gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:v0.63.0
Branches Tags
gitea-mirror:main gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/docker-db43af7bd4 gitea-mirror:dependabot/go_modules/common-aee61fa259 gitea-mirror:release-please--branches--main gitea-mirror:gh-pages gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.2 gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1
..
compare: gitea-mirror:v0.64.1
Branches Tags
gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/docker-db43af7bd4 gitea-mirror:dependabot/go_modules/common-aee61fa259 gitea-mirror:main gitea-mirror:release-please--branches--main gitea-mirror:gh-pages gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.2 gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1

50 Commits
v0.63.0 ... v0.64.1

Author SHA1 Message Date
Aqua Security automated builds
86ee3c1176 release: v0.64.1 [release/v0.64] (#9122) 2025-07-03 13:18:35 +00:00
Aqua Security automated builds
4e1272283a fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-07-03 06:42:19 +00:00
Aqua Security automated builds
9a7d38432c fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) 
Co-authored-by: Owen Rumney <owen.rumney@aquasec.com>
 2025-07-02 11:20:33 +00:00
Aqua Security automated builds
53adfba3c2 fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#9120) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-07-02 10:29:38 +00:00
Aqua Security automated builds
8cf1bf9f6f fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) 
Co-authored-by: Tom Fay <tom@teamfay.co.uk>
 2025-07-02 09:41:53 +00:00
Aqua Security automated builds
280491bb51 release: v0.64.0 [main] (#8955) 2025-07-01 07:48:04 +00:00
DmitriyLewen
a6e9807c09 docs(python): fix type with METADATA file name (#9090) 2025-06-30 07:55:35 +00:00
Teppei Fukuda
1e1e1b5fa6 feat: reject unsupported artifact types in remote image retrieval (#9052) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2025-06-30 07:40:40 +00:00
dependabot[bot]
7333c469f4 chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-30 06:42:09 +00:00
Nikita Pivkin
bac6f7b3da refactor(misconf): rewrite Rego module filtering using functional filters (#9061) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-28 05:44:39 +00:00
Nikita Pivkin
a9f7dcdb9c feat(terraform): add partial evaluation for policy templates (#8967) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-28 04:58:16 +00:00
Teppei Fukuda
3a0ec0f2ac feat(vuln): add Root.io support for container image scanning (#9073) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-06-27 15:17:39 +00:00
K
41d0f949c8 feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019) 
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-06-27 07:33:58 +00:00
Owen Rumney
fd2bc91e13 fix(cli): add some values to the telemetry call (#9056) 2025-06-27 07:14:25 +00:00
Yuta Tokoi
367564a3be feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077) 2025-06-26 07:58:29 +00:00
Teppei Fukuda
3adfd988d1 refactor: centralize HTTP transport configuration (#9058) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2025-06-24 17:43:58 +00:00
Teppei Fukuda
cd7c595e4a test: include integration tests in linting and fix all issues (#9060) 2025-06-24 13:09:15 +00:00
dependabot[bot]
6bf7ac41fb chore(deps): bump the common group across 1 directory with 26 updates (#9063) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-06-24 12:25:20 +00:00
kennyk
5aade698c7 feat(java): dereference all maven settings.xml env placeholders (#9024) 2025-06-20 11:39:23 +00:00
simar7
99c5151d6e fix(misconf): reduce log noise on incompatible check (#9029) 2025-06-20 05:57:44 +00:00
Luke Young
371b8cc02f fix(misconf): .Config.User always takes precedence over USER in .History (#9050) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2025-06-19 09:10:45 +00:00
Teppei Fukuda
3f41ffa5b8 chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) 2025-06-19 07:44:06 +00:00
simar7
f23d2f66c1 docs(misconf): simplify misconfiguration docs (#9030) 2025-06-17 22:23:42 +00:00
Nikita Pivkin
a58c36de12 fix(misconf): move disabled checks filtering after analyzer scan (#9002) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-17 05:39:27 +00:00
Teppei Fukuda
64aea25e2a docs: add PR review policy for maintainers (#9032) 2025-06-16 07:31:59 +00:00
Teppei Fukuda
198789a07b fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034) 2025-06-16 04:55:30 +00:00
Nikita Pivkin
ae85c40858 test: improve and extend tests for iac/adapters/arm (#9028) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-14 05:37:53 +00:00
afdesk
7cfdbf0cd9 chore: bump up Go version to 1.24.4 (#9031) 2025-06-12 08:45:52 +00:00
Owen Rumney
19efa9fd37 feat(cli): add version constraints to annoucements (#9023) 2025-06-12 08:09:39 +00:00
Nikita Pivkin
40d017b67d fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-11 06:42:11 +00:00
DmitriyLewen
87118a0ec4 feat(ubuntu): add eol date for 20.04-ESM (#8981) 2025-06-10 07:39:34 +00:00
DmitriyLewen
87fda76f38 fix(report): don't panic when report contains vulns, but doesn't contain packages for table format (#8549) 2025-06-10 05:22:35 +00:00
DmitriyLewen
875ec3a9d2 fix(nodejs): correctly parse packages array of bun.lock file (#8998) 2025-06-09 11:52:30 +00:00
Nikita Pivkin
454b894098 refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-06-09 10:01:53 +00:00
Wolfgang Ellsässer
15f421faf6 docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003) 
Co-authored-by: wollomatic <wollomatic@users.noreply.github.com>
 2025-06-09 08:30:24 +00:00
Jason Swank
57801d0324 feat(misconf): add OpenTofu file extension support (#8747) 2025-06-07 02:51:55 +00:00
Nikita Pivkin
b91284ac0d refactor(misconf): set Trivy version by default in Rego scanner (#9001) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-06 22:02:46 +00:00
Itay Shakury
e1beba2f29 docs: fix assets with versioning (#8996) 2025-06-05 19:07:54 +00:00
Itay Shakury
5d050ce274 docs: add partners page (#8988) 2025-06-05 13:20:55 +00:00
Chris Novakovic
94b12a8cd4 chore(alpine): add EOL date for Alpine 3.22 (#8992) 2025-06-05 13:02:56 +00:00
DmitriyLewen
4ed78e39af fix: don't show corrupted trivy-db warning for first run (#8991) 2025-06-05 11:00:16 +00:00
Aayan Mateen
a61978809b Update installation.md (#8979) 2025-06-04 06:29:28 +00:00
Nikita Pivkin
65e155fdaf feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
 2025-06-04 05:31:07 +00:00
afdesk
521be3a178 chore(k8s): update comments with deprecated command format (#8964) 2025-06-03 06:54:45 +00:00
DmitriyLewen
14d2b83d4b chore: fix errors and typos in docs (#8963) 2025-06-03 05:36:44 +00:00
Owen Rumney
ef5f8de8da fix: Add missing version check flags (#8951) 
Signed-off-by: Owen Rumney <owen.rumney@aquasec.com>
 2025-06-02 07:45:34 +00:00
Romain Geissler @ Amadeus
48258a701a feat(redhat): Add EOL date for RHEL 10. (#8910) 2025-06-02 06:09:20 +00:00
simar7
b813527449 fix: Correctly check for semver versions for trivy version check (#8948) 2025-05-30 17:20:18 +00:00
Naimuddin Shaik
c29bb21973 refactor(server): change custom advisory and vulnerability data types fr… (#8923) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-05-30 04:54:11 +00:00
Aqua Security automated builds
c0cc8a2c47 ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946) 
Co-authored-by: GitHub Actions <actions@github.com>
 2025-05-30 00:42:57 +00:00
210 changed files with 7059 additions and 2263 deletions
Expand all files Collapse all files

1
.github/workflows/semantic-pr.yaml vendored
View File

@@ -67,6 +67,7 @@ jobs:
distroless
windows
minimos
rootio
# Languages
ruby

2
.golangci.yaml
View File

@@ -14,6 +14,8 @@ linters:
desc: "Use 'slices' instead"
- pkg: "golang.org/x/exp/maps"
desc: "Use 'maps' or 'github.com/samber/lo' instead"
- pkg: "io/ioutil"
desc: "io/ioutil is deprecated. Use 'io' or 'os' instead"
dupl:
threshold: 100
errcheck:

2
.release-please-manifest.json
View File

@@ -1 +1 @@
{".":"0.63.0"}
{".":"0.64.1"}

42
CHANGELOG.md
View File

@@ -1,5 +1,47 @@
# Changelog
## [0.64.1](https://github.com/aquasecurity/trivy/compare/v0.64.0...v0.64.1) (2025-07-03)
### Bug Fixes
* **alma:** parse epochs from rpmqa file [backport: release/v0.64] ([#9119](https://github.com/aquasecurity/trivy/issues/9119)) ([8cf1bf9](https://github.com/aquasecurity/trivy/commit/8cf1bf9f6f86936ee7dcd29e0d1cd1ec106e28f6))
* **cli:** Add more non-sensitive flags to telemetry [backport: release/v0.64] ([#9124](https://github.com/aquasecurity/trivy/issues/9124)) ([9a7d384](https://github.com/aquasecurity/trivy/commit/9a7d38432cf00f00970259e5ac3edd060e00ccff))
* **misconf:** skip rewriting expr if attr is nil [backport: release/v0.64] ([#9127](https://github.com/aquasecurity/trivy/issues/9127)) ([4e12722](https://github.com/aquasecurity/trivy/commit/4e1272283a643bfca2d7231d286006219715fada))
* **rootio:** check full version to detect `root.io` packages [backport: release/v0.64] ([#9120](https://github.com/aquasecurity/trivy/issues/9120)) ([53adfba](https://github.com/aquasecurity/trivy/commit/53adfba3c25664b01e3a36fdec334b39b53c07f1))
## [0.64.0](https://github.com/aquasecurity/trivy/compare/v0.63.0...v0.64.0) (2025-06-30)
### Features
* **cli:** add version constraints to annoucements ([#9023](https://github.com/aquasecurity/trivy/issues/9023)) ([19efa9f](https://github.com/aquasecurity/trivy/commit/19efa9fd372242d2ec582a248e9e6573d2caef00))
* **java:** dereference all maven settings.xml env placeholders ([#9024](https://github.com/aquasecurity/trivy/issues/9024)) ([5aade69](https://github.com/aquasecurity/trivy/commit/5aade698c71450badf8db028be61e12ec85c6248))
* **misconf:** add OpenTofu file extension support ([#8747](https://github.com/aquasecurity/trivy/issues/8747)) ([57801d0](https://github.com/aquasecurity/trivy/commit/57801d0324384d990889ba39d856c881e5b8b070))
* **misconf:** normalize CreatedBy for buildah and legacy docker builder ([#8953](https://github.com/aquasecurity/trivy/issues/8953)) ([65e155f](https://github.com/aquasecurity/trivy/commit/65e155fdaf0ad02ec82f00a004427f126faf65ed))
* **redhat:** Add EOL date for RHEL 10. ([#8910](https://github.com/aquasecurity/trivy/issues/8910)) ([48258a7](https://github.com/aquasecurity/trivy/commit/48258a701a7adb210c433310de52f48568ccee19))
* reject unsupported artifact types in remote image retrieval ([#9052](https://github.com/aquasecurity/trivy/issues/9052)) ([1e1e1b5](https://github.com/aquasecurity/trivy/commit/1e1e1b5fa6a884da978fe1ed4c222d613d6eafbd))
* **sbom:** add manufacturer field to CycloneDX tools metadata ([#9019](https://github.com/aquasecurity/trivy/issues/9019)) ([41d0f94](https://github.com/aquasecurity/trivy/commit/41d0f949c874609641c08fa2620fa10bf4ceef78))
* **terraform:** add partial evaluation for policy templates ([#8967](https://github.com/aquasecurity/trivy/issues/8967)) ([a9f7dcd](https://github.com/aquasecurity/trivy/commit/a9f7dcdb9c5973746c3737f2bbc3306a74be5408))
* **ubuntu:** add end of life date for Ubuntu 25.04 ([#9077](https://github.com/aquasecurity/trivy/issues/9077)) ([367564a](https://github.com/aquasecurity/trivy/commit/367564a3bec0c202566c59598dcff087bf50a23d))
* **ubuntu:** add eol date for 20.04-ESM ([#8981](https://github.com/aquasecurity/trivy/issues/8981)) ([87118a0](https://github.com/aquasecurity/trivy/commit/87118a0ec4a6ae492523b7bac9834c2b93a14557))
* **vuln:** add Root.io support for container image scanning ([#9073](https://github.com/aquasecurity/trivy/issues/9073)) ([3a0ec0f](https://github.com/aquasecurity/trivy/commit/3a0ec0f2acff6a13ed6ab348b6b220d49e14a298))
### Bug Fixes
* Add missing version check flags ([#8951](https://github.com/aquasecurity/trivy/issues/8951)) ([ef5f8de](https://github.com/aquasecurity/trivy/commit/ef5f8de8dadf5534a2c965aecca01c7067e5baca))
* **cli:** add some values to the telemetry call ([#9056](https://github.com/aquasecurity/trivy/issues/9056)) ([fd2bc91](https://github.com/aquasecurity/trivy/commit/fd2bc91e133f846bc9f0910c19ac3be3fbfe4009))
* Correctly check for semver versions for trivy version check ([#8948](https://github.com/aquasecurity/trivy/issues/8948)) ([b813527](https://github.com/aquasecurity/trivy/commit/b813527449c4604f5afad71ae82b13399bb48680))
* don't show corrupted trivy-db warning for first run ([#8991](https://github.com/aquasecurity/trivy/issues/8991)) ([4ed78e3](https://github.com/aquasecurity/trivy/commit/4ed78e39afe57e81c12482fef9102dc3f85d1493))
* **misconf:** .Config.User always takes precedence over USER in .History ([#9050](https://github.com/aquasecurity/trivy/issues/9050)) ([371b8cc](https://github.com/aquasecurity/trivy/commit/371b8cc02f2ffa3f42534a437ce8727519e7b9b9))
* **misconf:** correct Azure value-to-time conversion in AsTimeValue ([#9015](https://github.com/aquasecurity/trivy/issues/9015)) ([40d017b](https://github.com/aquasecurity/trivy/commit/40d017b67da38131734eab90c42ad945ac3b5013))
* **misconf:** move disabled checks filtering after analyzer scan ([#9002](https://github.com/aquasecurity/trivy/issues/9002)) ([a58c36d](https://github.com/aquasecurity/trivy/commit/a58c36de124cba7250e1a5ae0cc32d83018391fe))
* **misconf:** reduce log noise on incompatible check ([#9029](https://github.com/aquasecurity/trivy/issues/9029)) ([99c5151](https://github.com/aquasecurity/trivy/commit/99c5151d6ea1dabe85cce75ff9bb91166532b11f))
* **nodejs:** correctly parse `packages` array of `bun.lock` file ([#8998](https://github.com/aquasecurity/trivy/issues/8998)) ([875ec3a](https://github.com/aquasecurity/trivy/commit/875ec3a9d2568e15a6824c8f84ad6a59f03eb212))
* **report:** don't panic when report contains vulns, but doesn't contain packages for `table` format ([#8549](https://github.com/aquasecurity/trivy/issues/8549)) ([87fda76](https://github.com/aquasecurity/trivy/commit/87fda76f38a3a6939a87828c3df0c5ac2cf7fce3))
* **sbom:** remove unnecessary OS detection check in SBOM decoding ([#9034](https://github.com/aquasecurity/trivy/issues/9034)) ([198789a](https://github.com/aquasecurity/trivy/commit/198789a07b857b053c73f8fcd1f508902fac344d))
## [0.63.0](https://github.com/aquasecurity/trivy/compare/v0.62.0...v0.63.0) (2025-05-29)

131
docs/assets/css/_slick_slider.scss Normal file
View File

@@ -0,0 +1,131 @@
/* Slider */
.slick-slider{position:relative;display:block;box-sizing:border-box;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-touch-callout:none;-khtml-user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-tap-highlight-color:transparent;}
.slick-list{position:relative;display:block;overflow:hidden;margin:0;padding:0;}
.slick-list:focus{outline:none;}
.slick-list.dragging{cursor:hand;}
.slick-slider .slick-track,.slick-slider .slick-list{transform:translate3d(0,0,0);}
.slick-track{position:relative;top:0;left:0;display:block;margin-left:auto;margin-right:auto;}
.slick-track:before,.slick-track:after{display:table;content:'';}
.slick-track:after{clear:both;}
.slick-loading .slick-track{visibility:hidden;}
.slick-slide{display:none;float:left;height:100%;min-height:1px;}
.slick-slide:focus{outline:none;}
.slick-slide img{display:block;}
.slick-slide.slick-loading img{display:none;}
.slick-slide.dragging img{pointer-events:none;}
.slick-initialized .slick-slide{display:block;}
.slick-loading .slick-slide{visibility:hidden;}
.slick-vertical .slick-slide{display:block;height:auto;border:1px solid transparent;}
.slick-arrow.slick-hidden{display:none;}
.slick-arrow {display:block;background-color:transparent;border:none;color:transparent;cursor:pointer;position:absolute;top:0px;height:330px;width:80px;z-index:20;outline:none;}
.slick-arrow:focus, .slick-arrow:active {outline:none;}
.slick-arrow.slick-prev {left:0px;background-image:linear-gradient(to right, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow.slick-next {right:0px;background-image:linear-gradient(to left, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow:before {content:"";display:block;position:absolute;left:0px;top:0px;width:100%;height:100%;z-index:21;background-repeat:no-repeat;}
.slick-arrow.slick-prev:before {background-image:url(../images/arrow_left.png);background-position:center left;}
.slick-arrow.slick-next:before {background-image:url(../images/arrow_right.png);background-position:center right;}
/* dots */
.slick-dotted.slick-slider
{
margin-bottom: 0px;
}
.slick-dots
{
//position: absolute;
//bottom: -25px;
position: relative;
display: block;
width: 100%;
padding: 0;
margin: 0;
list-style: none;
text-align: center;
}
.slick-dots li {
position: relative;
display: inline-block;
width: 24px;
height: 24px;
margin: 0px 4px;
padding: 0;
cursor: pointer;
}
.slick-dots li button
{
font-size: 0;
line-height: 0;
display: block;
width: 24px;
height: 24px;
padding: 0px;
cursor: pointer;
color: transparent;
border: 0;
outline: none;
background: transparent;
&:before {
position: relative;
top: 0px;
left: 0px;
width: 20px;
height: 20px;
content: "";
background-color: transparent;
border: 2px solid $aq-sea-foam;
border-radius: 50%;
display: block;
opacity: 0.7;
}
&:after {
position: absolute;
top: 7px;
left: 5px;
width: 10px;
height: 10px;
content: "";
background-color: $aq-sea-foam;
//border: 1px solid #666;
border-radius: 50%;
//box-shadow: inset 1px 1px 1px #888;
display: block;
opacity: 0;
transition: 0.2s ease-out;
}
}
.slick-dots li button:hover,
.slick-dots li button:focus
{
outline: none;
&:after {
opacity: 1;
}
}
.slick-dots li.slick-active button:after {
opacity: 1;
}

284
docs/assets/css/trivy_v1_homepage.scss → docs/assets/css/_trivy_homepage.scss
View File

@@ -1,52 +1,4 @@
/* trivy homepage */
//aqua brand colors
$aq-royal-blue: #1904da;
$aq-legacy-blue: #08b1d5;
$aq-coral-red: #ff445f;
$aq-starfish-yellow: #ffc900;
$aq-dark-abyss: #07242d;
$aq-deep-sea-blue: #183278;
$aq-ocean-ash: #405a75;
$aq-sea-foam: #00ffe4;
$aq-neo-background: #ebf3fa;
$aq-neo-background-hover: #f0f8ff;
$aq-royal-blue-dark: #1503ba;
$aq-trivy-dark: #0a0b23;
$weight-normal: 400;
$weight-semibold: 600;
$weight-bold: 700;
$gap: 32px;
// 960, 1152, and 1344 have been chosen because they are divisible by both 12 and 16
$tablet: 769px;
// 960px container + 4rem
$desktop: 960px + 2 * $gap;
// 1152px container + 4rem
$widescreen: 1152px + 2 * $gap;
$widescreen-enabled: true;
// 1344px container + 4rem
$fullhd: 1344px + 2 * $gap;
$fullhd-enabled: true;
body {
font-family: "Inter", sans-serif;
}
.trivy_v1_homepage_wrap {
position: relative;
z-index: 3;
@@ -55,97 +7,7 @@ body {
transition: all 0.2s ease !important;
}
.container {
width: 100%;
margin: 0 auto;
max-width: 1440px;
@media screen and (max-width: $tablet), print { //769
padding: 0 24px;
max-width: $tablet; //769
} //until tablet
}
.button {
background-color: #ebf3fa;
border: 1px solid #dbdbdb;
border-width: 1px;
color: #363636;
cursor: pointer;
justify-content: center;
padding-bottom: calc(.5em - 1px);
padding-left: 1em;
padding-right: 1em;
padding-top: calc(.5em - 1px);
text-align: center;
white-space: nowrap;
border-radius: 4px;
transition: all .2s ease;
font-size: 16px;
display: inline-block;
font-weight: 700;
&.is-seafoam {
background-color: $aq-sea-foam;
border-color: $aq-sea-foam;
color: $aq-dark-abyss;
&.is-outlined {
background-color: rgba(0,0,0,0);
border-color: $aq-sea-foam;
color: $aq-sea-foam;
border-width: 2px;
&:hover {
background-color: $aq-sea-foam;
color: $aq-dark-abyss;
}
} //is-outlines
} //is-seafoam
&.large_btn {
font-size: 22px;
padding: 16px 27px;
margin-right: 12px;
@media screen and (max-width: $tablet), print {
font-size: 18px;
} //until tablet
}
&.solidseafoamarrowbutton {
background-color: $aq-sea-foam;
font-weight: 700;
border: 2px solid $aq-sea-foam;
font-size: 22px; //1.375rem; //1.125rem;
padding: 16px 27px;
color: $aq-dark-abyss;
&:after {
content: "";
border: solid $aq-dark-abyss;
border-width: 0 2px 2px 0;
display: inline-block;
padding: 4px;
transform: rotate(-45deg);
margin-left: 30px;
vertical-align: middle;
transition: all .2s;
}
} //solidseafoamarrowbutton
} //button
.margin-bottom-20 {
margin-bottom: 20px;
}
.hero_wrap {
background-color: $aq-trivy-dark;
@@ -155,10 +17,6 @@ body {
z-index: 10;
.homepage_background_image_wrap {
position: absolute;
left: 0px;
@@ -550,144 +408,4 @@ body {
} //homepage_community_wrap
} //trivy_homepage_wrap
/* Slider */
.slick-slider{position:relative;display:block;box-sizing:border-box;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-touch-callout:none;-khtml-user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-tap-highlight-color:transparent;}
.slick-list{position:relative;display:block;overflow:hidden;margin:0;padding:0;}
.slick-list:focus{outline:none;}
.slick-list.dragging{cursor:hand;}
.slick-slider .slick-track,.slick-slider .slick-list{transform:translate3d(0,0,0);}
.slick-track{position:relative;top:0;left:0;display:block;margin-left:auto;margin-right:auto;}
.slick-track:before,.slick-track:after{display:table;content:'';}
.slick-track:after{clear:both;}
.slick-loading .slick-track{visibility:hidden;}
.slick-slide{display:none;float:left;height:100%;min-height:1px;}
.slick-slide:focus{outline:none;}
.slick-slide img{display:block;}
.slick-slide.slick-loading img{display:none;}
.slick-slide.dragging img{pointer-events:none;}
.slick-initialized .slick-slide{display:block;}
.slick-loading .slick-slide{visibility:hidden;}
.slick-vertical .slick-slide{display:block;height:auto;border:1px solid transparent;}
.slick-arrow.slick-hidden{display:none;}
.slick-arrow {display:block;background-color:transparent;border:none;color:transparent;cursor:pointer;position:absolute;top:0px;height:330px;width:80px;z-index:20;outline:none;}
.slick-arrow:focus, .slick-arrow:active {outline:none;}
.slick-arrow.slick-prev {left:0px;background-image:linear-gradient(to right, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow.slick-next {right:0px;background-image:linear-gradient(to left, rgba($aq-neo-background,1) 0%, rgba($aq-neo-background,0) 100%);}
.slick-arrow:before {content:"";display:block;position:absolute;left:0px;top:0px;width:100%;height:100%;z-index:21;background-repeat:no-repeat;}
.slick-arrow.slick-prev:before {background-image:url(../images/arrow_left.png);background-position:center left;}
.slick-arrow.slick-next:before {background-image:url(../images/arrow_right.png);background-position:center right;}
/* dots */
.slick-dotted.slick-slider
{
margin-bottom: 0px;
}
.slick-dots
{
//position: absolute;
//bottom: -25px;
position: relative;
display: block;
width: 100%;
padding: 0;
margin: 0;
list-style: none;
text-align: center;
}
.slick-dots li {
position: relative;
display: inline-block;
width: 24px;
height: 24px;
margin: 0px 4px;
padding: 0;
cursor: pointer;
}
.slick-dots li button
{
font-size: 0;
line-height: 0;
display: block;
width: 24px;
height: 24px;
padding: 0px;
cursor: pointer;
color: transparent;
border: 0;
outline: none;
background: transparent;
&:before {
position: relative;
top: 0px;
left: 0px;
width: 20px;
height: 20px;
content: "";
background-color: transparent;
border: 2px solid $aq-sea-foam;
border-radius: 50%;
display: block;
opacity: 0.7;
}
&:after {
position: absolute;
top: 7px;
left: 5px;
width: 10px;
height: 10px;
content: "";
background-color: $aq-sea-foam;
//border: 1px solid #666;
border-radius: 50%;
//box-shadow: inset 1px 1px 1px #888;
display: block;
opacity: 0;
transition: 0.2s ease-out;
}
}
.slick-dots li button:hover,
.slick-dots li button:focus
{
outline: none;
&:after {
opacity: 1;
}
}
.slick-dots li.slick-active button:after {
opacity: 1;
}
} //trivy_homepage_wrap

177
docs/assets/css/_trivy_partners.scss Normal file
View File

@@ -0,0 +1,177 @@
/* trivy partners page */
.trivy_v1_homepage_wrap.partners_wrap {
position: relative;
z-index: 3;
.partners_hero_wrap {
background-color: $aq-trivy-dark;
background-image: radial-gradient(1600px at 70% 120%, #031145 10%, $aq-trivy-dark 100%);
min-height: 500px;
position: relative;
z-index: 10;
.partners_background_image_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
pointer-events: none;
.stars_wrap {
position: absolute;
left: 0px;
top: 0px;
width: 100%;
height: 100%;
z-index: 1;
overflow: hidden;
.stars_bg {
position: absolute;
width: 400vw;
height: 400vh;
top: 50%;
left: 50%;
margin-top: -200vh;
margin-left: -200vw;
animation: stars_ani 240s linear infinite;
background-size: 240px;
backface-visibility: visible;
background-image:url(../images/homepage_hero_stars_02.svg);
background-repeat: repeat;
}
@keyframes stars_ani {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
} //stars_wrap
} //hero_background_image_wrap
} //partners_hero_wrap
.hero {
.hero-body {
padding: 80px 0px;
// border: 1px solid red;
.header_title_wrap.with_columns {
display: flex;
flex-direction: row;
@media screen and (max-width: $desktop) {
flex-direction: column;
}
.header_title_content_wrap {
width: 50%;
position: relative;
z-index: 3;
&.partners_hero_stage_image {
align-self: center;
align-content: center;
img {
max-width: 100%;
}
}
@media screen and (max-width: $widescreen), print {
width: 70%;
} //until widescreen
@media screen and (max-width: $tablet), print { //769
width: 100%;
.page_title {
font-size: 32px; //2rem;
}//page_title
.page_subtitle {
font-size: 18px; //1.125rem;
}//page_subtitle
} //until tablet
} //header_title_content_wrap
} //header_title_wrap
@media screen and (min-width: $tablet), print { //769
padding: 48px 24px; //3rem 1.5rem;
}
}
} //hero
} //trivy_v1_homepage_wrap partners_wrap
.partners_logos_wrap {
background-color: $aq-trivy-dark;
padding: 50px 0px;
.partners_logos_title {
text-align: center;
color: #ffffff;
}
.partners_logos {
display: flex;
flex-direction: row;
justify-content: center;
align-items: center;
gap: 4rem;
flex-wrap: wrap;
.logo_item {
display: inline-block;
padding: 20px;
margin: 0px;
// background-color: red;
img {
display: block;
margin: 0px auto;
width: auto;
max-height: 115px;
max-width: 200px;
transition: all 0.3s ease;
// overflow: hidden;
}
} //logo_item
@media screen and (max-width: $tablet) {
gap: 2rem;
.logo_item {
img {
max-height: 80px;
max-width: 150px;
}
}
}
} //partners_logos
} //partners_logos_wrap

1
docs/assets/css/trivy_v1_homepage.min.css vendored
View File

File diff suppressed because one or more lines are too long

1
docs/assets/css/trivy_v1_styles.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

166
docs/assets/css/trivy_v1_styles.scss Normal file
View File

@@ -0,0 +1,166 @@
/* trivy styles */
//aqua brand colors
$aq-royal-blue: #1904da;
$aq-legacy-blue: #08b1d5;
$aq-coral-red: #ff445f;
$aq-starfish-yellow: #ffc900;
$aq-dark-abyss: #07242d;
$aq-deep-sea-blue: #183278;
$aq-ocean-ash: #405a75;
$aq-sea-foam: #00ffe4;
$aq-neo-background: #ebf3fa;
$aq-neo-background-hover: #f0f8ff;
$aq-royal-blue-dark: #1503ba;
$aq-trivy-dark: #0a0b23;
$weight-normal: 400;
$weight-semibold: 600;
$weight-bold: 700;
$gap: 32px;
// 960, 1152, and 1344 have been chosen because they are divisible by both 12 and 16
$tablet: 769px;
// 960px container + 4rem
$desktop: 960px + 2 * $gap;
// 1152px container + 4rem
$widescreen: 1152px + 2 * $gap;
$widescreen-enabled: true;
// 1344px container + 4rem
$fullhd: 1344px + 2 * $gap;
$fullhd-enabled: true;
body {
font-family: "Inter", sans-serif;
}
.container {
width: 100%;
margin: 0 auto;
max-width: 1440px;
&.is-relative {
position: relative;
}
@media screen and (max-width: $tablet), print { //769
padding: 0 24px;
max-width: calc( 100% - 48px); //$tablet; //769
} //until tablet
}
.generic_title {
font-size: 1.75rem;
font-weight: $weight-bold;
margin: 0.75rem 1.25rem 0.75rem 0.75rem;
color: $aq-royal-blue;
}
.generic_subtitle {
font-size: 1.125rem;
opacity: 0.8;
margin: 0.75rem;
}
.button {
background-color: #ebf3fa;
border: 1px solid #dbdbdb;
border-width: 1px;
color: #363636;
cursor: pointer;
justify-content: center;
padding-bottom: calc(.5em - 1px);
padding-left: 1em;
padding-right: 1em;
padding-top: calc(.5em - 1px);
text-align: center;
white-space: nowrap;
border-radius: 4px;
transition: all .2s ease;
font-size: 16px;
display: inline-block;
font-weight: 700;
&.is-seafoam {
background-color: $aq-sea-foam;
border-color: $aq-sea-foam;
color: $aq-dark-abyss;
&.is-outlined {
background-color: rgba(0,0,0,0);
border-color: $aq-sea-foam;
color: $aq-sea-foam;
border-width: 2px;
&:hover {
background-color: $aq-sea-foam;
color: $aq-dark-abyss;
}
} //is-outlines
} //is-seafoam
&.large_btn {
font-size: 22px;
padding: 16px 27px;
margin-right: 12px;
@media screen and (max-width: $tablet), print {
font-size: 18px;
} //until tablet
}
&.solidseafoamarrowbutton {
background-color: $aq-sea-foam;
font-weight: 700;
border: 2px solid $aq-sea-foam;
font-size: 22px; //1.375rem; //1.125rem;
padding: 16px 27px;
color: $aq-dark-abyss;
&:after {
content: "";
border: solid $aq-dark-abyss;
border-width: 0 2px 2px 0;
display: inline-block;
padding: 4px;
transform: rotate(-45deg);
margin-left: 30px;
vertical-align: middle;
transition: all .2s;
}
} //solidseafoamarrowbutton
} //button
.margin-bottom-20 {
margin-bottom: 20px;
}
@import "_slick_slider";
@import "_trivy_homepage";
@import "_trivy_partners";

20
docs/assets/images/partner_logo_echo.svg Normal file
View File

@@ -0,0 +1,20 @@
<svg width="214" height="63" viewBox="0 0 214 63" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3432)">
<g clip-path="url(#clip1_105_3432)">
<path d="M91.1057 16.7456C93.9686 16.7456 96.4222 17.33 98.4665 18.4988C100.511 19.6676 102.079 21.2859 103.169 23.3538C104.305 25.3767 104.873 27.7143 104.873 30.3665C104.873 30.9509 104.851 31.5128 104.805 32.0523C104.759 32.5467 104.669 33.0188 104.533 33.4683H84.018C84.063 38.0985 84.9265 41.4251 86.6078 43.448C88.3341 45.4709 90.8333 46.4824 94.1048 46.4824C96.3765 46.4824 98.2166 46.1227 99.6255 45.4034C101.034 44.6393 102.329 43.5828 103.51 42.2343L104.601 43.2457C103.237 45.7182 101.374 47.6512 99.012 49.0447C96.6946 50.3933 93.923 51.0676 90.6971 51.0676C87.4706 51.0676 84.6309 50.3933 82.1773 49.0447C79.7238 47.6961 77.7931 45.7631 76.3842 43.2457C75.0209 40.6833 74.3398 37.6265 74.3398 34.0752C74.3398 30.389 75.1346 27.2647 76.7253 24.7024C78.3611 22.1401 80.451 20.1846 82.9952 18.8359C85.585 17.4424 88.2885 16.7456 91.1057 16.7456ZM90.7652 18.7011C89.4475 18.7011 88.2885 19.0832 87.2895 19.8474C86.3348 20.5667 85.5625 21.8703 84.9721 23.7584C84.4266 25.6015 84.1086 28.2088 84.018 31.5803H96.2172C96.7171 27.0399 96.5359 23.7584 95.6724 21.7354C94.8089 19.7125 93.1732 18.7011 90.7652 18.7011Z" fill="white"/>
<path d="M125.043 51.0676C121.953 51.0676 119.159 50.4158 116.66 49.1121C114.16 47.7635 112.184 45.8305 110.73 43.3131C109.321 40.7508 108.617 37.649 108.617 34.0078C108.617 30.3666 109.413 27.2647 111.003 24.7024C112.593 22.1401 114.706 20.1846 117.341 18.8359C120.022 17.4424 122.953 16.7456 126.133 16.7456C128.723 16.7456 130.927 17.1727 132.744 18.0268C134.561 18.8809 135.947 19.9823 136.902 21.3309C137.856 22.6345 138.333 24.0281 138.333 25.5116C138.333 26.7703 137.947 27.7367 137.174 28.4111C136.447 29.0853 135.493 29.4225 134.311 29.4225C133.039 29.4225 131.995 28.9729 131.177 28.0739C130.404 27.1748 129.95 26.0285 129.814 24.635C129.768 23.7359 129.768 22.9717 129.814 22.3423C129.904 21.713 129.904 21.1061 129.814 20.5217C129.632 19.7575 129.314 19.2406 128.859 18.9708C128.45 18.7011 127.86 18.5662 127.088 18.5662C124.225 18.5662 122.021 19.7125 120.477 22.0052C118.977 24.2528 118.227 27.9165 118.227 32.9963C118.227 37.3568 119.068 40.7058 120.749 43.0434C122.43 45.381 125.043 46.5498 128.586 46.5498C130.677 46.5498 132.403 46.1677 133.767 45.4034C135.129 44.5943 136.379 43.448 137.515 41.9645L138.606 42.7737C137.47 45.4709 135.72 47.5388 133.357 48.9772C131.04 50.3708 128.268 51.0676 125.043 51.0676Z" fill="white"/>
<path d="M140.628 50.1236V48.775L141.514 48.5053C143.15 48.0108 143.967 46.8869 143.967 45.1337V10.4072C143.967 9.46321 143.809 8.76643 143.491 8.31689C143.173 7.82236 142.559 7.46278 141.651 7.23798L140.628 6.96825V5.6871L152.146 2.7876L153.237 3.39447L152.964 12.9021V21.5332C154.555 20.2295 156.281 19.1057 158.144 18.1617C160.052 17.2177 162.097 16.7456 164.278 16.7456C167.277 16.7456 169.617 17.5773 171.298 19.2406C173.024 20.9039 173.888 23.4662 173.888 26.9276V45.2012C173.888 46.1002 174.07 46.8195 174.433 47.359C174.797 47.8984 175.433 48.303 176.342 48.5727L176.955 48.775V50.1236H161.416V48.775L162.234 48.5053C163.869 48.0557 164.687 46.9319 164.687 45.1337V25.6464C164.687 23.8034 164.369 22.5222 163.733 21.8029C163.097 21.0837 161.984 20.724 160.393 20.724C159.303 20.724 158.144 20.9263 156.917 21.3309C155.736 21.7355 154.487 22.4098 153.169 23.3538V45.2686C153.169 46.1677 153.351 46.8869 153.714 47.4264C154.077 47.9658 154.691 48.348 155.554 48.5727L156.167 48.775V50.1236L140.628 50.1236Z" fill="white"/>
<path d="M196.734 51.0676C193.372 51.0676 190.418 50.3708 187.874 48.9772C185.375 47.5837 183.421 45.6058 182.012 43.0434C180.649 40.4811 179.968 37.4242 179.968 33.8729C179.968 30.3215 180.694 27.2647 182.148 24.7024C183.648 22.1401 185.647 20.1846 188.146 18.8359C190.691 17.4424 193.553 16.7456 196.734 16.7456C199.915 16.7456 202.754 17.4424 205.253 18.8359C207.798 20.1846 209.797 22.1401 211.251 24.7024C212.75 27.2198 213.5 30.2766 213.5 33.8729C213.5 37.4242 212.796 40.5035 211.387 43.1109C210.024 45.6732 208.093 47.6512 205.594 49.0447C203.095 50.3933 200.142 51.0676 196.734 51.0676ZM196.734 49.1796C198.369 49.1796 199.687 48.7525 200.687 47.8984C201.732 46.9993 202.482 45.4484 202.936 43.2457C203.39 41.043 203.618 37.9636 203.618 34.0078C203.618 30.0069 203.39 26.9051 202.936 24.7024C202.482 22.4547 201.732 20.9038 200.687 20.0497C199.687 19.1507 198.369 18.7011 196.734 18.7011C195.098 18.7011 193.78 19.1507 192.781 20.0497C191.782 20.9038 191.032 22.4547 190.532 24.7024C190.078 26.9051 189.85 30.0069 189.85 34.0078C189.85 37.9636 190.078 41.043 190.532 43.2457C191.032 45.4484 191.782 46.9993 192.781 47.8984C193.78 48.7525 195.098 49.1796 196.734 49.1796Z" fill="white"/>
<path d="M19.851 31.1743C19.851 45.9125 27.2427 56.2352 30.8683 60.3905C32.079 61.7781 31.767 62.4352 29.9322 62.2793C13.4366 60.8757 0.5 47.4855 0.5 31.1743C0.5 14.5469 13.943 0.954861 30.8953 0.00118455C31.5519 -0.0357474 31.9018 0.79971 31.4502 1.27776C28.132 4.79122 19.851 15.1633 19.851 31.1743Z" fill="white"/>
<path d="M45.4656 31.1876C45.4656 42.1671 41.9304 51.0676 38.3656 51.0676C34.8008 51.0676 31.2656 42.1671 31.2656 31.1876C31.2656 20.2082 34.8009 11.3076 38.3656 11.3076C41.9303 11.3076 45.4656 20.2082 45.4656 31.1876Z" fill="white"/>
</g>
</g>
<defs>
<clipPath id="clip0_105_3432">
<rect width="213.24" height="61.9812" fill="white" transform="translate(0.612305 0.481934)"/>
</clipPath>
<clipPath id="clip1_105_3432">
<rect width="213" height="62.3018" fill="white" transform="translate(0.5)"/>
</clipPath>
</defs>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

17
docs/assets/images/partner_logo_minimus.svg Normal file
View File

@@ -0,0 +1,17 @@
<svg width="123" height="113" viewBox="0 0 123 113" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3430)">
<path d="M15.33 112.944H13.0356V102.463C13.0356 101.776 12.8778 101.217 12.5647 100.784C12.2516 100.333 11.7506 100.107 11.0643 100.107C10.4181 100.107 9.887 100.353 9.47629 100.844C9.08299 101.315 8.88765 102.052 8.88765 103.051V112.944H6.59327V102.345C6.59327 101.699 6.41796 101.168 6.06471 100.756C5.71157 100.325 5.24067 100.109 4.65203 100.109C3.94574 100.109 3.39715 100.365 3.00395 100.875C2.63068 101.386 2.44535 102.052 2.44535 102.876V112.944H0.148438V98.3424H2.44282V99.9321H2.79607C3.05149 99.2448 3.42477 98.7441 3.91316 98.431C4.40409 98.0968 4.98271 97.9292 5.64895 97.9292C6.35534 97.9292 6.93387 98.1147 7.38473 98.4879C7.85562 98.8621 8.17883 99.3428 8.35667 99.9321H8.70981C9.37604 98.5986 10.4356 97.9292 11.8883 97.9292C12.9879 97.9292 13.8296 98.2824 14.4182 98.9897C15.0269 99.676 15.3299 100.578 15.3299 101.699L15.33 112.944Z" fill="white"/>
<path d="M24.2491 93.9842C24.2491 93.456 24.432 93.0101 24.7952 92.6433C25.1784 92.2606 25.6343 92.0698 26.1627 92.0698C26.6913 92.0698 27.1371 92.2606 27.5029 92.6433C27.8861 93.0101 28.0765 93.4561 28.0765 93.9842C28.0765 94.5134 27.8861 94.9698 27.5029 95.3525C27.1371 95.7183 26.6913 95.8996 26.1627 95.8996C25.6343 95.8996 25.1784 95.7162 24.7952 95.3525C24.4295 94.9698 24.2491 94.5134 24.2491 93.9842ZM20.1738 110.825H25.2936V100.463H21.2033V98.3431H27.588V110.825H32.3546V112.945H20.1738V110.825Z" fill="white"/>
<path d="M39.4916 112.943H37.1973V98.3422H39.4916V100.816H39.8448C40.7465 98.8946 42.317 97.9321 44.5513 97.9321C46.2395 97.9321 47.582 98.4603 48.5815 99.5207C49.5809 100.56 50.0819 102.132 50.0819 104.23V112.943H47.7875V104.701C47.7875 103.169 47.4444 102.021 46.758 101.257C46.0717 100.493 45.14 100.11 43.9627 100.11C42.57 100.11 41.4704 100.591 40.6664 101.553C39.8824 102.496 39.4891 103.761 39.4891 105.349V112.946L39.4916 112.943Z" fill="white"/>
<path d="M87.1294 112.944H84.8347V102.463C84.8347 101.776 84.6769 101.217 84.3638 100.784C84.0507 100.333 83.5498 100.107 82.8635 100.107C82.2172 100.107 81.6862 100.353 81.2754 100.844C80.8822 101.315 80.6869 102.052 80.6869 103.051V112.944H78.3925V102.345C78.3925 101.699 78.2171 101.168 77.8639 100.756C77.5108 100.325 77.0399 100.109 76.4513 100.109C75.7449 100.109 75.1964 100.365 74.8031 100.875C74.4299 101.386 74.2446 102.052 74.2446 102.876V112.944H71.9502V98.3424H74.2446V99.9321H74.5977C74.8533 99.2448 75.2264 98.7441 75.7148 98.431C76.2057 98.0968 76.7844 97.9292 77.4507 97.9292C78.157 97.9292 78.7356 98.1147 79.1865 98.4879C79.6574 98.8621 79.9805 99.3428 80.1583 99.9321H80.5115C81.1778 98.5986 82.2372 97.9292 83.6901 97.9292C84.7897 97.9292 85.6312 98.2824 86.2199 98.9897C86.829 99.676 87.1315 100.578 87.1315 101.699V112.944H87.1294Z" fill="white"/>
<path d="M102.564 97.9292H104.858V112.529H102.564V109.881H102.211C101.74 110.824 101.121 111.57 100.357 112.119C99.5933 112.667 98.6214 112.944 97.4439 112.944C96.6396 112.944 95.8932 112.806 95.207 112.533C94.5408 112.276 93.962 111.885 93.4708 111.354C93.0006 110.826 92.6275 110.167 92.3544 109.383C92.0983 108.597 91.9707 107.685 91.9707 106.646V97.9324H94.2656V106.352C94.2656 107.884 94.5787 109.001 95.207 109.708C95.8353 110.415 96.7946 110.768 98.0901 110.768C99.4827 110.768 100.573 110.297 101.356 109.354C102.16 108.393 102.564 107.116 102.564 105.528V97.9292Z" fill="white"/>
<path d="M112.703 101.699C112.703 102.405 112.996 102.944 113.585 103.318C114.193 103.691 115.29 103.937 116.88 104.055C118.587 104.192 119.881 104.603 120.766 105.29C121.667 105.956 122.118 106.939 122.118 108.234V108.409C122.118 109.117 121.971 109.753 121.678 110.325C121.401 110.873 121.011 111.344 120.5 111.737C120.009 112.132 119.401 112.425 118.676 112.62C117.97 112.836 117.196 112.943 116.352 112.943C115.215 112.943 114.233 112.796 113.409 112.502C112.606 112.189 111.929 111.786 111.377 111.295C110.849 110.783 110.446 110.214 110.17 109.588C109.895 108.941 109.739 108.292 109.699 107.645L111.876 107.117C111.974 108.234 112.404 109.139 113.172 109.826C113.935 110.492 114.957 110.825 116.232 110.825C117.311 110.825 118.174 110.62 118.822 110.207C119.488 109.776 119.821 109.177 119.821 108.409C119.821 107.585 119.498 106.997 118.849 106.643C118.203 106.289 117.153 106.064 115.701 105.966C114.013 105.849 112.72 105.455 111.816 104.788C110.915 104.122 110.463 103.149 110.463 101.874V101.699C110.463 101.011 110.611 100.412 110.904 99.9012C111.197 99.3731 111.59 98.9293 112.082 98.5761C112.593 98.2219 113.161 97.9563 113.787 97.7813C114.416 97.6063 115.072 97.5156 115.759 97.5156C116.72 97.5156 117.562 97.6537 118.289 97.9268C119.015 98.1819 119.623 98.5255 120.112 98.9567C120.602 99.3678 120.976 99.8485 121.229 100.4C121.505 100.949 121.68 101.498 121.758 102.05L119.581 102.578C119.483 101.635 119.1 100.898 118.434 100.37C117.788 99.8411 116.933 99.5755 115.873 99.5755C115.463 99.5755 115.06 99.6261 114.666 99.7241C114.293 99.801 113.96 99.9286 113.667 100.107C113.374 100.283 113.139 100.511 112.961 100.784C112.786 101.04 112.695 101.342 112.695 101.695L112.703 101.699Z" fill="white"/>
<path d="M58.9985 93.9842C58.9985 93.456 59.1814 93.0101 59.5446 92.6433C59.9278 92.2606 60.3837 92.0698 60.9122 92.0698C61.4407 92.0698 61.8865 92.2606 62.2522 92.6433C62.6355 93.0101 62.8259 93.4561 62.8259 93.9842C62.8259 94.5134 62.6355 94.9698 62.2522 95.3525C61.8865 95.7183 61.4407 95.8996 60.9122 95.8996C60.3837 95.8996 59.9278 95.7162 59.5446 95.3525C59.1789 94.9698 58.9985 94.5134 58.9985 93.9842ZM54.9258 110.825H60.0455V100.463H55.9553V98.3431H62.3399V110.825H67.1065V112.945H54.9258V110.825Z" fill="white"/>
<path d="M25.8652 0V71.4913H97.3429V0H25.8652ZM61.8864 47.5845H58.2681V31.0561C58.2681 29.9728 58.02 29.0909 57.5238 28.4104C57.0273 27.6993 56.2396 27.3439 55.1563 27.3439C54.1336 27.3439 53.2987 27.7294 52.6481 28.5041C52.0278 29.2484 51.7192 30.4088 51.7192 31.9849V47.5845H48.0976V30.8716C48.0976 29.8488 47.8191 29.0139 47.2627 28.3633C46.706 27.6826 45.9617 27.3405 45.0327 27.3405C43.9196 27.3405 43.051 27.7428 42.4341 28.5478C41.8473 29.3523 41.5521 30.4055 41.5521 31.7031V47.5812H37.9305V24.554H41.5521V27.0623H42.1087C42.511 25.9791 43.0981 25.191 43.8725 24.6948C44.6471 24.1683 45.5592 23.9065 46.6121 23.9065C47.7255 23.9065 48.6409 24.2017 49.3517 24.7885C50.0927 25.3756 50.6059 26.1332 50.8843 27.0623H51.4408C52.4939 24.9563 54.1637 23.9065 56.4539 23.9065C58.1875 23.9065 59.5189 24.4635 60.4477 25.5765C61.4069 26.6598 61.8864 28.0851 61.8864 29.8488V47.5845ZM85.2771 37.433H68.4942V34.0585H85.2771V37.433Z" fill="white"/>
</g>
<defs>
<clipPath id="clip0_105_3430">
<rect width="121.97" height="112.945" fill="white" transform="translate(0.148438)"/>
</clipPath>
</defs>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

15
docs/assets/images/partner_logo_root.svg Normal file
View File

@@ -0,0 +1,15 @@
<svg width="195" height="45" viewBox="0 0 195 45" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3431)">
<path d="M90.2387 8.59574C86.5111 8.59574 83.6196 9.64525 81.5667 11.7397C79.5094 13.8342 78.4814 16.7784 78.4814 20.5738V43.2223H83.6775V21.0333C83.6775 18.4579 84.3028 16.5279 85.561 15.2417C86.8162 13.9525 88.5701 13.3086 90.8226 13.3086C91.6905 13.3086 92.5979 13.4177 93.5527 13.6359V8.98758C92.7717 8.72485 91.6691 8.59424 90.2402 8.59424" fill="white"/>
<path d="M126.189 13.6696C122.833 10.289 118.644 8.59717 113.619 8.59717C108.594 8.59717 104.404 10.289 101.049 13.6696C97.6938 17.0534 96.0176 21.296 96.0176 26.4007C96.0176 31.5054 97.6815 35.7634 101.018 39.1655C104.352 42.5676 108.554 44.2702 113.619 44.2702C118.684 44.2702 122.885 42.5691 126.222 39.1655C129.556 35.7634 131.223 31.5069 131.223 26.4007C131.223 21.2945 129.547 17.0534 126.189 13.6696ZM122.455 35.7941C120.117 38.3035 117.17 39.5588 113.619 39.5588C110.068 39.5588 107.134 38.3127 104.816 35.828C102.501 33.34 101.343 30.1961 101.343 26.4007C101.343 22.6052 102.502 19.4642 104.816 16.9765C107.134 14.4887 110.068 13.2455 113.619 13.2455C117.17 13.2455 120.117 14.4887 122.455 16.9765C124.795 19.4642 125.964 22.6051 125.964 26.4007C125.964 30.1963 124.795 33.2848 122.455 35.7941Z" fill="white"/>
<path d="M166.919 13.6696C163.564 10.289 159.375 8.59717 154.349 8.59717C149.324 8.59717 145.134 10.289 141.78 13.6696C138.424 17.0534 136.748 21.296 136.748 26.4007C136.748 31.5054 138.412 35.7634 141.749 39.1655C145.082 42.5676 149.285 44.2702 154.349 44.2702C159.415 44.2702 163.616 42.5691 166.952 39.1655C170.287 35.7634 171.954 31.5069 171.954 26.4007C171.954 21.2945 170.275 17.0534 166.919 13.6696ZM163.187 35.7941C160.845 38.3035 157.9 39.5588 154.349 39.5588C150.799 39.5588 147.865 38.3127 145.547 35.828C143.232 33.34 142.074 30.1961 142.074 26.4007C142.074 22.6052 143.233 19.4642 145.547 16.9765C147.865 14.4887 150.799 13.2455 154.349 13.2455C157.9 13.2455 160.845 14.4887 163.187 16.9765C165.525 19.4642 166.694 22.6051 166.694 26.4007C166.694 30.1963 165.525 33.2848 163.187 35.7941Z" fill="white"/>
<path d="M182.225 9.6446L179.975 14.2284H194.612V9.6446H182.225ZM185.077 37.1658C183.778 35.8796 183.128 33.9727 183.128 31.4403V0.675293H177.932V31.9643C177.932 35.8042 178.959 38.7485 181.017 40.7983C183.074 42.8498 185.987 43.8731 189.754 43.8731C191.183 43.8731 192.436 43.655 193.521 43.2201V38.6378C192.74 38.9436 191.747 39.0974 190.532 39.0974C188.195 39.0974 186.379 38.455 185.075 37.1642" fill="white"/>
<path d="M43.0491 0.675293C30.0883 0.675293 19.5439 11.2994 19.5439 24.3582V43.417H33.8967V24.3582C33.8967 19.2737 38.0028 15.1366 43.0491 15.1366H53.3235V0.675293H43.0491Z" fill="white"/>
<path d="M0.118164 12.0776V26.5389H10.3926C15.4389 26.5389 19.545 30.6759 19.545 35.7604V43.4164H33.8978V35.7604C33.8978 22.7017 23.3534 12.0776 10.3926 12.0776L0.118164 12.0776Z" fill="white"/>
</g>
<defs>
<clipPath id="clip0_105_3431">
<rect width="194.494" height="43.5947" fill="white" transform="translate(0.118164 0.675293)"/>
</clipPath>
</defs>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

136
docs/assets/images/partners_hero_stage_full.svg Normal file
View File

@@ -0,0 +1,136 @@
<svg width="955" height="552" viewBox="0 0 955 552" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_105_3404)">
<path style="mix-blend-mode:screen" d="M477.5 550.515C739.041 550.515 951.062 493.881 951.062 424.02C951.062 354.159 739.041 297.525 477.5 297.525C215.959 297.525 3.93848 354.159 3.93848 424.02C3.93848 493.881 215.959 550.515 477.5 550.515Z" fill="url(#paint0_radial_105_3404)"/>
<path d="M477.429 517.872C662.885 517.872 813.227 471.96 813.227 415.324C813.227 358.688 662.885 312.776 477.429 312.776C291.972 312.776 141.63 358.688 141.63 415.324C141.63 471.96 291.972 517.872 477.429 517.872Z" fill="url(#paint1_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M477.499 483.397C408.305 483.397 346.09 475.886 297.949 462.558C257.175 451.269 232.037 437.294 221.353 422.418C212.469 410.048 214.366 398.034 224.335 386.952C232.921 377.408 247.227 368.914 265.452 361.526C281.004 355.221 298.91 349.929 318.43 345.55C335.215 341.785 353.006 338.733 371.507 336.329C388.652 334.101 406.148 332.463 423.91 331.372C441.601 330.285 459.458 329.75 477.499 329.75C495.541 329.75 513.398 330.285 531.089 331.372C548.851 332.463 566.347 334.101 583.492 336.329C601.993 338.733 619.784 341.785 636.569 345.55C656.089 349.929 673.995 355.221 689.547 361.526C707.771 368.914 722.078 377.408 730.664 386.952C740.633 398.034 742.53 410.048 733.646 422.418C722.962 437.294 697.824 451.269 657.05 462.558C608.908 475.886 546.694 483.397 477.499 483.397ZM477.499 332.335C409.79 332.335 332.638 342.537 291.568 361.526C217.996 395.542 266.477 452.503 477.499 452.503C688.522 452.503 737.002 395.542 663.431 361.526C622.361 342.537 545.209 332.335 477.499 332.335Z" fill="url(#paint2_linear_105_3404)"/>
<path d="M477.499 483.397C408.305 483.397 346.09 475.886 297.949 462.558C257.175 451.269 232.037 437.294 221.353 422.418C212.469 410.048 214.366 398.034 224.335 386.952C232.921 377.408 247.227 368.914 265.452 361.526C281.004 355.221 298.91 349.929 318.43 345.55C335.215 341.785 353.006 338.733 371.507 336.329C388.652 334.101 406.148 332.463 423.91 331.372C441.601 330.285 459.458 329.75 477.499 329.75C495.541 329.75 513.398 330.285 531.089 331.372C548.851 332.463 566.347 334.101 583.492 336.329C601.993 338.733 619.784 341.785 636.569 345.55C656.089 349.929 673.995 355.221 689.547 361.526C707.771 368.914 722.078 377.408 730.664 386.952C740.633 398.034 742.53 410.048 733.646 422.418C722.962 437.294 697.824 451.269 657.05 462.558C608.908 475.886 546.694 483.397 477.499 483.397ZM477.499 332.335C409.79 332.335 332.638 342.537 291.568 361.526C217.996 395.542 266.477 452.503 477.499 452.503C688.522 452.503 737.002 395.542 663.431 361.526C622.361 342.537 545.209 332.335 477.499 332.335Z" fill="url(#paint3_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M259.918 195.625V396.907C259.918 421.741 335.038 450.272 479.289 450.272C623.54 450.272 694.755 421.741 694.755 396.907V195.625H259.918Z" fill="url(#paint4_radial_105_3404)" style="mix-blend-mode:screen"/>
</g>
<rect x="270" width="127.4" height="127.4" rx="63.7" fill="url(#paint5_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M308.683 38.6782V88.7221H358.717V38.6782H308.683ZM333.897 71.9874H331.365V60.4175C331.365 59.6592 331.191 59.0418 330.844 58.5655C330.496 58.0677 329.945 57.8189 329.186 57.8189C328.47 57.8189 327.886 58.0888 327.431 58.6311C326.996 59.1521 326.78 59.9644 326.78 61.0677V71.9874H324.245V60.2883C324.245 59.5724 324.05 58.988 323.661 58.5325C323.271 58.056 322.75 57.8166 322.1 57.8166C321.321 57.8166 320.713 58.0982 320.281 58.6617C319.87 59.2249 319.663 59.962 319.663 60.8704V71.985H317.128V55.8661H319.663V57.6218H320.053C320.335 56.8636 320.746 56.3119 321.288 55.9646C321.83 55.596 322.468 55.4128 323.205 55.4128C323.985 55.4128 324.626 55.6194 325.123 56.0302C325.642 56.4411 326.001 56.9715 326.196 57.6218H326.585C327.323 56.1476 328.492 55.4128 330.095 55.4128C331.308 55.4128 332.24 55.8026 332.89 56.5818C333.562 57.3401 333.897 58.3378 333.897 59.5724V71.9874ZM350.271 64.8814H338.523V62.5192H350.271V64.8814Z" fill="white"/>
<rect x="582" y="53" width="127.4" height="127.4" rx="63.7" fill="url(#paint6_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M657.129 101.741C648.057 101.741 640.676 109.178 640.676 118.319V131.66H650.723V118.319C650.723 114.76 653.597 111.864 657.129 111.864H664.322V101.741H657.129Z" fill="white"/>
<path d="M627.078 109.722V119.845H634.27C637.803 119.845 640.677 122.741 640.677 126.3V131.659H650.724V126.3C650.724 117.159 643.343 109.722 634.27 109.722L627.078 109.722Z" fill="white"/>
<rect x="413" y="142" width="127.4" height="127.4" rx="63.7" fill="url(#paint7_radial_105_3404)" style="mix-blend-mode:screen"/>
<path d="M474.372 205.716C474.372 215.983 479.546 223.174 482.084 226.069C482.931 227.035 482.713 227.493 481.429 227.384C469.882 226.407 460.826 217.079 460.826 205.716C460.826 194.134 470.236 184.665 482.103 184.001C482.562 183.975 482.807 184.557 482.491 184.89C480.169 187.338 474.372 194.563 474.372 205.716Z" fill="white"/>
<path d="M492.574 205.7C492.574 213.349 490.099 219.549 487.604 219.549C485.108 219.549 482.634 213.349 482.634 205.7C482.634 198.052 485.108 191.852 487.604 191.852C490.099 191.852 492.574 198.052 492.574 205.7Z" fill="white"/>
<defs>
<radialGradient id="paint0_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(477.5 424.02) scale(473.592 126.487)">
<stop offset="0.21561" stop-opacity="0"/>
<stop offset="0.35857" stop-color="#000001" stop-opacity="0.01719"/>
<stop offset="0.41007" stop-color="#000008" stop-opacity="0.07948"/>
<stop offset="0.44677" stop-color="#000014" stop-opacity="0.18793"/>
<stop offset="0.47644" stop-color="#000025" stop-opacity="0.34281"/>
<stop offset="0.50185" stop-color="#00003B" stop-opacity="0.54446"/>
<stop offset="0.52396" stop-color="#000055" stop-opacity="0.78851"/>
<stop offset="0.53903" stop-color="#00006D"/>
<stop offset="0.61684" stop-color="#00004F" stop-opacity="0.73138"/>
<stop offset="0.72594" stop-color="#00002D" stop-opacity="0.41483"/>
<stop offset="0.82925" stop-color="#000014" stop-opacity="0.18628"/>
<stop offset="0.92338" stop-color="#000005" stop-opacity="0.048"/>
<stop offset="1" stop-opacity="0"/>
</radialGradient>
<radialGradient id="paint1_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.404 415.324) scale(334.454 101.214)">
<stop offset="0.37547" stop-opacity="0"/>
<stop offset="0.52923" stop-color="#000001" stop-opacity="0.01"/>
<stop offset="0.58463" stop-color="#000308" stop-opacity="0.03399"/>
<stop offset="0.62411" stop-color="#000914" stop-opacity="0.08036"/>
<stop offset="0.65606" stop-color="#001025" stop-opacity="0.14667"/>
<stop offset="0.6834" stop-color="#001A3B" stop-opacity="0.23299"/>
<stop offset="0.70763" stop-color="#002656" stop-opacity="0.33967"/>
<stop offset="0.72955" stop-color="#003577" stop-opacity="0.46688"/>
<stop offset="0.74969" stop-color="#00469C" stop-opacity="0.61488"/>
<stop offset="0.76843" stop-color="#0059C7" stop-opacity="0.78417"/>
<stop offset="0.78506" stop-color="#006DF5" stop-opacity="0.96381"/>
<stop offset="0.7881" stop-color="#0072FF"/>
<stop offset="0.79431" stop-color="#0067E7" stop-opacity="0.90832"/>
<stop offset="0.80858" stop-color="#0052B7" stop-opacity="0.71982"/>
<stop offset="0.82404" stop-color="#003E8B" stop-opacity="0.54822"/>
<stop offset="0.84034" stop-color="#002D66" stop-opacity="0.40029"/>
<stop offset="0.8577" stop-color="#001F46" stop-opacity="0.27587"/>
<stop offset="0.87644" stop-color="#00132C" stop-opacity="0.17473"/>
<stop offset="0.89707" stop-color="#000B18" stop-opacity="0.09676"/>
<stop offset="0.92064" stop-color="#00040A" stop-opacity="0.04174"/>
<stop offset="0.94961" stop-color="#000102" stop-opacity="0.01"/>
<stop offset="1" stop-opacity="0"/>
</radialGradient>
<linearGradient id="paint2_linear_105_3404" x1="215.656" y1="406.574" x2="739.343" y2="406.574" gradientUnits="userSpaceOnUse">
<stop stop-color="#0F0F4D" stop-opacity="0"/>
<stop offset="0.06993" stop-color="#09092F" stop-opacity="0.38183"/>
<stop offset="0.5"/>
<stop offset="0.93423" stop-color="#141437" stop-opacity="0.3394"/>
<stop offset="1" stop-color="#1F1F54" stop-opacity="0"/>
</linearGradient>
<radialGradient id="paint3_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(479.469 413.466) scale(288.083 84.978)">
<stop offset="0.34944" stop-color="#0000FF"/>
<stop offset="0.38473" stop-color="#0000DF" stop-opacity="0.87819"/>
<stop offset="0.45062" stop-color="#0000AC" stop-opacity="0.67456"/>
<stop offset="0.51936" stop-color="#00007D" stop-opacity="0.49409"/>
<stop offset="0.58969" stop-color="#000057" stop-opacity="0.3418"/>
<stop offset="0.66193" stop-color="#000037" stop-opacity="0.21771"/>
<stop offset="0.73665" stop-color="#00001F" stop-opacity="0.12169"/>
<stop offset="0.81499" stop-color="#00000D" stop-opacity="0.05347"/>
<stop offset="0.89922" stop-color="#000003" stop-opacity="0.01299"/>
<stop offset="1" stop-opacity="0"/>
</radialGradient>
<radialGradient id="paint4_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.238 239.456) scale(407.82 212.251)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<radialGradient id="paint5_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(333.378 21.9285) scale(119.484 106.189)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<radialGradient id="paint6_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(645.378 74.9285) scale(119.484 106.189)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<radialGradient id="paint7_radial_105_3404" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(476.378 163.928) scale(119.484 106.189)">
<stop offset="0.52932" stop-opacity="0"/>
<stop offset="0.55556" stop-color="#000005" stop-opacity="0.02053"/>
<stop offset="0.58783" stop-color="#020214" stop-opacity="0.07976"/>
<stop offset="0.62327" stop-color="#04042D" stop-opacity="0.17775"/>
<stop offset="0.66098" stop-color="#080850" stop-opacity="0.31462"/>
<stop offset="0.70049" stop-color="#0D0D7D" stop-opacity="0.49051"/>
<stop offset="0.74152" stop-color="#1313B3" stop-opacity="0.70559"/>
<stop offset="0.78306" stop-color="#1A1AF3" stop-opacity="0.95483"/>
<stop offset="0.79009" stop-color="#1C1CFF"/>
<stop offset="0.88294" stop-color="#0E88FF"/>
<stop offset="0.96101" stop-color="#04DDFF"/>
<stop offset="0.99628" stop-color="#00FFFF"/>
</radialGradient>
<clipPath id="clip0_105_3404">
<rect width="955" height="356.375" fill="white" transform="translate(0 195.625)"/>
</clipPath>
</defs>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

24
docs/community/maintainer/pr-review.md Normal file
View File

@@ -0,0 +1,24 @@
# Pull Request Review Policy
This document outlines the review policy for pull requests in the Trivy project.
## Core Principles
### 1. All Changes Through Pull Requests
All changes to the `main` branch must be made through pull requests.
Direct commits to `main` are not allowed.
### 2. Required Approvals
Every pull request requires approval from at least one CODEOWNER before merging.
For changes that span multiple domains (e.g., both vulnerability and misconfiguration scanning), approval from at least one code owner from each affected domain is required.
When a pull request is created by the only code owner of a domain, approval from any other maintainer is required.
When a code owner wants additional input from other owners or maintainers, they should comment requesting feedback and wait for others to approve before providing their own approval.
This prevents accidental merging by the PR author.
### 3. Merge Responsibility
- **General Rule**: The pull request author should click the merge button after receiving required approvals
- **Exception**: For urgent fixes (hotfixes), a CODEOWNER may merge the PR directly
- **External Contributors**: Pull requests from external contributors should be merged by a CODEOWNER

40
docs/docs/advanced/telemetry-flags.md Normal file
View File

@@ -0,0 +1,40 @@
```
--clear-cache
--debug
--dependency-tree
--detection-priority
--distro
--exit-code
--exit-on-eol
--format
--ignore-status
--ignore-unfixed
--image-config-scanners
--include-deprecated-checks
--include-dev-deps
--include-non-failures
--insecure
--license-full
--list-all-pkgs
--misconfig-scanners
--offline-scan
--parallel
--password-stdin
--pkg-relationships
--pkg-types
--quiet
--redis-tls
--removed-pkgs
--report
--scanners
--severity
--show-suppressed
--skip-check-update
--skip-version-check
--skip-vex-repo-update
--slow
--tf-exclude-downloaded-modules
--timeout
--trace
--vuln-severity-source
```

26
docs/docs/advanced/telemetry.md
View File

@@ -1,24 +1,30 @@
# Usage Telemetry
Trivy collect anonymous usage data in order to help us improve the product. This document explains what is collected and how you can control it.
Trivy collects anonymous usage data in order to help us improve the product. This document explains what is collected and how you can control it.
## Data collected
The following information could be collected:
- Environmental information
- Installation identifier
- Trivy version
- Operating system
- Scan
- Non-revealing scan options
- Environmental information:
- Installation identifier
- Trivy version
- Operating system
- Scan:
- Non-revealing scan options (see below for comprehensive list)
### Captured scan options
The following flags will be included with their value:
--8<-- "./docs/docs/advanced/telemetry-flags.md"
## Privacy
No personal information, scan results, or sensitive data is specifically collected. We take the following measures to ensure that:
- Installation identifier: one-way hash of machine fingerprint, resulting in opaque string.
- Scaner: any option that is user controlled is omitted (never collected). For example, file paths, image names, etc are never collected.
- Installation identifier: one-way hash of machine fingerprint, resulting in opaque ID.
- Scan: any option that is user-controlled is omitted (never collected). For example, file paths, image names, etc are never collected.
Trivy is an Aqua Security product and adheres to the company's privacy policy: <https://aquasec.com/privacy>.
@@ -29,5 +35,5 @@ You can disable telemetry altogether using the `--disable-telemetry` flag. Like
For example:
```bash
trivy image --disable-metrics alpine
trivy image --disable-telemetry alpine
```

2
docs/docs/coverage/iac/index.md
View File

@@ -22,4 +22,4 @@ Trivy scans Infrastructure as Code (IaC) files for
[misconf]: ../../scanner/misconfiguration/index.md
[secret]: ../../scanner/secret.md
[json-and-yaml]: ../../scanner/misconfiguration/index.md#scan-arbitrary-json-and-yaml-configurations
[json-and-yaml]: ../../scanner/misconfiguration/config/config.md#scan-arbitrary-json-and-yaml-configurations

2
docs/docs/coverage/language/c.md
View File

@@ -31,5 +31,5 @@ To correctly detection licenses, ensure that the cache directory contains all de
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
[^1]: The local cache should contain the dependencies used. See [licenses](#licenses).
[^2]: `conan.lock` is default name. To scan a custom filename use [file-patterns](../../configuration/skipping.md#file-patterns).
[^2]: `conan.lock` is default name. To scan a custom filename use [file-patterns](../../configuration/skipping.md#customizing-file-handling).
[^3]: For `conan.lock` in version 2, indirect dependencies are included in analysis but not flagged explicitly in dependency tree

2
docs/docs/coverage/language/elixir.md
View File

@@ -24,4 +24,4 @@ In order to detect dependencies, Trivy searches for `mix.lock`[^1].
[hex]: https://hex.pm/
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
[^1]: `mix.lock` is default name. To scan a custom filename use [file-patterns](../../configuration/skipping.md#file-patterns)
[^1]: `mix.lock` is default name. To scan a custom filename use [file-patterns](../../configuration/skipping.md#customizing-file-handling)

4
docs/docs/coverage/language/index.md
View File

@@ -61,11 +61,11 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
[license]: ../../scanner/license.md
[^1]: `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO`
[^2]: `.dist-info/META-DATA`
[^2]: `.dist-info/METADATA`
[^3]: `*.jar`, `*.war`, `*.par` and `*.ear`
[^4]: ✅ means "enabled" and `-` means "disabled" in the image scanning
[^5]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^6]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^7]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
[^8]: To scan a filename other than the default filename use [file-patterns](../../configuration/skipping.md#file-patterns)
[^8]: To scan a filename other than the default filename use [file-patterns](../../configuration/skipping.md#customizing-file-handling)
[^9]: `Directory.Packages.props` and legacy `Packages.props` file names are supported

2
docs/docs/coverage/language/python.md
View File

@@ -148,7 +148,7 @@ See [here](https://packaging.python.org/en/latest/discussions/package-formats/)
Trivy looks for `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO` to identify Python packages.
### Wheel
Trivy looks for `.dist-info/META-DATA` to identify Python packages.
Trivy looks for `.dist-info/METADATA` to identify Python packages.
[^1]: Trivy checks `python`, `python3`, `python2` and `python.exe` file names.

5
docs/docs/coverage/os/index.md
View File

@@ -11,11 +11,12 @@ Trivy supports operating systems for
| OS | Supported Versions | Package Managers |
|---------------------------------------|-------------------------------------|------------------|
| [Alpine Linux](alpine.md) | 2.2 - 2.7, 3.0 - 3.21, edge | apk |
| [Alpine Linux](alpine.md) | 2.2 - 2.7, 3.0 - 3.22, edge | apk |
| [Wolfi Linux](wolfi.md) | (n/a) | apk |
| [Chainguard](chainguard.md) | (n/a) | apk |
| [MinimOS](minimos.md) | (n/a) | apk |
| [Red Hat Enterprise Linux](rhel.md) | 6, 7, 8 | dnf/yum/rpm |
| [Red Hat Enterprise Linux](rhel.md) | 6, 7, 8, 9 | dnf/yum/rpm |
| [Red Hat Enterprise Linux](rhel.md) | 10 (SBOM only) | dnf/yum/rpm |
| [CentOS](centos.md)[^1] | 6, 7, 8 | dnf/yum/rpm |
| [AlmaLinux](alma.md) | 8, 9 | dnf/yum/rpm |
| [Rocky Linux](rocky.md) | 8, 9 | dnf/yum/rpm |

1
docs/docs/coverage/others/index.md
View File

@@ -15,6 +15,7 @@ Trivy supports them for
| [Bitnami packages](bitnami.md) | `/opt/bitnami/<component>/.spdx-<component>.spdx` | ✅ | ✅ | - | - |
| [Conda](conda.md) | `<conda-root>/envs/<env>/conda-meta/<package>.json` | ✅ | ✅ | - | - |
| | `environment.yml` | - | - | ✅ | ✅ |
| [Root.io images](rootio.md) | - | ✅ | ✅ | - | - |
| [RPM Archives](rpm.md) | `*.rpm` | ✅[^5] | ✅[^5] | ✅[^5] | ✅[^5] |
[sbom]: ../../supply-chain/sbom.md

20
docs/docs/coverage/others/rootio.md Normal file
View File

@@ -0,0 +1,20 @@
# Root.io
!!! warning "EXPERIMENTAL"
Scanning results may be inaccurate.
While it is not an OS, this page describes the details of [Root.io](https://root.io/) patch distribution service.
Root.io provides security patches for [Debian](../os/debian.md), [Ubuntu](../os/ubuntu.md), and [Alpine](../os/alpine.md)-based container images.
Root.io patches are detected when Trivy finds packages with specific version suffixes:
- **Debian/Ubuntu**: packages with `.root.io` in version string
- **Alpine**: packages with `-r\d007\d` pattern in version string (e.g., `-r10071`, `-r20072`)
When Root.io patches are detected, Trivy automatically switches to Root.io scanning mode for vulnerability detection.
Even when the original OS distributor (Debian, Ubuntu, Alpine) has not provided a patch for a vulnerability, Trivy will display Root.io patches if they are available.
For detailed information about supported scanners, features, and functionality, please refer to the documentation for the underlying OS:
- [Debian](../os/debian.md)
- [Ubuntu](../os/ubuntu.md)
- [Alpine](../os/alpine.md)

2
docs/docs/references/configuration/cli/trivy_config.md
View File

@@ -18,6 +18,7 @@ trivy config [flags] DIR
--config-check strings specify the paths to the Rego check files or to the directories containing them, applying config files
--config-data strings specify paths from which data for the Rego checks will be recursively loaded
--config-file-schemas strings specify paths to JSON configuration file schemas to determine that a file matches some configuration and pass the schema to Rego checks for type checking
--disable-telemetry disable sending anonymous usage data to Aqua
--enable-modules strings [EXPERIMENTAL] module names to enable
--exit-code int specify exit code when any security issues are found
--file-patterns strings specify config file patterns
@@ -70,6 +71,7 @@ trivy config [flags] DIR
--skip-check-update skip fetching rego check updates
--skip-dirs strings specify the directories or glob patterns to skip
--skip-files strings specify the files or glob patterns to skip
--skip-version-check suppress notices about version updates and Trivy announcements
--table-mode strings [EXPERIMENTAL] tables that will be displayed in 'table' format (allowed values: summary,detailed) (default [summary,detailed])
-t, --template string output template
--tf-exclude-downloaded-modules exclude misconfigurations for downloaded terraform modules

1
docs/docs/references/configuration/cli/trivy_filesystem.md
View File

@@ -169,6 +169,7 @@ trivy filesystem [flags] PATH
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

1
docs/docs/references/configuration/cli/trivy_image.md
View File

@@ -190,6 +190,7 @@ trivy image [flags] IMAGE_NAME
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

1
docs/docs/references/configuration/cli/trivy_kubernetes.md
View File

@@ -178,6 +178,7 @@ trivy kubernetes [flags] [CONTEXT]
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

1
docs/docs/references/configuration/cli/trivy_repository.md
View File

@@ -168,6 +168,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

1
docs/docs/references/configuration/cli/trivy_rootfs.md
View File

@@ -170,6 +170,7 @@ trivy rootfs [flags] ROOTDIR
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

1
docs/docs/references/configuration/cli/trivy_sbom.md
View File

@@ -139,6 +139,7 @@ trivy sbom [flags] SBOM_PATH
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

1
docs/docs/references/configuration/cli/trivy_vm.md
View File

@@ -155,6 +155,7 @@ trivy vm [flags] VM_IMAGE
- govulndb
- echo
- minimos
- rootio
- auto
(default [auto])
```

195
docs/docs/scanner/misconfiguration/config/config.md
View File

@@ -35,7 +35,7 @@ cd examples/misconf/custom-data
trivy config --config-check ./my-check --data ./data --namespaces user ./configs
```
For more details, see [Custom Data](./custom/data.md).
For more details, see [Custom Data](../custom/data.md).
### Passing namespaces
By default, Trivy evaluates checks defined in `builtin.*`.
@@ -64,6 +64,71 @@ From the Terraform [docs](https://developer.hashicorp.com/terraform/cli/config/c
If multiple variables evaluate to the same hostname, Trivy will choose the environment variable name where the dashes have not been encoded as double underscores.
### Scan arbitrary JSON and YAML configurations
By default, scanning JSON and YAML configurations is disabled, since Trivy does not contain built-in checks for these configurations. To enable it, pass the `json` or `yaml` to `--misconfig-scanners`. See [Enabling a subset of misconfiguration scanners](#enabling-a-subset-of-misconfiguration-scanners) for more information. Trivy will pass each file as is to the checks input.
!!! example
```bash
$ cat iac/serverless.yaml
service: serverless-rest-api-with-pynamodb
frameworkVersion: ">=2.24.0"
plugins:
- serverless-python-requirements
...
$ cat serverless.rego
# METADATA
# title: Serverless Framework service name not starting with "aws-"
# description: Ensure that Serverless Framework service names start with "aws-"
# schemas:
# - input: schema["serverless-schema"]
# custom:
# avd_id: AVD-SF-0001
# severity: LOW
package user.serverless001
deny[res] {
not startswith(input.service, "aws-")
res := result.new(
sprintf("Service name %q is not allowed", [input.service]),
input.service
)
}
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user ./iac
serverless.yaml (yaml)
Tests: 4 (SUCCESSES: 3, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
LOW: Service name "serverless-rest-api-with-pynamodb" is not allowed
═════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure that Serverless Framework service names start with "aws-"
```
!!! note
In the case above, the custom check specified has a metadata annotation for the input schema `input: schema["serverless-schema"]`. This allows Trivy to type check the input IaC files provided.
Optionally, you can also pass schemas using the `config-file-schemas` flag. Trivy will use these schemas for file filtering and type checking in Rego checks.
!!! example
```bash
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user --config-file-schemas ./serverless-schema.json ./iac
```
If the `--config-file-schemas` flag is specified Trivy ensures that each input IaC config file being scanned is type-checked against the schema. If the input file does not match any of the passed schemas, it will be ignored.
If the schema is specified in the check metadata and is in the directory specified in the `--config-check` argument, it will be automatically loaded as specified [here](../custom/schema.md#custom-checks-with-custom-schemas), and will only be used for type checking in Rego.
!!! note
If a user specifies the `--config-file-schemas` flag, all input IaC config files are ensured that they pass type-checking. It is not required to pass an input schema in case type checking is not required. This is helpful for scenarios where you simply want to write a Rego check and pass in IaC input for it. Such a use case could include scanning for a new service which Trivy might not support just yet.
!!! tip
It is also possible to specify multiple input schemas with `--config-file-schema` flag as it can accept a comma separated list of file paths or a directory as input. In the case of multiple schemas being specified, all of them will be evaluated against all the input files.
### Filtering resources by inline comments
@@ -105,7 +170,6 @@ As an example, consider the following check metadata:
# severity: LOW
# short_code: enable-logging
```
Long ID would look like the following: `aws-s3-enable-logging`.
Example for CloudFromation:
@@ -120,7 +184,7 @@ Resources:
```
!!!note
Ignore rules for Helm files should be placed before the YAML object, since only it contains the location data needed for ignoring.
Ignore rules for Helm files should be placed before the YAML object, since only it contains the location data needed for ignoring.
Example for Helm:
```yaml
@@ -133,7 +197,7 @@ Example for Helm:
runAsGroup: 3000
image: "your-repository/your-image:your-tag"
imagePullPolicy: "Always"
```
#### Expiration Date
@@ -257,3 +321,126 @@ You can use wildcards in the `ws` (workspace) and `ignore` sections of the ignor
This example ignores all checks starting with `aws-s3-` for workspaces matching the pattern `dev-*`.
### Expiration Date
You can specify the expiration date of the ignore rule in `yyyy-mm-dd` format. This is a useful feature when you want to make sure that an ignored issue is not forgotten and worth revisiting in the future. For example:
```tf
#trivy:ignore:aws-s3-enable-logging:exp:2024-03-10
resource "aws_s3_bucket" "example" {
bucket = "test"
}
```
The `aws-s3-enable-logging` check will be ignored until `2024-03-10` until the ignore rule expires.
#### Ignoring by attributes
You can ignore a resource by its attribute value. This is useful when using the `for-each` meta-argument. For example:
```tf
locals {
ports = ["3306", "5432"]
}
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=3306]
resource "aws_security_group_rule" "example" {
for_each = toset(local.ports)
type = "ingress"
from_port = each.key
to_port = each.key
protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.example.id
source_security_group_id = aws_security_group.example.id
}
```
The `aws-ec2-no-public-ingress-sgr` check will be ignored only for the `aws_security_group_rule` resource with port number `5432`. It is important to note that the ignore rule should not enclose the attribute value in quotes, despite the fact that the port is represented as a string.
If you want to ignore multiple resources on different attributes, you can specify multiple ignore rules:
```tf
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=3306]
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=5432]
```
You can also ignore a resource on multiple attributes in the same rule:
```tf
locals {
rules = {
first = {
port = 1000
type = "ingress"
},
second = {
port = 1000
type = "egress"
}
}
}
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=1000,type=egress]
resource "aws_security_group_rule" "example" {
for_each = { for k, v in local.rules : k => v }
type = each.value.type
from_port = each.value.port
to_port = each.value.port
protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.example.id
source_security_group_id = aws_security_group.example.id
}
```
Checks can also be ignored by nested attributes:
```tf
#trivy:ignore:*[logging_config.prefix=myprefix]
resource "aws_cloudfront_distribution" "example" {
logging_config {
include_cookies = false
bucket = "mylogs.s3.amazonaws.com"
prefix = "myprefix"
}
}
```
#### Ignoring module issues
Issues in third-party modules cannot be ignored using the method described above, because you may not have access to modify the module source code. In such a situation you can add ignore rules above the module block, for example:
```tf
#trivy:ignore:aws-s3-enable-logging
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
bucket = "my-s3-bucket"
}
```
An example of ignoring checks for a specific bucket in a module:
```tf
locals {
bucket = ["test1", "test2"]
}
#trivy:ignore:*[bucket=test1]
module "s3_bucket" {
for_each = toset(local.bucket)
source = "terraform-aws-modules/s3-bucket/aws"
bucket = each.value
}
```
#### Support for Wildcards
You can use wildcards in the `ws` (workspace) and `ignore` sections of the ignore rules.
```tf
# trivy:ignore:aws-s3-*:ws:dev-*
```
This example ignores all checks starting with `aws-s3-` for workspaces matching the pattern `dev-*`.
[custom]: custom/index.md

92
docs/docs/scanner/misconfiguration/custom/schema.md
View File

@@ -117,64 +117,64 @@ By default, scanning JSON and YAML configurations is disabled, since Trivy does
!!! example
```bash
$ cat iac/serverless.yaml
service: serverless-rest-api-with-pynamodb
frameworkVersion: ">=2.24.0"
plugins:
- serverless-python-requirements
...
$ cat serverless.rego
# METADATA
# title: Serverless Framework service name not starting with "aws-"
# description: Ensure that Serverless Framework service names start with "aws-"
# schemas:
# - input: schema["serverless-schema"]
# custom:
# id: SF001
# severity: LOW
package user.serverless001
deny[res] {
not startswith(input.service, "aws-")
res := result.new(
sprintf("Service name %q is not allowed", [input.service]),
input.service
)
}
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user ./iac
serverless.yaml (yaml)
Tests: 4 (SUCCESSES: 3, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
LOW: Service name "serverless-rest-api-with-pynamodb" is not allowed
═════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure that Serverless Framework service names start with "aws-"
```
```bash
$ cat iac/serverless.yaml
service: serverless-rest-api-with-pynamodb
frameworkVersion: ">=2.24.0"
plugins:
- serverless-python-requirements
...
$ cat serverless.rego
# METADATA
# title: Serverless Framework service name not starting with "aws-"
# description: Ensure that Serverless Framework service names start with "aws-"
# schemas:
# - input: schema["serverless-schema"]
# custom:
# id: SF001
# severity: LOW
package user.serverless001
deny[res] {
not startswith(input.service, "aws-")
res := result.new(
sprintf("Service name %q is not allowed", [input.service]),
input.service
)
}
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user ./iac
serverless.yaml (yaml)
Tests: 4 (SUCCESSES: 3, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
LOW: Service name "serverless-rest-api-with-pynamodb" is not allowed
═════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure that Serverless Framework service names start with "aws-"
```
!!! note
In the case above, the custom check specified has a metadata annotation for the input schema `input: schema["serverless-schema"]`. This allows Trivy to type check the input IaC files provided.
In the case above, the custom check specified has a metadata annotation for the input schema `input: schema["serverless-schema"]`. This allows Trivy to type check the input IaC files provided.
Optionally, you can also pass schemas using the `config-file-schemas` flag. Trivy will use these schemas for file filtering and type checking in Rego checks.
!!! example
```bash
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user --config-file-schemas ./serverless-schema.json ./iac
```
```bash
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user --config-file-schemas ./serverless-schema.json ./iac
```
If the `--config-file-schemas` flag is specified Trivy ensures that each input IaC config file being scanned is type-checked against the schema. If the input file does not match any of the passed schemas, it will be ignored.
If the schema is specified in the check metadata and is in the directory specified in the `--config-check` argument, it will be automatically loaded as specified [here](./custom/schema.md#custom-checks-with-custom-schemas), and will only be used for type checking in Rego.
If the schema is specified in the check metadata and is in the directory specified in the `--config-check` argument, it will be automatically loaded as specified [here](./schema.md#custom-checks-with-custom-schemas), and will only be used for type checking in Rego.
!!! note
If a user specifies the `--config-file-schemas` flag, all input IaC config files are ensured that they pass type-checking. It is not required to pass an input schema in case type checking is not required. This is helpful for scenarios where you simply want to write a Rego check and pass in IaC input for it. Such a use case could include scanning for a new service which Trivy might not support just yet.
If a user specifies the `--config-file-schemas` flag, all input IaC config files are ensured that they pass type-checking. It is not required to pass an input schema in case type checking is not required. This is helpful for scenarios where you simply want to write a Rego check and pass in IaC input for it. Such a use case could include scanning for a new service which Trivy might not support just yet.
!!! tip
It is also possible to specify multiple input schemas with `--config-file-schema` flag as it can accept a comma seperated list of file paths or a directory as input. In the case of multiple schemas being specified, all of them will be evaluated against all the input files.
It is also possible to specify multiple input schemas with `--config-file-schema` flag as it can accept a comma seperated list of file paths or a directory as input. In the case of multiple schemas being specified, all of them will be evaluated against all the input files.

339
docs/docs/scanner/misconfiguration/index.md
View File

@@ -311,341 +311,10 @@ Tests: 20 (SUCCESSES: 18, FAILURES: 2)
Failures: 2 (MEDIUM: 2, HIGH: 0, CRITICAL: 0)
```
## Configuration
This section describes misconfiguration-specific configuration.
Other common options are documented [here](../../configuration/index.md).
### External connectivity
## External connectivity
Trivy needs to connect to the internet to download the checks bundle. If you are running Trivy in an air-gapped environment, or an tightly controlled network, please refer to the [Advanced Network Scenarios document](../../advanced/air-gap.md).
### Enabling a subset of misconfiguration scanners
It's possible to only enable certain misconfiguration scanners if you prefer.
You can do so by passing the `--misconfig-scanners` option.
This flag takes a comma-separated list of configuration scanner types.
## Configuration
More misconfiguration scanning specific configurations can be found [here](../misconfiguration/config/config.md).
```bash
trivy config --misconfig-scanners=terraform,dockerfile .
```
Will only scan for misconfigurations that pertain to Terraform and Dockerfiles.
### Loading custom checks
You can load check files or directories including your custom checks using the `--config-check` flag.
This can be repeated for specifying multiple files or directories.
```bash
trivy config --config-check custom-policy/policy --config-check combine/policy --config-check policy.rego --namespaces user myapp
```
You can load checks bundle as OCI Image from a Container Registry using the `--checks-bundle-repository` flag.
```bash
trivy config --checks-bundle-repository myregistry.local/mychecks --namespaces user myapp
```
### Scan arbitrary JSON and YAML configurations
By default, scanning JSON and YAML configurations is disabled, since Trivy does not contain built-in checks for these configurations. To enable it, pass the `json` or `yaml` to `--misconfig-scanners`. See [Enabling a subset of misconfiguration scanners](#enabling-a-subset-of-misconfiguration-scanners) for more information. Trivy will pass each file as is to the checks input.
!!! example
```bash
$ cat iac/serverless.yaml
service: serverless-rest-api-with-pynamodb
frameworkVersion: ">=2.24.0"
plugins:
- serverless-python-requirements
...
$ cat serverless.rego
# METADATA
# title: Serverless Framework service name not starting with "aws-"
# description: Ensure that Serverless Framework service names start with "aws-"
# schemas:
# - input: schema["serverless-schema"]
# custom:
# id: SF001
# severity: LOW
package user.serverless001
deny[res] {
not startswith(input.service, "aws-")
res := result.new(
sprintf("Service name %q is not allowed", [input.service]),
input.service
)
}
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user ./iac
serverless.yaml (yaml)
Tests: 4 (SUCCESSES: 3, FAILURES: 1)
Failures: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
LOW: Service name "serverless-rest-api-with-pynamodb" is not allowed
═════════════════════════════════════════════════════════════════════════════════════════════════════════
Ensure that Serverless Framework service names start with "aws-"
```
!!! note
In the case above, the custom check specified has a metadata annotation for the input schema `input: schema["serverless-schema"]`. This allows Trivy to type check the input IaC files provided.
Optionally, you can also pass schemas using the `config-file-schemas` flag. Trivy will use these schemas for file filtering and type checking in Rego checks.
!!! example
```bash
$ trivy config --misconfig-scanners=json,yaml --config-check ./serverless.rego --check-namespaces user --config-file-schemas ./serverless-schema.json ./iac
```
If the `--config-file-schemas` flag is specified Trivy ensures that each input IaC config file being scanned is type-checked against the schema. If the input file does not match any of the passed schemas, it will be ignored.
If the schema is specified in the check metadata and is in the directory specified in the `--config-check` argument, it will be automatically loaded as specified [here](./custom/schema.md#custom-checks-with-custom-schemas), and will only be used for type checking in Rego.
!!! note
If a user specifies the `--config-file-schemas` flag, all input IaC config files are ensured that they pass type-checking. It is not required to pass an input schema in case type checking is not required. This is helpful for scenarios where you simply want to write a Rego check and pass in IaC input for it. Such a use case could include scanning for a new service which Trivy might not support just yet.
!!! tip
It is also possible to specify multiple input schemas with `--config-file-schema` flag as it can accept a comma separated list of file paths or a directory as input. In the case of multiple schemas being specified, all of them will be evaluated against all the input files.
### Passing custom data
You can pass directories including your custom data through `--data` option.
This can be repeated for specifying multiple directories.
```bash
cd examples/misconf/custom-data
trivy config --config-check ./my-check --data ./data --namespaces user ./configs
```
For more details, see [Custom Data](./custom/data.md).
### Passing namespaces
By default, Trivy evaluates checks defined in `builtin.*`.
If you want to evaluate custom checks in other packages, you have to specify package prefixes through `--namespaces` option.
This can be repeated for specifying multiple packages.
``` bash
trivy config --config-check ./my-check --namespaces main --namespaces user ./configs
```
### Private Terraform registries
Trivy can download Terraform code from private registries.
To pass credentials you must use the `TF_TOKEN_` environment variables.
You cannot use a `.terraformrc` or `terraform.rc` file, these are not supported by trivy yet.
From the Terraform [docs](https://developer.hashicorp.com/terraform/cli/config/config-file#environment-variable-credentials):
> Environment variable names should have the prefix TF_TOKEN_ added to the domain name, with periods encoded as underscores.
> For example, the value of a variable named `TF_TOKEN_app_terraform_io` will be used as a bearer authorization token when the CLI makes service requests to the hostname `app.terraform.io`.
>
> You must convert domain names containing non-ASCII characters to their punycode equivalent with an ACE prefix.
> For example, token credentials for `例えば.com` must be set in a variable called `TF_TOKEN_xn--r8j3dr99h_com`.
>
> Hyphens are also valid within host names but usually invalid as variable names and may be encoded as double underscores.
> For example, you can set a token for the domain name café.fr as TF_TOKEN_xn--caf-dma_fr or TF_TOKEN_xn____caf__dma_fr.
If multiple variables evaluate to the same hostname, Trivy will choose the environment variable name where the dashes have not been encoded as double underscores.
### Skipping detected misconfigurations by inline comments
Trivy supports ignoring detected misconfigurations by inline comments for Terraform, CloudFormation (YAML), Helm and Dockerfile configuration files only.
In cases where Trivy can detect comments of a specific format immediately adjacent to resource definitions, it is possible to ignore findings from a single source of resource definition (in contrast to `.trivyignore`, which has a directory-wide scope on all of the files scanned). The format for these comments is `trivy:ignore:<rule>` immediately following the format-specific line-comment [token](https://developer.hashicorp.com/terraform/language/syntax/configuration#comments).
The ignore rule must contain one of the possible check IDs that can be found in its metadata: ID, short code or alias. The `id` from the metadata is not case-sensitive, so you can specify, for example, `AVD-AWS-0089` or `avd-aws-0089`.
For example, to ignore a misconfiguration ID `AVD-GCP-0051` in a Terraform HCL file:
```terraform
#trivy:ignore:AVD-GCP-0051
resource "google_container_cluster" "example" {
name = var.cluster_name
location = var.region
}
```
You can add multiple ignores on the same comment line:
```terraform
#trivy:ignore:AVD-GCP-0051 trivy:ignore:AVD-GCP-0053
resource "google_container_cluster" "example" {
name = var.cluster_name
location = var.region
}
```
You can also specify a long ID, which is formed as follows: `<provider>-<service>-<short-code>`.
As an example, consider the following check metadata:
```yaml
# custom:
# id: AVD-AWS-0089
# avd_id: AVD-AWS-0089
# provider: aws
# service: s3
# severity: LOW
# short_code: enable-logging
```
Long ID would look like the following: `aws-s3-enable-logging`.
Example for CloudFromation:
```yaml
AWSTemplateFormatVersion: "2010-09-09"
Resources:
#trivy:ignore:*
S3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: test-bucket
```
!!!note
Ignore rules for Helm files should be placed before the YAML object, since only it contains the location data needed for ignoring.
Example for Helm:
```yaml
serviceAccountName: "testchart.serviceAccountName"
containers:
# trivy:ignore:KSV018
- name: "testchart"
securityContext:
runAsUser: 1000
runAsGroup: 3000
image: "your-repository/your-image:your-tag"
imagePullPolicy: "Always"
```
Example for Dockerfile:
```Dockerfile
FROM scratch
# trivy:ignore:AVD-DS-0022
MAINTAINER moby@example.com
```
#### Expiration Date
You can specify the expiration date of the ignore rule in `yyyy-mm-dd` format. This is a useful feature when you want to make sure that an ignored issue is not forgotten and worth revisiting in the future. For example:
```tf
#trivy:ignore:aws-s3-enable-logging:exp:2024-03-10
resource "aws_s3_bucket" "example" {
bucket = "test"
}
```
The `aws-s3-enable-logging` check will be ignored until `2024-03-10` until the ignore rule expires.
#### Ignoring by attributes
You can ignore a resource by its attribute value. This is useful when using the `for-each` meta-argument. For example:
```tf
locals {
ports = ["3306", "5432"]
}
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=3306]
resource "aws_security_group_rule" "example" {
for_each = toset(local.ports)
type = "ingress"
from_port = each.key
to_port = each.key
protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.example.id
source_security_group_id = aws_security_group.example.id
}
```
The `aws-ec2-no-public-ingress-sgr` check will be ignored only for the `aws_security_group_rule` resource with port number `5432`. It is important to note that the ignore rule should not enclose the attribute value in quotes, despite the fact that the port is represented as a string.
If you want to ignore multiple resources on different attributes, you can specify multiple ignore rules:
```tf
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=3306]
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=5432]
```
You can also ignore a resource on multiple attributes in the same rule:
```tf
locals {
rules = {
first = {
port = 1000
type = "ingress"
},
second = {
port = 1000
type = "egress"
}
}
}
#trivy:ignore:aws-ec2-no-public-ingress-sgr[from_port=1000,type=egress]
resource "aws_security_group_rule" "example" {
for_each = { for k, v in local.rules : k => v }
type = each.value.type
from_port = each.value.port
to_port = each.value.port
protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.example.id
source_security_group_id = aws_security_group.example.id
}
```
Checks can also be ignored by nested attributes:
```tf
#trivy:ignore:*[logging_config.prefix=myprefix]
resource "aws_cloudfront_distribution" "example" {
logging_config {
include_cookies = false
bucket = "mylogs.s3.amazonaws.com"
prefix = "myprefix"
}
}
```
#### Ignoring module issues
Issues in third-party modules cannot be ignored using the method described above, because you may not have access to modify the module source code. In such a situation you can add ignore rules above the module block, for example:
```tf
#trivy:ignore:aws-s3-enable-logging
module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
bucket = "my-s3-bucket"
}
```
An example of ignoring checks for a specific bucket in a module:
```tf
locals {
bucket = ["test1", "test2"]
}
#trivy:ignore:*[bucket=test1]
module "s3_bucket" {
for_each = toset(local.bucket)
source = "terraform-aws-modules/s3-bucket/aws"
bucket = each.value
}
```
#### Support for Wildcards
You can use wildcards in the `ws` (workspace) and `ignore` sections of the ignore rules.
```tf
# trivy:ignore:aws-s3-*:ws:dev-*
```
This example ignores all checks starting with `aws-s3-` for workspaces matching the pattern `dev-*`.
[custom]: custom/index.md
[custom]: custom/index.md

2
docs/docs/scanner/vulnerability.md
View File

@@ -37,6 +37,7 @@ See [here](../coverage/os/index.md#supported-os) for the supported OSes.
| Azure Linux (CBL-Mariner) | [OVAL][azure] |
| OpenSUSE/SLES | [CVRF][suse] |
| Photon OS | [Photon Security Advisory][photon] |
| Root.io | [Root.io Patch Feed][rootio] |
#### Data Source Selection
Trivy **only** consumes security advisories from the sources listed in the above table.
@@ -394,6 +395,7 @@ Example logic for the following vendor severity levels when scanning an Alpine i
[suse]: http://ftp.suse.com/pub/projects/security/cvrf/
[photon]: https://packages.vmware.com/photon/photon_cve_metadata/
[azure]: https://github.com/microsoft/AzureLinuxVulnerabilityData/
[rootio]: https://api.root.io/external/patch_feed
[php-ghsa]: https://github.com/advisories?query=ecosystem%3Acomposer
[python-ghsa]: https://github.com/advisories?query=ecosystem%3Apip

12
docs/getting-started/installation.md
View File

@@ -111,6 +111,18 @@ References:
- <https://gitlab.archlinux.org/archlinux/packaging/packages/trivy/-/blob/main/PKGBUILD>
## OpenSUSE (Community)
OpenSUSE Package Repository.
```bash
sudo zypper install trivy
```
References:
- <https://software.opensuse.org/package/trivy>
## MacPorts (Community)
[MacPorts](https://www.macports.org) for macOS.

6
docs/overrides/home.html
View File

@@ -5,8 +5,8 @@
{% endblock %}
{% block hero %}
<link rel='stylesheet' id='main-style-css' href='assets/css/trivy_v1_homepage.min.css' type='text/css' media='all' />
<script type='text/javascript' src='assets/javascripts/trivy_v1_homepage.js' id='trivy_v1_homepage-js'></script>
<link rel='stylesheet' id='main-style-css' href='{{ base_url }}/assets/css/trivy_v1_styles.min.css' type='text/css' media='all' />
<script type='text/javascript' src='{{ base_url }}/assets/javascripts/trivy_v1_homepage.js' id='trivy_v1_homepage-js'></script>
<div class="trivy_v1_homepage_wrap">
@@ -18,7 +18,7 @@
<div class="header_title_wrap">
<div class="header_title_content_wrap">
<div class="page_logo">
<img src="assets/images/trivy_logo_horizontal_white.svg" height="100" alt="Trivy Logo">
<img src="{{ base_url }}/assets/images/trivy_logo_horizontal_white.svg" height="100" alt="Trivy Logo">
</div>
<h1 class="title page_title is-spaced fadeInUp">
The all-in-one open source security scanner

64
docs/overrides/partners.html Normal file
View File

@@ -0,0 +1,64 @@
{% extends "main.html" %}
{% block content %}
<!-- don't render markdown content in the homepage -->
{% endblock %}
{% block hero %}
<link rel='stylesheet' id='main-style-css' href='{{ base_url }}/assets/css/trivy_v1_styles.min.css' type='text/css' media='all' />
<script type='text/javascript' src='{{ base_url }}/assets/javascripts/trivy_v1_homepage.js' id='trivy_v1_homepage-js'></script>
<div class="trivy_v1_homepage_wrap partners_wrap">
<!-- hero starts -->
<div class="partners_hero_wrap">
<div class="hero header_wrap">
<div class="hero-body">
<div class="clearboth container">
<div class="header_title_wrap with_columns">
<div class="header_title_content_wrap">
<h1 class="title page_title is-spaced fadeInUp">
Trivy Partners Program
</h1>
<h2 class="subtitle page_subtitle fadeInUp animationDelay_1">
Align with the world's most trusted open-source scanner. This premium program gives you priority support, co-branding rights, and access to millions of users who rely on Trivy to secure their cloud-native environments. Don't just integrate; Lead.
</h2>
</div><!-- header_title_content_wrap -->
<div class="header_title_content_wrap partners_hero_stage_image"><img src="{{ base_url }}/assets/images/partners_hero_stage_full.svg" alt="" loading="lazy"></div>
</div><!-- header_title_wrap -->
</div><!-- container -->
</div><!-- hero-body -->
</div><!-- hero -->
<div class="partners_background_image_wrap">
<div class="stars_wrap">
<div class="stars_bg"></div>
</div>
</div><!-- partners_background_image_wrap -->
</div><!-- hero_wrap -->
<!-- hero ends -->
<!-- logos starts -->
<div class="partners_logos_wrap">
<h3 class="title generic_title partners_logos_title">Join the Trivy Partners Community</h3>
<div class="partners_logos">
<div class="logo_item"><a href="https://minimus.io" target="_blank"><img src="{{ base_url }}/assets/images/partner_logo_minimus.svg" width="100" height="100" alt="Minimus Logo" loading="lazy"></a></div>
<div class="logo_item"><a href="https://root.io" target="_blank"><img src="{{ base_url }}/assets/images/partner_logo_root.svg" width="100" height="100" alt="Root Logo" loading="lazy"></a></div>
<div class="logo_item"><a href="https://echohq.com" target="_blank"><img src="{{ base_url }}/assets/images/partner_logo_echo.svg" width="100" height="100" alt="Echo Logo" loading="lazy"></a></div>
</div>
</div><!-- partners_logos_wrap -->
<!-- logos ends -->
</div><!-- trivy_v1_homepage_wrap.partners_wrap -->
{% endblock %}

10
docs/partners.md Normal file
View File

@@ -0,0 +1,10 @@
---
template: partners.html
hide:
- navigation
- toc
- path
- tags
---
<!-- the home page is fully customized and implemented in the "partners.html" template -->

138
go.mod
View File

@@ -1,18 +1,18 @@
module github.com/aquasecurity/trivy
go 1.24.2
go 1.24.4
require (
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
github.com/BurntSushi/toml v1.5.0
github.com/CycloneDX/cyclonedx-go v0.9.2
github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible
github.com/Masterminds/sprig/v3 v3.3.0
github.com/NYTimes/gziphandler v1.1.1
github.com/alecthomas/chroma v0.10.0
github.com/alicebob/miniredis/v2 v2.34.0
github.com/alicebob/miniredis/v2 v2.35.0
github.com/apparentlymart/go-cidr v1.1.0
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
@@ -21,44 +21,44 @@ require (
github.com/aquasecurity/go-version v0.0.1
github.com/aquasecurity/iamgo v0.0.10
github.com/aquasecurity/table v1.10.0
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8
github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17
github.com/aquasecurity/tml v0.6.1
github.com/aquasecurity/trivy-checks v1.11.2-0.20250529074512-7afea1b738c4
github.com/aquasecurity/trivy-db v0.0.0-20250529093513-a12dfc204b6e
github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169
github.com/aquasecurity/trivy-db v0.0.0-20250627124416-ca81c496a932
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
github.com/aquasecurity/trivy-kubernetes v0.9.0
github.com/aws/aws-sdk-go-v2 v1.36.3
github.com/aws/aws-sdk-go-v2/config v1.29.14
github.com/aws/aws-sdk-go-v2/credentials v1.17.67
github.com/aws/aws-sdk-go-v2/service/ec2 v1.218.0
github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0
github.com/aws/aws-sdk-go-v2/service/s3 v1.79.3
github.com/aws/smithy-go v1.22.3
github.com/aws/aws-sdk-go-v2 v1.36.5
github.com/aws/aws-sdk-go-v2/config v1.29.17
github.com/aws/aws-sdk-go-v2/credentials v1.17.70
github.com/aws/aws-sdk-go-v2/service/ec2 v1.225.2
github.com/aws/aws-sdk-go-v2/service/ecr v1.45.1
github.com/aws/aws-sdk-go-v2/service/s3 v1.81.0
github.com/aws/smithy-go v1.22.4
github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c
github.com/bmatcuk/doublestar/v4 v4.8.1
github.com/cenkalti/backoff/v4 v4.3.0
github.com/cheggaaa/pb/v3 v3.1.7
github.com/containerd/containerd/v2 v2.1.1
github.com/containerd/containerd/v2 v2.1.3
github.com/containerd/platforms v1.0.0-rc.1
github.com/distribution/reference v0.6.0
github.com/docker/cli v28.1.1+incompatible
github.com/docker/docker v28.1.1+incompatible
github.com/docker/cli v28.2.2+incompatible
github.com/docker/docker v28.2.2+incompatible
github.com/docker/go-connections v0.5.0
github.com/docker/go-units v0.5.0
github.com/fatih/color v1.18.0
github.com/go-git/go-git/v5 v5.16.0
github.com/go-git/go-git/v5 v5.16.2
github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874 // Replace with encoding/json/v2 when proposal is accepted. Track https://github.com/golang/go/issues/71497
github.com/go-redis/redis/v8 v8.11.5
github.com/gocsaf/csaf/v3 v3.2.0
github.com/golang-jwt/jwt/v5 v5.2.2
github.com/google/go-containerregistry v0.20.5
github.com/google/go-containerregistry v0.20.6
github.com/google/go-github/v62 v62.0.0
github.com/google/licenseclassifier/v2 v2.0.0
github.com/google/uuid v1.6.0
github.com/google/wire v0.6.0
github.com/hashicorp/go-getter v1.7.8
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/go-retryablehttp v0.7.7
github.com/hashicorp/go-retryablehttp v0.7.8
github.com/hashicorp/go-uuid v1.0.3
github.com/hashicorp/go-version v1.7.0
github.com/hashicorp/golang-lru/v2 v2.0.7
@@ -84,8 +84,9 @@ require (
github.com/mitchellh/go-homedir v1.1.0
github.com/mitchellh/hashstructure/v2 v2.0.2
github.com/mitchellh/mapstructure v1.5.0
github.com/moby/buildkit v0.21.1
github.com/open-policy-agent/opa v1.4.2
github.com/moby/buildkit v0.23.1
github.com/moby/docker-image-spec v1.3.1
github.com/open-policy-agent/opa v1.5.1
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
github.com/openvex/discovery v0.1.1-0.20240802171711-7c54efc57553
@@ -94,19 +95,19 @@ require (
github.com/package-url/packageurl-go v0.1.3
github.com/quasilyte/go-ruleguard/dsl v0.3.22
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c
github.com/samber/lo v1.50.0
github.com/samber/lo v1.51.0
github.com/sassoftware/go-rpmutils v0.4.0
github.com/secure-systems-lab/go-securesystemslib v0.9.0
github.com/sigstore/rekor v1.3.10
github.com/sirupsen/logrus v1.9.3
github.com/sosedoff/gitkit v0.4.0
github.com/spdx/tools-golang v0.5.5 // v0.5.3 with necessary changes. Can be upgraded to version 0.5.4 after release.
github.com/spf13/cast v1.8.0
github.com/spf13/cast v1.9.2
github.com/spf13/cobra v1.9.1
github.com/spf13/pflag v1.0.6
github.com/spf13/viper v1.20.1
github.com/stretchr/testify v1.10.0
github.com/testcontainers/testcontainers-go v0.37.0
github.com/testcontainers/testcontainers-go v0.37.1-0.20250602105123-1720acdcb24e
github.com/testcontainers/testcontainers-go/modules/localstack v0.37.0
github.com/tetratelabs/wazero v1.9.0
github.com/twitchtv/twirp v8.1.3+incompatible
@@ -114,19 +115,19 @@ require (
github.com/xlab/treeprint v1.2.0
github.com/zclconf/go-cty v1.16.3
github.com/zclconf/go-cty-yaml v1.1.0
go.etcd.io/bbolt v1.4.0
golang.org/x/crypto v0.38.0
golang.org/x/mod v0.24.0
golang.org/x/net v0.40.0
golang.org/x/sync v0.14.0
go.etcd.io/bbolt v1.4.1
golang.org/x/crypto v0.39.0
golang.org/x/mod v0.25.0
golang.org/x/net v0.41.0
golang.org/x/sync v0.15.0
golang.org/x/term v0.32.0
golang.org/x/text v0.25.0
golang.org/x/text v0.26.0
golang.org/x/vuln v1.1.4
golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9
google.golang.org/protobuf v1.36.6
gopkg.in/yaml.v3 v3.0.1
helm.sh/helm/v3 v3.17.3
k8s.io/api v0.33.1
helm.sh/helm/v3 v3.18.3
k8s.io/api v0.33.2
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite v1.37.0
)
@@ -136,14 +137,13 @@ require (
cloud.google.com/go v0.118.3 // indirect
cloud.google.com/go/auth v0.15.0 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
cloud.google.com/go/compute/metadata v0.6.0 // indirect
cloud.google.com/go/compute/metadata v0.7.0 // indirect
cloud.google.com/go/iam v1.4.1 // indirect
cloud.google.com/go/monitoring v1.24.0 // indirect
cloud.google.com/go/storage v1.50.0 // indirect
dario.cat/mergo v1.0.1 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
@@ -168,22 +168,21 @@ require (
github.com/agext/levenshtein v1.2.3 // indirect
github.com/agnivade/levenshtein v1.2.1 // indirect
github.com/alessio/shellescape v1.4.1 // indirect
github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/aquasecurity/jfather v0.0.8 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.55.7 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
github.com/aws/aws-sdk-go-v2/service/ebs v1.22.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
@@ -216,8 +215,6 @@ require (
github.com/dlclark/regexp2 v1.4.0 // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker-credential-helpers v0.9.3 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/ebitengine/purego v0.8.2 // indirect
@@ -225,7 +222,7 @@ require (
github.com/emirpasic/gods v1.18.1 // indirect
github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/evanphx/json-patch v5.9.11+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -238,7 +235,7 @@ require (
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
github.com/go-ini/ini v1.67.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-ole/go-ole v1.3.0 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
@@ -251,7 +248,7 @@ require (
github.com/go-openapi/strfmt v0.23.0 // indirect
github.com/go-openapi/swag v0.23.1 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/goccy/go-yaml v1.15.23 // indirect
github.com/gofrs/uuid v4.3.1+incompatible // indirect
@@ -278,7 +275,6 @@ require (
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/golang-lru v0.6.0 // indirect
github.com/hashicorp/terraform-json v0.24.0 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -307,7 +303,6 @@ require (
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/go-archive v0.1.0 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
@@ -318,7 +313,7 @@ require (
github.com/moby/sys/signal v0.7.1 // indirect
github.com/moby/sys/user v0.4.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/moby/term v0.5.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -328,7 +323,7 @@ require (
github.com/ncruces/go-strftime v0.1.9 // indirect
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.0 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect
github.com/opencontainers/runtime-spec v1.2.1 // indirect
github.com/opencontainers/selinux v1.12.0 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
@@ -343,21 +338,21 @@ require (
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
github.com/prometheus/client_golang v1.22.0 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/client_model v0.6.2 // indirect
github.com/prometheus/common v0.62.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rubenv/sql-migrate v1.7.1 // indirect
github.com/rubenv/sql-migrate v1.8.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.7.0 // indirect
github.com/samber/oops v1.16.1 // indirect
github.com/samber/oops v1.18.1 // indirect
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shirou/gopsutil/v4 v4.25.1 // indirect
github.com/shirou/gopsutil/v4 v4.25.4 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/sigstore/cosign/v2 v2.2.4 // indirect
github.com/sigstore/protobuf-specs v0.4.1 // indirect
@@ -376,10 +371,11 @@ require (
github.com/tklauser/go-sysconf v0.3.13 // indirect
github.com/tklauser/numcpus v0.7.0 // indirect
github.com/tonglil/versioning v0.0.0-20170205083536-8b2a4334bd1d // indirect
github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 // indirect
github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 // indirect
github.com/transparency-dev/merkle v0.0.2 // indirect
github.com/ulikunitz/xz v0.5.12 // indirect
github.com/vbatts/tar-split v0.12.1 // indirect
github.com/vektah/gqlparser/v2 v2.5.26 // indirect
github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
@@ -396,12 +392,12 @@ require (
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
go.opentelemetry.io/otel v1.35.0 // indirect
go.opentelemetry.io/otel/metric v1.35.0 // indirect
go.opentelemetry.io/otel/sdk v1.35.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
go.opentelemetry.io/otel/trace v1.35.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
go.opentelemetry.io/otel v1.36.0 // indirect
go.opentelemetry.io/otel/metric v1.36.0 // indirect
go.opentelemetry.io/otel/sdk v1.36.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.36.0 // indirect
go.opentelemetry.io/otel/trace v1.36.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
@@ -409,20 +405,20 @@ require (
golang.org/x/sys v0.33.0 // indirect
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
golang.org/x/time v0.11.0 // indirect
golang.org/x/tools v0.33.0 // indirect
golang.org/x/tools v0.34.0 // indirect
google.golang.org/api v0.228.0 // indirect
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
google.golang.org/grpc v1.72.0 // indirect
google.golang.org/grpc v1.72.2 // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/apiextensions-apiserver v0.32.2 // indirect
k8s.io/apimachinery v0.33.1 // indirect
k8s.io/apiserver v0.32.3 // indirect
k8s.io/apiextensions-apiserver v0.33.1 // indirect
k8s.io/apimachinery v0.33.2 // indirect
k8s.io/apiserver v0.33.1 // indirect
k8s.io/cli-runtime v0.33.1 // indirect
k8s.io/client-go v0.33.1 // indirect
k8s.io/component-base v0.33.1 // indirect
@@ -431,9 +427,9 @@ require (
k8s.io/kubectl v0.33.1 // indirect
modernc.org/libc v1.62.1 // indirect
modernc.org/mathutil v1.7.1 // indirect
modernc.org/memory v1.9.1 // indirect
modernc.org/memory v1.11.0 // indirect
mvdan.cc/sh/v3 v3.11.0 // indirect
oras.land/oras-go v1.2.5 // indirect
oras.land/oras-go/v2 v2.6.0 // indirect
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/kind v0.19.0 // indirect
sigs.k8s.io/kustomize/api v0.19.0 // indirect

370
go.sum
View File

@@ -184,8 +184,8 @@ cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZ
cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU=
cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo=
cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY=
cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck=
cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w=
@@ -637,8 +637,8 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.0 h1:j8BorDEigD8UFOSZQiSqAMOOleyQOOQPnUAwV+Ls1gA=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.0/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4=
@@ -647,8 +647,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 h1:Wgf5rZb
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1/go.mod h1:xxCBG/f/4Vbmh2XQJBsOmNdxWUY5j/s27jujKPbQf14=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 h1:bFWuoEKg+gImo7pvkiQEFAc8ocibADgXeiLAxWhWmkI=
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1/go.mod h1:Vih/3yc6yac2JzU4hzpaDupBJP0Flaia9rXXrU8xyww=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=
@@ -719,8 +719,6 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E=
github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE=
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
@@ -735,8 +733,6 @@ github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3
github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM=
github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek=
github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo=
@@ -759,14 +755,14 @@ github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOq
github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 h1:uvdUDbHQHO85qeSydJtItA4T55Pw6BtAejd0APRJOCE=
github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
github.com/alicebob/miniredis/v2 v2.34.0 h1:mBFWMaJSNL9RwdGRyEDoAAv8OQc5UlEhLDQggTglU/0=
github.com/alicebob/miniredis/v2 v2.34.0/go.mod h1:kWShP4b58T1CW0Y5dViCd5ztzrDqRWqM3nksiyXk5s8=
github.com/alicebob/miniredis/v2 v2.35.0 h1:QwLphYqCEAo1eu1TqPRN2jgVMPBweeQcR21jeqDCONI=
github.com/alicebob/miniredis/v2 v2.35.0/go.mod h1:TcL7YfarKPGDAthEtl5NBeHZfeUQj6OXMm/+iu5cLMM=
github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28=
github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc=
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
@@ -796,14 +792,14 @@ github.com/aquasecurity/jfather v0.0.8 h1:tUjPoLGdlkJU0qE7dSzd1MHk2nQFNPR0ZfF+6s
github.com/aquasecurity/jfather v0.0.8/go.mod h1:Ag+L/KuR/f8vn8okUi8Wc1d7u8yOpi2QTaGX10h71oY=
github.com/aquasecurity/table v1.10.0 h1:gPWV28qp9XSlvXdT3ku8yKQoZE6II0vsmegKpW+dB08=
github.com/aquasecurity/table v1.10.0/go.mod h1:eqOmvjjB7AhXFgFqpJUEE/ietg7RrMSJZXyTN8E/wZw=
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8 h1:b43UVqYjz7qDqK+cVOtF2Lk6CxjytYItP6Pgf3wGsNE=
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8/go.mod h1:wXA9k3uuaxY3yu7gxrxZDPo/04FEMJtwyecdAlYrEIo=
github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17 h1:/xWTD1YaNdjvFdClrz5t3GutwVcyJPsMkYzHWlbE3ys=
github.com/aquasecurity/testdocker v0.0.0-20250616060700-ba6845ac6d17/go.mod h1:6kYuX29QyBWHJejvbKkA4yzz8EUX/Fn+GmQ09JAZ5lY=
github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
github.com/aquasecurity/trivy-checks v1.11.2-0.20250529074512-7afea1b738c4 h1:Njp9YEU+4vqmtcb21lWfivrbiLsdYreohmWQX3+KHiU=
github.com/aquasecurity/trivy-checks v1.11.2-0.20250529074512-7afea1b738c4/go.mod h1:nT69xgRcBD4NlHwTBpWMYirpK5/Zpl8M+XDOgmjMn2k=
github.com/aquasecurity/trivy-db v0.0.0-20250529093513-a12dfc204b6e h1:+B/in1DQDGwQbKhW5pWL8XxBgnZKxXhUznylJ2NCyvs=
github.com/aquasecurity/trivy-db v0.0.0-20250529093513-a12dfc204b6e/go.mod h1:4zd4qZcjhNAHASz5I0O7qapv5h5gSJzSEaZXv/IPOGc=
github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169 h1:TckzIxUX7lZaU9f2lNxCN0noYYP8fzmSQf6a4JdV83w=
github.com/aquasecurity/trivy-checks v1.11.3-0.20250604022615-9a7efa7c9169/go.mod h1:nT69xgRcBD4NlHwTBpWMYirpK5/Zpl8M+XDOgmjMn2k=
github.com/aquasecurity/trivy-db v0.0.0-20250627124416-ca81c496a932 h1:5GKQ53uGGHEEtZ/FX94jcIdfEGeyiHZ7tmJ5nCtDz5c=
github.com/aquasecurity/trivy-db v0.0.0-20250627124416-ca81c496a932/go.mod h1:Ubl2YWA6Zg7eaojg4MDmeDdYU4+PiGPsnwo6B5UIwqw=
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
github.com/aquasecurity/trivy-kubernetes v0.9.0 h1:rp8RuXwKfFWUPR/ULksA2WpD0z6rslVkzLmPGQr61Wc=
@@ -817,48 +813,46 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE=
github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM=
github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g=
github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM=
github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
github.com/aws/aws-sdk-go-v2 v1.36.5 h1:0OF9RiEMEdDdZEMqF9MRjevyxAQcf6gY+E7vwBILFj0=
github.com/aws/aws-sdk-go-v2 v1.36.5/go.mod h1:EYrzvCCN9CMUTa5+6lf6MM4tq3Zjp8UhSGR/cBsjai0=
github.com/aws/aws-sdk-go-v2/config v1.29.17 h1:jSuiQ5jEe4SAMH6lLRMY9OVC+TqJLP5655pBGjmnjr0=
github.com/aws/aws-sdk-go-v2/config v1.29.17/go.mod h1:9P4wwACpbeXs9Pm9w1QTh6BwWwJjwYvJ1iCt5QbCXh8=
github.com/aws/aws-sdk-go-v2/credentials v1.17.70 h1:ONnH5CM16RTXRkS8Z1qg7/s2eDOhHhaXVd72mmyv4/0=
github.com/aws/aws-sdk-go-v2/credentials v1.17.70/go.mod h1:M+lWhhmomVGgtuPOhO85u4pEa3SmssPTdcYpP/5J/xc=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 h1:KAXP9JSHO1vKGCr5f4O6WmlVKLFFXgWYAGoJosorxzU=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32/go.mod h1:h4Sg6FQdexC1yYG9RDnOvLbW1a/P986++/Y/a+GyEM8=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36 h1:SsytQyTMHMDPspp+spo7XwXTP44aJZZAC7fBV2C5+5s=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.36/go.mod h1:Q1lnJArKRXkenyog6+Y+zr7WDpk4e6XlR6gs20bbeNo=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36 h1:i2vNHQiXUvKhs3quBR6aqlgJaiaexz/aNvdCktW/kAM=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.36/go.mod h1:UdyGa7Q91id/sdyHPwth+043HhmP6yP9MBHgbZM0xo8=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
github.com/aws/aws-sdk-go-v2/service/ebs v1.22.1 h1:SeDJWG4pmye+/aO6k+zt9clPTUy1MXqUmkW8rbAddQg=
github.com/aws/aws-sdk-go-v2/service/ebs v1.22.1/go.mod h1:wRzaW0v9GGQS0h//wpsVDw3Hah5gs5UP+NxoyGeZIGM=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.218.0 h1:QPYsTfcPpPhkF+37pxLcl3xbQz2SRxsShQNB6VCkvLo=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.218.0/go.mod h1:ouvGEfHbLaIlWwpDpOVWPWR+YwO0HDv3vm5tYLq8ImY=
github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0 h1:E+UTVTDH6XTSjqxHWRuY8nB6s+05UllneWxnycplHFk=
github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0/go.mod h1:iQ1skgw1XRK+6Lgkb0I9ODatAP72WoTILh0zXQ5DtbU=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.225.2 h1:IfMb3Ar8xEaWjgH/zeVHYD8izwJdQgRP5mKCTDt4GNk=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.225.2/go.mod h1:35jGWx7ECvCwTsApqicFYzZ7JFEnBc6oHUuOQ3xIS54=
github.com/aws/aws-sdk-go-v2/service/ecr v1.45.1 h1:Bwzh202Aq7/MYnAjXA9VawCf6u+hjwMdoYmZ4HYsdf8=
github.com/aws/aws-sdk-go-v2/service/ecr v1.45.1/go.mod h1:xZzWl9AXYa6zsLLH41HBFW8KRKJRIzlGmvSM0mVMIX4=
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0=
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4 h1:CXV68E2dNqhuynZJPB80bhPQwAKqBWVer887figW6Jc=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.4/go.mod h1:/xFi9KtvBXP97ppCz1TAEvU1Uf66qvid89rbem3wCzQ=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17 h1:t0E6FzREdtCsiLIoLCWsYliNsRBgyGD/MCK571qk4MI=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.17/go.mod h1:ygpklyoaypuyDvOM5ujWGrYWpAK3h7ugnmKCU/76Ys4=
github.com/aws/aws-sdk-go-v2/service/kms v1.38.1 h1:tecq7+mAav5byF+Mr+iONJnCBf4B4gon8RSp4BrweSc=
github.com/aws/aws-sdk-go-v2/service/kms v1.38.1/go.mod h1:cQn6tAF77Di6m4huxovNM7NVAozWTZLsDRp9t8Z/WYk=
github.com/aws/aws-sdk-go-v2/service/s3 v1.79.3 h1:BRXS0U76Z8wfF+bnkilA2QwpIch6URlm++yPUt9QPmQ=
github.com/aws/aws-sdk-go-v2/service/s3 v1.79.3/go.mod h1:bNXKFFyaiVvWuR6O16h/I1724+aXe/tAkA9/QS01t5k=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
github.com/aws/aws-sdk-go-v2/service/s3 v1.81.0 h1:1GmCadhKR3J2sMVKs2bAYq9VnwYeCqfRyZzD4RASGlA=
github.com/aws/aws-sdk-go-v2/service/s3 v1.81.0/go.mod h1:kUklwasNoCn5YpyAqC/97r6dzTA1SRKJfKq16SXeoDU=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5 h1:AIRJ3lfb2w/1/8wOOSqYb9fUKGwQbtysJ2H1MofRUPg=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.5/go.mod h1:b7SiVprpU+iGazDUqvRSLf5XmCdn+JtT1on7uNL6Ipc=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3 h1:BpOxT3yhLwSJ77qIY3DoHAQjZsc4HEGfMCE4NGy3uFg=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.3/go.mod h1:vq/GQR1gOFLquZMSrxUK/cpvKCNVYibNyJ1m7JrU88E=
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0 h1:NFOJ/NXEGV4Rq//71Hs1jC/NvPs1ezajK+yQmkwnPV0=
github.com/aws/aws-sdk-go-v2/service/sts v1.34.0/go.mod h1:7ph2tGpfQvwzgistp2+zga9f+bCjlQJPkPUmMgDSD7w=
github.com/aws/smithy-go v1.22.4 h1:uqXzVZNuNexwc/xrh6Tb56u89WDlJY6HS+KC0S4QSjw=
github.com/aws/smithy-go v1.22.4/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
@@ -879,12 +873,6 @@ github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4
github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE=
github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
github.com/buildkite/agent/v3 v3.62.0 h1:yvzSjI8Lgifw883I8m9u8/L/Thxt4cLFd5aWPn3gg70=
github.com/buildkite/agent/v3 v3.62.0/go.mod h1:jN6SokGXrVNNIpI0BGQ+j5aWeI3gin8F+3zwA5Q6gqM=
github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKCLjWGtM=
@@ -945,8 +933,8 @@ github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFqu
github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0=
github.com/containerd/containerd/api v1.9.0 h1:HZ/licowTRazus+wt9fM6r/9BQO7S0vD5lMcWspGIg0=
github.com/containerd/containerd/api v1.9.0/go.mod h1:GhghKFmTR3hNtyznBoQ0EMWr9ju5AqHjcZPsSpTKutI=
github.com/containerd/containerd/v2 v2.1.1 h1:znnkm7Ajz8lg8BcIPMhc/9yjBRN3B+OkNKqKisKfwwM=
github.com/containerd/containerd/v2 v2.1.1/go.mod h1:zIfkQj4RIodclYQkX7GSSswSwgP8d/XxDOtOAoSDIGU=
github.com/containerd/containerd/v2 v2.1.3 h1:eMD2SLcIQPdMlnlNF6fatlrlRLAeDaiGPGwmRKLZKNs=
github.com/containerd/containerd/v2 v2.1.3/go.mod h1:8C5QV9djwsYDNhxfTCFjWtTBZrqjditQ4/ghHSYjnHM=
github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4=
github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
@@ -967,9 +955,11 @@ github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRq
github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40=
github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk=
github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
github.com/coreos/go-oidc v2.3.0+incompatible h1:+5vEsrgprdLjjQ9FzIKAzQz1wwPD+83hQRfUIPh7rO0=
github.com/coreos/go-oidc/v3 v3.12.0 h1:sJk+8G2qq94rDI6ehZ71Bol3oUHy63qNYmkiSjrc/Jo=
github.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA=
github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@@ -1005,18 +995,18 @@ github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1G
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN6UX90KJc4HjyM=
github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E=
github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
github.com/docker/cli v28.1.1+incompatible h1:eyUemzeI45DY7eDPuwUcmDyDj1pM98oD5MdSpiItp8k=
github.com/docker/cli v28.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v28.2.2+incompatible h1:qzx5BNUDFqlvyq4AHzdNB7gSyVTmU4cgsyN9SdInc1A=
github.com/docker/cli v28.2.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v28.1.1+incompatible h1:49M11BFLsVO1gxY9UX9p/zwkE/rswggs8AdFmXQw51I=
github.com/docker/docker v28.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v28.2.2+incompatible h1:CjwRSksz8Yo4+RmQ339Dp/D2tGO5JxwYeqtMOEe0LDw=
github.com/docker/docker v28.2.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
@@ -1027,8 +1017,6 @@ github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQ
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 h1:2tV76y6Q9BB+NEBasnqvs7e49aEBFI8ejC89PSnWH+4=
github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
@@ -1069,8 +1057,8 @@ github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0+
github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8=
github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
@@ -1116,8 +1104,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
github.com/go-git/go-git/v5 v5.16.0 h1:k3kuOEpkc0DeY7xlL6NaaNg39xdgQbtH5mwCafHO9AQ=
github.com/go-git/go-git/v5 v5.16.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM=
github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -1131,14 +1119,11 @@ github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3
github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874 h1:F8d1AJ6M9UQCavhwmO6ZsrYLfG8zVFWfEfMS2MXPkSY=
github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U=
github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
@@ -1177,15 +1162,14 @@ github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq
github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
github.com/go-sql-driver/mysql v1.9.1 h1:FrjNGn/BsJQjVRuSa8CBrM5BWA9BWoXXat3KrtSb/iI=
github.com/go-sql-driver/mysql v1.9.1/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
@@ -1199,7 +1183,6 @@ github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gofrs/uuid v4.3.1+incompatible h1:0/KbAdpx3UXAx1kEOWHJeOkpbgRFGHVgv+CFIY7dBJI=
github.com/gofrs/uuid v4.3.1+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
@@ -1251,8 +1234,6 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k=
github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
@@ -1282,8 +1263,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/go-containerregistry v0.20.5 h1:4RnlYcDs5hoA++CeFjlbZ/U9Yp1EuWr+UhhTyYQjOP0=
github.com/google/go-containerregistry v0.20.5/go.mod h1:Q14vdOOzug02bwnhMkZKD4e30pDaD9W65qzXpyzF49E=
github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU=
github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y=
github.com/google/go-github/v31 v31.0.0 h1:JJUxlP9lFK+ziXKimTCprajMApV1ecWD4NB6CCb0plo=
github.com/google/go-github/v31 v31.0.0/go.mod h1:NQPZol8/1sMoWYGN2yaALIBytu17gAWfhbweiEed3pM=
github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
@@ -1322,8 +1303,8 @@ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
@@ -1365,8 +1346,8 @@ github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrk
github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
@@ -1392,8 +1373,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1
github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
@@ -1410,9 +1391,10 @@ github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.6.0 h1:uL2shRDx7RTrOrTCUZEGP/wJUFiUI8QT6E7z5o8jga4=
github.com/hashicorp/golang-lru v0.6.0/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/hashicorp/hc-install v0.9.2 h1:v80EtNX4fCVHqzL9Lg/2xkp62bbvQMnvPQ0G+OmtO24=
@@ -1458,13 +1440,10 @@ github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
@@ -1494,9 +1473,7 @@ github.com/knqyf263/labeler v0.0.0-20200423181506-7a6e545148c3 h1:AvRd4VDhlo8/op
github.com/knqyf263/labeler v0.0.0-20200423181506-7a6e545148c3/go.mod h1:DfoJpLAw0HeB4cYJFg1S8LqtYDvSKv3rh3wGAFwv5Bg=
github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=
github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
@@ -1568,7 +1545,6 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4
github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
@@ -1589,8 +1565,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/moby/buildkit v0.21.1 h1:wTjVLfirh7skZt9piaIlNo8WdiPjza1CDl2EArDV9bA=
github.com/moby/buildkit v0.21.1/go.mod h1:mBq0D44uCyz2PdX8T/qym5LBbkBO3GGv0wqgX9ABYYw=
github.com/moby/buildkit v0.23.1 h1:CZtFmPRF+IFG1C8QfPnktGO1Dzzt5JSwtQ5eDqIh+ag=
github.com/moby/buildkit v0.23.1/go.mod h1:keNXljNmKX1T0AtM0bMObc8OV6mA9cOuquVbPcRpU/Y=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
@@ -1613,13 +1589,11 @@ github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
@@ -1630,7 +1604,6 @@ github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Ol
github.com/mozillazg/docker-credential-acr-helper v0.3.0/go.mod h1:cZlu3tof523ujmLuiNUb6JsjtHcNA70u1jitrrdnuyA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
@@ -1644,8 +1617,8 @@ github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=
github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=
github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
github.com/oklog/ulid/v2 v2.1.1 h1:suPZ4ARWLOJLegGFiZZ1dFAkqzhMjL3J1TzI+5wHz8s=
github.com/oklog/ulid/v2 v2.1.1/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM=
github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -1662,8 +1635,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
github.com/open-policy-agent/opa v1.4.2 h1:ag4upP7zMsa4WE2p1pwAFeG4Pn3mNwfAx9DLhhJfbjU=
github.com/open-policy-agent/opa v1.4.2/go.mod h1:DNzZPKqKh4U0n0ANxcCVlw8lCSv2c+h5G/3QvSYdWZ8=
github.com/open-policy-agent/opa v1.5.1 h1:LTxxBJusMVjfs67W4FoRcnMfXADIGFMzpqnfk6D08Cg=
github.com/open-policy-agent/opa v1.5.1/go.mod h1:bYbS7u+uhTI+cxHQIpzvr5hxX0hV7urWtY+38ZtjMgk=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -1706,7 +1679,6 @@ github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxu
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -1721,25 +1693,15 @@ github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk=
@@ -1748,6 +1710,10 @@ github.com/quasilyte/go-ruleguard/dsl v0.3.22 h1:wd8zkOhSNr+I+8Qeciml08ivDt1pSXe
github.com/quasilyte/go-ruleguard/dsl v0.3.22/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U=
github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ=
github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
@@ -1762,8 +1728,8 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4=
github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4=
github.com/rubenv/sql-migrate v1.8.0 h1:dXnYiJk9k3wetp7GfQbKJcPHjVJL6YK19tKj8t2Ns0o=
github.com/rubenv/sql-migrate v1.8.0/go.mod h1:F2bGFBwCU+pnmbtNYDeKvSuvL6lBVtXDXUUv5t+u1qw=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -1775,10 +1741,10 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
github.com/samber/lo v1.50.0 h1:XrG0xOeHs+4FQ8gJR97zDz5uOFMW7OwFWiFVzqopKgY=
github.com/samber/lo v1.50.0/go.mod h1:RjZyNk6WSnUFRKK6EyOhsRJMqft3G+pg7dCWHQCWvsc=
github.com/samber/oops v1.16.1 h1:XlKkXsWM5g8hE4C+sEV9n0X282fZn3XabVmAKU2RiHI=
github.com/samber/oops v1.16.1/go.mod h1:8eXgMAJcDXRAijQsFRhfy/EHDOTiSvwkg6khFqFK078=
github.com/samber/lo v1.51.0 h1:kysRYLbHy/MB7kQZf5DSN50JHmMsNEdeY24VzJFu7wI=
github.com/samber/lo v1.51.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
github.com/samber/oops v1.18.1 h1:qjhZbqbdyhWBKntkY8sxrDNKA8b4c5VHlmI1rli7X7M=
github.com/samber/oops v1.18.1/go.mod h1:xYqvimigkKV70HyLXiBZJFpIWi2CGcc6Xx7eV+2HycI=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
github.com/sassoftware/go-rpmutils v0.4.0 h1:ojND82NYBxgwrV+mX1CWsd5QJvvEZTKddtCdFLPWhpg=
@@ -1796,8 +1762,8 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=
github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE=
github.com/shirou/gopsutil/v4 v4.25.1 h1:QSWkTc+fu9LTAWfkZwZ6j8MSUk4A2LV7rbH0ZqmLjXs=
github.com/shirou/gopsutil/v4 v4.25.1/go.mod h1:RoUCUpndaJFtT+2zsZzzmhvbfGoDCJ7nFXKJf8GqJbI=
github.com/shirou/gopsutil/v4 v4.25.4 h1:cdtFO363VEOOFrUCjZRh4XVJkb548lyF0q0uTeMqYPw=
github.com/shirou/gopsutil/v4 v4.25.4/go.mod h1:xbuxyoZj+UsgnZrENu3lQivsngRR5BdjbJwf2fv4szA=
github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
@@ -1822,7 +1788,6 @@ github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.1 h1:sIW6xe4yU5eI
github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.1/go.mod h1:3pNf99GnK9eu3XUa5ebHzgEQSVYf9hqAoPFwbwD6O6M=
github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE=
github.com/sigstore/timestamp-authority v1.2.2/go.mod h1:nEah4Eq4wpliDjlY342rXclGSO7Kb9hoRrl9tqLW13A=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -1843,8 +1808,8 @@ github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z
github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
github.com/spf13/cast v1.8.0 h1:gEN9K4b8Xws4EX0+a0reLmhq8moKn7ntRlQYgjPeCDk=
github.com/spf13/cast v1.8.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cast v1.9.2 h1:SsGfm7M8QOFtEzumm7UZrZdLLquNdzFYfIbEXntcFbE=
github.com/spf13/cast v1.9.2/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
github.com/spf13/cobra v0.0.0-20170130214531-35136c09d8da/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
@@ -1858,7 +1823,6 @@ github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqj
github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE=
github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
@@ -1887,8 +1851,8 @@ github.com/tchap/go-patricia/v2 v2.3.2 h1:xTHFutuitO2zqKAQ5rCROYgUb7Or/+IC3fts9/
github.com/tchap/go-patricia/v2 v2.3.2/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
github.com/terminalstatic/go-xsd-validate v0.1.6 h1:TenYeQ3eY631qNi1/cTmLH/s2slHPRKTTHT+XSHkepo=
github.com/terminalstatic/go-xsd-validate v0.1.6/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw=
github.com/testcontainers/testcontainers-go v0.37.0 h1:L2Qc0vkTw2EHWQ08djon0D2uw7Z/PtHS/QzZZ5Ra/hg=
github.com/testcontainers/testcontainers-go v0.37.0/go.mod h1:QPzbxZhQ6Bclip9igjLFj6z0hs01bU8lrl2dHQmgFGM=
github.com/testcontainers/testcontainers-go v0.37.1-0.20250602105123-1720acdcb24e h1:3BJRUBZwFIvJAtXuoTnCKHRlZE5ici2xhxKWJ9IMtvY=
github.com/testcontainers/testcontainers-go v0.37.1-0.20250602105123-1720acdcb24e/go.mod h1:dXagtaeZPsX4KI9nkj2NyC+S2/t6QxQgzk2Y1/IuROc=
github.com/testcontainers/testcontainers-go/modules/k3s v0.37.0 h1:lqwknybf56hBLi2YsKs01VLSUK8qXnIcG1FM/6/L5qI=
github.com/testcontainers/testcontainers-go/modules/k3s v0.37.0/go.mod h1:RIsXAxAUiaDNfsGsYcZB1TyDn2mqy52lO0HrGFts8cs=
github.com/testcontainers/testcontainers-go/modules/localstack v0.37.0 h1:nPuxUYseqS0eYJg7KDJd95PhoMhdpTnSNtkDLwWFngo=
@@ -1915,8 +1879,8 @@ github.com/tklauser/numcpus v0.7.0 h1:yjuerZP127QG9m5Zh/mSO4wqurYil27tHrqwRoRjpr
github.com/tklauser/numcpus v0.7.0/go.mod h1:bb6dMVcj8A42tSE7i32fsIUCbQNllK5iDguyOZRUzAY=
github.com/tonglil/versioning v0.0.0-20170205083536-8b2a4334bd1d h1:3H+wrTJTy3PVEeCyrjiCWjrh7pVEodGgJgA8Q1tpcbg=
github.com/tonglil/versioning v0.0.0-20170205083536-8b2a4334bd1d/go.mod h1:/jU0OcDkhtRrbaJPiG/p3X7XOP1pkFWLvUbsnQKP6hY=
github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 h1:7I5c2Ig/5FgqkYOh/N87NzoyI9U15qUPXhDD8uCupv8=
github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4/go.mod h1:278M4p8WsNh3n4a1eqiFcV2FGk7wE5fwUpUom9mK9lE=
github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 h1:2f304B10LaZdB8kkVEaoXvAMVan2tl9AiK4G0odjQtE=
github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0/go.mod h1:278M4p8WsNh3n4a1eqiFcV2FGk7wE5fwUpUom9mK9lE=
github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
github.com/twitchtv/twirp v8.1.3+incompatible h1:+F4TdErPgSUbMZMwp13Q/KgDVuI7HJXP61mNV3/7iuU=
@@ -1928,6 +1892,8 @@ github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o
github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
github.com/vektah/gqlparser/v2 v2.5.26 h1:REqqFkO8+SOEgZHR/eHScjjVjGS8Nk3RMO/juiTobN4=
github.com/vektah/gqlparser/v2 v2.5.26/go.mod h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo=
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
@@ -1964,12 +1930,6 @@ github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M
github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms=
github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk=
github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
@@ -1984,8 +1944,8 @@ github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM=
github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
go.etcd.io/bbolt v1.4.0 h1:TU77id3TnN/zKr7CO/uk+fBCwF2jGcMuw2B/FMAzYIk=
go.etcd.io/bbolt v1.4.0/go.mod h1:AsD+OCi/qPN1giOX1aiLAha3o1U8rAz65bvN4j0sRuk=
go.etcd.io/bbolt v1.4.1 h1:5mOV+HWjIPLEAlUGMsveaUvK2+byZMFOzojoi7bh7uI=
go.etcd.io/bbolt v1.4.1/go.mod h1:c8zu2BnXWTu2XM4XcICtbGSl9cFwsXtcf9zLt2OncM8=
go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -1999,30 +1959,52 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w=
go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk=
go.opentelemetry.io/contrib/detectors/gcp v1.34.0 h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao=
go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo=
go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4=
go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q=
go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg=
go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+BofXTvcY1q8CGs4ItwQarYtJPOWmVobfM1HpVI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk=
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU=
go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU=
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU=
go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg=
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8=
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk=
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsux7Qmq8ToKAx1XCilTQECZ0KDZyTw=
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s=
go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk=
go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8=
go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE=
go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs=
go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs=
go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo=
go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w=
go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
@@ -2036,7 +2018,6 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -2055,8 +2036,8 @@ golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1m
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -2120,12 +2101,11 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -2133,7 +2113,6 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -2191,8 +2170,8 @@ golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2244,12 +2223,10 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2259,7 +2236,6 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2388,8 +2364,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2465,8 +2441,8 @@ golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I=
golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2732,8 +2708,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v
google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=
google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
google.golang.org/grpc v1.72.2 h1:TdbGzwb82ty4OusHWepvFWGLgIbNo1/SUynEN0ssqv8=
google.golang.org/grpc v1.72.2/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -2755,7 +2731,6 @@ google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2781,7 +2756,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.0.0-20160928153709-a5b47d31c556/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -2794,8 +2768,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
helm.sh/helm/v3 v3.17.3 h1:3n5rW3D0ArjFl0p4/oWO8IbY/HKaNNwJtOQFdH2AZHg=
helm.sh/helm/v3 v3.17.3/go.mod h1:+uJKMH/UiMzZQOALR3XUf3BLIoczI2RKKD6bMhPh4G8=
helm.sh/helm/v3 v3.18.3 h1:+cvyGKgs7Jt7BN3Klmb4SsG4IkVpA7GAZVGvMz6VO4I=
helm.sh/helm/v3 v3.18.3/go.mod h1:wUc4n3txYBocM7S9RjTeZBN9T/b5MjffpcSsWEjSIpw=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2804,14 +2778,14 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
k8s.io/api v0.33.1 h1:tA6Cf3bHnLIrUK4IqEgb2v++/GYUtqiu9sRVk3iBXyw=
k8s.io/api v0.33.1/go.mod h1:87esjTn9DRSRTD4fWMXamiXxJhpOIREjWOSjsW1kEHw=
k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4=
k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA=
k8s.io/apimachinery v0.33.1 h1:mzqXWV8tW9Rw4VeW9rEkqvnxj59k1ezDUl20tFK/oM4=
k8s.io/apimachinery v0.33.1/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
k8s.io/apiserver v0.32.3 h1:kOw2KBuHOA+wetX1MkmrxgBr648ksz653j26ESuWNY8=
k8s.io/apiserver v0.32.3/go.mod h1:q1x9B8E/WzShF49wh3ADOh6muSfpmFL0I2t+TG0Zdgc=
k8s.io/api v0.33.2 h1:YgwIS5jKfA+BZg//OQhkJNIfie/kmRsO0BmNaVSimvY=
k8s.io/api v0.33.2/go.mod h1:fhrbphQJSM2cXzCWgqU29xLDuks4mu7ti9vveEnpSXs=
k8s.io/apiextensions-apiserver v0.33.1 h1:N7ccbSlRN6I2QBcXevB73PixX2dQNIW0ZRuguEE91zI=
k8s.io/apiextensions-apiserver v0.33.1/go.mod h1:uNQ52z1A1Gu75QSa+pFK5bcXc4hq7lpOXbweZgi4dqA=
k8s.io/apimachinery v0.33.2 h1:IHFVhqg59mb8PJWTLi8m1mAoepkUNYmptHsV+Z1m5jY=
k8s.io/apimachinery v0.33.2/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
k8s.io/apiserver v0.33.1 h1:yLgLUPDVC6tHbNcw5uE9mo1T6ELhJj7B0geifra3Qdo=
k8s.io/apiserver v0.33.1/go.mod h1:VMbE4ArWYLO01omz+k8hFjAdYfc3GVAYPrhP2tTKccs=
k8s.io/cli-runtime v0.33.1 h1:TvpjEtF71ViFmPeYMj1baZMJR4iWUEplklsUQ7D3quA=
k8s.io/cli-runtime v0.33.1/go.mod h1:9dz5Q4Uh8io4OWCLiEf/217DXwqNgiTS/IOuza99VZE=
k8s.io/client-go v0.33.1 h1:ZZV/Ks2g92cyxWkRRnfUDsnhNn28eFpt26aGc8KbXF4=
@@ -2864,8 +2838,8 @@ modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJ
modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
modernc.org/memory v1.9.1 h1:V/Z1solwAVmMW1yttq3nDdZPJqV1rM05Ccq6KMSZ34g=
modernc.org/memory v1.9.1/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
@@ -2886,8 +2860,8 @@ modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8=
mvdan.cc/sh/v3 v3.11.0 h1:q5h+XMDRfUGUedCqFFsjoFjrhwf2Mvtt1rkMvVz0blw=
mvdan.cc/sh/v3 v3.11.0/go.mod h1:LRM+1NjoYCzuq/WZ6y44x14YNAI0NK7FLPeQSaFagGg=
oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc=
oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

4
helm/trivy/Chart.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v2
name: trivy
version: 0.14.1
appVersion: 0.62.1
version: 0.15.0
appVersion: 0.63.0
description: Trivy helm chart
keywords:
- scanner

21
integration/client_server_test.go
View File

@@ -11,14 +11,14 @@ import (
"testing"
"time"
"github.com/aquasecurity/trivy/pkg/types"
dockercontainer "github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go"
"github.com/aquasecurity/trivy/pkg/report"
"github.com/aquasecurity/trivy/pkg/types"
)
type csArgs struct {
@@ -60,7 +60,7 @@ func TestClientServer(t *testing.T) {
Input: "testdata/fixtures/images/alpine-39.tar.gz",
Distro: "alpine/3.10",
},
override: func(t *testing.T, want, got *types.Report) {
override: func(_ *testing.T, want, _ *types.Report) {
want.Metadata.OS.Name = "3.10"
want.Results[0].Target = "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.10)"
},
@@ -312,7 +312,7 @@ func TestClientServer(t *testing.T) {
Target: "https://github.com/knqyf263/trivy-ci-test",
},
golden: "testdata/test-repo.json.golden",
override: func(t *testing.T, want, got *types.Report) {
override: func(_ *testing.T, want, _ *types.Report) {
want.ArtifactName = "https://github.com/knqyf263/trivy-ci-test"
},
},
@@ -444,7 +444,7 @@ func TestClientServerWithFormat(t *testing.T) {
t.Setenv("GITHUB_WORKFLOW", "workflow-name")
t.Cleanup(func() {
report.CustomTemplateFuncMap = map[string]any{}
report.CustomTemplateFuncMap = make(map[string]any)
})
addr, cacheDir := setup(t, setupOptions{})
@@ -561,7 +561,7 @@ func TestClientServerWithCustomOptions(t *testing.T) {
func TestClientServerWithRedis(t *testing.T) {
// Set up a Redis container
ctx := context.Background()
ctx := t.Context()
// This test includes 2 checks
// redisC container will terminate after first check
redisC, addr := setupRedis(t, ctx)
@@ -622,10 +622,11 @@ func setup(t *testing.T, options setupOptions) (string, string) {
osArgs := setupServer(addr, options.token, options.tokenHeader, options.pathPrefix, cacheDir, options.cacheBackend)
// Run Trivy server
require.NoError(t, execute(osArgs))
assert.NoError(t, execute(osArgs))
}()
ctx, _ := context.WithTimeout(context.Background(), 5*time.Second)
ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second)
defer cancel()
err = waitPort(ctx, addr)
require.NoError(t, err)
@@ -653,7 +654,7 @@ func setupServer(addr, token, tokenHeader, pathPrefix, cacheDir, cacheBackend st
return osArgs
}
func setupClient(t *testing.T, c csArgs, addr string, cacheDir string) []string {
func setupClient(t *testing.T, c csArgs, addr, cacheDir string) []string {
t.Helper()
if c.Command == "" {
c.Command = "image"
@@ -699,7 +700,7 @@ func setupClient(t *testing.T, c csArgs, addr string, cacheDir string) []string
if len(c.IgnoreIDs) != 0 {
trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore")
err := os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0444)
err := os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore")
osArgs = append(osArgs, "--ignorefile", trivyIgnore)
}

4
integration/config_test.go
View File

@@ -202,7 +202,7 @@ severity:
outputFile := filepath.Join(t.TempDir(), "output.json")
configFile := tt.args.configFile
configFile = configFile + fmt.Sprintf(`
configFile += fmt.Sprintf(`
format: json
output: %s
cache:
@@ -212,7 +212,7 @@ db:
`, outputFile, cacheDir)
configPath := filepath.Join(t.TempDir(), "trivy.yaml")
err := os.WriteFile(configPath, []byte(configFile), 0444)
err := os.WriteFile(configPath, []byte(configFile), 0o444)
require.NoError(t, err)
osArgs := []string{

3
integration/convert_test.go
View File

@@ -76,8 +76,7 @@ func TestConvert(t *testing.T) {
outputFile = tt.golden
}
osArgs = append(osArgs, "--output", outputFile)
osArgs = append(osArgs, tt.args.input)
osArgs = append(osArgs, "--output", outputFile, tt.args.input)
// Run "trivy convert"
runTest(t, osArgs, tt.golden, outputFile, types.Format(tt.args.format), runOptions{

22
integration/docker_engine_test.go
View File

@@ -3,15 +3,14 @@
package integration
import (
"context"
"os"
"strings"
"testing"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/stretchr/testify/require"
)
func TestDockerEngine(t *testing.T) {
@@ -216,7 +215,7 @@ func TestDockerEngine(t *testing.T) {
// Set a temp dir so that modules will not be loaded
t.Setenv("XDG_DATA_HOME", cacheDir)
ctx := context.Background()
ctx := t.Context()
defer ctx.Done()
cli := testutil.NewDockerClient(t)
@@ -272,13 +271,16 @@ func TestDockerEngine(t *testing.T) {
}
if len(tt.ignoreIDs) != 0 {
trivyIgnore := ".trivyignore"
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.ignoreIDs, "\n")), 0444)
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.ignoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore)
}
if tt.maxImageSize != "" {
osArgs = append(osArgs, []string{"--max-image-size", tt.maxImageSize}...)
osArgs = append(osArgs, []string{
"--max-image-size",
tt.maxImageSize,
}...)
}
osArgs = append(osArgs, tt.input)
@@ -286,12 +288,8 @@ func TestDockerEngine(t *testing.T) {
// Run Trivy
runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
wantErr: tt.wantErr,
// Container field was removed in Docker Engine v26.0
// cf. https://github.com/docker/cli/blob/v26.1.3/docs/deprecated.md#container-and-containerconfig-fields-in-image-inspect
override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) {
got.Metadata.ImageConfig.Container = ""
want.Metadata.ImageConfig.Container = ""
}),
// Image config fields were removed
override: overrideFuncs(overrideUID, overrideDockerRemovedFields),
})
})
}

18
integration/integration_test.go
View File

@@ -296,7 +296,7 @@ func compareRawFiles(t *testing.T, wantFile, gotFile string) {
require.NoError(t, err)
got, err := os.ReadFile(gotFile)
require.NoError(t, err)
assert.EqualValues(t, string(want), string(got))
assert.Equal(t, string(want), string(got))
}
func compareReports(t *testing.T, wantFile, gotFile string, override func(t *testing.T, want, got *types.Report)) {
@@ -375,3 +375,19 @@ func overrideUID(t *testing.T, want, got *types.Report) {
}
}
}
// overrideDockerRemovedFields clears image config fields that were removed from Docker API
// cf. https://github.com/moby/moby/blob/d0ad1357a141c795e1e0490e3fed00ddabcb91b9/docs/api/version-history.md
func overrideDockerRemovedFields(_ *testing.T, want, got *types.Report) {
// Clear Container field (removed in Docker API v1.45)
got.Metadata.ImageConfig.Container = ""
want.Metadata.ImageConfig.Container = ""
// Clear Image field (removed in Docker API v1.50)
got.Metadata.ImageConfig.Config.Image = ""
want.Metadata.ImageConfig.Config.Image = ""
// Clear Hostname field (removed in Docker API v1.50)
got.Metadata.ImageConfig.Config.Hostname = ""
want.Metadata.ImageConfig.Config.Hostname = ""
}

1
integration/plugin_test.go
View File

@@ -77,6 +77,7 @@ func TestPlugin(t *testing.T) {
}
err = execute(args)
require.NoError(t, err)
if *update {
fsutils.CopyFile(tempStdOut.Name(), tt.golden)

10
integration/registry_test.go
View File

@@ -17,8 +17,6 @@ import (
"path/filepath"
"testing"
"github.com/aquasecurity/trivy/pkg/types"
dockercontainer "github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat"
"github.com/google/go-containerregistry/pkg/authn"
@@ -28,6 +26,8 @@ import (
"github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go"
"github.com/testcontainers/testcontainers-go/wait"
"github.com/aquasecurity/trivy/pkg/types"
)
const (
@@ -121,7 +121,7 @@ type registryOption struct {
}
func TestRegistry(t *testing.T) {
ctx := context.Background()
ctx := t.Context()
baseDir, err := filepath.Abs(".")
require.NoError(t, err)
@@ -241,7 +241,7 @@ func TestRegistry(t *testing.T) {
// Run Trivy
runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
wantErr: tt.wantErr,
override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) {
override: overrideFuncs(overrideUID, func(_ *testing.T, want, _ *types.Report) {
want.ArtifactName = s
for i := range want.Results {
want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os)
@@ -334,7 +334,7 @@ func requestRegistryToken(imageRef name.Reference, baseDir string, opt registryO
}
// Get a registry token
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/auth", opt.AuthURL), nil)
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/auth", opt.AuthURL), http.NoBody)
if err != nil {
return "", err
}

307
integration/repo_test.go
View File

@@ -3,8 +3,9 @@
package integration
import (
"fmt"
"os"
"path/filepath"
"strconv"
"strings"
"testing"
@@ -14,38 +15,39 @@ import (
"github.com/aquasecurity/trivy/pkg/types"
)
type repoTestArgs struct {
scanner types.Scanner
ignoreIDs []string
policyPaths []string
namespaces []string
listAllPkgs bool
input string
secretConfig string
filePatterns []string
helmSet []string
helmValuesFile []string
skipFiles []string
skipDirs []string
command string
format types.Format
includeDevDeps bool
parallel int
vex string
vulnSeveritySources []string
}
// TestRepository tests `trivy repo` with the local code repositories
func TestRepository(t *testing.T) {
t.Setenv("NUGET_PACKAGES", t.TempDir())
type args struct {
scanner types.Scanner
ignoreIDs []string
policyPaths []string
namespaces []string
listAllPkgs bool
input string
secretConfig string
filePatterns []string
helmSet []string
helmValuesFile []string
skipFiles []string
skipDirs []string
command string
format types.Format
includeDevDeps bool
parallel int
vex string
vulnSeveritySources []string
}
tests := []struct {
name string
args args
args repoTestArgs
golden string
override func(t *testing.T, want, got *types.Report)
}{
{
name: "gomod",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
},
@@ -53,7 +55,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gomod with skip files",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
skipFiles: []string{"testdata/fixtures/repo/gomod/submod2/go.mod"},
@@ -62,7 +64,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gomod with skip dirs",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
skipDirs: []string{"testdata/fixtures/repo/gomod/submod2"},
@@ -71,7 +73,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gomod in series",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
parallel: 1,
@@ -80,7 +82,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gomod with local VEX file",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
vex: "testdata/fixtures/vex/file/openvex.json",
@@ -89,7 +91,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gomod with VEX repository",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
vex: "repo",
@@ -98,7 +100,7 @@ func TestRepository(t *testing.T) {
},
{
name: "npm",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm",
listAllPkgs: true,
@@ -107,7 +109,7 @@ func TestRepository(t *testing.T) {
},
{
name: "npm with severity from ubuntu",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm",
vulnSeveritySources: []string{
@@ -119,7 +121,7 @@ func TestRepository(t *testing.T) {
},
{
name: "npm with dev deps",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm",
listAllPkgs: true,
@@ -129,7 +131,7 @@ func TestRepository(t *testing.T) {
},
{
name: "yarn",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/yarn",
listAllPkgs: true,
@@ -138,7 +140,7 @@ func TestRepository(t *testing.T) {
},
{
name: "pnpm",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/pnpm",
listAllPkgs: true,
@@ -147,7 +149,7 @@ func TestRepository(t *testing.T) {
},
{
name: "bun",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/bun",
listAllPkgs: true,
@@ -156,7 +158,7 @@ func TestRepository(t *testing.T) {
},
{
name: "pip",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/pip",
@@ -165,7 +167,7 @@ func TestRepository(t *testing.T) {
},
{
name: "pipenv",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/pipenv",
@@ -174,7 +176,7 @@ func TestRepository(t *testing.T) {
},
{
name: "poetry",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/poetry",
@@ -183,7 +185,7 @@ func TestRepository(t *testing.T) {
},
{
name: "uv",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/uv",
@@ -192,7 +194,7 @@ func TestRepository(t *testing.T) {
},
{
name: "pom",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/pom",
},
@@ -200,7 +202,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gradle",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gradle",
},
@@ -208,7 +210,7 @@ func TestRepository(t *testing.T) {
},
{
name: "sbt",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/sbt",
},
@@ -216,7 +218,7 @@ func TestRepository(t *testing.T) {
},
{
name: "conan",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/conan",
@@ -225,7 +227,7 @@ func TestRepository(t *testing.T) {
},
{
name: "nuget",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/nuget",
@@ -234,7 +236,7 @@ func TestRepository(t *testing.T) {
},
{
name: "dotnet",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/dotnet",
@@ -243,7 +245,7 @@ func TestRepository(t *testing.T) {
},
{
name: "packages-props",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/packagesprops",
@@ -252,7 +254,7 @@ func TestRepository(t *testing.T) {
},
{
name: "swift",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/swift",
@@ -261,7 +263,7 @@ func TestRepository(t *testing.T) {
},
{
name: "cocoapods",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/cocoapods",
@@ -270,7 +272,7 @@ func TestRepository(t *testing.T) {
},
{
name: "pubspec.lock",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/pubspec",
@@ -279,7 +281,7 @@ func TestRepository(t *testing.T) {
},
{
name: "mix.lock",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/mixlock",
@@ -288,7 +290,7 @@ func TestRepository(t *testing.T) {
},
{
name: "composer.lock",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/composer",
@@ -297,7 +299,7 @@ func TestRepository(t *testing.T) {
},
{
name: "cargo.lock",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
input: "testdata/fixtures/repo/cargo",
@@ -306,7 +308,7 @@ func TestRepository(t *testing.T) {
},
{
name: "multiple lockfiles",
args: args{
args: repoTestArgs{
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/trivy-ci-test",
},
@@ -314,7 +316,7 @@ func TestRepository(t *testing.T) {
},
{
name: "installed.json",
args: args{
args: repoTestArgs{
command: "rootfs",
scanner: types.VulnerabilityScanner,
listAllPkgs: true,
@@ -324,7 +326,7 @@ func TestRepository(t *testing.T) {
},
{
name: "dockerfile",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/dockerfile",
namespaces: []string{"testing"},
@@ -333,7 +335,7 @@ func TestRepository(t *testing.T) {
},
{
name: "dockerfile with custom file pattern",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/dockerfile_file_pattern",
namespaces: []string{"testing"},
@@ -343,7 +345,7 @@ func TestRepository(t *testing.T) {
},
{
name: "dockerfile with custom policies",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"},
namespaces: []string{"user"},
@@ -353,7 +355,7 @@ func TestRepository(t *testing.T) {
},
{
name: "tarball helm chart scanning with builtin policies",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm",
},
@@ -361,7 +363,7 @@ func TestRepository(t *testing.T) {
},
{
name: "helm chart directory scanning with builtin policies",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_testchart",
},
@@ -369,7 +371,7 @@ func TestRepository(t *testing.T) {
},
{
name: "helm chart directory scanning with value overrides using set",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_testchart",
helmSet: []string{"securityContext.runAsUser=0"},
@@ -378,7 +380,7 @@ func TestRepository(t *testing.T) {
},
{
name: "helm chart directory scanning with value overrides using value file",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_testchart",
helmValuesFile: []string{"testdata/fixtures/repo/helm_values/values.yaml"},
@@ -387,7 +389,7 @@ func TestRepository(t *testing.T) {
},
{
name: "helm chart directory scanning with builtin policies and non string Chart name",
args: args{
args: repoTestArgs{
scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_badname",
},
@@ -395,7 +397,7 @@ func TestRepository(t *testing.T) {
},
{
name: "secrets",
args: args{
args: repoTestArgs{
scanner: "vuln,secret",
input: "testdata/fixtures/repo/secrets",
secretConfig: "testdata/fixtures/repo/secrets/trivy-secret.yaml",
@@ -404,7 +406,7 @@ func TestRepository(t *testing.T) {
},
{
name: "conda generating CycloneDX SBOM",
args: args{
args: repoTestArgs{
command: "rootfs",
format: "cyclonedx",
input: "testdata/fixtures/repo/conda",
@@ -413,7 +415,7 @@ func TestRepository(t *testing.T) {
},
{
name: "conda environment.yaml generating CycloneDX SBOM",
args: args{
args: repoTestArgs{
command: "fs",
format: "cyclonedx",
input: "testdata/fixtures/repo/conda-environment",
@@ -422,7 +424,7 @@ func TestRepository(t *testing.T) {
},
{
name: "pom.xml generating CycloneDX SBOM (with vulnerabilities)",
args: args{
args: repoTestArgs{
command: "fs",
scanner: types.VulnerabilityScanner,
format: "cyclonedx",
@@ -432,7 +434,7 @@ func TestRepository(t *testing.T) {
},
{
name: "conda generating SPDX SBOM",
args: args{
args: repoTestArgs{
command: "rootfs",
format: "spdx-json",
input: "testdata/fixtures/repo/conda",
@@ -441,7 +443,7 @@ func TestRepository(t *testing.T) {
},
{
name: "gomod with fs subcommand",
args: args{
args: repoTestArgs{
command: "fs",
scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod",
@@ -454,7 +456,7 @@ func TestRepository(t *testing.T) {
},
{
name: "dockerfile with fs subcommand and an alias scanner",
args: args{
args: repoTestArgs{
command: "fs",
scanner: "config", // for backward compatibility
policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"},
@@ -462,13 +464,13 @@ func TestRepository(t *testing.T) {
input: "testdata/fixtures/repo/custom-policy",
},
golden: "testdata/dockerfile-custom-policies.json.golden",
override: func(_ *testing.T, want, got *types.Report) {
override: func(_ *testing.T, want, _ *types.Report) {
want.ArtifactType = ftypes.TypeFilesystem
},
},
{
name: "julia generating SPDX SBOM",
args: args{
args: repoTestArgs{
command: "rootfs",
format: "spdx-json",
input: "testdata/fixtures/repo/julia",
@@ -501,95 +503,7 @@ func TestRepository(t *testing.T) {
format = tt.args.format
}
osArgs := []string{
"-q",
"--cache-dir",
cacheDir,
command,
"--skip-db-update",
"--skip-policy-update",
"--format",
string(format),
"--parallel",
fmt.Sprint(tt.args.parallel),
"--offline-scan",
tt.args.input,
}
if tt.args.scanner != "" {
osArgs = append(osArgs, "--scanners", string(tt.args.scanner))
}
if len(tt.args.policyPaths) != 0 {
for _, policyPath := range tt.args.policyPaths {
osArgs = append(osArgs, "--config-policy", policyPath)
}
}
if len(tt.args.namespaces) != 0 {
for _, namespace := range tt.args.namespaces {
osArgs = append(osArgs, "--policy-namespaces", namespace)
}
}
if len(tt.args.ignoreIDs) != 0 {
trivyIgnore := ".trivyignore"
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.ignoreIDs, "\n")), 0444)
require.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore)
}
if len(tt.args.filePatterns) != 0 {
for _, filePattern := range tt.args.filePatterns {
osArgs = append(osArgs, "--file-patterns", filePattern)
}
}
if len(tt.args.helmSet) != 0 {
for _, helmSet := range tt.args.helmSet {
osArgs = append(osArgs, "--helm-set", helmSet)
}
}
if len(tt.args.helmValuesFile) != 0 {
for _, helmValuesFile := range tt.args.helmValuesFile {
osArgs = append(osArgs, "--helm-values", helmValuesFile)
}
}
if len(tt.args.skipFiles) != 0 {
for _, skipFile := range tt.args.skipFiles {
osArgs = append(osArgs, "--skip-files", skipFile)
}
}
if len(tt.args.skipDirs) != 0 {
for _, skipDir := range tt.args.skipDirs {
osArgs = append(osArgs, "--skip-dirs", skipDir)
}
}
if len(tt.args.vulnSeveritySources) != 0 {
osArgs = append(osArgs,
"--vuln-severity-source", strings.Join(tt.args.vulnSeveritySources, ","),
)
}
if tt.args.listAllPkgs {
osArgs = append(osArgs, "--list-all-pkgs")
}
if tt.args.includeDevDeps {
osArgs = append(osArgs, "--include-dev-deps")
}
if tt.args.secretConfig != "" {
osArgs = append(osArgs, "--secret-config", tt.args.secretConfig)
}
if tt.args.vex != "" {
osArgs = append(osArgs, "--vex", tt.args.vex)
}
osArgs := buildArgs(t, cacheDir, command, format, tt.args)
runTest(t, osArgs, tt.golden, "", format, runOptions{
fakeUUID: "3ff14136-e09f-4df9-80ea-%012d",
@@ -598,3 +512,78 @@ func TestRepository(t *testing.T) {
})
}
}
func buildArgs(t *testing.T, cacheDir, command string, format types.Format, testArgs repoTestArgs) []string {
// Build base arguments
osArgs := []string{
"-q",
"--cache-dir",
cacheDir,
command,
"--skip-db-update",
"--skip-policy-update",
"--format",
string(format),
"--parallel",
strconv.Itoa(testArgs.parallel),
"--offline-scan",
testArgs.input,
}
if testArgs.scanner != "" {
osArgs = append(osArgs, "--scanners", string(testArgs.scanner))
}
for _, policyPath := range testArgs.policyPaths {
osArgs = append(osArgs, "--config-policy", policyPath)
}
for _, namespace := range testArgs.namespaces {
osArgs = append(osArgs, "--policy-namespaces", namespace)
}
// Handle ignore file using temporary directory
if len(testArgs.ignoreIDs) != 0 {
trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore")
err := os.WriteFile(trivyIgnore, []byte(strings.Join(testArgs.ignoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore")
osArgs = append(osArgs, "--ignorefile", trivyIgnore)
}
for _, filePattern := range testArgs.filePatterns {
osArgs = append(osArgs, "--file-patterns", filePattern)
}
for _, hs := range testArgs.helmSet {
osArgs = append(osArgs, "--helm-set", hs)
}
for _, hvf := range testArgs.helmValuesFile {
osArgs = append(osArgs, "--helm-values", hvf)
}
for _, skipFile := range testArgs.skipFiles {
osArgs = append(osArgs, "--skip-files", skipFile)
}
for _, skipDir := range testArgs.skipDirs {
osArgs = append(osArgs, "--skip-dirs", skipDir)
}
if len(testArgs.vulnSeveritySources) != 0 {
osArgs = append(osArgs,
"--vuln-severity-source", strings.Join(testArgs.vulnSeveritySources, ","),
)
}
if testArgs.listAllPkgs {
osArgs = append(osArgs, "--list-all-pkgs")
}
if testArgs.includeDevDeps {
osArgs = append(osArgs, "--include-dev-deps")
}
if testArgs.secretConfig != "" {
osArgs = append(osArgs, "--secret-config", testArgs.secretConfig)
}
if testArgs.vex != "" {
osArgs = append(osArgs, "--vex", testArgs.vex)
}
return osArgs
}

5
integration/sbom_test.go
View File

@@ -186,8 +186,7 @@ func TestSBOM(t *testing.T) {
outputFile = tt.golden
}
osArgs = append(osArgs, "--output", outputFile)
osArgs = append(osArgs, tt.args.input)
osArgs = append(osArgs, "--output", outputFile, tt.args.input)
// Run "trivy sbom"
runTest(t, osArgs, tt.golden, outputFile, types.Format(tt.args.format), runOptions{
@@ -198,7 +197,7 @@ func TestSBOM(t *testing.T) {
}
}
func overrideSBOMReport(t *testing.T, want, got *types.Report) {
func overrideSBOMReport(_ *testing.T, want, got *types.Report) {
want.Metadata.ImageID = ""
want.Metadata.ImageConfig = v1.ConfigFile{}
want.Metadata.DiffIDs = nil

8
integration/standalone_tar_test.go
View File

@@ -8,10 +8,10 @@ import (
"strings"
"testing"
"github.com/stretchr/testify/require"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/stretchr/testify/require"
)
func TestTar(t *testing.T) {
@@ -168,7 +168,7 @@ func TestTar(t *testing.T) {
Input: "testdata/fixtures/images/alpine-39.tar.gz",
Distro: "alpine/3.10",
},
override: func(t *testing.T, want, got *types.Report) {
override: func(_ *testing.T, want, _ *types.Report) {
want.Metadata.OS.Name = "3.10"
want.Results[0].Target = "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.10)"
},
@@ -425,7 +425,7 @@ func TestTar(t *testing.T) {
}
if len(tt.args.IgnoreIDs) != 0 {
trivyIgnore := ".trivyignore"
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.IgnoreIDs, "\n")), 0444)
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.IgnoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore)
}

3
integration/testdata/conda-cyclonedx.json.golden vendored
View File

@@ -10,6 +10,9 @@
"components": [
{
"type": "application",
"manufacturer": {
"name": "Aqua Security Software Ltd."
},
"group": "aquasecurity",
"name": "trivy",
"version": "dev"

3
integration/testdata/conda-environment-cyclonedx.json.golden vendored
View File

@@ -10,6 +10,9 @@
"components": [
{
"type": "application",
"manufacturer": {
"name": "Aqua Security Software Ltd."
},
"group": "aquasecurity",
"name": "trivy",
"version": "dev"

3
integration/testdata/fluentd-multiple-lockfiles-short.cdx.json.golden vendored
View File

@@ -10,6 +10,9 @@
"components": [
{
"type": "application",
"manufacturer": {
"name": "Aqua Security Software Ltd."
},
"group": "aquasecurity",
"name": "trivy",
"version": "dev"

3
integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden vendored
View File

@@ -10,6 +10,9 @@
"components": [
{
"type": "application",
"manufacturer": {
"name": "Aqua Security Software Ltd."
},
"group": "aquasecurity",
"name": "trivy",
"version": "dev"

3
integration/testdata/npm-cyclonedx.json.golden vendored
View File

@@ -10,6 +10,9 @@
"components": [
{
"type": "application",
"manufacturer": {
"name": "Aqua Security Software Ltd."
},
"group": "aquasecurity",
"name": "trivy",
"version": "dev"

3
integration/testdata/pom-cyclonedx.json.golden vendored
View File

@@ -10,6 +10,9 @@
"components": [
{
"type": "application",
"manufacturer": {
"name": "Aqua Security Software Ltd."
},
"group": "aquasecurity",
"name": "trivy",
"version": "dev"

105
magefiles/docs.go
View File

@@ -7,13 +7,13 @@ import (
"fmt"
"os"
"slices"
"sort"
"strings"
"github.com/spf13/cobra/doc"
"github.com/aquasecurity/trivy/pkg/commands"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/spf13/cobra/doc"
)
const (
@@ -35,50 +35,43 @@ func main() {
os.Setenv("XDG_DATA_HOME", os.TempDir())
cmd := commands.NewApp()
allFlagGroups := getAllFlags()
cmd.DisableAutoGenTag = true
if err := doc.GenMarkdownTree(cmd, "./docs/docs/references/configuration/cli"); err != nil {
log.Fatal("Fatal error", log.Err(err))
}
if err := generateConfigDocs("./docs/docs/references/configuration/config-file.md"); err != nil {
if err := generateConfigDocs("./docs/docs/references/configuration/config-file.md", allFlagGroups); err != nil {
log.Fatal("Fatal error in config file generation", log.Err(err))
}
if err := generateTelemetryFlagDocs("./docs/docs/advanced/telemetry-flags.md", allFlagGroups); err != nil {
log.Fatal("Fatal error in telemetry docs generation", log.Err(err))
}
}
// generateConfigDocs creates markdown file for Trivy config.
func generateConfigDocs(filename string) error {
// remoteFlags should contain Client and Server flags.
// NewClientFlags doesn't initialize `Listen` field
remoteFlags := flag.NewClientFlags()
remoteFlags.Listen = flag.ServerListenFlag.Clone()
// These flags don't work from config file.
// Clear configName to skip them later.
globalFlags := flag.NewGlobalFlagGroup()
globalFlags.ConfigFile.ConfigName = ""
globalFlags.ShowVersion.ConfigName = ""
globalFlags.GenerateDefaultConfig.ConfigName = ""
var allFlagGroups = []flag.FlagGroup{
globalFlags,
flag.NewCacheFlagGroup(),
flag.NewCleanFlagGroup(),
remoteFlags,
flag.NewDBFlagGroup(),
flag.NewImageFlagGroup(),
flag.NewK8sFlagGroup(),
flag.NewLicenseFlagGroup(),
flag.NewMisconfFlagGroup(),
flag.NewModuleFlagGroup(),
flag.NewPackageFlagGroup(),
flag.NewRegistryFlagGroup(),
flag.NewRegoFlagGroup(),
flag.NewReportFlagGroup(),
flag.NewRepoFlagGroup(),
flag.NewScanFlagGroup(),
flag.NewSecretFlagGroup(),
flag.NewVulnerabilityFlagGroup(),
// generateTelemetryFlagDocs updates the telemetry section in the documentation file
// with the flags that are safe to be included in telemetry.
func generateTelemetryFlagDocs(filename string, allFlagGroups []flag.FlagGroup) error {
var telemetryFlags []string
for _, group := range allFlagGroups {
flags := group.Flags()
for _, f := range flags {
if f.IsTelemetrySafe() && f.GetConfigName() != "" {
telemetryFlags = append(telemetryFlags, fmt.Sprintf("--%s", f.GetName()))
}
}
}
sort.Strings(telemetryFlags)
flagContent := fmt.Sprintf("```\n%s\n```\n", strings.Join(telemetryFlags, "\n"))
if err := os.WriteFile(filename, []byte(flagContent), 0644); err != nil {
return fmt.Errorf("failed to write to %s: %w", filename, err)
}
return nil
}
// generateConfigDocs creates markdown file for Trivy config.
func generateConfigDocs(filename string, allFlagGroups []flag.FlagGroup) error {
f, err := os.Create(filename)
if err != nil {
return err
@@ -87,6 +80,10 @@ func generateConfigDocs(filename string) error {
f.WriteString("# " + title + "\n\n")
f.WriteString(description + "\n")
if len(allFlagGroups) == 0 {
return fmt.Errorf("no flag groups found")
}
for _, group := range allFlagGroups {
f.WriteString("## " + group.Name() + " options\n")
writeFlags(group, f)
@@ -161,3 +158,39 @@ func writeFlagValue(val any, ind string, w *os.File) {
fmt.Fprintf(w, " %v\n", v)
}
}
func getAllFlags() []flag.FlagGroup {
// remoteFlags should contain Client and Server flags.
// NewClientFlags doesn't initialize `Listen` field
remoteFlags := flag.NewClientFlags()
remoteFlags.Listen = flag.ServerListenFlag.Clone()
// These flags don't work from config file.
// Clear configName to skip them later.
globalFlags := flag.NewGlobalFlagGroup()
globalFlags.ConfigFile.ConfigName = ""
globalFlags.ShowVersion.ConfigName = ""
globalFlags.GenerateDefaultConfig.ConfigName = ""
return []flag.FlagGroup{
globalFlags,
flag.NewCacheFlagGroup(),
flag.NewCleanFlagGroup(),
remoteFlags,
flag.NewDBFlagGroup(),
flag.NewImageFlagGroup(),
flag.NewK8sFlagGroup(),
flag.NewLicenseFlagGroup(),
flag.NewMisconfFlagGroup(),
flag.NewModuleFlagGroup(),
flag.NewPackageFlagGroup(),
flag.NewRegistryFlagGroup(),
flag.NewRegoFlagGroup(),
flag.NewReportFlagGroup(),
flag.NewRepoFlagGroup(),
flag.NewScanFlagGroup(),
flag.NewSecretFlagGroup(),
flag.NewVulnerabilityFlagGroup(),
}
}

6
magefiles/magefile.go
View File

@@ -348,13 +348,13 @@ type Lint mg.Namespace
// Run runs linters
func (Lint) Run() error {
mg.Deps(Tool{}.GolangciLint)
return sh.RunV("golangci-lint", "run")
return sh.RunV("golangci-lint", "run", "--build-tags=integration")
}
// Fix auto fixes linters
func (Lint) Fix() error {
mg.Deps(Tool{}.GolangciLint)
return sh.RunV("golangci-lint", "run", "--fix")
return sh.RunV("golangci-lint", "run", "--fix", "--build-tags=integration")
}
// Fmt formats Go code and proto files
@@ -444,7 +444,7 @@ type Docs mg.Namespace
// Prepare CSS
func (Docs) Css() error {
const (
homepageSass = "docs/assets/css/trivy_v1_homepage.scss"
homepageSass = "docs/assets/css/trivy_v1_styles.scss"
)
homepageCss := strings.TrimSuffix(homepageSass, ".scss") + ".min.css"
if updated, err := target.Path(homepageCss, homepageSass); err != nil {

4
mkdocs.yml
View File

@@ -117,6 +117,7 @@ nav:
- Overview: docs/coverage/others/index.md
- Bitnami Images: docs/coverage/others/bitnami.md
- Conda: docs/coverage/others/conda.md
- Root.io Images: docs/coverage/others/rootio.md
- RPM Archives: docs/coverage/others/rpm.md
- Kubernetes: docs/coverage/kubernetes.md
- Configuration:
@@ -224,6 +225,7 @@ nav:
- Overview: community/contribute/checks/overview.md
- Add Service Support: community/contribute/checks/service-support.md
- Maintainer:
- PR Review: community/maintainer/pr-review.md
- Release Flow: community/maintainer/release-flow.md
- Backporting: community/maintainer/backporting.md
- Help Wanted: community/maintainer/help-wanted.md
@@ -231,6 +233,7 @@ nav:
- Enterprise:
- Comparison: commercial/compare.md
- Contact Us: commercial/contact.md
- Partners: partners.md
theme:
name: material
custom_dir: docs/overrides
@@ -260,6 +263,7 @@ markdown_extensions:
- pymdownx.highlight
- pymdownx.details
- pymdownx.magiclink
- pymdownx.snippets
- pymdownx.superfences:
custom_fences:
- name: mermaid

18
pkg/cache/remote.go vendored
View File

@@ -2,7 +2,6 @@ package cache
import (
"context"
"crypto/tls"
"net/http"
"github.com/twitchtv/twirp"
@@ -11,6 +10,7 @@ import (
"github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/rpc"
"github.com/aquasecurity/trivy/pkg/rpc/client"
xhttp "github.com/aquasecurity/trivy/pkg/x/http"
rpcCache "github.com/aquasecurity/trivy/rpc/cache"
)
@@ -19,7 +19,6 @@ var _ ArtifactCache = (*RemoteCache)(nil)
type RemoteOptions struct {
ServerAddr string
CustomHeaders http.Header
Insecure bool
PathPrefix string
}
@@ -30,23 +29,14 @@ type RemoteCache struct {
}
// NewRemoteCache is the factory method for RemoteCache
func NewRemoteCache(opts RemoteOptions) *RemoteCache {
ctx := client.WithCustomHeaders(context.Background(), opts.CustomHeaders)
httpClient := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyFromEnvironment,
TLSClientConfig: &tls.Config{
InsecureSkipVerify: opts.Insecure,
},
},
}
func NewRemoteCache(ctx context.Context, opts RemoteOptions) *RemoteCache {
ctx = client.WithCustomHeaders(ctx, opts.CustomHeaders)
var twirpOpts []twirp.ClientOption
if opts.PathPrefix != "" {
twirpOpts = append(twirpOpts, twirp.WithClientPathPrefix(opts.PathPrefix))
}
c := rpcCache.NewCacheProtobufClient(opts.ServerAddr, httpClient, twirpOpts...)
c := rpcCache.NewCacheProtobufClient(opts.ServerAddr, xhttp.ClientWithContext(ctx), twirpOpts...)
return &RemoteCache{
ctx: ctx,
client: c,

16
pkg/cache/remote_test.go vendored
View File

@@ -16,6 +16,7 @@ import (
"github.com/aquasecurity/trivy/pkg/cache"
"github.com/aquasecurity/trivy/pkg/fanal/types"
xhttp "github.com/aquasecurity/trivy/pkg/x/http"
rpcCache "github.com/aquasecurity/trivy/rpc/cache"
rpcScanner "github.com/aquasecurity/trivy/rpc/scanner"
)
@@ -145,10 +146,9 @@ func TestRemoteCache_PutArtifact(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := cache.NewRemoteCache(cache.RemoteOptions{
c := cache.NewRemoteCache(t.Context(), cache.RemoteOptions{
ServerAddr: ts.URL,
CustomHeaders: tt.args.customHeaders,
Insecure: false,
})
err := c.PutArtifact(tt.args.imageID, tt.args.imageInfo)
if tt.wantErr != "" {
@@ -208,10 +208,9 @@ func TestRemoteCache_PutBlob(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := cache.NewRemoteCache(cache.RemoteOptions{
c := cache.NewRemoteCache(t.Context(), cache.RemoteOptions{
ServerAddr: ts.URL,
CustomHeaders: tt.args.customHeaders,
Insecure: false,
})
err := c.PutBlob(tt.args.diffID, tt.args.layerInfo)
if tt.wantErr != "" {
@@ -288,10 +287,9 @@ func TestRemoteCache_MissingBlobs(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := cache.NewRemoteCache(cache.RemoteOptions{
c := cache.NewRemoteCache(t.Context(), cache.RemoteOptions{
ServerAddr: ts.URL,
CustomHeaders: tt.args.customHeaders,
Insecure: false,
})
gotMissingImage, gotMissingLayerIDs, err := c.MissingBlobs(tt.args.imageID, tt.args.layerIDs)
if tt.wantErr != "" {
@@ -339,10 +337,12 @@ func TestRemoteCache_PutArtifactInsecure(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := cache.NewRemoteCache(cache.RemoteOptions{
ctx := xhttp.WithTransport(t.Context(), xhttp.NewTransport(xhttp.Options{
Insecure: tt.args.insecure,
}))
c := cache.NewRemoteCache(ctx, cache.RemoteOptions{
ServerAddr: ts.URL,
CustomHeaders: nil,
Insecure: tt.args.insecure,
})
err := c.PutArtifact(tt.args.imageID, tt.args.imageInfo)
if tt.wantErr != "" {

13
pkg/commands/app.go
View File

@@ -687,10 +687,13 @@ func NewServerCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
func NewConfigCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
scanFlags := &flag.ScanFlagGroup{
// Enable only '--skip-dirs' and '--skip-files' and disable other flags
SkipDirs: flag.SkipDirsFlag.Clone(),
SkipFiles: flag.SkipFilesFlag.Clone(),
FilePatterns: flag.FilePatternsFlag.Clone(),
// Enable only '--skip-dirs', '--skip-files', `--skip-version-check`
// and `--disable-telemetry`, disable other scan flags
SkipDirs: flag.SkipDirsFlag.Clone(),
SkipFiles: flag.SkipFilesFlag.Clone(),
FilePatterns: flag.FilePatternsFlag.Clone(),
SkipVersionCheck: flag.SkipVersionCheckFlag.Clone(),
DisableTelemetry: flag.DisableTelemetryFlag.Clone(),
}
reportFlagGroup := flag.NewReportFlagGroup()
@@ -999,7 +1002,7 @@ func NewKubernetesCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
reportFlagGroup.TableMode = nil // disable '--table-mode's
compliance := flag.ComplianceFlag.Clone()
var compliances string
for _, val := range types.BuiltInK8sCompiances {
for _, val := range types.BuiltInK8sCompliances {
compliances += fmt.Sprintf("\n - %s", val)
}
compliance.Usage = fmt.Sprintf("%s\nBuilt-in compliance's:%s", compliance.Usage, compliances)

19
pkg/commands/artifact/run.go
View File

@@ -34,6 +34,7 @@ import (
"github.com/aquasecurity/trivy/pkg/scan"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/version/doc"
xhttp "github.com/aquasecurity/trivy/pkg/x/http"
)
// TargetKind represents what kind of artifact Trivy scans
@@ -118,12 +119,14 @@ func NewRunner(ctx context.Context, cliOptions flag.Options, opts ...RunnerOptio
opt(r)
}
// If the user has not disabled notices or is running in quiet mode
r.versionChecker = notification.NewVersionChecker(
notification.WithSkipVersionCheck(cliOptions.SkipVersionCheck),
notification.WithQuietMode(cliOptions.Quiet),
notification.WithTelemetryDisabled(cliOptions.DisableTelemetry),
)
// Set the default HTTP transport
xhttp.SetDefaultTransport(xhttp.NewTransport(xhttp.Options{
Insecure: cliOptions.Insecure,
Timeout: cliOptions.Timeout,
}))
// get the sub command that is being used or fallback to "trivy"
commandName := lo.Ternary(len(os.Args) > 1, os.Args[1], "trivy")
r.versionChecker = notification.NewVersionChecker(commandName, &cliOptions)
// Update the vulnerability database if needed.
if err := r.initDB(ctx, cliOptions); err != nil {
@@ -150,7 +153,7 @@ func NewRunner(ctx context.Context, cliOptions flag.Options, opts ...RunnerOptio
// only do this if the user has not disabled notices or is running
// in quiet mode
if r.versionChecker != nil {
r.versionChecker.RunUpdateCheck(ctx, os.Args[1:])
r.versionChecker.RunUpdateCheck(ctx)
}
return r, nil
@@ -171,7 +174,7 @@ func (r *runner) Close(ctx context.Context) error {
// silently check if there is notifications
if r.versionChecker != nil {
r.versionChecker.PrintNotices(os.Stderr)
r.versionChecker.PrintNotices(ctx, os.Stderr)
}
return errs

12
pkg/commands/artifact/wire_gen.go
View File

@@ -195,7 +195,7 @@ func initializeRemoteImageScanService(ctx context.Context, imageName string, rem
if err != nil {
return scan.Service{}, nil, err
}
remoteCache := cache.NewRemoteCache(remoteCacheOptions)
remoteCache := cache.NewRemoteCache(ctx, remoteCacheOptions)
artifactArtifact, err := image2.NewArtifact(typesImage, remoteCache, artifactOption)
if err != nil {
cleanup()
@@ -220,7 +220,7 @@ func initializeRemoteArchiveScanService(ctx context.Context, filePath string, re
if err != nil {
return scan.Service{}, nil, err
}
remoteCache := cache.NewRemoteCache(remoteCacheOptions)
remoteCache := cache.NewRemoteCache(ctx, remoteCacheOptions)
artifactArtifact, err := image2.NewArtifact(typesImage, remoteCache, artifactOption)
if err != nil {
return scan.Service{}, nil, err
@@ -234,7 +234,7 @@ func initializeRemoteArchiveScanService(ctx context.Context, filePath string, re
func initializeRemoteFilesystemScanService(ctx context.Context, path string, remoteCacheOptions cache.RemoteOptions, remoteScanOptions client.ServiceOption, artifactOption artifact.Option) (scan.Service, func(), error) {
v := _wireValue
service := client.NewService(remoteScanOptions, v...)
remoteCache := cache.NewRemoteCache(remoteCacheOptions)
remoteCache := cache.NewRemoteCache(ctx, remoteCacheOptions)
fs := walker.NewFS()
artifactArtifact, err := local2.NewArtifact(path, remoteCache, fs, artifactOption)
if err != nil {
@@ -249,7 +249,7 @@ func initializeRemoteFilesystemScanService(ctx context.Context, path string, rem
func initializeRemoteRepositoryScanService(ctx context.Context, url string, remoteCacheOptions cache.RemoteOptions, remoteScanOptions client.ServiceOption, artifactOption artifact.Option) (scan.Service, func(), error) {
v := _wireValue
service := client.NewService(remoteScanOptions, v...)
remoteCache := cache.NewRemoteCache(remoteCacheOptions)
remoteCache := cache.NewRemoteCache(ctx, remoteCacheOptions)
fs := walker.NewFS()
artifactArtifact, cleanup, err := repo.NewArtifact(url, remoteCache, fs, artifactOption)
if err != nil {
@@ -265,7 +265,7 @@ func initializeRemoteRepositoryScanService(ctx context.Context, url string, remo
func initializeRemoteSBOMScanService(ctx context.Context, path string, remoteCacheOptions cache.RemoteOptions, remoteScanOptions client.ServiceOption, artifactOption artifact.Option) (scan.Service, func(), error) {
v := _wireValue
service := client.NewService(remoteScanOptions, v...)
remoteCache := cache.NewRemoteCache(remoteCacheOptions)
remoteCache := cache.NewRemoteCache(ctx, remoteCacheOptions)
artifactArtifact, err := sbom.NewArtifact(path, remoteCache, artifactOption)
if err != nil {
return scan.Service{}, nil, err
@@ -279,7 +279,7 @@ func initializeRemoteSBOMScanService(ctx context.Context, path string, remoteCac
func initializeRemoteVMScanService(ctx context.Context, path string, remoteCacheOptions cache.RemoteOptions, remoteScanOptions client.ServiceOption, artifactOption artifact.Option) (scan.Service, func(), error) {
v := _wireValue
service := client.NewService(remoteScanOptions, v...)
remoteCache := cache.NewRemoteCache(remoteCacheOptions)
remoteCache := cache.NewRemoteCache(ctx, remoteCacheOptions)
walkerVM := walker.NewVM()
artifactArtifact, err := vm.NewArtifact(path, remoteCache, walkerVM, artifactOption)
if err != nil {

13
pkg/commands/auth/run.go
View File

@@ -2,19 +2,18 @@ package auth
import (
"context"
"net/http"
"os"
"github.com/docker/cli/cli/config"
"github.com/docker/cli/cli/config/types"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/name"
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/google/go-containerregistry/pkg/v1/remote/transport"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/log"
xhttp "github.com/aquasecurity/trivy/pkg/x/http"
)
func Login(ctx context.Context, registry string, opts flag.Options) error {
@@ -34,7 +33,7 @@ func Login(ctx context.Context, registry string, opts flag.Options) error {
_, err = transport.NewWithContext(ctx, reg, &authn.Basic{
Username: opts.Credentials[0].Username,
Password: opts.Credentials[0].Password,
}, httpTransport(opts), nil)
}, xhttp.Transport(ctx), nil)
if err != nil {
return xerrors.Errorf("failed to authenticate: %w", err)
}
@@ -99,11 +98,3 @@ func parseRegistry(registry string, opts flag.Options) (name.Registry, error) {
}
return reg, nil
}
func httpTransport(opts flag.Options) *http.Transport {
tr := remote.DefaultTransport.(*http.Transport).Clone()
if opts.Insecure {
tr.TLSClientConfig.InsecureSkipVerify = true
}
return tr
}

8
pkg/db/db.go
View File

@@ -110,11 +110,12 @@ func (c *Client) NeedsUpdate(ctx context.Context, cliVersion string, skip bool)
meta = metadata.Metadata{Version: db.SchemaVersion}
}
// There are 2 cases when DownloadAt field is zero:
// There are 3 cases when DownloadAt field is zero:
// - metadata file was not created yet. This is the first run of Trivy.
// - trivy-db was downloaded with `oras`. In this case user can use `--skip-db-update` (like for air-gapped) or re-download trivy-db.
// - trivy-db was corrupted while copying from tmp directory to cache directory. We should update this trivy-db.
// We can't detect these cases, so we will show warning for users who use oras + air-gapped.
if meta.DownloadedAt.IsZero() && !skip {
if !noRequiredFiles && meta.DownloadedAt.IsZero() && !skip {
log.WarnContext(ctx, "Trivy DB may be corrupted and will be re-downloaded. If you manually downloaded DB - use the `--skip-db-update` flag to skip updating DB.")
return true, nil
}
@@ -131,10 +132,11 @@ func (c *Client) NeedsUpdate(ctx context.Context, cliVersion string, skip bool)
}
if skip {
log.DebugContext(ctx, "Skipping DB update...")
if err = c.validate(meta); err != nil {
return false, xerrors.Errorf("validate error: %w", err)
}
log.DebugContext(ctx, "Skipping DB update...")
return false, nil
}

68
pkg/db/db_test.go
View File

@@ -1,10 +1,13 @@
package db_test
import (
"bytes"
"fmt"
"strings"
"testing"
"time"
"github.com/samber/lo"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -13,6 +16,7 @@ import (
"github.com/aquasecurity/trivy/pkg/clock"
"github.com/aquasecurity/trivy/pkg/db"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
)
func TestClient_NeedsUpdate(t *testing.T) {
@@ -27,14 +31,16 @@ func TestClient_NeedsUpdate(t *testing.T) {
dbFileExists bool
metadata metadata.Metadata
want bool
wantLogs []string
wantErr string
}{
{
name: "happy path",
dbFileExists: true,
metadata: metadata.Metadata{
Version: db.SchemaVersion,
NextUpdate: timeNextUpdateDay1,
Version: db.SchemaVersion,
NextUpdate: timeNextUpdateDay1,
DownloadedAt: timeDownloadAt,
},
want: true,
},
@@ -43,20 +49,31 @@ func TestClient_NeedsUpdate(t *testing.T) {
dbFileExists: true,
metadata: metadata.Metadata{},
want: true,
wantLogs: []string{
"There is no valid metadata file",
},
},
{
name: "happy path for first run without trivy.db",
dbFileExists: false,
want: true,
wantLogs: []string{
"There is no db file",
"There is no valid metadata file",
},
},
{
name: "happy path with old schema version",
dbFileExists: true,
metadata: metadata.Metadata{
Version: 0,
NextUpdate: timeNextUpdateDay1,
Version: 0,
NextUpdate: timeNextUpdateDay1,
DownloadedAt: timeDownloadAt,
},
want: true,
wantLogs: []string{
"The local DB schema version does not match with supported version schema.",
},
},
{
name: "happy path with --skip-db-update",
@@ -68,6 +85,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
},
skip: true,
want: false,
wantLogs: []string{
"Skipping DB update...",
},
},
{
name: "skip downloading DB",
@@ -78,6 +98,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
DownloadedAt: timeDownloadAt,
},
want: false,
wantLogs: []string{
"DB update was skipped because the local DB is the latest",
},
},
{
name: "newer schema version",
@@ -89,12 +112,20 @@ func TestClient_NeedsUpdate(t *testing.T) {
},
wantErr: fmt.Sprintf("the version of DB schema doesn't match. Local DB: %d, Expected: %d",
db.SchemaVersion+1, db.SchemaVersion),
wantLogs: []string{
"Trivy version is old. Update to the latest version.",
},
},
{
name: "--skip-db-update without trivy.db on the first run",
dbFileExists: false,
skip: true,
wantErr: "--skip-db-update cannot be specified on the first run",
wantLogs: []string{
"There is no db file",
"There is no valid metadata file",
"The first run cannot skip downloading DB",
},
},
{
name: "--skip-db-update without metadata.json on the first run",
@@ -102,6 +133,10 @@ func TestClient_NeedsUpdate(t *testing.T) {
metadata: metadata.Metadata{},
skip: true,
wantErr: "--skip-db-update cannot be specified on the first run",
wantLogs: []string{
"There is no valid metadata file",
"The first run cannot skip downloading DB",
},
},
{
name: "--skip-db-update with different schema version",
@@ -114,6 +149,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
skip: true,
wantErr: fmt.Sprintf("--skip-db-update cannot be specified with the old DB schema. Local DB: %d, Expected: %d",
0, db.SchemaVersion),
wantLogs: []string{
"The local DB has an old schema version which is not supported by the current version of Trivy CLI. DB needs to be updated.",
},
},
{
name: "happy with old DownloadedAt",
@@ -134,6 +172,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
DownloadedAt: time.Date(2019, 9, 30, 23, 30, 0, 0, time.UTC),
},
want: false,
wantLogs: []string{
"DB update was skipped because the local DB was downloaded during the last hour",
},
},
{
name: "DownloadedAt is zero, skip is false",
@@ -145,6 +186,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
NextUpdate: timeNextUpdateDay1,
},
want: true,
wantLogs: []string{
"Trivy DB may be corrupted and will be re-downloaded. If you manually downloaded DB - use the `--skip-db-update` flag to skip updating DB.",
},
},
{
name: "DownloadedAt is zero, skip is true",
@@ -156,6 +200,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
NextUpdate: timeNextUpdateDay1,
},
want: false,
wantLogs: []string{
"Skipping DB update...",
},
},
{
name: "DownloadedAt is zero, skip is true, old schema version",
@@ -168,11 +215,18 @@ func TestClient_NeedsUpdate(t *testing.T) {
},
wantErr: "--skip-db-update cannot be specified with the old DB schema. Local DB: 0, Expected: 2",
want: false,
wantLogs: []string{
"The local DB has an old schema version which is not supported by the current version of Trivy CLI. DB needs to be updated.",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
out := bytes.NewBuffer(nil)
logger := log.New(log.NewHandler(out, &log.Options{Level: log.LevelDebug}))
log.SetDefault(logger)
dbDir := db.Dir(t.TempDir())
if tt.metadata != (metadata.Metadata{}) {
meta := metadata.NewClient(dbDir)
@@ -194,6 +248,12 @@ func TestClient_NeedsUpdate(t *testing.T) {
client := db.NewClient(dbDir, true)
needsUpdate, err := client.NeedsUpdate(ctx, "test", tt.skip)
// Compare log messages
require.Len(t, lo.Compact(strings.Split(out.String(), "\n")), len(tt.wantLogs))
for _, logMsg := range tt.wantLogs {
assert.Contains(t, out.String(), logMsg)
}
switch {
case tt.wantErr != "":
require.ErrorContains(t, err, tt.wantErr, tt.name)

3
pkg/dependency/parser/gradle/lockfile/parse.go
View File

@@ -36,10 +36,9 @@ func (Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency,
name := strings.Join(dep[:2], ":")
version, classPathsString, _ := strings.Cut(dep[2], "=")
classPaths := strings.Split(classPathsString, ",")
dev := true
for _, classPath := range classPaths {
for classPath := range strings.SplitSeq(classPathsString, ",") {
if !strings.HasPrefix(classPath, "test") {
dev = false
break

45
pkg/dependency/parser/java/pom/artifact.go
View File

@@ -2,9 +2,6 @@ package pom
import (
"fmt"
"os"
"regexp"
"slices"
"strings"
"sync"
@@ -17,7 +14,6 @@ import (
)
var (
varRegexp = regexp.MustCompile(`\${(\S+?)}`)
emptyVersionWarn = sync.OnceFunc(func() {
log.WithPrefix("pom").Warn("Dependency version cannot be determined. Child dependencies will not be found.",
// e.g. https://trivy.dev/latest/docs/coverage/language/java/#empty-dependency-version
@@ -133,44 +129,3 @@ func (v1 version) shouldOverride(v2 version) bool {
func (v1 version) String() string {
return v1.ver
}
func evaluateVariable(s string, props map[string]string, seenProps []string) string {
if props == nil {
props = make(map[string]string)
}
for _, m := range varRegexp.FindAllStringSubmatch(s, -1) {
var newValue string
// env.X: https://maven.apache.org/pom.html#Properties
// e.g. env.PATH
if strings.HasPrefix(m[1], "env.") {
newValue = os.Getenv(strings.TrimPrefix(m[1], "env."))
} else {
// <properties> might include another property.
// e.g. <animal.sniffer.skip>${skipTests}</animal.sniffer.skip>
ss, ok := props[m[1]]
if ok {
// search for looped properties
if slices.Contains(seenProps, ss) {
printLoopedPropertiesStack(m[0], seenProps)
return ""
}
seenProps = append(seenProps, ss) // save evaluated props to check if we get this prop again
newValue = evaluateVariable(ss, props, seenProps)
seenProps = []string{} // clear props if we returned from recursive. Required for correct work with 2 same props like ${foo}-${foo}
}
}
s = strings.ReplaceAll(s, m[0], newValue)
}
return strings.TrimSpace(s)
}
func printLoopedPropertiesStack(env string, usedProps []string) {
var s string
for _, prop := range usedProps {
s += fmt.Sprintf("%s -> ", prop)
}
log.Warn("Lopped properties were detected", log.String("prop", s+env))
}

13
pkg/dependency/parser/java/pom/parse.go
View File

@@ -23,6 +23,7 @@ import (
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/set"
xhttp "github.com/aquasecurity/trivy/pkg/x/http"
xio "github.com/aquasecurity/trivy/pkg/x/io"
)
@@ -742,7 +743,7 @@ func (p *Parser) fetchPomFileNameFromMavenMetadata(repo string, paths []string)
return "", nil
}
client := &http.Client{}
client := xhttp.Client()
resp, err := client.Do(req)
if err != nil {
p.logger.Debug("Failed to fetch", log.String("url", req.URL.String()), log.Err(err))
@@ -776,7 +777,7 @@ func (p *Parser) fetchPOMFromRemoteRepository(repo string, paths []string) (*pom
return nil, nil
}
client := &http.Client{}
client := xhttp.Client()
resp, err := client.Do(req)
if err != nil {
p.logger.Debug("Failed to fetch", log.String("url", req.URL.String()), log.Err(err))
@@ -832,3 +833,11 @@ func packageID(name, version string) string {
func isSnapshot(ver string) bool {
return strings.HasSuffix(ver, "SNAPSHOT") || ver == "LATEST"
}
func isDirectory(path string) (bool, error) {
fileInfo, err := os.Stat(path)
if err != nil {
return false, err
}
return fileInfo.IsDir(), err
}

12
pkg/dependency/parser/java/pom/settings.go
View File

@@ -76,5 +76,17 @@ func openSettings(filePath string) (settings, error) {
if err = decoder.Decode(&s); err != nil {
return settings{}, err
}
expandAllEnvPlaceholders(&s)
return s, nil
}
func expandAllEnvPlaceholders(s *settings) {
s.LocalRepository = evaluateVariable(s.LocalRepository, nil, nil)
for i, server := range s.Servers {
s.Servers[i].ID = evaluateVariable(server.ID, nil, nil)
s.Servers[i].Username = evaluateVariable(server.Username, nil, nil)
s.Servers[i].Password = evaluateVariable(server.Password, nil, nil)
}
}

29
pkg/dependency/parser/java/pom/settings_test.go
View File

@@ -122,6 +122,35 @@ func Test_ReadSettings(t *testing.T) {
},
wantSettings: settings{},
},
{
name: "environment placeholders are dereferenced",
envs: map[string]string{
"HOME": filepath.Join("testdata", "settings", "user-settings-with-env-placeholders"),
"MAVEN_HOME": "NOT_EXISTING_PATH",
"LOCAL_REPO_PT_1": "part1",
"LOCAL_REPO_PT_2": "part2",
"SERVER_ID": "server-id-from-env",
"USERNAME": "username-from-env",
"PASSWORD": "password-from-env",
},
wantSettings: settings{
LocalRepository: "part1/part2/.m2/repository",
Servers: []Server{
{
ID: "user-server",
},
{
ID: "server-id-from-env",
Username: "username-from-env",
Password: "password-from-env",
},
{
ID: "server-with-name-only",
Username: "test-user-only",
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {

21
pkg/dependency/parser/java/pom/testdata/settings/user-settings-with-env-placeholders/.m2/settings.xml vendored Executable file
View File

@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>${env.LOCAL_REPO_PT_1}/${env.LOCAL_REPO_PT_2}/.m2/repository</localRepository>
<servers>
<server>
<id>user-server</id>
</server>
<server>
<id>${env.SERVER_ID}</id>
<username>${env.USERNAME}</username>
<password>${env.PASSWORD}</password>
</server>
<server>
<id>server-with-name-only</id>
<username>test-user-only</username>
</server>
</servers>
</settings>

21
pkg/dependency/parser/java/pom/utils.go
View File

@@ -1,21 +0,0 @@
package pom
import (
"os"
"strings"
)
func isDirectory(path string) (bool, error) {
fileInfo, err := os.Stat(path)
if err != nil {
return false, err
}
return fileInfo.IsDir(), err
}
func isProperty(version string) bool {
if version != "" && strings.HasPrefix(version, "${") && strings.HasSuffix(version, "}") {
return true
}
return false
}

61
pkg/dependency/parser/java/pom/var.go Normal file
View File

@@ -0,0 +1,61 @@
package pom
import (
"fmt"
"os"
"regexp"
"slices"
"strings"
"github.com/aquasecurity/trivy/pkg/log"
)
var varRegexp = regexp.MustCompile(`\${(\S+?)}`)
func isProperty(s string) bool {
if s != "" && strings.HasPrefix(s, "${") && strings.HasSuffix(s, "}") {
return true
}
return false
}
func evaluateVariable(s string, props map[string]string, seenProps []string) string {
if props == nil {
props = make(map[string]string)
}
for _, m := range varRegexp.FindAllStringSubmatch(s, -1) {
var newValue string
// env.X: https://maven.apache.org/pom.html#Properties
// e.g. env.PATH
if strings.HasPrefix(m[1], "env.") {
newValue = os.Getenv(strings.TrimPrefix(m[1], "env."))
} else {
// <properties> might include another property.
// e.g. <animal.sniffer.skip>${skipTests}</animal.sniffer.skip>
ss, ok := props[m[1]]
if ok {
// search for looped properties
if slices.Contains(seenProps, ss) {
printLoopedPropertiesStack(m[0], seenProps)
return ""
}
seenProps = append(seenProps, ss) // save evaluated props to check if we get this prop again
newValue = evaluateVariable(ss, props, seenProps)
seenProps = []string{} // clear props if we returned from recursive. Required for correct work with 2 same props like ${foo}-${foo}
}
}
s = strings.ReplaceAll(s, m[0], newValue)
}
return strings.TrimSpace(s)
}
func printLoopedPropertiesStack(env string, usedProps []string) {
var s string
for _, prop := range usedProps {
s += fmt.Sprintf("%s -> ", prop)
}
log.Warn("Lopped properties were detected", log.String("prop", s+env))
}

21
pkg/dependency/parser/nodejs/bun/parse.go
View File

@@ -58,12 +58,23 @@ func (p *ParsedPackage) UnmarshalJSON(data []byte) error {
return err
}
if len(raw) > 2 {
if err := json.Unmarshal(raw[2], &p.Meta); err != nil {
return err
}
// When package contains only package field [pkg: string]
// cf. https://github.com/oven-sh/bun/blob/61e03a275885b9b48f7a28f6dfbbbe1156eedca6/packages/bun-types/bun.d.ts#L7751
if len(raw) == 1 {
return nil
}
return nil
// Meta can be 2 or 3 array elements
// [pkg: string, info: BunLockFilePackageInfo]
// [pkg: string, info: BunLockFilePackageInfo, bunTag: string]
// [pkg: string, info: Pick<BunLockFileBasePackageInfo, "bin" | "binDir">]
// [pkg: string, registry: string, info: BunLockFilePackageInfo, integrity: string]
// cf.https://github.com/oven-sh/bun/blob/61e03a275885b9b48f7a28f6dfbbbe1156eedca6/packages/bun-types/bun.d.ts#L7745-L7755
metaRaw := raw[1]
if len(raw) > 3 {
metaRaw = raw[2]
}
return json.Unmarshal(metaRaw, &p.Meta)
}
func (p *Parser) Parse(r xio.ReadSeekerAt) ([]ftypes.Package, []ftypes.Dependency, error) {

4
pkg/dependency/parser/nodejs/bun/testdata/bun_happy.lock vendored
View File

@@ -19,11 +19,11 @@
"@types/node": ["@types/node@22.15.18", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-v1DKRfUdyW+jJhZNEI1PYy29S2YRxMV5AOO/x/SjKmW0acCIOqmbj6Haf9eHAhsPmrhlHSxEhv/1WszcLWV4cg=="],
"bun-types": ["bun-types@1.2.13", "", { "dependencies": { "@types/node": "*" } }, "sha512-rRjA1T6n7wto4gxhAO/ErZEtOXyEZEmnIHQfl0Dt1QQSB4QV0iP6BZ9/YB5fZaHFQ2dwHFrmPaRQ9GGMX01k9Q=="],
"bun-types": ["bun-types@1.2.13", { "dependencies": { "@types/node": "*" } }, "sha512-rRjA1T6n7wto4gxhAO/ErZEtOXyEZEmnIHQfl0Dt1QQSB4QV0iP6BZ9/YB5fZaHFQ2dwHFrmPaRQ9GGMX01k9Q=="],
"typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="],
"undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
"undici-types": ["undici-types@6.21.0"],
"zod": ["zod@3.24.4", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-OdqJE9UDRPwWsrHjLN2F8bPxvwJBK22EHLWtanu0LSYr5YqzsaaW3RMgmjwr8Rypg5k+meEJdSPXJZXE/yqOMg=="],
}

4
pkg/dependency/parser/ruby/gemspec/parse.go
View File

@@ -123,12 +123,12 @@ func trim(s string) string {
func parseLicenses(s string) string {
// e.g. `"Ruby".freeze, "BSDL".freeze`
// => {"\"Ruby\".freeze", "\"BSDL\".freeze"}
ss := strings.Split(s, ",")
ss := strings.SplitSeq(s, ",")
// e.g. {"\"Ruby\".freeze", "\"BSDL\".freeze"}
// => {"Ruby", "BSDL"}
var licenses []string
for _, l := range ss {
for l := range ss {
licenses = append(licenses, trim(l))
}

2
pkg/detector/library/driver.go
View File

@@ -148,7 +148,7 @@ func createFixedVersions(advisory dbTypes.Advisory) string {
var fixedVersions []string
for _, version := range advisory.VulnerableVersions {
for _, s := range strings.Split(version, ",") {
for s := range strings.SplitSeq(version, ",") {
s = strings.TrimSpace(s)
if !strings.HasPrefix(s, "<=") && strings.HasPrefix(s, "<") {
s = strings.TrimPrefix(s, "<")

1
pkg/detector/ospkg/alpine/alpine.go
View File

@@ -48,6 +48,7 @@ var eolDates = map[string]time.Time{
"3.19": time.Date(2025, 11, 1, 23, 59, 59, 0, time.UTC),
"3.20": time.Date(2026, 4, 1, 23, 59, 59, 0, time.UTC),
"3.21": time.Date(2026, 12, 5, 23, 59, 59, 0, time.UTC),
"3.22": time.Date(2027, 4, 30, 23, 59, 59, 0, time.UTC),
"edge": time.Date(9999, 1, 1, 0, 0, 0, 0, time.UTC),
}

40
pkg/detector/ospkg/detect.go
View File

@@ -14,12 +14,14 @@ import (
"github.com/aquasecurity/trivy/pkg/detector/ospkg/bottlerocket"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/chainguard"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/debian"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/driver"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/echo"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/minimos"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/oracle"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/photon"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/rocky"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/rootio"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/suse"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/wolfi"
@@ -32,7 +34,7 @@ var (
// ErrUnsupportedOS defines error for unsupported OS
ErrUnsupportedOS = xerrors.New("unsupported os")
drivers = map[ftypes.OSType]Driver{
drivers = map[ftypes.OSType]driver.Driver{
ftypes.Alpine: alpine.NewScanner(),
ftypes.Alma: alma.NewScanner(),
ftypes.Amazon: amazon.NewScanner(),
@@ -55,36 +57,36 @@ var (
ftypes.Echo: echo.NewScanner(),
ftypes.MinimOS: minimos.NewScanner(),
}
// providers dynamically generate drivers based on package information
// and environment detection. They are tried before standard OS-specific drivers.
providers = []driver.Provider{
rootio.Provider,
}
)
// RegisterDriver is defined for extensibility and not supposed to be used in Trivy.
func RegisterDriver(name ftypes.OSType, driver Driver) {
drivers[name] = driver
}
// Driver defines operations for OS package scan
type Driver interface {
Detect(context.Context, string, *ftypes.Repository, []ftypes.Package) ([]types.DetectedVulnerability, error)
IsSupportedVersion(context.Context, ftypes.OSType, string) bool
func RegisterDriver(name ftypes.OSType, drv driver.Driver) {
drivers[name] = drv
}
// Detect detects the vulnerabilities
func Detect(ctx context.Context, _, osFamily ftypes.OSType, osName string, repo *ftypes.Repository, _ time.Time, pkgs []ftypes.Package) ([]types.DetectedVulnerability, bool, error) {
ctx = log.WithContextPrefix(ctx, string(osFamily))
driver, err := newDriver(osFamily)
d, err := newDriver(osFamily, pkgs)
if err != nil {
return nil, false, ErrUnsupportedOS
}
eosl := !driver.IsSupportedVersion(ctx, osFamily, osName)
eosl := !d.IsSupportedVersion(ctx, osFamily, osName)
// Package `gpg-pubkey` doesn't use the correct version.
// We don't need to find vulnerabilities for this package.
filteredPkgs := lo.Filter(pkgs, func(pkg ftypes.Package, _ int) bool {
return pkg.Name != "gpg-pubkey"
})
vulns, err := driver.Detect(ctx, osName, repo, filteredPkgs)
vulns, err := d.Detect(ctx, osName, repo, filteredPkgs)
if err != nil {
return nil, false, xerrors.Errorf("failed detection: %w", err)
}
@@ -92,9 +94,17 @@ func Detect(ctx context.Context, _, osFamily ftypes.OSType, osName string, repo
return vulns, eosl, nil
}
func newDriver(osFamily ftypes.OSType) (Driver, error) {
if driver, ok := drivers[osFamily]; ok {
return driver, nil
func newDriver(osFamily ftypes.OSType, pkgs []ftypes.Package) (driver.Driver, error) {
// Try providers first
for _, provider := range providers {
if d := provider(osFamily, pkgs); d != nil {
return d, nil
}
}
// Fall back to standard drivers
if d, ok := drivers[osFamily]; ok {
return d, nil
}
log.Warn("Unsupported os", log.String("family", string(osFamily)))

17
pkg/detector/ospkg/driver/driver.go Normal file
View File

@@ -0,0 +1,17 @@
package driver
import (
"context"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
)
// Driver defines operations for OS package scan
type Driver interface {
Detect(context.Context, string, *ftypes.Repository, []ftypes.Package) ([]types.DetectedVulnerability, error)
IsSupportedVersion(context.Context, ftypes.OSType, string) bool
}
// Provider creates a specialized driver based on the environment
type Provider func(osFamily ftypes.OSType, pkgs []ftypes.Package) Driver

7
pkg/detector/ospkg/redhat/redhat.go
View File

@@ -47,9 +47,10 @@ var (
"5": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
"6": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
// N/A
"7": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"8": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"9": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"7": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"8": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"9": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"10": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
}
centosEOLDates = map[string]time.Time{
"3": time.Date(2010, 10, 31, 23, 59, 59, 0, time.UTC),

46
pkg/detector/ospkg/rootio/provider.go Normal file
View File

@@ -0,0 +1,46 @@
package rootio
import (
"regexp"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/driver"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/scan/utils"
)
var (
// debianRootIOPattern matches Debian/Ubuntu Root.io version pattern: .root.io
debianRootIOPattern = regexp.MustCompile(`\.root\.io`)
// alpineRootIOPattern matches Alpine Root.io version pattern: -r\d007\d (e.g., -r10071, -r20072)
alpineRootIOPattern = regexp.MustCompile(`-r\d007\d`)
)
// Provider creates a Root.io driver if Root.io packages are detected
func Provider(osFamily ftypes.OSType, pkgs []ftypes.Package) driver.Driver {
if !isRootIOEnvironment(osFamily, pkgs) {
return nil
}
return NewScanner(osFamily)
}
// isRootIOEnvironment detects if the environment is Root.io based on package suffixes
func isRootIOEnvironment(osFamily ftypes.OSType, pkgs []ftypes.Package) bool {
switch osFamily {
case ftypes.Debian, ftypes.Ubuntu:
return hasPackageWithPattern(pkgs, debianRootIOPattern)
case ftypes.Alpine:
return hasPackageWithPattern(pkgs, alpineRootIOPattern)
default:
return false
}
}
// hasPackageWithPattern checks if any package version matches the specified pattern
func hasPackageWithPattern(pkgs []ftypes.Package, pattern *regexp.Regexp) bool {
for _, pkg := range pkgs {
if pattern.MatchString(utils.FormatVersion(pkg)) {
return true
}
}
return false
}

118
pkg/detector/ospkg/rootio/provider_test.go Normal file
View File

@@ -0,0 +1,118 @@
package rootio_test
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/rootio"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
)
func TestProvider(t *testing.T) {
tests := []struct {
name string
osFamily ftypes.OSType
pkgs []ftypes.Package
want bool // true if driver should be returned, false if nil
}{
{
name: "Debian with .root.io package",
osFamily: ftypes.Debian,
pkgs: []ftypes.Package{
{Name: "libc6", Version: "2.31", Release: "13+deb11u4.root.io"},
{Name: "bash", Version: "5.1-2+deb11u1"},
},
want: true,
},
{
name: "Ubuntu with .root.io package",
osFamily: ftypes.Ubuntu,
pkgs: []ftypes.Package{
{Name: "libc6", Version: "2.31-0ubuntu9.9.root.io"},
{Name: "bash", Version: "5.1-6ubuntu1"},
},
want: true,
},
{
name: "Alpine with Root.io pattern package",
osFamily: ftypes.Alpine,
pkgs: []ftypes.Package{
{Name: "musl", Version: "1.2.3-r10071"},
{Name: "busybox", Version: "1.35.0-r17"},
},
want: true,
},
{
name: "Debian without .root.io package",
osFamily: ftypes.Debian,
pkgs: []ftypes.Package{
{Name: "libc6", Version: "2.31-13+deb11u4"},
{Name: "bash", Version: "5.1-2+deb11u1"},
},
want: false,
},
{
name: "Ubuntu without .root.io package",
osFamily: ftypes.Ubuntu,
pkgs: []ftypes.Package{
{Name: "libc6", Version: "2.31-0ubuntu9.9"},
{Name: "bash", Version: "5.1-6ubuntu1"},
},
want: false,
},
{
name: "Alpine without Root.io pattern package",
osFamily: ftypes.Alpine,
pkgs: []ftypes.Package{
{Name: "musl", Version: "1.2.3-r0"},
{Name: "busybox", Version: "1.35.0-r17"},
},
want: false,
},
{
name: "Unsupported OS family",
osFamily: ftypes.RedHat,
pkgs: []ftypes.Package{
{Name: "glibc", Version: "2.28-151.el8.root.io"},
},
want: false,
},
{
name: "Empty package list",
osFamily: ftypes.Debian,
pkgs: []ftypes.Package{},
want: false,
},
{
name: "Multiple .root.io packages",
osFamily: ftypes.Debian,
pkgs: []ftypes.Package{
{Name: "libc6", Version: "2.31-13+deb11u4.root.io"},
{Name: "openssl", Version: "1.1.1n-0+deb11u3.root.io"},
},
want: true,
},
{
name: "Multiple Alpine Root.io pattern packages",
osFamily: ftypes.Alpine,
pkgs: []ftypes.Package{
{Name: "musl", Version: "1.2.3-r20072"},
{Name: "openssl", Version: "1.1.1t-r10071"},
},
want: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
driver := rootio.Provider(tt.osFamily, tt.pkgs)
if tt.want {
require.NotNil(t, driver, "Provider should return a driver for Root.io environment")
} else {
assert.Nil(t, driver, "Provider should return nil for non-Root.io environment")
}
})
}
}

140
pkg/detector/ospkg/rootio/rootio.go Normal file
View File

@@ -0,0 +1,140 @@
package rootio
import (
"context"
"strings"
"golang.org/x/xerrors"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/rootio"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/version"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scan/utils"
"github.com/aquasecurity/trivy/pkg/types"
)
// Scanner implements the Root.io scanner
type Scanner struct {
comparer version.Comparer
vsg rootio.VulnSrcGetter
versionTrimmer func(string) string
logger *log.Logger
}
// NewScanner is the factory method for Scanner
func NewScanner(baseOS ftypes.OSType) *Scanner {
var comparer version.Comparer
var vsg rootio.VulnSrcGetter
var versionTrimmer func(string) string
switch baseOS {
case ftypes.Debian:
comparer = version.NewDEBComparer()
vsg = rootio.NewVulnSrcGetter(vulnerability.Debian)
versionTrimmer = version.Major
case ftypes.Ubuntu:
comparer = version.NewDEBComparer()
vsg = rootio.NewVulnSrcGetter(vulnerability.Ubuntu)
versionTrimmer = version.Minor
case ftypes.Alpine:
comparer = version.NewAPKComparer()
vsg = rootio.NewVulnSrcGetter(vulnerability.Alpine)
versionTrimmer = version.Minor
default:
// Should never happen as it's validated in the provider
comparer = version.NewDEBComparer()
vsg = rootio.NewVulnSrcGetter(vulnerability.Debian)
versionTrimmer = version.Major
}
return &Scanner{
comparer: comparer,
vsg: vsg,
versionTrimmer: versionTrimmer,
logger: log.WithPrefix("rootio"),
}
}
// Detect vulnerabilities in package using Root.io scanner
func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
// Trim patch/minor part of osVer.
// e.g. "12.0.1" -> "12" (Debian), "24.04.1" -> "24.04" (Ubuntu), "3.17.2" -> "3.17" (Alpine)
osVer = s.versionTrimmer(osVer)
log.InfoContext(ctx, "Detecting vulnerabilities...", log.String("os_version", osVer), log.Int("pkg_num", len(pkgs)))
var vulns []types.DetectedVulnerability
for _, pkg := range pkgs {
srcName := pkg.SrcName
if srcName == "" {
srcName = pkg.Name
}
advisories, err := s.vsg.Get(osVer, srcName)
if err != nil {
return nil, xerrors.Errorf("failed to get Root.io advisories: %w", err)
}
for _, adv := range advisories {
if !s.isVulnerable(ctx, utils.FormatSrcVersion(pkg), adv) {
continue
}
vulns = append(vulns, types.DetectedVulnerability{
VulnerabilityID: adv.VulnerabilityID,
PkgID: pkg.ID,
PkgName: pkg.Name,
InstalledVersion: utils.FormatVersion(pkg),
FixedVersion: strings.Join(adv.PatchedVersions, ", "),
Layer: pkg.Layer,
PkgIdentifier: pkg.Identifier,
Custom: adv.Custom,
DataSource: adv.DataSource,
})
}
}
return vulns, nil
}
func (s *Scanner) isVulnerable(ctx context.Context, installedVersion string, adv dbTypes.Advisory) bool {
// Handle unfixed vulnerabilities
if len(adv.VulnerableVersions) == 0 {
// If no vulnerable versions are specified, it means the package is always vulnerable
return true
}
// For fixed vulnerabilities, check if installed version satisfies the constraint
return s.checkConstraints(ctx, installedVersion, adv.VulnerableVersions)
}
func (s *Scanner) checkConstraints(ctx context.Context, installedVersion string, constraintsStr []string) bool {
if installedVersion == "" {
return false
}
for _, constraintStr := range constraintsStr {
constraints, err := version.NewConstraints(constraintStr, s.comparer)
if err != nil {
s.logger.DebugContext(ctx, "Failed to parse constraints",
log.String("constraints", constraintStr), log.Err(err))
return false
}
if satisfied, err := constraints.Check(installedVersion); err != nil {
s.logger.DebugContext(ctx, "Failed to check version constraints",
log.String("version", installedVersion),
log.String("constraints", constraintStr), log.Err(err))
return false
} else if satisfied {
return true
}
}
return false
}
// IsSupportedVersion checks if the version is supported.
// Root.io creates fixes for EOL distributions, so we assume all versions are supported.
func (s *Scanner) IsSupportedVersion(_ context.Context, _ ftypes.OSType, _ string) bool {
return true
}

143
pkg/detector/ospkg/rootio/rootio_private_test.go Normal file
View File

@@ -0,0 +1,143 @@
package rootio
import (
"testing"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy-db/pkg/types"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
)
func TestScanner_IsVulnerable(t *testing.T) {
tests := []struct {
name string
installedVersion string
vulnerableRanges []string
want bool
}{
{
name: "Installed vulnerable vendor version. There is no fix",
installedVersion: "1.0.0",
vulnerableRanges: []string{},
want: true,
},
{
name: "Installed vulnerable vendor version, fix by vendor",
installedVersion: "1.0.0",
vulnerableRanges: []string{
"<1.0.0-2",
},
want: true,
},
{
name: "Installed non-vulnerable vendor version, fix by vendor",
installedVersion: "1.0.0-2",
vulnerableRanges: []string{
"<1.0.0-2",
},
want: false,
},
{
name: "Installed vulnerable vendor version, fix by root.io (root.io version)",
installedVersion: "1.0.0-2",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
},
want: true,
},
{
name: "Installed non-vulnerable vendor version, fix by root.io (root.io version)",
installedVersion: "1.0.0-3",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
},
want: false,
},
{
name: "Installed vulnerable vendor version, fix by root.io (root.io + vendor versions)",
installedVersion: "1.0.0-2",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
">=1.0.0-2 <1.0.0-3",
},
want: true,
},
{
name: "Installed non-vulnerable vendor version, fix by root.io (root.io + vendor versions)",
installedVersion: "1.0.0-3",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
">=1.0.0-2 <1.0.0-3",
},
want: false,
},
{
name: "Installed vulnerable root.io version, fix by root.io",
installedVersion: "1.0.0-1.root.io",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
},
want: true,
},
{
name: "Installed non-vulnerable root.io version, fix by root.io",
installedVersion: "1.0.0-2.root.io",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
},
want: false,
},
{
name: "Installed vulnerable root.io version, fix by vendor",
installedVersion: "1.0.0-1.root.io",
vulnerableRanges: []string{
"<1.0.0-2",
},
want: true,
},
{
name: "Installed non-vulnerable root.io version, fix by vendor",
installedVersion: "1.0.0-2.root.io",
vulnerableRanges: []string{
"<1.0.0-1",
},
want: false,
},
{
name: "Installed vulnerable root.io version, fix by root.io (root.io + vendor versions)",
installedVersion: "1.0.0-1.root.io",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
">=1.0.0-2 <1.0.0-2",
},
want: true,
},
{
name: "Installed non-vulnerable root.io version, fix by root.io (root.io + vendor versions)",
installedVersion: "1.0.0-2.root.io",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
">=1.0.0-2 <1.0.0-2",
},
want: false,
},
{
name: "Installed non-vulnerable root.io version, fix by root.io (root.io + root.io + vendor versions)",
installedVersion: "1.0.0-2.root.io",
vulnerableRanges: []string{
"<1.0.0-2.root.io",
">1.0.0-2.root.io <1.0.0-2",
},
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
scanner := NewScanner(ftypes.Debian)
vulnerable := scanner.isVulnerable(t.Context(), tt.installedVersion, types.Advisory{VulnerableVersions: tt.vulnerableRanges})
require.Equal(t, tt.want, vulnerable)
})
}
}

163
pkg/detector/ospkg/rootio/rootio_test.go Normal file
View File

@@ -0,0 +1,163 @@
package rootio_test
import (
"testing"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy-db/pkg/db"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/internal/dbtest"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/rootio"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
)
func TestScanner_Detect(t *testing.T) {
type args struct {
osVer string
pkgs []ftypes.Package
}
tests := []struct {
name string
baseOS ftypes.OSType
fixtures []string
args args
want []types.DetectedVulnerability
wantErr string
}{
{
name: "Debian scanner",
baseOS: ftypes.Debian,
fixtures: []string{
"testdata/fixtures/rootio.yaml",
"testdata/fixtures/data-source.yaml",
},
args: args{
osVer: "12",
pkgs: []ftypes.Package{
{
Name: "openssl",
Version: "3.0.15-1~deb12u1.root.io.0",
SrcName: "openssl",
SrcVersion: "3.0.15-1~deb12u1.root.io.0",
},
},
},
want: []types.DetectedVulnerability{
{
PkgName: "openssl",
VulnerabilityID: "CVE-2024-13176",
InstalledVersion: "3.0.15-1~deb12u1.root.io.0",
FixedVersion: "3.0.15-1~deb12u1.root.io.1, 3.0.16-1~deb12u1",
DataSource: &dbTypes.DataSource{
ID: vulnerability.RootIO,
Name: "Root.io Security Patches",
URL: "https://api.root.io/external/patch_feed",
},
},
},
},
{
name: "Ubuntu scanner",
baseOS: ftypes.Ubuntu,
fixtures: []string{
"testdata/fixtures/rootio.yaml",
"testdata/fixtures/data-source.yaml",
},
args: args{
osVer: "20.04",
pkgs: []ftypes.Package{
{
Name: "nginx",
Version: "1.22.1-9+deb12u2.root.io.0",
SrcName: "nginx",
SrcVersion: "1.22.1-9+deb12u2.root.io.0",
},
},
},
want: []types.DetectedVulnerability{
{
PkgName: "nginx",
VulnerabilityID: "CVE-2023-44487",
InstalledVersion: "1.22.1-9+deb12u2.root.io.0",
FixedVersion: "1.22.1-9+deb12u2.root.io.1",
DataSource: &dbTypes.DataSource{
ID: vulnerability.RootIO,
Name: "Root.io Security Patches",
URL: "https://api.root.io/external/patch_feed",
},
},
},
},
{
name: "Alpine scanner",
baseOS: ftypes.Alpine,
fixtures: []string{
"testdata/fixtures/rootio.yaml",
"testdata/fixtures/data-source.yaml",
},
args: args{
osVer: "3.19.3",
pkgs: []ftypes.Package{
{
Name: "less",
Version: "643-r00072",
SrcName: "less",
SrcVersion: "643-r00072",
},
},
},
want: []types.DetectedVulnerability{
{
PkgName: "less",
VulnerabilityID: "CVE-2024-32487",
InstalledVersion: "643-r00072",
FixedVersion: "643-r10072",
DataSource: &dbTypes.DataSource{
ID: vulnerability.RootIO,
Name: "Root.io Security Patches",
URL: "https://api.root.io/external/patch_feed",
},
},
},
},
{
name: "Get returns an error",
baseOS: ftypes.Alpine,
fixtures: []string{
"testdata/fixtures/invalid.yaml",
"testdata/fixtures/data-source.yaml",
},
args: args{
osVer: "3.20",
pkgs: []ftypes.Package{
{
Name: "jq",
Version: "1.5-12",
SrcName: "jq",
SrcVersion: "1.5-12",
},
},
},
wantErr: "failed to get Root.io advisories",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_ = dbtest.InitDB(t, tt.fixtures)
defer db.Close()
scanner := rootio.NewScanner(tt.baseOS)
got, err := scanner.Detect(t.Context(), tt.args.osVer, nil, tt.args.pkgs)
if tt.wantErr != "" {
require.ErrorContains(t, err, tt.wantErr)
return
}
require.NoError(t, err)
require.Equal(t, tt.want, got)
})
}
}

17
pkg/detector/ospkg/rootio/testdata/fixtures/data-source.yaml vendored Normal file
View File

@@ -0,0 +1,17 @@
- bucket: data-source
pairs:
- key: root.io debian 12
value:
ID: "rootio"
Name: "Root.io Security Patches"
URL: "https://api.root.io/external/patch_feed"
- key: root.io ubuntu 20.04
value:
ID: "rootio"
Name: "Root.io Security Patches"
URL: "https://api.root.io/external/patch_feed"
- key: root.io alpine 3.19
value:
ID: "rootio"
Name: "Root.io Security Patches"
URL: "https://api.root.io/external/patch_feed"

9
pkg/detector/ospkg/rootio/testdata/fixtures/invalid.yaml vendored Normal file
View File

@@ -0,0 +1,9 @@
- bucket: root.io alpine 3.20
pairs:
- bucket: jq
pairs:
- key: CVE-2020-8177
value:
FixedVersion:
- foo
- bar

32
pkg/detector/ospkg/rootio/testdata/fixtures/rootio.yaml vendored Normal file
View File

@@ -0,0 +1,32 @@
- bucket: root.io debian 12
pairs:
- bucket: openssl
pairs:
- key: CVE-2024-13176
value:
VulnerableVersions:
- "<3.0.15-1~deb12u1.root.io.1"
- ">3.0.15-1~deb12u1.root.io.1 <3.0.16-1~deb12u1"
PatchedVersions:
- "3.0.15-1~deb12u1.root.io.1"
- "3.0.16-1~deb12u1"
- bucket: root.io ubuntu 20.04
pairs:
- bucket: nginx
pairs:
- key: CVE-2023-44487
value:
VulnerableVersions:
- "<1.22.1-9+deb12u2.root.io.1"
PatchedVersions:
- "1.22.1-9+deb12u2.root.io.1"
- bucket: root.io alpine 3.19
pairs:
- bucket: less
pairs:
- key: CVE-2024-32487
value:
VulnerableVersions:
- "<643-r10072"
PatchedVersions:
- "643-r10072"

35
pkg/detector/ospkg/ubuntu/ubuntu.go
View File

@@ -54,7 +54,8 @@ var (
"18.10": time.Date(2019, 7, 18, 23, 59, 59, 0, time.UTC),
"19.04": time.Date(2020, 1, 18, 23, 59, 59, 0, time.UTC),
"19.10": time.Date(2020, 7, 17, 23, 59, 59, 0, time.UTC),
"20.04": time.Date(2025, 4, 23, 23, 59, 59, 0, time.UTC),
"20.04": time.Date(2025, 5, 31, 23, 59, 59, 0, time.UTC),
"20.04-ESM": time.Date(2030, 4, 30, 23, 59, 59, 0, time.UTC),
"20.10": time.Date(2021, 7, 22, 23, 59, 59, 0, time.UTC),
"21.04": time.Date(2022, 1, 20, 23, 59, 59, 0, time.UTC),
"21.10": time.Date(2022, 7, 14, 23, 59, 59, 0, time.UTC),
@@ -64,19 +65,36 @@ var (
"23.10": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
"24.04": time.Date(2034, 3, 31, 23, 59, 59, 0, time.UTC),
"24.10": time.Date(2025, 7, 9, 23, 59, 59, 0, time.UTC),
"25.04": time.Date(2026, 1, 16, 23, 59, 59, 0, time.UTC),
}
)
type Option func(*Scanner)
// WithEOLDates takes eol dates for testability
func WithEOLDates(dates map[string]time.Time) Option {
return func(s *Scanner) {
s.eolDates = dates
}
}
// Scanner implements the Ubuntu scanner
type Scanner struct {
vs ubuntu.VulnSrc
eolDates map[string]time.Time
vs ubuntu.VulnSrc
}
// NewScanner is the factory method for Scanner
func NewScanner() *Scanner {
return &Scanner{
vs: ubuntu.NewVulnSrc(),
func NewScanner(opts ...Option) *Scanner {
s := &Scanner{
eolDates: eolDates,
vs: ubuntu.NewVulnSrc(),
}
for _, opt := range opts {
opt(s)
}
return s
}
// Detect scans and returns the vulnerabilities
@@ -133,12 +151,13 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository
// IsSupportedVersion checks is OSFamily can be scanned using Ubuntu scanner
func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType, osVer string) bool {
return osver.Supported(ctx, eolDates, osFamily, osVer)
osVer = s.versionFromEolDates(ctx, osVer)
return osver.Supported(ctx, s.eolDates, osFamily, osVer)
}
// versionFromEolDates checks if actual (not ESM) version is not outdated
func (s *Scanner) versionFromEolDates(ctx context.Context, osVer string) string {
if _, ok := eolDates[osVer]; ok {
if _, ok := s.eolDates[osVer]; ok {
return osVer
}
@@ -148,7 +167,7 @@ func (s *Scanner) versionFromEolDates(ctx context.Context, osVer string) string
// then we need to get vulnerabilities for `18.04`
// if `18.04` is outdated - we need to use `18.04-ESM` (we will return error until we add `18.04-ESM` to eolDates)
ver := strings.TrimRight(osVer, "-ESM")
if eol, ok := eolDates[ver]; ok && clock.Now(ctx).Before(eol) {
if eol, ok := s.eolDates[ver]; ok && clock.Now(ctx).Before(eol) {
return ver
}
return osVer

79
pkg/detector/ospkg/ubuntu/ubuntu_test.go
View File

@@ -1,6 +1,7 @@
package ubuntu_test
import (
"bytes"
"sort"
"testing"
"time"
@@ -15,9 +16,20 @@ import (
"github.com/aquasecurity/trivy/pkg/clock"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
)
var testEOLDates = map[string]time.Time{
"12.04": time.Date(2019, 4, 26, 23, 59, 59, 0, time.UTC),
"12.04-ESM": time.Date(2019, 4, 28, 23, 59, 59, 0, time.UTC),
"18.04": time.Date(2023, 5, 31, 23, 59, 59, 0, time.UTC),
"18.04-ESM": time.Date(2028, 3, 31, 23, 59, 59, 0, time.UTC),
"19.04": time.Date(2020, 1, 18, 23, 59, 59, 0, time.UTC),
"20.04": time.Date(2025, 5, 31, 23, 59, 59, 0, time.UTC),
"21.04": time.Date(2022, 1, 20, 23, 59, 59, 0, time.UTC),
}
func TestScanner_Detect(t *testing.T) {
type args struct {
osVer string
@@ -180,7 +192,7 @@ func TestScanner_Detect(t *testing.T) {
_ = dbtest.InitDB(t, tt.fixtures)
defer db.Close()
s := ubuntu.NewScanner()
s := ubuntu.NewScanner(ubuntu.WithEOLDates(testEOLDates))
got, err := s.Detect(ctx, tt.args.osVer, nil, tt.args.pkgs)
if tt.wantErr != "" {
require.ErrorContains(t, err, tt.wantErr)
@@ -201,10 +213,11 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
osVer string
}
tests := []struct {
name string
now time.Time
args args
want bool
name string
now time.Time
args args
want bool
wantLog string
}{
{
name: "ubuntu 12.04 eol ends",
@@ -216,7 +229,7 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
want: true,
},
{
name: "ubuntu12.04",
name: "ubuntu 12.04",
now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC),
args: args{
osFamily: "ubuntu",
@@ -225,16 +238,7 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
want: false,
},
{
name: "ubuntu 18.04 ESM. 18.04 is not outdated",
now: time.Date(2022, 4, 31, 23, 59, 59, 0, time.UTC),
args: args{
osFamily: "ubuntu",
osVer: "18.04-ESM",
},
want: true,
},
{
name: "ubuntu 18.04 ESM. 18.04 is outdated",
name: "ubuntu 18.04 ESM and 18.04 are outdated",
now: time.Date(2030, 4, 31, 23, 59, 59, 0, time.UTC),
args: args{
osFamily: "ubuntu",
@@ -242,6 +246,34 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
},
want: false,
},
{
name: "ubuntu 18.04 ESM. Only 18.04 is outdated",
now: time.Date(2027, 4, 31, 23, 59, 59, 0, time.UTC),
args: args{
osFamily: "ubuntu",
osVer: "18.04-ESM",
},
want: true,
},
{
name: "ubuntu 20.04 ESM. 20.04 is not outdated, 20.04 ESM not added in EOL dates",
now: time.Date(2022, 4, 31, 23, 59, 59, 0, time.UTC),
args: args{
osFamily: "ubuntu",
osVer: "20.04-ESM",
},
want: true,
},
{
name: "ubuntu 20.04 ESM. 20.04 is outdated, 20.04 ESM not added in EOL dates",
now: time.Date(2030, 4, 31, 23, 59, 59, 0, time.UTC),
args: args{
osFamily: "ubuntu",
osVer: "20.04-ESM",
},
want: true,
wantLog: "This OS version is not on the EOL list\tfamily=\"ubuntu\" version=\"20.04-ESM\"",
},
{
name: "latest",
now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC),
@@ -249,15 +281,26 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
osFamily: "ubuntu",
osVer: "99.04",
},
want: true,
want: true,
wantLog: "This OS version is not on the EOL list\tfamily=\"ubuntu\" version=\"99.04\"",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
out := bytes.NewBuffer(nil)
logger := log.New(log.NewHandler(out, &log.Options{Level: log.LevelInfo}))
log.SetDefault(logger)
ctx := clock.With(t.Context(), tt.now)
s := ubuntu.NewScanner()
s := ubuntu.NewScanner(ubuntu.WithEOLDates(testEOLDates))
got := s.IsSupportedVersion(ctx, tt.args.osFamily, tt.args.osVer)
assert.Equal(t, tt.want, got)
if out.Len() > 0 && tt.wantLog == "" {
t.Errorf("IsSupportedVersion() logs not expected. Found logs: %s", out.String())
return
}
assert.Contains(t, out.String(), tt.wantLog)
})
}
}

65
pkg/detector/ospkg/version/compare.go Normal file
View File

@@ -0,0 +1,65 @@
package version
import (
apkver "github.com/knqyf263/go-apk-version"
debver "github.com/knqyf263/go-deb-version"
)
// Comparer defines the interface for version comparison
type Comparer interface {
Compare(version1, version2 string) (int, error)
}
// DEBComparer implements Comparer for Debian/Ubuntu packages
type DEBComparer struct{}
// NewDEBComparer creates a new DEB version comparer
func NewDEBComparer() *DEBComparer {
return &DEBComparer{}
}
// Compare compares two Debian package versions
// Returns:
// - positive if version1 > version2
// - negative if version1 < version2
// - zero if version1 == version2
func (c *DEBComparer) Compare(version1, version2 string) (int, error) {
v1, err := debver.NewVersion(version1)
if err != nil {
return 0, err
}
v2, err := debver.NewVersion(version2)
if err != nil {
return 0, err
}
return v1.Compare(v2), nil
}
// APKComparer implements Comparer for Alpine packages
type APKComparer struct{}
// NewAPKComparer creates a new APK version comparer
func NewAPKComparer() *APKComparer {
return &APKComparer{}
}
// Compare compares two Alpine package versions
// Returns:
// - positive if version1 > version2
// - negative if version1 < version2
// - zero if version1 == version2
func (c *APKComparer) Compare(version1, version2 string) (int, error) {
v1, err := apkver.NewVersion(version1)
if err != nil {
return 0, err
}
v2, err := apkver.NewVersion(version2)
if err != nil {
return 0, err
}
return v1.Compare(v2), nil
}

152
pkg/detector/ospkg/version/compare_test.go Normal file
View File

@@ -0,0 +1,152 @@
package version_test
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/version"
)
func TestDEBComparer_Compare(t *testing.T) {
tests := []struct {
name string
version1 string
version2 string
want int
wantErr bool
}{
{
name: "equal versions",
version1: "1.2.3",
version2: "1.2.3",
want: 0,
},
{
name: "version1 greater",
version1: "1.2.4",
version2: "1.2.3",
want: 1,
},
{
name: "version1 less",
version1: "1.2.2",
version2: "1.2.3",
want: -1,
},
{
name: "with debian revision - equal base, different revision",
version1: "1.2.3-1",
version2: "1.2.3-2",
want: -1,
},
{
name: "with epoch - different epoch",
version1: "1:1.2.3",
version2: "2:1.2.3",
want: -1,
},
{
name: "with epoch and revision",
version1: "1:1.2.3-1",
version2: "1:1.2.3-2",
want: -1,
},
{
name: "ubuntu specific version",
version1: "1.2.3-1ubuntu1",
version2: "1.2.3-1ubuntu2",
want: -1,
},
{
name: "invalid version1",
version1: "invalid_version",
version2: "1.2.3",
wantErr: true,
},
{
name: "invalid version2",
version1: "1.2.3",
version2: "invalid_version",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := version.NewDEBComparer()
got, err := c.Compare(tt.version1, tt.version2)
if tt.wantErr {
assert.Error(t, err)
return
}
require.NoError(t, err)
assert.Equal(t, tt.want, got)
})
}
}
func TestAPKComparer_Compare(t *testing.T) {
tests := []struct {
name string
version1 string
version2 string
want int
wantErr bool
}{
{
name: "equal versions",
version1: "1.2.3",
version2: "1.2.3",
want: 0,
},
{
name: "version1 greater",
version1: "1.2.4",
version2: "1.2.3",
want: 1,
},
{
name: "version1 less",
version1: "1.2.2",
version2: "1.2.3",
want: -1,
},
{
name: "with alpine revision - equal base, different revision",
version1: "1.2.3-r0",
version2: "1.2.3-r1",
want: -1,
},
{
name: "pre-release versions",
version1: "1.2.3_pre1",
version2: "1.2.3",
want: -1,
},
{
name: "complex alpine version",
version1: "1.2.3-r0",
version2: "1.2.3_pre1-r0",
want: 1,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := version.NewAPKComparer()
got, err := c.Compare(tt.version1, tt.version2)
if tt.wantErr {
assert.Error(t, err)
return
}
require.NoError(t, err)
assert.Equal(t, tt.want, got)
})
}
}

195
pkg/detector/ospkg/version/constraint.go Normal file
View File

@@ -0,0 +1,195 @@
package version
import (
"regexp"
"strings"
"golang.org/x/xerrors"
)
// operatorFunc defines the signature for constraint operator functions
type operatorFunc func(v, c string, comparer Comparer) (bool, error)
// constraintOperators maps operator strings to their corresponding functions
var constraintOperators = map[string]operatorFunc{
"": constraintEqual,
"=": constraintEqual,
"==": constraintEqual,
"!=": constraintNotEqual,
">": constraintGreaterThan,
"<": constraintLessThan,
">=": constraintGreaterThanEqual,
"<=": constraintLessThanEqual,
}
// constraintRegex matches constraint patterns like ">=1.2.3", "<2.0.0", "==1.0.0"
// Version can contain numbers, dots, hyphens, plus signs, tildes, colons, and alphanumeric characters
var constraintRegex = regexp.MustCompile(`^(>=|<=|>|<|==|!=|=)?\s*([0-9]+[0-9a-zA-Z.\-+~:_]*)$`)
// constraint represents a single version constraint
type constraint struct {
version string
operator operatorFunc
original string
}
// Constraints represents a collection of constraints with a comparer
type Constraints struct {
constraints []*constraint
comparer Comparer
}
// NewConstraints creates a new Constraints from a constraint string and comparer
// Multiple constraints can be separated by commas or spaces
func NewConstraints(constraints string, comparer Comparer) (*Constraints, error) {
if constraints == "" {
return nil, xerrors.New("constraints string is empty")
}
var cs []*constraint
constraintList := splitConstraints(constraints)
for _, constraintStr := range constraintList {
constraintStr = strings.TrimSpace(constraintStr)
if constraintStr == "" {
continue
}
c, err := newConstraint(constraintStr)
if err != nil {
return nil, xerrors.Errorf("invalid constraint '%s': %w", constraintStr, err)
}
cs = append(cs, c)
}
return &Constraints{
constraints: cs,
comparer: comparer,
}, nil
}
// splitConstraints splits constraint string by comma or space, preferring comma
func splitConstraints(constraints string) []string {
// If contains comma, split by comma
if strings.Contains(constraints, ",") {
return strings.Split(constraints, ",")
}
// Otherwise, split by spaces
return strings.Fields(constraints)
}
// newConstraint creates a new constraint from a constraint string
func newConstraint(constraintStr string) (*constraint, error) {
constraintStr = strings.TrimSpace(constraintStr)
matches := constraintRegex.FindStringSubmatch(constraintStr)
if len(matches) != 3 {
return nil, xerrors.Errorf("invalid constraint format: %s", constraintStr)
}
op := matches[1]
version := strings.TrimSpace(matches[2])
operator, ok := constraintOperators[op]
if !ok {
return nil, xerrors.Errorf("unsupported operator: %s", op)
}
return &constraint{
version: version,
operator: operator,
original: constraintStr,
}, nil
}
// Check returns true if the given version satisfies the constraint
func (c *constraint) check(version string, comparer Comparer) (bool, error) {
return c.operator(version, c.version, comparer)
}
// String returns the original constraint string
func (c *constraint) String() string {
return c.original
}
// Check returns true if the given version satisfies any of the constraints
// Multiple constraints are combined with AND logic
func (cs *Constraints) Check(version string) (bool, error) {
if version == "" {
return false, xerrors.New("version is empty")
}
if len(cs.constraints) == 0 {
return false, xerrors.New("no constraints specified")
}
for _, c := range cs.constraints {
satisfied, err := c.check(version, cs.comparer)
if err != nil {
return false, err
}
if !satisfied {
return false, nil
}
}
return true, nil
}
// String returns the string representation of constraints
func (cs *Constraints) String() string {
var strs []string
for _, c := range cs.constraints {
strs = append(strs, c.String())
}
return strings.Join(strs, ", ")
}
// Constraint operator functions
func constraintEqual(v, c string, comparer Comparer) (bool, error) {
result, err := comparer.Compare(v, c)
if err != nil {
return false, err
}
return result == 0, nil
}
func constraintNotEqual(v, c string, comparer Comparer) (bool, error) {
result, err := comparer.Compare(v, c)
if err != nil {
return false, err
}
return result != 0, nil
}
func constraintGreaterThan(v, c string, comparer Comparer) (bool, error) {
result, err := comparer.Compare(v, c)
if err != nil {
return false, err
}
return result > 0, nil
}
func constraintLessThan(v, c string, comparer Comparer) (bool, error) {
result, err := comparer.Compare(v, c)
if err != nil {
return false, err
}
return result < 0, nil
}
func constraintGreaterThanEqual(v, c string, comparer Comparer) (bool, error) {
result, err := comparer.Compare(v, c)
if err != nil {
return false, err
}
return result >= 0, nil
}
func constraintLessThanEqual(v, c string, comparer Comparer) (bool, error) {
result, err := comparer.Compare(v, c)
if err != nil {
return false, err
}
return result <= 0, nil
}

Some files were not shown because too many files have changed in this diff Show More