From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 19 Jun 2024 10:32:34 +0200 Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along https://github.com/aquasecurity/trivy-db/issues/410 --- docs/docs/coverage/os/index.md | 1 + docs/docs/coverage/os/suse.md | 5 +++-- pkg/detector/ospkg/detect.go | 1 + pkg/detector/ospkg/suse/suse.go | 9 +++++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md index a8d2670d7d6..49982b1b2d6 100644 --- a/docs/docs/coverage/os/index.md +++ b/docs/docs/coverage/os/index.md @@ -22,6 +22,7 @@ Trivy supports operating systems for | [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm | | [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm | | [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm | +| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm | | [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm | | [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm | | [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg | diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md index 6ff52de31c8..15cfb1e9379 100644 --- a/docs/docs/coverage/os/suse.md +++ b/docs/docs/coverage/os/suse.md @@ -2,6 +2,7 @@ Trivy supports the following distributions: - openSUSE Leap +- openSUSE Tumbleweed - SUSE Enterprise Linux (SLE) Please see [here](index.md#supported-os) for supported versions. @@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages. [dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies -[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/ +[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/ -[vulnerability statuses]: ../../configuration/filtering.md#by-status \ No newline at end of file +[vulnerability statuses]: ../../configuration/filtering.md#by-status diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go index bbeb8e8649d..56c4b76d147 100644 --- a/pkg/detector/ospkg/detect.go +++ b/pkg/detector/ospkg/detect.go @@ -40,6 +40,7 @@ var ( ftypes.CentOS: redhat.NewScanner(), ftypes.Rocky: rocky.NewScanner(), ftypes.Oracle: oracle.NewScanner(), + ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed), ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE), ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux), ftypes.Photon: photon.NewScanner(), diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go index a5ccade5c81..439cad3ce28 100644 --- a/pkg/detector/ospkg/suse/suse.go +++ b/pkg/detector/ospkg/suse/suse.go @@ -66,6 +66,7 @@ const ( SUSEEnterpriseLinux Type = iota // OpenSUSE for open versions OpenSUSE + OpenSUSETumbleweed ) // Scanner implements the SUSE scanner @@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner { return &Scanner{ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE), } + case OpenSUSETumbleweed: + return &Scanner{ + vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed), + } } return nil } @@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType if osFamily == ftypes.SLES { return osver.Supported(ctx, slesEolDates, osFamily, osVer) } + // tumbleweed is a rolling release, it has no version and no eol + if osFamily == ftypes.OpenSUSETumbleweed { + return true + } return osver.Supported(ctx, opensuseEolDates, osFamily, osVer) }