diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 73da1ed9..fad0d4df 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,9 +52,3 @@ jobs: with: version: v1.9.2 args: release --snapshot --skip-publish --rm-dist - - name: Scan image for vulnerabilities - uses: aquasecurity/trivy-action@master - with: - image-ref: "docker.io/aquasec/harbor-scanner-trivy:${{ github.sha }}" - severity: "CRITICAL" - exit-code: "1" diff --git a/Dockerfile b/Dockerfile index 37dd9a6d..8fd00710 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # That's the only place where you're supposed to specify version of Trivy. -ARG TRIVY_VERSION=0.52.2 +ARG TRIVY_VERSION=0.54.1 FROM aquasec/trivy:${TRIVY_VERSION} diff --git a/README.md b/README.md index e867d191..b37171ba 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ The following matrix indicates the version of Trivy and Trivy adapter installed | Harbor | Trivy Adapter | Trivy | |------------------|---------------|-----------------| +| - | v0.31.4 | [trivy v0.54.1] | | - | v0.31.3 | [trivy v0.52.2] | | - | v0.31.2 | [trivy v0.51.2] | | - | v0.31.1 | [trivy v0.50.4] | diff --git a/go.mod b/go.mod index c36d5c4f..9c9a2f80 100644 --- a/go.mod +++ b/go.mod @@ -6,11 +6,11 @@ require ( github.com/alicebob/miniredis/v2 v2.33.0 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 github.com/caarlos0/env/v6 v6.10.1 - github.com/docker/docker v27.0.3+incompatible + github.com/docker/docker v27.1.1+incompatible github.com/docker/go-connections v0.5.0 github.com/google/go-containerregistry v0.14.0 github.com/gorilla/mux v1.8.1 - github.com/gorilla/schema v1.4.0 + github.com/gorilla/schema v1.4.1 github.com/opencontainers/go-digest v1.0.0 github.com/prometheus/client_golang v1.19.0 github.com/redis/go-redis/v9 v9.6.1 diff --git a/go.sum b/go.sum index 8a8e651f..82119b7d 100644 --- a/go.sum +++ b/go.sum @@ -52,8 +52,8 @@ github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qe github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE= -github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY= +github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -90,8 +90,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/schema v1.4.0 h1:l2N+lRTJtev9SUhBtj6NmSxd/6+8LhvN0kV+H2Y8R9k= -github.com/gorilla/schema v1.4.0/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM= +github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E= +github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= diff --git a/test/component/component_test.go b/test/component/component_test.go index 65bf5757..c32f7260 100644 --- a/test/component/component_test.go +++ b/test/component/component_test.go @@ -26,7 +26,7 @@ var ( trivyScanner = harbor.Scanner{ Name: "Trivy", Vendor: "Aqua Security", - Version: "0.52.2", + Version: "0.54.1", } )