Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Trivy to version 0.56.2 #4

Merged
merged 127 commits into from
Dec 20, 2024
Merged

Update Trivy to version 0.56.2 #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
127 commits
Select commit Hold shift + click to select a range
45b3f34
feat(vm): Support direct filesystem (#7058)
yusuke-koyoshi Jul 31, 2024
7024572
feat(cli)!: delete deprecated SBOM flags (#7266)
knqyf263 Jul 31, 2024
35c60f0
feat(vm): support the Ext2/Ext3 filesystems (#6983)
Jul 31, 2024
b3ee6da
fix(plugin): do not call GitHub content API for releases and tags (#7…
knqyf263 Jul 31, 2024
49d5270
fix(java): Return error when trying to find a remote pom to avoid seg…
coheigea Jul 31, 2024
2a0e529
fix(flag): incorrect behavior for deprected flag `--clear-cache` (#7281)
afdesk Jul 31, 2024
e95152f
refactor(misconf): remove file filtering from parsers (#7289)
nikpivkin Aug 2, 2024
fd8348d
feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288)
knqyf263 Aug 2, 2024
555ac8c
docs: add auto-generated config (#7261)
afdesk Aug 5, 2024
bb2e26a
fix(terraform): add aws_region name to presets (#7184)
albertodonato Aug 6, 2024
85dadf5
perf(misconf): do not convert contents of a YAML file to string (#7292)
nikpivkin Aug 6, 2024
13789b7
refactor(misconf): remove unused universal scanner (#7293)
nikpivkin Aug 6, 2024
c766831
perf(misconf): use json.Valid to check validity of JSON (#7308)
nikpivkin Aug 6, 2024
a4180bd
fix(misconf): load only submodule if it is specified in source (#7112)
nikpivkin Aug 6, 2024
a817fae
feat(misconf): support for policy and bucket grants (#7284)
nikpivkin Aug 6, 2024
f0ed5e4
fix(misconf): do not set default value for default_cache_behavior (#7…
nikpivkin Aug 7, 2024
fe92072
feat(misconf): iterator argument support for dynamic blocks (#7236)
nikpivkin Aug 7, 2024
ac3eb9d
chore(deps): bump the common group across 1 directory with 7 updates …
dependabot[bot] Aug 7, 2024
7278abd
docs: update client/server docs for misconf and license scanning (#7277)
nikpivkin Aug 7, 2024
65d991c
docs: update links to packaging.python.org (#7318)
nikpivkin Aug 8, 2024
2b6d8d9
perf(misconf): optimize work with context (#6968)
nikpivkin Aug 8, 2024
59c1541
refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
nikpivkin Aug 9, 2024
08cc14b
docs: update air-gapped docs (#7160)
itaysk Aug 9, 2024
ee339b5
docs(misconf): Update callsites to use correct naming (#7335)
simar7 Aug 14, 2024
0047dbf
chore(deps): bump the common group with 9 updates (#7333)
dependabot[bot] Aug 15, 2024
aadb090
fix(misconf): change default TLS values for the Azure storage account…
nikpivkin Aug 15, 2024
0c6687d
refactor(misconf): highlight only affected rows (#7310)
nikpivkin Aug 15, 2024
c5c62d5
fix(misconf): wrap Azure PortRange in iac types (#7357)
nikpivkin Aug 20, 2024
efdbd8f
feat(misconf): scanning support for YAML and JSON (#7311)
nikpivkin Aug 20, 2024
db2c955
feat(misconf): variable support for Terraform Plan (#7228)
nikpivkin Aug 21, 2024
05a8297
fix: safely check if the directory exists (#7353)
nikpivkin Aug 21, 2024
3f0e7eb
chore(deps): bump the aws group across 1 directory with 7 updates (#7…
dependabot[bot] Aug 21, 2024
24a4563
feat(server): add internal `--path-prefix` flag for client/server mod…
knqyf263 Aug 21, 2024
6fe6727
chore(deps): bump trivy-checks (#7350)
nikpivkin Aug 22, 2024
bfdf5cf
refactor(misconf): use slog (#7295)
nikpivkin Aug 23, 2024
9ef05fc
feat(misconf): ignore duplicate checks (#7317)
nikpivkin Aug 23, 2024
b65b32d
fix(misconf): init frameworks before updating them (#7376)
nikpivkin Aug 23, 2024
2a6c7ab
fix(misconf): support deprecating for Go checks (#7377)
nikpivkin Aug 23, 2024
e9b43f8
feat(python): use minimum version for pip packages (#7348)
afdesk Aug 24, 2024
45a9627
docs: add pkg flags to config file page (#7370)
DmitriyLewen Aug 24, 2024
be86126
feat(misconf): Add support for using spec from on-disk bundle (#7179)
simar7 Aug 27, 2024
dd9733e
fix(report): escape `Message` field in `asff.tpl` template (#7401)
DmitriyLewen Aug 27, 2024
0799770
fix(misconf): use module to log when metadata retrieval fails (#7405)
nikpivkin Aug 27, 2024
44e4686
feat(misconf): support for ignore by nested attributes (#7205)
nikpivkin Aug 28, 2024
9d7264a
fix(misconf): do not filter Terraform plan JSON by name (#7406)
nikpivkin Aug 28, 2024
98e136e
feat(misconf): port and protocol support for EC2 networks (#7146)
nikpivkin Aug 29, 2024
344dafd
chore: fix allow rule of ignoring test files to make it case insensit…
aasish-r Aug 29, 2024
391448a
fix(secret): use only line with secret for long secret lines (#7412)
DmitriyLewen Aug 29, 2024
84118d0
chore: update CODEOWNERS (#7398)
knqyf263 Aug 29, 2024
4c6e8ca
feat(server): Make Trivy Server Multiplexer Exported (#7389)
orizerah Aug 29, 2024
7aea79d
feat(report): export modified findings in JSON (#7383)
knqyf263 Aug 29, 2024
c96dcdd
fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403)
DmitriyLewen Aug 29, 2024
a5aa63e
fix(misconf): do not register Rego libs in checks registry (#7420)
nikpivkin Aug 29, 2024
39c8024
chore(deps): Bump trivy-checks (#7417)
simar7 Aug 30, 2024
3a5d091
fix(misconf): do not recreate filesystem map (#7416)
nikpivkin Aug 30, 2024
bf64003
fix(secret): use `.eyJ` keyword for JWT secret (#7410)
DmitriyLewen Aug 30, 2024
0cac3ac
fix(misconf): fix infer type for null value (#7424)
nikpivkin Aug 31, 2024
feaef96
fix(aws): handle ECR repositories in different regions (#6217)
knrc Sep 2, 2024
c929290
fix: logger initialization before flags parsing (#7372)
DmitriyLewen Sep 2, 2024
fd9ed3a
fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.…
DmitriyLewen Sep 2, 2024
1a6295c
test: add integration plugin tests (#7299)
DmitriyLewen Sep 2, 2024
af1d257
feat(sbom): set User-Agent header on requests to Rekor (#7396)
bobcallaway Sep 3, 2024
da4ebfa
fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimT…
LucasVanHaaren Sep 3, 2024
870523d
chore(deps): Bump trivy-checks and pin OPA (#7427)
simar7 Sep 3, 2024
2d97700
feat(java): add `test` scope support for `pom.xml` files (#7414)
DmitriyLewen Sep 3, 2024
f80183c
fix(license): add license handling to JUnit template (#7409)
psibre Sep 3, 2024
2d80769
feat(go): use `toolchain` as `stdlib` version for `go.mod` files (#7163)
DmitriyLewen Sep 3, 2024
7a1e8b8
release: v0.55.0 [main] (#7271)
aqua-bot Sep 3, 2024
4926da7
fix(license): stop spliting a long license text (#7336)
afdesk Sep 5, 2024
412fb76
refactor(java): add error/statusCode for logs when we can't get pom.x…
DmitriyLewen Sep 6, 2024
e2118e8
chore(helm): bump up Trivy Helm chart (#7441)
afdesk Sep 6, 2024
5375cd2
chore(deps): bump the common group across 1 directory with 19 updates…
dependabot[bot] Sep 6, 2024
3642fe1
chore(deps): bump the aws group with 6 updates (#7468)
dependabot[bot] Sep 10, 2024
dd0a64a
fix(oracle): Update EOL date for Oracle 7 (#7480)
s-reddy1498 Sep 10, 2024
927c6e0
fix(report): change a receiver of MarshalJSON (#7483)
knqyf263 Sep 11, 2024
7ff9aff
fix(report): fix error with unmarshal of `ExperimentalModifiedFinding…
DmitriyLewen Sep 11, 2024
d589856
docs(oci): Add a note About the expected Media Type for the Trivy-DB …
Squiddim Sep 11, 2024
6472e3c
feat(license): improve license normalization (#7131)
pbaumard Sep 11, 2024
8876e70
docs(db): add a manifest example (#7485)
knqyf263 Sep 11, 2024
b0222fe
revert(java): stop supporting of `test` scope for `pom.xml` files (#7…
DmitriyLewen Sep 12, 2024
04a854c
docs: refine go docs (#7442)
itaysk Sep 12, 2024
42748c4
chore(vex): suppress openssl vulnerabilities (#7500)
knqyf263 Sep 16, 2024
701dbda
chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
kaplanlior Sep 16, 2024
0efd202
chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-3415…
DmitriyLewen Sep 16, 2024
5442949
fix(java): use `dependencyManagement` from root/child pom's for depen…
DmitriyLewen Sep 16, 2024
e6f45cd
refactor: split `.egg` and `packaging` analyzers (#7514)
DmitriyLewen Sep 16, 2024
f768d3a
feat(misconf): Register checks only when needed (#7435)
simar7 Sep 17, 2024
56db43c
fix(misconf): Fix logging typo (#7473)
simar7 Sep 17, 2024
d1d7132
chore(deps): bump go-ebs-file (#7513)
nikpivkin Sep 18, 2024
aeb7039
fix(sbom): parse type `framework` as `library` when unmarshalling `Cy…
DmitriyLewen Sep 18, 2024
dbd2dd6
refactor(misconf): pass options to Rego scanner as is (#7529)
nikpivkin Sep 18, 2024
5dd94eb
fix(sbom): export bom-ref when converting a package to a component (#…
afdesk Sep 19, 2024
1f9fc13
perf(misconf): use port ranges instead of enumeration (#7549)
nikpivkin Sep 20, 2024
37d549e
fix(misconf): Fixed scope for China Cloud (#7560)
bloomadcariad Sep 23, 2024
8128ecc
docs(misconf): Add more info on how to use arbitrary JSON/YAML scan f…
simar7 Sep 26, 2024
bbc8e1d
chore(deps): remove broken replaces for opa and discovery (#7600)
lebauce Sep 26, 2024
fea7250
ci: cache test images for `integration`, `VM` and `module` tests (#7599)
DmitriyLewen Sep 26, 2024
1fdf30a
ci: add `workflow_dispatch` trigger for test workflow. (#7606)
DmitriyLewen Sep 26, 2024
3fa24e8
chore(deps): bump the common group across 1 directory with 20 updates…
dependabot[bot] Sep 26, 2024
13ef3e7
fix(db): check `DownloadedAt` for `trivy-java-db` (#7592)
DmitriyLewen Sep 26, 2024
a8fbe46
fix: allow access to '..' in mapfs (#7575)
nikpivkin Sep 27, 2024
9baf658
test: use a local registry for remote scanning (#7607)
knqyf263 Sep 27, 2024
ea0cf03
fix(misconf): escape all special sequences (#7558)
nikpivkin Sep 28, 2024
ef0a27d
feat(misconf): add ability to disable checks by ID (#7536)
nikpivkin Sep 28, 2024
efdb68d
feat(suse): added SUSE Linux Enterprise Micro support (#7294)
msmeissn Sep 29, 2024
de40df9
fix(misconf): disable DS016 check for image history analyzer (#7540)
nikpivkin Sep 30, 2024
cb16d43
ci: split `save` and `restore` cache actions (#7614)
DmitriyLewen Sep 30, 2024
9d1be41
refactor: fix auth error handling (#7615)
knqyf263 Sep 30, 2024
60725f8
feat(secret): enhance secret scanning for python binary files (#7223)
afdesk Sep 30, 2024
b836232
feat(java): add empty versions if `pom.xml` dependency versions can't…
DmitriyLewen Sep 30, 2024
d4edeb5
test: use loaded image names (#7617)
knqyf263 Oct 1, 2024
7602d14
ci: don't use cache for `setup-go` (#7622)
DmitriyLewen Oct 1, 2024
3562529
feat: support multiple DB repositories for vulnerability and Java DB …
nikpivkin Oct 1, 2024
c0e8da3
feat(misconf): Support `--skip-*` for all included modules (#7579)
simar7 Oct 2, 2024
1faf529
chore: add prefixes to log messages (#7625)
knqyf263 Oct 2, 2024
82e2adc
fix(misconf): Disable deprecated checks by default (#7632)
simar7 Oct 2, 2024
8735242
chore(deps): Bump trivy-checks to v1.1.0 (#7631)
simar7 Oct 2, 2024
3e1fa21
fix(secret): change grafana token regex to find them without unquoted…
sgaist Oct 2, 2024
69bf7e0
feat: support RPM archives (#7628)
knqyf263 Oct 2, 2024
fcaea74
fix(misconf): not to warn about missing selectors of libraries (#7638)
nikpivkin Oct 3, 2024
d246401
release: v0.56.0 [main] (#7447)
aqua-bot Oct 3, 2024
5dbdadf
fix(db): fix javadb downloading error handling [backport: release/v0.…
aqua-bot Oct 3, 2024
95dbf11
release: v0.56.1 [release/v0.56] (#7648)
aqua-bot Oct 3, 2024
25d2540
fix(sbom): add options for DBs in private registries [backport: relea…
aqua-bot Oct 9, 2024
f6700ec
fix(redhat): include arch in PURL qualifiers [backport: release/v0.56…
aqua-bot Oct 10, 2024
f2252c8
release: v0.56.2 [release/v0.56] (#7694)
aqua-bot Oct 10, 2024
cf3c724
Make liveness probe configurable (#3)
fhielpos Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
6 changes: 3 additions & 3 deletions .github/CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ pkg/cloud/ @simar7 @nikpivkin
pkg/iac/ @simar7 @nikpivkin

# Helm chart
helm/trivy/ @chen-keinan
helm/trivy/ @afdesk

# Kubernetes scanning
pkg/k8s/ @chen-keinan
docs/docs/target/kubernetes.md @chen-keinan
pkg/k8s/ @afdesk
docs/docs/target/kubernetes.md @afdesk
1 change: 1 addition & 0 deletions .github/workflows/auto-update-labels.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:
with:
# cf. https://github.com/aquasecurity/trivy/pull/6711
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install aqua tools
uses: aquaproj/[email protected]
Expand Down
86 changes: 86 additions & 0 deletions .github/workflows/cache-test-images.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
name: Cache test images
on:
schedule:
- cron: "0 0 * * *" # Run this workflow every day at 00:00 to avoid cache deletion.
workflow_dispatch:

jobs:
test-images:
name: Cache test images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT

## We need to work with test image cache only for main branch
- name: Restore and save test images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-

- name: Download test images
if: github.ref_name == 'main'
run: mage test:fixtureContainerImages

test-vm-images:
name: Cache test VM images
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
if: github.ref_name == 'main'
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT

## We need to work with test VM image cache only for main branch
- name: Restore and save test VM images cache
if: github.ref_name == 'main'
uses: actions/cache@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-vm-images-

- name: Download test VM images
if: github.ref_name == 'main'
run: mage test:fixtureVMImages
56 changes: 56 additions & 0 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ on:
- 'LICENSE'
- '.release-please-manifest.json' ## don't run tests for release-please PRs
merge_group:
workflow_dispatch:

env:
GO_VERSION: '1.22'
jobs:
Expand All @@ -24,6 +26,8 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: go mod tidy
run: |
go mod tidy
Expand Down Expand Up @@ -76,12 +80,28 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT

- name: Restore test images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-

- name: Run integration tests
run: mage test:integration

Expand All @@ -96,6 +116,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
Expand All @@ -116,12 +137,28 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT

- name: Restore test images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/images
key: cache-test-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-images-

- name: Run module integration tests
shell: bash
run: |
Expand All @@ -138,10 +175,28 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0

- name: Generate image list digest
id: image-digest
run: |
IMAGE_LIST=$(skopeo list-tags docker://ghcr.io/aquasecurity/trivy-test-vm-images)
DIGEST=$(echo "$IMAGE_LIST" | sha256sum | cut -d' ' -f1)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT

- name: Restore test VM images from cache
uses: actions/cache/restore@v4
with:
path: integration/testdata/fixtures/vm-images
key: cache-test-vm-images-${{ steps.image-digest.outputs.digest }}
restore-keys:
cache-test-vm-images-

- name: Run vm integration tests
run: |
mage test:vm
Expand All @@ -162,6 +217,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Determine GoReleaser ID
id: goreleaser_id
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,6 @@ dist
# Signing
gpg.key
cmd/trivy/trivy

# RPM
*.rpm
2 changes: 1 addition & 1 deletion .release-please-manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{".":"0.54.0"}
{".":"0.56.2"}
99 changes: 99 additions & 0 deletions .vex/oci.openvex.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,105 @@
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "awk is not used"
},
{
"vulnerability": {
"name": "CVE-2024-4741"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
},
{
"vulnerability": {
"name": "CVE-2024-5535"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"},
{"@id": "pkg:apk/alpine/ssl_client"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
},
{
"vulnerability": {
"name": "CVE-2024-6119"
},
"products": [
{
"@id": "pkg:oci/trivy?repository_url=index.docker.io%2Faquasec%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=public.ecr.aws%2Faquasecurity%2Ftrivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
},
{
"@id": "pkg:oci/trivy?repository_url=ghcr.io/aquasecurity/trivy",
"subcomponents": [
{"@id": "pkg:apk/alpine/libcrypto3"},
{"@id": "pkg:apk/alpine/libssl3"}
]
}
],
"status": "not_affected",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary",
"impact_statement": "openssl is not used"
}
]
}
Loading
Loading