From 8327bc0a2c5019480fc2f7a45008c49336a81116 Mon Sep 17 00:00:00 2001 From: Simar Date: Tue, 17 Sep 2024 16:45:19 -0600 Subject: [PATCH] feat(trivy): Bump to support v0.55.2 --- .github/workflows/test.yaml | 4 ++-- Dockerfile | 2 +- test/data/config-sarif-report/report.sarif | 14 +++++++------- test/data/config-scan/report.json | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index bf8d889..f585783 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -6,7 +6,7 @@ on: workflow_dispatch: env: - TRIVY_VERSION: 0.53.0 + TRIVY_VERSION: 0.55.2 BATS_LIB_PATH: '/usr/lib/' jobs: @@ -26,4 +26,4 @@ jobs: - name: Test run: | chmod +x entrypoint.sh - bats -r -T . + TRIVY_DISABLE_VEX_NOTICE=true bats -r -T . diff --git a/Dockerfile b/Dockerfile index aecb1aa..1f9d90d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/aquasecurity/trivy:0.53.0 +FROM ghcr.io/aquasecurity/trivy:0.55.2 COPY entrypoint.sh / RUN apk --no-cache add bash curl npm RUN chmod +x /entrypoint.sh diff --git a/test/data/config-sarif-report/report.sarif b/test/data/config-sarif-report/report.sarif index 71d4b80..5d2c3eb 100644 --- a/test/data/config-sarif-report/report.sarif +++ b/test/data/config-sarif-report/report.sarif @@ -1,6 +1,6 @@ { "version": "2.1.0", - "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { @@ -91,7 +91,7 @@ } }, { - "id": "AVD-AWS-0089", + "id": "s3-bucket-logging", "name": "Misconfiguration", "shortDescription": { "text": "S3 Bucket Logging" @@ -102,10 +102,10 @@ "defaultConfiguration": { "level": "note" }, - "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0089", + "helpUri": "https://avd.aquasec.com/misconfig/s3-bucket-logging", "help": { - "text": "Misconfiguration AVD-AWS-0089\nType: Terraform Security Check\nSeverity: LOW\nCheck: S3 Bucket Logging\nMessage: Bucket has logging disabled\nLink: [AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)\nEnsures S3 bucket logging is enabled for S3 buckets", - "markdown": "**Misconfiguration AVD-AWS-0089**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|LOW|S3 Bucket Logging|Bucket has logging disabled|[AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)|\n\nEnsures S3 bucket logging is enabled for S3 buckets" + "text": "Misconfiguration s3-bucket-logging\nType: Terraform Security Check\nSeverity: LOW\nCheck: S3 Bucket Logging\nMessage: Bucket has logging disabled\nLink: [s3-bucket-logging](https://avd.aquasec.com/misconfig/s3-bucket-logging)\nEnsures S3 bucket logging is enabled for S3 buckets", + "markdown": "**Misconfiguration s3-bucket-logging**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|LOW|S3 Bucket Logging|Bucket has logging disabled|[s3-bucket-logging](https://avd.aquasec.com/misconfig/s3-bucket-logging)|\n\nEnsures S3 bucket logging is enabled for S3 buckets" }, "properties": { "precision": "very-high", @@ -338,11 +338,11 @@ ] }, { - "ruleId": "AVD-AWS-0089", + "ruleId": "s3-bucket-logging", "ruleIndex": 3, "level": "note", "message": { - "text": "Artifact: main.tf\nType: terraform\nVulnerability AVD-AWS-0089\nSeverity: LOW\nMessage: Bucket has logging disabled\nLink: [AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)" + "text": "Artifact: main.tf\nType: terraform\nVulnerability s3-bucket-logging\nSeverity: LOW\nMessage: Bucket has logging disabled\nLink: [s3-bucket-logging](https://avd.aquasec.com/misconfig/s3-bucket-logging)" }, "locations": [ { diff --git a/test/data/config-scan/report.json b/test/data/config-scan/report.json index 62aab6c..f523f08 100644 --- a/test/data/config-scan/report.json +++ b/test/data/config-scan/report.json @@ -214,7 +214,7 @@ }, { "Type": "Terraform Security Check", - "ID": "AVD-AWS-0089", + "ID": "s3-bucket-logging", "AVDID": "AVD-AWS-0089", "Title": "S3 Bucket Logging", "Description": "Ensures S3 bucket logging is enabled for S3 buckets", @@ -223,10 +223,10 @@ "Query": "data.builtin.aws.s3.aws0089.deny", "Resolution": "Add a logging block to the resource to enable access logging", "Severity": "LOW", - "PrimaryURL": "https://avd.aquasec.com/misconfig/avd-aws-0089", + "PrimaryURL": "https://avd.aquasec.com/misconfig/s3-bucket-logging", "References": [ "https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html", - "https://avd.aquasec.com/misconfig/avd-aws-0089" + "https://avd.aquasec.com/misconfig/s3-bucket-logging" ], "Status": "FAIL", "Layer": {},