Bump trivy to v0.54.1 and fix breaking changes #2399
Conversation
|
This pull request does not have a backport label. Could you fix it @romulets? 🙏
|
| xlog.SetLogger(scanLog) | ||
| tlog.Logger = scanLog | ||
| tlog.SetDefault(slog.New(zapslog.NewHandler(log.Core(), nil))) |
There was a problem hiding this comment.
Fix breaking change introduced by zap replacement by slog (aquasecurity/trivy#6466)
I find it weird that trivy uses the default logger for everything. But that's why I used SetDefault from github.com/aquasecurity/trivy/pkg/log, which overrides slog default logger
internal/vulnerability/runner.go
Outdated
| PackageOptions: flag.PackageOptions{ | ||
| PkgTypes: []string{trivy_types.PkgTypeOS, trivy_types.PkgTypeLibrary}, |
There was a problem hiding this comment.
Fix breaking change introduced by renaming vuln flags by pckg flags (aquasecurity/trivy#7104)
internal/vulnerability/scanner.go
Outdated
| PackageOptions: flag.PackageOptions{ | ||
| PkgTypes: []string{trivy_types.PkgTypeOS, trivy_types.PkgTypeLibrary}, |
There was a problem hiding this comment.
Fix breaking change introduced by renaming vuln flags by pckg flags (aquasecurity/trivy#7104)
| DBRepository: name.MustParseReference("ghcr.io/aquasecurity/trivy-db"), | ||
| JavaDBRepository: name.MustParseReference("ghcr.io/aquasecurity/trivy-java-db"), |
There was a problem hiding this comment.
Fix breaking change introduced by adoption of name.Reference on DBRepositories (aquasecurity/trivy#6410)
📊 Allure Report - 💚 No failures were reported.
|
Package relationship has been introduced on aquasecurity/trivy#7237 and using CLI there are default relationship values (all). Using the library directly there is no default value and having 0 relationships and retrieving 0 finginds. Therefore on this commit we added the default value with all relationships
| VulnType: []string{trivy_types.VulnTypeOS, trivy_types.VulnTypeLibrary}, | ||
| PackageOptions: flag.PackageOptions{ | ||
| PkgTypes: []string{trivy_types.PkgTypeOS, trivy_types.PkgTypeLibrary}, | ||
| PkgRelationships: ftypes.Relationships, |
There was a problem hiding this comment.
Package relationship has been introduced on aquasecurity/trivy#7237 and using CLI there are default relationship values (all). Using the library directly there is no default value and having 0 relationships and retrieving 0 finginds. Therefore on this commit we added the default value with all relationships
| VulnType: []string{trivy_types.VulnTypeOS, trivy_types.VulnTypeLibrary}, | ||
| PackageOptions: flag.PackageOptions{ | ||
| PkgTypes: []string{trivy_types.PkgTypeOS, trivy_types.PkgTypeLibrary}, | ||
| PkgRelationships: ftypes.Relationships, |
There was a problem hiding this comment.
Package relationship has been introduced on aquasecurity/trivy#7237 and using CLI there are default relationship values (all). Using the library directly there is no default value and having 0 relationships and retrieving 0 finginds. Therefore on this commit we added the default value with all relationships
Summary of your changes
SetDefaultfromgithub.aaakk.us.kg/aquasecurity/trivy/pkg/log, which overrides slog default loggervulnflags bypckgflags (feat(cli): rename--vuln-typeflag to--pkg-typesflag aquasecurity/trivy#7104)name.Referenceon DBRepositories (fix(db): check schema version for image name only aquasecurity/trivy#6410)Related Issues