gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,824 Commits 29 Branches 177 Tags
738b2b474a8ca94386a558c66442d8632acdce3c
Commit Graph

31 Commits

Author SHA1 Message Date
thekovic
738b2b474a fix: update all documentation links (#9777) 2025-11-13 05:43:20 +00:00
Teppei Fukuda
d57b1606c9 refactor: remove google/wire dependency and implement manual DI (#9509) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-09-23 13:02:11 +00:00
DmitriyLewen
6fafbeb606 fix(rootio): fix severity selection (#9181) 2025-07-17 06:14:28 +00:00
DmitriyLewen
d464807321 feat: add --vuln-severity-source flag (#8269) 2025-03-03 10:59:30 +00:00
Itay Shakury
49456ba841 fix: update all documentation links (#8045) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-02-26 10:41:46 +00:00
Teppei Fukuda
30bcb95350 refactor: use version-specific URLs for documentation references (#6966) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-06-20 10:41:43 +00:00
DmitriyLewen
dfe757e37a refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2024-06-19 11:48:31 +00:00
DmitriyLewen
63c9469bdd refactor: change warning if no vulnerability details are found (#6230) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2024-04-22 17:54:26 +00:00
Teppei Fukuda
94d6e8ced6 refactor: replace zap with slog (#6466) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
 2024-04-11 18:59:09 +00:00
DmitriyLewen
6040d9f43a fix(sbom): add missed primaryURL and source severity for CycloneDX (#5399) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2023-10-19 05:37:32 +00:00
Teppei Fukuda
232ba823e1 feat(vuln): support vulnerability status (#4867) 
* feat: support vulnerability status

* feat: show status in table

* don't add `fixed` status in debian/redhat

* update test golden files

* add Status in rpc

* update docs

* update ignore-status example

* add ignore-status in integration test

* docs: add the explanation for statuses

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-07-26 11:55:03 +00:00
DmitriyLewen
ce77bb46c3 remove govulndb (#4783) 2023-07-19 07:24:35 +00:00
Teppei Fukuda
ca0d972cdb feat(image): add registry options (#3906) 2023-03-28 07:00:04 +03:00
Naimuddin Shaik
b169424089 refactor: db client changed (#3515) 
changed the constructor to accept interface.
 2023-02-01 13:15:36 +02:00
DmitriyLewen
23d0613879 fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255) 2022-12-13 17:29:43 +02:00
Teppei Fukuda
7cecade3a1 feat: add support for WASM modules (#2195) 2022-06-15 15:23:00 +03:00
Teppei Fukuda
a0e5c3a2e2 feat: support config scanning (#931) 2021-07-09 08:18:53 +03:00
rahul2393
e26e39a7f8 fix(vuln) unique vulnerabilities from different data sources (#984) 
* Fix duplicate Rule in sarif template

* Fix integration tests

* Fixed tests

* Update certs validity upto 2100

* Moved deduplication logic to Filter

* Fix linting issue

* Fix liniting issue

* fix: deduplicate vulnerabilities

* refactor

* fix: add installed versions to uniq keys

* Fix tests

* Fix Unit tests.

* Revert port change

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2021-05-12 13:10:05 +03:00
Teppei Fukuda
6ed25c19e6 fix(vulnerability): set unknown severity for empty values (#793) 
* fix(vulnerability): set unknown severity for empty values

* chore(mod): update trivy-db
 2021-01-07 06:48:32 +02:00
Johannes
08ca1b00b7 Feat: NuGet Scanner (#686) 
* Initial nuget advisory detector code.

Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>

* Added nuget package to scan.go

Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>

* Removed nuget advisory file and instead added csharp/nuget as a driver in driver.go.

Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>

* Removed nuget package from driver. Added ghasnuget as a source in vulnerability.go

Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>

* Updated nuget driver to use correct name and to initialize with the new generic scanner.

Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>

* refactor: cut out to a separate method

* chore(mod): update trivy-db

* fix(driver): add a general driver

* test(ghsa): add nuget

* chore: update README

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2020-12-21 10:17:15 +02:00
Teppei Fukuda
d85cb77123 fix(vulnerability): make an empty severity UNKNOWN (#759) 2020-12-02 07:24:02 +02:00
Teppei Fukuda
4d1894327e feat(vulnerability): add primary URLs (#752) 
* refactor(vulnerability): rename a method

* feat(vulnerability): add primary url

* fix(templates): add primary links

* feat(writer): add url

* refactor(convert): remove an unnecessary function

* feat(rpc): add primary_url

* test(integration): update golden files
 2020-11-26 06:06:26 +02:00
rahul2393
793a1aa3c8 Add linter check support (#679) 
* add linter supports

* add only minor version

* use latest version

* Fix println with format issue

* Fix test

* Fix tests

* For slice with unknown length, preallocating the array

* fix code-coverage

* Removed linter rules

* Reverting linter fixes, adding TODO for later

* Ignore linter error for import

* Remove another err var.

* Ignore shadow error

* Fixes

* Fix issue

* Add back goimports local-prefixes

* Update local prefixes

* Removed extra spaces and merge the imports

* more refactoring

* Update photon.go

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2020-10-20 15:20:04 +03:00
Teppei Fukuda
9c6f077818 feat(report): support OPA to filter vulnerabilities (#562) 
* feat(cli): add --filter option

* feat(opa): support OPA

* test(opa): add a test case with OPA

* test: update a mock

* chore(mod): update dependencies

* chore(filter): add example Rego files

* chore(README): update

* chore(rego): apply opa fmt

* refactor: replace filter with policy

* chore(policy): update rego files

* fix(vulnerability): evaluate each vulnerability

* chore(README): update

* Update README.md

Co-authored-by: Itay Shakury <itay@itaysk.com>

* Update README.md

Co-authored-by: Itay Shakury <itay@itaysk.com>

* chore(README): update a TOC link

* fix: replace allow with ignore

* chore(README): update

Co-authored-by: Itay Shakury <itay@itaysk.com>
 2020-07-22 21:10:44 +03:00
Simarpreet Singh
17b84f6c09 Override with Vendor score if exists (#433) 
* wip: Add a failing test to demo severity override

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan.go: Return osFound for use in determining vendor.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* pkg: Fix ScanImage return in case an OSFound

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Include a package-lock.json for happy path

Signed-off-by: Simarpreet Singh <simar@linux.com>

* wip: Add a test to include various reportResult types

Signed-off-by: Simarpreet Singh <simar@linux.com>

* Makefile: Add a target to generate mocks.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Pass reportType as argument for FillInfo.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Add other types of vulnerabilities.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Update golden files.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* ospkg: Fix FillInfo for ospkg/server

Signed-off-by: Simarpreet Singh <simar@linux.com>

* rpc: Add os.Family type to Response.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability_test.go: Add case where no vendor severity exists.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Fallback to NVD if it exists.

Also add tests for other cases.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* rpc: Fix a few sites with reportType info and tests.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Remove VendorSeverity from displayed results

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Add vulnerability source information.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Add VendorSeverity logic for lightDB as well.

This commit also makes FillInfo logic common to both light and full DBs.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* remove some crufty TODOs

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability_test: Add a case for light db for documentation purposes

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: update trivy-db to point to master

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Remove cruft and bring back test cases

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Add pkg Type to mock return

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: reorder err check after err

Signed-off-by: Simarpreet Singh <simar@linux.com>

* client_test: Fix import ordering

Signed-off-by: Simarpreet Singh <simar@linux.com>

* convert.go: Use result.Type

Signed-off-by: Simarpreet Singh <simar@linux.com>

* convert: Use result.Type and simplify ConvertFromRpcResults signature

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Refactor calls to getVendorSeverity

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Remove centos-7-critical.json.golden

There's no critical vulnerability in CentOS 7 anymore.
In addition this test was not adding any value that is already
not covered by existing tests cases.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* rpc: Include severity source in tests.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Update test db to include VendorSeverity.

Test DB is now a snapshot of full database from trivy-db.

Also update golden files to include SeveritySource.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Make centos7 use RHEL vendor severities

Signed-off-by: Simarpreet Singh <simar@linux.com>
 2020-04-16 16:58:58 -07:00
Masahiro Fujimura
fcc193b7d1 Support Photon OS (#340) 
* Add photon

* test(vulnerability): use generated structs and mock

* test(photon): add integration tests

* test(photon): comment in

* test(integration): add vulnerability details to trivy.db

* chore(mod): update dependencies

* chore(README): add Photon OS

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2019-12-27 10:30:53 +02:00
Teppei Fukuda
74717b888e feat: support client/server mode (#295) 
* chore(app): change dir

* feat(rpc): add a proto file and auto-generated files

* chore(dep): add dependencies

* fix(app): fix import path

* fix(integration): fix import path

* fix(protoc): use enum for severity

* chore(Makefile): add fmt andd protoc

* chore(clang): add .clang-format

* refactor: split functions for client/server (#296)

* refactor(db): split db.Download

* refactor(standalone): create a different package

* refactor(vulnerability): split FillAndFilter

* fix(protoc): use enum for severity

* chore(Makefile): add fmt andd protoc

* chore(clang): add .clang-format

* fix(db): remove an unused variable

* fix(db): expose the github client as an argument of constructor

* refactor(vulnerability): add the detail message

* feat(rpc): add rpc client (#302)

* fix(protoc): use enum for severity

* chore(Makefile): add fmt andd protoc

* chore(clang): add .clang-format

* feat(rpc): convert types

* feat(rpc): add rpc client

* token: Refactor to handle bad headers being set

Signed-off-by: Simarpreet Singh <simar@linux.com>

* feat(rpc): add rpc server (#303)

* feat(rpc): add rpc server

* feat(utils): add CopyFile

* feat(server/config): add config struct

* feat(detector): add detector

* feat(scanner): delegate procedures to detector

* fix(scanner): fix the interface

* test(mock): add mocks

* test(rpc/server): add tests

* test(rpc/ospkg/server): add tests

* tets(os/detector): add tests

* refactor(library): move directories

* chore(dependency): add google/wire

* refactor(library): introduce google/wire

* refactor(ospkg/detector): move directory

* feat(rpc): add eosl

* refactor(ospkg): introduce google/wire

* refactor(wire): bind an interface

* refactor(client): use wire.Struct

* chore(Makefile): fix wire

* test(server): add AssertExpectations

* test(server): add AssertExpectations

* refactor(server): remove debug log

* refactor(error): add more context messages

* test(server): fix error message

* refactor(test): create a constructor of mock

* refactor(config): remove an unused variable

* test(config): add an assertion to test the config struct

* feat(client/server): add sub commands (#304)

* feat(rpc): add rpc server

* feat(utils): add CopyFile

* feat(server/config): add config struct

* feat(detector): add detector

* feat(scanner): delegate procedures to detector

* fix(scanner): fix the interface

* feat(client/server): add sub commands

* merge(server3)

* test(scan): remove an unused mock

* refactor(client): generate the constructor by wire

* fix(cli): change the default port

* fix(server): use auto-generated constructor

* feat(ospkg): return eosl

* test(integration): add integration tests for client/server (#306)

* fix(server): remove unnecessary options

* test(integration): add integration tests for client/server

* fix(server): wrap an error

* fix(server): change the update interval

* fix(server): display the error detail

* test(config): add an assertion to test the config struct

* fix(client): returns an error when failing to initizlie a logger

* test(ospkg/server): add eosl

* Squashed commit of the following:

* test(server): refactor and add tests (#307)

* test(github): create a mock

* test(db): create a mock

* test(server): add tests for DB hot update

* chore(db): add a log message

* refactor(db): introduce google/wire

* refactor(rpc): move directory

* refactor(injector): fix import name

* refactor(import): remove new lines

* fix(server): display the error detail

* fix(server): change the update interval

* fix(server): wrap an error

* test(integration): add integration tests for client/server

* fix(server): remove unnecessary options

* refactor(server): return an error when failing to initialize a logger

* refactor(server): remove unused error

* fix(client/server): fix default port

* chore(README): add client/server

* chore(README): update
 2019-12-13 15:00:11 +02:00
knqyf263
119e3098db fix(vulnerability): use warn instead of debug 2019-11-10 16:31:52 +02:00
knqyf263
8257e0d455 test(vulnerability): fix test 2019-11-01 22:09:40 +02:00
knqyf263
a97bbb0f8d feat(option): remove some options 2019-10-31 23:54:14 +02:00
knqyf263
47273ef6da feat(library_scanner): use trivy-db 2019-10-31 12:26:02 +02:00