forked from pool/trivy
Update to 0.54.1
This commit is contained in:
Dirk Müller
parent
c709c9b193
commit
8c16244bf4
2
_service
2
_service
@ -2,7 +2,7 @@
|
||||
<service name="tar_scm" mode="manual">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.53.0</param>
|
||||
<param name="revision">v0.54.1</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="changesrevision">c55b0e6cac49c5d30abe6c0d4ccbb56932a0a45d</param></service></servicedata>
|
||||
<param name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata>
|
||||
@ -1,103 +0,0 @@
|
||||
From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
|
||||
From: Marcus Meissner <meissner@suse.de>
|
||||
Date: Wed, 19 Jun 2024 09:59:41 +0200
|
||||
Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
|
||||
|
||||
(Tumbleweed has no version as it is rolling)
|
||||
|
||||
https://github.com/aquasecurity/trivy-db/issues/410
|
||||
---
|
||||
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++---
|
||||
pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++
|
||||
2 files changed, 19 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
index be3d4eff..297b29eb 100644
|
||||
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
@@ -24,8 +24,10 @@ type Distribution int
|
||||
const (
|
||||
SUSEEnterpriseLinux Distribution = iota
|
||||
OpenSUSE
|
||||
+ OpenSUSETumbleweed
|
||||
|
||||
- platformOpenSUSEFormat = "openSUSE Leap %s"
|
||||
+ platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed"
|
||||
+ platformOpenSUSELeapFormat = "openSUSE Leap %s"
|
||||
platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
|
||||
)
|
||||
|
||||
@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
|
||||
if vs.dist == OpenSUSE {
|
||||
return "opensuse-cvrf"
|
||||
}
|
||||
+ if vs.dist == OpenSUSETumbleweed {
|
||||
+ return "opensuse-tumbleweed-cvrf"
|
||||
+ }
|
||||
return source.ID
|
||||
}
|
||||
|
||||
@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
|
||||
case SUSEEnterpriseLinux:
|
||||
rootDir = filepath.Join(rootDir, "suse")
|
||||
case OpenSUSE:
|
||||
+ case OpenSUSETumbleweed:
|
||||
rootDir = filepath.Join(rootDir, "opensuse")
|
||||
default:
|
||||
return xerrors.New("unknown distribution")
|
||||
@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
|
||||
// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
|
||||
return ""
|
||||
}
|
||||
+ if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
|
||||
+ // Tumbleweed has no version, it is a rolling release
|
||||
+ return platformOpenSUSETumbleweedFormat
|
||||
+ }
|
||||
if strings.HasPrefix(platformName, "openSUSE Leap") {
|
||||
// openSUSE Leap 15.0
|
||||
ss := strings.Split(platformName, " ")
|
||||
@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
|
||||
log.Printf("invalid version: %s, err: %s", platformName, err)
|
||||
return ""
|
||||
}
|
||||
- return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
|
||||
+ return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
|
||||
}
|
||||
if strings.Contains(platformName, "SUSE Linux Enterprise") {
|
||||
// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
|
||||
@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
|
||||
case SUSEEnterpriseLinux:
|
||||
bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
|
||||
case OpenSUSE:
|
||||
- bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
|
||||
+ bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
|
||||
+ case OpenSUSETumbleweed:
|
||||
+ bucket = platformOpenSUSETumbleweedFormat
|
||||
default:
|
||||
return nil, xerrors.New("unknown distribution")
|
||||
}
|
||||
|
||||
From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
|
||||
From: Marcus Meissner <meissner@suse.de>
|
||||
Date: Wed, 19 Jun 2024 16:07:49 +0200
|
||||
Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
|
||||
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
|
||||
---
|
||||
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
index 297b29eb..f616990e 100644
|
||||
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
|
||||
switch vs.dist {
|
||||
case SUSEEnterpriseLinux:
|
||||
rootDir = filepath.Join(rootDir, "suse")
|
||||
- case OpenSUSE:
|
||||
- case OpenSUSETumbleweed:
|
||||
+ case OpenSUSE, OpenSUSETumbleweed:
|
||||
rootDir = filepath.Join(rootDir, "opensuse")
|
||||
default:
|
||||
return xerrors.New("unknown distribution")
|
||||
File diff suppressed because it is too large
Load Diff
BIN
trivy-0.53.0.tar.zst
(Stored with Git LFS)
BIN
trivy-0.53.0.tar.zst
(Stored with Git LFS)
Binary file not shown.
BIN
trivy-0.54.1.tar.zst
(Stored with Git LFS)
Normal file
BIN
trivy-0.54.1.tar.zst
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -1,3 +1,73 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 01 12:24:35 UTC 2024 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.54.1:
|
||||
* release: v0.54.1 [release/v0.54] (#7282)
|
||||
* fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285)
|
||||
* fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)
|
||||
* fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)
|
||||
* release: v0.54.0 [main] (#7075)
|
||||
* docs: update ecosystem page reporting with plopsec.com app (#7262)
|
||||
* chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
|
||||
* feat(vex): retrieve VEX attestations from OCI registries (#7249)
|
||||
* feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257)
|
||||
* refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259)
|
||||
* fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110)
|
||||
* fix(java): avoid panic if deps from `pom` in `it` dir are not found (#7245)
|
||||
* chore: show VEX notice for OSS maintainers in CI environments (#7246)
|
||||
* feat(vuln): add `--pkg-relationships` (#7237)
|
||||
* docs: show VEX cli pages + update config file page for VEX flags (#7244)
|
||||
* fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194)
|
||||
* chore(deps): bump the common group across 1 directory with 17 updates (#7230)
|
||||
* feat(vex): VEX Repository support (#7206)
|
||||
* fix(secret): skip regular strings contain secret patterns (#7182)
|
||||
* feat: share build-in rules (#7207)
|
||||
* fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171)
|
||||
* fix(cli): error on missing config file (#7154)
|
||||
* fix(secret): update length of `hugging-face-access-token` (#7216)
|
||||
* feat(sbom): add vulnerability support for SPDX formats (#7213)
|
||||
* ci: use free runner for all tests except `build tests` (#7215)
|
||||
* chore(deps): bump the docker group across 1 directory with 2 updates (#7208)
|
||||
* fix(secret): trim excessively long lines (#7192)
|
||||
* chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201)
|
||||
* fix(server): pass license categories to options (#7203)
|
||||
* feat(mariner): Add support for Azure Linux (#7186)
|
||||
* docs: updates config file (#7188)
|
||||
* refactor(fs): remove unused field for CompositeFS (#7195)
|
||||
* fix(dotnet): don't include non-runtime libraries into report for `*.deps.json` files (#7039)
|
||||
* chore(deps): bump goreleaser from `v2.0.0` to `v2.1.0` (#7162)
|
||||
* fix: add missing platform and type to spec (#7149)
|
||||
* chore(deps): bump the aws group with 6 updates (#7166)
|
||||
* feat(misconf): enabled China configuration for ACRs (#7156)
|
||||
* fix: close file when failed to open gzip (#7164)
|
||||
* docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
|
||||
* docs(misconf): add info about limitations for terraform plan json (#7143)
|
||||
* chore: add VEX for Trivy images (#7140)
|
||||
* chore(deps): bump the common group across 1 directory with 7 updates (#7125)
|
||||
* chore: add VEX document and generator for Trivy (#7128)
|
||||
* fix(misconf): do not evaluate TF when a load error occurs (#7109)
|
||||
* feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104)
|
||||
* refactor(secret): move warning about file size after `IsBinary` check (#7123)
|
||||
* chore(deps): bump the docker group with 2 updates (#7116)
|
||||
* feat: add openSUSE tumbleweed detection and scanning (#6965)
|
||||
* test: add missing advisory details for integration tests database (#7122)
|
||||
* fix: Add dependencyManagement exclusions to the child exclusions (#6969)
|
||||
* chore(deps): bump the aws group with 4 updates (#7115)
|
||||
* fix: ignore nodes when listing permission is not allowed (#7107)
|
||||
* fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088)
|
||||
* refactor(secret): add warning about large files (#7085)
|
||||
* feat(nodejs): add license parser to pnpm analyser (#7036)
|
||||
* refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
|
||||
* feat: add `log.FilePath()` function for logger (#7080)
|
||||
* chore: bump golangci-lint from v1.58 to v1.59 (#7077)
|
||||
* chore(deps): bump the common group across 1 directory with 23 updates (#7066)
|
||||
* perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065)
|
||||
* refactor: pass DB dir to trivy-db (#7057)
|
||||
* docs: navigate to the release highlights and summary (#7072)
|
||||
* chore(deps): bump the github-actions group with 2 updates (#7067)
|
||||
- drop add-opensuse-tumbleweed-db.patch,
|
||||
add-opensuse-tumbleweed-support.patch: merged upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 25 09:40:25 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: trivy
|
||||
Version: 0.53.0
|
||||
Version: 0.54.1
|
||||
Release: 0
|
||||
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
||||
License: Apache-2.0
|
||||
@ -25,9 +25,6 @@ Group: System/Management
|
||||
URL: https://github.com/aquasecurity/trivy
|
||||
Source: %{name}-%{version}.tar.zst
|
||||
Source1: vendor.tar.zst
|
||||
# From https://github.com/aquasecurity/trivy-db/pull/411.patch
|
||||
Patch1: add-opensuse-tumbleweed-db.patch
|
||||
Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
|
||||
BuildRequires: golang(API) = 1.22
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: zstd
|
||||
@ -47,10 +44,6 @@ name of the container.
|
||||
|
||||
%prep
|
||||
%setup -a1
|
||||
pushd vendor/github.com/aquasecurity/trivy-db
|
||||
%patch -P 1 -p1
|
||||
popd
|
||||
%patch -P 2 -p1
|
||||
|
||||
%build
|
||||
export CGO_ENABLED=1
|
||||
|
||||
BIN
vendor.tar.zst
(Stored with Git LFS)
BIN
vendor.tar.zst
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user