gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 07:40:48 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(alpine): warn mixing versions (#2000)

Browse Source
This commit is contained in:
Teppei Fukuda
2022-04-16 00:03:04 +03:00
committed by GitHub
parent d786655a18
commit a0047a7983
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/detector/ospkg/alpine/alpine.go
View File

@@ -95,7 +95,9 @@ func (s *Scanner) Detect(osVer string, repo *ftypes.Repository, pkgs []ftypes.Pa
if repoRelease != "" && osVer != repoRelease {
// Prefer the repository release. Use OS version only when the repository is not detected.
stream = repoRelease
log.Logger.Infof("Use the repository release '%s' for vulnerability detection, instead of OS version '%s'", repoRelease, osVer)
if repoRelease != "edge" { // TODO: we should detect the current edge version.
log.Logger.Warnf("Mixing Alpine versions is unsupported, OS: '%s', repository: '%s'", osVer, repoRelease)
}
}
var vulns []types.DetectedVulnerability
@@ -171,7 +173,7 @@ func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
eol, ok := eolDates[osVer]
if !ok {
log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
log.Logger.Infof("This OS version is not on the EOL list: %s %s", osFamily, osVer)
return true // may be the latest version
}