822df060ee7a679135185f2ae))
* **misconf:** set default values for AWS::EKS::Cluster.ResourcesVpcConfig ([#8548](https://github.com/aquasecurity/trivy/issues/8548)) ([1f05b45](https://github.com/aquasecurity/trivy/commit/1f05b4545d8f1de3ee703de66a7b3df2baaa07a7))
* **misconf:** skip Azure CreateUiDefinition ([#8503](https://github.com/aquasecurity/trivy/issues/8503)) ([c7814f1](https://github.com/aquasecurity/trivy/commit/c7814f1401b0cc66a557292fe07da24d0ea7b5cc))
* **spdx:** save text licenses into `otherLicenses` without normalize ([#8502](https://github.com/aquasecurity/trivy/issues/8502)) ([e5072f1](https://github.com/aquasecurity/trivy/commit/e5072f1eef8f3a78f4db48b4ac3f7c48aeec5e92))
* use `--file-patterns` flag for all post analyzers ([#7365](https://github.com/aquasecurity/trivy/issues/7365)) ([8b88238](https://github.com/aquasecurity/trivy/commit/8b88238f07e389cc32e2478f84aceaf860e421ef))
### Performance Improvements
* **misconf:** parse input for Rego once ([#8483](https://github.com/aquasecurity/trivy/issues/8483)) ([0e5e909](https://github.com/aquasecurity/trivy/commit/0e5e9097650f60bc54f47a21ecc937a66e66e225))
* **misconf:** retrieve check metadata from annotations once ([#8478](https://github.com/aquasecurity/trivy/issues/8478)) ([7b96351](https://github.com/aquasecurity/trivy/commit/7b96351c32d264d136978fe8fd9e113ada69bb2b))
## [0.60.0](https://github.com/aquasecurity/trivy/compare/v0.59.0...v0.60.0) (2025-03-05)
### Features
* add `--vuln-severity-source` flag ([#8269](https://github.com/aquasecurity/trivy/issues/8269)) ([d464807](https://github.com/aquasecurity/trivy/commit/d4648073211e8451d66e4c0399e9441250b60a76))
* add report summary table ([#8177](https://github.com/aquasecurity/trivy/issues/8177)) ([dd54f80](https://github.com/aquasecurity/trivy/commit/dd54f80d3fda7821dba13553480e9893ba8b4cb3))
* **cyclonedx:** Add initial support for loading external VEX files from SBOM references ([#8254](https://github.com/aquasecurity/trivy/issues/8254)) ([4820eb7](https://github.com/aquasecurity/trivy/commit/4820eb70fc926a35d759c373112dbbdca890fd46))
* **go:** fix parsing main module version for go &gt;= 1.24 ([#8433](https://github.com/aquasecurity/trivy/issues/8433)) ([e58dcfc](https://github.com/aquasecurity/trivy/commit/e58dcfcf9f102c12825d5343ebbcc12a2d6c05c5))
* **misconf:** render causes for Terraform ([#8360](https://github.com/aquasecurity/trivy/issues/8360)) ([a99498c](https://github.com/aquasecurity/trivy/commit/a99498cdd9b7bdac000140af6654bfe30135242d))
### Bug Fixes
* **db:** fix case when 2 trivy-db were copied at the same time ([#8452](https://github.com/aquasecurity/trivy/issues/8452)) ([bb3cca6](https://github.com/aquasecurity/trivy/commit/bb3cca6018551e96fdd357563dc177215ca29bd4))
* don't use `scope` for `trivy registry login` command ([#8393](https://github.com/aquasecurity/trivy/issues/8393)) ([8715e5d](https://github.com/aquasecurity/trivy/commit/8715e5d14a727667c2e62d6f7a4b5308a0323386))
* **go:** merge nested flags into string for ldflags for Go binaries ([#8368](https://github.com/aquasecurity/trivy/issues/8368)) ([b675b06](https://github.com/aquasecurity/trivy/commit/b675b06e897aaf374e7b1262d4323060a8a62edb))
* **image:** disable AVD-DS-0007 for history scanning ([#8366](https://github.com/aquasecurity/trivy/issues/8366)) ([a3cd693](https://github.com/aquasecurity/trivy/commit/a3cd693a5ea88def2f9057df6178b0c0e7a6bdb0))
* **k8s:** add missed option `PkgRelationships` ([#8442](https://github.com/aquasecurity/trivy/issues/8442)) ([f987e41](https://github.com/aquasecurity/trivy/commit/f987e4157494434f6e4e4566fedfedda92167565))
* **misconf:** do not log scanners when misconfig scanning is disabled ([#8345](https://github.com/aquasecurity/trivy/issues/8345)) ([5695eb2](https://github.com/aquasecurity/trivy/commit/5695eb22dfed672eafacb64a71da8e9bdfbaab87))
* **misconf:** ecs include enhanced for container insights ([#8326](https://github.com/aquasecurity/trivy/issues/8326)) ([39789ff](https://github.com/aquasecurity/trivy/commit/39789fff438d11bc6eccd254b3b890beb68c240b))
* **misconf:** fix incorrect k8s locations due to JSON to YAML conversion ([#8073](https://github.com/aquasecurity/trivy/issues/8073)) ([a994453](https://github.com/aquasecurity/trivy/commit/a994453a7d0f543fe30c4dc8adbc92ad0c21bcbc))
* **os:** add mapping OS aliases ([#8466](https://github.com/aquasecurity/trivy/issues/8466)) ([6b4cebe](https://github.com/aquasecurity/trivy/commit/6b4cebe9592f3a06bd91aa58ba6d65869afebbee))
* **python:** add `poetry` v2 support ([#8323](https://github.com/aquasecurity/trivy/issues/8323)) ([10cd98c](https://github.com/aquasecurity/trivy/commit/10cd98cf55263749cb2583063a2e9e9953c7371a))
* **report:** remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports ([#8344](https://github.com/aquasecurity/trivy/issues/8344)) ([3eb0b03](https://github.com/aquasecurity/trivy/commit/3eb0b03f7c9ee462daccfacb291b2c463d848ff5))
* **sbom:** add SBOM file's filePath as Application FilePath if we can't detect its path ([#8346](https://github.com/aquasecurity/trivy/issues/8346)) ([ecc01bb](https://github.com/aquasecurity/trivy/commit/ecc01bb3fb876fd0cc503cb38efa23e4fb9484b4))
* **sbom:** improve logic for binding direct dependency to parent component ([#8489](https://github.com/aquasecurity/trivy/issues/8489)) ([85cca8c](https://github.com/aquasecurity/trivy/commit/85cca8c07affee4ded5c232efb45b05dacf22242))
* **sbom:** preserve OS packages from multiple SBOMs ([#8325](https://github.com/aquasecurity/trivy/issues/8325)) ([bd5baaf](https://github.com/aquasecurity/trivy/commit/bd5baaf93054d71223e0721c7547a0567dea3b02))
* **server:** secrets inspectation for the config analyzer in client server mode ([#8418](https://github.com/aquasecurity/trivy/issues/8418)) ([a1c4bd7](https://github.com/aquasecurity/trivy/commit/a1c4bd746f5f901e2a8f09f48f58b973b9103165))
* **spdx:** init `pkgFilePaths` map for all formats ([#8380](https://github.com/aquasecurity/trivy/issues/8380)) ([72ea4b0](https://github.com/aquasecurity/trivy/commit/72ea4b0632308bd6150aaf2f1549a3f10b60dc23))
* **terraform:** apply parser options to submodule parsing ([#8377](https://github.com/aquasecurity/trivy/issues/8377)) ([398620b](https://github.com/aquasecurity/trivy/commit/398620b471c25e467018bc23df53a3a1c2aa661c))
* update all documentation links ([#8045](https://github.com/aquasecurity/trivy/issues/8045)) ([49456ba](https://github.com/aquasecurity/trivy/commit/49456ba8410e0e4cc1756906ccea1fdd60006d2d))
## [0.59.0](https://github.com/aquasecurity/trivy/compare/v0.58.0...v0.59.0) (2025-01-30)
### Features
* add `--distro` flag to manually specify OS distribution for vulnerability scanning ([#8070](https://github.com/aquasecurity/trivy/issues/8070)) ([da17dc7](https://github.com/aquasecurity/trivy/commit/da17dc72782cd68b5d2c4314a67936343462b75e))
* add a examples field to check metadata ([#8068](https://github.com/aquasecurity/trivy/issues/8068)) ([6d84e0c](https://github.com/aquasecurity/trivy/commit/6d84e0cc0d48ae5c490cad868bb4e5e76392241c))
* add support for registry mirrors ([#8244](https://github.com/aquasecurity/trivy/issues/8244)) ([4316bcb](https://github.com/aquasecurity/trivy/commit/4316bcbc5b9038eed21214a826981c49696bb27f))
* **fs:** use git commit hash as cache key for clean repositories ([#8278](https://github.com/aquasecurity/trivy/issues/8278)) ([b5062f3](https://github.com/aquasecurity/trivy/commit/b5062f3ae20044d1452bf293f210a24cd1d419b3))
* **image:** prevent scanning oversized container images ([#8178](https://github.com/aquasecurity/trivy/issues/8178)) ([509e030](https://github.com/aquasecurity/trivy/commit/509e03030c36d17f9427ab50a4e99fb1846ba65a))
* **image:** return error early if total size of layers exceeds limit ([#8294](https://github.com/aquasecurity/trivy/issues/8294)) ([73bd20d](https://github.com/aquasecurity/trivy/commit/73bd20d6199a777d1ed7eb560e0184d8f1b4b550))
* **k8s:** improve artifact selections for specific namespaces ([#8248](https://github.com/aquasecurity/trivy/issues/8248)) ([db9e57a](https://github.com/aquasecurity/trivy/commit/db9e57a34e460ac6934ee21dffaa2322db9fd56b))
* **misconf:** generate placeholders for random provider resources ([#8051](https://github.com/aquasecurity/trivy/issues/8051)) ([ffe24e1](https://github.com/aquasecurity/trivy/commit/ffe24e18dc3dca816ec9ce5ccf66d5d7b5ea70d6))
* **misconf:** support for ignoring by inline comments for Dockerfile ([#8115](https://github.com/aquasecurity/trivy/issues/8115)) ([c002327](https://github.com/aquasecurity/trivy/commit/c00232720a89df659c6cd0b56d99304d5ffea1a7))
* **misconf:** support for ignoring by inline comments for Helm ([#8138](https://github.com/aquasecurity/trivy/issues/8138)) ([a0429f7](https://github.com/aquasecurity/trivy/commit/a0429f773b4f696fc613d91f1600cd0da38fb2c8))
* **nodejs:** respect peer dependencies for dependency tree ([#7989](https://github.com/aquasecurity/trivy/issues/7989)) ([7389961](https://github.com/aquasecurity/trivy/commit/73899610e8eece670d2e5ddc1478fcc0a2a5760d))
* **python:** add support for poetry dev dependencies ([#8152](https://github.com/aquasecurity/trivy/issues/8152)) ([774e04d](https://github.com/aquasecurity/trivy/commit/774e04d19dc2067725ac2e18ca871872f74082ab))
* **python:** add support for uv ([#8080](https://github.com/aquasecurity/trivy/issues/8080)) ([c4a4a5f](https://github.com/aquasecurity/trivy/commit/c4a4a5fa971d73ae924afcf2259631f15e96e520))
* **python:** add support for uv dev and optional dependencies ([#8134](https://github.com/aquasecurity/trivy/issues/8134)) ([49c54b4](https://github.com/aquasecurity/trivy/commit/49c54b49c6563590dd82007d52e425a7a4e07ac0))
### Bug Fixes
* CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass ([#8088](https://github.com/aquasecurity/trivy/issues/8088)) ([d7ac286](https://github.com/aquasecurity/trivy/commit/d7ac286085077c969734225a789e6cc056d5c5f5))
* CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field ([#8207](https://github.com/aquasecurity/trivy/issues/8207)) ([670fbf2](https://github.com/aquasecurity/trivy/commit/670fbf2d81ea20ea691a86e4ed25a7454baf08e5))
* de-duplicate same `dpkg` packages with different filePaths from different layers ([#8298](https://github.com/aquasecurity/trivy/issues/8298)) ([846498d](https://github.com/aquasecurity/trivy/commit/846498dd23a80531881f803147077eee19004a50))
* enable err-error and errorf rules from perfsprint linter ([#7859](https://github.com/aquasecurity/trivy/issues/7859)) ([156a2aa](https://github.com/aquasecurity/trivy/commit/156a2aa4c49386828c0446f8978473c8da7a8754))
* **flag:** skip hidden flags for `--generate-default-config` command ([#8046](https://github.com/aquasecurity/trivy/issues/8046)) ([5e68bdc](https://github.com/aquasecurity/trivy/commit/5e68bdc9d08f96d22451d7b5dd93e79ca576eeb7))
* **fs:** fix cache key generation to use UUID ([#8275](https://github.com/aquasecurity/trivy/issues/8275)) ([eafd810](https://github.com/aquasecurity/trivy/commit/eafd810d7cb366215efbd0ab3b72c4651d31c6a6))
* handle `BLOW_UNKNOWN` error to download DBs ([#8060](https://github.com/aquasecurity/trivy/issues/8060)) ([51f2123](https://github.com/aquasecurity/trivy/commit/51f2123c5ccc4f7a37d1068830b6670b4ccf9ac8))
* improve conversion of image config to Dockerfile ([#8308](https://github.com/aquasecurity/trivy/issues/8308)) ([2e8e38a](https://github.com/aquasecurity/trivy/commit/2e8e38a8c094f3392893693ab15a605ab0d378f9))
* **java:** correctly overwrite version from depManagement if dependency uses `project.*` props ([#8050](https://github.com/aquasecurity/trivy/issues/8050)) ([9d9f80d](https://github.com/aquasecurity/trivy/commit/9d9f80d9791f38a0b4c727152166ae4d237a83a9))
* **license:** always trim leading and trailing spaces for licenses ([#8095](https://github.com/aquasecurity/trivy/issues/8095)) ([f5e4291](https://github.com/aquasecurity/trivy/commit/f5e429179df1637de96962ab9c19e4336056bb5d))
* **misconf:** allow null values only for tf variables ([#8112](https://github.com/aquasecurity/trivy/issues/8112)) ([23dc3a6](https://github.com/aquasecurity/trivy/commit/23dc3a67535b7458728b2939514a96bd3de3aa81))
* **misconf:** correctly handle all YAML tags in K8S templates ([#8259](https://github.com/aquasecurity/trivy/issues/8259)) ([f12054e](https://github.com/aquasecurity/trivy/commit/f12054e669f9df93c6322ba2755036dbccacaa83))
* **misconf:** disable git terminal prompt on tf module load ([#8026](https://github.com/aquasecurity/trivy/issues/8026)) ([bbc5a85](https://github.com/aquasecurity/trivy/commit/bbc5a85444ec86b7bb26d6db27803d199431a8e6))
* **misconf:** handle heredocs in dockerfile instructions ([#8284](https://github.com/aquasecurity/trivy/issues/8284)) ([0a3887c](https://github.com/aquasecurity/trivy/commit/0a3887ca0350d7dabf5db7e08aaf8152201fdf0d))
* **misconf:** use log instead of fmt for logging ([#8033](https://github.com/aquasecurity/trivy/issues/8033)) ([07b2d7f](https://github.com/aquasecurity/trivy/commit/07b2d7fbd7f8ef5473c2438c560fffc8bdadf913))
* **oracle:** add architectures support for advisories ([#4809](https://github.com/aquasecurity/trivy/issues/4809)) ([90f1d8d](https://github.com/aquasecurity/trivy/commit/90f1d8d78aa20b47fafab2c8ecb07247f075ef45))
* **python:** skip dev group's deps for poetry ([#8106](https://github.com/aquasecurity/trivy/issues/8106)) ([a034d26](https://github.com/aquasecurity/trivy/commit/a034d26443704601c1fe330a5cc1f019f6974524))
* **redhat:** check `usr/share/buildinfo/` dir to detect content sets ([#8222](https://github.com/aquasecurity/trivy/issues/8222)) ([f352f6b](https://github.com/aquasecurity/trivy/commit/f352f6b66355fe3636c9e4e9f3edd089c551a81c))
* **redhat:** correct rewriting of recommendations for the same vulnerability ([#8063](https://github.com/aquasecurity/trivy/issues/8063)) ([4202c4b](https://github.com/aquasecurity/trivy/commit/4202c4ba0d8fcff4b89499fe03050ef4efd37330))
* respect GITHUB_TOKEN to download artifacts from GHCR ([#7580](https://github.com/aquasecurity/trivy/issues/7580)) ([21b68e1](https://github.com/aquasecurity/trivy/commit/21b68e18188f91935ac1055a78ee97a7f35a110d))
* **sbom:** attach nested packages to Application ([#8144](https://github.com/aquasecurity/trivy/issues/8144)) ([735335f](https://github.com/aquasecurity/trivy/commit/735335f08f84936f3928cbbc3eb71af3a3a4918d))
* **sbom:** fix wrong overwriting of applications obtained from different sbom files but having same app type ([#8052](https://github.com/aquasecurity/trivy/issues/8052)) ([fd07074](https://github.com/aquasecurity/trivy/commit/fd07074e8033530eee2732193b00e59f27c73096))
* **sbom:** scan results of SBOMs generated from container images are missing layers ([#7635](https://github.com/aquasecurity/trivy/issues/7635)) ([f9fceb5](https://github.com/aquasecurity/trivy/commit/f9fceb58bf64657dee92302df1ed97e597e474c9))
* **sbom:** use root package for `unknown` dependencies (if exists) ([#8104](https://github.com/aquasecurity/trivy/issues/8104)) ([7558df7](https://github.com/aquasecurity/trivy/commit/7558df7c227c769235e5441fbdd3f9f7efb1ff84))
* **spdx:** use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX ([#8077](https://github.com/aquasecurity/trivy/issues/8077)) ([aec8885](https://github.com/aquasecurity/trivy/commit/aec8885bc7f7e3c5a2a68214dca9aff28accd122))
* **suse:** SUSE - update OSType constants and references for compatility ([#8236](https://github.com/aquasecurity/trivy/issues/8236)) ([ae28398](https://github.com/aquasecurity/trivy/commit/ae283985c926ca828b25b69ad0338008be31e5fe))
* Updated twitter icon ([#7772](https://github.com/aquasecurity/trivy/issues/7772)) ([2c41ac8](https://github.com/aquasecurity/trivy/commit/2c41ac83a95e9347605d36f483171a60ffce0fa2))
* wasm module test ([#8099](https://github.com/aquasecurity/trivy/issues/8099)) ([2200f38](https://github.com/aquasecurity/trivy/commit/2200f3846d675c64ab9302af43224d663a67c944))
### Performance Improvements
* avoid heap allocation in applier findPackage ([#7883](https://github.com/aquasecurity/trivy/issues/7883)) ([9bd6ed7](https://github.com/aquasecurity/trivy/commit/9bd6ed73e5d49d52856c76124e84c268475c5456))
## [0.58.0](https://github.com/aquasecurity/trivy/compare/v0.57.0...v0.58.0) (2024-12-02)
### Features
* add `workspaceRelationship` ([#7889](https://github.com/aquasecurity/trivy/issues/7889)) ([d622ca2](https://github.com/aquasecurity/trivy/commit/d622ca2b1fe40a0eb588478ba9e15d3bd8471a78))
* add cvss v4 score and vector in scan response ([#7968](https://github.com/aquasecurity/trivy/issues/7968)) ([e0f2054](https://github.com/aquasecurity/trivy/commit/e0f2054f9d12dce87e8a0226350f6317f7167195))
* **go:** construct dependencies in the parser ([#7973](https://github.com/aquasecurity/trivy/issues/7973)) ([bcdc0bb](https://github.com/aquasecurity/trivy/commit/bcdc0bbf1f63777ff79d3ecadb8d4f916f376b7d))
* **go:** construct dependencies of `go.mod` main module in the parser ([#7977](https://github.com/aquasecurity/trivy/issues/7977)) ([5448ba2](https://github.com/aquasecurity/trivy/commit/5448ba2a5c1ee36cbcf74ee1c2e83409092c5715))
* **k8s:** add default commands for unknown platform ([#7863](https://github.com/aquasecurity/trivy/issues/7863)) ([b1c7f55](https://github.com/aquasecurity/trivy/commit/b1c7f5516fc39c6cbb76cbeae5c8677ccc9ce5dd))
* **misconf:** log causes of HCL file parsing errors ([#7634](https://github.com/aquasecurity/trivy/issues/7634)) ([e9a899a](https://github.com/aquasecurity/trivy/commit/e9a899a3cfe41a622202808a0241b7f40b54d338))
* **oracle:** add `flavors` support ([#7858](https://github.com/aquasecurity/trivy/issues/7858)) ([b9b383e](https://github.com/aquasecurity/trivy/commit/b9b383eb2714e88357af75900c856db2900b83ec))
* **secret:** Add built-in secrets rules for Private Packagist ([#7826](https://github.com/aquasecurity/trivy/issues/7826)) ([132d9df](https://github.com/aquasecurity/trivy/commit/132d9dfa19a8835c94f332c6939ab7f64641ee5f))
* **suse:** Align SUSE/OpenSUSE OS Identifiers ([#7965](https://github.com/aquasecurity/trivy/issues/7965)) ([45d3b40](https://github.com/aquasecurity/trivy/commit/45d3b40044202dec91384847ce2b50a7271f5977))
* Update registry fallbacks ([#7679](https://github.com/aquasecurity/trivy/issues/7679)) ([5ba9a83](https://github.com/aquasecurity/trivy/commit/5ba9a83a447c4f9e577ae6235c315df71f50b452))
### Bug Fixes
* **alpine:** add `UID` for removed packages ([#7887](https://github.com/aquasecurity/trivy/issues/7887)) ([07915da](https://github.com/aquasecurity/trivy/commit/07915da4816d4d9ec8a6c5e4cba17be2a0f4ad65))
* **aws:** change CPU and Memory type of ContainerDefinition to a string ([#7995](https://github.com/aquasecurity/trivy/issues/7995)) ([aeeba70](https://github.com/aquasecurity/trivy/commit/aeeba70d15c11443d9fe7c26f90fc7d9dcc7f92c))
* **cli:** Handle empty ignore files more gracefully ([#7962](https://github.com/aquasecurity/trivy/issues/7962)) ([4cfb2a9](https://github.com/aquasecurity/trivy/commit/4cfb2a97b27923182ab45c178544542ec65981d4))
* **debian:** infinite loop ([#7928](https://github.com/aquasecurity/trivy/issues/7928)) ([d982e6a](https://github.com/aquasecurity/trivy/commit/d982e6ab89967629f71ec09100cdc61e30a27c63))
* **fs:** add missing defered Cleanup() call to post analyzer fs ([#7882](https://github.com/aquasecurity/trivy/issues/7882)) ([ab32297](https://github.com/aquasecurity/trivy/commit/ab32297e0a8220a427fa330025f8625281e02275))
* Improve version comparisons when build identifiers are present ([#7873](https://github.com/aquasecurity/trivy/issues/7873)) ([eda4d76](https://github.com/aquasecurity/trivy/commit/eda4d7660d8908705bc08a6edc55d8144d02806a))
* **k8s:** check all results for vulnerabilities ([#7946](https://github.com/aquasecurity/trivy/issues/7946)) ([797b36f](https://github.com/aquasecurity/trivy/commit/797b36fbad90b8e7f04e16e2cf08d6bdc0255ac7))
* **misconf:** do not erase variable type for child modules ([#7941](https://github.com/aquasecurity/trivy/issues/7941)) ([de3b7ea](https://github.com/aquasecurity/trivy/commit/de3b7ea24c282bce22ce9cacb49a43d8d90e2bde))
* **misconf:** handle null properties in CloudFormation templates ([#7813](https://github.com/aquasecurity/trivy/issues/7813)) ([99b2db3](https://github.com/aquasecurity/trivy/commit/99b2db3978562689cef956a71281abb84ff0ce47))
* **misconf:** load full Terraform module ([#7925](https://github.com/aquasecurity/trivy/issues/7925)) ([fbc42a0](https://github.com/aquasecurity/trivy/commit/fbc42a04ea24e2246f81491434a965846d55ed69))
* **misconf:** properly resolve local Terraform cache ([#7983](https://github.com/aquasecurity/trivy/issues/7983)) ([fe3a897](https://github.com/aquasecurity/trivy/commit/fe3a8971b6697d896c1ec30b5326a10c20349d14))
* **misconf:** Update trivy-checks default repo to `mirror.gcr.io` ([#7953](https://github.com/aquasecurity/trivy/issues/7953)) ([9988147](https://github.com/aquasecurity/trivy/commit/9988147b8b0e463464fe494122bfcc66ccdf04e0))
* **misconf:** wrap AWS EnvVar to iac types ([#7407](https://github.com/aquasecurity/trivy/issues/7407)) ([54130dc](https://github.com/aquasecurity/trivy/commit/54130dcc1d775506d34b83a558952176fc549914))
* **redhat:** don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files ([#7912](https://github.com/aquasecurity/trivy/issues/7912)) ([38775a5](https://github.com/aquasecurity/trivy/commit/38775a5ed985eefe2b410e72407c454cdad3d075))
* **report:** handle `git@github.com` schema for misconfigs in `sarif` report ([#7898](https://github.com/aquasecurity/trivy/issues/7898)) ([19aea4b](https://github.com/aquasecurity/trivy/commit/19aea4b01f3ce5a3cd05d5a1091da5b0b3ba4af6))
* **sbom:** Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details ([#7871](https://github.com/aquasecurity/trivy/issues/7871)) ([461a68a](https://github.com/aquasecurity/trivy/commit/461a68afd60b77dd67e91047b3b4d558fa5bd2ec))
* **terraform:** set null value as fallback for missing variables ([#7669](https://github.com/aquasecurity/trivy/issues/7669)) ([611558e](https://github.com/aquasecurity/trivy/commit/611558e4ce61818330118684274534f26b1fda99))
## [0.57.0](https://github.com/aquasecurity/trivy/compare/v0.56.0...v0.57.0) (2024-10-31)
### ⚠ BREAKING CHANGES
* **k8s:** support k8s multi container ([#7444](https://github.com/aquasecurity/trivy/issues/7444))
### Features
* add end of life date for Ubuntu 24.10 ([#7787](https://github.com/aquasecurity/trivy/issues/7787)) ([ad3c09e](https://github.com/aquasecurity/trivy/commit/ad3c09e006e134f3c5b879ffc34ce9895a8c860f))
* **cli:** add `trivy auth` ([#7664](https://github.com/aquasecurity/trivy/issues/7664)) ([27117f8](https://github.com/aquasecurity/trivy/commit/27117f81d52483c3ceec56fe56ac298e242fbc9a))
* **cli:** error out when ignore file cannot be found ([#7624](https://github.com/aquasecurity/trivy/issues/7624)) ([cb0b3a9](https://github.com/aquasecurity/trivy/commit/cb0b3a9279b31810ecd686a385e5140e567ce86f))
* **cli:** rename `trivy auth` to `trivy registry` ([#7727](https://github.com/aquasecurity/trivy/issues/7727)) ([633a7ab](https://github.com/aquasecurity/trivy/commit/633a7abeea4287899392a24f2705f96dfeb7e312))
* **cyclonedx:** add file checksums to `CycloneDX` reports ([#7507](https://github.com/aquasecurity/trivy/issues/7507)) ([c225883](https://github.com/aquasecurity/trivy/commit/c225883649f58128a99fa2c1cef327d0e57940be))
* **db:** append errors ([#7843](https://github.com/aquasecurity/trivy/issues/7843)) ([5e78b6c](https://github.com/aquasecurity/trivy/commit/5e78b6c12fb5740c12dedeea3d335d48ec2f752b))
* **misconf:** export unresolvable field of IaC types to Rego ([#7765](https://github.com/aquasecurity/trivy/issues/7765)) ([9514148](https://github.com/aquasecurity/trivy/commit/9514148767865baddd73a49245385574927f7a74))
* **misconf:** public network support for Azure Storage Account ([#7601](https://github.com/aquasecurity/trivy/issues/7601)) ([ad91412](https://github.com/aquasecurity/trivy/commit/ad914123c4d203af1e1da6b7e2d3e49d9d3831d8))
* **misconf:** Show misconfig ID in output ([#7762](https://github.com/aquasecurity/trivy/issues/7762)) ([f75c0d1](https://github.com/aquasecurity/trivy/commit/f75c0d1f0069d4856cb4826d6049f32c5b9409d9))
* **misconf:** ssl_mode support for GCP SQL DB instance ([#7564](https://github.com/aquasecurity/trivy/issues/7564)) ([2eaa17e](https://github.com/aquasecurity/trivy/commit/2eaa17e0717940b27a79050e2efd9213b71178c9))
* **parser:** ignore white space in pom.xml files ([#7747](https://github.com/aquasecurity/trivy/issues/7747)) ([a7baa93](https://github.com/aquasecurity/trivy/commit/a7baa93b00b8636aa097e64cdb8eed97dbd68511))
* **report:** update gitlab template to populate operating_system value ([#7735](https://github.com/aquasecurity/trivy/issues/7735)) ([c0d79fa](https://github.com/aquasecurity/trivy/commit/c0d79fa09e645f3a3dbff878e393b8631fb17b64))
### Bug Fixes
* **cli:** `clean --all` deletes only relevant dirs ([#7704](https://github.com/aquasecurity/trivy/issues/7704)) ([672e886](https://github.com/aquasecurity/trivy/commit/672e886aed152ae0f09a16941706746f3053ca94))
* **cli:** add config name to skip-policy-update alias ([#7820](https://github.com/aquasecurity/trivy/issues/7820)) ([b661d68](https://github.com/aquasecurity/trivy/commit/b661d680ff0372c8e4beea0db13bf69d6a2203a8))
* **db:** fix javadb downloading error handling ([#7642](https://github.com/aquasecurity/trivy/issues/7642)) ([2c87f0c](https://github.com/aquasecurity/trivy/commit/2c87f0cb794acd77446a273582ba1a45b9f18980))
* enable usestdlibvars linter ([#7770](https://github.com/aquasecurity/trivy/issues/7770)) ([57e24aa](https://github.com/aquasecurity/trivy/commit/57e24aa85382f749df7f673e241caaf3fcbb45cb))
* **go:** Do not trim v prefix from versions in Go Mod Analyzer ([#7733](https://github.com/aquasecurity/trivy/issues/7733)) ([e872ec0](https://github.com/aquasecurity/trivy/commit/e872ec006c0745a5a142728af0096c6d6bb9ddf3))
* **helm:** properly handle multiple archived dependencies ([#7782](https://github.com/aquasecurity/trivy/issues/7782)) ([6fab88d](https://github.com/aquasecurity/trivy/commit/6fab88dd56c257ef2cc63b617c2a5decb1c4cf98))
* **java:** correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents ([#7541](https://github.com/aquasecurity/trivy/issues/7541)) ([778df82](https://github.com/aquasecurity/trivy/commit/778df828eaad9827cb833c6285058a33aa2b83ca))
* **k8s:** skip resources without misconfigs ([#7797](https://github.com/aquasecurity/trivy/issues/7797)) ([7882776](https://github.com/aquasecurity/trivy/commit/78827768a612ab305bf9c55409ce76d6774302a5))
* **k8s:** support k8s multi container ([#7444](https://github.com/aquasecurity/trivy/issues/7444)) ([c434775](https://github.com/aquasecurity/trivy/commit/c4347759234dcb5f372b07f92fb4230ef391d710))
* **k8s:** support kubernetes v1.31 ([#7810](https://github.com/aquasecurity/trivy/issues/7810)) ([7a4f4d8](https://github.com/aquasecurity/trivy/commit/7a4f4d8b12996687f3095a2042cdf2f5985332c9))
* **license:** fix license normalization for Universal Permissive License ([#7766](https://github.com/aquasecurity/trivy/issues/7766)) ([f6acdf7](https://github.com/aquasecurity/trivy/commit/f6acdf713991f8ffdbe765178fcb8a9cde433cba))
* **misconf:** change default ACL of digitalocean_spaces_bucket to private ([#7577](https://github.com/aquasecurity/trivy/issues/7577)) ([9da84f5](https://github.com/aquasecurity/trivy/commit/9da84f54fadbe6ad0d73983952e945ed63b666f3))
* **misconf:** check if property is not nil before conversion ([#7578](https://github.com/aquasecurity/trivy/issues/7578)) ([c8c14d3](https://github.com/aquasecurity/trivy/commit/c8c14d36245623019f29d258f813d2325f7490f7))
* **misconf:** fix for Azure Storage Account network acls adaptation ([#7602](https://github.com/aquasecurity/trivy/issues/7602)) ([35fd018](https://github.com/aquasecurity/trivy/commit/35fd018ae7ad86823f114f0ac2f1376726aee444))
* **misconf:** properly expand dynamic blocks ([#7612](https://github.com/aquasecurity/trivy/issues/7612)) ([8d5dbc9](https://github.com/aquasecurity/trivy/commit/8d5dbc9fec3569b22ed81a03c40eaf732768718b))
* **redhat:** include arch in PURL qualifiers ([#7654](https://github.com/aquasecurity/trivy/issues/7654)) ([a585e95](https://github.com/aquasecurity/trivy/commit/a585e95f3398631d9ad10505c5ff642fde21aef7))
* **repo:** `git clone` output to Stderr ([#7561](https://github.com/aquasecurity/trivy/issues/7561)) ([fdf203c](https://github.com/aquasecurity/trivy/commit/fdf203cd209aeb40f454bd12d121a54d6ed7a542))
* **report:** Fix invalid URI in SARIF report ([#7645](https://github.com/aquasecurity/trivy/issues/7645)) ([015bb88](https://github.com/aquasecurity/trivy/commit/015bb885ac414b91201fa9791eead395d878149c))
* **sbom:** add options for DBs in private registries ([#7660](https://github.com/aquasecurity/trivy/issues/7660)) ([1f2e91b](https://github.com/aquasecurity/trivy/commit/1f2e91b02b3606dd11963002a8cfac7962f3478f))
* **sbom:** use `Annotation` instead of `AttributionTexts` for `SPDX` formats ([#7811](https://github.com/aquasecurity/trivy/issues/7811)) ([f2bb9c6](https://github.com/aquasecurity/trivy/commit/f2bb9c6227743dd61f44eb591d4b15192fe110c6))
## [0.56.0](https://github.com/aquasecurity/trivy/compare/v0.55.0...v0.56.0) (2024-10-03)
### Features
* **java:** add empty versions if `pom.xml` dependency versions can't be detected ([#7520](https://github.com/aquasecurity/trivy/issues/7520)) ([b836232](https://github.com/aquasecurity/trivy/commit/b8362321adb2af220830c5de31c29978423d47da))
* **license:** improve license normalization ([#7131](https://github.com/aquasecurity/trivy/issues/7131)) ([6472e3c](https://github.com/aquasecurity/trivy/commit/6472e3c9da2a8e7ba41598a45c80df8f18e57d4c))
* **misconf:** add ability to disable checks by ID ([#7536](https://github.com/aquasecurity/trivy/issues/7536)) ([ef0a27d](https://github.com/aquasecurity/trivy/commit/ef0a27d515ff80762bf1959d44a8bde017ae06ec))
* **misconf:** Register checks only when needed ([#7435](https://github.com/aquasecurity/trivy/issues/7435)) ([f768d3a](https://github.com/aquasecurity/trivy/commit/f768d3a767a99a86b0372f19d9f49a2de35dbe59))
* **misconf:** Support `--skip-*` for all included modules ([#7579](https://github.com/aquasecurity/trivy/issues/7579)) ([c0e8da3](https://github.com/aquasecurity/trivy/commit/c0e8da3828e9d3a0b30d1f6568037db8dc827765))
* **secret:** enhance secret scanning for python binary files ([#7223](https://github.com/aquasecurity/trivy/issues/7223)) ([60725f8](https://github.com/aquasecurity/trivy/commit/60725f879ba014c5c57583db6afc290b78facae8))
* support multiple DB repositories for vulnerability and Java DB ([#7605](https://github.com/aquasecurity/trivy/issues/7605)) ([3562529](https://github.com/aquasecurity/trivy/commit/3562529ddfb26d301311ed450c192e17011353df))
* support RPM archives ([#7628](https://github.com/aquasecurity/trivy/issues/7628)) ([69bf7e0](https://github.com/aquasecurity/trivy/commit/69bf7e00ea5ab483692db830fdded26a31f03183))
* **suse:** added SUSE Linux Enterprise Micro support ([#7294](https://github.com/aquasecurity/trivy/issues/7294)) ([efdb68d](https://github.com/aquasecurity/trivy/commit/efdb68d3b9ddf9dfaf45ea5855b31c43a4366bab))
### Bug Fixes
* allow access to '..' in mapfs ([#7575](https://github.com/aquasecurity/trivy/issues/7575)) ([a8fbe46](https://github.com/aquasecurity/trivy/commit/a8fbe46119adbd89f827a75c75b9e97d392f1842))
* **db:** check `DownloadedAt` for `trivy-java-db` ([#7592](https://github.com/aquasecurity/trivy/issues/7592)) ([13ef3e7](https://github.com/aquasecurity/trivy/commit/13ef3e7d62ba2bcb3a04d7b44f79b1299674b480))
* **java:** use `dependencyManagement` from root/child pom's for dependencies from parents ([#7497](https://github.com/aquasecurity/trivy/issues/7497)) ([5442949](https://github.com/aquasecurity/trivy/commit/54429497e7d6a87eac236771d4efb8a5a7faaac5))
* **license:** stop spliting a long license text ([#7336](https://github.com/aquasecurity/trivy/issues/7336)) ([4926da7](https://github.com/aquasecurity/trivy/commit/4926da79de901fba73819d71845ec0355b68ae0f))
* **misconf:** Disable deprecated checks by default ([#7632](https://github.com/aquasecurity/trivy/issues/7632)) ([82e2adc](https://github.com/aquasecurity/trivy/commit/82e2adc6f8e68d0cc0021031170c2adb60d213ba))
* **misconf:** disable DS016 check for image history analyzer ([#7540](https://github.com/aquasecurity/trivy/issues/7540)) ([de40df9](https://github.com/aquasecurity/trivy/commit/de40df9408d6d856a3ad384ec9f086edce3aa382))
* **misconf:** escape all special sequences ([#7558](https://github.com/aquasecurity/trivy/issues/7558)) ([ea0cf03](https://github.com/aquasecurity/trivy/commit/ea0cf0379aff0348fde87356dab37947800fc1b6))
* **misconf:** Fix logging typo ([#7473](https://github.com/aquasecurity/trivy/issues/7473)) ([56db43c](https://github.com/aquasecurity/trivy/commit/56db43c24f4f6be92891be85faaf9492cad516ac))
* **misconf:** Fixed scope for China Cloud ([#7560](https://github.com/aquasecurity/trivy/issues/7560)) ([37d549e](https://github.com/aquasecurity/trivy/commit/37d549e5b86a1c5dce6710fbfd2310aec9abe949))
* **misconf:** not to warn about missing selectors of libraries ([#7638](https://github.com/aquasecurity/trivy/issues/7638)) ([fcaea74](https://github.com/aquasecurity/trivy/commit/fcaea740808d5784c120e5c5d65f5f94e1d931d4))
* **oracle:** Update EOL date for Oracle 7 ([#7480](https://github.com/aquasecurity/trivy/issues/7480)) ([dd0a64a](https://github.com/aquasecurity/trivy/commit/dd0a64a1cf0cd76e6f81e3ff55fa6ccb95ce3c3d))
* **report:** change a receiver of MarshalJSON ([#7483](https://github.com/aquasecurity/trivy/issues/7483)) ([927c6e0](https://github.com/aquasecurity/trivy/commit/927c6e0c9d4d4a3f1be00f0f661c1d18325d9440))
* **report:** fix error with unmarshal of `ExperimentalModifiedFindings` ([#7463](https://github.com/aquasecurity/trivy/issues/7463)) ([7ff9aff](https://github.com/aquasecurity/trivy/commit/7ff9aff2739b2eee4a98175b98914795e4077060))
* **sbom:** export bom-ref when converting a package to a component ([#7340](https://github.com/aquasecurity/trivy/issues/7340)) ([5dd94eb](https://github.com/aquasecurity/trivy/commit/5dd94ebc1ffe3f1df511dee6381f92a5daefadf2))
* **sbom:** parse type `framework` as `library` when unmarshalling `CycloneDX` files ([#7527](https://github.com/aquasecurity/trivy/issues/7527)) ([aeb7039](https://github.com/aquasecurity/trivy/commit/aeb7039d7ce090e243d29f0bf16c9e4e24252a01))
* **secret:** change grafana token regex to find them without unquoted ([#7627](https://github.com/aquasecurity/trivy/issues/7627)) ([3e1fa21](https://github.com/aquasecurity/trivy/commit/3e1fa2100074e840bacdd65947425b08750b7d9a))
### Performance Improvements
* **misconf:** use port ranges instead of enumeration ([#7549](https://github.com/aquasecurity/trivy/issues/7549)) ([1f9fc13](https://github.com/aquasecurity/trivy/commit/1f9fc13da4a1e7c76c978e4f8e119bfd61a0480e))
### Reverts
* **java:** stop supporting of `test` scope for `pom.xml` files ([#7488](https://github.com/aquasecurity/trivy/issues/7488)) ([b0222fe](https://github.com/aquasecurity/trivy/commit/b0222feeb586ec59904bb321fda8f3f22496d07b))
## [0.55.0](https://github.com/aquasecurity/trivy/compare/v0.54.0...v0.55.0) (2024-09-03)
### ⚠ BREAKING CHANGES
* **cli:** delete deprecated SBOM flags ([#7266](https://github.com/aquasecurity/trivy/issues/7266))
### Features
* **cli:** delete deprecated SBOM flags ([#7266](https://github.com/aquasecurity/trivy/issues/7266)) ([7024572](https://github.com/aquasecurity/trivy/commit/70245721372720027b7089bd61c693df48add865))
* **go:** use `toolchain` as `stdlib` version for `go.mod` files ([#7163](https://github.com/aquasecurity/trivy/issues/7163)) ([2d80769](https://github.com/aquasecurity/trivy/commit/2d80769c34b118851640411fff9dac0b3e353e82))
* **java:** add `test` scope support for `pom.xml` files ([#7414](https://github.com/aquasecurity/trivy/issues/7414)) ([2d97700](https://github.com/aquasecurity/trivy/commit/2d97700d10665142d2f66d7910202bec82116209))
* **misconf:** Add support for using spec from on-disk bundle ([#7179](https://github.com/aquasecurity/trivy/issues/7179)) ([be86126](https://github.com/aquasecurity/trivy/commit/be861265cafc89787fda09c59b2ef175e3d04204))
* **misconf:** ignore duplicate checks ([#7317](https://github.com/aquasecurity/trivy/issues/7317)) ([9ef05fc](https://github.com/aquasecurity/trivy/commit/9ef05fc6b171a264516a025b0b0bcbbc8cff10bc))
* **misconf:** iterator argument support for dynamic blocks ([#7236](https://github.com/aquasecurity/trivy/issues/7236)) ([fe92072](https://github.com/aquasecurity/trivy/commit/fe9207255a4f7f984ec1447f8a9219ae60e560c4))
* **misconf:** port and protocol support for EC2 networks ([#7146](https://github.com/aquasecurity/trivy/issues/7146)) ([98e136e](https://github.com/aquasecurity/trivy/commit/98e136eb7baa2b66f4233d96875c1490144e1594))
* **misconf:** scanning support for YAML and JSON ([#7311](https://github.com/aquasecurity/trivy/issues/7311)) ([efdbd8f](https://github.com/aquasecurity/trivy/commit/efdbd8f19ab0ab0c3b48293d43e51c81b7b03b89))
* **misconf:** support for ignore by nested attributes ([#7205](https://github.com/aquasecurity/trivy/issues/7205)) ([44e4686](https://github.com/aquasecurity/trivy/commit/44e468603d44b077cc4606327fb3e7d7ca435e05))
* **misconf:** support for policy and bucket grants ([#7284](https://github.com/aquasecurity/trivy/issues/7284)) ([a817fae](https://github.com/aquasecurity/trivy/commit/a817fae85b7272b391b737ec86673a7cab722bae))
* **misconf:** variable support for Terraform Plan ([#7228](https://github.com/aquasecurity/trivy/issues/7228)) ([db2c955](https://github.com/aquasecurity/trivy/commit/db2c95598da098ca610825089eb4ab63b789b215))
* **python:** use minimum version for pip packages ([#7348](https://github.com/aquasecurity/trivy/issues/7348)) ([e9b43f8](https://github.com/aquasecurity/trivy/commit/e9b43f81e67789b067352fcb6aa55bc9478bc518))
* **report:** export modified findings in JSON ([#7383](https://github.com/aquasecurity/trivy/issues/7383)) ([7aea79d](https://github.com/aquasecurity/trivy/commit/7aea79dd93cfb61453766dbbb2e3fc0fbd317852))
* **sbom:** set User-Agent header on requests to Rekor ([#7396](https://github.com/aquasecurity/trivy/issues/7396)) ([af1d257](https://github.com/aquasecurity/trivy/commit/af1d257730422d238871beb674767f8f83c5d06a))
* **server:** add internal `--path-prefix` flag for client/server mode ([#7321](https://github.com/aquasecurity/trivy/issues/7321)) ([24a4563](https://github.com/aquasecurity/trivy/commit/24a45636867b893ff54c5ce07197f3b5c6db1d9b))
* **server:** Make Trivy Server Multiplexer Exported ([#7389](https://github.com/aquasecurity/trivy/issues/7389)) ([4c6e8ca](https://github.com/aquasecurity/trivy/commit/4c6e8ca9cc9591799907cc73075f2d740e303b8f))
* **vm:** Support direct filesystem ([#7058](https://github.com/aquasecurity/trivy/issues/7058)) ([45b3f34](https://github.com/aquasecurity/trivy/commit/45b3f344042bcd90ca63ab696b69bff0e9ab4e36))
* **vm:** support the Ext2/Ext3 filesystems ([#6983](https://github.com/aquasecurity/trivy/issues/6983)) ([35c60f0](https://github.com/aquasecurity/trivy/commit/35c60f030fa48de8d8e57958e5ba379814126831))
* **vuln:** Add `--detection-priority` flag for accuracy tuning ([#7288](https://github.com/aquasecurity/trivy/issues/7288)) ([fd8348d](https://github.com/aquasecurity/trivy/commit/fd8348d610f20c6c33da81cd7b0e7d5504ce26be))
### Bug Fixes
* **aws:** handle ECR repositories in different regions ([#6217](https://github.com/aquasecurity/trivy/issues/6217)) ([feaef96](https://github.com/aquasecurity/trivy/commit/feaef9699df5d8ca399770e701a59d7c0ff979a3))
* **flag:** incorrect behavior for deprected flag `--clear-cache` ([#7281](https://github.com/aquasecurity/trivy/issues/7281)) ([2a0e529](https://github.com/aquasecurity/trivy/commit/2a0e529c36057b572119815af59c28e4790034ca))
* **helm:** explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element ([#7362](https://github.com/aquasecurity/trivy/issues/7362)) ([da4ebfa](https://github.com/aquasecurity/trivy/commit/da4ebfa1a741f3f8b0b43289b4028afe763f7d43))
* **java:** Return error when trying to find a remote pom to avoid segfault ([#7275](https://github.com/aquasecurity/trivy/issues/7275)) ([49d5270](https://github.com/aquasecurity/trivy/commit/49d5270163e305f88fedcf50412973736e69dc69))
* **license:** add license handling to JUnit template ([#7409](https://github.com/aquasecurity/trivy/issues/7409)) ([f80183c](https://github.com/aquasecurity/trivy/commit/f80183c1139b21bb95bc64e216358f4a76001a65))
* logger initialization before flags parsing ([#7372](https://github.com/aquasecurity/trivy/issues/7372)) ([c929290](https://github.com/aquasecurity/trivy/commit/c929290c3c0e4e91337264d69e75ccb60522bc65))
* **misconf:** change default TLS values for the Azure storage account ([#7345](https://github.com/aquasecurity/trivy/issues/7345)) ([aadb090](https://github.com/aquasecurity/trivy/commit/aadb09078843250c66087f46db9a2aa48094a118))
* **misconf:** do not filter Terraform plan JSON by name ([#7406](https://github.com/aquasecurity/trivy/issues/7406)) ([9d7264a](https://github.com/aquasecurity/trivy/commit/9d7264af8e85bcc0dba600b8366d0470d455251c))
* **misconf:** do not recreate filesystem map ([#7416](https://github.com/aquasecurity/trivy/issues/7416)) ([3a5d091](https://github.com/aquasecurity/trivy/commit/3a5d091759564496992a83fb2015a21c84a22213))
* **misconf:** do not register Rego libs in checks registry ([#7420](https://github.com/aquasecurity/trivy/issues/7420)) ([a5aa63e](https://github.com/aquasecurity/trivy/commit/a5aa63eff7e229744090f9ad300c1bec3259397e))
* **misconf:** do not set default value for default_cache_behavior ([#7234](https://github.com/aquasecurity/trivy/issues/7234)) ([f0ed5e4](https://github.com/aquasecurity/trivy/commit/f0ed5e4ced7e60af35c88d5d084aa4b7237f4973))
* **misconf:** fix infer type for null value ([#7424](https://github.com/aquasecurity/trivy/issues/7424)) ([0cac3ac](https://github.com/aquasecurity/trivy/commit/0cac3ac7075017628a21a7990941df04cbc16dbe))
* **misconf:** init frameworks before updating them ([#7376](https://github.com/aquasecurity/trivy/issues/7376)) ([b65b32d](https://github.com/aquasecurity/trivy/commit/b65b32ddfa6fc62ac81ad9fa580e1f5a327864f5))
* **misconf:** load only submodule if it is specified in source ([#7112](https://github.com/aquasecurity/trivy/issues/7112)) ([a4180bd](https://github.com/aquasecurity/trivy/commit/a4180bddd43d86e479edf0afe0c362021d071482))
* **misconf:** support deprecating for Go checks ([#7377](https://github.com/aquasecurity/trivy/issues/7377)) ([2a6c7ab](https://github.com/aquasecurity/trivy/commit/2a6c7ab3b338ce4a8f99d6ac3508c2531dcbe812))
* **misconf:** use module to log when metadata retrieval fails ([#7405](https://github.com/aquasecurity/trivy/issues/7405)) ([0799770](https://github.com/aquasecurity/trivy/commit/0799770b8827a8276ad0d6d9ac7e0381c286757c))
* **misconf:** wrap Azure PortRange in iac types ([#7357](https://github.com/aquasecurity/trivy/issues/7357)) ([c5c62d5](https://github.com/aquasecurity/trivy/commit/c5c62d5ff05420321f9cdbfb93e2591e0866a342))
* **nodejs:** check all `importers` to detect dev deps from pnpm-lock.yaml file ([#7387](https://github.com/aquasecurity/trivy/issues/7387)) ([fd9ed3a](https://github.com/aquasecurity/trivy/commit/fd9ed3a330bc66e229bcbdc262dc296a3bf01f54))
* **plugin:** do not call GitHub content API for releases and tags ([#7274](https://github.com/aquasecurity/trivy/issues/7274)) ([b3ee6da](https://github.com/aquasecurity/trivy/commit/b3ee6dac269bd7847674f3ce985a5ff7f8f0ba38))
* **report:** escape `Message` field in `asff.tpl` template ([#7401](https://github.com/aquasecurity/trivy/issues/7401)) ([dd9733e](https://github.com/aquasecurity/trivy/commit/dd9733e950d3127aa2ac90c45ec7e2b88a2b47ca))
* safely check if the directory exists ([#7353](https://github.com/aquasecurity/trivy/issues/7353)) ([05a8297](https://github.com/aquasecurity/trivy/commit/05a829715f99cd90b122c64cd2f40157854e467b))
* **sbom:** use `NOASSERTION` for licenses fields in SPDX formats ([#7403](https://github.com/aquasecurity/trivy/issues/7403)) ([c96dcdd](https://github.com/aquasecurity/trivy/commit/c96dcdd440a14cdd1b01ac473b2c15e4698e387b))
* **secret:** use `.eyJ` keyword for JWT secret ([#7410](https://github.com/aquasecurity/trivy/issues/7410)) ([bf64003](https://github.com/aquasecurity/trivy/commit/bf64003ac8b209f34b88f228918a96d4f9dac5e0))
* **secret:** use only line with secret for long secret lines ([#7412](https://github.com/aquasecurity/trivy/issues/7412)) ([391448a](https://github.com/aquasecurity/trivy/commit/391448aba9fcb0a4138225e5ab305e4e6707c603))
* **terraform:** add aws_region name to presets ([#7184](https://github.com/aquasecurity/trivy/issues/7184)) ([bb2e26a](https://github.com/aquasecurity/trivy/commit/bb2e26a0ab707b718f6a890cbc87e2492298b6e5))
### Performance Improvements
* **misconf:** do not convert contents of a YAML file to string ([#7292](https://github.com/aquasecurity/trivy/issues/7292)) ([85dadf5](https://github.com/aquasecurity/trivy/commit/85dadf56265647c000191561db10b08a4948c140))
* **misconf:** optimize work with context ([#6968](https://github.com/aquasecurity/trivy/issues/6968)) ([2b6d8d9](https://github.com/aquasecurity/trivy/commit/2b6d8d9227fb6ecc9386a14333964c23c0370a52))
* **misconf:** use json.Valid to check validity of JSON ([#7308](https://github.com/aquasecurity/trivy/issues/7308)) ([c766831](https://github.com/aquasecurity/trivy/commit/c766831069e188226efafeec184e41498685ed85))
## [0.54.0](https://github.com/aquasecurity/trivy/compare/v0.53.0...v0.54.0) (2024-07-30)
### Features
* add `log.FilePath()` function for logger ([#7080](https://github.com/aquasecurity/trivy/issues/7080)) ([1f5f348](https://github.com/aquasecurity/trivy/commit/1f5f34895823fae81bf521fc939bee743a50e304))
* add openSUSE tumbleweed detection and scanning ([#6965](https://github.com/aquasecurity/trivy/issues/6965)) ([17b5dbf](https://github.com/aquasecurity/trivy/commit/17b5dbfa12180414b87859c6c46bfe6cc5ecf7ba))
* **cli:** rename `--vuln-type` flag to `--pkg-types` flag ([#7104](https://github.com/aquasecurity/trivy/issues/7104)) ([7cbdb0a](https://github.com/aquasecurity/trivy/commit/7cbdb0a0b5dff33e506e1c1f3119951fa241b432))
* **mariner:** Add support for Azure Linux ([#7186](https://github.com/aquasecurity/trivy/issues/7186)) ([5cbc452](https://github.com/aquasecurity/trivy/commit/5cbc452a09822d1bf300ead88f0d613d4cf0349a))
* **misconf:** enabled China configuration for ACRs ([#7156](https://github.com/aquasecurity/trivy/issues/7156)) ([d1ec89d](https://github.com/aquasecurity/trivy/commit/d1ec89d1db4b039f0e31076ccd1ca969fb15628e))
* **nodejs:** add license parser to pnpm analyser ([#7036](https://github.com/aquasecurity/trivy/issues/7036)) ([03ac93d](https://github.com/aquasecurity/trivy/commit/03ac93dc208f1b40896f3fa11fa1d45293176dca))
* **sbom:** add image labels into `SPDX` and `CycloneDX` reports ([#7257](https://github.com/aquasecurity/trivy/issues/7257)) ([4a2f492](https://github.com/aquasecurity/trivy/commit/4a2f492c6e685ff577fb96a7006cd0c43755baf4))
* **sbom:** add vulnerability support for SPDX formats ([#7213](https://github.com/aquasecurity/trivy/issues/7213)) ([efb1f69](https://github.com/aquasecurity/trivy/commit/efb1f6938321eec3529ef4fea6608261f6771ae0))
* share build-in rules ([#7207](https://github.com/aquasecurity/trivy/issues/7207)) ([bff317c](https://github.com/aquasecurity/trivy/commit/bff317c77bf4a5f615a80d9875d129213bd52f6d))
* **vex:** retrieve VEX attestations from OCI registries ([#7249](https://github.com/aquasecurity/trivy/issues/7249)) ([c2fd2e0](https://github.com/aquasecurity/trivy/commit/c2fd2e0d89567a0ccd996dda8790f3c3305ea6f7))
* **vex:** VEX Repository support ([#7206](https://github.com/aquasecurity/trivy/issues/7206)) ([88ba460](https://github.com/aquasecurity/trivy/commit/88ba46047c93e6046292523ae701de774dfdc4dc))
* **vuln:** add `--pkg-relationships` ([#7237](https://github.com/aquasecurity/trivy/issues/7237)) ([5c37361](https://github.com/aquasecurity/trivy/commit/5c37361600d922db27dd594b2a80c010a19b3a6e))
### Bug Fixes
* Add dependencyManagement exclusions to the child exclusions ([#6969](https://github.com/aquasecurity/trivy/issues/6969)) ([dc68a66](https://github.com/aquasecurity/trivy/commit/dc68a662a701980d6529f61a65006f1e4728a3e5))
* add missing platform and type to spec ([#7149](https://github.com/aquasecurity/trivy/issues/7149)) ([c8a7abd](https://github.com/aquasecurity/trivy/commit/c8a7abd3b508975fcf10c254d13d1a2cd42da657))
* **cli:** error on missing config file ([#7154](https://github.com/aquasecurity/trivy/issues/7154)) ([7fa5e7d](https://github.com/aquasecurity/trivy/commit/7fa5e7d0ab67f20d434b2922725988695e32e6af))
* close file when failed to open gzip ([#7164](https://github.com/aquasecurity/trivy/issues/7164)) ([2a577a7](https://github.com/aquasecurity/trivy/commit/2a577a7bae37e5731dceaea8740683573b6b70a5))
* **dotnet:** don't include non-runtime libraries into report for `*.deps.json` files ([#7039](https://github.com/aquasecurity/trivy/issues/7039)) ([5bc662b](https://github.com/aquasecurity/trivy/commit/5bc662be9a8f072599f90abfd3b400c8ab055ed6))
* **dotnet:** show `nuget package dir not found` log only when checking `nuget` packages ([#7194](https://github.com/aquasecurity/trivy/issues/7194)) ([d76feba](https://github.com/aquasecurity/trivy/commit/d76febaee107c645e864da0f4d74a8f6ae4ad232))
* ignore nodes when listing permission is not allowed ([#7107](https://github.com/aquasecurity/trivy/issues/7107)) ([25f8143](https://github.com/aquasecurity/trivy/commit/25f8143f120965c636c5ea8386398b211b082398))
* **java:** avoid panic if deps from `pom` in `it` dir are not found ([#7245](https://github.com/aquasecurity/trivy/issues/7245)) ([4e54a7e](https://github.com/aquasecurity/trivy/commit/4e54a7e84c33c1be80c52c6db78c634bc3911715))
* **java:** use `go-mvn-version` to remove `Package` duplicates ([#7088](https://github.com/aquasecurity/trivy/issues/7088)) ([a7a304d](https://github.com/aquasecurity/trivy/commit/a7a304d53e1ce230f881c28c4f35885774cf3b9a))
* **misconf:** do not evaluate TF when a load error occurs ([#7109](https://github.com/aquasecurity/trivy/issues/7109)) ([f27c236](https://github.com/aquasecurity/trivy/commit/f27c236d6e155cb366aeef619b6ea96d20fb93da))
* **nodejs:** detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` ([#7110](https://github.com/aquasecurity/trivy/issues/7110)) ([54bb8bd](https://github.com/aquasecurity/trivy/commit/54bb8bdfb934d114b5570005853bf4bc0d40c609))
* **report:** hide empty table when all secrets/license/misconfigs are ignored ([#7171](https://github.com/aquasecurity/trivy/issues/7171)) ([c3036de](https://github.com/aquasecurity/trivy/commit/c3036de6d7719323d306a9666ccc8d928d936f9a))
* **secret:** skip regular strings contain secret patterns ([#7182](https://github.com/aquasecurity/trivy/issues/7182)) ([174b1e3](https://github.com/aquasecurity/trivy/commit/174b1e3515a6394cf8d523216d6267c1aefb820a))
* **secret:** trim excessively long lines ([#7192](https://github.com/aquasecurity/trivy/issues/7192)) ([92b13be](https://github.com/aquasecurity/trivy/commit/92b13be668bd20f8e9dac2f0cb8e5a2708b9b3b5))
* **secret:** update length of `hugging-face-access-token` ([#7216](https://github.com/aquasecurity/trivy/issues/7216)) ([8c87194](https://github.com/aquasecurity/trivy/commit/8c87194f0a6b194bc5d340c8a65bd99a3132d973))
* **server:** pass license categories to options ([#7203](https://github.com/aquasecurity/trivy/issues/7203)) ([9d52018](https://github.com/aquasecurity/trivy/commit/9d5201808da89607ae43570bdf1f335b482a6b79))
### Performance Improvements
* **debian:** use `bytes.Index` in `emptyLineSplit` to cut allocation ([#7065](https://github.com/aquasecurity/trivy/issues/7065)) ([acbec05](https://github.com/aquasecurity/trivy/commit/acbec053c985388a26d899e73b4b7f5a6d1fa210))
## [0.53.0](https://github.com/aquasecurity/trivy/compare/v0.52.0...v0.53.0) (2024-07-01)
### ⚠ BREAKING CHANGES
* **k8s:** node-collector dynamic commands support ([#6861](https://github.com/aquasecurity/trivy/issues/6861))
* add clean subcommand ([#6993](https://github.com/aquasecurity/trivy/issues/6993))
* **aws:** Remove aws subcommand ([#6995](https://github.com/aquasecurity/trivy/issues/6995))
### Features
* add clean subcommand ([#6993](https://github.com/aquasecurity/trivy/issues/6993)) ([8d0ae1f](https://github.com/aquasecurity/trivy/commit/8d0ae1f5de72d92a043dcd6b7c164d30e51b6047))
* Add local ImageID to SARIF metadata ([#6522](https://github.com/aquasecurity/trivy/issues/6522)) ([f144e91](https://github.com/aquasecurity/trivy/commit/f144e912d34234f00b5a13b7a11a0019fa978b27))
* add memory cache backend ([#7048](https://github.com/aquasecurity/trivy/issues/7048)) ([55ccd06](https://github.com/aquasecurity/trivy/commit/55ccd06df43f6ff28685f46d215ccb70f55916d2))
* **aws:** Remove aws subcommand ([#6995](https://github.com/aquasecurity/trivy/issues/6995)) ([979e118](https://github.com/aquasecurity/trivy/commit/979e118a9e0ca8943bef9143f492d7eb1fd4d863))
* **conda:** add licenses support for `environment.yml` files ([#6953](https://github.com/aquasecurity/trivy/issues/6953)) ([654217a](https://github.com/aquasecurity/trivy/commit/654217a65485ca0a07771ea61071977894eb4920))
* **dart:** use first version of constraint for dependencies using SDK version ([#6239](https://github.com/aquasecurity/trivy/issues/6239)) ([042d6b0](https://github.com/aquasecurity/trivy/commit/042d6b08c283105c258a3dda98983b345a5305c3))
* **image:** Set User-Agent header for Trivy container registry requests ([#6868](https://github.com/aquasecurity/trivy/issues/6868)) ([9b31697](https://github.com/aquasecurity/trivy/commit/9b31697274c8743d6e5a8f7a1a05daf60cd15910))
* **java:** add support for `maven-metadata.xml` files for remote snapshot repositories. ([#6950](https://github.com/aquasecurity/trivy/issues/6950)) ([1f8fca1](https://github.com/aquasecurity/trivy/commit/1f8fca1fc77b989bb4e3ba820b297464dbdd825f))
* **java:** add support for sbt projects using sbt-dependency-lock ([#6882](https://github.com/aquasecurity/trivy/issues/6882)) ([f18d035](https://github.com/aquasecurity/trivy/commit/f18d035ae13b281c96aa4ed69ca32e507d336e66))
* **k8s:** node-collector dynamic commands support ([#6861](https://github.com/aquasecurity/trivy/issues/6861)) ([8d618e4](https://github.com/aquasecurity/trivy/commit/8d618e48a2f1b60c2e4c49cdd9deb8eb45c972b0))
* **misconf:** add metadata to Cloud schema ([#6831](https://github.com/aquasecurity/trivy/issues/6831)) ([02d5404](https://github.com/aquasecurity/trivy/commit/02d540478d495416b50d7e8b187ff9f5bba41f45))
* **misconf:** add support for AWS::EC2::SecurityGroupIngress/Egress ([#6755](https://github.com/aquasecurity/trivy/issues/6755)) ([55fa610](https://github.com/aquasecurity/trivy/commit/55fa6109cd0463fd3221aae41ca7b1d8c44ad430))
* **misconf:** API Gateway V1 support for CloudFormation ([#6874](https://github.com/aquasecurity/trivy/issues/6874)) ([8491469](https://github.com/aquasecurity/trivy/commit/8491469f0b35bd9df706a433669f5b62239d4ef3))
* **misconf:** support of selectors for all providers for Rego ([#6905](https://github.com/aquasecurity/trivy/issues/6905)) ([bc3741a](https://github.com/aquasecurity/trivy/commit/bc3741ae2c68cdd00fc0aef7e51985568b2eb78a))
* **php:** add installed.json file support ([#4865](https://github.com/aquasecurity/trivy/issues/4865)) ([edc556b](https://github.com/aquasecurity/trivy/commit/edc556b85e3554c31e19b1ece189effb9ba2be12))
* **plugin:** add support for nested archives ([#6845](https://github.com/aquasecurity/trivy/issues/6845)) ([622c67b](https://github.com/aquasecurity/trivy/commit/622c67b7647f94d0a0ca3acf711d8f847cdd8d98))
* **sbom:** migrate to `CycloneDX v1.6` ([#6903](https://github.com/aquasecurity/trivy/issues/6903)) ([09e50ce](https://github.com/aquasecurity/trivy/commit/09e50ce6a82073ba62f1732d5aa0cd2701578693))
### Bug Fixes
* **c:** don't skip conan files from `file-patterns` and scan `.conan2` cache dir ([#6949](https://github.com/aquasecurity/trivy/issues/6949)) ([38b35dd](https://github.com/aquasecurity/trivy/commit/38b35dd3c804027e7a6e6a9d3c87b7ac333896c5))
* **cli:** show info message only when --scanners is available ([#7032](https://github.com/aquasecurity/trivy/issues/7032)) ([e9fc3e3](https://github.com/aquasecurity/trivy/commit/e9fc3e3397564512038ddeca2adce0efcb3f93c5))
* **cyclonedx:** trim non-URL info for `advisory.url` ([#6952](https://github.com/aquasecurity/trivy/issues/6952)) ([417212e](https://github.com/aquasecurity/trivy/commit/417212e0930aa52a27ebdc1b9370d2943ce0f8fa))
* **debian:** take installed files from the origin layer ([#6849](https://github.com/aquasecurity/trivy/issues/6849)) ([089b953](https://github.com/aquasecurity/trivy/commit/089b953462260f01c40bdf588b2568ae0ef658bc))
* **image:** parse `image.inspect.Created` field only for non-empty values ([#6948](https://github.com/aquasecurity/trivy/issues/6948)) ([0af5730](https://github.com/aquasecurity/trivy/commit/0af5730cbe56686417389c2fad643c1bdbb33999))
* **license:** return license separation using separators `,`, `or`, etc. ([#6916](https://github.com/aquasecurity/trivy/issues/6916)) ([52f7aa5](https://github.com/aquasecurity/trivy/commit/52f7aa54b520a90a19736703f8ea63cc20fab104))
* **misconf:** fix caching of modules in subdirectories ([#6814](https://github.com/aquasecurity/trivy/issues/6814)) ([0bcfedb](https://github.com/aquasecurity/trivy/commit/0bcfedbcaa9bbe30ee5ecade5b98e9ce3cc54c9b))
* **misconf:** fix parsing of engine links and frameworks ([#6937](https://github.com/aquasecurity/trivy/issues/6937)) ([ec68c9a](https://github.com/aquasecurity/trivy/commit/ec68c9ab4580d057720179173d58734402c92af4))
* **misconf:** handle source prefix to ignore ([#6945](https://github.com/aquasecurity/trivy/issues/6945)) ([c3192f0](https://github.com/aquasecurity/trivy/commit/c3192f061d7e84eaf38df8df7c879dc00b4ca137))
* **misconf:** parsing numbers without fraction as int ([#6834](https://github.com/aquasecurity/trivy/issues/6834)) ([8141a13](https://github.com/aquasecurity/trivy/commit/8141a137ba50b553a9da877d95c7ccb491d041c6))
* **nodejs:** fix infinite loop when package link from `package-lock.json` file is broken ([#6858](https://github.com/aquasecurity/trivy/issues/6858)) ([cf5aa33](https://github.com/aquasecurity/trivy/commit/cf5aa336e660e4c98481ebf8d15dd4e54c38581e))
* **nodejs:** fix infinity loops for `pnpm` with cyclic imports ([#6857](https://github.com/aquasecurity/trivy/issues/6857)) ([7d083bc](https://github.com/aquasecurity/trivy/commit/7d083bc890eccc3bf32765c6d7e922cab2e2ef94))
* **plugin:** respect `--insecure` ([#7022](https://github.com/aquasecurity/trivy/issues/7022)) ([3d02a31](https://github.com/aquasecurity/trivy/commit/3d02a31b44924f9e2495aae087f7ca9de3314db4))
* **purl:** add missed os types ([#6955](https://github.com/aquasecurity/trivy/issues/6955)) ([2d85a00](https://github.com/aquasecurity/trivy/commit/2d85a003b22298d1101f84559f7c6b470f2b3909))
* **python:** compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase ([#6852](https://github.com/aquasecurity/trivy/issues/6852)) ([faa9d92](https://github.com/aquasecurity/trivy/commit/faa9d92cfeb8d924deda2dac583b6c97099c08d9))
* **sbom:** don't overwrite `srcEpoch` when decoding SBOM files ([#6866](https://github.com/aquasecurity/trivy/issues/6866)) ([04af59c](https://github.com/aquasecurity/trivy/commit/04af59c2906bcfc7f7970b4e8f45a90f04313170))
* **sbom:** fix panic when scanning SBOM file without root component into SBOM format ([#7051](https://github.com/aquasecurity/trivy/issues/7051)) ([3d4ae8b](https://github.com/aquasecurity/trivy/commit/3d4ae8b5be94cd9b00badeece8d86c2258b2cd90))
* **sbom:** take pkg name from `purl` for maven pkgs ([#7008](https://github.com/aquasecurity/trivy/issues/7008)) ([a76e328](https://github.com/aquasecurity/trivy/commit/a76e3286c413de3dec55394fb41dd627dfee37ae))
* **sbom:** use `purl` for `bitnami` pkg names ([#6982](https://github.com/aquasecurity/trivy/issues/6982)) ([7eabb92](https://github.com/aquasecurity/trivy/commit/7eabb92ec2e617300433445718be07ac74956454))
* **sbom:** use package UIDs for uniqueness ([#7042](https://github.com/aquasecurity/trivy/issues/7042)) ([14d71ba](https://github.com/aquasecurity/trivy/commit/14d71ba63c39e51dd4179ba2d6002b46e1816e90))
* **secret:** `Asymmetric Private Key` shouldn't start with space ([#6867](https://github.com/aquasecurity/trivy/issues/6867)) ([bb26445](https://github.com/aquasecurity/trivy/commit/bb26445e3df198df77930329f532ac5ab7a67af2))
* **suse:** Add SLES 15.6 and Leap 15.6 ([#6964](https://github.com/aquasecurity/trivy/issues/6964)) ([5ee4e9d](https://github.com/aquasecurity/trivy/commit/5ee4e9d30ea814f60fd5705361cabf2e83a47a78))
* use embedded when command path not found ([#7037](https://github.com/aquasecurity/trivy/issues/7037)) ([137c916](https://github.com/aquasecurity/trivy/commit/137c9164238ffd989a0c5ed24f23a55bbf341f6e))
## [0.52.0](https://github.com/aquasecurity/trivy/compare/v0.51.1...v0.52.0) (2024-06-03)
### Features
* Add Julia language analyzer support ([#5635](https://github.com/aquasecurity/trivy/issues/5635)) ([fecafb1](https://github.com/aquasecurity/trivy/commit/fecafb1fc5bb129c7485342a0775f0dd8bedd28e))
* add support for plugin index ([#6674](https://github.com/aquasecurity/trivy/issues/6674)) ([26faf8f](https://github.com/aquasecurity/trivy/commit/26faf8f3f04b1c5f9f81c03ffc6b2008732207e2))
* **misconf:** Add support for deprecating a check ([#6664](https://github.com/aquasecurity/trivy/issues/6664)) ([88702cf](https://github.com/aquasecurity/trivy/commit/88702cfd5918b093defc5b5580f7cbf16f5f2417))
* **misconf:** add Terraform 'removed' block to schema ([#6640](https://github.com/aquasecurity/trivy/issues/6640)) ([b7a0a13](https://github.com/aquasecurity/trivy/commit/b7a0a131a03ed49c08d3b0d481bc9284934fd6e1))
* **misconf:** register builtin Rego funcs from trivy-checks ([#6616](https://github.com/aquasecurity/trivy/issues/6616)) ([7c22ee3](https://github.com/aquasecurity/trivy/commit/7c22ee3df5ee51beb90e44428a99541b3d19ab98))
* **misconf:** resolve tf module from OpenTofu compatible registry ([#6743](https://github.com/aquasecurity/trivy/issues/6743)) ([ac74520](https://github.com/aquasecurity/trivy/commit/ac7452009bf7ca0fa8ee1de8807c792eabad405a))
* **misconf:** support for VPC resources for inbound/outbound rules ([#6779](https://github.com/aquasecurity/trivy/issues/6779)) ([349caf9](https://github.com/aquasecurity/trivy/commit/349caf96bc3dd81551d488044f1adfdb947f39fb))
* **misconf:** support symlinks inside of Helm archives ([#6621](https://github.com/aquasecurity/trivy/issues/6621)) ([4eae37c](https://github.com/aquasecurity/trivy/commit/4eae37c52b035b3576361c12f70d3d9517d0a73c))
* **nodejs:** add v9 pnpm lock file support ([#6617](https://github.com/aquasecurity/trivy/issues/6617)) ([1e08648](https://github.com/aquasecurity/trivy/commit/1e0864842e32a709941d4b4e8f521602bcee684d))
* **plugin:** specify plugin version ([#6683](https://github.com/aquasecurity/trivy/issues/6683)) ([d6dc567](https://github.com/aquasecurity/trivy/commit/d6dc56732babbc9d7f788c280a768d8648aa093d))
* **python:** add license support for `requirement.txt` files ([#6782](https://github.com/aquasecurity/trivy/issues/6782)) ([29615be](https://github.com/aquasecurity/trivy/commit/29615be85e8bfeaf5a0cd51829b1898c55fa4274))
* **python:** add line number support for `requirement.txt` files ([#6729](https://github.com/aquasecurity/trivy/issues/6729)) ([2bc54ad](https://github.com/aquasecurity/trivy/commit/2bc54ad2752aba5de4380cb92c13b09c0abefd73))
* **report:** Include licenses and secrets filtered by rego to ModifiedFindings ([#6483](https://github.com/aquasecurity/trivy/issues/6483)) ([fa3cf99](https://github.com/aquasecurity/trivy/commit/fa3cf993eace4be793f85907b42365269c597b91))
* **vex:** improve relationship support in CSAF VEX ([#6735](https://github.com/aquasecurity/trivy/issues/6735)) ([a447f6b](https://github.com/aquasecurity/trivy/commit/a447f6ba94b6f8b14177dc5e4369a788e2020d90))
* **vex:** support non-root components for products in OpenVEX ([#6728](https://github.com/aquasecurity/trivy/issues/6728)) ([9515695](https://github.com/aquasecurity/trivy/commit/9515695d45e9b5c20890e27e21e3ab45bfd4ce5f))
### Bug Fixes
* clean up golangci lint configuration ([#6797](https://github.com/aquasecurity/trivy/issues/6797)) ([62de6f3](https://github.com/aquasecurity/trivy/commit/62de6f3feba6e4c56ad3922441d5b0f150c3d6b7))
* **cli:** always output fatal errors to stderr ([#6827](https://github.com/aquasecurity/trivy/issues/6827)) ([c2b9132](https://github.com/aquasecurity/trivy/commit/c2b9132a7e933a68df4cc0eb86aab23719ded1b5))
* close APKINDEX archive file ([#6672](https://github.com/aquasecurity/trivy/issues/6672)) ([5caf437](https://github.com/aquasecurity/trivy/commit/5caf4377f3a7fcb1f6e1a84c67136ae62d100be3))
* close settings.xml ([#6768](https://github.com/aquasecurity/trivy/issues/6768)) ([9c3e895](https://github.com/aquasecurity/trivy/commit/9c3e895fcb0852c00ac03ed21338768f76b5273b))
* close testfile ([#6830](https://github.com/aquasecurity/trivy/issues/6830)) ([aa0c413](https://github.com/aquasecurity/trivy/commit/aa0c413814e8915b38d2285c6a8ba5bc3f0705b4))
* **conda:** add support `pip` deps for `environment.yml` files ([#6675](https://github.com/aquasecurity/trivy/issues/6675)) ([150a773](https://github.com/aquasecurity/trivy/commit/150a77313e980cd63797a89a03afcbc97b285f38))
* **go:** add only non-empty root modules for `gobinaries` ([#6710](https://github.com/aquasecurity/trivy/issues/6710)) ([c96f2a5](https://github.com/aquasecurity/trivy/commit/c96f2a5b3de820da37e14594dd537c3b0949ae9c))
* **go:** include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` ([#6705](https://github.com/aquasecurity/trivy/issues/6705)) ([afb4f9d](https://github.com/aquasecurity/trivy/commit/afb4f9dc4730671ba004e1734fa66422c4c86dad))
* Golang version parsing from binaries w/GOEXPERIMENT ([#6696](https://github.com/aquasecurity/trivy/issues/6696)) ([696f2ae](https://github.com/aquasecurity/trivy/commit/696f2ae0ecdd4f90303f41249924a09ace70dd78))
* include packages unless it is not needed ([#6765](https://github.com/aquasecurity/trivy/issues/6765)) ([56dbe1f](https://github.com/aquasecurity/trivy/commit/56dbe1f6768fe67fbc1153b74fde0f83eaa1b281))
* **misconf:** don't shift ignore rule related to code ([#6708](https://github.com/aquasecurity/trivy/issues/6708)) ([39a746c](https://github.com/aquasecurity/trivy/commit/39a746c77837f873e87b81be40676818030f44c5))
* **misconf:** skip Rego errors with a nil location ([#6638](https://github.com/aquasecurity/trivy/issues/6638)) ([a2c522d](https://github.com/aquasecurity/trivy/commit/a2c522ddb229f049999c4ce74ef75a0e0f9fdc62))
* **misconf:** skip Rego errors with a nil location ([#6666](https://github.com/aquasecurity/trivy/issues/6666)) ([a126e10](https://github.com/aquasecurity/trivy/commit/a126e1075a44ef0e40c0dc1e214d1c5955f80242))
* node-collector high and critical cves ([#6707](https://github.com/aquasecurity/trivy/issues/6707)) ([ff32deb](https://github.com/aquasecurity/trivy/commit/ff32deb7bf9163c06963f557228260b3b8c161ed))
* **plugin:** initialize logger ([#6836](https://github.com/aquasecurity/trivy/issues/6836)) ([728e77a](https://github.com/aquasecurity/trivy/commit/728e77a7261dc3fcda1e61e79be066c789bbba0c))
* **python:** add package name and version validation for `requirements.txt` files. ([#6804](https://github.com/aquasecurity/trivy/issues/6804)) ([ea3a124](https://github.com/aquasecurity/trivy/commit/ea3a124fc7162c30c7f1a59bdb28db0b3c8bb86d))
* **report:** hide empty tables if all vulns has been filtered ([#6352](https://github.com/aquasecurity/trivy/issues/6352)) ([3d388d8](https://github.com/aquasecurity/trivy/commit/3d388d8552ef42d4d54176309a38c1879008527b))
* **sbom:** fix panic for `convert` mode when scanning json file derived from sbom file ([#6808](https://github.com/aquasecurity/trivy/issues/6808)) ([f92ea09](https://github.com/aquasecurity/trivy/commit/f92ea096856c7c262b05bd4d31c62689ebafac82))
* use of specified context to obtain cluster name ([#6645](https://github.com/aquasecurity/trivy/issues/6645)) ([39ebed4](https://github.com/aquasecurity/trivy/commit/39ebed45f8c218509d264bd3f3ca548fc33d2b3a))
### Performance Improvements
* **misconf:** parse rego input once ([#6615](https://github.com/aquasecurity/trivy/issues/6615)) ([67c6b1d](https://github.com/aquasecurity/trivy/commit/67c6b1d473999003d682bdb42657bbf3a4a69a9c))

1
CONTRIBUTING.md
View File

@@ -1 +0,0 @@
See [Issues](https://trivy.dev/latest/community/contribute/issue/) and [Pull Requests](https://trivy.dev/latest/community/contribute/pr/)

5
Dockerfile
View File

@@ -1,5 +0,0 @@
FROM alpine:3.21.3
RUN apk --no-cache add ca-certificates git
COPY trivy /usr/local/bin/trivy
COPY contrib/*.tpl contrib/
ENTRYPOINT ["trivy"]

11
Dockerfile.canary
View File

@@ -1,11 +0,0 @@
FROM alpine:3.21.3
RUN apk --no-cache add ca-certificates git
# binaries were created with GoReleaser
# need to copy binaries from folder with correct architecture
# example architecture folder: dist/trivy_canary_build_linux_arm64/trivy
# GoReleaser adds _v* to the folder name, but only when GOARCH is amd64
ARG TARGETARCH
COPY "dist/trivy_canary_build_linux_${TARGETARCH}*/trivy" /usr/local/bin/trivy
COPY contrib/*.tpl contrib/
ENTRYPOINT ["trivy"]

20
Dockerfile.protoc
View File

@@ -1,20 +0,0 @@
FROM --platform=linux/amd64 golang:1.24
# Set environment variable for protoc
ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip
# Install unzip for protoc installation and clean up cache
RUN apt-get update && apt-get install -y unzip && rm -rf /var/lib/apt/lists/*
# Download and install protoc
RUN curl --retry 5 -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/$PROTOC_ZIP \
&& unzip -o $PROTOC_ZIP -d /usr/local bin/protoc \
&& unzip -o $PROTOC_ZIP -d /usr/local 'include/*' \
&& rm -f $PROTOC_ZIP
# Install Go tools
RUN go install github.com/twitchtv/twirp/protoc-gen-twirp@v8.1.0
RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.34.0
RUN go install github.com/magefile/mage@v1.15.0
ENV TRIVY_PROTOC_CONTAINER=true

214
LICENSE
View File

@@ -1,201 +1,21 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
MIT License
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
Copyright (c) 2019 Teppei Fukuda
1. Definitions.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

4
NOTICE
View File

@@ -1,4 +0,0 @@
Trivy
Copyright 2019-2020 Aqua Security Software Ltd.
This product includes software developed by Aqua Security (https://aquasec.com).

227
README.md
View File

@@ -1,147 +1,144 @@
<div align="center">
<img src="docs/imgs/logo.png" width="200">
# trivy
[![GitHub Release][release-img]][release]
[![Test][test-img]][test]
[![Go Report Card][go-report-img]][go-report]
[![License: Apache-2.0][license-img]][license]
[![GitHub Downloads][github-downloads-img]][release]
![Docker Pulls][docker-pulls]
[![GitHub release](https://img.shields.io/github/release/knqyf263/trivy.svg)](https://github.com/knqyf263/trivy/releases/latest)
[![CircleCI](https://circleci.com/gh/knqyf263/trivy.svg?style=svg)](https://circleci.com/gh/knqyf263/trivy)
[![Go Report Card](https://goreportcard.com/badge/github.com/knqyf263/trivy)](https://goreportcard.com/report/github.com/knqyf263/trivy)
[![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](https://github.com/knqyf263/trivy/blob/master/LICENSE)
[📖 Documentation][docs]
</div>
# Abstract
Scan containers
Trivy ([pronunciation][pronunciation]) is a comprehensive and versatile security scanner.
Trivy has *scanners* that look for security issues, and *targets* where it can find those issues.
# Features
Targets (what Trivy can scan):
# Installation
- Container Image
- Filesystem
- Git Repository (remote)
- Virtual Machine Image
- Kubernetes
## RHEL/CentOS
Scanners (what Trivy can find there):
Add repository setting to `/etc/yum.repos.d`.
- OS packages and software dependencies in use (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
Trivy supports most popular programming languages, operating systems, and platforms. For a complete list, see the [Scanning Coverage] page.
To learn more, go to the [Trivy homepage][homepage] for feature highlights, or to the [Documentation site][docs] for detailed information.
## Quick Start
### Get Trivy
Trivy is available in most common distribution channels. The full list of installation options is available in the [Installation] page. Here are a few popular examples:
- `brew install trivy`
- `docker run aquasec/trivy`
- Download binary from <https://github.com/aquasecurity/trivy/releases/latest/>
- See [Installation] for more
Trivy is integrated with many popular platforms and applications. The complete list of integrations is available in the [Ecosystem] page. Here are a few popular examples:
- [GitHub Actions](https://github.com/aquasecurity/trivy-action)
- [Kubernetes operator](https://github.com/aquasecurity/trivy-operator)
- [VS Code plugin](https://github.com/aquasecurity/trivy-vscode-extension)
- See [Ecosystem] for more
### Canary builds
There are canary builds ([Docker Hub](https://hub.docker.com/r/aquasec/trivy/tags?page=1&name=canary), [GitHub](https://github.com/aquasecurity/trivy/pkgs/container/trivy/75776514?tag=canary), [ECR](https://gallery.ecr.aws/aquasecurity/trivy#canary) images and [binaries](https://github.com/aquasecurity/trivy/actions/workflows/canary.yaml)) as generated every push to main branch.
Please be aware: canary builds might have critical bugs, it's not recommended for use in production.
### General usage
```bash
trivy <target> [--scanners <scanner1,scanner2>] <subject>
```
$ sudo vim /etc/yum.repos.d/trivy.repo
[trivy]
name=Trivy repository
baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
gpgcheck=0
enabled=1
$ sudo yum -y update
$ sudo yum -y install trivy
```
Examples:
## Debian/Ubuntu
```bash
trivy image python:3.4-alpine
Replace `[CODE_NAME]` with your code name
CODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic
```
$ sudo apt-get install apt-transport-https gnupg
$ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add -
$ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install trivy
```
<details>
<summary>Result</summary>
https://user-images.githubusercontent.com/1161307/171013513-95f18734-233d-45d3-aaf5-d6aec687db0e.mov
</details>
```bash
trivy fs --scanners vuln,secret,misconfig myproject/
## Mac OS X / Homebrew
You can use homebrew on OS X.
```
$ brew tap knqyf263/trivy
$ brew install knqyf263/trivy/trivy
```
<details>
<summary>Result</summary>
## Binary (Including Windows)
Go to [the releases page](https://github.com/knqyf263/trivy/releases), find the version you want, and download the zip file. Unpack the zip file, and put the binary to somewhere you want (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on.
https://user-images.githubusercontent.com/1161307/171013917-b1f37810-f434-465c-b01a-22de036bd9b3.mov
## From source
</details>
```bash
trivy k8s --report summary cluster
```sh
$ go get -u github.com/knqyf263/trivy
```
<details>
<summary>Result</summary>
# Examples
![k8s summary](docs/imgs/trivy-k8s.png)
# Usage
</details>
```
$ trivy -h
NAME:
trivy - A simple and comprehensive vulnerability scanner for containers
USAGE:
main [options] image_name
VERSION:
0.0.1
OPTIONS:
--format value, -f value format (table, json) (default: "table")
--input value, -i value input file path instead of image name
--severity value, -s value severities of vulnerabilities to be displayed (comma separated) (default: "CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN")
--output value, -o value output file name
--skip-update skip db update
--clean, -c clean all cache
--debug, -d debug mode
--help, -h show help
--version, -v print the version
```
## FAQ
# Q&A
## Homebrew
### Error: Your macOS keychain GitHub credentials do not have sufficient scope!
### How to pronounce the name "Trivy"?
```
$ brew tap knqyf263/trivy
Error: Your macOS keychain GitHub credentials do not have sufficient scope!
Scopes they need: none
Scopes they have:
Create a personal access token:
https://github.com/settings/tokens/new?scopes=gist,public_repo&description=Homebrew
echo 'export HOMEBREW_GITHUB_API_TOKEN=your_token_here' >> ~/.zshrc
```
`tri` is pronounced like **tri**gger, `vy` is pronounced like en**vy**.
Try:
```
$ printf "protocol=https\nhost=github.com\n" | git credential-osxkeychain erase
```
## Want more? Check out Aqua
### Error: knqyf263/trivy/trivy 64 already installed
If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
You can find a high level comparison table specific to Trivy users [here](https://trivy.dev/latest/commercial/compare/).
In addition check out the <https://aquasec.com> website for more information about our products and services.
If you'd like to contact Aqua or request a demo, please use this form: <https://www.aquasec.com/demo>
```
$ brew upgrade
...
Error: knqyf263/trivy/trivy 64 already installed
```
## Community
Try:
Trivy is an [Aqua Security][aquasec] open source project.
Learn about our open source work and portfolio [here][oss].
Contact us about any matter by opening a GitHub Discussion [here][discussions]
```
$ brew unlink trivy && brew uninstall trivy
($ rm -rf /usr/local/Cellar/trivy/64)
$ brew install knqyf263/trivy/trivy
```
Please ensure to abide by our [Code of Conduct][code-of-conduct] during all interactions.
## Others
### Unknown error
Try again with `--clean` option
[test]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml
[test-img]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml/badge.svg
[go-report]: https://goreportcard.com/report/github.com/aquasecurity/trivy
[go-report-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy
[release]: https://github.com/aquasecurity/trivy/releases
[release-img]: https://img.shields.io/github/release/aquasecurity/trivy.svg?logo=github
[github-downloads-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github
[docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy
[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
[license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg
[homepage]: https://trivy.dev
[docs]: https://trivy.dev/latest/docs/
[pronunciation]: #how-to-pronounce-the-name-trivy
[code-of-conduct]: https://github.com/aquasecurity/community/blob/main/CODE_OF_CONDUCT.md
```
$ trivy --clean alpine:3.8
```
[Installation]:https://trivy.dev/latest/getting-started/installation/
[Ecosystem]: https://trivy.dev/latest/ecosystem/
[Scanning Coverage]: https://trivy.dev/latest/docs/coverage/
# Contribute
[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
[rego]: https://www.openpolicyagent.org/docs/latest/#rego
[sigstore]: https://www.sigstore.dev/
1. fork a repository: github.com/knqyf263/trivy to github.com/you/repo
2. get original code: `go get github.com/knqyf263/trivy`
3. work on original code
4. add remote to your repo: git remote add myfork https://github.com/you/repo.git
5. push your changes: git push myfork
6. create a new Pull Request
[aquasec]: https://aquasec.com
[oss]: https://www.aquasec.com/products/open-source-projects/
[discussions]: https://github.com/aquasecurity/trivy/discussions
- see [GitHub and Go: forking, pull requests, and go-getting](http://blog.campoy.cat/2014/03/github-and-go-forking-pull-requests-and.html)
----
# License
MIT
# Author
Teppei Fukuda (knqyf263)

10
SECURITY.md
View File

@@ -1,10 +0,0 @@
# Security Policy
## Supported Versions
This is an open source project that is provided as-is without warrenty or liability.
As such no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
## Reporting a Vulnerability
Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).

BIN
brand/Trivy-OSS-Logo-Color-Horizontal-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

85
brand/Trivy-OSS-Logo-Color-Horizontal-RGB.svg
View File

@@ -1,85 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891;" xml:space="preserve">
<style type="text/css">
.st0{fill:#031730;}
.st1{fill:#08B1D5;}
.st2{fill:#1904DA;}
.st3{fill:#FFC900;}
.st4{fill:#FF0036;}
</style>
<g>
<g>
<g>
<g>
<g>
<path class="st0" d="M1437.8,277.53h-46.05c-25.39,0-46.05-20.66-46.05-46.05c0-25.39,20.66-46.05,46.05-46.05
c25.39,0,46.05,20.66,46.05,46.05V277.53z M1391.75,204.13c-15.08,0-27.35,12.27-27.35,27.35c0,15.08,12.27,27.35,27.35,27.35
h27.35v-27.35C1419.1,216.4,1406.84,204.13,1391.75,204.13z"/>
</g>
</g>
<g>
<g>
<path class="st0" d="M1746.82,277.53h-46.05c-25.39,0-46.05-20.66-46.05-46.05c0-25.39,20.66-46.05,46.05-46.05
c25.39,0,46.05,20.66,46.05,46.05V277.53z M1700.77,204.13c-15.08,0-27.35,12.27-27.35,27.35c0,15.08,12.27,27.35,27.35,27.35
h27.35v-27.35C1728.12,216.4,1715.85,204.13,1700.77,204.13z"/>
</g>
</g>
<g>
<path class="st0" d="M1597.76,277.55c-25.4,0-46.07-20.66-46.07-46.07v-43.22h18.71v43.22c0,15.09,12.28,27.36,27.36,27.36
s27.36-12.28,27.36-27.36v-43.22h18.71v43.22C1643.83,256.88,1623.16,277.55,1597.76,277.55z"/>
</g>
<g>
<path class="st0" d="M1494.75,185.43c-25.39,0-46.05,20.66-46.05,46.05c0,25.39,20.66,46.05,46.05,46.05l18.7-18.7h-18.7
c-15.08,0-27.35-12.27-27.35-27.35c0-15.08,12.27-27.35,27.35-27.35s27.35,12.27,27.35,27.35v90h18.7v-90
C1540.8,206.09,1520.14,185.43,1494.75,185.43z"/>
</g>
</g>
</g>
<g>
<g>
<path class="st0" d="M968.09,578.05v45.38c-30.92,0-58.76-11.12-80.72-29.55c-27.59-23.17-45.14-57.93-45.14-96.78V269.82h45.14
v103.14h80.72v45.68h-80.72v79.6C887.98,542.42,923.77,578.05,968.09,578.05z"/>
<path class="st0" d="M1128.93,372.97v45.08c-42.79,0.09-77.63,34.03-79.2,76.45v128.94h-45.21V372.96h45.21v28.59
C1071.24,383.73,1098.84,373.01,1128.93,372.97z"/>
<path class="st0" d="M1157.94,347.93v-39.5h45.14v39.5H1157.94z M1157.94,623.44V372.96h45.14v250.48H1157.94z"/>
<path class="st0" d="M1479.86,372.96l-125.14,250.48l-125.3-250.48h51.3l73.99,147.93l73.84-147.93H1479.86z"/>
<path class="st0" d="M1750.5,372.96c0,0,0,273.85,0,291.97c0,69.91-57.37,125.75-125.32,125.69
c-31.84,0.03-61.33-12.05-83.7-32.11l32.45-32.45c13.85,11.74,31.73,18.85,51.25,18.82c43.98,0,79.58-35.97,79.58-79.95v-69.99
c-21.82,18.06-49.68,28.52-79.58,28.49c-68.1,0.06-125.44-54.9-125.44-125.35c0-1.49,0-125.13,0-125.13h45.73
c0,0,0.02,121.79,0.02,125.13c0,43.8,35.68,80,79.69,79.96c43.98,0,79.58-35.97,79.58-79.96V372.96H1750.5z"/>
</g>
</g>
<g>
<g>
<g>
<path class="st1" d="M463.95,358.89c0.04,0,0.08,0,0.12,0c6.43,0.01,11.75-4.93,11.75-11.36V134.47l-11.99-6.7l-11.94,6.67
v213.1c0,6.43,5.32,11.38,11.75,11.35C463.73,358.89,463.84,358.89,463.95,358.89z"/>
<path class="st2" d="M392.02,455.6L194.35,588.27v15.11l11.26,6.17L405.34,475.5c5.13-3.44,6.41-10.31,3.09-15.52
c-0.14-0.22-0.28-0.44-0.42-0.67C404.58,453.78,397.42,451.98,392.02,455.6z"/>
<path class="st3" d="M522.51,475.6l199.56,133.93l11.23-6.15v-15.14L535.83,455.71c-5.4-3.62-12.56-1.83-16,3.69
c-0.13,0.21-0.26,0.42-0.4,0.63C516.09,465.26,517.36,472.15,522.51,475.6z"/>
<path class="st0" d="M757.23,277.9V264.2l-12.26-6.85l-0.91-0.48L475.5,106.89l-11.68-6.51l-11.63,6.51L183.58,256.88
l-0.91,0.48l-12.25,6.85v13.69l-0.91,0.53l0.91,0.48v13.64v325.01l12.45,6.8l261.62,143.33l3.3,1.82l16.08,8.81l16.04-8.81
l3.3-1.82l261.62-143.33l12.4-6.8V292.55v-13.6l0.96-0.53L757.23,277.9z M476.11,744.33V502.51c0-6.59-5.39-11.98-11.98-11.97
l-0.18,0l-0.12,0c-6.59-0.01-11.98,5.38-11.98,11.97v241.81L205.61,609.55l-11.26-6.17v-15.11V290.06l196.06,107.42
c5.66,3.1,12.84,1.02,15.97-4.63l0.14-0.25c3.16-5.71,1.06-12.96-4.67-16.1L208.33,270.47l243.55-136.03l11.94-6.67l11.99,6.7
l243.5,136.01L525.64,376.58c-5.7,3.12-7.48,10.25-4.32,15.92c0.05,0.1,0.11,0.19,0.16,0.29c3.1,5.62,10.02,7.85,15.65,4.77
l196.16-107.5v298.19v15.14l-11.23,6.15L476.11,744.33z"/>
</g>
<circle class="st4" cx="463.95" cy="424.72" r="34.73"/>
</g>
<path class="st1" d="M649.35,258.97L461.77,153.83c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59
l187.58,105.15c5.77,3.23,7.82,10.53,4.59,16.29v0C662.41,260.15,655.12,262.2,649.35,258.97z"/>
<path class="st1" d="M567.15,267.09l-105.38-59.07c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59
l105.38,59.07c5.77,3.23,7.82,10.53,4.59,16.29l0,0C580.21,268.26,572.92,270.32,567.15,267.09z"/>
<path class="st1" d="M601.67,286.44L601.67,286.44c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59l0,0
c5.77,3.23,7.82,10.53,4.59,16.29v0C614.73,287.61,607.44,289.67,601.67,286.44z"/>
<path class="st1" d="M497.04,283.82l-35-19.62c-5.77-3.23-7.82-10.53-4.59-16.29v0c3.23-5.77,10.53-7.82,16.29-4.59l35,19.62
c5.77,3.23,7.82,10.53,4.59,16.29l0,0C510.1,284.99,502.8,287.05,497.04,283.82z"/>
<path class="st1" d="M549.85,316.05l-20.26-11.36c-5.77-3.23-7.82-10.53-4.59-16.29h0c3.23-5.77,10.53-7.82,16.29-4.59
l20.26,11.36c5.77,3.23,7.82,10.53,4.59,16.29v0C562.91,317.23,555.61,319.28,549.85,316.05z"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 5.3 KiB

BIN
brand/Trivy-OSS-Logo-Color-Stacked-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

3206
brand/Trivy-OSS-Logo-Color-Stacked-RGB.svg
View File

File diff suppressed because it is too large Load Diff
Side by Side

Before

Width:  |  Height:  |  Size: 233 KiB

BIN
brand/Trivy-OSS-Logo-White-Horizontal-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 44 KiB

69
brand/Trivy-OSS-Logo-White-Horizontal-RGB.svg
View File

@@ -1,69 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891;" xml:space="preserve">
<style type="text/css">
.st0{fill:#FFFFFF;}
.st1{fill:#50F0FF;}
.st2{fill:#0744DD;}
.st3{fill:#FFC900;}
.st4{fill:#FF0036;}
</style>
<g>
<g>
<path class="st0" d="M1421.86,281.92h-46.97c-25.9,0-46.97-21.07-46.97-46.97c0-25.9,21.07-46.97,46.97-46.97
c25.9,0,46.97,21.07,46.97,46.97V281.92z M1374.89,207.05c-15.38,0-27.9,12.52-27.9,27.9c0,15.38,12.52,27.9,27.9,27.9h27.9v-27.9
C1402.79,219.57,1390.28,207.05,1374.89,207.05z"/>
<path class="st0" d="M1737.06,281.92h-46.97c-25.9,0-46.97-21.07-46.97-46.97c0-25.9,21.07-46.97,46.97-46.97
c25.9,0,46.97,21.07,46.97,46.97V281.92z M1690.09,207.05c-15.38,0-27.9,12.52-27.9,27.9c0,15.38,12.52,27.9,27.9,27.9h27.9v-27.9
C1717.98,219.57,1705.47,207.05,1690.09,207.05z"/>
<path class="st0" d="M1585.02,281.94c-25.91,0-46.99-21.08-46.99-46.99v-44.08h19.08v44.08c0,15.39,12.52,27.91,27.91,27.91
c15.39,0,27.91-12.52,27.91-27.91v-44.08h19.09v44.08C1632.01,260.86,1610.92,281.94,1585.02,281.94z"/>
<path class="st0" d="M1479.94,187.98c-25.9,0-46.97,21.07-46.97,46.97c0,25.9,21.07,46.97,46.97,46.97l19.07-19.07h-19.07
c-15.38,0-27.9-12.52-27.9-27.9c0-15.38,12.52-27.9,27.9-27.9c15.38,0,27.9,12.52,27.9,27.9v91.8h19.07v-91.8
C1526.91,209.05,1505.84,187.98,1479.94,187.98z"/>
</g>
<g>
<path class="st0" d="M942.76,588.45v46.29c-31.53,0-59.94-11.34-82.34-30.14c-28.15-23.63-46.04-59.08-46.04-98.71V274.06h46.04
v105.2h82.34v46.59h-82.34v81.19C861.05,552.1,897.55,588.45,942.76,588.45z"/>
<path class="st0" d="M1106.82,379.26v45.98c-43.65,0.1-79.18,34.71-80.78,77.98v131.52h-46.12V379.26h46.12v29.16
C1047.97,390.24,1076.12,379.3,1106.82,379.26z"/>
<path class="st0" d="M1136.4,353.72v-40.29h46.05v40.29H1136.4z M1136.4,634.74V379.26h46.05v255.48H1136.4z"/>
<path class="st0" d="M1464.76,379.26l-127.64,255.48l-127.8-255.48h52.33l75.47,150.88l75.31-150.88H1464.76z"/>
<path class="st0" d="M1740.81,379.26c0,0,0,279.32,0,297.8c0,71.31-58.52,128.26-127.83,128.2
c-32.47,0.03-62.55-12.29-85.37-32.76l33.1-33.09c14.13,11.97,32.36,19.22,52.28,19.2c44.86,0,81.17-36.69,81.17-81.55v-71.39
c-22.26,18.42-50.67,29.09-81.17,29.06c-69.46,0.06-127.95-56-127.95-127.85c0-1.51,0-127.64,0-127.64h46.64
c0,0,0.02,124.23,0.02,127.64c0,44.67,36.39,81.6,81.28,81.55c44.86,0,81.17-36.69,81.17-81.55V379.26H1740.81z"/>
</g>
<g>
<g>
<g>
<path class="st1" d="M428.54,364.9c0.04,0,0.08,0,0.12,0c6.56,0.01,11.98-5.03,11.98-11.58V135.99l-12.23-6.83l-12.18,6.8
v217.36c0,6.56,5.43,11.61,11.98,11.58C428.32,364.9,428.43,364.9,428.54,364.9z"/>
<path class="st2" d="M355.18,463.55L153.55,598.87v15.41l11.49,6.29l203.73-136.73c5.23-3.51,6.53-10.52,3.15-15.84
c-0.14-0.23-0.29-0.45-0.43-0.68C367.99,461.7,360.68,459.86,355.18,463.55z"/>
<path class="st3" d="M488.27,483.95l203.55,136.61l11.45-6.28v-15.44L501.86,463.66c-5.51-3.7-12.82-1.87-16.32,3.76
c-0.13,0.21-0.27,0.43-0.4,0.64C481.73,473.4,483.02,480.43,488.27,483.95z"/>
<path class="st0" d="M727.69,282.29v-13.96l-12.5-6.98l-0.93-0.49L440.33,107.87l-11.92-6.64l-11.87,6.64L142.56,260.86
l-0.93,0.49l-12.5,6.98v13.96l-0.93,0.54l0.93,0.49v13.92v331.5l12.69,6.94l266.85,146.2l3.37,1.85l16.41,8.98l16.36-8.98
l3.37-1.85l266.85-146.2l12.65-6.94v-331.5v-13.87l0.98-0.54L727.69,282.29z M440.95,758.05V511.4c0-6.72-5.5-12.22-12.22-12.21
l-0.19,0l-0.13,0c-6.72-0.01-12.22,5.49-12.22,12.21v246.64L165.04,620.57l-11.49-6.29v-15.41V294.7l199.98,109.56
c5.77,3.16,13.1,1.04,16.28-4.72l0.14-0.26c3.22-5.83,1.08-13.22-4.76-16.42L167.81,274.72l248.42-138.75l12.18-6.8l12.23,6.83
l248.37,138.73L491.47,382.95c-5.81,3.18-7.63,10.45-4.41,16.24c0.05,0.1,0.11,0.2,0.16,0.29c3.16,5.73,10.22,8.01,15.96,4.86
L703.27,294.7v304.15v15.44l-11.45,6.28L440.95,758.05z"/>
</g>
<circle class="st4" cx="428.54" cy="432.05" r="35.42"/>
</g>
<path class="st1" d="M617.65,262.99L426.32,155.74c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68
l191.33,107.25c5.88,3.3,7.98,10.74,4.68,16.62l0,0C630.97,264.19,623.53,266.29,617.65,262.99z"/>
<path class="st1" d="M533.81,271.27l-107.48-60.25c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68
l107.48,60.25c5.88,3.3,7.98,10.74,4.68,16.62v0C547.13,272.47,539.69,274.56,533.81,271.27z"/>
<path class="st1" d="M569.02,291L569.02,291c-5.88-3.3-7.98-10.74-4.68-16.62l0,0c3.3-5.88,10.74-7.98,16.62-4.68v0
c5.88,3.3,7.98,10.74,4.68,16.62v0C582.34,292.2,574.9,294.3,569.02,291z"/>
<path class="st1" d="M462.29,288.33l-35.7-20.01c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68l35.7,20.01
c5.88,3.3,7.98,10.74,4.68,16.62v0C475.61,289.53,468.17,291.63,462.29,288.33z"/>
<path class="st1" d="M516.16,321.21l-20.67-11.58c-5.88-3.3-7.98-10.74-4.68-16.62v0c3.3-5.88,10.74-7.98,16.62-4.68l20.67,11.58
c5.88,3.3,7.98,10.74,4.68,16.62v0C529.48,322.41,522.04,324.51,516.16,321.21z"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 5.1 KiB

BIN
brand/Trivy-OSS-Logo-White-Stacked-RGB.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

3179
brand/Trivy-OSS-Logo-White-Stacked-RGB.svg
View File

File diff suppressed because it is too large Load Diff
Side by Side

Before

Width:  |  Height:  |  Size: 232 KiB

2
brand/readme.md
View File

@@ -1,2 +0,0 @@
This directory contains media assets, such as the Trivy logo.
Assets under this directory are provided under the Creative Commons - BY 4.0 License. For more details, see here: <https://creativecommons.org/licenses/by/4.0/>

20
ci/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM bepsays/ci-goreleaser:1.12-2
RUN apt-get -y update \
&& apt-get -y install vim rpm reprepro createrepo \
&& wget https://dl.bintray.com/homebrew/mirror/berkeley-db-18.1.32.tar.gz \
# Berkeley DB
&& tar zxvf berkeley-db-18.1.32.tar.gz \
&& cd db-18.1.32/build_unix \
# Linux
&& ../dist/configure --prefix=/usr/local --host=x86_64-linux \
&& make \
&& make install \
# Darwin
&& make clean \
&& ../dist/configure --prefix=/usr/local --host=x86_64-apple-darwin15 \
&& make \
&& make install

17
ci/deploy-deb.sh
View File

@@ -1,24 +1,17 @@
#!/bin/bash
DEBIAN_RELEASES=$(debian-distro-info --supported)
UBUNTU_RELEASES=$(sort -u <(ubuntu-distro-info --supported-esm) <(ubuntu-distro-info --supported))
RELEASES=(wheezy jessie stretch buster trusty xenial bionic)
cd trivy-repo/deb
for release in generic ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Removing deb package of $release"
for release in ${RELEASES[@]}; do
echo "Adding deb package to $release"
reprepro -A i386 remove $release trivy
reprepro -A amd64 remove $release trivy
reprepro -A arm64 remove $release trivy
done
for release in generic ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do
echo "Adding deb package to $release"
reprepro includedeb $release ../../dist/*Linux-32bit.deb
reprepro includedeb $release ../../dist/*Linux-64bit.deb
reprepro includedeb $release ../../dist/*Linux-ARM64.deb
reprepro includedeb $release ../../dist/*Linux-32bit.deb
done
git add .
git commit -m "Update deb packages"
git push origin main
git push origin master

57
ci/deploy-rpm.sh
View File

@@ -1,51 +1,20 @@
#!/bin/bash
#!/bin/sh
TRIVY_VERSION=$(find dist/ -type f -name "*64bit.rpm" -printf "%f\n" | head -n1 | sed -nre 's/^[^0-9]*(([0-9]+\.)*[0-9]+).*/\1/p')
function create_common_rpm_repo () {
rpm_path=$1
ARCHES=("x86_64" "aarch64")
for arch in ${ARCHES[@]}; do
prefix=$arch
if [ "$arch" == "x86_64" ]; then
prefix="64bit"
elif [ "$arch" == "aarch64" ]; then
prefix="ARM64"
fi
mkdir -p $rpm_path/$arch
cp ../dist/*${prefix}.rpm ${rpm_path}/$arch/
createrepo_c -u https://github.com/aquasecurity/trivy/releases/download/ --location-prefix="v"$TRIVY_VERSION --update $rpm_path/$arch
rm ${rpm_path}/$arch/*${prefix}.rpm
done
}
function create_rpm_repo () {
version=$1
rpm_path=rpm/releases/${version}/x86_64
mkdir -p $rpm_path
cp ../dist/*64bit.rpm ${rpm_path}/
createrepo_c -u https://github.com/aquasecurity/trivy/releases/download/ --location-prefix="v"$TRIVY_VERSION --update $rpm_path
rm ${rpm_path}/*64bit.rpm
}
echo "Create RPM releases for Trivy v$TRIVY_VERSION"
RPM_EL6=$(find dist/ -type f -name "*64bit.rpm" -printf "%f\n" | head -n1 | sed -e 's/_/-/g' -e 's/-Linux/.el6/' -e 's/-64bit/.x86_64/')
RPM_EL7=$(find dist/ -type f -name "*64bit.rpm" -printf "%f\n" | head -n1 | sed -e 's/_/-/g' -e 's/-Linux/.el7/' -e 's/-64bit/.x86_64/')
cd trivy-repo
mkdir -p rpm/releases/6/x86_64
mkdir -p rpm/releases/7/x86_64
echo "Processing common repository for RHEL/CentOS..."
create_common_rpm_repo rpm/releases
cd rpm
cp ../../dist/*64bit.rpm releases/6/x86_64/${RPM_EL6}
cp ../../dist/*64bit.rpm releases/7/x86_64/${RPM_EL7}
VERSIONS=(5 6 7 8 9)
for version in ${VERSIONS[@]}; do
echo "Processing RHEL/CentOS $version..."
create_rpm_repo $version
done
createrepo --update releases/6/x86_64/
createrepo --update releases/7/x86_64/
git add .
git commit -m "Update rpm packages for Trivy v$TRIVY_VERSION"
git push origin main
git commit -m "Update rpm packages"
git push origin master

67
cmd/remic/main.go Normal file
View File

@@ -0,0 +1,67 @@
package main
import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/remic"
"github.com/urfave/cli"
"github.com/knqyf263/trivy/pkg/log"
)
func main() {
cli.AppHelpTemplate = `NAME:
{{.Name}}{{if .Usage}} - {{.Usage}}{{end}}
USAGE:
{{if .UsageText}}{{.UsageText}}{{else}}{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}{{end}}{{if .Version}}{{if not .HideVersion}}
VERSION:
{{.Version}}{{end}}{{end}}{{if .Description}}
DESCRIPTION:
{{.Description}}{{end}}{{if len .Authors}}
AUTHOR{{with $length := len .Authors}}{{if ne 1 $length}}S{{end}}{{end}}:
{{range $index, $author := .Authors}}{{if $index}}
{{end}}{{$author}}{{end}}{{end}}{{if .VisibleCommands}}
OPTIONS:
{{range $index, $option := .VisibleFlags}}{{if $index}}
{{end}}{{$option}}{{end}}{{end}}
`
app := cli.NewApp()
app.Name = "remic"
app.Version = "0.0.1"
app.ArgsUsage = "file"
app.Usage = "A simple and fast tool for detecting vulnerabilities in application dependencies"
app.Flags = []cli.Flag{
cli.StringFlag{
Name: "format, f",
Value: "table",
Usage: "format (table, json)",
},
cli.StringFlag{
Name: "severity, s",
Value: strings.Join(vulnerability.SeverityNames, ","),
Usage: "severity of vulnerabilities to be displayed",
},
cli.StringFlag{
Name: "output, o",
Usage: "output file name",
},
cli.BoolFlag{
Name: "debug, d",
Usage: "debug mode",
},
}
app.Action = func(c *cli.Context) error {
return remic.Run(c)
}
err := app.Run(os.Args)
if err != nil {
log.Logger.Fatal(err)
}
}

100
cmd/trivy/main.go
View File

@@ -1,46 +1,84 @@
package main
import (
"context"
"errors"
"os"
"strings"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/commands"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/plugin"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/urfave/cli"
_ "modernc.org/sqlite" // sqlite driver for RPM DB and Java DB
"github.com/knqyf263/trivy/pkg"
"github.com/knqyf263/trivy/pkg/log"
)
var (
version = "dev"
)
func main() {
if err := run(); err != nil {
var exitError *types.ExitError
if errors.As(err, &exitError) {
os.Exit(exitError.Code)
}
cli.AppHelpTemplate = `NAME:
{{.Name}}{{if .Usage}} - {{.Usage}}{{end}}
USAGE:
{{if .UsageText}}{{.UsageText}}{{else}}{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}{{end}}{{if .Version}}{{if not .HideVersion}}
VERSION:
{{.Version}}{{end}}{{end}}{{if .Description}}
DESCRIPTION:
{{.Description}}{{end}}{{if len .Authors}}
AUTHOR{{with $length := len .Authors}}{{if ne 1 $length}}S{{end}}{{end}}:
{{range $index, $author := .Authors}}{{if $index}}
{{end}}{{$author}}{{end}}{{end}}{{if .VisibleCommands}}
OPTIONS:
{{range $index, $option := .VisibleFlags}}{{if $index}}
{{end}}{{$option}}{{end}}{{end}}
`
app := cli.NewApp()
app.Name = "trivy"
app.Version = version
app.ArgsUsage = "image_name"
var userErr *types.UserError
if errors.As(err, &userErr) {
log.Fatal("Error", log.Err(userErr))
}
app.Usage = "A simple and comprehensive vulnerability scanner for containers"
log.Fatal("Fatal error", log.Err(err))
}
}
func run() error {
// Trivy behaves as the specified plugin.
if runAsPlugin := os.Getenv("TRIVY_RUN_AS_PLUGIN"); runAsPlugin != "" {
log.InitLogger(false, false)
if err := plugin.Run(context.Background(), runAsPlugin, plugin.Options{Args: os.Args[1:]}); err != nil {
return xerrors.Errorf("plugin error: %w", err)
}
return nil
app.Flags = []cli.Flag{
cli.StringFlag{
Name: "format, f",
Value: "table",
Usage: "format (table, json)",
},
cli.StringFlag{
Name: "input, i",
Value: "",
Usage: "input file path instead of image name",
},
cli.StringFlag{
Name: "severity, s",
Value: strings.Join(vulnerability.SeverityNames, ","),
Usage: "severities of vulnerabilities to be displayed (comma separated)",
},
cli.StringFlag{
Name: "output, o",
Usage: "output file name",
},
cli.BoolFlag{
Name: "skip-update",
Usage: "skip db update",
},
cli.BoolFlag{
Name: "clean, c",
Usage: "clean all cache",
},
cli.BoolFlag{
Name: "debug, d",
Usage: "debug mode",
},
}
app := commands.NewApp()
return app.Execute()
app.Action = func(c *cli.Context) error {
return pkg.Run(c)
}
err := app.Run(os.Args)
if err != nil {
log.Logger.Fatal(err)
}
}

29
contrib/Trivy.gitlab-ci.yml
View File

@@ -1,29 +0,0 @@
Trivy_container_scanning:
stage: test
image:
name: alpine:3.11
variables:
# Override the GIT_STRATEGY variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yml`
# file. See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# for details
GIT_STRATEGY: none
IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"
allow_failure: true
before_script:
- export TRIVY_VERSION=${TRIVY_VERSION:-v0.19.2}
- apk add --no-cache curl docker-cli
- curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
- curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
- trivy registry login --username "$CI_REGISTRY_USER" --password "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
cache:
paths:
- .trivycache/
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
dependencies: []
only:
refs:
- branches

161
contrib/asff.tpl
View File

@@ -1,161 +0,0 @@
{
"Findings": [
{{- $t_first := true -}}
{{- range . -}}
{{- $target := .Target -}}
{{- $image := .Target -}}
{{- if gt (len $image) 127 -}}
{{- $image = $image | regexFind ".{124}$" | printf "...%v" -}}
{{- end}}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{- else -}}
,
{{- end -}}
{{- $severity := .Severity -}}
{{- if eq $severity "UNKNOWN" -}}
{{- $severity = "INFORMATIONAL" -}}
{{- end -}}
{{- $description := .Description -}}
{{- if gt (len $description ) 512 -}}
{{- $description = (substr 0 512 $description) | printf "%v .." -}}
{{- end}}
{
"SchemaVersion": "2018-10-08",
"Id": "{{ $target }}/{{ .VulnerabilityID }}",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
"GeneratorId": "Trivy/{{ .VulnerabilityID }}",
"AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
"CreatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
"UpdatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
"Severity": {
"Label": "{{ $severity }}"
},
"Title": "Trivy found a vulnerability to {{ .VulnerabilityID }} in container {{ $target }}, related to {{ .PkgName }}",
"Description": {{ escapeString $description | printf "%q" }},
{{ if not (empty .PrimaryURL) -}}
"Remediation": {
"Recommendation": {
"Text": "More information on this vulnerability is provided in the hyperlink",
"Url": "{{ .PrimaryURL }}"
}
},
{{ end -}}
"ProductFields": { "Product Name": "Trivy" },
"Resources": [
{
"Type": "Container",
"Id": "{{ $target }}",
"Partition": "aws",
"Region": "{{ env "AWS_REGION" }}",
"Details": {
"Container": { "ImageName": "{{ $image }}" },
"Other": {
"CVE ID": "{{ .VulnerabilityID }}",
"CVE Title": {{ .Title | printf "%q" }},
"PkgName": "{{ .PkgName }}",
"Installed Package": "{{ .InstalledVersion }}",
"Patched Package": "{{ .FixedVersion }}",
"NvdCvssScoreV3": "{{ (index .CVSS (sourceID "nvd")).V3Score }}",
"NvdCvssVectorV3": "{{ (index .CVSS (sourceID "nvd")).V3Vector }}",
"NvdCvssScoreV2": "{{ (index .CVSS (sourceID "nvd")).V2Score }}",
"NvdCvssVectorV2": "{{ (index .CVSS (sourceID "nvd")).V2Vector }}"
}
}
}
],
"RecordState": "ACTIVE"
}
{{- end -}}
{{- range .Misconfigurations -}}
{{- if $t_first -}}{{- $t_first = false -}}{{- else -}},{{- end -}}
{{- $severity := .Severity -}}
{{- if eq $severity "UNKNOWN" -}}
{{- $severity = "INFORMATIONAL" -}}
{{- end -}}
{{- $description := .Description -}}
{{- if gt (len $description ) 512 -}}
{{- $description = (substr 0 512 $description) | printf "%v .." -}}
{{- end}}
{
"SchemaVersion": "2018-10-08",
"Id": "{{ $target }}/{{ .ID }}",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
"GeneratorId": "Trivy/{{ .ID }}",
"AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
"Types": [ "Software and Configuration Checks" ],
"CreatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
"UpdatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
"Severity": {
"Label": "{{ $severity }}"
},
"Title": "Trivy found a misconfiguration in {{ $target }}: {{ escapeString .Title }}",
"Description": {{ escapeString $description | printf "%q" }},
"Remediation": {
"Recommendation": {
"Text": "{{ .Resolution }}",
"Url": "{{ .PrimaryURL }}"
}
},
"ProductFields": { "Product Name": "Trivy" },
"Resources": [
{
"Type": "Other",
"Id": "{{ $target }}",
"Partition": "aws",
"Region": "{{ env "AWS_REGION" }}",
"Details": {
"Other": {
"Message": "{{ escapeString .Message }}",
"Filename": "{{ $target }}",
"StartLine": "{{ .CauseMetadata.StartLine }}",
"EndLine": "{{ .CauseMetadata.EndLine }}"
}
}
}
],
"RecordState": "ACTIVE"
}
{{- end -}}
{{- range .Secrets -}}
{{- if $t_first -}}{{- $t_first = false -}}{{- else -}},{{- end -}}
{{- $severity := .Severity -}}
{{- if eq $severity "UNKNOWN" -}}
{{- $severity = "INFORMATIONAL" -}}
{{- end -}}
{
"SchemaVersion": "2018-10-08",
"Id": "{{ $target }}",
"ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
"GeneratorId": "Trivy",
"AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
"Types": [ "Sensitive Data Identifications" ],
"CreatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
"UpdatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
"Severity": {
"Label": "{{ $severity }}"
},
"Title": "Trivy found a secret in {{ $target }}: {{ .Title }}",
"Description": "Trivy found a secret in {{ $target }}: {{ .Title }}",
"ProductFields": { "Product Name": "Trivy" },
"Resources": [
{
"Type": "Other",
"Id": "{{ $target }}",
"Partition": "aws",
"Region": "{{ env "AWS_REGION" }}",
"Details": {
"Other": {
"Filename": "{{ $target }}"
}
}
}
],
"RecordState": "ACTIVE"
}
{{- end -}}
{{- end }}
]
}

103
contrib/gitlab-codequality.tpl
View File

@@ -1,103 +0,0 @@
{{- /* Template based on https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types */ -}}
[
{{- $t_first := true }}
{{- range . }}
{{- $target := .Target }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"type": "issue",
"check_name": "container_scanning",
"categories": [ "Security" ],
"description": {{ list .VulnerabilityID .PkgName .InstalledVersion .Title | join " - " | printf "%q" }},
"fingerprint": "{{ list .VulnerabilityID .PkgName .InstalledVersion $target | join "" | sha1sum }}",
"content": {{ .Description | printf "%q" }},
"severity": {{ if eq .Severity "LOW" -}}
"info"
{{- else if eq .Severity "MEDIUM" -}}
"minor"
{{- else if eq .Severity "HIGH" -}}
"major"
{{- else if eq .Severity "CRITICAL" -}}
"critical"
{{- else -}}
"info"
{{- end }},
"location": {
"path": "{{ $target }}",
"lines": {
"begin": 0
}
}
}
{{- end -}}
{{- range .Misconfigurations -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"type": "issue",
"check_name": "container_scanning",
"categories": [ "Security" ],
"description": {{ list "Misconfig" .ID .Title | join " - " | printf "%q" }},
"fingerprint": "{{ list .ID .Title $target | join "" | sha1sum }}",
"content": {{ .Description | printf "%q" }},
"severity": {{ if eq .Severity "LOW" -}}
"info"
{{- else if eq .Severity "MEDIUM" -}}
"minor"
{{- else if eq .Severity "HIGH" -}}
"major"
{{- else if eq .Severity "CRITICAL" -}}
"critical"
{{- else -}}
"info"
{{- end }},
"location": {
"path": "{{ $target }}",
"lines": {
"begin": {{ .CauseMetadata.StartLine }}
}
}
}
{{- end -}}
{{- range .Secrets -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"type": "issue",
"check_name": "container_scanning",
"categories": [ "Security" ],
"description": {{ list "Secret" .RuleID .Title | join " - " | printf "%q" }},
"fingerprint": "{{ list .RuleID .Title $target | join "" | sha1sum }}",
"content": {{ .Title | printf "%q" }},
"severity": {{ if eq .Severity "LOW" -}}
"info"
{{- else if eq .Severity "MEDIUM" -}}
"minor"
{{- else if eq .Severity "HIGH" -}}
"major"
{{- else if eq .Severity "CRITICAL" -}}
"critical"
{{- else -}}
"info"
{{- end }},
"location": {
"path": "{{ $target }}",
"lines": {
"begin": {{ .StartLine }}
}
}
}
{{- end -}}
{{- end }}
]

112
contrib/gitlab.tpl
View File

@@ -1,112 +0,0 @@
{{- /* Template based on https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format */ -}}
{
"version": "15.0.7",
"scan": {
"analyzer": {
"id": "trivy",
"name": "Trivy",
"vendor": {
"name": "Aqua Security"
},
"version": "{{ appVersion }}"
},
"end_time": "{{ now | date "2006-01-02T15:04:05" }}",
"scanner": {
"id": "trivy",
"name": "Trivy",
"url": "https://github.com/aquasecurity/trivy/",
"vendor": {
"name": "Aqua Security"
},
"version": "{{ appVersion }}"
},
"start_time": "{{ now | date "2006-01-02T15:04:05" }}",
"status": "success",
"type": "container_scanning"
},
{{- $image := "Unknown" -}}
{{- $os := "Unknown" -}}
{{- range . }}
{{- if eq .Class "os-pkgs" -}}
{{- $target := .Target }}
{{- $image = $target | regexFind "[^\\s]+" }}
{{- $os = $target | splitList "(" | last | trimSuffix ")" }}
{{- end }}
{{- end }}
"vulnerabilities": [
{{- $t_first := true }}
{{- range . }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"id": "{{ .VulnerabilityID }}",
"name": {{ .Title | printf "%q" }},
"description": {{ .Description | printf "%q" }},
"severity": {{ if eq .Severity "UNKNOWN" -}}
"Unknown"
{{- else if eq .Severity "LOW" -}}
"Low"
{{- else if eq .Severity "MEDIUM" -}}
"Medium"
{{- else if eq .Severity "HIGH" -}}
"High"
{{- else if eq .Severity "CRITICAL" -}}
"Critical"
{{- else -}}
"{{ .Severity }}"
{{- end }},
"solution": {{ if .FixedVersion -}}
"Upgrade {{ .PkgName }} to {{ .FixedVersion }}"
{{- else -}}
"No solution provided"
{{- end }},
"location": {
"dependency": {
"package": {
"name": "{{ .PkgName }}"
},
"version": "{{ .InstalledVersion }}"
},
{{- /* TODO: No mapping available - https://github.com/aquasecurity/trivy/issues/332 */}}
"operating_system": "{{ $os }}",
"image": "{{ $image }}"
},
"identifiers": [
{
{{- /* TODO: Type not extractable - https://github.com/aquasecurity/trivy-db/pull/24 */}}
"type": "cve",
"name": "{{ .VulnerabilityID }}",
"value": "{{ .VulnerabilityID }}"
{{- /* cf. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/e3d280d7f0862ca66a1555ea8b24016a004bb914/dist/container-scanning-report-format.json#L157-179 */}}
{{- if .PrimaryURL | regexMatch "^(https?|ftp)://.+" -}},
"url": "{{ .PrimaryURL }}"
{{- end }}
}
],
"links": [
{{- $l_first := true -}}
{{- range .References -}}
{{- if $l_first -}}
{{- $l_first = false }}
{{- else -}}
,
{{- end -}}
{{- if . | regexMatch "^(https?|ftp)://.+" -}}
{
"url": "{{ . }}"
}
{{- else -}}
{{- $l_first = true }}
{{- end -}}
{{- end }}
]
}
{{- end -}}
{{- end }}
],
"remediations": []
}

148
contrib/html.tpl
View File

@@ -1,148 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
{{- if . }}
<style>
* {
font-family: Arial, Helvetica, sans-serif;
}
h1 {
text-align: center;
}
.group-header th {
font-size: 200%;
}
.sub-header th {
font-size: 150%;
}
table, th, td {
border: 1px solid black;
border-collapse: collapse;
white-space: nowrap;
padding: .3em;
}
table {
margin: 0 auto;
}
.severity {
text-align: center;
font-weight: bold;
color: #fafafa;
}
.severity-LOW .severity { background-color: #5fbb31; }
.severity-MEDIUM .severity { background-color: #e9c600; }
.severity-HIGH .severity { background-color: #ff8800; }
.severity-CRITICAL .severity { background-color: #e40000; }
.severity-UNKNOWN .severity { background-color: #747474; }
.severity-LOW { background-color: #5fbb3160; }
.severity-MEDIUM { background-color: #e9c60060; }
.severity-HIGH { background-color: #ff880060; }
.severity-CRITICAL { background-color: #e4000060; }
.severity-UNKNOWN { background-color: #74747460; }
table tr td:first-of-type {
font-weight: bold;
}
.links a,
.links[data-more-links=on] a {
display: block;
}
.links[data-more-links=off] a:nth-of-type(1n+5) {
display: none;
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }} </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
var links = [].concat.apply([], linkCell.querySelectorAll('a'));
[].sort.apply(links, function(a, b) {
return a.href > b.href ? 1 : -1;
});
links.forEach(function(link, idx) {
if (links.length > 3 && 3 === idx) {
var toggleLink = document.createElement('a');
toggleLink.innerText = "Toggle more links";
toggleLink.href = "#toggleMore";
toggleLink.setAttribute("class", "toggle-more-links");
linkCell.appendChild(toggleLink);
}
linkCell.appendChild(link);
});
});
document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
toggleLink.onclick = function() {
var expanded = toggleLink.parentElement.getAttribute("data-more-links");
toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
return false;
};
});
};
</script>
</head>
<body>
<h1>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }}</h1>
<table>
{{- range . }}
<tr class="group-header"><th colspan="6">{{ .Type | toString | escapeXML }}</th></tr>
{{- if (eq (len .Vulnerabilities) 0) }}
<tr><th colspan="6">No Vulnerabilities found</th></tr>
{{- else }}
<tr class="sub-header">
<th>Package</th>
<th>Vulnerability ID</th>
<th>Severity</th>
<th>Installed Version</th>
<th>Fixed Version</th>
<th>Links</th>
</tr>
{{- range .Vulnerabilities }}
<tr class="severity-{{ escapeXML .Vulnerability.Severity }}">
<td class="pkg-name">{{ escapeXML .PkgName }}</td>
<td>{{ escapeXML .VulnerabilityID }}</td>
<td class="severity">{{ escapeXML .Vulnerability.Severity }}</td>
<td class="pkg-version">{{ escapeXML .InstalledVersion }}</td>
<td>{{ escapeXML .FixedVersion }}</td>
<td class="links" data-more-links="off">
{{- range .Vulnerability.References }}
<a href={{ escapeXML . | printf "%q" }}>{{ escapeXML . }}</a>
{{- end }}
</td>
</tr>
{{- end }}
{{- end }}
{{- if (eq (len .Misconfigurations ) 0) }}
<tr><th colspan="6">No Misconfigurations found</th></tr>
{{- else }}
<tr class="sub-header">
<th>Type</th>
<th>Misconf ID</th>
<th>Check</th>
<th>Severity</th>
<th>Message</th>
</tr>
{{- range .Misconfigurations }}
<tr class="severity-{{ escapeXML .Severity }}">
<td class="misconf-type">{{ escapeXML .Type }}</td>
<td>{{ escapeXML .ID }}</td>
<td class="misconf-check">{{ escapeXML .Title }}</td>
<td class="severity">{{ escapeXML .Severity }}</td>
<td class="link" data-more-links="off" style="white-space:normal;">
{{ escapeXML .Message }}
<br>
<a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a>
</br>
</td>
</tr>
{{- end }}
{{- end }}
{{- end }}
</table>
{{- else }}
</head>
<body>
<h1>Trivy Returned Empty Report</h1>
{{- end }}
</body>
</html>

422
contrib/install.sh
View File

@@ -1,422 +0,0 @@
#!/bin/sh
set -e
# Code generated by godownloader on 2020-01-14T10:03:29Z. DO NOT EDIT.
#
usage() {
this=$1
cat <<EOF
$this: download go binaries for aquasecurity/trivy
Usage: $this [-b] bindir [-d] [tag]
-b sets bindir or installation directory, Defaults to ./bin
-d turns on debug logging
[tag] is a tag from
https://github.com/aquasecurity/trivy/releases
If tag is missing, then the latest will be used.
Generated by godownloader
https://github.com/goreleaser/godownloader
EOF
exit 2
}
parse_args() {
#BINDIR is ./bin unless set be ENV
# over-ridden by flag below
BINDIR=${BINDIR:-./bin}
while getopts "b:dh?x" arg; do
case "$arg" in
b) BINDIR="$OPTARG" ;;
d) log_set_priority 10 ;;
h | \?) usage "$0" ;;
x) set -x ;;
esac
done
shift $((OPTIND - 1))
TAG=$1
}
# this function wraps all the destructive operations
# if a curl|bash cuts off the end of the script due to
# network, either nothing will happen or will syntax error
# out preventing half-done work
execute() {
tmpdir=$(mktemp -d)
log_debug "downloading files into ${tmpdir}"
http_download "${tmpdir}/${TARBALL}" "${TARBALL_URL}"
http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}"
hash_sha256_verify "${tmpdir}/${TARBALL}" "${tmpdir}/${CHECKSUM}"
srcdir="${tmpdir}"
(cd "${tmpdir}" && untar "${TARBALL}")
test ! -d "${BINDIR}" && install -d "${BINDIR}"
for binexe in $BINARIES; do
if [ "$OS" = "windows" ]; then
binexe="${binexe}.exe"
fi
install "${srcdir}/${binexe}" "${BINDIR}/"
log_info "installed ${BINDIR}/${binexe}"
done
rm -rf "${tmpdir}"
}
get_binaries() {
case "$PLATFORM" in
darwin/386) BINARIES="trivy" ;;
darwin/amd64) BINARIES="trivy" ;;
darwin/arm64) BINARIES="trivy" ;;
darwin/armv7) BINARIES="trivy" ;;
freebsd/386) BINARIES="trivy" ;;
freebsd/amd64) BINARIES="trivy" ;;
freebsd/arm64) BINARIES="trivy" ;;
freebsd/armv7) BINARIES="trivy" ;;
linux/386) BINARIES="trivy" ;;
linux/amd64) BINARIES="trivy" ;;
linux/ppc64le) BINARIES="trivy" ;;
linux/arm64) BINARIES="trivy" ;;
linux/armv7) BINARIES="trivy" ;;
linux/s390x) BINARIES="trivy" ;;
openbsd/386) BINARIES="trivy" ;;
openbsd/amd64) BINARIES="trivy" ;;
openbsd/arm64) BINARIES="trivy" ;;
openbsd/armv7) BINARIES="trivy" ;;
windows/amd64) BINARIES="trivy" ;;
*)
log_crit "platform $PLATFORM is not supported. Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new"
exit 1
;;
esac
}
tag_to_version() {
if [ -z "${TAG}" ]; then
log_info "checking GitHub for latest tag"
else
log_info "checking GitHub for tag '${TAG}'"
fi
REALTAG=$(github_release "$OWNER/$REPO" "${TAG}") && true
if test -z "$REALTAG"; then
log_crit "unable to find '${TAG}' - use 'latest' or see https://github.com/${PREFIX}/releases for details"
exit 1
fi
# if version starts with 'v', remove it
TAG="$REALTAG"
VERSION=${TAG#v}
}
adjust_format() {
# change format (tar.gz or zip) based on OS
case ${OS} in
windows) FORMAT=zip ;;
esac
true
}
adjust_os() {
# adjust archive name based on OS
case ${OS} in
386) OS=32bit ;;
amd64) OS=64bit ;;
arm) OS=ARM ;;
arm64) OS=ARM64 ;;
ppc64le) OS=Linux ;;
s390x) OS=Linux ;;
darwin) OS=macOS ;;
dragonfly) OS=DragonFlyBSD ;;
freebsd) OS=FreeBSD ;;
linux) OS=Linux ;;
netbsd) OS=NetBSD ;;
openbsd) OS=OpenBSD ;;
esac
true
}
adjust_arch() {
# adjust archive name based on ARCH
case ${ARCH} in
386) ARCH=32bit ;;
amd64) ARCH=64bit ;;
arm) ARCH=ARM ;;
armv7) ARCH=ARM ;;
arm64) ARCH=ARM64 ;;
ppc64le) ARCH=PPC64LE ;;
s390x) ARCH=s390x ;;
darwin) ARCH=macOS ;;
dragonfly) ARCH=DragonFlyBSD ;;
freebsd) ARCH=FreeBSD ;;
linux) ARCH=Linux ;;
netbsd) ARCH=NetBSD ;;
openbsd) ARCH=OpenBSD ;;
esac
true
}
cat /dev/null <<EOF
------------------------------------------------------------------------
https://github.com/client9/shlib - portable posix shell functions
Public domain - http://unlicense.org
https://github.com/client9/shlib/blob/master/LICENSE.md
but credit (and pull requests) appreciated.
------------------------------------------------------------------------
EOF
is_command() {
command -v "$1" >/dev/null
}
echoerr() {
echo "$@" 1>&2
}
log_prefix() {
echo "$0"
}
_logp=6
log_set_priority() {
_logp="$1"
}
log_priority() {
if test -z "$1"; then
echo "$_logp"
return
fi
[ "$1" -le "$_logp" ]
}
log_tag() {
case $1 in
0) echo "emerg" ;;
1) echo "alert" ;;
2) echo "crit" ;;
3) echo "err" ;;
4) echo "warning" ;;
5) echo "notice" ;;
6) echo "info" ;;
7) echo "debug" ;;
*) echo "$1" ;;
esac
}
log_debug() {
log_priority 7 || return 0
echo "$(log_prefix)" "$(log_tag 7)" "$@"
}
log_info() {
log_priority 6 || return 0
echo "$(log_prefix)" "$(log_tag 6)" "$@"
}
log_err() {
log_priority 3 || return 0
echoerr "$(log_prefix)" "$(log_tag 3)" "$@"
}
log_crit() {
log_priority 2 || return 0
echoerr "$(log_prefix)" "$(log_tag 2)" "$@"
}
uname_os() {
os=$(uname -s | tr '[:upper:]' '[:lower:]')
case "$os" in
cygwin_nt*) os="windows" ;;
mingw*) os="windows" ;;
msys_nt*) os="windows" ;;
esac
echo "$os"
}
uname_arch() {
arch=$(uname -m)
case $arch in
x86_64) arch="amd64" ;;
x86) arch="386" ;;
i686) arch="386" ;;
i386) arch="386" ;;
ppc64le) arch="ppc64le" ;;
aarch64) arch="arm64" ;;
armv5*) arch="armv5" ;;
armv6*) arch="armv6" ;;
armv7*) arch="armv7" ;;
s390*) arch="s390x" ;;
esac
echo ${arch}
}
uname_os_check() {
os=$(uname_os)
case "$os" in
darwin) return 0 ;;
dragonfly) return 0 ;;
freebsd) return 0 ;;
linux) return 0 ;;
android) return 0 ;;
nacl) return 0 ;;
netbsd) return 0 ;;
openbsd) return 0 ;;
plan9) return 0 ;;
solaris) return 0 ;;
windows) return 0 ;;
esac
log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib"
return 1
}
uname_arch_check() {
arch=$(uname_arch)
case "$arch" in
386) return 0 ;;
amd64) return 0 ;;
arm64) return 0 ;;
armv5) return 0 ;;
armv6) return 0 ;;
armv7) return 0 ;;
ppc64) return 0 ;;
ppc64le) return 0 ;;
mips) return 0 ;;
mipsle) return 0 ;;
mips64) return 0 ;;
mips64le) return 0 ;;
s390x) return 0 ;;
amd64p32) return 0 ;;
esac
log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib"
return 1
}
untar() {
tarball=$1
case "${tarball}" in
*.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;;
*.tar) tar --no-same-owner -xf "${tarball}" ;;
*.zip) unzip "${tarball}" ;;
*)
log_err "untar unknown archive format for ${tarball}"
return 1
;;
esac
}
http_download_curl() {
local_file=$1
source_url=$2
header=$3
if [ -z "$header" ]; then
code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url")
else
code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url")
fi
if [ "$code" != "200" ]; then
log_debug "http_download_curl received HTTP status $code"
return 1
fi
return 0
}
http_download_wget() {
local_file=$1
source_url=$2
header=$3
if [ -z "$header" ]; then
wget -q -O "$local_file" "$source_url"
else
wget -q --header "$header" -O "$local_file" "$source_url"
fi
}
http_download() {
log_debug "http_download $2"
if is_command curl; then
http_download_curl "$@"
return
elif is_command wget; then
http_download_wget "$@"
return
fi
log_crit "http_download unable to find wget or curl"
return 1
}
http_copy() {
tmp=$(mktemp)
http_download "${tmp}" "$1" "$2" || return 1
body=$(cat "$tmp")
rm -f "${tmp}"
echo "$body"
}
github_release() {
owner_repo=$1
version=$2
test -z "$version" && version="latest"
giturl="https://github.com/${owner_repo}/releases/${version}"
json=$(http_copy "$giturl" "Accept:application/json")
test -z "$json" && return 1
version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//')
test -z "$version" && return 1
echo "$version"
}
hash_sha256() {
TARGET=${1:-/dev/stdin}
if is_command gsha256sum; then
hash=$(gsha256sum "$TARGET") || return 1
echo "$hash" | cut -d ' ' -f 1
elif is_command sha256sum; then
hash=$(sha256sum "$TARGET") || return 1
echo "$hash" | cut -d ' ' -f 1
elif is_command shasum; then
hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1
echo "$hash" | cut -d ' ' -f 1
elif is_command openssl; then
hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1
echo "$hash" | cut -d ' ' -f a
else
log_crit "hash_sha256 unable to find command to compute sha-256 hash"
return 1
fi
}
hash_sha256_verify() {
TARGET=$1
checksums=$2
if [ -z "$checksums" ]; then
log_err "hash_sha256_verify checksum file not specified in arg2"
return 1
fi
BASENAME=${TARGET##*/}
want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1)
if [ -z "$want" ]; then
log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'"
return 1
fi
got=$(hash_sha256 "$TARGET")
if [ "$want" != "$got" ]; then
log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got"
return 1
fi
}
cat /dev/null <<EOF
------------------------------------------------------------------------
End of functions from https://github.com/client9/shlib
------------------------------------------------------------------------
EOF
PROJECT_NAME="trivy"
OWNER=aquasecurity
REPO="trivy"
BINARY=trivy
FORMAT=tar.gz
OS=$(uname_os)
ARCH=$(uname_arch)
PREFIX="$OWNER/$REPO"
# use in logging routines
log_prefix() {
echo "$PREFIX"
}
PLATFORM="${OS}/${ARCH}"
GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download
uname_os_check "$OS"
uname_arch_check "$ARCH"
parse_args "$@"
get_binaries
tag_to_version
adjust_format
adjust_os
adjust_arch
log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}"
NAME=${PROJECT_NAME}_${VERSION}_${OS}-${ARCH}
TARBALL=${NAME}.${FORMAT}
TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL}
CHECKSUM=${PROJECT_NAME}_${VERSION}_checksums.txt
CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM}
execute

75
contrib/junit.tpl
View File

@@ -1,75 +0,0 @@
<?xml version="1.0" ?>
<testsuites name="trivy">
{{- range . -}}
{{- $failures := len .Vulnerabilities }}
<testsuite tests="{{ $failures }}" failures="{{ $failures }}" name="{{ .Target }}" errors="0" skipped="0" time="">
{{- if not (eq .Type "") }}
<properties>
<property name="type" value="{{ .Type }}"></property>
</properties>
{{- end -}}
{{ range .Vulnerabilities }}
<testcase classname="{{ .PkgName }}-{{ .InstalledVersion }}" name="[{{ .Vulnerability.Severity }}] {{ .VulnerabilityID }}" time="">
<failure message="{{ escapeXML .Title }}" type="description">{{ escapeXML .Description }}</failure>
</testcase>
{{- end }}
</testsuite>
{{- $target := .Target }}
{{- if .MisconfSummary }}
<testsuite tests="{{ add .MisconfSummary.Successes .MisconfSummary.Failures }}" failures="{{ .MisconfSummary.Failures }}" name="{{ .Target }}" errors="0" time="">
{{- else }}
<testsuite tests="0" failures="0" name="{{ .Target }}" errors="0" skipped="0" time="">
{{- end }}
{{- if not (eq .Type "") }}
<properties>
<property name="type" value="{{ .Type }}"></property>
</properties>
{{- end -}}
{{ range .Misconfigurations }}
<testcase classname="{{ .Type }}" name="[{{ .Severity }}] {{ .ID }}" time="">
{{- if (eq .Status "FAIL") }}
<failure message="{{ escapeXML .Title }}" type="description">&#xA;
{{- $target }}:
{{- with .CauseMetadata }}
{{- .StartLine }}
{{- if lt .StartLine .EndLine }}:{{ .EndLine }}{{ end }}:&#xA;&#xA;Occurrences:&#xA;
{{- range $i := .Occurrences -}}
via {{ .Filename }}:
{{- .Location.StartLine }}
{{- if lt .Location.StartLine .Location.EndLine }}:{{ .Location.EndLine }}{{ end }} ({{ .Resource }})&#xA;
{{- end -}}
&#xA;Code:&#xA;
{{- range .Code.Lines }}
{{- if .IsCause }}{{ escapeXML .Content }}&#xA;{{- end }}
{{- end }}&#xA;
{{- end }}
{{- escapeXML .Description }}
</failure>
{{- end }}
</testcase>
{{- end }}
</testsuite>
{{- if .Licenses }}
{{- $licenses := len .Licenses }}
<testsuite tests="{{ $licenses }}" failures="{{ $licenses }}" name="{{ .Target }}" time="0">{{ range .Licenses }}
<testcase classname="{{ .PkgName }}" name="[{{ .Severity }}] {{ .Name }}">
<failure/>
</testcase>
{{- end }}
</testsuite>
{{- end }}
{{- if .Secrets }}
{{- $secrets := len .Secrets }}
<testsuite tests="{{ $secrets }}" failures="{{ $secrets }}" name="{{ .Target }}" time="0">{{ range .Secrets }}
<testcase classname="{{ .RuleID }}" name="[{{ .Severity }}] {{ .Title }}">
<failure message="{{ .Title }}" type="description">{{ escapeXML .Match }}</failure>
</testcase>
{{- end }}
</testsuite>
{{- end }}
{{- end }}
</testsuites>

131
docs/assets/css/_slick_slider.scss
View File

@@ -1,131 +0,0 @@
/* Slider */
.slick-slider{position:relative;display:block;box-sizing:border-box;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-touch-callout:none;-khtml-user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-tap-highlight-color:transparent;}
.slick-list{position:relative;display:block;overflow:hidden;margin:0;padding:0;}
.slick-list:focus{outline:none;}
.slick-list.dragging{cursor:hand;}
.slick-slider .slick-track,.slick-slider .slick-list{transform:translate3d(0,0,0);}
.slick-track{position:relative;top:0;left:0;display:block;margin-left:auto;margin-right:auto;}
.slick-track:before,.slick-track:after{display:table;content:'';}
.slick-track:after{clear:both;}
.slick-loading .slick-track{visibility:hidden;}
.slick-slide{display:none;float:left;height:100%;min-height:1px;}
.slick-slide:focus{outline:none;}
.slick-slide img{display:block;}
.slick-slide.slick-loading img{display:none;}
.slick-slide.dragging img{pointer-events:none;}
.slick-initialized .slick-slide{display:block;}
.slick-loading .slick-slide{visibility:hidden;}
.slick-vertical .slick-slide{display:block;height:auto;border:1px solid transparent;}
.slick-arrow.slick-hidden{display:none;}
.slick-arrow {display:block;background-color:transparent;border:none;color:transparent;cursor:pointer;position:absolute;top:0px;height:330px;width:80px;z-index:20;outline:none;}
.slick-arrow:focus, .slick-arrow:active {outline:none;}
.slick-arrow.slick-prev {left:0px;background-image:linear-gradient(to right, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow.slick-next {right:0px;background-image:linear-gradient(to left, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow:before {content:"";display:block;position:absolute;left:0px;top:0px;width:100%;height:100%;z-index:21;background-repeat:no-repeat;}
.slick-arrow.slick-prev:before {background-image:url(../images/arrow_left.png);background-position:center left;}
.slick-arrow.slick-next:before {background-image:url(../images/arrow_right.png);background-position:center right;}
/* dots */
.slick-dotted.slick-slider
{
margin-bottom: 0px;
}
.slick-dots
{
//position: absolute;
//bottom: -25px;
position: relative;
display: block;
width: 100%;
padding: 0;
margin: 0;
list-style: none;
text-align: center;
}
.slick-dots li {
position: relative;
display: inline-block;
width: 24px;
height: 24px;
margin: 0px 4px;
padding: 0;
cursor: pointer;
}
.slick-dots li button
{
font-size: 0;
line-height: 0;
display: block;
width: 24px;
height: 24px;
padding: 0px;
cursor: pointer;
color: transparent;
border: 0;
outline: none;
background: transparent;
&:before {
position: relative;
top: 0px;
left: 0px;
width: 20px;
height: 20px;
content: "";
background-color: transparent;
border: 2px solid $aq-sea-foam;
border-radius: 50%;
display: block;
opacity: 0.7;
}
&:after {
position: absolute;
top: 7px;
left: 5px;
width: 10px;
height: 10px;
content: "";
background-color: $aq-sea-foam;
//border: 1px solid #666;
border-radius: 50%;
//box-shadow: inset 1px 1px 1px #888;
display: block;
opacity: 0;
transition: 0.2s ease-out;
}
}
.slick-dots li button:hover,
.slick-dots li button:focus
{
outline: none;
&:after {
opacity: 1;
}
}
.slick-dots li.slick-active button:after {
opacity: 1;
}

411
docs/assets/css/_trivy_homepage.scss
View File

@@ -1,411 +0,0 @@
/* trivy homepage */
.trivy_v1_homepage_wrap {
position: relative;
z-index: 3;
* {
transition: all 0.2s ease !important;
}
.hero_wrap {
background-color: $aq-trivy-dark;
background-image: radial-gradient(1600px at 70% 120%, #031145 10%, $aq-trivy-dark 100%);
min-height: 1050px;
position: relative;
z-index: 10;
.homepage_background_image_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
pointer-events: none;
.stars_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
overflow: hidden;
.stars_bg {
position: absolute;
width: 400vw;
height: 400vh;
top: 50%;
left: 50%;
margin-top: -200vh;
margin-left: -200vw;
animation: stars_ani 240s linear infinite;
background-size: 240px;
backface-visibility: visible;
background-image:url(../images/homepage_hero_stars_02.svg);
background-repeat: repeat;
}
@keyframes stars_ani {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
} //stars_wrap
.terrain_wrap {
position: absolute;
left: 0px;
bottom: 0px;
width: 100%;
height: 680px;
background-image:url(../images/homepage_hero_terrain_08.svg);
background-repeat: no-repeat;
background-position: center top;
background-size: cover;
z-index: 2;
} // terrain_wrap
.beams_wrap {
position: absolute;
left: 0px;
bottom: 0px;
width: 100%;
height: 100%;
z-index: 3;
overflow: hidden;
.beam {
position: absolute;
right: 200px;
top: 270px;
width: 3px;
height: 350%;
background: rgba(#3eabff,0.6);
box-shadow: 0px 0px 55px 0px rgba(#3eabff,1);
transform-origin: 0 0;
animation: beam_ani 10s infinite;
&.num2 {animation: beam_ani 11s infinite;}
&.num3 {animation: beam_ani 12s infinite;}
&.num4 {animation: beam_ani 13s infinite;}
} //beam
@keyframes beam_ani {
0% { transform: rotate(75deg); }
50% { transform: rotate(-15deg); }
100% { transform: rotate(75deg); }
}
.sphere {
z-index:999;
position: absolute;
top: 60px;
right: 50px;
width: 280px;
height: 280px;
background-image:url(../images/homepage_hero_orb_03.png);
background-position: center center;
background-repeat: no-repeat;
}
} //beams_wrap
.person_wrap {
position: absolute;
left: 0px;
bottom: 0px;
width: 100%;
height: 595px;
background-image:url(../images/homepage_v1_hero_person_01.png);
background-repeat: no-repeat;
background-position: center bottom;
z-index: 4;
} // person_wrap
} //hero_background_image_wrap
}
.hero {
.hero-body {
padding: 80px 0px;
// border: 1px solid red;
.header_title_wrap {
.header_title_content_wrap {
width: 50%;
position: relative;
z-index: 3;
.page_title {
color: #ffffff;
font-weight: $weight-bold;
font-size: 48px; //3rem;
line-height: 1.3;
}//page_title
.page_subtitle {
color: #ffffff;
font-weight: $weight-normal;
font-size: 24px; //1.5rem;
line-height: 1.3;
margin-bottom: 30px;
} //page_subtitle
@media screen and (max-width: $widescreen), print {
width: 70%;
} //until widescreen
@media screen and (max-width: $tablet), print { //769
width: 100%;
.page_title {
font-size: 32px; //2rem;
}//page_title
.page_subtitle {
font-size: 18px; //1.125rem;
}//page_subtitle
} //until tablet
} //header_title_content_wrap
} //header_title_wrap
@media screen and (min-width: $tablet), print { //769
padding: 48px 24px; //3rem 1.5rem;
}
}
} //hero
// } //page-trivy_homepage
/* homepage_community */
.homepage_community_wrap {
position: relative;
background-color: $aq-trivy-dark;
color: #ffffff;
z-index: 5;
padding-top: 60px;
padding-bottom: 20px;
.container.wide_container {
max-width: 1640px;
padding-left: 20px;
padding-right: 20px;
display: flex;
flex-direction: row;
flex-wrap: wrap;
}
.community_titles_column {
width: 33.3333%;
padding-right: 32px;
@media screen and (max-width: $desktop), print {
width: 41.6666666667%;
} //until desktop
@media screen and (max-width: $tablet), print {
width: 100%;
} //until tablet
}
.community_slider_column {
width: 66.6666%;
@media screen and (max-width: $desktop), print {
width: 58.3333333333%;
} //until desktop
@media screen and (max-width: $tablet), print {
width: 100%;
} //until tablet
}
.community_title {
color: $aq-sea-foam;
font-size: 60px; //3.75rem;
font-weight: $weight-bold;
margin-bottom: 24px; ////1.5rem;
line-height: 1.2;
}
.community_subtitle {
color: #ffffff;
font-size: 26px; //1.625rem;
margin-bottom: 24px; ////1.5rem;
}
.community_cta_wrap {
.button {
font-weight: $weight-bold;
margin-right: 10px;
}
}
.community_quotes_wrap {
position: relative;
.community_quotes {
column-count: 3;
column-gap: 20px;
@media screen and (max-width: $widescreen), print { //1216
column-count: 2;
}
@media screen and (max-width: $tablet), print { //769
column-count: 1;
}
.quote_item_wrap {
display: inline-block;
margin: 0px 0px 20px 0px;
width: 100%;
}
.quote_item {
display: block;
position: relative;
color: #ffffff;
border: 1px solid rgba($aq-sea-foam,0.2);
background-color: rgba($aq-sea-foam,0.05);
border-radius: 4px;
padding: 25px;
.quote_name {
font-size: 16px; //1rem;
font-weight: $weight-semibold;
}
.quote_twitter_handle {
opacity: 0.6;
font-size: 13px; //0.8125rem;
}
.quote_company {
opacity: 0.6;
font-size: 13px; //0.8125rem;
}
.quote_text {
font-size: 16px; //1rem;
font-weight: $weight-normal;
line-height: 1.3;
}
.quote_avatar {
display: block;
position: absolute;
top: 25px;
left: 25px;
width: 40px;
height: 40px;
border-radius: 50%;
background-repeat: no-repeat;
background-position: center center;
background-size: cover;
}
&.is_tweet {
.quote_text {
padding-top: 10px;
}
&.has_avatar {
.quote_name,
.quote_twitter_handle {
padding-left: 50px;
}
} //has_avatar
} //&is_tweet
&.is_quote {
.quote_text {
position: relative;
padding-top: 40px;
padding-bottom: 10px;
&:before {
content: "";
display: block;
position: absolute;
top: -10px;
left: 0px;
width: 56px;
height: 42px;
background-image: url(../images/community_quote.png);
background-position: center center;
background-repeat: no-repeat;
}
} //quote_text
} //&is_quote
} //quote_item
}
} //community_quotes_wrap
@media screen and (max-width: $tablet), print { //tablet
.community_title {
font-size: 32px; //2rem;
}
.community_subtitle {
font-size: 18px; //1.125rem;
}
} //until
} //homepage_community_wrap
} //trivy_homepage_wrap

177
docs/assets/css/_trivy_partners.scss
View File

@@ -1,177 +0,0 @@
/* trivy partners page */
.trivy_v1_homepage_wrap.partners_wrap {
position: relative;
z-index: 3;
.partners_hero_wrap {
background-color: $aq-trivy-dark;
background-image: radial-gradient(1600px at 70% 120%, #031145 10%, $aq-trivy-dark 100%);
min-height: 500px;
position: relative;
z-index: 10;
.partners_background_image_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
pointer-events: none;
.stars_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
overflow: hidden;
.stars_bg {
position: absolute;
width: 400vw;
height: 400vh;
top: 50%;
left: 50%;
margin-top: -200vh;
margin-left: -200vw;
animation: stars_ani 240s linear infinite;
background-size: 240px;
backface-visibility: visible;
background-image:url(../images/homepage_hero_stars_02.svg);
background-repeat: repeat;
}
@keyframes stars_ani {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
} //stars_wrap
} //hero_background_image_wrap
} //partners_hero_wrap
.hero {
.hero-body {
padding: 80px 0px;
// border: 1px solid red;
.header_title_wrap.with_columns {
display: flex;
flex-direction: row;
@media screen and (max-width: $desktop) {
flex-direction: column;
}
.header_title_content_wrap {
width: 50%;
position: relative;
z-index: 3;
&.partners_hero_stage_image {
align-self: center;
align-content: center;
img {
max-width: 100%;
}
}
@media screen and (max-width: $widescreen), print {
width: 70%;
} //until widescreen
@media screen and (max-width: $tablet), print { //769
width: 100%;
.page_title {
font-size: 32px; //2rem;
}//page_title
.page_subtitle {
font-size: 18px; //1.125rem;
}//page_subtitle
} //until tablet
} //header_title_content_wrap
} //header_title_wrap
@media screen and (min-width: $tablet), print { //769
padding: 48px 24px; //3rem 1.5rem;
}
}
} //hero
} //trivy_v1_homepage_wrap partners_wrap
.partners_logos_wrap {
background-color: $aq-trivy-dark;
padding: 50px 0px;
.partners_logos_title {
text-align: center;
color: #ffffff;
}
.partners_logos {
display: flex;
flex-direction: row;
justify-content: center;
align-items: center;
gap: 4rem;
flex-wrap: wrap;
.logo_item {
display: inline-block;
padding: 20px;
margin: 0px;
// background-color: red;
img {
display: block;
margin: 0px auto;
width: auto;
max-height: 115px;
max-width: 200px;
transition: all 0.3s ease;
// overflow: hidden;
}
} //logo_item
@media screen and (max-width: $tablet) {
gap: 2rem;
.logo_item {
img {
max-height: 80px;
max-width: 150px;
}
}
}
} //partners_logos
} //partners_logos_wrap

1
docs/assets/css/trivy_v1_styles.min.css vendored
View File

File diff suppressed because one or more lines are too long

166
docs/assets/css/trivy_v1_styles.scss
View File

@@ -1,166 +0,0 @@
/* trivy styles */
//aqua brand colors
$aq-royal-blue: #1904da;
$aq-legacy-blue: #08b1d5;
$aq-coral-red: #ff445f;
$aq-starfish-yellow: #ffc900;
$aq-dark-abyss: #07242d;
$aq-deep-sea-blue: #183278;
$aq-ocean-ash: #405a75;
$aq-sea-foam: #00ffe4;
$aq-neo-background: #ebf3fa;
$aq-neo-background-hover: #f0f8ff;
$aq-royal-blue-dark: #1503ba;
$aq-trivy-dark: #0a0b23;
$weight-normal: 400;
$weight-semibold: 600;
$weight-bold: 700;
$gap: 32px;
// 960, 1152, and 1344 have been chosen because they are divisible by both 12 and 16
$tablet: 769px;
// 960px container + 4rem
$desktop: 960px + 2 * $gap;
// 1152px container + 4rem
$widescreen: 1152px + 2 * $gap;
$widescreen-enabled: true;
// 1344px container + 4rem
$fullhd: 1344px + 2 * $gap;
$fullhd-enabled: true;
body {
font-family: "Inter", sans-serif;
}
.container {
width: 100%;
margin: 0 auto;
max-width: 1440px;
&.is-relative {
position: relative;
}
@media screen and (max-width: $tablet), print { //769
padding: 0 24px;
max-width: calc( 100% - 48px); //$tablet; //769
} //until tablet
}
.generic_title {
font-size: 1.75rem;
font-weight: $weight-bold;
margin: 0.75rem 1.25rem 0.75rem 0.75rem;
color: $aq-royal-blue;
}
.generic_subtitle {
font-size: 1.125rem;
opacity: 0.8;
margin: 0.75rem;
}
.button {
background-color: #ebf3fa;
border: 1px solid #dbdbdb;
border-width: 1px;
color: #363636;
cursor: pointer;
justify-content: center;
padding-bottom: calc(.5em - 1px);
padding-left: 1em;
padding-right: 1em;
padding-top: calc(.5em - 1px);
text-align: center;
white-space: nowrap;
border-radius: 4px;
transition: all .2s ease;
font-size: 16px;
display: inline-block;
font-weight: 700;
&.is-seafoam {
background-color: $aq-sea-foam;
border-color: $aq-sea-foam;
color: $aq-dark-abyss;
&.is-outlined {
background-color: rgba(0,0,0,0);
border-color: $aq-sea-foam;
color: $aq-sea-foam;
border-width: 2px;
&:hover {
background-color: $aq-sea-foam;
color: $aq-dark-abyss;
}
} //is-outlines
} //is-seafoam
&.large_btn {
font-size: 22px;
padding: 16px 27px;
margin-right: 12px;
@media screen and (max-width: $tablet), print {
font-size: 18px;
} //until tablet
}
&.solidseafoamarrowbutton {
background-color: $aq-sea-foam;
font-weight: 700;
border: 2px solid $aq-sea-foam;
font-size: 22px; //1.375rem; //1.125rem;
padding: 16px 27px;
color: $aq-dark-abyss;
&:after {
content: "";
border: solid $aq-dark-abyss;
border-width: 0 2px 2px 0;
display: inline-block;
padding: 4px;
transform: rotate(-45deg);
margin-left: 30px;
vertical-align: middle;
transition: all .2s;
}
} //solidseafoamarrowbutton
} //button
.margin-bottom-20 {
margin-bottom: 20px;
}
@import "_slick_slider";
@import "_trivy_homepage";
@import "_trivy_partners";

BIN
docs/assets/images/homepage_hero_orb_03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

1
docs/assets/images/homepage_hero_stars_02.svg
View File

@@ -1 +0,0 @@
<svg version="1.1" id="Layer_2" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 240 240" enable-background="new 0 0 240 240" xml:space="preserve"><rect x="106" y="90" fill="#00ffe4" width="2" height="2"/><rect x="74" y="63" fill="#00ffe4" width="1" height="1"/><rect x="23" y="66" fill="#00ffe4" width="1" height="1"/><rect x="50" y="110" fill="#00ffe4" width="1" height="1"/><rect x="63" y="128" fill="#00ffe4" width="1" height="1"/><rect x="45" y="149" fill="#00ffe4" width="1" height="1"/><rect x="92" y="151" fill="#00ffe4" width="1" height="1"/><rect x="58" y="8" fill="#00ffe4" width="1" height="1"/><rect x="147" y="33" fill="#00ffe4" width="2" height="2"/><rect x="91" y="43" fill="#00ffe4" width="1" height="1"/><rect x="169" y="29" fill="#ffffff" width="1" height="1"/><rect x="182" y="19" fill="#00ffe4" width="1" height="1"/><rect x="161" y="59" fill="#00ffe4" width="1" height="1"/><rect x="138" y="95" fill="#00ffe4" width="1" height="1"/><rect x="199" y="71" fill="#ffffff" width="3" height="3"/><rect x="213" y="153" fill="#00ffe4" width="2" height="2"/><rect x="128" y="163" fill="#ffffff" width="1" height="1"/><rect x="205" y="174" fill="#00ffe4" width="1" height="1"/><rect x="152" y="200" fill="#00ffe4" width="1" height="1"/><rect x="52" y="211" fill="#00ffe4" width="2" height="2"/><rect y="191" fill="#00ffe4" width="1" height="1"/><rect x="110" y="184" fill="#00ffe4" width="1" height="1"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.4 KiB

1
docs/assets/images/homepage_hero_terrain_08.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 336 KiB

BIN
docs/assets/images/homepage_v1_hero_person_01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 55 KiB

20
docs/assets/images/partner_logo_echo.svg
View File

@@ -1,20 +0,0 @@
<svg width="214" height="63" viewBox="0 0 214 63" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3432)">
<g clip-path="url(#clip1_105_3432)">
<path d="M91.1057 16.7456C93.9686 16.7456 96.4222 17.33 98.4665 18.4988C100.511 19.6676 102.079 21.2859 103.169 23.3538C104.305 25.3767 104.873 27.7143 104.873 30.3665C104.873 30.9509 104.851 31.5128 104.805 32.0523C104.759 32.5467 104.669 33.0188 104.533 33.4683H84.018C84.063 38.0985 84.9265 41.4251 86.6078 43.448C88.3341 45.4709 90.8333 46.4824 94.1048 46.4824C96.3765 46.4824 98.2166 46.1227 99.6255 45.4034C101.034 44.6393 102.329 43.5828 103.51 42.2343L104.601 43.2457C103.237 45.7182 101.374 47.6512 99.012 49.0447C96.6946 50.3933 93.923 51.0676 90.6971 51.0676C87.4706 51.0676 84.6309 50.3933 82.1773 49.0447C79.7238 47.6961 77.7931 45.7631 76.3842 43.2457C75.0209 40.6833 74.3398 37.6265 74.3398 34.0752C74.3398 30.389 75.1346 27.2647 76.7253 24.7024C78.3611 22.1401 80.451 20.1846 82.9952 18.8359C85.585 17.4424 88.2885 16.7456 91.1057 16.7456ZM90.7652 18.7011C89.4475 18.7011 88.2885 19.0832 87.2895 19.8474C86.3348 20.5667 85.5625 21.8703 84.9721 23.7584C84.4266 25.6015 84.1086 28.2088 84.018 31.5803H96.2172C96.7171 27.0399 96.5359 23.7584 95.6724 21.7354C94.8089 19.7125 93.1732 18.7011 90.7652 18.7011Z" fill="white"/>
<path d="M125.043 51.0676C121.953 51.0676 119.159 50.4158 116.66 49.1121C114.16 47.7635 112.184 45.8305 110.73 43.3131C109.321 40.7508 108.617 37.649 108.617 34.0078C108.617 30.3666 109.413 27.2647 111.003 24.7024C112.593 22.1401 114.706 20.1846 117.341 18.8359C120.022 17.4424 122.953 16.7456 126.133 16.7456C128.723 16.7456 130.927 17.1727 132.744 18.0268C134.561 18.8809 135.947 19.9823 136.902 21.3309C137.856 22.6345 138.333 24.0281 138.333 25.5116C138.333 26.7703 137.947 27.7367 137.174 28.4111C136.447 29.0853 135.493 29.4225 134.311 29.4225C133.039 29.4225 131.995 28.9729 131.177 28.0739C130.404 27.1748 129.95 26.0285 129.814 24.635C129.768 23.7359 129.768 22.9717 129.814 22.3423C129.904 21.713 129.904 21.1061 129.814 20.5217C129.632 19.7575 129.314 19.2406 128.859 18.9708C128.45 18.7011 127.86 18.5662 127.088 18.5662C124.225 18.5662 122.021 19.7125 120.477 22.0052C118.977 24.2528 118.227 27.9165 118.227 32.9963C118.227 37.3568 119.068 40.7058 120.749 43.0434C122.43 45.381 125.043 46.5498 128.586 46.5498C130.677 46.5498 132.403 46.1677 133.767 45.4034C135.129 44.5943 136.379 43.448 137.515 41.9645L138.606 42.7737C137.47 45.4709 135.72 47.5388 133.357 48.9772C131.04 50.3708 128.268 51.0676 125.043 51.0676Z" fill="white"/>
<path d="M140.628 50.1236V48.775L141.514 48.5053C143.15 48.0108 143.967 46.8869 143.967 45.1337V10.4072C143.967 9.46321 143.809 8.76643 143.491 8.31689C143.173 7.82236 142.559 7.46278 141.651 7.23798L140.628 6.96825V5.6871L152.146 2.7876L153.237 3.39447L152.964 12.9021V21.5332C154.555 20.2295 156.281 19.1057 158.144 18.1617C160.052 17.2177 162.097 16.7456 164.278 16.7456C167.277 16.7456 169.617 17.5773 171.298 19.2406C173.024 20.9039 173.888 23.4662 173.888 26.9276V45.2012C173.888 46.1002 174.07 46.8195 174.433 47.359C174.797 47.8984 175.433 48.303 176.342 48.5727L176.955 48.775V50.1236H161.416V48.775L162.234 48.5053C163.869 48.0557 164.687 46.9319 164.687 45.1337V25.6464C164.687 23.8034 164.369 22.5222 163.733 21.8029C163.097 21.0837 161.984 20.724 160.393 20.724C159.303 20.724 158.144 20.9263 156.917 21.3309C155.736 21.7355 154.487 22.4098 153.169 23.3538V45.2686C153.169 46.1677 153.351 46.8869 153.714 47.4264C154.077 47.9658 154.691 48.348 155.554 48.5727L156.167 48.775V50.1236L140.628 50.1236Z" fill="white"/>
<path d="M196.734 51.0676C193.372 51.0676 190.418 50.3708 187.874 48.9772C185.375 47.5837 183.421 45.6058 182.012 43.0434C180.649 40.4811 179.968 37.4242 179.968 33.8729C179.968 30.3215 180.694 27.2647 182.148 24.7024C183.648 22.1401 185.647 20.1846 188.146 18.8359C190.691 17.4424 193.553 16.7456 196.734 16.7456C199.915 16.7456 202.754 17.4424 205.253 18.8359C207.798 20.1846 209.797 22.1401 211.251 24.7024C212.75 27.2198 213.5 30.2766 213.5 33.8729C213.5 37.4242 212.796 40.5035 211.387 43.1109C210.024 45.6732 208.093 47.6512 205.594 49.0447C203.095 50.3933 200.142 51.0676 196.734 51.0676ZM196.734 49.1796C198.369 49.1796 199.687 48.7525 200.687 47.8984C201.732 46.9993 202.482 45.4484 202.936 43.2457C203.39 41.043 203.618 37.9636 203.618 34.0078C203.618 30.0069 203.39 26.9051 202.936 24.7024C202.482 22.4547 201.732 20.9038 200.687 20.0497C199.687 19.1507 198.369 18.7011 196.734 18.7011C195.098 18.7011 193.78 19.1507 192.781 20.0497C191.782 20.9038 191.032 22.4547 190.532 24.7024C190.078 26.9051 189.85 30.0069 189.85 34.0078C189.85 37.9636 190.078 41.043 190.532 43.2457C191.032 45.4484 191.782 46.9993 192.781 47.8984C193.78 48.7525 195.098 49.1796 196.734 49.1796Z" fill="white"/>
<path d="M19.851 31.1743C19.851 45.9125 27.2427 56.2352 30.8683 60.3905C32.079 61.7781 31.767 62.4352 29.9322 62.2793C13.4366 60.8757 0.5 47.4855 0.5 31.1743C0.5 14.5469 13.943 0.954861 30.8953 0.00118455C31.5519 -0.0357474 31.9018 0.79971 31.4502 1.27776C28.132 4.79122 19.851 15.1633 19.851 31.1743Z" fill="white"/>
<path d="M45.4656 31.1876C45.4656 42.1671 41.9304 51.0676 38.3656 51.0676C34.8008 51.0676 31.2656 42.1671 31.2656 31.1876C31.2656 20.2082 34.8009 11.3076 38.3656 11.3076C41.9303 11.3076 45.4656 20.2082 45.4656 31.1876Z" fill="white"/>
</g>
</g>
<defs>
<clipPath id="clip0_105_3432">
<rect width="213.24" height="61.9812" fill="white" transform="translate(0.612305 0.481934)"/>
</clipPath>
<clipPath id="clip1_105_3432">
<rect width="213" height="62.3018" fill="white" transform="translate(0.5)"/>
</clipPath>
</defs>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 5.5 KiB

17
docs/assets/images/partner_logo_minimus.svg
View File

@@ -1,17 +0,0 @@
<svg width="123" height="113" viewBox="0 0 123 113" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3430)">
<path d="M15.33 112.944H13.0356V102.463C13.0356 101.776 12.8778 101.217 12.5647 100.784C12.2516 100.333 11.7506 100.107 11.0643 100.107C10.4181 100.107 9.887 100.353 9.47629 100.844C9.08299 101.315 8.88765 102.052 8.88765 103.051V112.944H6.59327V102.345C6.59327 101.699 6.41796 101.168 6.06471 100.756C5.71157 100.325 5.24067 100.109 4.65203 100.109C3.94574 100.109 3.39715 100.365 3.00395 100.875C2.63068 101.386 2.44535 102.052 2.44535 102.876V112.944H0.148438V98.3424H2.44282V99.9321H2.79607C3.05149 99.2448 3.42477 98.7441 3.91316 98.431C4.40409 98.0968 4.98271 97.9292 5.64895 97.9292C6.35534 97.9292 6.93387 98.1147 7.38473 98.4879C7.85562 98.8621 8.17883 99.3428 8.35667 99.9321H8.70981C9.37604 98.5986 10.4356 97.9292 11.8883 97.9292C12.9879 97.9292 13.8296 98.2824 14.4182 98.9897C15.0269 99.676 15.3299 100.578 15.3299 101.699L15.33 112.944Z" fill="white"/>
<path d="M24.2491 93.9842C24.2491 93.456 24.432 93.0101 24.7952 92.6433C25.1784 92.2606 25.6343 92.0698 26.1627 92.0698C26.6913 92.0698 27.1371 92.2606 27.5029 92.6433C27.8861 93.0101 28.0765 93.4561 28.0765 93.9842C28.0765 94.5134 27.8861 94.9698 27.5029 95.3525C27.1371 95.7183 26.6913 95.8996 26.1627 95.8996C25.6343 95.8996 25.1784 95.7162 24.7952 95.3525C24.4295 94.9698 24.2491 94.5134 24.2491 93.9842ZM20.1738 110.825H25.2936V100.463H21.2033V98.3431H27.588V110.825H32.3546V112.945H20.1738V110.825Z" fill="white"/>
<path d="M39.4916 112.943H37.1973V98.3422H39.4916V100.816H39.8448C40.7465 98.8946 42.317 97.9321 44.5513 97.9321C46.2395 97.9321 47.582 98.4603 48.5815 99.5207C49.5809 100.56 50.0819 102.132 50.0819 104.23V112.943H47.7875V104.701C47.7875 103.169 47.4444 102.021 46.758 101.257C46.0717 100.493 45.14 100.11 43.9627 100.11C42.57 100.11 41.4704 100.591 40.6664 101.553C39.8824 102.496 39.4891 103.761 39.4891 105.349V112.946L39.4916 112.943Z" fill="white"/>
<path d="M87.1294 112.944H84.8347V102.463C84.8347 101.776 84.6769 101.217 84.3638 100.784C84.0507 100.333 83.5498 100.107 82.8635 100.107C82.2172 100.107 81.6862 100.353 81.2754 100.844C80.8822 101.315 80.6869 102.052 80.6869 103.051V112.944H78.3925V102.345C78.3925 101.699 78.2171 101.168 77.8639 100.756C77.5108 100.325 77.0399 100.109 76.4513 100.109C75.7449 100.109 75.1964 100.365 74.8031 100.875C74.4299 101.386 74.2446 102.052 74.2446 102.876V112.944H71.9502V98.3424H74.2446V99.9321H74.5977C74.8533 99.2448 75.2264 98.7441 75.7148 98.431C76.2057 98.0968 76.7844 97.9292 77.4507 97.9292C78.157 97.9292 78.7356 98.1147 79.1865 98.4879C79.6574 98.8621 79.9805 99.3428 80.1583 99.9321H80.5115C81.1778 98.5986 82.2372 97.9292 83.6901 97.9292C84.7897 97.9292 85.6312 98.2824 86.2199 98.9897C86.829 99.676 87.1315 100.578 87.1315 101.699V112.944H87.1294Z" fill="white"/>
<path d="M102.564 97.9292H104.858V112.529H102.564V109.881H102.211C101.74 110.824 101.121 111.57 100.357 112.119C99.5933 112.667 98.6214 112.944 97.4439 112.944C96.6396 112.944 95.8932 112.806 95.207 112.533C94.5408 112.276 93.962 111.885 93.4708 111.354C93.0006 110.826 92.6275 110.167 92.3544 109.383C92.0983 108.597 91.9707 107.685 91.9707 106.646V97.9324H94.2656V106.352C94.2656 107.884 94.5787 109.001 95.207 109.708C95.8353 110.415 96.7946 110.768 98.0901 110.768C99.4827 110.768 100.573 110.297 101.356 109.354C102.16 108.393 102.564 107.116 102.564 105.528V97.9292Z" fill="white"/>
<path d="M112.703 101.699C112.703 102.405 112.996 102.944 113.585 103.318C114.193 103.691 115.29 103.937 116.88 104.055C118.587 104.192 119.881 104.603 120.766 105.29C121.667 105.956 122.118 106.939 122.118 108.234V108.409C122.118 109.117 121.971 109.753 121.678 110.325C121.401 110.873 121.011 111.344 120.5 111.737C120.009 112.132 119.401 112.425 118.676 112.62C117.97 112.836 117.196 112.943 116.352 112.943C115.215 112.943 114.233 112.796 113.409 112.502C112.606 112.189 111.929 111.786 111.377 111.295C110.849 110.783 110.446 110.214 110.17 109.588C109.895 108.941 109.739 108.292 109.699 107.645L111.876 107.117C111.974 108.234 112.404 109.139 113.172 109.826C113.935 110.492 114.957 110.825 116.232 110.825C117.311 110.825 118.174 110.62 118.822 110.207C119.488 109.776 119.821 109.177 119.821 108.409C119.821 107.585 119.498 106.997 118.849 106.643C118.203 106.289 117.153 106.064 115.701 105.966C114.013 105.849 112.72 105.455 111.816 104.788C110.915 104.122 110.463 103.149 110.463 101.874V101.699C110.463 101.011 110.611 100.412 110.904 99.9012C111.197 99.3731 111.59 98.9293 112.082 98.5761C112.593 98.2219 113.161 97.9563 113.787 97.7813C114.416 97.6063 115.072 97.5156 115.759 97.5156C116.72 97.5156 117.562 97.6537 118.289 97.9268C119.015 98.1819 119.623 98.5255 120.112 98.9567C120.602 99.3678 120.976 99.8485 121.229 100.4C121.505 100.949 121.68 101.498 121.758 102.05L119.581 102.578C119.483 101.635 119.1 100.898 118.434 100.37C117.788 99.8411 116.933 99.5755 115.873 99.5755C115.463 99.5755 115.06 99.6261 114.666 99.7241C114.293 99.801 113.96 99.9286 113.667 100.107C113.374 100.283 113.139 100.511 112.961 100.784C112.786 101.04 112.695 101.342 112.695 101.695L112.703 101.699Z" fill="white"/>
<path d="M58.9985 93.9842C58.9985 93.456 59.1814 93.0101 59.5446 92.6433C59.9278 92.2606 60.3837 92.0698 60.9122 92.0698C61.4407 92.0698 61.8865 92.2606 62.2522 92.6433C62.6355 93.0101 62.8259 93.4561 62.8259 93.9842C62.8259 94.5134 62.6355 94.9698 62.2522 95.3525C61.8865 95.7183 61.4407 95.8996 60.9122 95.8996C60.3837 95.8996 59.9278 95.7162 59.5446 95.3525C59.1789 94.9698 58.9985 94.5134 58.9985 93.9842ZM54.9258 110.825H60.0455V100.463H55.9553V98.3431H62.3399V110.825H67.1065V112.945H54.9258V110.825Z" fill="white"/>
<path d="M25.8652 0V71.4913H97.3429V0H25.8652ZM61.8864 47.5845H58.2681V31.0561C58.2681 29.9728 58.02 29.0909 57.5238 28.4104C57.0273 27.6993 56.2396 27.3439 55.1563 27.3439C54.1336 27.3439 53.2987 27.7294 52.6481 28.5041C52.0278 29.2484 51.7192 30.4088 51.7192 31.9849V47.5845H48.0976V30.8716C48.0976 29.8488 47.8191 29.0139 47.2627 28.3633C46.706 27.6826 45.9617 27.3405 45.0327 27.3405C43.9196 27.3405 43.051 27.7428 42.4341 28.5478C41.8473 29.3523 41.5521 30.4055 41.5521 31.7031V47.5812H37.9305V24.554H41.5521V27.0623H42.1087C42.511 25.9791 43.0981 25.191 43.8725 24.6948C44.6471 24.1683 45.5592 23.9065 46.6121 23.9065C47.7255 23.9065 48.6409 24.2017 49.3517 24.7885C50.0927 25.3756 50.6059 26.1332 50.8843 27.0623H51.4408C52.4939 24.9563 54.1637 23.9065 56.4539 23.9065C58.1875 23.9065 59.5189 24.4635 60.4477 25.5765C61.4069 26.6598 61.8864 28.0851 61.8864 29.8488V47.5845ZM85.2771 37.433H68.4942V34.0585H85.2771V37.433Z" fill="white"/>
</g>
<defs>
<clipPath id="clip0_105_3430">
<rect width="121.97" height="112.945" fill="white" transform="translate(0.148438)"/>
</clipPath>
</defs>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 6.6 KiB

15
docs/assets/images/partner_logo_root.svg
View File

@@ -1,15 +0,0 @@
<svg width="195" height="45" viewBox="0 0 195 45" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3431)">
<path d="M90.2387 8.59574C86.5111 8.59574 83.6196 9.64525 81.5667 11.7397C79.5094 13.8342 78.4814 16.7784 78.4814 20.5738V43.2223H83.6775V21.0333C83.6775 18.4579 84.3028 16.5279 85.561 15.2417C86.8162 13.9525 88.5701 13.3086 90.8226 13.3086C91.6905 13.3086 92.5979 13.4177 93.5527 13.6359V8.98758C92.7717 8.72485 91.6691 8.59424 90.2402 8.59424" fill="white"/>
<path d="M126.189 13.6696C122.833 10.289 118.644 8.59717 113.619 8.59717C108.594 8.59717 104.404 10.289 101.049 13.6696C97.6938 17.0534 96.0176 21.296 96.0176 26.4007C96.0176 31.5054 97.6815 35.7634 101.018 39.1655C104.352 42.5676 108.554 44.2702 113.619 44.2702C118.684 44.2702 122.885 42.5691 126.222 39.1655C129.556 35.7634 131.223 31.5069 131.223 26.4007C131.223 21.2945 129.547 17.0534 126.189 13.6696ZM122.455 35.7941C120.117 38.3035 117.17 39.5588 113.619 39.5588C110.068 39.5588 107.134 38.3127 104.816 35.828C102.501 33.34 101.343 30.1961 101.343 26.4007C101.343 22.6052 102.502 19.4642 104.816 16.9765C107.134 14.4887 110.068 13.2455 113.619 13.2455C117.17 13.2455 120.117 14.4887 122.455 16.9765C124.795 19.4642 125.964 22.6051 125.964 26.4007C125.964 30.1963 124.795 33.2848 122.455 35.7941Z" fill="white"/>
<path d="M166.919 13.6696C163.564 10.289 159.375 8.59717 154.349 8.59717C149.324 8.59717 145.134 10.289 141.78 13.6696C138.424 17.0534 136.748 21.296 136.748 26.4007C136.748 31.5054 138.412 35.7634 141.749 39.1655C145.082 42.5676 149.285 44.2702 154.349 44.2702C159.415 44.2702 163.616 42.5691 166.952 39.1655C170.287 35.7634 171.954 31.5069 171.954 26.4007C171.954 21.2945 170.275 17.0534 166.919 13.6696ZM163.187 35.7941C160.845 38.3035 157.9 39.5588 154.349 39.5588C150.799 39.5588 147.865 38.3127 145.547 35.828C143.232 33.34 142.074 30.1961 142.074 26.4007C142.074 22.6052 143.233 19.4642 145.547 16.9765C147.865 14.4887 150.799 13.2455 154.349 13.2455C157.9 13.2455 160.845 14.4887 163.187 16.9765C165.525 19.4642 166.694 22.6051 166.694 26.4007C166.694 30.1963 165.525 33.2848 163.187 35.7941Z" fill="white"/>
<path d="M182.225 9.6446L179.975 14.2284H194.612V9.6446H182.225ZM185.077 37.1658C183.778 35.8796 183.128 33.9727 183.128 31.4403V0.675293H177.932V31.9643C177.932 35.8042 178.959 38.7485 181.017 40.7983C183.074 42.8498 185.987 43.8731 189.754 43.8731C191.183 43.8731 192.436 43.655 193.521 43.2201V38.6378C192.74 38.9436 191.747 39.0974 190.532 39.0974C188.195 39.0974 186.379 38.455 185.075 37.1642" fill="white"/>
<path d="M43.0491 0.675293C30.0883 0.675293 19.5439 11.2994 19.5439 24.3582V43.417H33.8967V24.3582C33.8967 19.2737 38.0028 15.1366 43.0491 15.1366H53.3235V0.675293H43.0491Z" fill="white"/>
<path d="M0.118164 12.0776V26.5389H10.3926C15.4389 26.5389 19.545 30.6759 19.545 35.7604V43.4164H33.8978V35.7604C33.8978 22.7017 23.3534 12.0776 10.3926 12.0776L0.118164 12.0776Z" fill="white"/>
</g>
<defs>
<clipPath id="clip0_105_3431">
<rect width="194.494" height="43.5947" fill="white" transform="translate(0.118164 0.675293)"/>
</clipPath>
</defs>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.0 KiB

136
docs/assets/images/partners_hero_stage_full.svg
View File

@@ -1,136 +0,0 @@
<svg width="955" height="552" viewBox="0 0 955 552" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3404)">
<path style="mix-blend-mode:screen" d="M477.5 550.515C739.041 550.515 951.062 493.881 951.062 424.02C951.062 354.159 739.041 297.525 477.5 297.525C215.959 297.525 3.93848 354.159 3.93848 424.02C3.93848 493.881 215.959 550.515 477.5 550.515Z" fill="url(#paint0_radial_105_3404)"/>
<path d="M477.429 517.872C662.885 517.872 813.227 471.96 813.227 415.324C813.227 358.688 662.885 312.776 477.429 312.776C291.972 312.776 141.63 358.688 141.63 415.324C141.63 471.96 291.972 517.872 477.429 517.872Z" fill="url(#paint1_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M477.499 483.397C408.305 483.397 346.09 475.886 297.949 462.558C257.175 451.269 232.037 437.294 221.353 422.418C212.469 410.048 214.366 398.034 224.335 386.952C232.921 377.408 247.227 368.914 265.452 361.526C281.004 355.221 298.91 349.929 318.43 345.55C335.215 341.785 353.006 338.733 371.507 336.329C388.652 334.101 406.148 332.463 423.91 331.372C441.601 330.285 459.458 329.75 477.499 329.75C495.541 329.75 513.398 330.285 531.089 331.372C548.851 332.463 566.347 334.101 583.492 336.329C601.993 338.733 619.784 341.785 636.569 345.55C656.089 349.929 673.995 355.221 689.547 361.526C707.771 368.914 722.078 377.408 730.664 386.952C740.633 398.034 742.53 410.048 733.646 422.418C722.962 437.294 697.824 451.269 657.05 462.558C608.908 475.886 546.694 483.397 477.499 483.397ZM477.499 332.335C409.79 332.335 332.638 342.537 291.568 361.526C217.996 395.542 266.477 452.503 477.499 452.503C688.522 452.503 737.002 395.542 663.431 361.526C622.361 342.537 545.209 332.335 477.499 332.335Z" fill="url(#paint2_linear_105_3404)"/>
<path d="M477.499 483.397C408.305 483.397 346.09 475.886 297.949 462.558C257.175 451.269 232.037 437.294 221.353 422.418C212.469 410.048 214.366 398.034 224.335 386.952C232.921 377.408 247.227 368.914 265.452 361.526C281.004 355.221 298.91 349.929 318.43 345.55C335.215 341.785 353.006 338.733 371.507 336.329C388.652 334.101 406.148 332.463 423.91 331.372C441.601 330.285 459.458 329.75 477.499 329.75C495.541 329.75 513.398 330.285 531.089 331.372C548.851 332.463 566.347 334.101 583.492 336.329C601.993 338.733 619.784 341.785 636.569 345.55C656.089 349.929 673.995 355.221 689.547 361.526C707.771 368.914 722.078 377.408 730.664 386.952C740.633 398.034 742.53 410.048 733.646 422.418C722.962 437.294 697.824 451.269 657.05 462.558C608.908 475.886 546.694 483.397 477.499 483.397ZM477.499 332.335C409.79 332.335 332.638 342.537 291.568 361.526C217.996 395.542 266.477 452.503 477.499 452.503C688.522 452.503 737.002 395.542 663.431 361.526C622.361 342.537 545.209 332.335 477.499 332.335Z" fill="url(#paint3_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M259.918 195.625V396.907C259.918 421.741 335.038 450.272 479.289 450.272C623.54 450.272 694.755 421.741 694.755 396.907V195.625H259.918Z" fill="url(#paint4_radial_105_3404)" style="mix-blend-mode:screen"/>
</g>
<rect x="270" width="127.4" height="127.4" rx="63.7" fill="url(#paint5_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M308.683 38.6782V88.7221H358.717V38.6782H308.683ZM333.897 71.9874H331.365V60.4175C331.365 59.6592 331.191 59.0418 330.844 58.5655C330.496 58.0677 329.945 57.8189 329.186 57.8189C328.47 57.8189 327.886 58.0888 327.431 58.6311C326.996 59.1521 326.78 59.9644 326.78 61.0677V71.9874H324.245V60.2883C324.245 59.5724 324.05 58.988 323.661 58.5325C323.271 58.056 322.75 57.8166 322.1 57.8166C321.321 57.8166 320.713 58.0982 320.281 58.6617C319.87 59.2249 319.663 59.962 319.663 60.8704V71.985H317.128V55.8661H319.663V57.6218H320.053C320.335 56.8636 320.746 56.3119 321.288 55.9646C321.83 55.596 322.468 55.4128 323.205 55.4128C323.985 55.4128 324.626 55.6194 325.123 56.0302C325.642 56.4411 326.001 56.9715 326.196 57.6218H326.585C327.323 56.1476 328.492 55.4128 330.095 55.4128C331.308 55.4128 332.24 55.8026 332.89 56.5818C333.562 57.3401 333.897 58.3378 333.897 59.5724V71.9874ZM350.271 64.8814H338.523V62.5192H350.271V64.8814Z" fill="white"/>
<rect x="582" y="53" width="127.4" height="127.4" rx="63.7" fill="url(#paint6_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M657.129 101.741C648.057 101.741 640.676 109.178 640.676 118.319V131.66H650.723V118.319C650.723 114.76 653.597 111.864 657.129 111.864H664.322V101.741H657.129Z" fill="white"/>
<path d="M627.078 109.722V119.845H634.27C637.803 119.845 640.677 122.741 640.677 126.3V131.659H650.724V126.3C650.724 117.159 643.343 109.722 634.27 109.722L627.078 109.722Z" fill="white"/>
<rect x="413" y="142" width="127.4" height="127.4" rx="63.7" fill="url(#paint7_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M474.372 205.716C474.372 215.983 479.546 223.174 482.084 226.069C482.931 227.035 482.713 227.493 481.429 227.384C469.882 226.407 460.826 217.079 460.826 205.716C460.826 194.134 470.236 184.665 482.103 184.001C482.562 183.975 482.807 184.557 482.491 184.89C480.169 187.338 474.372 194.563 474.372 205.716Z" fill="white"/>
<path d="M492.574 205.7C492.574 213.349 490.099 219.549 487.604 219.549C485.108 219.549 482.634 213.349 482.634 205.7C482.634 198.052 485.108 191.852 487.604 191.852C490.099 191.852 492.574 198.052 492.574 205.7Z" fill="white"/>
<defs>
<radialGradient id="paint0_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(477.5 424.02) scale(473.592 126.487)">
<stop offset="0.21561" stop-opacity="0"/>
<stop offset="0.35857" stop-color="#000001" stop-opacity="0.01719"/>
<stop offset="0.41007" stop-color="#000008" stop-opacity="0.07948"/>
<stop offset="0.44677" stop-color="#000014" stop-opacity="0.18793"/>
<stop offset="0.47644" stop-color="#000025" stop-opacity="0.34281"/>
<stop offset="0.50185" stop-color="#00003B" stop-opacity="0.54446"/>
<stop offset="0.52396" stop-color="#000055" stop-opacity="0.78851"/>
<stop offset="0.53903" stop-color="#00006D"/>
<stop offset="0.61684" stop-color="#00004F" stop-opacity="0.73138"/>
<stop offset="0.72594" stop-color="#00002D" stop-opacity="0.41483"/>
<stop offset="0.82925" stop-color="#000014" stop-opacity="0.18628"/>
<stop offset="0.92338" stop-color="#000005" stop-opacity="0.048"/>
<stop offset="1" stop-opacity="0"/>
</radialGradient>
<radialGradient id="paint1_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.404 415.324) scale(334.454 101.214)">
<stop offset="0.37547" stop-opacity="0"/>
<stop offset="0.52923" stop-color="#000001" stop-opacity="0.01"/>
<stop offset="0.58463" stop-color="#000308" stop-opacity="0.03399"/>
<stop offset="0.62411" stop-color="#000914" stop-opacity="0.08036"/>
<stop offset="0.65606" stop-color="#001025" stop-opacity="0.14667"/>
<stop offset="0.6834" stop-color="#001A3B" stop-opacity="0.23299"/>
<stop offset="0.70763" stop-color="#002656" stop-opacity="0.33967"/>
<stop offset="0.72955" stop-color="#003577" stop-opacity="0.46688"/>
<stop offset="0.74969" stop-color="#00469C" stop-opacity="0.61488"/>
<stop offset="0.76843" stop-color="#0059C7" stop-opacity="0.78417"/>
<stop offset="0.78506" stop-color="#006DF5" stop-opacity="0.96381"/>
<stop offset="0.7881" stop-color="#0072FF"/>
<stop offset="0.79431" stop-color="#0067E7" stop-opacity="0.90832"/>
<stop offset="0.80858" stop-color="#0052B7" stop-opacity="0.71982"/>
<stop offset="0.82404" stop-color="#003E8B" stop-opacity="0.54822"/>
<stop offset="0.84034" stop-color="#002D66" stop-opacity="0.40029"/>
<stop offset="0.8577" stop-color="#001F46" stop-opacity="0.27587"/>
<stop offset="0.87644" stop-color="#00132C" stop-opacity="0.17473"/>
<stop offset="0.89707" stop-color="#000B18" stop-opacity="0.09676"/>
<stop offset="0.92064" stop-color="#00040A" stop-opacity="0.04174"/>
<stop offset="0.94961" stop-color="#000102" stop-opacity="0.01"/>
<stop offset="1" stop-opacity="0"/>
</radialGradient>
<linearGradient id="paint2_linear_105_3404" x1="215.656" y1="406.574" x2="739.343" y2="406.574" gradientUnits="userSpaceOnUse">
<stop stop-color="#0F0F4D" stop-opacity="0"/>
<stop offset="0.06993" stop-color="#09092F" stop-opacity="0.38183"/>
<stop offset="0.5"/>
<stop offset="0.93423" stop-color="#141437" stop-opacity="0.3394"/>
<stop offset="1" stop-color="#1F1F54" stop-opacity="0"/>
</linearGradient>
<radialGradient id="paint3_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(479.469 413.466) scale(288.083 84.978)">
<stop offset="0.34944" stop-color="#0000FF"/>
<stop offset="0.38473" stop-color="#0000DF" stop-opacity="0.87819"/>
<stop offset="0.45062" stop-color="#0000AC" stop-opacity="0.67456"/>
<stop offset="0.51936" stop-color="#00007D" stop-opacity="0.49409"/>
<stop offset="0.58969" stop-color="#000057" stop-opacity="0.3418"/>
<stop offset="0.66193" stop-color="#000037" stop-opacity="0.21771"/>
<stop offset="0.73665" stop-color="#00001F" stop-opacity="0.12169"/>
<stop offset="0.81499" stop-color="#00000D" stop-opacity="0.05347"/>
<stop offset="0.89922" stop-color="#000003" stop-opacity="0.01299"/>
<stop offset="1" stop-opacity="0"/>
</radialGradient>
<radialGradient id="paint4_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.238 239.456) scale(407.82 212.251)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<radialGradient id="paint5_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(333.378 21.9285) scale(119.484 106.189)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<radialGradient id="paint6_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(645.378 74.9285) scale(119.484 106.189)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<radialGradient id="paint7_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.378 163.928) scale(119.484 106.189)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<clipPath id="clip0_105_3404">
<rect width="955" height="356.375" fill="white" transform="translate(0 195.625)"/>
</clipPath>
</defs>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

1
docs/assets/images/trivy_logo_horizontal_white.svg
View File

@@ -1 +0,0 @@
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 1920 891" style="enable-background:new 0 0 1920 891" xml:space="preserve"><style>.st0{fill:#fff}.st1{fill:#50f0ff}</style><path class="st0" d="M1421.86 281.92h-46.97c-25.9 0-46.97-21.07-46.97-46.97s21.07-46.97 46.97-46.97 46.97 21.07 46.97 46.97v46.97zm-46.97-74.87c-15.38 0-27.9 12.52-27.9 27.9 0 15.38 12.52 27.9 27.9 27.9h27.9v-27.9c0-15.38-12.51-27.9-27.9-27.9zM1737.06 281.92h-46.97c-25.9 0-46.97-21.07-46.97-46.97s21.07-46.97 46.97-46.97 46.97 21.07 46.97 46.97v46.97zm-46.97-74.87c-15.38 0-27.9 12.52-27.9 27.9 0 15.38 12.52 27.9 27.9 27.9h27.9v-27.9c-.01-15.38-12.52-27.9-27.9-27.9zM1585.02 281.94c-25.91 0-46.99-21.08-46.99-46.99v-44.08h19.08v44.08c0 15.39 12.52 27.91 27.91 27.91s27.91-12.52 27.91-27.91v-44.08h19.09v44.08c-.01 25.91-21.1 46.99-47 46.99zM1479.94 187.98c-25.9 0-46.97 21.07-46.97 46.97s21.07 46.97 46.97 46.97l19.07-19.07h-19.07c-15.38 0-27.9-12.52-27.9-27.9 0-15.38 12.52-27.9 27.9-27.9 15.38 0 27.9 12.52 27.9 27.9v91.8h19.07v-91.8c0-25.9-21.07-46.97-46.97-46.97zM942.76 588.45v46.29c-31.53 0-59.94-11.34-82.34-30.14-28.15-23.63-46.04-59.08-46.04-98.71V274.06h46.04v105.2h82.34v46.59h-82.34v81.19c.63 45.06 37.13 81.41 82.34 81.41zM1106.82 379.26v45.98c-43.65.1-79.18 34.71-80.78 77.98v131.52h-46.12V379.26h46.12v29.16c21.93-18.18 50.08-29.12 80.78-29.16zM1136.4 353.72v-40.29h46.05v40.29h-46.05zm0 281.02V379.26h46.05v255.48h-46.05zM1464.76 379.26l-127.64 255.48-127.8-255.48h52.33l75.47 150.88 75.31-150.88h52.33zM1740.81 379.26v297.8c0 71.31-58.52 128.26-127.83 128.2-32.47.03-62.55-12.29-85.37-32.76l33.1-33.09c14.13 11.97 32.36 19.22 52.28 19.2 44.86 0 81.17-36.69 81.17-81.55v-71.39c-22.26 18.42-50.67 29.09-81.17 29.06-69.46.06-127.95-56-127.95-127.85V379.24h46.64l.02 127.64c0 44.67 36.39 81.6 81.28 81.55 44.86 0 81.17-36.69 81.17-81.55V379.26h46.66z"/><path class="st1" d="M428.54 364.9h.12c6.56.01 11.98-5.03 11.98-11.58V135.99l-12.23-6.83-12.18 6.8v217.36c0 6.56 5.43 11.61 11.98 11.58h.33z"/><path d="M355.18 463.55 153.55 598.87v15.41l11.49 6.29 203.73-136.73c5.23-3.51 6.53-10.52 3.15-15.84-.14-.23-.29-.45-.43-.68-3.5-5.62-10.81-7.46-16.31-3.77z" style="fill:#0744dd"/><path d="m488.27 483.95 203.55 136.61 11.45-6.28v-15.44L501.86 463.66c-5.51-3.7-12.82-1.87-16.32 3.76-.13.21-.27.43-.4.64-3.41 5.34-2.12 12.37 3.13 15.89z" style="fill:#ffc900"/><path class="st0" d="M727.69 282.29v-13.96l-12.5-6.98-.93-.49-273.93-152.99-11.92-6.64-11.87 6.64-273.98 152.99-.93.49-12.5 6.98v13.96l-.93.54.93.49v345.42l12.69 6.94 266.85 146.2 3.37 1.85 16.41 8.98 16.36-8.98 3.37-1.85 266.85-146.2 12.65-6.94V283.37l.98-.54-.97-.54zM440.95 758.05V511.4c0-6.72-5.5-12.22-12.22-12.21h-.32c-6.72-.01-12.22 5.49-12.22 12.21v246.64L165.04 620.57l-11.49-6.29V294.7l199.98 109.56c5.77 3.16 13.1 1.04 16.28-4.72l.14-.26c3.22-5.83 1.08-13.22-4.76-16.42L167.81 274.72l248.42-138.75 12.18-6.8 12.23 6.83 248.37 138.73-197.54 108.22c-5.81 3.18-7.63 10.45-4.41 16.24.05.1.11.2.16.29 3.16 5.73 10.22 8.01 15.96 4.86L703.27 294.7v319.59l-11.45 6.28-250.87 137.48z"/><circle cx="428.54" cy="432.05" r="35.42" style="fill:#ff0036"/><path class="st1" d="M617.65 262.99 426.32 155.74c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l191.33 107.25c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM533.81 271.27l-107.48-60.25c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l107.48 60.25c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.97-16.62 4.68zM569.02 291c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68 5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM462.29 288.33l-35.7-20.01c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l35.7 20.01c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68zM516.16 321.21l-20.67-11.58c-5.88-3.3-7.98-10.74-4.68-16.62 3.3-5.88 10.74-7.98 16.62-4.68l20.67 11.58c5.88 3.3 7.98 10.74 4.68 16.62-3.3 5.88-10.74 7.98-16.62 4.68z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 3.9 KiB

9
docs/assets/javascripts/trivy_v1_homepage.js
View File

File diff suppressed because one or more lines are too long

6
docs/build/Dockerfile vendored
View File

@@ -1,6 +0,0 @@
FROM squidfunk/mkdocs-material:9.5.44
# https://squidfunk.github.io/mkdocs-material/getting-started/?h=macros#with-docker-material-for-mkdocs
COPY requirements.txt .
RUN pip install -r requirements.txt

3
docs/build/requirements.in vendored
View File

@@ -1,3 +0,0 @@
mkdocs-material==9.5.44
mkdocs-macros-plugin
mike

114
docs/build/requirements.txt vendored
View File

@@ -1,114 +0,0 @@
#
# This file is autogenerated by pip-compile with Python 3.13
# by the following command:
#
# pip-compile --output-file=docs/build/requirements.txt docs/build/requirements.in
#
babel==2.16.0
# via mkdocs-material
certifi==2024.8.30
# via requests
charset-normalizer==3.4.0
# via requests
click==8.1.7
# via mkdocs
colorama==0.4.6
# via mkdocs-material
ghp-import==2.1.0
# via mkdocs
hjson==3.1.0
# via
# mkdocs-macros-plugin
# super-collections
idna==3.10
# via requests
importlib-metadata==8.5.0
# via mike
importlib-resources==6.4.5
# via mike
jinja2==3.1.4
# via
# mike
# mkdocs
# mkdocs-macros-plugin
# mkdocs-material
markdown==3.7
# via
# mkdocs
# mkdocs-material
# pymdown-extensions
markupsafe==3.0.2
# via
# jinja2
# mkdocs
mergedeep==1.3.4
# via
# mkdocs
# mkdocs-get-deps
mike==2.1.3
# via -r docs/build/requirements.in
mkdocs==1.6.1
# via
# mike
# mkdocs-macros-plugin
# mkdocs-material
mkdocs-get-deps==0.2.0
# via mkdocs
mkdocs-macros-plugin==1.3.7
# via -r docs/build/requirements.in
mkdocs-material==9.5.44
# via -r docs/build/requirements.in
mkdocs-material-extensions==1.3.1
# via mkdocs-material
packaging==24.2
# via
# mkdocs
# mkdocs-macros-plugin
paginate==0.5.7
# via mkdocs-material
pathspec==0.12.1
# via
# mkdocs
# mkdocs-macros-plugin
platformdirs==4.3.6
# via mkdocs-get-deps
pygments==2.18.0
# via mkdocs-material
pymdown-extensions==10.12
# via mkdocs-material
pyparsing==3.2.0
# via mike
python-dateutil==2.9.0.post0
# via
# ghp-import
# mkdocs-macros-plugin
pyyaml==6.0.2
# via
# mike
# mkdocs
# mkdocs-get-deps
# mkdocs-macros-plugin
# pymdown-extensions
# pyyaml-env-tag
pyyaml-env-tag==0.1
# via
# mike
# mkdocs
regex==2024.11.6
# via mkdocs-material
requests==2.32.3
# via mkdocs-material
six==1.16.0
# via python-dateutil
super-collections==0.5.3
# via mkdocs-macros-plugin
termcolor==2.5.0
# via mkdocs-macros-plugin
urllib3==2.2.3
# via requests
verspec==0.1.0
# via mike
watchdog==6.0.0
# via mkdocs
zipp==3.21.0
# via importlib-metadata

86
docs/commercial/compare.md
View File

@@ -1,86 +0,0 @@
# Aqua Security is the home of Trivy
Trivy is proudly maintained by [Aqua Security](https://aquasec.com).
If you liked Trivy, you will love Aqua which builds on top of Trivy to provide even more enhanced capabilities for a complete security management offering.
In this page you can find a high level comparison between Trivy Open Source and Aqua's commercial product.
If you'd like to learn more or request a demo, [click here to contact us](./contact.md).
## User experience
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Interface | CLI tool | CLI tool <br> Enterprise-grade web application <br> SaaS or on-prem |
| Search & Discover | - | Easily search for security issues across all workloads and infrastructure in your organization <br> Visually discover risks across your organization |
| User management | - | Multi account <br> Granular permissions (RBAC) <br> Single Sign On (SSO) |
| Support | Some skills required for setup and integration <br> Best effort community support | Personal onboarding by Aqua Customer Success <br> SLA backed professional support |
| Scalability & Availability | Single scan at a time | Centralized scanning service supports concurrent scans efficiently <br> Highly available production grade architecture |
| Rate limiting | Assets hosted on public free infrastructure and could be rate limited | Assets hosted on Aqua infrastructure and does not have limitations |
## Vulnerability scanning
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Vulnerabilities sources | Based on open source vulnerability feeds | Based on open source and commercial vulnerability feeds |
| New Vulnerabilities SLA | No SLA | Commercial level SLA |
| Package managers | Find packages in lock files | Find packages in lock files or reconstructed lock files |
| Vulnerability management | Manually ignore specific vulnerabilities by ID or property | Advanced vulnerability management solution <br> Vulnerability tracking and suppression <br> Incident lifecycle management |
| Vulnerability prioritization | Manually triage by severity | Multiple prioritization tools: <br> Accessibility of the affected resources <br> Exploitability of the vulnerability <br> Open Source packages health and trustworthiness score <br> Affected image layers |
| Reachability analysis | - | Analyze source code to eliminate vulnerabilities of unused dependencies |
| Contextual vulnerabilities | - | Reduce irrelevant vulnerabilities based on environmental factors (e.g. Spring4Shell not relevant due to JDK version) |
| Compiled binaries | Find embedded dependencies in Go and Rust binaries <br> Find SBOM by hash in public Sigstore | In addition, identify popular applications |
## Container scanning
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Windows containers | - | Support scanning windows containers |
| Scan container registries | - | Connect to any container registries and automatically scan it |
| Private registries | Standard registry authenticationCloud authentication with ECR, GCR, ACR | Supports registry specific authentication schemes |
| Layer cache | Local cache directory | Scalable Cloud cache |
## Advanced scanning
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Malware scanning | - | Scan container images for malware |
| Sandbox scanning | - | Use DTA (Dynamic threat analysis) to run and test container images' behavior to detect sophisticated threats |
| SAST (code scanning) | - | Analyze source code for security issues and vulnerabilities |
## Policy and enforcement
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Kubernetes admission | - | Validating Kubernetes Admission based on automatic or user defined policy |
| CI/CD policies | Can fail the entire build on any finding | Granular policies to fail builds based on custom criteria |
| Container engine | - | Block incompliant images from running at container engine level |
| Block vulnerable packages | - | vShield monitor and block usage of vulnerable packages |
## Secrets scanning
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Detected patterns | Basic patterns | Advanced patterns |
| Leaked secrets validation | - | Automatically checks if leaked secrets are valid and usable |
## IaC/CSPM scanning
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
| Infrastructure as Code (IaC) | Many popular languages as detailed [here](https://trivy.dev/latest/docs/scanner/misconfiguration/policy/builtin/) | In addition, Build Pipeline configuration scanning |
| Checks customization | Create custom checks with Rego | Create custom checks in no-code interface <br> Customize existing checks with organizational preferences |
| Cloud scanning | AWS (subset of services) | AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud |
| Compliance frameworks | CIS, NSA, vendor guides | More than 25 compliance programs |
| Custom compliance | Create in YAML | Create in a web UI |
| Remediation advice | Basic | AI powered specialized remediation guides |
## Kubernetes scanning
| Feature | Trivy OSS | Aqua |
| --- | --- | --- |
Scan initiation | CLI / Kubernetes Operator | Kubernetes Operator / Management web application |
Results consumption | kubectl / CRD / Prometheus exporter | In addition, Advanced UI dashboards, Automatic notifications and incident management flows |
Cluster discovery | Kubeconfig | Automatic discovery thorough cloud onboarding |
Workload image scanning | Scanning in cluster, requires capacity planning | Scanning offloaded to Aqua service, little impact on scanned clusters |
| Cluster scanning | CIS, NSA, PSS | More than 25 compliance programs |
| Scope | Single cluster | Multi cluster, Cloud relationship |
| Scalability | Reports limited by in-cluster etcd storage (size and number of reports) | Cloud-based storage (unlimited scalability) |

Some files were not shown because too many files have changed in this diff Show More