Support for Azure Linux 3.0 (AKA Mariner)

[knqyf263]

Description

Add support for Azure Linux 3.0 (formerly known as CBL-Mariner).

Discussed in #6662

[eric-desrochers]

@knqyf263 what version of Trivy will introduce this support ? when to expect its release ?

[knqyf263]

@eric-desrochers You can watch our milestones. The next version will be out today.
https://github.com/aquasecurity/trivy/milestones

[eric-desrochers]

I ran Trivy with 0.54.0 that seems to include the support for AZL3.0, while waiting for the imminent release of v0.55.0 (https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0540-2024-07-30)

1. How can I tell that 3.0 look at the right 3.0 OVAL file ? -d doesn't seems to mention it.
2. Also, what this error representing ?

2024-07-31T11:32:11-04:00 DEBUG Credential error err="unable to refresh token: missing environment variable AZURE_TENANT_ID"

Full debug output:
/usr/local/bin/trivy image azurelinuxpreview.azurecr.io/public/azurelinux/base/core:3.0 -d
2024-07-31T11:32:10-04:00 DEBUG Cache dir dir="/home/edesrochers/.cache/trivy"
2024-07-31T11:32:10-04:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-07-31T11:32:10-04:00 DEBUG Ignore statuses statuses=[]
2024-07-31T11:32:10-04:00 DEBUG DB update was skipped because the local DB is the latest
2024-07-31T11:32:10-04:00 DEBUG DB info schema=2 updated_at=2024-07-31T12:14:40.766176328Z next_update=2024-07-31T18:14:40.766176087Z downloaded_at=2024-07-31T15:28:54.900478972Z
2024-07-31T11:32:10-04:00 DEBUG [pkg] Package types types=[os library]
2024-07-31T11:32:10-04:00 DEBUG [pkg] Package relationships relationships=[unknown root direct indirect]
2024-07-31T11:32:10-04:00 INFO [vuln] Vulnerability scanning is enabled
2024-07-31T11:32:10-04:00 INFO [secret] Secret scanning is enabled
2024-07-31T11:32:10-04:00 INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-31T11:32:10-04:00 INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-07-31T11:32:10-04:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-07-31T11:32:10-04:00 DEBUG Initializing scan cache... type="fs"
2024-07-31T11:32:11-04:00 DEBUG Credential error err="unable to refresh token: missing environment variable AZURE_TENANT_ID"
2024-07-31T11:32:12-04:00 DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-07-31T11:32:12-04:00 DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-07-31T11:32:13-04:00 DEBUG [image] Detected image ID image_id="sha256:2d53df80879998254416a3dd03c0c8780acc397a8747d6f6f64b175db0dde3a6"
2024-07-31T11:32:13-04:00 DEBUG [image] Detected diff ID diff_ids=[sha256:674a193f4bc9ec2c63dec82c165904bb43570a6a2e7125832722d3857e5a146f]
2024-07-31T11:32:13-04:00 DEBUG [image] Detected base layers diff_ids=[]
2024-07-31T11:32:13-04:00 INFO Detected OS family="azurelinux" version="3.0"
2024-07-31T11:32:13-04:00 INFO [azurelinux] Detecting vulnerabilities... os_version="3.0" pkg_num=75
2024-07-31T11:32:13-04:00 INFO Number of language-specific files num=0
2024-07-31T11:32:13-04:00 DEBUG [vex] VEX filtering is disabled

azurelinuxpreview.azurecr.io/public/azurelinux/base/core:3.0 (azurelinux 3.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

[knqyf263]

You can ignore the error.

2024-07-31T11:32:11-04:00 DEBUG Credential error err="unable to refresh token: missing environment variable AZURE_TENANT_ID"

Azure Linux was not supported in v0.53.0. This line means it works well now.

2024-07-31T11:32:13-04:00 INFO [azurelinux] Detecting vulnerabilities... os_version="3.0" pkg_num=75

[eric-desrochers]

Thanks a bunch