-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(db): use schema version as tag only for trivy-db
and trivy-java-db
registries by default
#6219
fix(db): use schema version as tag only for trivy-db
and trivy-java-db
registries by default
#6219
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand correctly, the current change will be breaking compatibility. Those who specify --db-repository myregistry
will see an error after this PR since their repository is now myregistry:2
, but Trivy accesses myregistry
. Am I correct?
What if adding a tag only when a tag not specified?
--db-repository ghcr.io/aquasecurity/trivy-db
=> Accessghcr.io/aquasecurity/trivy-db:2
--db-repository ghcr.io/aquasecurity/trivy-db:2
=> Accessghcr.io/aquasecurity/trivy-db:2
--db-repository myregistry
=> Accessmyregistry:2
--db-repository myregistry:2
=> Accessmyregistry:2
--db-repository myregistry:3
=> Accessmyregistry:3
e44a3d4
to
d8a0c03
Compare
@knqyf263 I updated this PR using your solution |
And the default value should be |
You are right. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left small comments, but LGTM basically.
@@ -78,6 +79,11 @@ func NewClient(cacheDir string, quiet bool, opts ...Option) *Client { | |||
opt(o) | |||
} | |||
|
|||
// Add the schema version as a tag if the tag doesn't exist. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a comment this is for backward compatibility? We want to remove it after a while.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comment in 91bcb0a
@@ -82,8 +83,12 @@ func (u *Updater) Update() error { | |||
} | |||
|
|||
func Init(cacheDir, javaDBRepository string, skip, quiet bool, registryOption ftypes.RegistryOptions) { | |||
// Add the schema version as a tag if the tag doesn't exist. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comment in 91bcb0a
- Fix registry version aquasecurity/trivy#6219; \n- Fix replace zap with slog aquasecurity/trivy#6466; \n - The fix with slog used a zap to slog bridge (official from zap, but exp). It didn't have a license file, so I hardcoded a commit version that had; \n- Adopt opts.Align() to validate options object;
- Fix registry version aquasecurity/trivy#6219; \n- Fix replace zap with slog aquasecurity/trivy#6466; \n - The fix with slog used a zap to slog bridge (official from zap, but exp). It didn't have a license file, so I hardcoded a commit version that had; \n- Adopt opts.Align() to validate options object;
* Bump trivy to v0.49.1 * Bump trivy to v0.51.4 - Fix registry version aquasecurity/trivy#6219; - Fix replace zap with slog aquasecurity/trivy#6466; - The fix with slog used a zap to slog bridge (official from zap, but exp). It didn't have a license file, so I hardcoded a commit version that had; - Adopt opts.Align() to validate options object; * Bump trivy to v0.52.2 * Temp change the workflow trigger to test changes * Free up space on runner * Bump trivy to v0.53.0 - Fix go clear cache aquasecurity/trivy#7010 * Bump trivy to v0.54.1 - Fix --vuln-type flag renamed into --pkg-types aquasecurity/trivy#7104; - Adopt package relationships aquasecurity/trivy#7237 * Rollback CI run on target * Clean 'scan cache clean' code and add timeout to it
Description
We add schema version as tag only for all registries (both default and external).
To avoid limiting users, we only need to do this for the default registries (
ghcr.io/aquasecurity/trivy-db
andghcr.io/aquasecurity/trivy-java-db
).Related issues
Checklist