Skip to content

Commit

Permalink
Add 0.34.0 release (#177)
Browse files Browse the repository at this point in the history
* bump to ghcr.io/aquasecurity/trivy:0.33.0

* fix tests

* bump to 0.34.0
  • Loading branch information
L1ghtman2k authored Nov 1, 2022
1 parent e55de85 commit 9ab158e
Show file tree
Hide file tree
Showing 10 changed files with 22 additions and 11 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.31.2
TRIVY_VERSION: 0.34.0
BATS_LIB_PATH: '/usr/lib/'
jobs:
build:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/aquasecurity/trivy:0.31.2
FROM ghcr.io/aquasecurity/trivy:0.34.0
COPY entrypoint.sh /
RUN apk --no-cache add bash curl npm
RUN chmod +x /entrypoint.sh
Expand Down
7 changes: 5 additions & 2 deletions test/data/config-sarif.test
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"id": "DS002",
"name": "Misconfiguration",
"shortDescription": {
"text": "DS002"
"text": "Image user should not be \u0026#39;root\u0026#39;"
},
"fullDescription": {
"text": "Running containers with \u0026#39;root\u0026#39; user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a \u0026#39;USER\u0026#39; statement to the Dockerfile."
Expand All @@ -37,7 +37,7 @@
}
}
],
"version": "0.31.2"
"version": "0.34.0"
}
},
"results": [
Expand All @@ -61,6 +61,9 @@
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "Dockerfile"
}
}
]
Expand Down
1 change: 1 addition & 0 deletions test/data/config.test
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
{
"Type": "Dockerfile Security Check",
"ID": "DS002",
"AVDID": "AVD-DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
Expand Down
1 change: 1 addition & 0 deletions test/data/fs-scheck.test
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
{
"Type": "Dockerfile Security Check",
"ID": "DS002",
"AVDID": "AVD-DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
Expand Down
2 changes: 1 addition & 1 deletion test/data/image-sarif.test
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
}
}
],
"version": "0.31.2"
"version": "0.34.0"
}
},
"results": [
Expand Down
7 changes: 5 additions & 2 deletions test/data/image-trivyignores.test
Original file line number Diff line number Diff line change
Expand Up @@ -75,12 +75,15 @@ Total: 19 (CRITICAL: 19)

rust-app/Cargo.lock (cargo)
===========================
Total: 1 (CRITICAL: 1)
Total: 2 (CRITICAL: 2)

┌──────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├──────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ smallvec │ CVE-2021-25900 │ CRITICAL │ 0.6.9 │ 0.6.14, 1.6.1 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ openssl │ CVE-2018-20997 │ CRITICAL │ 0.8.3 │ 0.10.9 │ Use after free in openssl │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20997 │
├──────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ smallvec │ CVE-2021-25900 │ │ 0.6.9 │ 1.6.1, 0.6.14 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ │ │ │ │ │ and 1.x... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-25900 │
└──────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
9 changes: 6 additions & 3 deletions test/data/image.test
Original file line number Diff line number Diff line change
Expand Up @@ -75,12 +75,15 @@ Total: 19 (CRITICAL: 19)

rust-app/Cargo.lock (cargo)
===========================
Total: 4 (CRITICAL: 4)
Total: 5 (CRITICAL: 5)

┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ rand_core │ CVE-2020-25576 │ CRITICAL │ 0.4.0 │ 0.3.1, 0.4.2 │ An issue was discovered in the rand_core crate before 0.4.2 │
│ openssl │ CVE-2018-20997 │ CRITICAL │ 0.8.3 │ 0.10.9 │ Use after free in openssl │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20997 │
├───────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ rand_core │ CVE-2020-25576 │ │ 0.4.0 │ 0.3.1, 0.4.2 │ An issue was discovered in the rand_core crate before 0.4.2 │
│ │ │ │ │ │ for Rust.... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25576 │
├───────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
Expand All @@ -92,7 +95,7 @@ Total: 4 (CRITICAL: 4)
│ │ │ │ │ │ for Rust.... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-15554 │
│ ├────────────────┤ │ ├───────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2021-25900 │ │ │ 0.6.14, 1.6.1 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ │ CVE-2021-25900 │ │ │ 1.6.1, 0.6.14 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ │ │ │ │ │ and 1.x... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-25900 │
└───────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
1 change: 0 additions & 1 deletion test/data/repo.test
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@
]
},
"Match": "export GITHUB_PAT=****************************************",
"Deleted": false,
"Layer": {}
}
]
Expand Down
1 change: 1 addition & 0 deletions test/data/yamlconfig.test
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2021-36159",
"PkgID": "[email protected]",
"PkgName": "apk-tools",
"InstalledVersion": "2.10.6-r0",
"FixedVersion": "2.10.7-r0",
Expand Down

0 comments on commit 9ab158e

Please sign in to comment.