diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index 4d32c0ac36..1610039ab1 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -25,8 +25,8 @@ projects: repos: - name: harbor-scanner-trivy versions: - - tag: v0.31.2 - go_version: "1.21" + - tag: v0.31.4 + go_version: "1.22" - name: trivy versions: - tag: v0.51.2 diff --git a/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt b/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt index 648a0f52d3..3e78413d0e 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt +++ b/projects/aquasecurity/harbor-scanner-trivy/ATTRIBUTION.txt @@ -1,5 +1,5 @@ -** github.com/aquasecurity/harbor-scanner-trivy; version v0.31.2 -- +** github.com/aquasecurity/harbor-scanner-trivy; version v0.31.4 -- https://github.com/aquasecurity/harbor-scanner-trivy ** github.com/containerd/stargz-snapshotter/estargz; version v0.14.3 -- @@ -11,13 +11,13 @@ https://github.com/docker/cli ** github.com/docker/distribution/registry/client/auth/challenge; version v2.8.2+incompatible -- https://github.com/distribution/distribution -** github.com/docker/docker/pkg/homedir; version v26.1.2+incompatible -- +** github.com/docker/docker/pkg/homedir; version v27.1.1+incompatible -- https://github.com/moby/moby ** github.com/knqyf263/go-containerregistry; version v0.16.2-0.20231101014841-fd95d0f749dd -- https://github.com/knqyf263/go-containerregistry -** github.com/klauspost/compress; version v1.16.5 -- +** github.com/klauspost/compress; version v1.17.4 -- https://github.com/klauspost/compress ** github.com/opencontainers/go-digest; version v1.0.0 -- @@ -375,7 +375,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/redis/go-redis/v9; version v9.5.1 -- +** github.com/redis/go-redis/v9; version v9.6.1 -- https://github.com/redis/go-redis/v9 Copyright (c) 2013 The github.com/redis/go-redis Authors. @@ -409,7 +409,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ** github.com/gorilla/mux; version v1.8.1 -- https://github.com/gorilla/mux -** github.com/gorilla/schema; version v1.3.0 -- +** github.com/gorilla/schema; version v1.4.1 -- https://github.com/gorilla/schema Copyright (c) 2023 The Gorilla Authors. All rights reserved. @@ -442,7 +442,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/klauspost/compress/internal/snapref; version v1.16.5 -- +** github.com/klauspost/compress/internal/snapref; version v1.17.4 -- https://github.com/klauspost/compress Copyright (c) 2011 The Snappy-Go Authors. All rights reserved. @@ -578,22 +578,52 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** golang.org/go; version go1.21.13 -- +** golang.org/go; version go1.22.8 -- https://github.com/golang/go -** golang.org/x/exp/constraints; version v0.0.0-20230510235704-dd950f8aeaea -- -https://golang.org/x/exp +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ -** golang.org/x/net/context; version v0.25.0 -- +** golang.org/x/net/context; version v0.28.0 -- https://golang.org/x/net -** golang.org/x/sync/errgroup; version v0.3.0 -- +** golang.org/x/sync/errgroup; version v0.8.0 -- https://golang.org/x/sync -** golang.org/x/sys; version v0.20.0 -- +** golang.org/x/sys; version v0.23.0 -- https://golang.org/x/sys -Copyright (c) 2009 The Go Authors. All rights reserved. +** golang.org/x/text; version v0.17.0 -- +https://golang.org/x/text + +Copyright 2009 The Go Authors. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -605,7 +635,7 @@ notice, this list of conditions and the following disclaimer. copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -730,7 +760,7 @@ Copyright (c) 2017-2020 Damian Gryski https://github.com/docker/docker-credential-helpers Copyright (c) 2016 David Calavera -** github.com/klauspost/compress/zstd/internal/xxhash; version v1.16.5 -- +** github.com/klauspost/compress/zstd/internal/xxhash; version v1.17.4 -- https://github.com/klauspost/compress Copyright (c) 2016 Caleb Spare @@ -738,7 +768,7 @@ Copyright (c) 2016 Caleb Spare https://github.com/mitchellh/go-homedir Copyright (c) 2013 Mitchell Hashimoto -** github.com/samber/lo; version v1.39.0 -- +** github.com/samber/lo; version v1.47.0 -- https://github.com/samber/lo Copyright (c) 2022 Samuel Berthe diff --git a/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS b/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS index 658bda5d5e..7167d1f70e 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS +++ b/projects/aquasecurity/harbor-scanner-trivy/CHECKSUMS @@ -1,2 +1,2 @@ -c2bd544ed3e7ba3e2031c85b5b35834a0e79fe93c20bdc0fe50948efb13efcd4 _output/bin/harbor-scanner-trivy/linux-amd64/scanner-trivy -712f237c2115cb30bdf3a3d6ad74382bb581a752170a09be5fb1a13bba90dae3 _output/bin/harbor-scanner-trivy/linux-arm64/scanner-trivy +5bf6a0db227da17c076edab99d467bfa78e9c9eea4e887d086133a0f7d8095e1 _output/bin/harbor-scanner-trivy/linux-amd64/scanner-trivy +edf2ce6e325e7c28e7e31fab128f4b9ee133847f03ed1d382ea7dd25fcdf538b _output/bin/harbor-scanner-trivy/linux-arm64/scanner-trivy diff --git a/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG b/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG index 2d64485d28..dfe38e636d 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG +++ b/projects/aquasecurity/harbor-scanner-trivy/GIT_TAG @@ -1 +1 @@ -v0.31.2 \ No newline at end of file +v0.31.4 diff --git a/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION b/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION index d2ab029d32..71f7f51df9 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION +++ b/projects/aquasecurity/harbor-scanner-trivy/GOLANG_VERSION @@ -1 +1 @@ -1.21 +1.22 diff --git a/projects/aquasecurity/harbor-scanner-trivy/README.md b/projects/aquasecurity/harbor-scanner-trivy/README.md index ce46027cbe..762b802b83 100644 --- a/projects/aquasecurity/harbor-scanner-trivy/README.md +++ b/projects/aquasecurity/harbor-scanner-trivy/README.md @@ -1,5 +1,5 @@ ## **harbor-scanner-trivy** -![Version](https://img.shields.io/badge/version-v0.31.2-blue) +![Version](https://img.shields.io/badge/version-v0.31.4-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoieEpzUzBranRhT3NMMGdLU0lSVmh1S2RteDcyd1AwRU5LbVZFc2pnNlcvcWpaZHR4blQ3RktjbzllUmhwMmhma0pnZ2RWVEY0UEIzZ2NPc3pYQ2l1RFZvPSIsIml2UGFyYW1ldGVyU3BlYyI6IitiOTg2c2dOVW55cnVQREoiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) The [Harbor Scanner Adapter for Trivy](https://github.com/aquasecurity/harbor-scanner-trivy) is a service that translates the Harbor scanning API into Trivy commands and allows Harbor to use Trivy for providing vulnerability reports on images stored in Harbor registry as part of its vulnerability scan feature.