mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
315 lines
11 KiB
YAML
315 lines
11 KiB
YAML
version: 2
|
|
|
|
project_name: trivy
|
|
builds:
|
|
- id: build-linux
|
|
main: ./cmd/trivy/
|
|
binary: trivy
|
|
ldflags:
|
|
- -s -w
|
|
- "-extldflags '-static'"
|
|
- -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}}
|
|
env:
|
|
- CGO_ENABLED=0
|
|
- GOEXPERIMENT=jsonv2
|
|
goos:
|
|
- linux
|
|
goarch:
|
|
- 386
|
|
- arm
|
|
- amd64
|
|
- arm64
|
|
- s390x
|
|
- ppc64le
|
|
goarm:
|
|
- 7
|
|
- id: build-bsd
|
|
main: ./cmd/trivy/
|
|
binary: trivy
|
|
ldflags:
|
|
- -s -w
|
|
- "-extldflags '-static'"
|
|
- -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}}
|
|
env:
|
|
- CGO_ENABLED=0
|
|
- GOEXPERIMENT=jsonv2
|
|
goos:
|
|
- freebsd
|
|
goarch:
|
|
# modernc.org/sqlite doesn't support freebsd/arm64, etc.
|
|
# Also, freebsd/386 is no longer supported in modernc.org/libc
|
|
# See: https://gitlab.com/cznic/libc/-/issues/45
|
|
- amd64
|
|
- id: build-macos
|
|
main: ./cmd/trivy/
|
|
binary: trivy
|
|
ldflags:
|
|
- -s -w
|
|
- "-extldflags '-static'"
|
|
- -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}}
|
|
env:
|
|
- CGO_ENABLED=0
|
|
- GOEXPERIMENT=jsonv2
|
|
goos:
|
|
- darwin
|
|
goarch:
|
|
- amd64
|
|
- arm64
|
|
goarm:
|
|
- 7
|
|
- id: build-windows
|
|
main: ./cmd/trivy/
|
|
binary: trivy
|
|
ldflags:
|
|
- -s -w
|
|
- "-extldflags '-static'"
|
|
- -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}}
|
|
env:
|
|
- CGO_ENABLED=0
|
|
- GOEXPERIMENT=jsonv2
|
|
goos:
|
|
- windows
|
|
goarch:
|
|
# modernc.org/sqlite doesn't support windows/386 and windows/arm, etc.
|
|
- amd64
|
|
goarm:
|
|
- 7
|
|
|
|
release:
|
|
extra_files:
|
|
- glob: ./bom.json
|
|
discussion_category_name: Announcements
|
|
|
|
nfpms:
|
|
-
|
|
formats:
|
|
- deb
|
|
- rpm
|
|
vendor: "aquasecurity"
|
|
homepage: "https://github.com/aquasecurity"
|
|
maintainer: "Teppei Fukuda <knqyf263@gmail.com>"
|
|
description: "A Fast Vulnerability Scanner for Containers"
|
|
license: "Apache-2.0"
|
|
file_name_template: >-
|
|
{{ .ProjectName }}_{{ .Version }}_
|
|
{{- if eq .Os "darwin" }}macOS
|
|
{{- else if eq .Os "openbsd" }}OpenBSD
|
|
{{- else if eq .Os "netbsd" }}NetBSD
|
|
{{- else if eq .Os "freebsd" }}FreeBSD
|
|
{{- else if eq .Os "dragonfly" }}DragonFlyBSD
|
|
{{- else}}{{- title .Os }}{{ end }}-
|
|
{{- if eq .Arch "amd64" }}64bit
|
|
{{- else if eq .Arch "386" }}32bit
|
|
{{- else if eq .Arch "arm" }}ARM
|
|
{{- else if eq .Arch "arm64" }}ARM64
|
|
{{- else if eq .Arch "ppc64le" }}PPC64LE
|
|
{{- else }}{{ .Arch }}{{ end }}
|
|
contents:
|
|
- src: contrib/*.tpl
|
|
dst: /usr/local/share/trivy/templates
|
|
rpm:
|
|
signature:
|
|
key_file: '{{ .Env.GPG_FILE }}'
|
|
|
|
archives:
|
|
- id: archive
|
|
format: tar.gz
|
|
name_template: >-
|
|
{{ .ProjectName }}_{{ .Version }}_
|
|
{{- if eq .Os "darwin" }}macOS
|
|
{{- else if eq .Os "linux" }}Linux
|
|
{{- else if eq .Os "openbsd" }}OpenBSD
|
|
{{- else if eq .Os "netbsd" }}NetBSD
|
|
{{- else if eq .Os "freebsd" }}FreeBSD
|
|
{{- else if eq .Os "dragonfly" }}DragonFlyBSD
|
|
{{- else}}{{- .Os }}{{ end }}-
|
|
{{- if eq .Arch "amd64" }}64bit
|
|
{{- else if eq .Arch "386" }}32bit
|
|
{{- else if eq .Arch "arm" }}ARM
|
|
{{- else if eq .Arch "arm64" }}ARM64
|
|
{{- else if eq .Arch "ppc64le" }}PPC64LE
|
|
{{- else }}{{ .Arch }}{{ end }}
|
|
files:
|
|
- README.md
|
|
- LICENSE
|
|
- contrib/*.tpl
|
|
format_overrides:
|
|
- goos: windows
|
|
format: zip
|
|
|
|
|
|
brews:
|
|
-
|
|
repository:
|
|
owner: aquasecurity
|
|
name: homebrew-trivy
|
|
homepage: "https://github.com/aquasecurity/trivy"
|
|
description: "Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues"
|
|
url_template: "https://get.trivy.dev/trivy?version={{ .Version }}&os={{ tolower .Os }}&arch={{ tolower .Arch }}"
|
|
test: |
|
|
system "#{bin}/trivy", "--version"
|
|
|
|
dockers:
|
|
- image_templates:
|
|
- "docker.io/aquasec/trivy:{{ .Version }}-amd64"
|
|
- "docker.io/aquasec/trivy:latest-amd64"
|
|
- "ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64"
|
|
- "ghcr.io/aquasecurity/trivy:latest-amd64"
|
|
- "public.ecr.aws/aquasecurity/trivy:latest-amd64"
|
|
- "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64"
|
|
use: buildx
|
|
goos: linux
|
|
goarch: amd64
|
|
ids:
|
|
- build-linux
|
|
build_flag_templates:
|
|
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
|
|
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
|
|
- "--label=org.opencontainers.image.vendor=Aqua Security"
|
|
- "--label=org.opencontainers.image.version={{ .Version }}"
|
|
- "--label=org.opencontainers.image.created={{ .Date }}"
|
|
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
|
|
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
|
|
- "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
|
|
- "--label=org.opencontainers.image.documentation=https://trivy.dev/v{{ .Version }}/"
|
|
- "--platform=linux/amd64"
|
|
extra_files:
|
|
- contrib/
|
|
- image_templates:
|
|
- "docker.io/aquasec/trivy:{{ .Version }}-arm64"
|
|
- "docker.io/aquasec/trivy:latest-arm64"
|
|
- "ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64"
|
|
- "ghcr.io/aquasecurity/trivy:latest-arm64"
|
|
- "public.ecr.aws/aquasecurity/trivy:latest-arm64"
|
|
- "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64"
|
|
use: buildx
|
|
goos: linux
|
|
goarch: arm64
|
|
ids:
|
|
- build-linux
|
|
build_flag_templates:
|
|
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
|
|
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
|
|
- "--label=org.opencontainers.image.vendor=Aqua Security"
|
|
- "--label=org.opencontainers.image.version={{ .Version }}"
|
|
- "--label=org.opencontainers.image.created={{ .Date }}"
|
|
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
|
|
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
|
|
- "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
|
|
- "--label=org.opencontainers.image.documentation=https://trivy.dev/v{{ .Version }}/"
|
|
- "--platform=linux/arm64"
|
|
extra_files:
|
|
- contrib/
|
|
- image_templates:
|
|
- "docker.io/aquasec/trivy:{{ .Version }}-s390x"
|
|
- "docker.io/aquasec/trivy:latest-s390x"
|
|
- "ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x"
|
|
- "ghcr.io/aquasecurity/trivy:latest-s390x"
|
|
- "public.ecr.aws/aquasecurity/trivy:latest-s390x"
|
|
- "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x"
|
|
use: buildx
|
|
goos: linux
|
|
goarch: s390x
|
|
ids:
|
|
- build-linux
|
|
build_flag_templates:
|
|
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
|
|
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
|
|
- "--label=org.opencontainers.image.vendor=Aqua Security"
|
|
- "--label=org.opencontainers.image.version={{ .Version }}"
|
|
- "--label=org.opencontainers.image.created={{ .Date }}"
|
|
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
|
|
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
|
|
- "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
|
|
- "--label=org.opencontainers.image.documentation=https://trivy.dev/v{{ .Version }}/"
|
|
- "--platform=linux/s390x"
|
|
extra_files:
|
|
- contrib/
|
|
- image_templates:
|
|
- "docker.io/aquasec/trivy:{{ .Version }}-ppc64le"
|
|
- "docker.io/aquasec/trivy:latest-ppc64le"
|
|
- "ghcr.io/aquasecurity/trivy:{{ .Version }}-ppc64le"
|
|
- "ghcr.io/aquasecurity/trivy:latest-ppc64le"
|
|
- "public.ecr.aws/aquasecurity/trivy:latest-ppc64le"
|
|
- "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-ppc64le"
|
|
use: buildx
|
|
goos: linux
|
|
goarch: ppc64le
|
|
ids:
|
|
- build-linux
|
|
build_flag_templates:
|
|
- "--label=org.opencontainers.image.title={{ .ProjectName }}"
|
|
- "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
|
|
- "--label=org.opencontainers.image.vendor=Aqua Security"
|
|
- "--label=org.opencontainers.image.version={{ .Version }}"
|
|
- "--label=org.opencontainers.image.created={{ .Date }}"
|
|
- "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
|
|
- "--label=org.opencontainers.image.revision={{ .FullCommit }}"
|
|
- "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
|
|
- "--label=org.opencontainers.image.documentation=https://trivy.dev/v{{ .Version }}/"
|
|
- "--platform=linux/ppc64le"
|
|
extra_files:
|
|
- contrib/
|
|
|
|
docker_manifests:
|
|
- name_template: 'aquasec/trivy:{{ .Version }}'
|
|
image_templates:
|
|
- 'aquasec/trivy:{{ .Version }}-amd64'
|
|
- 'aquasec/trivy:{{ .Version }}-arm64'
|
|
- 'aquasec/trivy:{{ .Version }}-s390x'
|
|
- 'aquasec/trivy:{{ .Version }}-ppc64le'
|
|
- name_template: 'ghcr.io/aquasecurity/trivy:{{ .Version }}'
|
|
image_templates:
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64'
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64'
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x'
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-ppc64le'
|
|
- name_template: 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}'
|
|
image_templates:
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64'
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64'
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x'
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-ppc64le'
|
|
- name_template: 'aquasec/trivy:latest'
|
|
image_templates:
|
|
- 'aquasec/trivy:{{ .Version }}-amd64'
|
|
- 'aquasec/trivy:{{ .Version }}-arm64'
|
|
- 'aquasec/trivy:{{ .Version }}-s390x'
|
|
- 'aquasec/trivy:{{ .Version }}-ppc64le'
|
|
- name_template: 'ghcr.io/aquasecurity/trivy:latest'
|
|
image_templates:
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64'
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64'
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x'
|
|
- 'ghcr.io/aquasecurity/trivy:{{ .Version }}-ppc64le'
|
|
- name_template: 'public.ecr.aws/aquasecurity/trivy:latest'
|
|
image_templates:
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64'
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64'
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x'
|
|
- 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-ppc64le'
|
|
|
|
signs:
|
|
- cmd: cosign
|
|
env:
|
|
- COSIGN_EXPERIMENTAL=1
|
|
signature: "${artifact}.sigstore.json"
|
|
args:
|
|
- "sign-blob"
|
|
- "--bundle=${signature}"
|
|
- "${artifact}"
|
|
- "--yes"
|
|
artifacts: all
|
|
output: true
|
|
|
|
docker_signs:
|
|
- cmd: cosign
|
|
env:
|
|
- COSIGN_EXPERIMENTAL=1
|
|
artifacts: manifests
|
|
output: true
|
|
args:
|
|
- 'sign'
|
|
- '${artifact}'
|
|
- '--yes'
|