diff --git a/docs/docs/references/configuration/cli/trivy_image.md b/docs/docs/references/configuration/cli/trivy_image.md index c61c6b648d7c..11cb11d5a8f2 100644 --- a/docs/docs/references/configuration/cli/trivy_image.md +++ b/docs/docs/references/configuration/cli/trivy_image.md @@ -39,7 +39,7 @@ trivy image [flags] IMAGE_NAME --check-namespaces strings Rego namespaces --checks-bundle-repository string OCI registry URL to retrieve checks bundle from (default "ghcr.io/aquasecurity/trivy-checks:0") --clear-cache clear image caches without scanning - --compliance string compliance report to generate (docker-cis) + --compliance string compliance report to generate (docker-cis-1.6.0) --config-check strings specify the paths to the Rego check files or to the directories containing them, applying config files --config-data strings specify paths from which data for the Rego checks will be recursively loaded --custom-headers strings custom headers in client mode diff --git a/docs/docs/references/configuration/cli/trivy_kubernetes.md b/docs/docs/references/configuration/cli/trivy_kubernetes.md index 54dc2db07f75..ce5c6cc2d1a1 100644 --- a/docs/docs/references/configuration/cli/trivy_kubernetes.md +++ b/docs/docs/references/configuration/cli/trivy_kubernetes.md @@ -35,7 +35,7 @@ trivy kubernetes [flags] [CONTEXT] --check-namespaces strings Rego namespaces --checks-bundle-repository string OCI registry URL to retrieve checks bundle from (default "ghcr.io/aquasecurity/trivy-checks:0") --clear-cache clear image caches without scanning - --compliance string compliance report to generate (k8s-nsa,k8s-cis,k8s-pss-baseline,k8s-pss-restricted) + --compliance string compliance report to generate (k8s-nsa-1.0,k8s-cis-1.23,k8s-pss-baseline-0.1,k8s-pss-restricted-0.1) --config-check strings specify the paths to the Rego check files or to the directories containing them, applying config files --config-data strings specify paths from which data for the Rego checks will be recursively loaded --db-repository string OCI repository to retrieve trivy-db from (default "ghcr.io/aquasecurity/trivy-db:2") diff --git a/go.mod b/go.mod index cbfcdd088abd..b1319883b45a 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/aquasecurity/table v1.8.0 github.com/aquasecurity/testdocker v0.0.0-20240613070307-2c3868d658ac github.com/aquasecurity/tml v0.6.1 - github.com/aquasecurity/trivy-checks v0.11.0 + github.com/aquasecurity/trivy-checks v0.13.0 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240516051533-4c5a4aad13b7 diff --git a/go.sum b/go.sum index 17d31b547023..ce004002e4e7 100644 --- a/go.sum +++ b/go.sum @@ -769,8 +769,8 @@ github.com/aquasecurity/testdocker v0.0.0-20240613070307-2c3868d658ac h1:dy7xjLO github.com/aquasecurity/testdocker v0.0.0-20240613070307-2c3868d658ac/go.mod h1:nyavBQqxtIkQh99lQE1ssup3i2uIq1+giL7tOSHapYk= github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo= github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= -github.com/aquasecurity/trivy-checks v0.11.0 h1:hS5gSQyuyIITrY/kCY2AWQMUSwXLpdtbHDPaCs6eSaI= -github.com/aquasecurity/trivy-checks v0.11.0/go.mod h1:IAK3eHcKNxIHo/ckxKoHsXmEpUG45/38grW5bBjL9lw= +github.com/aquasecurity/trivy-checks v0.13.0 h1:na6PTdY4U0uK/fjz3HNRYBxvYSJ8vgTb57a5T8Y5t9w= +github.com/aquasecurity/trivy-checks v0.13.0/go.mod h1:Xec/SMVGV66I7RgUqOX9MEr+YxBqHXDVLTYmpspPi3E= github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c= github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= diff --git a/pkg/commands/app_test.go b/pkg/commands/app_test.go index 143de739caf0..7235a3e94c7d 100644 --- a/pkg/commands/app_test.go +++ b/pkg/commands/app_test.go @@ -271,7 +271,7 @@ func TestFlags(t *testing.T) { "--scanners", "license", "--compliance", - "docker-cis", + "docker-cis-1.6.0", }, want: want{ format: types.FormatTable, diff --git a/pkg/iac/rules/register.go b/pkg/iac/rules/register.go index ab847de2e1dc..e07268255417 100755 --- a/pkg/iac/rules/register.go +++ b/pkg/iac/rules/register.go @@ -5,7 +5,7 @@ import ( "gopkg.in/yaml.v3" - "github.com/aquasecurity/trivy-checks/specs" + "github.com/aquasecurity/trivy-checks/pkg/specs" "github.com/aquasecurity/trivy/pkg/iac/framework" "github.com/aquasecurity/trivy/pkg/iac/scan" dftypes "github.com/aquasecurity/trivy/pkg/iac/types" diff --git a/pkg/types/report.go b/pkg/types/report.go index baaeaab0a0c3..436bae7fbf7a 100644 --- a/pkg/types/report.go +++ b/pkg/types/report.go @@ -53,13 +53,13 @@ const ( ClassLicenseFile ResultClass = "license-file" // For detected licenses in files ClassCustom ResultClass = "custom" - ComplianceK8sNsa = Compliance("k8s-nsa") - ComplianceK8sCIS = Compliance("k8s-cis") - ComplianceK8sPSSBaseline = Compliance("k8s-pss-baseline") - ComplianceK8sPSSRestricted = Compliance("k8s-pss-restricted") + ComplianceK8sNsa = Compliance("k8s-nsa-1.0") + ComplianceK8sCIS = Compliance("k8s-cis-1.23") + ComplianceK8sPSSBaseline = Compliance("k8s-pss-baseline-0.1") + ComplianceK8sPSSRestricted = Compliance("k8s-pss-restricted-0.1") ComplianceAWSCIS12 = Compliance("aws-cis-1.2") ComplianceAWSCIS14 = Compliance("aws-cis-1.4") - ComplianceDockerCIS = Compliance("docker-cis") + ComplianceDockerCIS = Compliance("docker-cis-1.6.0") FormatTable Format = "table" FormatJSON Format = "json"