version: 2 project_name: trivy builds: - id: build-linux main: ./cmd/trivy/ binary: trivy ldflags: - -s -w - "-extldflags '-static'" - -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}} env: - CGO_ENABLED=0 goos: - linux goarch: - 386 - arm - amd64 - arm64 - s390x - ppc64le goarm: - 7 - id: build-bsd main: ./cmd/trivy/ binary: trivy ldflags: - -s -w - "-extldflags '-static'" - -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}} env: - CGO_ENABLED=0 goos: - freebsd goarch: # modernc.org/sqlite doesn't support freebsd/arm64, etc. - 386 - amd64 - id: build-macos main: ./cmd/trivy/ binary: trivy ldflags: - -s -w - "-extldflags '-static'" - -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}} env: - CGO_ENABLED=0 goos: - darwin goarch: - amd64 - arm64 goarm: - 7 - id: build-windows main: ./cmd/trivy/ binary: trivy ldflags: - -s -w - "-extldflags '-static'" - -X github.com/aquasecurity/trivy/pkg/version/app.ver={{.Version}} env: - CGO_ENABLED=0 goos: - windows goarch: # modernc.org/sqlite doesn't support windows/386 and windows/arm, etc. - amd64 goarm: - 7 release: extra_files: - glob: ./bom.json discussion_category_name: Announcements nfpms: - formats: - deb - rpm vendor: "aquasecurity" homepage: "https://github.com/aquasecurity" maintainer: "Teppei Fukuda <knqyf263@gmail.com>" description: "A Fast Vulnerability Scanner for Containers" license: "Apache-2.0" file_name_template: >- {{ .ProjectName }}_{{ .Version }}_ {{- if eq .Os "darwin" }}macOS {{- else if eq .Os "openbsd" }}OpenBSD {{- else if eq .Os "netbsd" }}NetBSD {{- else if eq .Os "freebsd" }}FreeBSD {{- else if eq .Os "dragonfly" }}DragonFlyBSD {{- else}}{{- title .Os }}{{ end }}- {{- if eq .Arch "amd64" }}64bit {{- else if eq .Arch "386" }}32bit {{- else if eq .Arch "arm" }}ARM {{- else if eq .Arch "arm64" }}ARM64 {{- else if eq .Arch "ppc64le" }}PPC64LE {{- else }}{{ .Arch }}{{ end }} contents: - src: contrib/*.tpl dst: /usr/local/share/trivy/templates rpm: signature: key_file: '{{ .Env.GPG_FILE }}' archives: - id: archive format: tar.gz name_template: >- {{ .ProjectName }}_{{ .Version }}_ {{- if eq .Os "darwin" }}macOS {{- else if eq .Os "linux" }}Linux {{- else if eq .Os "openbsd" }}OpenBSD {{- else if eq .Os "netbsd" }}NetBSD {{- else if eq .Os "freebsd" }}FreeBSD {{- else if eq .Os "dragonfly" }}DragonFlyBSD {{- else}}{{- .Os }}{{ end }}- {{- if eq .Arch "amd64" }}64bit {{- else if eq .Arch "386" }}32bit {{- else if eq .Arch "arm" }}ARM {{- else if eq .Arch "arm64" }}ARM64 {{- else if eq .Arch "ppc64le" }}PPC64LE {{- else }}{{ .Arch }}{{ end }} files: - README.md - LICENSE - contrib/*.tpl format_overrides: - goos: windows format: zip brews: - repository: owner: aquasecurity name: homebrew-trivy homepage: "https://github.com/aquasecurity/trivy" description: "Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues" test: | system "#{bin}/trivy", "--version" dockers: - image_templates: - "docker.io/aquasec/trivy:{{ .Version }}-amd64" - "docker.io/aquasec/trivy:latest-amd64" - "ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64" - "ghcr.io/aquasecurity/trivy:latest-amd64" - "public.ecr.aws/aquasecurity/trivy:latest-amd64" - "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64" use: buildx goos: linux goarch: amd64 ids: - build-linux build_flag_templates: - "--label=org.opencontainers.image.title={{ .ProjectName }}" - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers" - "--label=org.opencontainers.image.vendor=Aqua Security" - "--label=org.opencontainers.image.version={{ .Version }}" - "--label=org.opencontainers.image.created={{ .Date }}" - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy" - "--label=org.opencontainers.image.revision={{ .FullCommit }}" - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/" - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/" - "--platform=linux/amd64" extra_files: - contrib/ - image_templates: - "docker.io/aquasec/trivy:{{ .Version }}-arm64" - "docker.io/aquasec/trivy:latest-arm64" - "ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64" - "ghcr.io/aquasecurity/trivy:latest-arm64" - "public.ecr.aws/aquasecurity/trivy:latest-arm64" - "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64" use: buildx goos: linux goarch: arm64 ids: - build-linux build_flag_templates: - "--label=org.opencontainers.image.title={{ .ProjectName }}" - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers" - "--label=org.opencontainers.image.vendor=Aqua Security" - "--label=org.opencontainers.image.version={{ .Version }}" - "--label=org.opencontainers.image.created={{ .Date }}" - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy" - "--label=org.opencontainers.image.revision={{ .FullCommit }}" - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/" - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/" - "--platform=linux/arm64" extra_files: - contrib/ - image_templates: - "docker.io/aquasec/trivy:{{ .Version }}-s390x" - "docker.io/aquasec/trivy:latest-s390x" - "ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x" - "ghcr.io/aquasecurity/trivy:latest-s390x" - "public.ecr.aws/aquasecurity/trivy:latest-s390x" - "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x" use: buildx goos: linux goarch: s390x ids: - build-linux build_flag_templates: - "--label=org.opencontainers.image.title={{ .ProjectName }}" - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers" - "--label=org.opencontainers.image.vendor=Aqua Security" - "--label=org.opencontainers.image.version={{ .Version }}" - "--label=org.opencontainers.image.created={{ .Date }}" - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy" - "--label=org.opencontainers.image.revision={{ .FullCommit }}" - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/" - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/" - "--platform=linux/s390x" extra_files: - contrib/ - image_templates: - "docker.io/aquasec/trivy:{{ .Version }}-ppc64le" - "docker.io/aquasec/trivy:latest-ppc64le" - "ghcr.io/aquasecurity/trivy:{{ .Version }}-ppc64le" - "ghcr.io/aquasecurity/trivy:latest-ppc64le" - "public.ecr.aws/aquasecurity/trivy:latest-ppc64le" - "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-ppc64le" use: buildx goos: linux goarch: ppc64le ids: - build-linux build_flag_templates: - "--label=org.opencontainers.image.title={{ .ProjectName }}" - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers" - "--label=org.opencontainers.image.vendor=Aqua Security" - "--label=org.opencontainers.image.version={{ .Version }}" - "--label=org.opencontainers.image.created={{ .Date }}" - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy" - "--label=org.opencontainers.image.revision={{ .FullCommit }}" - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/" - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/" - "--platform=linux/ppc64le" extra_files: - contrib/ docker_manifests: - name_template: 'aquasec/trivy:{{ .Version }}' image_templates: - 'aquasec/trivy:{{ .Version }}-amd64' - 'aquasec/trivy:{{ .Version }}-arm64' - 'aquasec/trivy:{{ .Version }}-s390x' - 'aquasec/trivy:{{ .Version }}-ppc64le' - name_template: 'ghcr.io/aquasecurity/trivy:{{ .Version }}' image_templates: - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64' - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64' - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x' - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-ppc64le' - name_template: 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}' image_templates: - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64' - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64' - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x' - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-ppc64le' - name_template: 'aquasec/trivy:latest' image_templates: - 'aquasec/trivy:{{ .Version }}-amd64' - 'aquasec/trivy:{{ .Version }}-arm64' - 'aquasec/trivy:{{ .Version }}-s390x' - 'aquasec/trivy:{{ .Version }}-ppc64le' - name_template: 'ghcr.io/aquasecurity/trivy:latest' image_templates: - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64' - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64' - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x' - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-ppc64le' - name_template: 'public.ecr.aws/aquasecurity/trivy:latest' image_templates: - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64' - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64' - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x' - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-ppc64le' signs: - cmd: cosign env: - COSIGN_EXPERIMENTAL=1 signature: "${artifact}.sig" certificate: "${artifact}.pem" args: - "sign-blob" - "--oidc-issuer=https://token.actions.githubusercontent.com" - "--output-certificate=${certificate}" - "--output-signature=${signature}" - "${artifact}" - "--yes" artifacts: all output: true docker_signs: - cmd: cosign env: - COSIGN_EXPERIMENTAL=1 artifacts: manifests output: true args: - 'sign' - '${artifact}' - '--yes'