diff --git a/.github/workflows/semantic-pr.yaml b/.github/workflows/semantic-pr.yaml index 7f57db1922..f798ecffe8 100644 --- a/.github/workflows/semantic-pr.yaml +++ b/.github/workflows/semantic-pr.yaml @@ -66,6 +66,7 @@ jobs: echo distroless windows + minimos # Languages ruby diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md index 00e1967b7e..ec30f2e769 100644 --- a/docs/docs/coverage/os/index.md +++ b/docs/docs/coverage/os/index.md @@ -14,6 +14,7 @@ Trivy supports operating systems for | [Alpine Linux](alpine.md) | 2.2 - 2.7, 3.0 - 3.21, edge | apk | | [Wolfi Linux](wolfi.md) | (n/a) | apk | | [Chainguard](chainguard.md) | (n/a) | apk | +| [MinimOS](minimos.md) | (n/a) | apk | | [Red Hat Enterprise Linux](rhel.md) | 6, 7, 8 | dnf/yum/rpm | | [CentOS](centos.md)[^1] | 6, 7, 8 | dnf/yum/rpm | | [AlmaLinux](alma.md) | 8, 9 | dnf/yum/rpm | diff --git a/docs/docs/coverage/os/minimos.md b/docs/docs/coverage/os/minimos.md new file mode 100644 index 0000000000..b3b49501fb --- /dev/null +++ b/docs/docs/coverage/os/minimos.md @@ -0,0 +1,30 @@ +# MinimOS +Trivy supports these scanners for OS packages. + +| Scanner | Supported | +| :-----------: | :-------: | +| SBOM | ✓ | +| Vulnerability | ✓ | +| License | ✓ | + +The table below outlines the features offered by Trivy. + +| Feature | Supported | +|:------------------------------------:|:---------:| +| Detect unfixed vulnerabilities | - | +| [Dependency graph][dependency-graph] | ✓ | + +## SBOM +Same as [Alpine Linux](alpine.md#sbom). + +## Vulnerability +MinimOS offers its own security advisories, and these are utilized when scanning MinimOS for vulnerabilities. +Everything else is the same as [Alpine Linux](alpine.md#vulnerability). + +### Data Source +See [here](../../scanner/vulnerability.md#data-sources). + +## License +Same as [Alpine Linux](alpine.md#license). + +[dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies \ No newline at end of file diff --git a/docs/docs/references/configuration/cli/trivy_filesystem.md b/docs/docs/references/configuration/cli/trivy_filesystem.md index e736ad0f66..056445c1a1 100644 --- a/docs/docs/references/configuration/cli/trivy_filesystem.md +++ b/docs/docs/references/configuration/cli/trivy_filesystem.md @@ -168,6 +168,7 @@ trivy filesystem [flags] PATH - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/references/configuration/cli/trivy_image.md b/docs/docs/references/configuration/cli/trivy_image.md index 35d20584c2..c471a73bd6 100644 --- a/docs/docs/references/configuration/cli/trivy_image.md +++ b/docs/docs/references/configuration/cli/trivy_image.md @@ -189,6 +189,7 @@ trivy image [flags] IMAGE_NAME - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/references/configuration/cli/trivy_kubernetes.md b/docs/docs/references/configuration/cli/trivy_kubernetes.md index e00e4e745b..294fca06d9 100644 --- a/docs/docs/references/configuration/cli/trivy_kubernetes.md +++ b/docs/docs/references/configuration/cli/trivy_kubernetes.md @@ -177,6 +177,7 @@ trivy kubernetes [flags] [CONTEXT] - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/references/configuration/cli/trivy_repository.md b/docs/docs/references/configuration/cli/trivy_repository.md index ba05f75ff0..2159bf35a6 100644 --- a/docs/docs/references/configuration/cli/trivy_repository.md +++ b/docs/docs/references/configuration/cli/trivy_repository.md @@ -167,6 +167,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL) - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/references/configuration/cli/trivy_rootfs.md b/docs/docs/references/configuration/cli/trivy_rootfs.md index f8917cbb5f..89db346681 100644 --- a/docs/docs/references/configuration/cli/trivy_rootfs.md +++ b/docs/docs/references/configuration/cli/trivy_rootfs.md @@ -169,6 +169,7 @@ trivy rootfs [flags] ROOTDIR - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/references/configuration/cli/trivy_sbom.md b/docs/docs/references/configuration/cli/trivy_sbom.md index 911bb2e90b..da0a1ca67f 100644 --- a/docs/docs/references/configuration/cli/trivy_sbom.md +++ b/docs/docs/references/configuration/cli/trivy_sbom.md @@ -138,6 +138,7 @@ trivy sbom [flags] SBOM_PATH - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/references/configuration/cli/trivy_vm.md b/docs/docs/references/configuration/cli/trivy_vm.md index 9d6c2676ca..9b1296b5ea 100644 --- a/docs/docs/references/configuration/cli/trivy_vm.md +++ b/docs/docs/references/configuration/cli/trivy_vm.md @@ -154,6 +154,7 @@ trivy vm [flags] VM_IMAGE - bitnami - govulndb - echo + - minimos - auto (default [auto]) ``` diff --git a/docs/docs/scanner/vulnerability.md b/docs/docs/scanner/vulnerability.md index a7f0db4ff8..f297ab59c0 100644 --- a/docs/docs/scanner/vulnerability.md +++ b/docs/docs/scanner/vulnerability.md @@ -25,6 +25,7 @@ See [here](../coverage/os/index.md#supported-os) for the supported OSes. | Alpine Linux | [secdb][alpine] | | Wolfi Linux | [secdb][wolfi] | | Chainguard | [secdb][chainguard] | +| MinimOS | [secdb][minimos] | | Amazon Linux | [Amazon Linux Security Center][amazon] | | Echo | [Echo][echo] | | Debian | [Security Bug Tracker][debian-tracker] / [OVAL][debian-oval] | @@ -379,6 +380,7 @@ Example logic for the following vendor severity levels when scanning an Alpine i [alpine]: https://secdb.alpinelinux.org/ [wolfi]: https://packages.wolfi.dev/os/security.json [chainguard]: https://packages.cgr.dev/chainguard/security.json +[minimos]: https://packages.mini.dev/advisories/secdb/security.json [amazon]: https://alas.aws.amazon.com/ [echo]: https://advisory.echohq.com/data.json [debian-tracker]: https://security-tracker.debian.org/tracker/ diff --git a/go.mod b/go.mod index 2bd14e4d5b..897ac2669b 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8 github.com/aquasecurity/tml v0.6.1 github.com/aquasecurity/trivy-checks v1.10.0 - github.com/aquasecurity/trivy-db v0.0.0-20250529090941-0ee57d439c7a + github.com/aquasecurity/trivy-db v0.0.0-20250529093513-a12dfc204b6e github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.9.0 github.com/aws/aws-sdk-go-v2 v1.36.3 diff --git a/go.sum b/go.sum index 38250d10f4..c24407189a 100644 --- a/go.sum +++ b/go.sum @@ -802,8 +802,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= github.com/aquasecurity/trivy-checks v1.10.0 h1:Q0FWsYy/uwvr/icRSOzNu55yDZ1ME8hZlpglNs62ZfE= github.com/aquasecurity/trivy-checks v1.10.0/go.mod h1:/b633SOFNp8RjkxSq+FOg4SgxjklUp+BIQEyTWCnN1k= -github.com/aquasecurity/trivy-db v0.0.0-20250529090941-0ee57d439c7a h1:VGmQ5tx5vVo4zBk8F8b/rf9s57C9bOEfWmIzF2kLFE8= -github.com/aquasecurity/trivy-db v0.0.0-20250529090941-0ee57d439c7a/go.mod h1:4zd4qZcjhNAHASz5I0O7qapv5h5gSJzSEaZXv/IPOGc= +github.com/aquasecurity/trivy-db v0.0.0-20250529093513-a12dfc204b6e h1:+B/in1DQDGwQbKhW5pWL8XxBgnZKxXhUznylJ2NCyvs= +github.com/aquasecurity/trivy-db v0.0.0-20250529093513-a12dfc204b6e/go.mod h1:4zd4qZcjhNAHASz5I0O7qapv5h5gSJzSEaZXv/IPOGc= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.9.0 h1:rp8RuXwKfFWUPR/ULksA2WpD0z6rslVkzLmPGQr61Wc= diff --git a/mkdocs.yml b/mkdocs.yml index 9d77eb502d..4eb6a6a3bc 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -81,6 +81,7 @@ nav: - Chainguard: docs/coverage/os/chainguard.md - Debian: docs/coverage/os/debian.md - Echo: docs/coverage/os/echo.md + - MinimOS: docs/coverage/os/minimos.md - Oracle Linux: docs/coverage/os/oracle.md - Photon OS: docs/coverage/os/photon.md - Red Hat: docs/coverage/os/rhel.md diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go index 21af822f8b..f2ce971e0c 100644 --- a/pkg/detector/ospkg/detect.go +++ b/pkg/detector/ospkg/detect.go @@ -15,6 +15,7 @@ import ( "github.com/aquasecurity/trivy/pkg/detector/ospkg/chainguard" "github.com/aquasecurity/trivy/pkg/detector/ospkg/debian" "github.com/aquasecurity/trivy/pkg/detector/ospkg/echo" + "github.com/aquasecurity/trivy/pkg/detector/ospkg/minimos" "github.com/aquasecurity/trivy/pkg/detector/ospkg/oracle" "github.com/aquasecurity/trivy/pkg/detector/ospkg/photon" "github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat" @@ -52,6 +53,7 @@ var ( ftypes.Wolfi: wolfi.NewScanner(), ftypes.Chainguard: chainguard.NewScanner(), ftypes.Echo: echo.NewScanner(), + ftypes.MinimOS: minimos.NewScanner(), } ) diff --git a/pkg/detector/ospkg/minimos/minimos.go b/pkg/detector/ospkg/minimos/minimos.go new file mode 100644 index 0000000000..0efa0913b3 --- /dev/null +++ b/pkg/detector/ospkg/minimos/minimos.go @@ -0,0 +1,91 @@ +package minimos + +import ( + "context" + + version "github.com/knqyf263/go-apk-version" + "golang.org/x/xerrors" + + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/minimos" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/log" + "github.com/aquasecurity/trivy/pkg/scan/utils" + "github.com/aquasecurity/trivy/pkg/types" +) + +// Scanner implements the MinimOS scanner +type Scanner struct { + vs minimos.VulnSrc +} + +// NewScanner is the factory method for Scanner +func NewScanner() *Scanner { + return &Scanner{ + vs: minimos.NewVulnSrc(), + } +} + +// Detect vulnerabilities in package using MinimOS scanner +func (s *Scanner) Detect(ctx context.Context, _ string, _ *ftypes.Repository, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) { + log.InfoContext(ctx, "Detecting MinimOS vulnerabilities...", log.Int("pkg_num", len(pkgs))) + + var vulns []types.DetectedVulnerability + for _, pkg := range pkgs { + srcName := pkg.SrcName + if srcName == "" { + srcName = pkg.Name + } + advisories, err := s.vs.Get("", srcName) + if err != nil { + return nil, xerrors.Errorf("failed to get MinimOS advisories: %w", err) + } + + installed := utils.FormatVersion(pkg) + installedVersion, err := version.NewVersion(installed) + if err != nil { + log.DebugContext(ctx, "Failed to parse the installed package version", + log.String("version", installed), log.Err(err)) + continue + } + + for _, adv := range advisories { + if !s.isVulnerable(ctx, installedVersion, adv) { + continue + } + vulns = append(vulns, types.DetectedVulnerability{ + VulnerabilityID: adv.VulnerabilityID, + PkgID: pkg.ID, + PkgName: pkg.Name, + InstalledVersion: installed, + FixedVersion: adv.FixedVersion, + Layer: pkg.Layer, + PkgIdentifier: pkg.Identifier, + Custom: adv.Custom, + DataSource: adv.DataSource, + }) + } + } + return vulns, nil +} + +func (s *Scanner) isVulnerable(ctx context.Context, installedVersion version.Version, adv dbTypes.Advisory) bool { + // Compare versions for fixed vulnerabilities + fixedVersion, err := version.NewVersion(adv.FixedVersion) + if err != nil { + log.DebugContext(ctx, "Failed to parse the fixed version", + log.String("version", adv.FixedVersion), log.Err(err)) + return false + } + + // It means the fixed vulnerability + return installedVersion.LessThan(fixedVersion) +} + +// IsSupportedVersion checks if the version is supported. +func (s *Scanner) IsSupportedVersion(_ context.Context, _ ftypes.OSType, _ string) bool { + // MinimOS doesn't have versions, so there is no case where a given input yields a + // result of an unsupported MinimOS version. + + return true +} diff --git a/pkg/detector/ospkg/minimos/minimos_test.go b/pkg/detector/ospkg/minimos/minimos_test.go new file mode 100644 index 0000000000..99c9a1438f --- /dev/null +++ b/pkg/detector/ospkg/minimos/minimos_test.go @@ -0,0 +1,210 @@ +package minimos_test + +import ( + "sort" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" + "github.com/aquasecurity/trivy/internal/dbtest" + "github.com/aquasecurity/trivy/pkg/detector/ospkg/minimos" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/types" +) + +func TestScanner_Detect(t *testing.T) { + type args struct { + repo *ftypes.Repository + pkgs []ftypes.Package + } + tests := []struct { + name string + args args + fixtures []string + want []types.DetectedVulnerability + wantErr string + }{ + { + name: "happy path", + fixtures: []string{ + "testdata/fixtures/minimos.yaml", + "testdata/fixtures/data-source.yaml", + }, + args: args{ + pkgs: []ftypes.Package{ + { + Name: "ansible", + Version: "2.6.4", + SrcName: "ansible", + SrcVersion: "2.6.4", + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, + }, + { + Name: "invalid", + Version: "invalid", // skipped + SrcName: "invalid", + SrcVersion: "invalid", + }, + }, + }, + want: []types.DetectedVulnerability{ + { + PkgName: "ansible", + VulnerabilityID: "CVE-2019-10217", + InstalledVersion: "2.6.4", + FixedVersion: "2.8.4-r0", + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, + DataSource: &dbTypes.DataSource{ + ID: vulnerability.MinimOS, + Name: "MinimOS Secdb", + URL: "https://packages.mini.dev/advisories/secdb/security.json", + }, + }, + }, + }, + { + name: "contain rc", + fixtures: []string{ + "testdata/fixtures/minimos.yaml", + "testdata/fixtures/data-source.yaml", + }, + args: args{ + pkgs: []ftypes.Package{ + { + Name: "jq", + Version: "1.6-r0", + SrcName: "jq", + SrcVersion: "1.6-r0", + }, + }, + }, + want: []types.DetectedVulnerability{ + { + PkgName: "jq", + VulnerabilityID: "CVE-2020-1234", + InstalledVersion: "1.6-r0", + FixedVersion: "1.6-r1", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.MinimOS, + Name: "MinimOS Secdb", + URL: "https://packages.mini.dev/advisories/secdb/security.json", + }, + }, + }, + }, + { + name: "contain pre", + fixtures: []string{ + "testdata/fixtures/minimos.yaml", + "testdata/fixtures/data-source.yaml", + }, + args: args{ + pkgs: []ftypes.Package{ + { + Name: "test", + Version: "0.1.0_alpha", + SrcName: "test-src", + SrcVersion: "0.1.0_alpha", + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, + }, + }, + }, + want: []types.DetectedVulnerability{ + { + VulnerabilityID: "CVE-2030-0002", + PkgName: "test", + InstalledVersion: "0.1.0_alpha", + FixedVersion: "0.1.0_alpha2", + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, + DataSource: &dbTypes.DataSource{ + ID: vulnerability.MinimOS, + Name: "MinimOS Secdb", + URL: "https://packages.mini.dev/advisories/secdb/security.json", + }, + }, + }, + }, + { + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, + args: args{ + pkgs: []ftypes.Package{ + { + Name: "jq", + Version: "1.6-r0", + SrcName: "jq", + SrcVersion: "1.6-r0", + }, + }, + }, + wantErr: "failed to get MinimOS advisories", + }, + { + name: "No src name", + fixtures: []string{ + "testdata/fixtures/minimos.yaml", + "testdata/fixtures/data-source.yaml", + }, + args: args{ + repo: &ftypes.Repository{ + Family: ftypes.MinimOS, + Release: "3.10", + }, + pkgs: []ftypes.Package{ + { + Name: "jq", + Version: "1.6-r0", + SrcVersion: "1.6-r0", + }, + }, + }, + want: []types.DetectedVulnerability{ + { + PkgName: "jq", + VulnerabilityID: "CVE-2020-1234", + InstalledVersion: "1.6-r0", + FixedVersion: "1.6-r1", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.MinimOS, + Name: "MinimOS Secdb", + URL: "https://packages.mini.dev/advisories/secdb/security.json", + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + _ = dbtest.InitDB(t, tt.fixtures) + defer db.Close() + + s := minimos.NewScanner() + got, err := s.Detect(t.Context(), "", tt.args.repo, tt.args.pkgs) + if tt.wantErr != "" { + require.ErrorContains(t, err, tt.wantErr) + return + } + + sort.Slice(got, func(i, j int) bool { + return got[i].VulnerabilityID < got[j].VulnerabilityID + }) + require.NoError(t, err) + assert.Equal(t, tt.want, got) + }) + } +} diff --git a/pkg/detector/ospkg/minimos/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/minimos/testdata/fixtures/data-source.yaml new file mode 100644 index 0000000000..86505400a2 --- /dev/null +++ b/pkg/detector/ospkg/minimos/testdata/fixtures/data-source.yaml @@ -0,0 +1,7 @@ +- bucket: data-source + pairs: + - key: minimos + value: + ID: "minimos" + Name: "MinimOS Secdb" + URL: "https://packages.mini.dev/advisories/secdb/security.json" \ No newline at end of file diff --git a/pkg/detector/ospkg/minimos/testdata/fixtures/invalid.yaml b/pkg/detector/ospkg/minimos/testdata/fixtures/invalid.yaml new file mode 100644 index 0000000000..fefa844fc4 --- /dev/null +++ b/pkg/detector/ospkg/minimos/testdata/fixtures/invalid.yaml @@ -0,0 +1,9 @@ +- bucket: minimos + pairs: + - bucket: jq + pairs: + - key: CVE-2020-8177 + value: + FixedVersion: + - foo + - bar diff --git a/pkg/detector/ospkg/minimos/testdata/fixtures/minimos.yaml b/pkg/detector/ospkg/minimos/testdata/fixtures/minimos.yaml new file mode 100644 index 0000000000..d7d1c814d8 --- /dev/null +++ b/pkg/detector/ospkg/minimos/testdata/fixtures/minimos.yaml @@ -0,0 +1,35 @@ +- bucket: minimos + pairs: + - bucket: ansible + pairs: + - key: CVE-2018-10875 + value: + FixedVersion: "2.6.3-r0" + - key: CVE-2019-10217 + value: + FixedVersion: "2.8.4-r0" + - key: CVE-2021-20191 + value: + FixedVersion: "" + - key: CVE-2019-INVALID + value: + FixedVersion: "invalid" + - bucket: jq + pairs: + - key: CVE-2016-4074 + value: + FixedVersion: "1.6_rc1-r0" + - key: CVE-2019-9999 + value: + FixedVersion: "1.6_rc2" + - key: CVE-2020-1234 + value: + FixedVersion: "1.6-r1" + - bucket: test-src + pairs: + - key: CVE-2030-0001 + value: + FixedVersion: "0.1.0_alpha_pre2" + - key: CVE-2030-0002 + value: + FixedVersion: "0.1.0_alpha2" diff --git a/pkg/fanal/analyzer/os/release/release.go b/pkg/fanal/analyzer/os/release/release.go index 82deecfb84..9efc3269c2 100644 --- a/pkg/fanal/analyzer/os/release/release.go +++ b/pkg/fanal/analyzer/os/release/release.go @@ -76,6 +76,8 @@ func (a osReleaseAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInp family = types.CBLMariner case "echo": family = types.Echo + case "minimos": + family = types.MinimOS } if family != "" && versionID != "" { diff --git a/pkg/fanal/analyzer/os/release/release_test.go b/pkg/fanal/analyzer/os/release/release_test.go index bf9fc12dfd..d922bf7acd 100644 --- a/pkg/fanal/analyzer/os/release/release_test.go +++ b/pkg/fanal/analyzer/os/release/release_test.go @@ -159,6 +159,16 @@ func Test_osReleaseAnalyzer_Analyze(t *testing.T) { }, }, }, + { + name: "MinimOS", + inputFile: "testdata/minimos", + want: &analyzer.AnalysisResult{ + OS: types.OS{ + Family: types.MinimOS, + Name: "20241031", + }, + }, + }, { name: "Bottlerocket", inputFile: "testdata/bottlerocket", diff --git a/pkg/fanal/analyzer/os/release/testdata/minimos b/pkg/fanal/analyzer/os/release/testdata/minimos new file mode 100644 index 0000000000..d8c150fcad --- /dev/null +++ b/pkg/fanal/analyzer/os/release/testdata/minimos @@ -0,0 +1,6 @@ +ID=minimos +NAME="MinimOS" +PRETTY_NAME="MinimOS" +VERSION_ID="20241031" +HOME_URL="https://minimus.io" +BUG_REPORT_URL="https://support.minimus.io" \ No newline at end of file diff --git a/pkg/fanal/types/const.go b/pkg/fanal/types/const.go index 3151f1c5e1..06f3984e94 100644 --- a/pkg/fanal/types/const.go +++ b/pkg/fanal/types/const.go @@ -32,6 +32,7 @@ const ( Debian OSType = "debian" Echo OSType = "echo" Fedora OSType = "fedora" + MinimOS OSType = "minimos" OpenSUSE OSType = "opensuse" OpenSUSELeap OSType = "opensuse-leap" OpenSUSETumbleweed OSType = "opensuse-tumbleweed" @@ -116,6 +117,7 @@ var ( Debian, Echo, Fedora, + MinimOS, OpenSUSE, OpenSUSELeap, OpenSUSETumbleweed, diff --git a/pkg/purl/purl.go b/pkg/purl/purl.go index b691650508..0c2f8a2b13 100644 --- a/pkg/purl/purl.go +++ b/pkg/purl/purl.go @@ -480,7 +480,7 @@ func purlType(t ftypes.TargetType) string { return packageurl.TypePub case ftypes.RustBinary, ftypes.Cargo: return packageurl.TypeCargo - case ftypes.Alpine, ftypes.Chainguard, ftypes.Wolfi: + case ftypes.Alpine, ftypes.Chainguard, ftypes.Wolfi, ftypes.MinimOS: return packageurl.TypeApk case ftypes.Debian, ftypes.Ubuntu, ftypes.Echo: return packageurl.TypeDebian