Compare commits

..

No commits in common. "factory" and "devel" have entirely different histories.

14 changed files with 18803 additions and 148 deletions

View File

@ -1,4 +1,4 @@
mtime: 1717765405
commit: 96ac2f27c0ccdd6423580fc28d828483ef3309a85f4741eb93d275b73f7ef52c
url: https://src.opensuse.org/pool/trivy.git
revision: factory
mtime: 1722525389
commit: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00
url: https://src.opensuse.org/dirkmueller/trivy.git
revision: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00

View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="manual">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="scm">git</param>
<param name="revision">v0.56.2</param>
<param name="revision">v0.54.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>

View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/aquasecurity/trivy</param>
<param name="changesrevision">f2252c833d4dee18546577f0c32ceb83c8bf20ae</param></service></servicedata>
<param name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata>

View File

@ -0,0 +1,103 @@
From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 09:59:41 +0200
Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
(Tumbleweed has no version as it is rolling)
https://github.com/aquasecurity/trivy-db/issues/410
---
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 18 +++++++++++++++---
pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go | 4 ++++
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
index be3d4eff..297b29eb 100644
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
@@ -24,8 +24,10 @@ type Distribution int
const (
SUSEEnterpriseLinux Distribution = iota
OpenSUSE
+ OpenSUSETumbleweed
- platformOpenSUSEFormat = "openSUSE Leap %s"
+ platformOpenSUSETumbleweedFormat = "openSUSE Tumbleweed"
+ platformOpenSUSELeapFormat = "openSUSE Leap %s"
platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
)
@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
if vs.dist == OpenSUSE {
return "opensuse-cvrf"
}
+ if vs.dist == OpenSUSETumbleweed {
+ return "opensuse-tumbleweed-cvrf"
+ }
return source.ID
}
@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
case SUSEEnterpriseLinux:
rootDir = filepath.Join(rootDir, "suse")
case OpenSUSE:
+ case OpenSUSETumbleweed:
rootDir = filepath.Join(rootDir, "opensuse")
default:
return xerrors.New("unknown distribution")
@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
return ""
}
+ if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
+ // Tumbleweed has no version, it is a rolling release
+ return platformOpenSUSETumbleweedFormat
+ }
if strings.HasPrefix(platformName, "openSUSE Leap") {
// openSUSE Leap 15.0
ss := strings.Split(platformName, " ")
@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
log.Printf("invalid version: %s, err: %s", platformName, err)
return ""
}
- return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
+ return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
}
if strings.Contains(platformName, "SUSE Linux Enterprise") {
// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
case SUSEEnterpriseLinux:
bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
case OpenSUSE:
- bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
+ bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
+ case OpenSUSETumbleweed:
+ bucket = platformOpenSUSETumbleweedFormat
default:
return nil, xerrors.New("unknown distribution")
}
From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 16:07:49 +0200
Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
---
pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
index 297b29eb..f616990e 100644
--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
switch vs.dist {
case SUSEEnterpriseLinux:
rootDir = filepath.Join(rootDir, "suse")
- case OpenSUSE:
- case OpenSUSETumbleweed:
+ case OpenSUSE, OpenSUSETumbleweed:
rootDir = filepath.Join(rootDir, "opensuse")
default:
return xerrors.New("unknown distribution")

File diff suppressed because it is too large Load Diff

3
build.specials.obscpio Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b575187fee5146cd266ea8f6ade7952590defa34a475b1dae4d3569c6031dbe5
size 256

BIN
trivy-0.52.1.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

BIN
trivy-0.52.2.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

BIN
trivy-0.53.0.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

BIN
trivy-0.54.1.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

BIN
trivy-0.56.2.tar.zst (Stored with Git LFS)

Binary file not shown.

View File

@ -1,139 +1,3 @@
-------------------------------------------------------------------
Wed Oct 23 12:47:45 UTC 2024 - dmueller@suse.com
- Update to version 0.56.2:
* release: v0.56.2 [release/v0.56] (#7694)
* fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)
* fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)
-------------------------------------------------------------------
Tue Oct 08 16:43:27 UTC 2024 - dmueller@suse.com
- Update to version 0.56.1:
* release: v0.56.1 [release/v0.56] (#7648)
* fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646)
* release: v0.56.0 [main] (#7447)
* fix(misconf): not to warn about missing selectors of libraries (#7638)
* feat: support RPM archives (#7628)
* fix(secret): change grafana token regex to find them without unquoted (#7627)
* chore(deps): Bump trivy-checks to v1.1.0 (#7631)
* fix(misconf): Disable deprecated checks by default (#7632)
* chore: add prefixes to log messages (#7625)
* feat(misconf): Support `--skip-*` for all included modules (#7579)
* feat: support multiple DB repositories for vulnerability and Java DB (#7605)
* ci: don't use cache for `setup-go` (#7622)
* test: use loaded image names (#7617)
* feat(java): add empty versions if `pom.xml` dependency versions can't be detected (#7520)
* feat(secret): enhance secret scanning for python binary files (#7223)
* refactor: fix auth error handling (#7615)
* ci: split `save` and `restore` cache actions (#7614)
* fix(misconf): disable DS016 check for image history analyzer (#7540)
* feat(suse): added SUSE Linux Enterprise Micro support (#7294)
* feat(misconf): add ability to disable checks by ID (#7536)
* fix(misconf): escape all special sequences (#7558)
* test: use a local registry for remote scanning (#7607)
* fix: allow access to '..' in mapfs (#7575)
* fix(db): check `DownloadedAt` for `trivy-java-db` (#7592)
* chore(deps): bump the common group across 1 directory with 20 updates (#7604)
* ci: add `workflow_dispatch` trigger for test workflow. (#7606)
* ci: cache test images for `integration`, `VM` and `module` tests (#7599)
* chore(deps): remove broken replaces for opa and discovery (#7600)
* docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458)
* fix(misconf): Fixed scope for China Cloud (#7560)
* perf(misconf): use port ranges instead of enumeration (#7549)
* fix(sbom): export bom-ref when converting a package to a component (#7340)
* refactor(misconf): pass options to Rego scanner as is (#7529)
* fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (#7527)
* chore(deps): bump go-ebs-file (#7513)
* fix(misconf): Fix logging typo (#7473)
* feat(misconf): Register checks only when needed (#7435)
* refactor: split `.egg` and `packaging` analyzers (#7514)
* fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (#7497)
* chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (#7510)
* chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
* chore(vex): suppress openssl vulnerabilities (#7500)
* docs: refine go docs (#7442)
* revert(java): stop supporting of `test` scope for `pom.xml` files (#7488)
* docs(db): add a manifest example (#7485)
* feat(license): improve license normalization (#7131)
* docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449)
* fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (#7463)
* fix(report): change a receiver of MarshalJSON (#7483)
* fix(oracle): Update EOL date for Oracle 7 (#7480)
* chore(deps): bump the aws group with 6 updates (#7468)
* chore(deps): bump the common group across 1 directory with 19 updates (#7436)
* chore(helm): bump up Trivy Helm chart (#7441)
* refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451)
* fix(license): stop spliting a long license text (#7336)
* release: v0.55.0 [main] (#7271)
* feat(go): use `toolchain` as `stdlib` version for `go.mod` files (#7163)
* fix(license): add license handling to JUnit template (#7409)
* feat(java): add `test` scope support for `pom.xml` files (#7414)
* chore(deps): Bump trivy-checks and pin OPA (#7427)
* fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (#7362)
* feat(sbom): set User-Agent header on requests to Rekor (#7396)
* test: add integration plugin tests (#7299)
* fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (#7387)
* fix: logger initialization before flags parsing (#7372)
* fix(aws): handle ECR repositories in different regions (#6217)
* fix(misconf): fix infer type for null value (#7424)
* fix(secret): use `.eyJ` keyword for JWT secret (#7410)
* fix(misconf): do not recreate filesystem map (#7416)
* chore(deps): Bump trivy-checks (#7417)
* fix(misconf): do not register Rego libs in checks registry (#7420)
* fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403)
* feat(report): export modified findings in JSON (#7383)
* feat(server): Make Trivy Server Multiplexer Exported (#7389)
* chore: update CODEOWNERS (#7398)
* fix(secret): use only line with secret for long secret lines (#7412)
* chore: fix allow rule of ignoring test files to make it case insensitive (#7415)
* feat(misconf): port and protocol support for EC2 networks (#7146)
* fix(misconf): do not filter Terraform plan JSON by name (#7406)
* feat(misconf): support for ignore by nested attributes (#7205)
* fix(misconf): use module to log when metadata retrieval fails (#7405)
* fix(report): escape `Message` field in `asff.tpl` template (#7401)
* feat(misconf): Add support for using spec from on-disk bundle (#7179)
* docs: add pkg flags to config file page (#7370)
* feat(python): use minimum version for pip packages (#7348)
* fix(misconf): support deprecating for Go checks (#7377)
* fix(misconf): init frameworks before updating them (#7376)
* feat(misconf): ignore duplicate checks (#7317)
* refactor(misconf): use slog (#7295)
* chore(deps): bump trivy-checks (#7350)
* feat(server): add internal `--path-prefix` flag for client/server mode (#7321)
* chore(deps): bump the aws group across 1 directory with 7 updates (#7358)
* fix: safely check if the directory exists (#7353)
* feat(misconf): variable support for Terraform Plan (#7228)
* feat(misconf): scanning support for YAML and JSON (#7311)
* fix(misconf): wrap Azure PortRange in iac types (#7357)
* refactor(misconf): highlight only affected rows (#7310)
* fix(misconf): change default TLS values for the Azure storage account (#7345)
* chore(deps): bump the common group with 9 updates (#7333)
* docs(misconf): Update callsites to use correct naming (#7335)
* docs: update air-gapped docs (#7160)
* refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
* perf(misconf): optimize work with context (#6968)
* docs: update links to packaging.python.org (#7318)
* docs: update client/server docs for misconf and license scanning (#7277)
* chore(deps): bump the common group across 1 directory with 7 updates (#7305)
* feat(misconf): iterator argument support for dynamic blocks (#7236)
* fix(misconf): do not set default value for default_cache_behavior (#7234)
* feat(misconf): support for policy and bucket grants (#7284)
* fix(misconf): load only submodule if it is specified in source (#7112)
* perf(misconf): use json.Valid to check validity of JSON (#7308)
* refactor(misconf): remove unused universal scanner (#7293)
* perf(misconf): do not convert contents of a YAML file to string (#7292)
* fix(terraform): add aws_region name to presets (#7184)
* docs: add auto-generated config (#7261)
* feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288)
* refactor(misconf): remove file filtering from parsers (#7289)
* fix(flag): incorrect behavior for deprected flag `--clear-cache` (#7281)
* fix(java): Return error when trying to find a remote pom to avoid segfault (#7275)
* fix(plugin): do not call GitHub content API for releases and tags (#7274)
* feat(vm): support the Ext2/Ext3 filesystems (#6983)
* feat(cli)!: delete deprecated SBOM flags (#7266)
* feat(vm): Support direct filesystem (#7058)
-------------------------------------------------------------------
Thu Aug 01 12:24:35 UTC 2024 - dmueller@suse.com

View File

@ -17,7 +17,7 @@
Name: trivy
Version: 0.56.2
Version: 0.54.1
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0

BIN
vendor.tar.zst (Stored with Git LFS)

Binary file not shown.