forked from pool/trivy
Compare commits
No commits in common. "661ba9512713191dbad2929ae1a76f9ef89bbcaa0f3da1fac367aa96b97f6054" and "96ac2f27c0ccdd6423580fc28d828483ef3309a85f4741eb93d275b73f7ef52c" have entirely different histories.
661ba95127
...
96ac2f27c0
@ -1,4 +1,4 @@
|
||||
mtime: 1717765405
|
||||
commit: 96ac2f27c0ccdd6423580fc28d828483ef3309a85f4741eb93d275b73f7ef52c
|
||||
url: https://src.opensuse.org/pool/trivy.git
|
||||
revision: factory
|
||||
mtime: 1717679875
|
||||
commit: 579ede4865fcf5783c98eab0446e1c095dd85e84
|
||||
url: https://src.opensuse.org/dirkmueller/trivy.git
|
||||
revision: 579ede4865fcf5783c98eab0446e1c095dd85e84
|
||||
|
2
_service
2
_service
@ -2,7 +2,7 @@
|
||||
<service name="tar_scm" mode="manual">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.52.2</param>
|
||||
<param name="revision">v0.52.0</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||
<param name="changesrevision">8709d4f9c8ae29df1ff2e0d45b414cc075d3ea0b</param></service></servicedata>
|
||||
<param name="changesrevision">c24dfbab68056a42aff9589b024c6f2d067f9f52</param></service></servicedata>
|
@ -1,103 +0,0 @@
|
||||
From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
|
||||
From: Marcus Meissner <meissner@suse.de>
|
||||
Date: Wed, 19 Jun 2024 09:59:41 +0200
|
||||
Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
|
||||
|
||||
(Tumbleweed has no version as it is rolling)
|
||||
|
||||
https://github.com/aquasecurity/trivy-db/issues/410
|
||||
---
|
||||
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++---
|
||||
pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++
|
||||
2 files changed, 19 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
index be3d4eff..297b29eb 100644
|
||||
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
@@ -24,8 +24,10 @@ type Distribution int
|
||||
const (
|
||||
SUSEEnterpriseLinux Distribution = iota
|
||||
OpenSUSE
|
||||
+ OpenSUSETumbleweed
|
||||
|
||||
- platformOpenSUSEFormat = "openSUSE Leap %s"
|
||||
+ platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed"
|
||||
+ platformOpenSUSELeapFormat = "openSUSE Leap %s"
|
||||
platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
|
||||
)
|
||||
|
||||
@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
|
||||
if vs.dist == OpenSUSE {
|
||||
return "opensuse-cvrf"
|
||||
}
|
||||
+ if vs.dist == OpenSUSETumbleweed {
|
||||
+ return "opensuse-tumbleweed-cvrf"
|
||||
+ }
|
||||
return source.ID
|
||||
}
|
||||
|
||||
@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
|
||||
case SUSEEnterpriseLinux:
|
||||
rootDir = filepath.Join(rootDir, "suse")
|
||||
case OpenSUSE:
|
||||
+ case OpenSUSETumbleweed:
|
||||
rootDir = filepath.Join(rootDir, "opensuse")
|
||||
default:
|
||||
return xerrors.New("unknown distribution")
|
||||
@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
|
||||
// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
|
||||
return ""
|
||||
}
|
||||
+ if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
|
||||
+ // Tumbleweed has no version, it is a rolling release
|
||||
+ return platformOpenSUSETumbleweedFormat
|
||||
+ }
|
||||
if strings.HasPrefix(platformName, "openSUSE Leap") {
|
||||
// openSUSE Leap 15.0
|
||||
ss := strings.Split(platformName, " ")
|
||||
@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
|
||||
log.Printf("invalid version: %s, err: %s", platformName, err)
|
||||
return ""
|
||||
}
|
||||
- return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
|
||||
+ return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
|
||||
}
|
||||
if strings.Contains(platformName, "SUSE Linux Enterprise") {
|
||||
// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
|
||||
@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
|
||||
case SUSEEnterpriseLinux:
|
||||
bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
|
||||
case OpenSUSE:
|
||||
- bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
|
||||
+ bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
|
||||
+ case OpenSUSETumbleweed:
|
||||
+ bucket = platformOpenSUSETumbleweedFormat
|
||||
default:
|
||||
return nil, xerrors.New("unknown distribution")
|
||||
}
|
||||
|
||||
From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
|
||||
From: Marcus Meissner <meissner@suse.de>
|
||||
Date: Wed, 19 Jun 2024 16:07:49 +0200
|
||||
Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
|
||||
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
|
||||
---
|
||||
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
index 297b29eb..f616990e 100644
|
||||
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||
@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
|
||||
switch vs.dist {
|
||||
case SUSEEnterpriseLinux:
|
||||
rootDir = filepath.Join(rootDir, "suse")
|
||||
- case OpenSUSE:
|
||||
- case OpenSUSETumbleweed:
|
||||
+ case OpenSUSE, OpenSUSETumbleweed:
|
||||
rootDir = filepath.Join(rootDir, "opensuse")
|
||||
default:
|
||||
return xerrors.New("unknown distribution")
|
@ -1,94 +0,0 @@
|
||||
From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
|
||||
From: Marcus Meissner <meissner@suse.de>
|
||||
Date: Wed, 19 Jun 2024 10:32:34 +0200
|
||||
Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
|
||||
|
||||
needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
|
||||
|
||||
https://github.com/aquasecurity/trivy-db/issues/410
|
||||
---
|
||||
docs/docs/coverage/os/index.md | 1 +
|
||||
docs/docs/coverage/os/suse.md | 5 +++--
|
||||
pkg/detector/ospkg/detect.go | 1 +
|
||||
pkg/detector/ospkg/suse/suse.go | 9 +++++++++
|
||||
4 files changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
|
||||
index a8d2670d7d6..49982b1b2d6 100644
|
||||
--- a/docs/docs/coverage/os/index.md
|
||||
+++ b/docs/docs/coverage/os/index.md
|
||||
@@ -22,6 +22,7 @@ Trivy supports operating systems for
|
||||
| [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm |
|
||||
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
|
||||
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
|
||||
+| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
|
||||
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
|
||||
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
|
||||
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
|
||||
diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
|
||||
index 6ff52de31c8..15cfb1e9379 100644
|
||||
--- a/docs/docs/coverage/os/suse.md
|
||||
+++ b/docs/docs/coverage/os/suse.md
|
||||
@@ -2,6 +2,7 @@
|
||||
Trivy supports the following distributions:
|
||||
|
||||
- openSUSE Leap
|
||||
+- openSUSE Tumbleweed
|
||||
- SUSE Enterprise Linux (SLE)
|
||||
|
||||
Please see [here](index.md#supported-os) for supported versions.
|
||||
@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
|
||||
|
||||
|
||||
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
|
||||
-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
|
||||
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
|
||||
|
||||
-[vulnerability statuses]: ../../configuration/filtering.md#by-status
|
||||
\ No newline at end of file
|
||||
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
|
||||
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
|
||||
index bbeb8e8649d..56c4b76d147 100644
|
||||
--- a/pkg/detector/ospkg/detect.go
|
||||
+++ b/pkg/detector/ospkg/detect.go
|
||||
@@ -40,6 +40,7 @@ var (
|
||||
ftypes.CentOS: redhat.NewScanner(),
|
||||
ftypes.Rocky: rocky.NewScanner(),
|
||||
ftypes.Oracle: oracle.NewScanner(),
|
||||
+ ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
|
||||
ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
|
||||
ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux),
|
||||
ftypes.Photon: photon.NewScanner(),
|
||||
diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
|
||||
index a5ccade5c81..439cad3ce28 100644
|
||||
--- a/pkg/detector/ospkg/suse/suse.go
|
||||
+++ b/pkg/detector/ospkg/suse/suse.go
|
||||
@@ -66,6 +66,7 @@ const (
|
||||
SUSEEnterpriseLinux Type = iota
|
||||
// OpenSUSE for open versions
|
||||
OpenSUSE
|
||||
+ OpenSUSETumbleweed
|
||||
)
|
||||
|
||||
// Scanner implements the SUSE scanner
|
||||
@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
|
||||
return &Scanner{
|
||||
vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
|
||||
}
|
||||
+ case OpenSUSETumbleweed:
|
||||
+ return &Scanner{
|
||||
+ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
|
||||
+ }
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
|
||||
if osFamily == ftypes.SLES {
|
||||
return osver.Supported(ctx, slesEolDates, osFamily, osVer)
|
||||
}
|
||||
+ // tumbleweed is a rolling release, it has no version and no eol
|
||||
+ if osFamily == ftypes.OpenSUSETumbleweed {
|
||||
+ return true
|
||||
+ }
|
||||
return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
|
||||
}
|
BIN
trivy-0.52.0.tar.zst
(Stored with Git LFS)
Normal file
BIN
trivy-0.52.0.tar.zst
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
trivy-0.52.2.tar.zst
(Stored with Git LFS)
BIN
trivy-0.52.2.tar.zst
(Stored with Git LFS)
Binary file not shown.
@ -1,28 +1,3 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 19 15:58:20 UTC 2024 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.52.2:
|
||||
* release: v0.52.2 [release/v0.52] (#6896)
|
||||
* ci: use `ubuntu-latest-m` runner [backport: release/v0.52] (#6933)
|
||||
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919)
|
||||
* test: bump docker API to 1.45 [backport: release/v0.52] (#6922)
|
||||
* ci: bump `github.com/goreleaser/goreleaser` to `v2.0.0` [backport: release/v0.52] (#6893)
|
||||
* fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)
|
||||
- add add-opensuse-tumbleweed-db.patch,
|
||||
add-opensuse-tumbleweed-support.patch: patches for tumbleweed
|
||||
support
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 12 14:19:45 UTC 2024 - dmueller@suse.com
|
||||
|
||||
- Update to version 0.52.1:
|
||||
* release: v0.52.1 [release/v0.52] (#6877)
|
||||
* fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888)
|
||||
* fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881)
|
||||
* fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878)
|
||||
* docs: explain how VEX is applied (#6864)
|
||||
* fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 06 13:09:56 UTC 2024 - dmueller@suse.com
|
||||
|
||||
|
11
trivy.spec
11
trivy.spec
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: trivy
|
||||
Version: 0.52.2
|
||||
Version: 0.52.0
|
||||
Release: 0
|
||||
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
||||
License: Apache-2.0
|
||||
@ -25,9 +25,6 @@ Group: System/Management
|
||||
URL: https://github.com/aquasecurity/trivy
|
||||
Source: %{name}-%{version}.tar.zst
|
||||
Source1: vendor.tar.zst
|
||||
# From https://github.com/aquasecurity/trivy-db/pull/411.patch
|
||||
Patch1: add-opensuse-tumbleweed-db.patch
|
||||
Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
|
||||
BuildRequires: golang(API) = 1.22
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: zstd
|
||||
@ -46,11 +43,7 @@ scan. All you need to do for scanning is to specify a target such as an image
|
||||
name of the container.
|
||||
|
||||
%prep
|
||||
%setup -a1
|
||||
pushd vendor/github.com/aquasecurity/trivy-db
|
||||
%patch -P 1 -p1
|
||||
popd
|
||||
%patch -P 2 -p1
|
||||
%autosetup -p1 -a1
|
||||
|
||||
%build
|
||||
export CGO_ENABLED=1
|
||||
|
BIN
vendor.tar.zst
(Stored with Git LFS)
BIN
vendor.tar.zst
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user