Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy #3259

Merged
merged 21 commits into from
Feb 21, 2024
Merged

Trivy #3259

merged 21 commits into from
Feb 21, 2024

Conversation

fnxpt
Copy link

@fnxpt fnxpt commented Dec 2, 2023
edited by nscuro
Loading

Description

Trivy analyser support

Addressed Issue

Closes #3251

Checklist

  • I have read and understand the contributing guidelines
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended

Marlon Pina Tojal added 5 commits December 1, 2023 12:26
initial commit
c535446 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
add trivy analyzer
312ee25 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
improvements on parser
2486e3f 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
documentation
77c0fb4 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
add instructions to trivy server
20f1f7b 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
@nscuro nscuro added this to the 4.11 milestone Dec 3, 2023
add docker and other package managers
b80ed60 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
Marlon Pina Tojal added 11 commits December 4, 2023 19:14
address comments
784e3b9 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
remove spaces
6923e39 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
add unit tests and a few improvements
9e09072 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
fix issue with missing package managers
2d8e0f5 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
fix issues with docker images (packages + epoch + arch)
62528bb 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
split requests per OS
ea3658a 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
fix date parsing
bd90605 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
add support for trivy configuration ignore unfixed
842904b 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
update configuration image
8c618c0 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
missing property creation on test
baa6594 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
fix test
1817e5e 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
@nscuro nscuro added the enhancement New feature or request label Jan 10, 2024
@nscuro nscuro self-assigned this Jan 11, 2024
replace resolve with lookup
9d63041 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
nscuro
nscuro requested changes Jan 22, 2024
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @fnxpt! A few necessary changes.

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java Outdated Show resolved Hide resolved
@fnxpt fnxpt force-pushed the trivy branch 4 times, most recently from 69795cd to 1557a11 Compare January 25, 2024 18:09
address comments
dc6995f 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
trivy constants
296302f 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
nscuro
nscuro requested changes Feb 3, 2024
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @fnxpt!

Looks good from my end, except a small resource leak and some minor logging adjustment. I have also asked other team members to test this, hoping to get even more feedback.

src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java Outdated Show resolved Hide resolved
address comments
1cfe0f4 
Signed-off-by: Marlon Pina Tojal <marlont@backbase.com>
@nscuro nscuro added the integration/trivy Related to the Trivy integration label Feb 21, 2024
nscuro
nscuro approved these changes Feb 21, 2024
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @fnxpt, I'm sure many users will appreciate this integration!

@nscuro nscuro merged commit 33efa7a into DependencyTrack:master Feb 21, 2024
9 checks passed
@ybelMekk
Copy link
Contributor

ybelMekk commented Feb 21, 2024
edited
Loading

Good work @fnxpt , been following this for a while, looking forward to the release ❤️

@simonfrancaix
Copy link

Thank you so much for this feature @fnxpt! I've already been able to test the new version of the snapshot, and there's no doubt that its uses will greatly improve our security posture. Looking forward to the release!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@valentijnscholten valentijnscholten valentijnscholten left review comments

@nscuro nscuro nscuro approved these changes

Assignees

@nscuro nscuro

Labels
enhancement New feature or request integration/trivy Related to the Trivy integration
Projects
None yet
Milestone
4.11
Development

Successfully merging this pull request may close these issues.

Trivy analyzer support
5 participants
@fnxpt @ybelMekk @simonfrancaix @valentijnscholten @nscuro