* Fix errors in SARIF format
* Fix one golden file for integration tests
* Fix golden file
* Fix golden again :>
* Update sarif.tpl
* Update alpine-310.sarif.golden
* Remove global flags from subcommands
If the global flags are added to the subcommand as well as being used
globally, their value will be overwritten when the arguments for the
subcommand are parsed. This leads to the value passed to the flag at the
global position being lost.
* Update readme
You can now specify redis as caching as backend.
The default is still the filesystem.
In case redis is added as caching backend, the cache-dir is still
used for the vulnerability database.
Fixes#781
Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>
* Initial nuget advisory detector code.
Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>
* Added nuget package to scan.go
Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>
* Removed nuget advisory file and instead added csharp/nuget as a driver in driver.go.
Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>
* Removed nuget package from driver. Added ghasnuget as a source in vulnerability.go
Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>
* Updated nuget driver to use correct name and to initialize with the new generic scanner.
Signed-off-by: Johannes Tegnér <johannes@jitesoft.com>
* refactor: cut out to a separate method
* chore(mod): update trivy-db
* fix(driver): add a general driver
* test(ghsa): add nuget
* chore: update README
Co-authored-by: knqyf263 <knqyf263@gmail.com>
* (fix): Make the table output less wide.
Currently the table outupt can be as long as 200 characters wide in some
images like nginx:1.16
This PR merges the Title and the URL columns to shorten it.
With this change the longest column has reduced from 200 -> 162 (-19%).
Signed-off-by: Simarpreet Singh <simar@linux.com>
* (fix): Remove Debian TEMP-* links.
These links are quite wide. Removing them makes it 200 -> 143 (-28.5%) shorter for table output.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Revert "(fix): Remove Debian TEMP-* links."
This reverts commit 228540f7c3.
without that you get this arning:
WARN This OS version is not on the EOL list: suse linux enterprise server 15.2
which is actually misleading because 15.2 is the most current release,
we just don't know when it ends. we can however assume that it runs
for at least another year.
Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
* Warn when a user attempts to use trivy without a detectable lockfile
* Update pkg/scanner/local/scan.go
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
* Skip downloading DB if a remote DB is not updated
* Apply suggestions from code review
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
* update github.com/aquasecurity/trivy-db version
* fix lint
* Use UTC datetime
* display DownloadedAt info in debug log
* refactor(db): merge isLatestDB into isNewDB
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
* add linter supports
* add only minor version
* use latest version
* Fix println with format issue
* Fix test
* Fix tests
* For slice with unknown length, preallocating the array
* fix code-coverage
* Removed linter rules
* Reverting linter fixes, adding TODO for later
* Ignore linter error for import
* Remove another err var.
* Ignore shadow error
* Fixes
* Fix issue
* Add back goimports local-prefixes
* Update local prefixes
* Removed extra spaces and merge the imports
* more refactoring
* Update photon.go
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
