gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
3,437 Commits 29 Branches 177 Tags
7d3b4ffdd6b22ae80215f3a04421606b1f78de6a
Commit Graph

353 Commits

Author SHA1 Message Date
DmitriyLewen
6ab9380b29 fix(suse): use package name to get advisories (#3199) 2022-11-20 14:46:33 +02:00
AndrewCharlesHay
861bc03e2d fix(vuln): add package name to title (#3183) 2022-11-20 14:00:18 +02:00
DmitriyLewen
1ddd6d30b8 feat(dotnet): add support dependency location for dotnet-core files (#3095) 2022-11-16 09:46:28 +02:00
DmitriyLewen
dfff371f84 feat(dotnet): add support dependency location for nuget lock files (#3032) 2022-11-15 12:38:31 +02:00
Teppei Fukuda
7912f585a3 feat(vuln): support dependency graph for RHEL/CentOS (#3094) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2022-10-31 11:07:41 +02:00
Teppei Fukuda
9468056c0f feat(vuln): support dependency graph for dpkg and apk (#3093) 
Co-authored-by: Masahiro331 <m_fujimura@r.recruit.co.jp>
 2022-10-31 08:54:42 +02:00
AndrewCharlesHay
5b975de234 feat(report): add secret scanning to ASFF template (#2860) 
Co-authored-by: AMF <work@afdesk.com>
 2022-10-28 08:27:10 +03:00
Aibek
f4e970f374 fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-10-25 23:41:27 +03:00
DmitriyLewen
cbedd712db feat(nodejs): add support dependency location for yarn.lock files (#3016) 2022-10-25 11:19:21 +03:00
Craig Andrews
c1e24d5344 feat(report): Use understandable value for shortDescription in SARIF reports (#3009) 
Signed-off-by: Craig Andrews <candrews@integralblue.com>
Co-authored-by: AMF <work@afdesk.com>
 2022-10-20 12:54:59 +03:00
Owen Rumney
68f374ac9a feat: add support for scanning azure ARM (#3011) 
Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
 2022-10-13 20:24:14 +03:00
Craig Andrews
d35c668f5c feat(report): add location.message to SARIF output (#3002) (#3003) 
Signed-off-by: Craig Andrews <candrews@integralblue.com>
Co-authored-by: AMF <work@afdesk.com>
 2022-10-12 16:07:58 +03:00
DmitriyLewen
ca434f7f26 feat(nodejs): add dependency line numbers for npm lock files (#2932) 2022-10-12 15:22:34 +03:00
Hirotaka Tagawa / wafuwafu13
a8ff5f06b5 test(fs): add --skip-files, --skip-dirs (#2984) 2022-10-12 15:20:56 +03:00
chenk
597836c3a2 feat(k8s): support outdated-api (#2877) 2022-09-15 13:02:16 +03:00
Masahiro331
9f6680a1fa feat(sbom): Add unmarshal for spdx (#2868) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 08:39:59 +03:00
DmitriyLewen
4839075c28 feat: add support for conan.lock file (#2779) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-06 21:59:13 +03:00
DmitriyLewen
a000adeed0 feat: add support for gradle.lockfile (#2759) 2022-09-01 11:27:36 +03:00
Ankush K
d8d8e62793 fix(secret): Consider secrets in rpc calls (#2753) 2022-08-25 09:36:51 +03:00
afdesk
8bc56bf2fc feat(misconf): skipping misconfigurations by AVD ID (#2743) 2022-08-22 11:06:04 +03:00
Teppei Fukuda
ed1fa89117 revert: add new classes for vulnerabilities (#2701) 2022-08-15 21:40:29 +03:00
Owen Rumney
01123854b4 feat: Support passing value overrides for configuration checks (#2679) 2022-08-08 18:22:58 +03:00
saso
317a026616 feat(sbom): add support for scanning a sbom attestation (#2652) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-08-08 16:27:05 +03:00
Liam Galvin
55825d760b fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636) 2022-08-01 15:38:04 +03:00
Teppei Fukuda
f396c677a2 BREAKING: add new classes for vulnerabilities (#2541) 2022-07-31 10:47:08 +03:00
Liam Galvin
27027cf40d fix: Fix --file-patterns flag (#2625) 2022-07-29 21:54:57 +03:00
thiago-gitlab
5a65548662 fix(vuln): GitLab report template (#2578) 
* fix(vuln): GitLab report template

- Upgrade to schema 14.0.6 (https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/v14.0.6/dist/container-scanning-report-format.json).
- Drop unsupported `confidence` property. Currently optional and will be removed by GitLab in schema 15-0-0.

* docs(vuln): remove note about broken GitLab integration
 2022-07-26 15:51:20 +03:00
Owen Rumney
63cbbd071a fix: yaml files with non-string chart name (#2534) 
Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
 2022-07-18 11:04:19 +03:00
Teppei Fukuda
5b7e0a858d refactor: move from urfave/cli to spf13/cobra (#2458) 
Co-authored-by: afdesk <work@afdesk.com>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2022-07-09 19:40:31 +03:00
Liam Galvin
7699153c66 fix: Fix secrets output not containing file/lines (#2467) 2022-07-08 16:17:21 +03:00
Masahiro331
5b821d3b13 feat(sbom): add cyclonedx sbom scan (#2203) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-07-03 20:03:21 +03:00
DmitriyLewen
7de7a1f8f3 test(integration): fix golden files for debian 9 (#2435) 2022-07-01 11:21:04 +03:00
Liam Galvin
fe2ae8edc8 feat: Make secrets scanning output consistant (#2410) 2022-06-29 17:23:39 +03:00
mycodeself
c36a373def feat(nodejs): add pnpm support (#2414) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-06-29 13:31:04 +03:00
afdesk
6ce9404c16 fix(report): add required fields to the SARIF template (#2341) 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2022-06-20 13:31:21 +03:00
Josh Soref
d6d0a60d16 chore: fix spelling errors (#2352) 2022-06-20 09:56:13 +03:00
AndreyLevchenko
3e3c119555 feat(lang): add dependency origin graph (#1970) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-06-16 10:34:26 +03:00
Teppei Fukuda
7cecade3a1 feat: add support for WASM modules (#2195) 2022-06-15 15:23:00 +03:00
afdesk
b213956cea test: replace deprecated subcommand client in integration tests (#2308) 2022-06-12 20:38:55 +03:00
Owen Rumney
9a601d49ef fix(kubernetes): Support floats in manifest yaml (#2297) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-06-12 17:01:50 +03:00
Teppei Fukuda
f1c6af3121 test: use images in GHCR (#2275) 
Co-authored-by: AMF <work@afdesk.com>
 2022-06-07 13:50:32 +03:00
Owen Rumney
6b2cd7e8da feat(misconf): Helm chart scanning (#2269) 
Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
 2022-06-07 11:38:43 +03:00
DmitriyLewen
92c0452b74 feat(redhat): added architecture check (#2172) 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2022-06-02 15:35:42 +03:00
Shira Cohen
f982167c0a fix(report): change github format version to required (#2229) 2022-06-01 15:39:40 +03:00
DmitriyLewen
911c5e971a test: fixed integration tests after updating testcontainers to v0.13.0 (#2208) 2022-05-31 10:49:24 +03:00
AndreyLevchenko
4ab696eaa2 feat(report): GitHub Dependency Snapshots support (#1522) 
Co-authored-by: Shira Cohen <97398476+ShiraCohen33@users.noreply.github.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-05-26 21:34:15 +03:00
Liam Galvin
3679bc358c feat(misconf): Add special output format for misconfigurations (#2100) 2022-05-13 19:59:02 +03:00
Liam Galvin
5a58e41476 feat(misconf): Added fs.FS based scanning via latest defsec (#2084) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-05-10 15:05:00 +03:00
DmitriyLewen
bd94618b34 chore(os): updated fanal version and alpine distroless test (#2086) 2022-05-06 18:18:59 +03:00
Teppei Fukuda
3870515a81 fix(go): skip system installed binaries (#2028) 2022-04-22 19:20:31 +03:00