forked from pool/trivy
95 lines
3.9 KiB
Diff
95 lines
3.9 KiB
Diff
|
From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
|
||
|
From: Marcus Meissner <meissner@suse.de>
|
||
|
Date: Wed, 19 Jun 2024 10:32:34 +0200
|
||
|
Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
|
||
|
|
||
|
needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
|
||
|
|
||
|
https://github.com/aquasecurity/trivy-db/issues/410
|
||
|
---
|
||
|
docs/docs/coverage/os/index.md | 1 +
|
||
|
docs/docs/coverage/os/suse.md | 5 +++--
|
||
|
pkg/detector/ospkg/detect.go | 1 +
|
||
|
pkg/detector/ospkg/suse/suse.go | 9 +++++++++
|
||
|
4 files changed, 14 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
|
||
|
index a8d2670d7d6..49982b1b2d6 100644
|
||
|
--- a/docs/docs/coverage/os/index.md
|
||
|
+++ b/docs/docs/coverage/os/index.md
|
||
|
@@ -22,6 +22,7 @@ Trivy supports operating systems for
|
||
|
| [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm |
|
||
|
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
|
||
|
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
|
||
|
+| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
|
||
|
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
|
||
|
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
|
||
|
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
|
||
|
diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
|
||
|
index 6ff52de31c8..15cfb1e9379 100644
|
||
|
--- a/docs/docs/coverage/os/suse.md
|
||
|
+++ b/docs/docs/coverage/os/suse.md
|
||
|
@@ -2,6 +2,7 @@
|
||
|
Trivy supports the following distributions:
|
||
|
|
||
|
- openSUSE Leap
|
||
|
+- openSUSE Tumbleweed
|
||
|
- SUSE Enterprise Linux (SLE)
|
||
|
|
||
|
Please see [here](index.md#supported-os) for supported versions.
|
||
|
@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
|
||
|
|
||
|
|
||
|
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
|
||
|
-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
|
||
|
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
|
||
|
|
||
|
-[vulnerability statuses]: ../../configuration/filtering.md#by-status
|
||
|
\ No newline at end of file
|
||
|
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
|
||
|
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
|
||
|
index bbeb8e8649d..56c4b76d147 100644
|
||
|
--- a/pkg/detector/ospkg/detect.go
|
||
|
+++ b/pkg/detector/ospkg/detect.go
|
||
|
@@ -40,6 +40,7 @@ var (
|
||
|
ftypes.CentOS: redhat.NewScanner(),
|
||
|
ftypes.Rocky: rocky.NewScanner(),
|
||
|
ftypes.Oracle: oracle.NewScanner(),
|
||
|
+ ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
|
||
|
ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
|
||
|
ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux),
|
||
|
ftypes.Photon: photon.NewScanner(),
|
||
|
diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
|
||
|
index a5ccade5c81..439cad3ce28 100644
|
||
|
--- a/pkg/detector/ospkg/suse/suse.go
|
||
|
+++ b/pkg/detector/ospkg/suse/suse.go
|
||
|
@@ -66,6 +66,7 @@ const (
|
||
|
SUSEEnterpriseLinux Type = iota
|
||
|
// OpenSUSE for open versions
|
||
|
OpenSUSE
|
||
|
+ OpenSUSETumbleweed
|
||
|
)
|
||
|
|
||
|
// Scanner implements the SUSE scanner
|
||
|
@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
|
||
|
return &Scanner{
|
||
|
vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
|
||
|
}
|
||
|
+ case OpenSUSETumbleweed:
|
||
|
+ return &Scanner{
|
||
|
+ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
|
||
|
+ }
|
||
|
}
|
||
|
return nil
|
||
|
}
|
||
|
@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
|
||
|
if osFamily == ftypes.SLES {
|
||
|
return osver.Supported(ctx, slesEolDates, osFamily, osVer)
|
||
|
}
|
||
|
+ // tumbleweed is a rolling release, it has no version and no eol
|
||
|
+ if osFamily == ftypes.OpenSUSETumbleweed {
|
||
|
+ return true
|
||
|
+ }
|
||
|
return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
|
||
|
}
|