Trivy #3259

fnxpt · 2023-12-02T17:29:42Z

Description

Trivy analyser support

Addressed Issue

Closes #3251

Checklist

I have read and understand the contributing guidelines
This PR implements an enhancement, and I have provided tests to verify that it works as intended

Signed-off-by: Marlon Pina Tojal <[email protected]>

src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro

Thanks for the PR @fnxpt! A few necessary changes.

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java

src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java

src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java

src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro

Great work @fnxpt!

Looks good from my end, except a small resource leak and some minor logging adjustment. I have also asked other team members to test this, hoping to get even more feedback.

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro

Thanks @fnxpt, I'm sure many users will appreciate this integration!

ybelMekk · 2024-02-21T19:33:58Z

Good work @fnxpt , been following this for a while, looking forward to the release ❤️

simonfrancaix · 2024-02-22T11:02:50Z

Thank you so much for this feature @fnxpt! I've already been able to test the new version of the snapshot, and there's no doubt that its uses will greatly improve our security posture. Looking forward to the release!

Marlon Pina Tojal added 5 commits December 1, 2023 12:26

initial commit

c535446

Signed-off-by: Marlon Pina Tojal <[email protected]>

add trivy analyzer

312ee25

Signed-off-by: Marlon Pina Tojal <[email protected]>

improvements on parser

2486e3f

Signed-off-by: Marlon Pina Tojal <[email protected]>

documentation

77c0fb4

Signed-off-by: Marlon Pina Tojal <[email protected]>

add instructions to trivy server

20f1f7b

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro added this to the 4.11 milestone Dec 3, 2023

add docker and other package managers

b80ed60

Signed-off-by: Marlon Pina Tojal <[email protected]>

valentijnscholten reviewed Dec 4, 2023

View reviewed changes

src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java Outdated Show resolved Hide resolved

Marlon Pina Tojal added 11 commits December 4, 2023 19:14

address comments

784e3b9

Signed-off-by: Marlon Pina Tojal <[email protected]>

remove spaces

6923e39

Signed-off-by: Marlon Pina Tojal <[email protected]>

add unit tests and a few improvements

9e09072

Signed-off-by: Marlon Pina Tojal <[email protected]>

fix issue with missing package managers

2d8e0f5

Signed-off-by: Marlon Pina Tojal <[email protected]>

fix issues with docker images (packages + epoch + arch)

62528bb

Signed-off-by: Marlon Pina Tojal <[email protected]>

split requests per OS

ea3658a

Signed-off-by: Marlon Pina Tojal <[email protected]>

fix date parsing

bd90605

Signed-off-by: Marlon Pina Tojal <[email protected]>

add support for trivy configuration ignore unfixed

842904b

Signed-off-by: Marlon Pina Tojal <[email protected]>

update configuration image

8c618c0

Signed-off-by: Marlon Pina Tojal <[email protected]>

missing property creation on test

baa6594

Signed-off-by: Marlon Pina Tojal <[email protected]>

fix test

1817e5e

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro added the enhancement New feature or request label Jan 10, 2024

fnxpt force-pushed the trivy branch from 6b1ba13 to 1817e5e Compare January 11, 2024 08:10

nscuro self-assigned this Jan 11, 2024

replace resolve with lookup

9d63041

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro requested changes Jan 22, 2024

View reviewed changes

fnxpt force-pushed the trivy branch 4 times, most recently from 69795cd to 1557a11 Compare January 25, 2024 18:09

address comments

dc6995f

Signed-off-by: Marlon Pina Tojal <[email protected]>

fnxpt force-pushed the trivy branch from 1557a11 to dc6995f Compare January 25, 2024 18:10

trivy constants

296302f

Signed-off-by: Marlon Pina Tojal <[email protected]>

fnxpt force-pushed the trivy branch from e3e1b43 to 296302f Compare January 26, 2024 13:04

nscuro requested changes Feb 3, 2024

View reviewed changes

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved

address comments

1cfe0f4

Signed-off-by: Marlon Pina Tojal <[email protected]>

nscuro added the integration/trivy Related to the Trivy integration label Feb 21, 2024

nscuro approved these changes Feb 21, 2024

View reviewed changes

nscuro merged commit 33efa7a into DependencyTrack:master Feb 21, 2024
9 checks passed

github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trivy #3259

Trivy #3259

fnxpt commented Dec 2, 2023 •

edited by nscuro

Loading

nscuro left a comment

nscuro left a comment

nscuro left a comment

ybelMekk commented Feb 21, 2024 •

edited

Loading

simonfrancaix commented Feb 22, 2024

Trivy #3259

Trivy #3259

Conversation

fnxpt commented Dec 2, 2023 • edited by nscuro Loading

Description

Addressed Issue

Checklist

nscuro left a comment

Choose a reason for hiding this comment

nscuro left a comment

Choose a reason for hiding this comment

nscuro left a comment

Choose a reason for hiding this comment

ybelMekk commented Feb 21, 2024 • edited Loading

simonfrancaix commented Feb 22, 2024

fnxpt commented Dec 2, 2023 •

edited by nscuro

Loading

ybelMekk commented Feb 21, 2024 •

edited

Loading