Merge pull request 'Update to 0.52.2' (#2) from dirkmueller/trivy:52.1_update into factory
This commit is contained in:
commit
8c08a13603
2
_service
2
_service
@ -2,7 +2,7 @@
|
|||||||
<service name="tar_scm" mode="manual">
|
<service name="tar_scm" mode="manual">
|
||||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="revision">v0.52.1</param>
|
<param name="revision">v0.52.2</param>
|
||||||
<param name="versionformat">@PARENT_TAG@</param>
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
<param name="versionrewrite-pattern">v(.*)</param>
|
<param name="versionrewrite-pattern">v(.*)</param>
|
||||||
<param name="changesgenerate">enable</param>
|
<param name="changesgenerate">enable</param>
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
<servicedata>
|
<servicedata>
|
||||||
<service name="tar_scm">
|
<service name="tar_scm">
|
||||||
<param name="url">https://github.com/aquasecurity/trivy</param>
|
<param name="url">https://github.com/aquasecurity/trivy</param>
|
||||||
<param name="changesrevision">a3caf0658c9eccea18c261123112f2679a205ad9</param></service></servicedata>
|
<param name="changesrevision">8709d4f9c8ae29df1ff2e0d45b414cc075d3ea0b</param></service></servicedata>
|
103
add-opensuse-tumbleweed-db.patch
Normal file
103
add-opensuse-tumbleweed-db.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marcus Meissner <meissner@suse.de>
|
||||||
|
Date: Wed, 19 Jun 2024 09:59:41 +0200
|
||||||
|
Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
|
||||||
|
|
||||||
|
(Tumbleweed has no version as it is rolling)
|
||||||
|
|
||||||
|
https://github.com/aquasecurity/trivy-db/issues/410
|
||||||
|
---
|
||||||
|
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++---
|
||||||
|
pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++
|
||||||
|
2 files changed, 19 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
index be3d4eff..297b29eb 100644
|
||||||
|
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
@@ -24,8 +24,10 @@ type Distribution int
|
||||||
|
const (
|
||||||
|
SUSEEnterpriseLinux Distribution = iota
|
||||||
|
OpenSUSE
|
||||||
|
+ OpenSUSETumbleweed
|
||||||
|
|
||||||
|
- platformOpenSUSEFormat = "openSUSE Leap %s"
|
||||||
|
+ platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed"
|
||||||
|
+ platformOpenSUSELeapFormat = "openSUSE Leap %s"
|
||||||
|
platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
|
||||||
|
)
|
||||||
|
|
||||||
|
@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
|
||||||
|
if vs.dist == OpenSUSE {
|
||||||
|
return "opensuse-cvrf"
|
||||||
|
}
|
||||||
|
+ if vs.dist == OpenSUSETumbleweed {
|
||||||
|
+ return "opensuse-tumbleweed-cvrf"
|
||||||
|
+ }
|
||||||
|
return source.ID
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
|
||||||
|
case SUSEEnterpriseLinux:
|
||||||
|
rootDir = filepath.Join(rootDir, "suse")
|
||||||
|
case OpenSUSE:
|
||||||
|
+ case OpenSUSETumbleweed:
|
||||||
|
rootDir = filepath.Join(rootDir, "opensuse")
|
||||||
|
default:
|
||||||
|
return xerrors.New("unknown distribution")
|
||||||
|
@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
|
||||||
|
// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
+ if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
|
||||||
|
+ // Tumbleweed has no version, it is a rolling release
|
||||||
|
+ return platformOpenSUSETumbleweedFormat
|
||||||
|
+ }
|
||||||
|
if strings.HasPrefix(platformName, "openSUSE Leap") {
|
||||||
|
// openSUSE Leap 15.0
|
||||||
|
ss := strings.Split(platformName, " ")
|
||||||
|
@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
|
||||||
|
log.Printf("invalid version: %s, err: %s", platformName, err)
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
- return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
|
||||||
|
+ return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
|
||||||
|
}
|
||||||
|
if strings.Contains(platformName, "SUSE Linux Enterprise") {
|
||||||
|
// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
|
||||||
|
@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
|
||||||
|
case SUSEEnterpriseLinux:
|
||||||
|
bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
|
||||||
|
case OpenSUSE:
|
||||||
|
- bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
|
||||||
|
+ bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
|
||||||
|
+ case OpenSUSETumbleweed:
|
||||||
|
+ bucket = platformOpenSUSETumbleweedFormat
|
||||||
|
default:
|
||||||
|
return nil, xerrors.New("unknown distribution")
|
||||||
|
}
|
||||||
|
|
||||||
|
From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marcus Meissner <meissner@suse.de>
|
||||||
|
Date: Wed, 19 Jun 2024 16:07:49 +0200
|
||||||
|
Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
|
||||||
|
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
|
||||||
|
---
|
||||||
|
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
index 297b29eb..f616990e 100644
|
||||||
|
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
|
||||||
|
@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
|
||||||
|
switch vs.dist {
|
||||||
|
case SUSEEnterpriseLinux:
|
||||||
|
rootDir = filepath.Join(rootDir, "suse")
|
||||||
|
- case OpenSUSE:
|
||||||
|
- case OpenSUSETumbleweed:
|
||||||
|
+ case OpenSUSE, OpenSUSETumbleweed:
|
||||||
|
rootDir = filepath.Join(rootDir, "opensuse")
|
||||||
|
default:
|
||||||
|
return xerrors.New("unknown distribution")
|
94
add-opensuse-tumbleweed-support.patch
Normal file
94
add-opensuse-tumbleweed-support.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marcus Meissner <meissner@suse.de>
|
||||||
|
Date: Wed, 19 Jun 2024 10:32:34 +0200
|
||||||
|
Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
|
||||||
|
|
||||||
|
needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
|
||||||
|
|
||||||
|
https://github.com/aquasecurity/trivy-db/issues/410
|
||||||
|
---
|
||||||
|
docs/docs/coverage/os/index.md | 1 +
|
||||||
|
docs/docs/coverage/os/suse.md | 5 +++--
|
||||||
|
pkg/detector/ospkg/detect.go | 1 +
|
||||||
|
pkg/detector/ospkg/suse/suse.go | 9 +++++++++
|
||||||
|
4 files changed, 14 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
|
||||||
|
index a8d2670d7d6..49982b1b2d6 100644
|
||||||
|
--- a/docs/docs/coverage/os/index.md
|
||||||
|
+++ b/docs/docs/coverage/os/index.md
|
||||||
|
@@ -22,6 +22,7 @@ Trivy supports operating systems for
|
||||||
|
| [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm |
|
||||||
|
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
|
||||||
|
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
|
||||||
|
+| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
|
||||||
|
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
|
||||||
|
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
|
||||||
|
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
|
||||||
|
diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
|
||||||
|
index 6ff52de31c8..15cfb1e9379 100644
|
||||||
|
--- a/docs/docs/coverage/os/suse.md
|
||||||
|
+++ b/docs/docs/coverage/os/suse.md
|
||||||
|
@@ -2,6 +2,7 @@
|
||||||
|
Trivy supports the following distributions:
|
||||||
|
|
||||||
|
- openSUSE Leap
|
||||||
|
+- openSUSE Tumbleweed
|
||||||
|
- SUSE Enterprise Linux (SLE)
|
||||||
|
|
||||||
|
Please see [here](index.md#supported-os) for supported versions.
|
||||||
|
@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
|
||||||
|
|
||||||
|
|
||||||
|
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
|
||||||
|
-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
|
||||||
|
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
|
||||||
|
|
||||||
|
-[vulnerability statuses]: ../../configuration/filtering.md#by-status
|
||||||
|
\ No newline at end of file
|
||||||
|
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
|
||||||
|
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
|
||||||
|
index bbeb8e8649d..56c4b76d147 100644
|
||||||
|
--- a/pkg/detector/ospkg/detect.go
|
||||||
|
+++ b/pkg/detector/ospkg/detect.go
|
||||||
|
@@ -40,6 +40,7 @@ var (
|
||||||
|
ftypes.CentOS: redhat.NewScanner(),
|
||||||
|
ftypes.Rocky: rocky.NewScanner(),
|
||||||
|
ftypes.Oracle: oracle.NewScanner(),
|
||||||
|
+ ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
|
||||||
|
ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
|
||||||
|
ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux),
|
||||||
|
ftypes.Photon: photon.NewScanner(),
|
||||||
|
diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
|
||||||
|
index a5ccade5c81..439cad3ce28 100644
|
||||||
|
--- a/pkg/detector/ospkg/suse/suse.go
|
||||||
|
+++ b/pkg/detector/ospkg/suse/suse.go
|
||||||
|
@@ -66,6 +66,7 @@ const (
|
||||||
|
SUSEEnterpriseLinux Type = iota
|
||||||
|
// OpenSUSE for open versions
|
||||||
|
OpenSUSE
|
||||||
|
+ OpenSUSETumbleweed
|
||||||
|
)
|
||||||
|
|
||||||
|
// Scanner implements the SUSE scanner
|
||||||
|
@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
|
||||||
|
return &Scanner{
|
||||||
|
vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
|
||||||
|
}
|
||||||
|
+ case OpenSUSETumbleweed:
|
||||||
|
+ return &Scanner{
|
||||||
|
+ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
|
||||||
|
if osFamily == ftypes.SLES {
|
||||||
|
return osver.Supported(ctx, slesEolDates, osFamily, osVer)
|
||||||
|
}
|
||||||
|
+ // tumbleweed is a rolling release, it has no version and no eol
|
||||||
|
+ if osFamily == ftypes.OpenSUSETumbleweed {
|
||||||
|
+ return true
|
||||||
|
+ }
|
||||||
|
return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
|
||||||
|
}
|
BIN
trivy-0.52.1.tar.zst
(Stored with Git LFS)
BIN
trivy-0.52.1.tar.zst
(Stored with Git LFS)
Binary file not shown.
BIN
trivy-0.52.2.tar.zst
(Stored with Git LFS)
Normal file
BIN
trivy-0.52.2.tar.zst
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -1,3 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 19 15:58:20 UTC 2024 - dmueller@suse.com
|
||||||
|
|
||||||
|
- Update to version 0.52.2:
|
||||||
|
* release: v0.52.2 [release/v0.52] (#6896)
|
||||||
|
* ci: use `ubuntu-latest-m` runner [backport: release/v0.52] (#6933)
|
||||||
|
* chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919)
|
||||||
|
* test: bump docker API to 1.45 [backport: release/v0.52] (#6922)
|
||||||
|
* ci: bump `github.com/goreleaser/goreleaser` to `v2.0.0` [backport: release/v0.52] (#6893)
|
||||||
|
* fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)
|
||||||
|
- add add-opensuse-tumbleweed-db.patch,
|
||||||
|
add-opensuse-tumbleweed-support.patch: patches for tumbleweed
|
||||||
|
support
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 12 14:19:45 UTC 2024 - dmueller@suse.com
|
Wed Jun 12 14:19:45 UTC 2024 - dmueller@suse.com
|
||||||
|
|
||||||
|
11
trivy.spec
11
trivy.spec
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: trivy
|
Name: trivy
|
||||||
Version: 0.52.1
|
Version: 0.52.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
@ -25,6 +25,9 @@ Group: System/Management
|
|||||||
URL: https://github.com/aquasecurity/trivy
|
URL: https://github.com/aquasecurity/trivy
|
||||||
Source: %{name}-%{version}.tar.zst
|
Source: %{name}-%{version}.tar.zst
|
||||||
Source1: vendor.tar.zst
|
Source1: vendor.tar.zst
|
||||||
|
# From https://github.com/aquasecurity/trivy-db/pull/411.patch
|
||||||
|
Patch1: add-opensuse-tumbleweed-db.patch
|
||||||
|
Patch2: https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
|
||||||
BuildRequires: golang(API) = 1.22
|
BuildRequires: golang(API) = 1.22
|
||||||
BuildRequires: golang-packaging
|
BuildRequires: golang-packaging
|
||||||
BuildRequires: zstd
|
BuildRequires: zstd
|
||||||
@ -43,7 +46,11 @@ scan. All you need to do for scanning is to specify a target such as an image
|
|||||||
name of the container.
|
name of the container.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1 -a1
|
%setup -a1
|
||||||
|
pushd vendor/github.com/aquasecurity/trivy-db
|
||||||
|
%patch -P 1 -p1
|
||||||
|
popd
|
||||||
|
%patch -P 2 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CGO_ENABLED=1
|
export CGO_ENABLED=1
|
||||||
|
BIN
vendor.tar.zst
(Stored with Git LFS)
BIN
vendor.tar.zst
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user