SHA256
1
0
forked from pool/trivy
trivy/add-opensuse-tumbleweed-support.patch

95 lines
3.9 KiB
Diff

From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Wed, 19 Jun 2024 10:32:34 +0200
Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
https://github.com/aquasecurity/trivy-db/issues/410
---
docs/docs/coverage/os/index.md | 1 +
docs/docs/coverage/os/suse.md | 5 +++--
pkg/detector/ospkg/detect.go | 1 +
pkg/detector/ospkg/suse/suse.go | 9 +++++++++
4 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
index a8d2670d7d6..49982b1b2d6 100644
--- a/docs/docs/coverage/os/index.md
+++ b/docs/docs/coverage/os/index.md
@@ -22,6 +22,7 @@ Trivy supports operating systems for
| [CBL-Mariner](cbl-mariner.md) | 1.0, 2.0 | dnf/yum/rpm |
| [Amazon Linux](amazon.md) | 1, 2, 2023 | dnf/yum/rpm |
| [openSUSE Leap](suse.md) | 42, 15 | zypper/rpm |
+| [openSUSE Tumbleweed](suse.md) | (n/a) | zypper/rpm |
| [SUSE Enterprise Linux](suse.md) | 11, 12, 15 | zypper/rpm |
| [Photon OS](photon.md) | 1.0, 2.0, 3.0, 4.0 | tndf/yum/rpm |
| [Debian GNU/Linux](debian.md) | 7, 8, 9, 10, 11, 12 | apt/dpkg |
diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
index 6ff52de31c8..15cfb1e9379 100644
--- a/docs/docs/coverage/os/suse.md
+++ b/docs/docs/coverage/os/suse.md
@@ -2,6 +2,7 @@
Trivy supports the following distributions:
- openSUSE Leap
+- openSUSE Tumbleweed
- SUSE Enterprise Linux (SLE)
Please see [here](index.md#supported-os) for supported versions.
@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
-[vulnerability statuses]: ../../configuration/filtering.md#by-status
\ No newline at end of file
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
index bbeb8e8649d..56c4b76d147 100644
--- a/pkg/detector/ospkg/detect.go
+++ b/pkg/detector/ospkg/detect.go
@@ -40,6 +40,7 @@ var (
ftypes.CentOS: redhat.NewScanner(),
ftypes.Rocky: rocky.NewScanner(),
ftypes.Oracle: oracle.NewScanner(),
+ ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux),
ftypes.Photon: photon.NewScanner(),
diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
index a5ccade5c81..439cad3ce28 100644
--- a/pkg/detector/ospkg/suse/suse.go
+++ b/pkg/detector/ospkg/suse/suse.go
@@ -66,6 +66,7 @@ const (
SUSEEnterpriseLinux Type = iota
// OpenSUSE for open versions
OpenSUSE
+ OpenSUSETumbleweed
)
// Scanner implements the SUSE scanner
@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
return &Scanner{
vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
}
+ case OpenSUSETumbleweed:
+ return &Scanner{
+ vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
+ }
}
return nil
}
@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
if osFamily == ftypes.SLES {
return osver.Supported(ctx, slesEolDates, osFamily, osVer)
}
+ // tumbleweed is a rolling release, it has no version and no eol
+ if osFamily == ftypes.OpenSUSETumbleweed {
+ return true
+ }
return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
}