-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SCB-Bot] Upgraded trivy from 0.19.2 to 0.20.2 #777
Conversation
Signed-off-by: secureCodeBoxBot <securecodebox@iteratec.com>
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Changes have to be made to trivy's parser.js. This is due to the new json schema : Info here. |
Thanks for the heads up. I'll give this a shot, probably tomorrow, if no one else wants to claim it first. |
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
While rewriting the parser, I found that the I have also removed most of the test cases since they all seem to test the same (a scan of a docker image) and have instead introduced a result from a repository scan. Was there any specific reason why there were so many similar test case? If so, I can bring them back - it just means re-running all of the analyses for the example cases and putting the JSONs in the repo + updating the snapshots. |
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
I have added two more things to the documentation: the extra parameters required to scan things other than docker images (#796) and some information on using the client-server mode to avoid issues with GitHub rate limiting on rule downloads. With this, I consider the PR ready for review and merge, aside from the questions raised above about the output format and unit tests. |
I think a custom attribute as defined here and/or including it in the description field are more appropriate for the Pertaining to #796, I agree. I think a documentation warning and adding some repo scans examples are the best we can do for now. It's a Trivy related issue. Silently ignoring parameters seems like something that will always cause issues. |
Signed-off-by: Max Maass <max.maass@iteratec.com>
I have added the extra metadata, so this should be ready to review and merge from my side. |
This is an automated Pull Request by the SCB-Bot. It upgrades trivy from 0.19.2 to 0.20.2