SHA256
1
0
forked from pool/trivy
trivy/trivy.spec
Dirk Mueller 672c04bdc6 - Update to version 0.37.0:
* fix(image): close layers (#3517)
  * refactor: db client changed (#3515)
  * feat(java): use trivy-java-db to get GAV (#3484)
  * docs: add note about the limitation in Rekor (#3494)
  * docs: aggregate targets (#3503)
  * deps: updates wazero to 1.0.0-pre.8 (#3510)
  * docs: add alma 9 and rocky 9 to supported os (#3513)
  * chore(deps): bump defsec to v0.82.9 (#3512)
  * chore: add missing target labels (#3504)
  * docs: add java vulnerability page (#3429)
  * feat(image): add support for Docker CIS Benchmark (#3496)
  * feat(image): secret scanning on container image config (#3495)
  * chore(deps): Upgrade defsec to v0.82.8 (#3488)
  * feat(image): scan misconfigurations in image config (#3437)
  * chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489)
  * feat(k8s): add node info resource (#3482)
  * perf(secret): optimize secret scanning memory usage (#3453)
  * feat: support aliases in CLI flag, env and config (#3481)
  * fix(k8s): migrate rbac k8s (#3459)
  * feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480)
  * refactor: rename security-checks to scanners (#3467)
  * chore: display the troubleshooting URL for the DB denial error (#3474)
  * docs: yaml tabs to spaces, auto create namespace (#3469)
  * docs: adding show-and-tell template to GH discussions (#3391)
  * fix: Fix a temporary file leak in case of error (#3465)
  * fix(test): sort cyclonedx components (#3468)
  * docs: fixing spelling mistakes (#3462)
  * ci: set paths triggering VM tests in PR (#3438)
  * docs: typo in --skip-files (#3454)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/trivy?expand=0&rev=36
2023-02-01 12:11:50 +00:00

67 lines
2.0 KiB
RPMSpec

#
# spec file for package trivy
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# nodebuginfo
%global goipath github.com/aquasecurity/trivy
Name: trivy
Version: 0.37.0
Release: 0
Summary: A Simple and Comprehensive Vulnerability Scanner for Containers
License: Apache-2.0
Group: System/Management
URL: https://github.com/aquasecurity/trivy
Source: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
BuildRequires: golang-packaging
BuildRequires: zstd
BuildRequires: golang(API) = 1.19
Requires: ca-certificates
Requires: git-core
Requires: rpm
%description
Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and
comprehensive vulnerability scanner for containers and other artifacts. A
software vulnerability is a glitch, flaw, or weakness present in the software or
in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine,
RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn,
etc.). Trivy is easy to use. Just install the binary and you're ready to
scan. All you need to do for scanning is to specify a target such as an image
name of the container.
%prep
%setup -qa1
%autopatch -p1
%build
%goprep %{goipath}
export CGO_ENABLED=0
%gobuild -mod vendor -ldflags "-X=main.version=%{version}" cmd/trivy
%install
%goinstall
%files
%license LICENSE
%doc README.md
%{_bindir}/%{name}
%changelog