-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage #1068
Conversation
ce97bb8
to
c9dec89
Compare
Codecov Report
@@ Coverage Diff @@
## main #1068 +/- ##
==========================================
- Coverage 89.23% 89.05% -0.18%
==========================================
Files 89 74 -15
Lines 18294 15056 -3238
==========================================
- Hits 16324 13408 -2916
+ Misses 1504 1284 -220
+ Partials 466 364 -102
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
47a0945
to
dfe1c92
Compare
dfe1c92
to
1fb038b
Compare
6f173e6
to
a24f436
Compare
fd383ea
to
56b5692
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this change we are not using our forks (trivy, trivy-db and fanal) and now we are configuring our cache dir (_trivy
).
56b5692
to
365121d
Compare
@shimish2 can you review this pls? |
I already did that. |
5c11927
to
35da59d
Compare
…es in local image storage 1. chore(trivy): update trivy library version The trivy team switched github.com/urfave/cli for viper so there are some other code changes as well. Since we don't use github.com/urfave/cli directly in our software we needed to add a tools.go in order for "go mod tidy" to not delete it. See this pattern explained in: - https://github.com/99designs/gqlgen#quick-start - https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module - https://github.com/go-modules-by-example/index/blob/master/010_tools/README.md#walk-through The jobs using "go get -u" have been updated to use "go install", since go get modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older version with broken dependencies 2. fix(storage) Update local storage to ignore folder names not compliant with dist spec Also updated trivy to download the DB and cache results under the rootDir/_trivy folder 3. fix(s3): one of the s3 tests was missing the skipIt call This caused a failure when running locally without s3 being available 4. make sure the offline scanning is enabled, and zot only downloads the trivy DB on the regular schedule, and doesn't download the DB on every image scan ci: increase build and test timeout as tests are reaching the limit more often Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
35da59d
to
15d1529
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Originally 4 commits, squashed so the can be signed after rebasing.
The trivy team switched github.com/urfave/cli for viper so
there are some other code changes as well.
Since we don't use github.com/urfave/cli directly in our software
we needed to add a tools.go in order for "go mod tidy" to not delete it.
See this pattern explained in:
The jobs using "go get -u" have been updated to use "go install", since go get
modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older
version with broken dependencies
fix(storage) Update local storage to ignore folder names not compliant with dist spec
Also updated trivy to download the DB and cache results under the rootDir/_trivy folder
fix(s3): one of the s3 tests was missing the skipIt call
This caused a failure when running locally without s3 being available
make sure the offline scanning is enabled, and zot only downloads the trivy DB
on the regular schedule, and doesn't download the DB on every image scan
Signed-off-by: Andrei Aaron andaaron@cisco.com