admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,884 Commits 28 Branches 179 Tags
43d4e5597b8ea044f230ea05a5be954b669c8dad
Commit Graph

47 Commits

Author SHA1 Message Date
Teppei Fukuda
cbad9ca3a8 feat(report): add fingerprint generation for vulnerabilities (#9794) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2025-11-17 07:23:43 +00:00
Teppei Fukuda
758f271040 feat: include registry and repository in artifact ID calculation (#9689) 
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>
 2025-10-28 09:44:32 +00:00
Teppei Fukuda
a6010c3eda test: improve golden file management in integration tests (#9699) 2025-10-24 07:49:29 +00:00
Teppei Fukuda
a9a3031675 feat(image): add RepoTags support for Docker archives (#9690) 
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>
 2025-10-22 06:50:13 +00:00
Teppei Fukuda
fc976bea48 feat: add ReportID field to scan reports (#9670) 
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>
 2025-10-17 10:31:22 +00:00
Teppei Fukuda
7b663d86ca feat(cli): change --list-all-pkgs default to true (#9510) 2025-09-24 10:06:39 +00:00
Teppei Fukuda
cd7c595e4a test: include integration tests in linting and fix all issues (#9060) 2025-06-24 13:09:15 +00:00
Teppei Fukuda
3f41ffa5b8 chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) 2025-06-19 07:44:06 +00:00
Nikita Pivkin
73bd20d619 feat(image): return error early if total size of layers exceeds limit (#8294) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-01-30 08:01:16 +00:00
Nikita Pivkin
509e03030c feat(image): prevent scanning oversized container images (#8178) 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2025-01-27 06:38:52 +00:00
Teppei Fukuda
d4edeb5d62 test: use loaded image names (#7617) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-10-01 04:27:02 +00:00
Marcus Meissner
efdb68d3b9 feat(suse): added SUSE Linux Enterprise Micro support (#7294) 
Signed-off-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2024-09-29 18:23:34 +00:00
dependabot[bot]
ab0fd0d2e7 chore(deps): bump the docker group with 2 updates (#7116) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-07-09 06:10:37 +00:00
Marcus Meissner
17b5dbfa12 feat: add openSUSE tumbleweed detection and scanning (#6965) 
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2024-07-09 04:25:39 +00:00
DmitriyLewen
baa1216895 test: bump docker API to 1.45 (#6914) 2024-06-13 07:34:39 +00:00
Matthieu MOREL
bbaf5952bc ci(deps): enable require-error rule from testifylint linter (#6718) 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
 2024-05-20 07:12:43 +00:00
DmitriyLewen
27d35baa4a test: fix flaky TestDockerEngine (#6054) 2024-02-02 08:48:51 +00:00
Teppei Fukuda
59e54334d1 fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-02-01 03:25:30 +00:00
Teppei Fukuda
d19c7d9f29 feat(repo): support local repositories (#4890) 
* feat(repo): support local repositories

* fix tests

* test: fix client/server tests

* docs: update

* test: add fs tests

* test: do not update golden files if overridden

* docs: remove a comment about fs deprecation
 2023-07-31 11:27:36 +00:00
Teppei Fukuda
232ba823e1 feat(vuln): support vulnerability status (#4867) 
* feat: support vulnerability status

* feat: show status in table

* don't add `fixed` status in debian/redhat

* update test golden files

* add Status in rpc

* update docs

* update ignore-status example

* add ignore-status in integration test

* docs: add the explanation for statuses

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2023-07-26 11:55:03 +00:00
DmitriyLewen
d298415c09 feat(cli): add mage command to update golden integration test files (#4380) 2023-05-16 13:58:50 +03:00
Masahiro331
9f6680a1fa feat(sbom): Add unmarshal for spdx (#2868) 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-09-15 08:39:59 +03:00
Teppei Fukuda
5b7e0a858d refactor: move from urfave/cli to spf13/cobra (#2458) 
Co-authored-by: afdesk <work@afdesk.com>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
 2022-07-09 19:40:31 +03:00
Teppei Fukuda
7cecade3a1 feat: add support for WASM modules (#2195) 2022-06-15 15:23:00 +03:00
Teppei Fukuda
f1c6af3121 test: use images in GHCR (#2275) 
Co-authored-by: AMF <work@afdesk.com>
 2022-06-07 13:50:32 +03:00
Owen Rumney
f95a0f0d52 fix(terraform): resolve panics in defsec (#1811) 2022-03-09 18:37:02 +02:00
Masahiro331
84dd33f7e9 feat(mariner): add support for CBL-Mariner (#1640) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-01-29 22:53:07 +02:00
Teppei Fukuda
d2827cba06 feat(redhat): support build info in RHEL (#807) 2022-01-28 18:35:00 +02:00
MaineK00n
f5c5573936 feat(rocky): support Rocky Linux (#1570) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2022-01-20 11:43:43 +02:00
MaineK00n
2a8336b9aa feat(alma): support AlmaLinux (#1238) 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2022-01-06 22:26:09 +02:00
Teppei Fukuda
8b2a799721 test(integration): use fixtures (#1532) 2021-12-30 20:53:03 +02:00
Teppei Fukuda
b37f682ee2 BREAKING(report): migrate to new json schema (#1265) 2021-10-04 10:22:24 +03:00
Eng Zer Jun
bbcce9f7b7 refactor: move from io/ioutil to io and os package (#1245) 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-09-29 10:17:02 +03:00
Ankush K
dbc7a83e8c feat(python): add packaging detector and respective hook (#1223) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2021-09-13 20:59:11 +03:00
Teppei Fukuda
a0e5c3a2e2 feat: support config scanning (#931) 2021-07-09 08:18:53 +03:00
Teppei Fukuda
c26a3e481f refactor(internal): export internal packages (#887) 
* refactor: export internal packages

* refactor(server): define Server

* refactor: fix lint issues

* test(integration): fix imports
 2021-03-14 17:04:01 +02:00
Simarpreet Singh
78b7529172 Add image subcommand (#493) 
* config_test: Add missing assertions for TestNew

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Add integration tests for image subcommand.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* refactor: bump up urfave/cli to v2.0

* refactor: apply DIY to image flags

* refactor: reorder sub commands

* feat: set hidden to global image options

* test(integration): insert --cache-dir before sub command

* README: update readme to reflect new usage

Signed-off-by: Simarpreet Singh <simar@linux.com>

* chore(README): add image subcommand

* fix(flags): define aliases according to urfave/cli v2.0 style

Co-authored-by: knqyf263 <knqyf263@gmail.com>
 2020-05-25 12:06:15 +03:00
Teppei Fukuda
09442d65f2 chore(ci): move integration tests to GitHub Actions (#485) 
* fix(standalone): add defer to close databases

* test(client/server): launch a server only once

* test(docker_engine): remove the duplicated case

* test(docker_engine): copy a database only once

* test(standalone): copy a database only once

* test(server): fix tests according to updated mock

* chore(mod): update

* chore(ci): add integration tests to GitHub Actions

* chore(ci): bump up Go to 1.14

* chore(ci): remove integration tests from CircleCI

* chore(ci): add name

* chore(ci): add new lines
 2020-05-05 11:14:28 +03:00
Teppei Fukuda
415b99dab3 feat: support OCI Image Format (#475) 
* chore(wire): specify package names

* fix(extractor): remove types.GetDockerOption

* chore(README): mention OCI support

* chore(mod): update dependencies

* test(integration): fix an error message

* test(integration): revert the error message

* chore(mod): tidy

Co-authored-by: Simarpreet Singh <simar@linux.com>
 2020-05-03 11:30:49 +03:00
Teppei Fukuda
216a33b4cd fix: handle a scratch/busybox/DockerSlim image gracefully (#476) 
* fix: handle unknown OS and no package errors

* chore(mod): update dependencies

* integration: add busybox

* update depdendencies and fix tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* chore(mod): use the latest trivy-db

Co-authored-by: Simarpreet Singh <simar@linux.com>
 2020-04-30 12:48:28 +03:00
Teppei Fukuda
ac5f313129 feat(db): store metadata as a file (#464) 
* refactor: wrap errors

* feat(db): add the metadata file

* test(db): re-generate mocks

* fix(app): read metadata from the file in showVersion

* fix: open the database after downloading it

* fix(operation): use UpdateMetadata

* chore(mod): update dependency

* test(integration): fix tests

* fix(conf): rename TRIVY_NONSSL to TRIVY_NON_SSL
 2020-04-15 16:07:42 +03:00
Teppei Fukuda
329f245283 fix: replace containers/image with google/go-containerregistry (#456) 
* chore(mod): update dependencies

* fix(internal): remove cleanup

* fix: use only diff_id

* fix: use string instead of digest

* fix: replace LayerID with Layer

* test(integration): negotiate API version

* feat(conf): add TRIVY_NONSSL

* test(integration): update golden files

* test(integration): fix the error message

* chore(debian): add comments

* chore(mod): update dependencies
 2020-04-14 13:31:13 +03:00
Teppei Fukuda
aca31dffb3 detector: Add LayerID to detect vulns (#419) 
* detector/alpine: Add LayerID to detect vulns

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Add LayerID to DetectedVulns

Signed-off-by: Simarpreet Singh <simar@linux.com>

* debian: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* oracle: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* photon: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* redhat: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* suse: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* ubuntu: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Fix integration tests to include LayerID

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix(rpc): add layer_id

* fix(rpc): insert layer_id to the struct

* fix(extractor): add cleanup function

* fix(library): add layer ID to detected vulnerabilities

* test: update mocks

* chore(mod): point to the feature branch of fanal

* mod: Point to fanal/master

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Include LayerID as part of the assertion

Signed-off-by: Simarpreet Singh <simar@linux.com>

* docker_engine_test.go: Update an error message to conform with fanal/master.

Signed-off-by: Simarpreet Singh <simar@linux.com>

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2020-03-04 19:55:16 +02:00
Teppei Fukuda
18b80e3781 feat(cache): based on JSON (#398) 
* refactor(docker_conf): rename and remove unnecessary options

* feat(rpc): define new API

* fix(cli): change default timeout

* fix(import): fix package names

* refactor(vulnerability): remove old mock

* refactor(utils): remove un-needed functions

* feat(cache): implement cache communicating with a server

* refactor(scan): separate scan function as local scanner

* test(scanner): add tests for ScanImage

* refactor(scan): remove unused options

* test(vulnerability): generate mock

* refactor(server): split a file

* feat(server): implement new RPC server

* feat(client): implement new RPC client

* fix(cache): use new cache interface

* fix(standalone): use new scanner

* fix(client): use new scanner

* fix(server): pass cache

* test(integration): make sure an error is not nil before calling the method

* fix(mod): update dependencies

* test(integration): ensure the image load finishes

* feat(docker): support DOCKER_HOST and DOCKER_CERT_PATH

* chore(mod): update dependencies

* refactor(rpc): remove old client

* feat(server): support old API for backward compatibility

* fix(server): check a schema version of JSON cache

* fix(rpc): add a version to packages

* feat(rpc): add PutImage

* test: rename expectations

* refactor(cache): rename LayerCache to ImageCache

* refactor: rename ImageInfo to ImageReference

* fix(applier): pass image_id to ApplyLayer

* feat(cache): handle image cache

* chore(mod): update dependencies

* refactor(server): pass only config

* feat(cli): add -removed-pkgs option

* refactor(err): wrap errors
 2020-02-27 23:17:55 +02:00
Simarpreet Singh
db2d0c2e9b docker_engine_test: Add more OSes (#358) 
* docker_engine_test: Add more OSes

Fixes: https://github.com/aquasecurity/trivy/issues/356

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Add all OSes for docker mode.

Signed-off-by: Simarpreet Singh <simar@linux.com>
 2020-01-10 21:25:43 +02:00
Teppei Fukuda
0b96d08877 fix(integration-test): use a snapshot database for Docker mode (#352) 
* fix(integration): add a binary name

The first argument is used for the program name. --skip-update was
ignored.

* fix(integration): use a snapshot database

After a new vulnerability is found, this test fails

* chore(integration): add t.Run
 2019-12-30 17:48:15 +02:00
Simarpreet Singh
77f1abc17d Integration tests for docker mode (#335) 
* wip: run trivy after adding image

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Add an integration test for docker mode

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Add error checks for docker_engine_test

Signed-off-by: Simarpreet Singh <simar@linux.com>

* circleci: add specific docker version

Signed-off-by: Simarpreet Singh <simar@linux.com>

* circleci: add specific docker version

Signed-off-by: Simarpreet Singh <simar@linux.com>

* docker_engine_test: Add a sad path

Signed-off-by: Simarpreet Singh <simar@linux.com>

* circleci: Add docker_version by param

Signed-off-by: Simarpreet Singh <simar@linux.com>

* circleci: Add more docker versions

Signed-off-by: Simarpreet Singh <simar@linux.com>

* test(integration): remove old docker versions

* chore(ci): add requires

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
 2019-12-26 12:48:17 +02:00