Skip to content

Commit

Permalink
Merge branch 'main' into error_on_missing_config_file
Browse files Browse the repository at this point in the history
  • Loading branch information
@sgaist
sgaist committed Jul 25, 2024
2 parents 300d2d8 + 8c87194 commit aed9b7b
Show file tree
Hide file tree
Showing 59 changed files with 840 additions and 382 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/bypass-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,12 @@ jobs:
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest-m, windows-latest, macos-latest]
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- run: 'echo "No test required"'

integration:
name: Integration Test
runs-on: ubuntu-latest-m
runs-on: ubuntu-latest
steps:
- run: 'echo "No test required"'
2 changes: 1 addition & 1 deletion .github/workflows/reusable-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ jobs:
- name: GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: v2.0.0
version: v2.1.0
args: release -f=${{ inputs.goreleaser_config}} ${{ inputs.goreleaser_options}}
env:
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest-m, windows-latest, macos-latest]
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- uses: actions/[email protected]

Expand All @@ -31,15 +31,15 @@ jobs:
echo "Run 'go mod tidy' and push it"
exit 1
fi
if: matrix.operating-system == 'ubuntu-latest-m'
if: matrix.operating-system == 'ubuntu-latest'

- name: Lint
id: lint
uses: golangci/[email protected]
with:
version: v1.59
args: --verbose --out-format=line-number
if: matrix.operating-system == 'ubuntu-latest-m'
if: matrix.operating-system == 'ubuntu-latest'

- name: Check if linter failed
run: |
Expand All @@ -60,14 +60,14 @@ jobs:
echo "Run 'mage docs:generate' and push it"
exit 1
fi
if: matrix.operating-system == 'ubuntu-latest-m'
if: matrix.operating-system == 'ubuntu-latest'

- name: Run unit tests
run: mage test:unit

integration:
name: Integration Test
runs-on: ubuntu-latest-m
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/[email protected]
Expand All @@ -87,7 +87,7 @@ jobs:

k8s-integration:
name: K8s Integration Test
runs-on: ubuntu-latest-m
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/[email protected]
Expand Down Expand Up @@ -129,7 +129,7 @@ jobs:
vm-test:
name: VM Integration Test
runs-on: ubuntu-latest-m
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/[email protected]
Expand Down Expand Up @@ -178,5 +178,5 @@ jobs:
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: v2.0.0
version: v2.1.0
args: build --snapshot --clean --timeout 90m ${{ steps.goreleaser_id.outputs.id }}
39 changes: 25 additions & 14 deletions .vex/oci.openvex.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,24 @@
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
Expand All @@ -45,22 +48,24 @@
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{
"@id": "pkg:apk/alpine/busybox"
}
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
Expand All @@ -77,21 +82,24 @@
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
Expand All @@ -108,21 +116,24 @@
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/busybox"},
{"@id": "pkg:apk/alpine/busybox-binsh"}
{"@id": "pkg:apk/alpine/busybox-binsh"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
Expand Down
2 changes: 1 addition & 1 deletion docs/community/contribute/pr.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ os:
- redhat
- alma
- rocky
- mariner
- azure
- oracle
- debian
- ubuntu
Expand Down
3 changes: 3 additions & 0 deletions docs/docs/coverage/language/dotnet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ The following table provides an outline of the features Trivy offers.
## *.deps.json
Trivy parses `*.deps.json` files. Trivy currently excludes dev dependencies from the report.

!!! note
Trivy only includes runtime dependencies in the report.

## packages.config
Trivy only finds dependency names and versions from `packages.config` files. To build dependency graph, it is better to use `packages.lock.json` files.

Expand Down
23 changes: 14 additions & 9 deletions docs/docs/coverage/os/cbl-mariner.md → docs/docs/coverage/os/azure.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
# CBL-Mariner
# Azure Linux (CBL-Mariner)

*CBL-Mariner was rebranded to Azure Linux for version 3.0 onwards.*

Trivy supports the following scanners for OS packages.

| Version | SBOM | Vulnerability | License |
Expand All @@ -7,6 +10,8 @@ Trivy supports the following scanners for OS packages.
| 1.0 (Distroless) ||| |
| 2.0 ||||
| 2.0 (Distroless) ||| |
| 3.0 ||||
| 3.0 (Distroless) ||| |


The following table provides an outline of the targets Trivy supports.
Expand All @@ -15,6 +20,7 @@ The following table provides an outline of the targets Trivy supports.
| ------- | :-------------: | :-------------: | :----------: |
| 1.0 ||| amd64, arm64 |
| 2.0 ||| amd64, arm64 |
| 3.0 ||| amd64, arm64 |

The table below outlines the features offered by Trivy.

Expand All @@ -24,22 +30,22 @@ The table below outlines the features offered by Trivy.
| [Dependency graph][dependency-graph] ||

## SBOM
Trivy detects packages that have been installed through package managers such as `dnf` and `yum`.
Trivy detects packages that have been installed through package managers such as `tdnf`, `dnf` and `yum`.

## Vulnerability
CBL-Mariner offers its own security advisories, and these are utilized when scanning CBL-Mariner for vulnerabilities.
Azure Linux offers its own security advisories, and these are utilized when scanning Azure Linux for vulnerabilities.

### Data Source
See [here](../../scanner/vulnerability.md#data-sources).

### Fixed Version
Trivy takes fixed versions from [CBL-Mariner OVAL][oval].
Trivy takes fixed versions from [Azure Linux OVAL][oval].

### Severity
Trivy calculates the severity of an issue based on the severity provided in [CBL-Mariner OVAL][oval].
Trivy calculates the severity of an issue based on the severity provided in [Azure Linux OVAL][oval].

### Status
Trivy supports the following [vulnerability statuses] for CBL-Mariner.
Trivy supports the following [vulnerability statuses] for Azure Linux.

| Status | Supported |
| :-----------------: | :-------: |
Expand All @@ -55,12 +61,11 @@ Trivy supports the following [vulnerability statuses] for CBL-Mariner.
Trivy identifies licenses by examining the metadata of RPM packages.

!!! note
License detection is not supported for CBL-Mariner Distroless.
License detection is not supported for Azure Linux Distroless images.


[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
[cbl-mariner]: https://github.com/microsoft/CBL-Mariner

[oval]: https://github.com/microsoft/CBL-MarinerVulnerabilityData/
[oval]: https://github.com/microsoft/AzureLinuxVulnerabilityData/

[vulnerability statuses]: ../../configuration/filtering.md#by-status
38 changes: 19 additions & 19 deletions docs/docs/coverage/os/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,25 +9,25 @@ Trivy supports operating systems for

## Supported OS

| OS | Supported Versions | Package Managers |
|--------------------------------------|-------------------------------------|------------------|
| [Alpine Linux](alpine.md) | 2.2 - 2.7, 3.0 - 3.20, edge | apk |
| [Wolfi Linux](wolfi.md) | (n/a) | apk |
| [Chainguard](chainguard.md) | (n/a) | apk |
| [Red Hat Enterprise Linux](rhel.md) | 6, 7, 8 | dnf/yum/rpm |
| [CentOS](centos.md)[^1] | 6, 7, 8 | dnf/yum/rpm |
| [AlmaLinux](alma.md) | 8, 9 | dnf/yum/rpm |
| [Rocky Linux](rocky.md) | 8, 9 | dnf/yum/rpm |
| [Oracle Linux](oracle.md) | 5, 6, 7, 8 | dnf/yum/rpm |
| [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm |
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
| [Ubuntu](ubuntu.md) | All versions supported by Canonical | apt/dpkg |
| [OSs with installed Conda](conda.md) | - | conda |
| OS | Supported Versions | Package Managers |
|---------------------------------------|-------------------------------------|------------------|
| [Alpine Linux](alpine.md) | 2.2 - 2.7, 3.0 - 3.20, edge | apk |
| [Wolfi Linux](wolfi.md) | (n/a) | apk |
| [Chainguard](chainguard.md) | (n/a) | apk |
| [Red Hat Enterprise Linux](rhel.md) | 6, 7, 8 | dnf/yum/rpm |
| [CentOS](centos.md)[^1] | 6, 7, 8 | dnf/yum/rpm |
| [AlmaLinux](alma.md) | 8, 9 | dnf/yum/rpm |
| [Rocky Linux](rocky.md) | 8, 9 | dnf/yum/rpm |
| [Oracle Linux](oracle.md) | 5, 6, 7, 8 | dnf/yum/rpm |
| [Azure Linux (CBL-Mariner)](azure.md) | 1.0, 2.0, 3.0 | tdnf/dnf/yum/rpm |
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
| [Ubuntu](ubuntu.md) | All versions supported by Canonical | apt/dpkg |
| [OSs with installed Conda](conda.md) | - | conda |

## Supported container images

Expand Down
4 changes: 2 additions & 2 deletions docs/docs/references/configuration/config-file.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,9 +352,9 @@ rego:
# Default is false
trace: false

# Same as '--skip-policy-update'
# Same as '--skip-check-update'
# Default is false
skip-policy-update: false
skip-check-update: false

# Same as '--config-policy'
# Default is empty
Expand Down
Loading

0 comments on commit aed9b7b

Please sign in to comment.