1
0
forked from pool/trivy

Update to 0.54.1

This commit is contained in:
Dirk Müller 2024-08-01 14:46:45 +02:00
parent c709c9b193
commit 8c16244bf4
No known key found for this signature in database
9 changed files with 78 additions and 18794 deletions

View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="manual">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param>
<param name="revision">v0.53.0</param>
<param name="revision">v0.54.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>

View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="changesrevision">c55b0e6cac49c5d30abe6c0d4ccbb56932a0a45d</param></service></servicedata>
<param name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata>

View File

@ -1,103 +0,0 @@
From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 09:59:41 +0200
Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
(Tumbleweed has no version as it is rolling)
https://github.com/aquasecurity/trivy-db/issues/410
---
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++---
pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
index be3d4eff..297b29eb 100644
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
@@ -24,8 +24,10 @@ type Distribution int
const (
SUSEEnterpriseLinux Distribution = iota
OpenSUSE
+ OpenSUSETumbleweed
- platformOpenSUSEFormat = "openSUSE Leap %s"
+ platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed"
+ platformOpenSUSELeapFormat = "openSUSE Leap %s"
platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
)
@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
if vs.dist == OpenSUSE {
return "opensuse-cvrf"
}
+ if vs.dist == OpenSUSETumbleweed {
+ return "opensuse-tumbleweed-cvrf"
+ }
return source.ID
}
@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
case SUSEEnterpriseLinux:
rootDir = filepath.Join(rootDir, "suse")
case OpenSUSE:
+ case OpenSUSETumbleweed:
rootDir = filepath.Join(rootDir, "opensuse")
default:
return xerrors.New("unknown distribution")
@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
return ""
}
+ if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
+ // Tumbleweed has no version, it is a rolling release
+ return platformOpenSUSETumbleweedFormat
+ }
if strings.HasPrefix(platformName, "openSUSE Leap") {
// openSUSE Leap 15.0
ss := strings.Split(platformName, " ")
@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
log.Printf("invalid version: %s, err: %s", platformName, err)
return ""
}
- return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
+ return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
}
if strings.Contains(platformName, "SUSE Linux Enterprise") {
// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
case SUSEEnterpriseLinux:
bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
case OpenSUSE:
- bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
+ bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
+ case OpenSUSETumbleweed:
+ bucket = platformOpenSUSETumbleweedFormat
default:
return nil, xerrors.New("unknown distribution")
}
From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 16:07:49 +0200
Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
---
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
index 297b29eb..f616990e 100644
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
switch vs.dist {
case SUSEEnterpriseLinux:
rootDir = filepath.Join(rootDir, "suse")
- case OpenSUSE:
- case OpenSUSETumbleweed:
+ case OpenSUSE, OpenSUSETumbleweed:
rootDir = filepath.Join(rootDir, "opensuse")
default:
return xerrors.New("unknown distribution")

File diff suppressed because it is too large Load Diff

BIN
trivy-0.53.0.tar.zst (Stored with Git LFS)

Binary file not shown.

BIN
trivy-0.54.1.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,73 @@
-------------------------------------------------------------------
Thu Aug 01 12:24:35 UTC 2024 - dmueller@suse.com
- Update to version 0.54.1:
* release: v0.54.1 [release/v0.54] (#7282)
* fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285)
* fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)
* fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)
* release: v0.54.0 [main] (#7075)
* docs: update ecosystem page reporting with plopsec.com app (#7262)
* chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#7136)
* feat(vex): retrieve VEX attestations from OCI registries (#7249)
* feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257)
* refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259)
* fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110)
* fix(java): avoid panic if deps from `pom` in `it` dir are not found (#7245)
* chore: show VEX notice for OSS maintainers in CI environments (#7246)
* feat(vuln): add `--pkg-relationships` (#7237)
* docs: show VEX cli pages + update config file page for VEX flags (#7244)
* fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194)
* chore(deps): bump the common group across 1 directory with 17 updates (#7230)
* feat(vex): VEX Repository support (#7206)
* fix(secret): skip regular strings contain secret patterns (#7182)
* feat: share build-in rules (#7207)
* fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171)
* fix(cli): error on missing config file (#7154)
* fix(secret): update length of `hugging-face-access-token` (#7216)
* feat(sbom): add vulnerability support for SPDX formats (#7213)
* ci: use free runner for all tests except `build tests` (#7215)
* chore(deps): bump the docker group across 1 directory with 2 updates (#7208)
* fix(secret): trim excessively long lines (#7192)
* chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201)
* fix(server): pass license categories to options (#7203)
* feat(mariner): Add support for Azure Linux (#7186)
* docs: updates config file (#7188)
* refactor(fs): remove unused field for CompositeFS (#7195)
* fix(dotnet): don't include non-runtime libraries into report for `*.deps.json` files (#7039)
* chore(deps): bump goreleaser from `v2.0.0` to `v2.1.0` (#7162)
* fix: add missing platform and type to spec (#7149)
* chore(deps): bump the aws group with 6 updates (#7166)
* feat(misconf): enabled China configuration for ACRs (#7156)
* fix: close file when failed to open gzip (#7164)
* docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
* docs(misconf): add info about limitations for terraform plan json (#7143)
* chore: add VEX for Trivy images (#7140)
* chore(deps): bump the common group across 1 directory with 7 updates (#7125)
* chore: add VEX document and generator for Trivy (#7128)
* fix(misconf): do not evaluate TF when a load error occurs (#7109)
* feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104)
* refactor(secret): move warning about file size after `IsBinary` check (#7123)
* chore(deps): bump the docker group with 2 updates (#7116)
* feat: add openSUSE tumbleweed detection and scanning (#6965)
* test: add missing advisory details for integration tests database (#7122)
* fix: Add dependencyManagement exclusions to the child exclusions (#6969)
* chore(deps): bump the aws group with 4 updates (#7115)
* fix: ignore nodes when listing permission is not allowed (#7107)
* fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088)
* refactor(secret): add warning about large files (#7085)
* feat(nodejs): add license parser to pnpm analyser (#7036)
* refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
* feat: add `log.FilePath()` function for logger (#7080)
* chore: bump golangci-lint from v1.58 to v1.59 (#7077)
* chore(deps): bump the common group across 1 directory with 23 updates (#7066)
* perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065)
* refactor: pass DB dir to trivy-db (#7057)
* docs: navigate to the release highlights and summary (#7072)
* chore(deps): bump the github-actions group with 2 updates (#7067)
- drop add-opensuse-tumbleweed-db.patch,
add-opensuse-tumbleweed-support.patch: merged upstream
-------------------------------------------------------------------
Thu Jul 25 09:40:25 UTC 2024 - Dirk Müller <dmueller@suse.com>

View File

@ -17,7 +17,7 @@
Name: trivy
Version: 0.53.0
Version: 0.54.1
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
@ -25,9 +25,6 @@ Group: System/Management
URL: https://github.com/aquasecurity/trivy
Source: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
# From https://github.com/aquasecurity/trivy-db/pull/411.patch
Patch1: add-opensuse-tumbleweed-db.patch
Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
BuildRequires: golang(API) = 1.22
BuildRequires: golang-packaging
BuildRequires: zstd
@ -47,10 +44,6 @@ name of the container.
%prep
%setup -a1
pushd vendor/github.com/aquasecurity/trivy-db
%patch -P 1 -p1
popd
%patch -P 2 -p1
%build
export CGO_ENABLED=1

BIN
vendor.tar.zst (Stored with Git LFS)

Binary file not shown.