trivy/trivy.spec
Dirk Mueller c266b89032 - Update to version 0.41.0:
* fix(spdx): add workaround for no src packages (#4118)
  * test(golang): rename broken go.mod (#4129)
  * feat(sbom): add supplier field (#4122)
  * test(misconf): skip downloading of policies for tests #4126
  * refactor: use debug message for post-analyze errors (#4037)
  * feat(sbom): add VEX support (#4053)
  * feat(sbom): add primary package purpose field for SPDX (#4119)
  * fix(k8s): fix quiet flag (#4120)
  * fix(python): parse of pip extras (#4103)
  * feat(java): use full path for nested jars (#3992)
  * feat(license): add new flag for classifier confidence level (#4073)
  * feat: config and fs compliance support (#4097)
  * chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3952)
  * feat(spdx): add support for SPDX 2.3 (#4058)
  * fix: k8s all-namespaces support (#4096)
  * perf(misconf): replace with post-analyzers (#4090)
  * fix(helm): update networking API version detection (#4106)
  * feat(image): custom docker host option (#3599)
  * style: debug flag is incorrect and needs extra - (#4087)
  * docs(vuln): Document inline vulnerability filtering comments (#4024)
  * feat(fs): customize error callback during fs walk (#4038)
  * fix(ubuntu): skip copyright files from subfolders (#4076)
  * docs: restructure scanners (#3977)
  * fix: fix `file does not exist` error for post-analyzers (#4061)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=59
2023-04-28 07:52:09 +00:00

61 lines
2.0 KiB
RPMSpec

#
# spec file for package trivy
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: trivy
Version: 0.41.0
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
Group: System/Management
URL: https://github.com/aquasecurity/trivy
Source: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
BuildRequires: golang-packaging
BuildRequires: zstd
BuildRequires: golang(API) = 1.19
Requires: ca-certificates
Requires: git-core
Requires: rpm
%description
Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and
comprehensive vulnerability scanner for containers and other artifacts. A
software vulnerability is a glitch, flaw, or weakness present in the software or
in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine,
RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn,
etc.). Trivy is easy to use. Just install the binary and you're ready to
scan. All you need to do for scanning is to specify a target such as an image
name of the container.
%prep
%setup -qa1
%build
export CGO_ENABLED=0
go build -o trivy -mod=vendor -buildmode=pie -trimpath -ldflags "-s -w -X=main.version=%{version}" cmd/trivy/main.go
%install
install -D -m 755 trivy %{buildroot}/%{_bindir}/%{name}
%files
%license LICENSE
%doc README.md
%{_bindir}/%{name}
%changelog