[info=8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:dirkmueller:trivy:6/trivy?expand=0&rev=2

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

_constraints

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<constraints>
+  <hardware>
+    <disk>
+      <size unit="G">10</size>
+    </disk>
+  </hardware>
+</constraints>

_scmsync.obsinfo

@@ -0,0 +1,4 @@
+mtime: 1722525389
+commit: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00
+url: https://src.opensuse.org/dirkmueller/trivy.git
+revision: 8c16244bf472c835a73bb96ae7ce1440e4f4c8bfa8cabc7d61d1da1a621c4d00

_service

@@ -0,0 +1,20 @@
+<services>
+  <service name="tar_scm" mode="manual">
+    <param name="url">https://github.com/aquasecurity/trivy</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.54.1</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="recompress" mode="manual">
+    <param name="file">trivy-*.tar</param>
+    <param name="compression">zst</param>
+  </service>
+  <service name="set_version" mode="manual">
+    <param name="basename">trivy</param>
+  </service>
+  <service name="go_modules" mode="manual">
+    <param name="compression">zst</param>
+  </service>
+</services>

_servicedata

@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/aquasecurity/trivy</param>
+              <param name="changesrevision">854c61d34a550a9fcbab3bc59e55b868c15d1962</param></service></servicedata>

add-opensuse-tumbleweed-db.patch

@@ -0,0 +1,103 @@
+From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 09:59:41 +0200
+Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
+
+(Tumbleweed has no version as it is rolling)
+
+https://github.com/aquasecurity/trivy-db/issues/410
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go      | 18 +++++++++++++++---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go |  4 ++++
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index be3d4eff..297b29eb 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
++++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -24,8 +24,10 @@ type Distribution int
+ const (
+ 	SUSEEnterpriseLinux Distribution = iota
+ 	OpenSUSE
++	OpenSUSETumbleweed
+ 
+-	platformOpenSUSEFormat  = "openSUSE Leap %s"
++	platformOpenSUSETumbleweedFormat  = "openSUSE Tumbleweed"
++	platformOpenSUSELeapFormat  = "openSUSE Leap %s"
+ 	platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
+ )
+ 
+@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
+ 	if vs.dist == OpenSUSE {
+ 		return "opensuse-cvrf"
+ 	}
++	if vs.dist == OpenSUSETumbleweed {
++		return "opensuse-tumbleweed-cvrf"
++	}
+ 	return source.ID
+ }
+ 
+@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+ 	case OpenSUSE:
++	case OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")
+@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
+ 		// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
+ 		return ""
+ 	}
++	if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
++		// Tumbleweed has no version, it is a rolling release
++		return platformOpenSUSETumbleweedFormat
++	}
+ 	if strings.HasPrefix(platformName, "openSUSE Leap") {
+ 		// openSUSE Leap 15.0
+ 		ss := strings.Split(platformName, " ")
+@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
+ 			log.Printf("invalid version: %s, err: %s", platformName, err)
+ 			return ""
+ 		}
+-		return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
++		return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
+ 	}
+ 	if strings.Contains(platformName, "SUSE Linux Enterprise") {
+ 		// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
+@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
+ 	case SUSEEnterpriseLinux:
+ 		bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
+ 	case OpenSUSE:
+-		bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
++		bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
++	case OpenSUSETumbleweed:
++		bucket = platformOpenSUSETumbleweedFormat
+ 	default:
+ 		return nil, xerrors.New("unknown distribution")
+ 	}
+
+From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 16:07:49 +0200
+Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+
+Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index 297b29eb..f616990e 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
++++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	switch vs.dist {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+-	case OpenSUSE:
+-	case OpenSUSETumbleweed:
++	case OpenSUSE, OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")

build.specials.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b575187fee5146cd266ea8f6ade7952590defa34a475b1dae4d3569c6031dbe5
+size 256

trivy.spec

@@ -0,0 +1,60 @@
+#
+# spec file for package trivy
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           trivy
+Version:        0.54.1
+Release:        0
+Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
+License:        Apache-2.0
+Group:          System/Management
+URL:            https://github.com/aquasecurity/trivy
+Source:         %{name}-%{version}.tar.zst
+Source1:        vendor.tar.zst
+BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang-packaging
+BuildRequires:  zstd
+Requires:       ca-certificates
+Requires:       git-core
+Requires:       rpm
+
+%description
+Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and
+comprehensive vulnerability scanner for containers and other artifacts. A
+software vulnerability is a glitch, flaw, or weakness present in the software or
+in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine,
+RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn,
+etc.). Trivy is easy to use. Just install the binary and you're ready to
+scan. All you need to do for scanning is to specify a target such as an image
+name of the container.
+
+%prep
+%setup -a1
+
+%build
+export CGO_ENABLED=1
+go build -o trivy -mod=vendor -buildmode=pie -trimpath -ldflags "-s -w -X=main.version=%{version}" cmd/trivy/main.go
+
+%install
+install -D -m 755 trivy %{buildroot}/%{_bindir}/%{name}
+
+%files
+%license LICENSE
+%doc NOTICE README.md
+%{_bindir}/%{name}
+
+%changelog