From 8217e07a094bbde3f094d152d4d1d16df7060f05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 12 Nov 2023 22:00:40 +0200 Subject: [PATCH 01/14] build(deps): bump helm/chart-testing-action from 2.6.0 to 2.6.1 (#1616) Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.6.0...v2.6.1) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/chart-testing.yaml | 2 +- .github/workflows/publish-helm-chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-testing.yaml b/.github/workflows/chart-testing.yaml index cf1ef1863..56fa1bebd 100644 --- a/.github/workflows/chart-testing.yaml +++ b/.github/workflows/chart-testing.yaml @@ -81,7 +81,7 @@ jobs: python-version: 3.7 - name: Setup chart-testing id: lint - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing run: ct lint-and-install --validate-maintainers=false --charts deploy/helm - name: Delete kind cluster diff --git a/.github/workflows/publish-helm-chart.yaml b/.github/workflows/publish-helm-chart.yaml index c3e013f51..fef04c160 100644 --- a/.github/workflows/publish-helm-chart.yaml +++ b/.github/workflows/publish-helm-chart.yaml @@ -32,7 +32,7 @@ jobs: python-version: 3.7 - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.6.0 + uses: helm/chart-testing-action@v2.6.1 - name: Setup Kubernetes cluster (KIND) uses: helm/kind-action@v1.8.0 # v1.5.0 with: From f499e17ad24b9bd90eaa0368592634bdf233176a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 12 Nov 2023 22:30:17 +0200 Subject: [PATCH 02/14] build(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#1614) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 24196a4fa..b3e85c751 100644 --- a/go.mod +++ b/go.mod @@ -291,7 +291,7 @@ require ( golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 + golang.org/x/text v0.14.0 golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.14.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index f59747cb2..e8c550f9e 100644 --- a/go.sum +++ b/go.sum @@ -1907,8 +1907,8 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From e74630953d6fcf5000e46db39474dd1385cf1ea6 Mon Sep 17 00:00:00 2001 From: chenk Date: Mon, 13 Nov 2023 14:24:07 +0200 Subject: [PATCH 03/14] feat: cache sbom by image ref (#1606) * feat: cache sbom by image ref Signed-off-by: chenk * feat: cache sbom by image ref Signed-off-by: chenk * feat: cache sbom by image ref Signed-off-by: chenk --------- Signed-off-by: chenk --- .github/workflows/build.yaml | 21 + deploy/helm/README.md | 1 + ...security.github.io_clustersbomreports.yaml | 327 ++ deploy/helm/generated/role.yaml | 12 + deploy/helm/templates/deployment.yaml | 2 + deploy/helm/values.yaml | 2 + deploy/static/trivy-operator.yaml | 341 ++ go.mod | 6 +- pkg/apis/aquasecurity/v1alpha1/register.go | 2 + pkg/apis/aquasecurity/v1alpha1/sbom_types.go | 29 + .../v1alpha1/zz_generated.deepcopy.go | 58 + pkg/exposedsecretreport/builder.go | 12 - pkg/operator/etc/config.go | 1 + pkg/operator/ttl_report.go | 5 +- pkg/plugins/trivy/filesystem.go | 94 +- pkg/plugins/trivy/filesystem_test.go | 73 + pkg/plugins/trivy/image.go | 109 +- pkg/plugins/trivy/image_test.go | 90 + pkg/plugins/trivy/jobspec.go | 49 +- pkg/plugins/trivy/jobspec_test.go | 81 + pkg/plugins/trivy/plugin.go | 4 +- pkg/plugins/trivy/plugin_test.go | 6 +- .../trivy/testdata/fixture/alpine_sbom.json | 893 +++++ pkg/sbomreport/builder.go | 58 +- pkg/sbomreport/builder_test.go | 72 +- pkg/sbomreport/io.go | 66 + pkg/sbomreport/io_test.go | 42 + pkg/trivyoperator/constants.go | 2 + pkg/vulnerabilityreport/builder.go | 11 +- pkg/vulnerabilityreport/builder_test.go | 2 +- pkg/vulnerabilityreport/controller/helper.go | 19 + pkg/vulnerabilityreport/controller/scanjob.go | 110 +- .../controller/workload.go | 63 +- pkg/vulnerabilityreport/plugin.go | 2 +- tests/config/client-server-sbom.yaml | 11 + tests/config/fs-sbom.yaml | 12 + tests/config/sbom-standalone.yaml | 14 + .../e2e/client-server/workload/04-assert.yaml | 2 - tests/e2e/fs-mode/workload/04-assert.yaml | 2 - tests/e2e/image-mode/workload/04-assert.yaml | 2 - .../workload/00-sbom-pod.yaml | 3531 +++++++++++++++++ .../workload/01-assert.yaml | 16 + .../sbom-client-server/workload/01-pod.yaml | 14 + .../workload/02-assert.yaml | 17 + .../workload/03-assert.yaml | 17 + tests/e2e/sbom-fs/workload/00-sbom-pod.yaml | 3531 +++++++++++++++++ tests/e2e/sbom-fs/workload/01-assert.yaml | 16 + tests/e2e/sbom-fs/workload/01-pod.yaml | 14 + tests/e2e/sbom-fs/workload/02-assert.yaml | 17 + tests/e2e/sbom-fs/workload/03-assert.yaml | 17 + .../sbom-standalone/workload/00-sbom-pod.yaml | 3531 +++++++++++++++++ .../sbom-standalone/workload/01-assert.yaml | 19 + .../e2e/sbom-standalone/workload/01-pod.yaml | 14 + .../sbom-standalone/workload/02-assert.yaml | 17 + .../sbom-standalone/workload/03-assert.yaml | 17 + tests/resources-cleanup.sh | 2 + 56 files changed, 13389 insertions(+), 109 deletions(-) create mode 100644 deploy/helm/crds/aquasecurity.github.io_clustersbomreports.yaml create mode 100644 pkg/plugins/trivy/filesystem_test.go create mode 100644 pkg/plugins/trivy/jobspec_test.go create mode 100644 pkg/plugins/trivy/testdata/fixture/alpine_sbom.json create mode 100644 tests/config/client-server-sbom.yaml create mode 100644 tests/config/fs-sbom.yaml create mode 100644 tests/config/sbom-standalone.yaml create mode 100644 tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml create mode 100644 tests/e2e/sbom-client-server/workload/01-assert.yaml create mode 100644 tests/e2e/sbom-client-server/workload/01-pod.yaml create mode 100644 tests/e2e/sbom-client-server/workload/02-assert.yaml create mode 100644 tests/e2e/sbom-client-server/workload/03-assert.yaml create mode 100644 tests/e2e/sbom-fs/workload/00-sbom-pod.yaml create mode 100644 tests/e2e/sbom-fs/workload/01-assert.yaml create mode 100644 tests/e2e/sbom-fs/workload/01-pod.yaml create mode 100644 tests/e2e/sbom-fs/workload/02-assert.yaml create mode 100644 tests/e2e/sbom-fs/workload/03-assert.yaml create mode 100644 tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml create mode 100644 tests/e2e/sbom-standalone/workload/01-assert.yaml create mode 100644 tests/e2e/sbom-standalone/workload/01-pod.yaml create mode 100644 tests/e2e/sbom-standalone/workload/02-assert.yaml create mode 100644 tests/e2e/sbom-standalone/workload/03-assert.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5f0219f08..c8a319dc1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -224,6 +224,27 @@ jobs: ./bin/kuttl test --start-kind=false --config tests/config/client-server.yaml + ./tests/resources-cleanup.sh > /dev/null 2>&1 + - name: Standalon mode with Sbom scanning + reports tests + run: > + ./bin/kuttl test --start-kind=false --config + tests/config/sbom-standalone.yaml + + ./tests/resources-cleanup.sh > /dev/null 2>&1 + - name: Client/Server with Sbom scanning + reports tests + run: > + ./bin/kuttl test --start-kind=false --config + tests/config/client-server-sbom.yaml + + ./tests/resources-cleanup.sh > /dev/null 2>&1 + - name: file system with Sbom scanning + reports tests + run: > + ./bin/kuttl test --start-kind=false --config + tests/config/fs-sbom.yaml + ./tests/resources-cleanup.sh > /dev/null 2>&1 - name: Node scan producing cluster infraassessment report run: > diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 7bfcba9d2..ddffe7d71 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -39,6 +39,7 @@ Keeps security report resources updated | operator.batchDeleteDelay | string | `"10s"` | batchDeleteDelay the duration to wait before deleting another batch of config audit reports. | | operator.batchDeleteLimit | int | `10` | batchDeleteLimit the maximum number of config audit reports deleted by the operator when the plugin's config has changed. | | operator.builtInTrivyServer | bool | `false` | builtInTrivyServer The flag enable the usage of built-in trivy server in cluster ,its also override the following trivy params with built-in values trivy.mode = ClientServer and serverURL = http://.:4975 | +| operator.cacheReportTTL | string | `"120h"` | cacheReportTTL the flag to set how long a cluster sbom report should exist. "" means that the cacheReportTTL feature is disabled | | operator.clusterComplianceEnabled | bool | `true` | clusterComplianceEnabled the flag to enable cluster compliance scanner | | operator.configAuditScannerEnabled | bool | `true` | configAuditScannerEnabled the flag to enable configuration audit scanner | | operator.configAuditScannerScanOnlyCurrentRevisions | bool | `true` | configAuditScannerScanOnlyCurrentRevisions the flag to only create config audit scans on the current revision of a deployment. | diff --git a/deploy/helm/crds/aquasecurity.github.io_clustersbomreports.yaml b/deploy/helm/crds/aquasecurity.github.io_clustersbomreports.yaml new file mode 100644 index 000000000..fef930991 --- /dev/null +++ b/deploy/helm/crds/aquasecurity.github.io_clustersbomreports.yaml @@ -0,0 +1,327 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clustersbomreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterSbomReport + listKind: ClusterSbomReportList + plural: clustersbomreports + shortNames: + - clustersbom + singular: clustersbomreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the sbom generation scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of dependencies in bom + jsonPath: .report.summary.componentsCount + name: Components + priority: 1 + type: integer + - description: The the number of components in bom + jsonPath: .report.summary.dependenciesCount + name: Dependencies + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSbomReport summarizes components and dependencies found + in container image + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual sbom report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + components: + description: Bom isartifact bill of materials. + properties: + bomFormat: + type: string + components: + items: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + type: array + dependencies: + items: + properties: + dependsOn: + items: + type: string + type: array + ref: + type: string + type: object + type: array + metadata: + properties: + component: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + timestamp: + type: string + tools: + items: + properties: + name: + type: string + vendor: + type: string + version: + type: string + type: object + type: array + type: object + serialNumber: + type: string + specVersion: + type: string + version: + type: integer + required: + - bomFormat + - specVersion + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: Summary is a summary of sbom report. + properties: + componentsCount: + description: ComponentsCount is the number of components in bom. + minimum: 0 + type: integer + dependenciesCount: + description: DependenciesCount is the number of dependencies in + bom. + minimum: 0 + type: integer + required: + - componentsCount + - dependenciesCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + required: + - artifact + - components + - scanner + - summary + - updateTimestamp + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} diff --git a/deploy/helm/generated/role.yaml b/deploy/helm/generated/role.yaml index 4c2254924..6fe50b6f0 100644 --- a/deploy/helm/generated/role.yaml +++ b/deploy/helm/generated/role.yaml @@ -184,6 +184,18 @@ rules: - patch - update - watch +- apiGroups: + - aquasecurity.github.io + resources: + - clustersbomreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - aquasecurity.github.io resources: diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/templates/deployment.yaml index f6d311576..075ca7346 100644 --- a/deploy/helm/templates/deployment.yaml +++ b/deploy/helm/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: {{ .Values.operator.vulnerabilityScannerScanOnlyCurrentRevisions | quote }} - name: OPERATOR_SCANNER_REPORT_TTL value: {{ .Values.operator.scannerReportTTL | quote }} + - name: OPERATOR_CACHE_REPORT_TTL + value: {{ .Values.operator.cacheReportTTL | quote }} - name: CONTROLLER_CACHE_SYNC_TIMEOUT value: {{ .Values.operator.controllerCacheSyncTimeout | quote }} - name: OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index 089a12eec..aee9916e2 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -71,6 +71,8 @@ operator: sbomGenerationEnabled: true # -- scannerReportTTL the flag to set how long a report should exist. "" means that the ScannerReportTTL feature is disabled scannerReportTTL: "24h" + # -- cacheReportTTL the flag to set how long a cluster sbom report should exist. "" means that the cacheReportTTL feature is disabled + cacheReportTTL: "120h" # -- configAuditScannerEnabled the flag to enable configuration audit scanner configAuditScannerEnabled: true # -- rbacAssessmentScannerEnabled the flag to enable rbac assessment scanner diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 5c895fb0e..d23d7ade5 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -775,6 +775,333 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: clustersbomreports.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: ClusterSbomReport + listKind: ClusterSbomReportList + plural: clustersbomreports + shortNames: + - clustersbom + singular: clustersbomreport + scope: Cluster + versions: + - additionalPrinterColumns: + - description: The name of image repository + jsonPath: .report.artifact.repository + name: Repository + type: string + - description: The name of image tag + jsonPath: .report.artifact.tag + name: Tag + type: string + - description: The name of the sbom generation scanner + jsonPath: .report.scanner.name + name: Scanner + type: string + - description: The age of the report + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The number of dependencies in bom + jsonPath: .report.summary.componentsCount + name: Components + priority: 1 + type: integer + - description: The the number of components in bom + jsonPath: .report.summary.dependenciesCount + name: Dependencies + priority: 1 + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSbomReport summarizes components and dependencies found + in container image + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + report: + description: Report is the actual sbom report data. + properties: + artifact: + description: Artifact represents a standalone, executable package + of software that includes everything needed to run an application. + properties: + digest: + description: Digest is a unique and immutable identifier of an + Artifact. + type: string + mimeType: + description: MimeType represents a type and format of an Artifact. + type: string + repository: + description: Repository is the name of the repository in the Artifact + registry. + type: string + tag: + description: Tag is a mutable, human-readable string used to identify + an Artifact. + type: string + type: object + components: + description: Bom isartifact bill of materials. + properties: + bomFormat: + type: string + components: + items: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + type: array + dependencies: + items: + properties: + dependsOn: + items: + type: string + type: array + ref: + type: string + type: object + type: array + metadata: + properties: + component: + properties: + bom-ref: + type: string + group: + type: string + hashes: + items: + properties: + alg: + type: string + content: + type: string + type: object + type: array + licenses: + items: + properties: + expression: + type: string + license: + properties: + id: + type: string + name: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + properties: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + purl: + type: string + supplier: + properties: + contact: + items: + properties: + email: + type: string + name: + type: string + phone: + type: string + type: object + type: array + name: + type: string + url: + items: + type: string + type: array + type: object + type: + type: string + version: + type: string + type: object + timestamp: + type: string + tools: + items: + properties: + name: + type: string + vendor: + type: string + version: + type: string + type: object + type: array + type: object + serialNumber: + type: string + specVersion: + type: string + version: + type: integer + required: + - bomFormat + - specVersion + type: object + registry: + description: Registry is the registry the Artifact was pulled from. + properties: + server: + description: Server the FQDN of registry server. + type: string + type: object + scanner: + description: Scanner is the scanner that generated this report. + properties: + name: + description: Name the name of the scanner. + type: string + vendor: + description: Vendor the name of the vendor providing the scanner. + type: string + version: + description: Version the version of the scanner. + type: string + required: + - name + - vendor + - version + type: object + summary: + description: Summary is a summary of sbom report. + properties: + componentsCount: + description: ComponentsCount is the number of components in bom. + minimum: 0 + type: integer + dependenciesCount: + description: DependenciesCount is the number of dependencies in + bom. + minimum: 0 + type: integer + required: + - componentsCount + - dependenciesCount + type: object + updateTimestamp: + description: UpdateTimestamp is a timestamp representing the server + time in UTC when this report was updated. + format: date-time + type: string + required: + - artifact + - components + - scanner + - summary + - updateTimestamp + type: object + required: + - report + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.9.2 @@ -2275,6 +2602,8 @@ spec: value: "true" - name: OPERATOR_SCANNER_REPORT_TTL value: "24h" + - name: OPERATOR_CACHE_REPORT_TTL + value: "120h" - name: CONTROLLER_CACHE_SYNC_TIMEOUT value: "5m" - name: OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED @@ -2552,6 +2881,18 @@ rules: - patch - update - watch +- apiGroups: + - aquasecurity.github.io + resources: + - clustersbomreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - aquasecurity.github.io resources: diff --git a/go.mod b/go.mod index b3e85c751..3b9a150f7 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,10 @@ require ( sigs.k8s.io/yaml v1.4.0 ) -require github.com/magefile/mage v1.15.0 +require ( + github.com/aws/aws-sdk-go v1.46.6 + github.com/magefile/mage v1.15.0 +) require ( cloud.google.com/go v0.110.9 // indirect @@ -75,7 +78,6 @@ require ( github.com/aquasecurity/tml v0.6.1 // indirect github.com/aquasecurity/trivy-java-db v0.0.0-20230514115002-fb1b70d903ce // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go v1.46.6 // indirect github.com/aws/aws-sdk-go-v2 v1.22.1 // indirect github.com/aws/aws-sdk-go-v2/config v1.18.45 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect diff --git a/pkg/apis/aquasecurity/v1alpha1/register.go b/pkg/apis/aquasecurity/v1alpha1/register.go index 0112620ad..7570d3c7a 100644 --- a/pkg/apis/aquasecurity/v1alpha1/register.go +++ b/pkg/apis/aquasecurity/v1alpha1/register.go @@ -40,6 +40,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ClusterInfraAssessmentReportList{}, &SbomReport{}, &SbomReportList{}, + &ClusterSbomReport{}, + &ClusterSbomReportList{}, ) meta.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/pkg/apis/aquasecurity/v1alpha1/sbom_types.go b/pkg/apis/aquasecurity/v1alpha1/sbom_types.go index fee9d21d5..ade950421 100644 --- a/pkg/apis/aquasecurity/v1alpha1/sbom_types.go +++ b/pkg/apis/aquasecurity/v1alpha1/sbom_types.go @@ -141,3 +141,32 @@ type SbomReportList struct { // SbomReport is the spec for a sbom record. Items []SbomReport `json:"items"` } + +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Cluster,shortName={clustersbom} +// +kubebuilder:printcolumn:name="Repository",type=string,JSONPath=`.report.artifact.repository`,description="The name of image repository" +// +kubebuilder:printcolumn:name="Tag",type=string,JSONPath=`.report.artifact.tag`,description="The name of image tag" +// +kubebuilder:printcolumn:name="Scanner",type=string,JSONPath=`.report.scanner.name`,description="The name of the sbom generation scanner" +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="The age of the report" +// +kubebuilder:printcolumn:name="Components",type=integer,JSONPath=`.report.summary.componentsCount`,priority=1,description="The number of dependencies in bom" +// +kubebuilder:printcolumn:name="Dependencies",type=integer,JSONPath=`.report.summary.dependenciesCount`,priority=1,description="The the number of components in bom" + +// ClusterSbomReport summarizes components and dependencies found in container image +type ClusterSbomReport struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Report is the actual sbom report data. + Report SbomReportData `json:"report"` +} + +// +kubebuilder:object:root=true + +// ClusterSbomReportList is a list of cluster SbomReport resources. +type ClusterSbomReportList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + // SbomReport is the spec for a sbom record. + Items []ClusterSbomReport `json:"items"` +} diff --git a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go index 57fb84dc2..bc397f9b5 100644 --- a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go @@ -340,6 +340,64 @@ func (in *ClusterRbacAssessmentReportList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterSbomReport) DeepCopyInto(out *ClusterSbomReport) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Report.DeepCopyInto(&out.Report) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSbomReport. +func (in *ClusterSbomReport) DeepCopy() *ClusterSbomReport { + if in == nil { + return nil + } + out := new(ClusterSbomReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterSbomReport) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterSbomReportList) DeepCopyInto(out *ClusterSbomReportList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterSbomReport, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSbomReportList. +func (in *ClusterSbomReportList) DeepCopy() *ClusterSbomReportList { + if in == nil { + return nil + } + out := new(ClusterSbomReportList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterSbomReportList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Complaince) DeepCopyInto(out *Complaince) { *out = *in diff --git a/pkg/exposedsecretreport/builder.go b/pkg/exposedsecretreport/builder.go index dbb5e9228..3439c3229 100644 --- a/pkg/exposedsecretreport/builder.go +++ b/pkg/exposedsecretreport/builder.go @@ -3,7 +3,6 @@ package exposedsecretreport import ( "fmt" "strings" - "time" "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/kube" @@ -23,7 +22,6 @@ type ReportBuilder struct { container string hash string data v1alpha1.ExposedSecretReportData - reportTTL *time.Duration resourceLabelsToInclude []string additionalReportLabels labels.Set } @@ -54,11 +52,6 @@ func (b *ReportBuilder) Data(data v1alpha1.ExposedSecretReportData) *ReportBuild return b } -func (b *ReportBuilder) ReportTTL(ttl *time.Duration) *ReportBuilder { - b.reportTTL = ttl - return b -} - func (b *ReportBuilder) ResourceLabelsToInclude(resourceLabelsToInclude []string) *ReportBuilder { b.resourceLabelsToInclude = resourceLabelsToInclude return b @@ -102,11 +95,6 @@ func (b *ReportBuilder) Get() (v1alpha1.ExposedSecretReport, error) { }, Report: b.data, } - if b.reportTTL != nil { - report.Annotations = map[string]string{ - v1alpha1.TTLReportAnnotation: b.reportTTL.String(), - } - } err := kube.ObjectToObjectMeta(b.controller, &report.ObjectMeta) if err != nil { return v1alpha1.ExposedSecretReport{}, err diff --git a/pkg/operator/etc/config.go b/pkg/operator/etc/config.go index 822724ee6..c4069e232 100644 --- a/pkg/operator/etc/config.go +++ b/pkg/operator/etc/config.go @@ -35,6 +35,7 @@ type Config struct { SbomGenerationEnable bool `env:"OPERATOR_SBOM_GENERATION_ENABLED" envDefault:"true"` VulnerabilityScannerScanOnlyCurrentRevisions bool `env:"OPERATOR_VULNERABILITY_SCANNER_SCAN_ONLY_CURRENT_REVISIONS" envDefault:"true"` ScannerReportTTL *time.Duration `env:"OPERATOR_SCANNER_REPORT_TTL" envDefault:"24h"` + CacheReportTTL *time.Duration `env:"OPERATOR_CACHE_REPORT_TTL" envDefault:"120h"` ClusterComplianceEnabled bool `env:"OPERATOR_CLUSTER_COMPLIANCE_ENABLED" envDefault:"true"` InvokeClusterComplianceOnce bool `env:"OPERATOR_INVOKE_CLUSTER_COMPLIANCE_ONCE" envDefault:"false"` // for testing purposes only ConfigAuditScannerEnabled bool `env:"OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED" envDefault:"true"` diff --git a/pkg/operator/ttl_report.go b/pkg/operator/ttl_report.go index 88c8ba11c..3945fe9f4 100644 --- a/pkg/operator/ttl_report.go +++ b/pkg/operator/ttl_report.go @@ -51,6 +51,9 @@ func (r *TTLReportReconciler) SetupWithManager(mgr ctrl.Manager) error { if r.Config.InfraAssessmentScannerEnabled { ttlResources = append(ttlResources, kube.Resource{ForObject: &v1alpha1.InfraAssessmentReport{}}) } + if r.Config.SbomGenerationEnable { + ttlResources = append(ttlResources, kube.Resource{ForObject: &v1alpha1.ClusterSbomReport{}}) + } installModePredicate, err := predicate.InstallModePredicate(r.Config) if err != nil { return err @@ -114,7 +117,7 @@ func (r *TTLReportReconciler) DeleteReportIfExpired(ctx context.Context, namespa func (r *TTLReportReconciler) applicableForDeletion(report client.Object, ttlReportAnnotationStr string) bool { reportKind := report.GetObjectKind().GroupVersionKind().Kind - if reportKind == "VulnerabilityReport" || reportKind == "ExposedSecretReport" { + if reportKind == "VulnerabilityReport" || reportKind == "ExposedSecretReport" || reportKind == "ClusterSbomReport" { return true } if ttlReportAnnotationStr == time.Duration(0).String() { // check if it marked as historical report diff --git a/pkg/plugins/trivy/filesystem.go b/pkg/plugins/trivy/filesystem.go index 1e873909d..e89d37860 100644 --- a/pkg/plugins/trivy/filesystem.go +++ b/pkg/plugins/trivy/filesystem.go @@ -5,6 +5,7 @@ import ( "fmt" "net/url" + "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/docker" "github.com/aquasecurity/trivy-operator/pkg/kube" "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" @@ -21,8 +22,8 @@ func NewFileSystemJobSpecMgr() PodSpecMgr { return &FileSystemJobSpecMgr{} } -func (j *FileSystemJobSpecMgr) GetPodSpec(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) { - return j.getPodSpecFunc(ctx, config, workload, credentials, securityContext, p) +func (j *FileSystemJobSpecMgr) GetPodSpec(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { + return j.getPodSpecFunc(ctx, config, workload, credentials, securityContext, p, clusterSboms) } // FileSystem scan option with standalone mode. @@ -30,7 +31,7 @@ func (j *FileSystemJobSpecMgr) GetPodSpec(ctx trivyoperator.PluginContext, confi // We are scanning the resource place on a specific file system location using the following command. // // trivy --quiet fs --format json --ignore-unfixed file/system/location -func GetPodSpecForStandaloneFSMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, _ map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) { +func GetPodSpecForStandaloneFSMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, _ map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { var secrets []*corev1.Secret spec, err := kube.GetPodSpec(workload) if err != nil { @@ -220,19 +221,32 @@ func GetPodSpecForStandaloneFSMode(ctx trivyoperator.PluginContext, config Confi return corev1.PodSpec{}, nil, err } + fscommand := []string{SharedVolumeLocationOfTrivy} + args := getFSScanningArgs(ctx, command, Standalone, "") + if len(clusterSboms) > 0 { // trivy sbom ... + if sbomreportData, ok := clusterSboms[c.Name]; ok { + secretName := fmt.Sprintf("sbom-%s", c.Name) + secret, err := CreateSbomDataAsSecret(sbomreportData.Bom, secretName) + if err != nil { + return corev1.PodSpec{}, nil, err + } + secrets = append(secrets, &secret) + fileName := fmt.Sprintf("%s.json", secretName) + CreateVolumeSbomFiles(&volumeMounts, &volumes, &secretName, fileName) + fscommand, args = GetSbomFSScanningArgs(ctx, Standalone, "", fmt.Sprintf("/sbom/%s", fileName)) + } + } containers = append(containers, corev1.Container{ Name: c.Name, Image: c.Image, ImagePullPolicy: pullPolicy, TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError, Env: env, - Command: []string{ - SharedVolumeLocationOfTrivy, - }, - Args: getFSScanningArgs(ctx, command, Standalone, ""), - Resources: resourceRequirements, - SecurityContext: securityContext, - VolumeMounts: volumeMounts, + Command: fscommand, + Args: args, + Resources: resourceRequirements, + SecurityContext: securityContext, + VolumeMounts: volumeMounts, }) } @@ -260,7 +274,7 @@ func GetPodSpecForStandaloneFSMode(ctx trivyoperator.PluginContext, config Confi // We scanning the resource place on a specific file system location using the following command. // // trivy --quiet fs --server TRIVY_SERVER --format json --ignore-unfixed file/system/location -func GetPodSpecForClientServerFSMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, _ map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) { +func GetPodSpecForClientServerFSMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, _ map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { var secrets []*corev1.Secret spec, err := kube.GetPodSpec(workload) if err != nil { @@ -433,19 +447,32 @@ func GetPodSpecForClientServerFSMode(ctx trivyoperator.PluginContext, config Con return corev1.PodSpec{}, nil, err } + fscommand := []string{SharedVolumeLocationOfTrivy} + args := getFSScanningArgs(ctx, command, ClientServer, encodedTrivyServerURL.String()) + if len(clusterSboms) > 0 { // trivy sbom ... + if sbomreportData, ok := clusterSboms[c.Name]; ok { + secretName := fmt.Sprintf("sbom-%s", c.Name) + secret, err := CreateSbomDataAsSecret(sbomreportData.Bom, secretName) + if err != nil { + return corev1.PodSpec{}, nil, err + } + secrets = append(secrets, &secret) + fileName := fmt.Sprintf("%s.json", secretName) + CreateVolumeSbomFiles(&volumeMounts, &volumes, &secretName, fileName) + fscommand, args = GetSbomFSScanningArgs(ctx, ClientServer, encodedTrivyServerURL.String(), fmt.Sprintf("/sbom/%s", fileName)) + } + } containers = append(containers, corev1.Container{ Name: c.Name, Image: c.Image, ImagePullPolicy: pullPolicy, TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError, Env: env, - Command: []string{ - SharedVolumeLocationOfTrivy, - }, - Args: getFSScanningArgs(ctx, command, ClientServer, encodedTrivyServerURL.String()), - Resources: resourceRequirements, - SecurityContext: securityContext, - VolumeMounts: volumeMounts, + Command: fscommand, + Args: args, + Resources: resourceRequirements, + SecurityContext: securityContext, + VolumeMounts: volumeMounts, }) } @@ -506,6 +533,37 @@ func getFSScanningArgs(ctx trivyoperator.PluginContext, command Command, mode Mo return args } +func GetSbomFSScanningArgs(ctx trivyoperator.PluginContext, mode Mode, trivyServerURL string, sbomFile string) ([]string, []string) { + command := []string{ + SharedVolumeLocationOfTrivy, + } + c, err := getConfig(ctx) + if err != nil { + return []string{}, []string{} + } + skipUpdate := SkipDBUpdate(c) + cacheDir := c.GetFilesystemScanCacheDir() + args := []string{ + "--cache-dir", + cacheDir, + "--quiet", + "sbom", + "--format", + "json", + skipUpdate, + sbomFile, + } + + if mode == ClientServer { + args = append(args, "--server", trivyServerURL) + } + slow := Slow(c) + if len(slow) > 0 { + args = append(args, slow) + } + return command, args +} + func initContainerFSEnvVar(trivyConfigName string, config Config) []corev1.EnvVar { envs := []corev1.EnvVar{ constructEnvVarSourceFromConfigMap("HTTP_PROXY", trivyConfigName, keyTrivyHTTPProxy), diff --git a/pkg/plugins/trivy/filesystem_test.go b/pkg/plugins/trivy/filesystem_test.go new file mode 100644 index 000000000..f56102908 --- /dev/null +++ b/pkg/plugins/trivy/filesystem_test.go @@ -0,0 +1,73 @@ +package trivy_test + +import ( + "testing" + + "github.com/aquasecurity/trivy-operator/pkg/plugins/trivy" + "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func TestGetSbomFSScanningArgs(t *testing.T) { + testCases := []struct { + name string + mode trivy.Mode + sbomFile string + serverUrl string + resultFileName string + wantCmd []string + wantArgs []string + }{ + { + name: "command and args for standalone mode", + mode: trivy.Standalone, + sbomFile: "/tmp/scan/bom.json", + serverUrl: "", + resultFileName: "", + wantArgs: []string{"--cache-dir", "/var/trivyoperator/trivy-db", "--quiet", "sbom", "--format", "json", "--skip-db-update", "/tmp/scan/bom.json", "--slow"}, + wantCmd: []string{trivy.SharedVolumeLocationOfTrivy}, + }, + { + name: "command and args for client/server mode", + mode: trivy.ClientServer, + sbomFile: "/tmp/scan/bom.json", + serverUrl: "http://trivy-server:8080", + resultFileName: "", + wantArgs: []string{"--cache-dir", "/var/trivyoperator/trivy-db", "--quiet", "sbom", "--format", "json", "--skip-db-update", "/tmp/scan/bom.json", "--server", "http://trivy-server:8080", "--slow"}, + wantCmd: []string{trivy.SharedVolumeLocationOfTrivy}, + }, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + client := fake.NewClientBuilder(). + WithScheme(trivyoperator.NewScheme()). + WithObjects(&corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "trivy-operator-trivy-config", + Namespace: "trivyoperator-ns", + }, + Data: map[string]string{ + "trivy.tag": "0.41.0", + "trivy.clientServerSkipUpdate": "false", + }, + }). + Build() + + pluginContext := trivyoperator.NewPluginContext(). + WithName("trivy"). + WithNamespace("trivyoperator-ns"). + WithClient(client). + WithTrivyOperatorConfig(map[string]string{ + "trivy.tag": "0.41.0", + "trivy.clientServerSkipUpdate": "false", + }). + Get() + cmd, args := trivy.GetSbomFSScanningArgs(pluginContext, tc.mode, tc.serverUrl, tc.sbomFile) + assert.Equal(t, tc.wantCmd, cmd) + assert.Equal(t, tc.wantArgs, args) + }) + } +} diff --git a/pkg/plugins/trivy/image.go b/pkg/plugins/trivy/image.go index 7bdacbbbf..c544727dc 100644 --- a/pkg/plugins/trivy/image.go +++ b/pkg/plugins/trivy/image.go @@ -9,6 +9,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/utils/ptr" + "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/docker" "github.com/aquasecurity/trivy-operator/pkg/kube" "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" @@ -26,8 +27,8 @@ func NewImageJobSpecMgr() PodSpecMgr { return &ImageJobSpecMgr{} } -func (j *ImageJobSpecMgr) GetPodSpec(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) { - return j.getPodSpecFunc(ctx, config, workload, credentials, securityContext, p) +func (j *ImageJobSpecMgr) GetPodSpec(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { + return j.getPodSpecFunc(ctx, config, workload, credentials, securityContext, p, clusterSboms) } // In the Standalone mode there is the init container responsible for @@ -43,7 +44,7 @@ func (j *ImageJobSpecMgr) GetPodSpec(ctx trivyoperator.PluginContext, config Con // // trivy --cache-dir /tmp/trivy/.cache image --skip-update \ // --format json -func GetPodSpecForStandaloneMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) { +func GetPodSpecForStandaloneMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { var secret *corev1.Secret var secrets []*corev1.Secret var containersSpec []corev1.Container @@ -254,6 +255,19 @@ func GetPodSpecForStandaloneMode(ctx trivyoperator.PluginContext, config Config, } resultFileName := getUniqueScanResultFileName(c.Name) cmd, args := getCommandAndArgs(ctx, Standalone, imageRef.String(), "", resultFileName) + if len(clusterSboms) > 0 { // trivy sbom ... + if sbomreportData, ok := clusterSboms[c.Name]; ok { + secretName := fmt.Sprintf("sbom-%s", c.Name) + secret, err := CreateSbomDataAsSecret(sbomreportData.Bom, secretName) + if err != nil { + return corev1.PodSpec{}, nil, err + } + secrets = append(secrets, &secret) + fileName := fmt.Sprintf("%s.json", secretName) + CreateVolumeSbomFiles(&volumeMounts, &volumes, &secretName, fileName) + cmd, args = GetSbomScanCommandAndArgs(ctx, Standalone, fmt.Sprintf("/sbom/%s", fileName), "", resultFileName) + } + } containers = append(containers, corev1.Container{ Name: c.Name, Image: trivyImageRef, @@ -287,7 +301,7 @@ func GetPodSpecForStandaloneMode(ctx trivyoperator.PluginContext, config Config, // // trivy image --server \ // --format json -func GetPodSpecForClientServerMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) { +func GetPodSpecForClientServerMode(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { var secret *corev1.Secret var secrets []*corev1.Secret var containersSpec []corev1.Container @@ -400,6 +414,8 @@ func GetPodSpecForClientServerMode(ctx trivyoperator.PluginContext, config Confi Value: ignorePolicyMountPath, }) } + // fmt.Sprintf("sbom-%s.json", imageName), + //createVolumeSbomFiles(&volumeMounts, &volumes, ®istryServiceAccountAuthKey, &secret.Name) region := CheckAwsEcrPrivateRegistry(container.Image) if region != "" { @@ -477,6 +493,19 @@ func GetPodSpecForClientServerMode(ctx trivyoperator.PluginContext, config Confi } resultFileName := getUniqueScanResultFileName(container.Name) cmd, args := getCommandAndArgs(ctx, ClientServer, imageRef.String(), encodedTrivyServerURL.String(), resultFileName) + if len(clusterSboms) > 0 { // trivy sbom ... + if sbomreportData, ok := clusterSboms[container.Name]; ok { + secretName := fmt.Sprintf("sbom-%s", container.Name) + secret, err := CreateSbomDataAsSecret(sbomreportData.Bom, secretName) + if err != nil { + return corev1.PodSpec{}, nil, err + } + secrets = append(secrets, &secret) + fileName := fmt.Sprintf("%s.json", secretName) + CreateVolumeSbomFiles(&volumeMounts, &volumes, &secretName, fileName) + cmd, args = GetSbomScanCommandAndArgs(ctx, ClientServer, fmt.Sprintf("/sbom/%s", fileName), "", resultFileName) + } + } containers = append(containers, corev1.Container{ Name: container.Name, Image: trivyImageRef, @@ -622,6 +651,78 @@ func getCommandAndArgs(ctx trivyoperator.PluginContext, mode Mode, imageRef stri return []string{"/bin/sh"}, []string{"-c", fmt.Sprintf(`trivy image %s '%s' %s %s %s %s %s %s --cache-dir %s --quiet %s --format json > /tmp/scan/%s && bzip2 -c /tmp/scan/%s | base64`, slow, imageRef, scanners, getSecurityChecks(ctx), imageconfigSecretScannerFlag, vulnTypeFlag, skipUpdate, skipJavaDBUpdate, cacheDir, getPkgList(ctx), resultFileName, resultFileName)} } +func GetSbomScanCommandAndArgs(ctx trivyoperator.PluginContext, mode Mode, sbomFile string, trivyServerURL string, resultFileName string) ([]string, []string) { + command := []string{ + "trivy", + } + trivyConfig := ctx.GetTrivyOperatorConfig() + compressLogs := trivyConfig.CompressLogs() + c, err := getConfig(ctx) + if err != nil { + return []string{}, []string{} + } + slow := Slow(c) + vulnTypeArgs := vulnTypeFilter(ctx) + var vulnTypeFlag string + if len(vulnTypeArgs) == 2 { + vulnTypeFlag = fmt.Sprintf("%s %s ", vulnTypeArgs[0], vulnTypeArgs[1]) + } + + var skipUpdate string + if mode == ClientServer { + if c.GetClientServerSkipUpdate() { + skipUpdate = SkipDBUpdate(c) + } + if !compressLogs { + args := []string{ + "--cache-dir", + "/tmp/trivy/.cache", + "--quiet", + "sbom", + "--format", + "json", + "--server", + trivyServerURL, + sbomFile, + } + if len(slow) > 0 { + args = append(args, slow) + } + if len(vulnTypeArgs) > 0 { + args = append(args, vulnTypeArgs...) + } + if len(skipUpdate) > 0 { + args = append(args, skipUpdate) + } + return command, args + } + return []string{"/bin/sh"}, []string{"-c", fmt.Sprintf(`trivy sbom %s %s %s %s --cache-dir /tmp/trivy/.cache --quiet --format json --server '%s' > /tmp/scan/%s && bzip2 -c /tmp/scan/%s | base64`, slow, sbomFile, vulnTypeFlag, skipUpdate, trivyServerURL, resultFileName, resultFileName)} + } + skipUpdate = SkipDBUpdate(c) + if !compressLogs { + args := []string{ + "--cache-dir", + "/tmp/trivy/.cache", + "--quiet", + "sbom", + "--format", + "json", + sbomFile, + } + if len(slow) > 0 { + args = append(args, slow) + } + if len(vulnTypeArgs) > 0 { + args = append(args, vulnTypeArgs...) + } + if len(skipUpdate) > 0 { + args = append(args, skipUpdate) + } + return command, args + } + return []string{"/bin/sh"}, []string{"-c", fmt.Sprintf(`trivy sbom %s %s %s %s --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/%s && bzip2 -c /tmp/scan/%s | base64`, slow, sbomFile, vulnTypeFlag, skipUpdate, resultFileName, resultFileName)} +} + func vulnTypeFilter(ctx trivyoperator.PluginContext) []string { config, err := getConfig(ctx) if err != nil { diff --git a/pkg/plugins/trivy/image_test.go b/pkg/plugins/trivy/image_test.go index 7341ddaee..551eaa575 100644 --- a/pkg/plugins/trivy/image_test.go +++ b/pkg/plugins/trivy/image_test.go @@ -4,8 +4,12 @@ import ( "testing" "github.com/aquasecurity/trivy-operator/pkg/plugins/trivy" + "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" ) func TestGetMirroredImage(t *testing.T) { @@ -47,3 +51,89 @@ func TestGetMirroredImage(t *testing.T) { }) } } + +func TestGetSbomScanCommandAndArgs(t *testing.T) { + testCases := []struct { + name string + mode trivy.Mode + sbomFile string + serverUrl string + resultFileName string + wantCmd []string + wantArgs []string + compressedLogs string + }{ + { + name: "command and args for standalone mode compress", + mode: trivy.Standalone, + sbomFile: "/tmp/scan/bom.json", + serverUrl: "", + resultFileName: "output.json", + compressedLogs: "true", + wantArgs: []string{"-c", "trivy sbom --slow /tmp/scan/bom.json --skip-db-update --cache-dir /tmp/trivy/.cache --quiet --format json > /tmp/scan/output.json && bzip2 -c /tmp/scan/output.json | base64"}, + wantCmd: []string{"/bin/sh"}, + }, + { + name: "command and args for standalone mode non compress", + mode: trivy.Standalone, + sbomFile: "/tmp/scan/bom.json", + serverUrl: "", + resultFileName: "", + compressedLogs: "false", + wantArgs: []string{"--cache-dir", "/tmp/trivy/.cache", "--quiet", "sbom", "--format", "json", "/tmp/scan/bom.json", "--slow", "--skip-db-update"}, + wantCmd: []string{"trivy"}, + }, + { + name: "command and args for client/server mode compress", + mode: trivy.ClientServer, + sbomFile: "/tmp/scan/bom.json", + serverUrl: "http://trivy-server:8080", + resultFileName: "output.json", + compressedLogs: "true", + wantArgs: []string{"-c", "trivy sbom --slow /tmp/scan/bom.json --cache-dir /tmp/trivy/.cache --quiet --format json --server 'http://trivy-server:8080' > /tmp/scan/output.json && bzip2 -c /tmp/scan/output.json | base64"}, + wantCmd: []string{"/bin/sh"}, + }, + { + name: "command and args for client/server mode non compress", + mode: trivy.ClientServer, + sbomFile: "/tmp/scan/bom.json", + serverUrl: "http://trivy-server:8080", + resultFileName: "", + compressedLogs: "false", + wantArgs: []string{"--cache-dir", "/tmp/trivy/.cache", "--quiet", "sbom", "--format", "json", "--server", "http://trivy-server:8080", "/tmp/scan/bom.json", "--slow"}, + wantCmd: []string{"trivy"}, + }, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + client := fake.NewClientBuilder(). + WithScheme(trivyoperator.NewScheme()). + WithObjects(&corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "trivy-operator-trivy-config", + Namespace: "trivyoperator-ns", + }, + Data: map[string]string{ + "trivy.tag": "0.41.0", + "scanJob.compressLogs": tc.compressedLogs, + "trivy.clientServerSkipUpdate": "false", + }, + }). + Build() + + pluginContext := trivyoperator.NewPluginContext(). + WithName("trivy"). + WithNamespace("trivyoperator-ns"). + WithClient(client). + WithTrivyOperatorConfig(map[string]string{ + "trivy.tag": "0.41.0", + "scanJob.compressLogs": tc.compressedLogs, + "trivy.clientServerSkipUpdate": "false", + }). + Get() + cmd, args := trivy.GetSbomScanCommandAndArgs(pluginContext, tc.mode, tc.sbomFile, tc.serverUrl, tc.resultFileName) + assert.Equal(t, tc.wantCmd, cmd) + assert.Equal(t, tc.wantArgs, args) + }) + } +} diff --git a/pkg/plugins/trivy/jobspec.go b/pkg/plugins/trivy/jobspec.go index 635da60a4..5b0234f8d 100644 --- a/pkg/plugins/trivy/jobspec.go +++ b/pkg/plugins/trivy/jobspec.go @@ -1,11 +1,14 @@ package trivy import ( + "encoding/json" "strings" corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" + "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/docker" "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" containerimage "github.com/google/go-containerregistry/pkg/name" @@ -38,10 +41,10 @@ type Mode string // Command to scan image or filesystem. type Command string -type GetPodSpecFunc func(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) +type GetPodSpecFunc func(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) type PodSpecMgr interface { - GetPodSpec(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin) (corev1.PodSpec, []*corev1.Secret, error) + GetPodSpec(ctx trivyoperator.PluginContext, config Config, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, p *plugin, clusterSboms map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) } func NewPodSpecMgr(config Config) PodSpecMgr { @@ -216,3 +219,45 @@ func getConfig(ctx trivyoperator.PluginContext) (Config, error) { } return Config{PluginConfig: pluginConfig}, nil } + +// CreateSbomDataAsSecret creates a secret with the BOM data +func CreateSbomDataAsSecret(bom v1alpha1.BOM, secretName string) (corev1.Secret, error) { + bomByte, err := json.Marshal(bom) + if err != nil { + return corev1.Secret{}, err + } + secret := corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + }, + Data: map[string][]byte{ + "bom": bomByte, + }, + } + return secret, nil +} + +// CreateVolumeSbomFiles creates a volume and volume mount for the sbom data +func CreateVolumeSbomFiles(volumeMounts *[]corev1.VolumeMount, volumes *[]corev1.Volume, secretName *string, fileName string) { + sbomMount := corev1.VolumeMount{ + Name: "sbomvol", + MountPath: "/sbom", + ReadOnly: true, + } + sbomVolume := corev1.Volume{ + Name: "sbomvol", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: *secretName, + Items: []corev1.KeyToPath{ + { + Key: "bom", + Path: fileName, + }, + }, + }, + }, + } + *volumes = append(*volumes, sbomVolume) + *volumeMounts = append(*volumeMounts, sbomMount) +} diff --git a/pkg/plugins/trivy/jobspec_test.go b/pkg/plugins/trivy/jobspec_test.go new file mode 100644 index 000000000..374089d9d --- /dev/null +++ b/pkg/plugins/trivy/jobspec_test.go @@ -0,0 +1,81 @@ +package trivy_test + +import ( + "encoding/json" + "os" + "testing" + + "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" + "github.com/aquasecurity/trivy-operator/pkg/plugins/trivy" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func TestCreateSbomDataSecret(t *testing.T) { + testCases := []struct { + name string + secretName string + sbomDataFilePath string + wantSecret corev1.Secret + err error + }{ + { + name: "cretae valid sbom data", + secretName: "validName", + sbomDataFilePath: "./testdata/fixture/alpine_sbom.json", + wantSecret: corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "validName", + }, + Data: map[string][]byte{"bom": []byte(`{"bomFormat":"CycloneDX","specVersion":"1.5","serialNumber":"urn:uuid:9ba1d0c6-b4e3-4bc0-b8f4-2d3d21c7cfc5","version":1,"metadata":{"timestamp":"2023-11-09T23:34:52+00:00","tools":[{"vendor":"aquasecurity","name":"trivy","version":"0.47.0"}],"component":{"bom-ref":"pkg:oci/alpine@sha256%3Aeece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978?arch=amd64\u0026repository_url=index.docker.io%2Flibrary%2Falpine","type":"container","name":"alpine:3.18","purl":"pkg:oci/alpine@sha256%3Aeece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978?arch=amd64\u0026repository_url=index.docker.io%2Flibrary%2Falpine","supplier":{},"properties":[{"name":"aquasecurity:trivy:DiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:ImageID","value":"sha256:8ca4688f4f356596b5ae539337c9941abc78eda10021d35cbc52659c74d9b443"},{"name":"aquasecurity:trivy:RepoDigest","value":"alpine@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978"},{"name":"aquasecurity:trivy:RepoTag","value":"alpine:3.18"},{"name":"aquasecurity:trivy:SchemaVersion","value":"2"}]}},"components":[{"bom-ref":"3329179b-b954-4543-87dc-4fd2e651bdec","type":"operating-system","name":"alpine","version":"3.18.4","supplier":{},"properties":[{"name":"aquasecurity:trivy:Class","value":"os-pkgs"},{"name":"aquasecurity:trivy:Type","value":"alpine"}]},{"bom-ref":"pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"alpine-baselayout-data","version":"3.4.3-r1","purl":"pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"602007ee374ed96f35e9bf39b1487d67c6afe027"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"alpine-baselayout-data@3.4.3-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"alpine-baselayout"},{"name":"aquasecurity:trivy:SrcVersion","value":"3.4.3-r1"}]},{"bom-ref":"pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"alpine-baselayout","version":"3.4.3-r1","purl":"pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"cf0bca32762cd5be9974f4c127467b0f93f78f20"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"alpine-baselayout@3.4.3-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"alpine-baselayout"},{"name":"aquasecurity:trivy:SrcVersion","value":"3.4.3-r1"}]},{"bom-ref":"pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"alpine-keys","version":"2.4-r1","purl":"pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"ec3a3d5ef4c7a168d09516097bb3219ca77c1534"}],"licenses":[{"license":{"name":"MIT"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"alpine-keys@2.4-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"alpine-keys"},{"name":"aquasecurity:trivy:SrcVersion","value":"2.4-r1"}]},{"bom-ref":"pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64\u0026distro=3.18.4","type":"library","name":"apk-tools","version":"2.14.0-r2","purl":"pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"8cde25f239ebf691cd135a3954e5193c1ac2ae13"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"apk-tools@2.14.0-r2"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"apk-tools"},{"name":"aquasecurity:trivy:SrcVersion","value":"2.14.0-r2"}]},{"bom-ref":"pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","type":"library","name":"busybox-binsh","version":"1.36.1-r2","purl":"pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"9e0f4ae337ae0115b922df25796870c68af47114"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"busybox-binsh@1.36.1-r2"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"busybox"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.36.1-r2"}]},{"bom-ref":"pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","type":"library","name":"busybox","version":"1.36.1-r2","purl":"pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"810fcbdd40674a382415610741a524503b9ba9d2"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"busybox@1.36.1-r2"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"busybox"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.36.1-r2"}]},{"bom-ref":"pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64\u0026distro=3.18.4","type":"library","name":"ca-certificates-bundle","version":"20230506-r0","purl":"pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"47f485d08670a9eb21ebf10e70ae65dc43ab6c3d"}],"licenses":[{"license":{"name":"MPL-2.0"}},{"license":{"name":"MIT"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"ca-certificates-bundle@20230506-r0"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"ca-certificates"},{"name":"aquasecurity:trivy:SrcVersion","value":"20230506-r0"}]},{"bom-ref":"pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64\u0026distro=3.18.4","type":"library","name":"libc-utils","version":"0.7.2-r5","purl":"pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"2e59dafeb8bca0786540846c686f121ae8348a42"}],"licenses":[{"license":{"name":"BSD-2-Clause"}},{"license":{"name":"BSD-3-Clause"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"libc-utils@0.7.2-r5"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"libc-dev"},{"name":"aquasecurity:trivy:SrcVersion","value":"0.7.2-r5"}]},{"bom-ref":"pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","type":"library","name":"libcrypto3","version":"3.1.3-r0","purl":"pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"fa12c7857510118cad0c71e2695361574e3ddd3b"}],"licenses":[{"license":{"name":"Apache-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"libcrypto3@3.1.3-r0"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"openssl"},{"name":"aquasecurity:trivy:SrcVersion","value":"3.1.3-r0"}]},{"bom-ref":"pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","type":"library","name":"libssl3","version":"3.1.3-r0","purl":"pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"ceb37221d0f02272791d42e583b952031bcb7957"}],"licenses":[{"license":{"name":"Apache-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"libssl3@3.1.3-r0"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"openssl"},{"name":"aquasecurity:trivy:SrcVersion","value":"3.1.3-r0"}]},{"bom-ref":"pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"musl-utils","version":"1.2.4-r1","purl":"pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"c78b141d78d68d4cd83f914fbc92f51d60632f53"}],"licenses":[{"license":{"name":"MIT"}},{"license":{"name":"BSD-2-Clause"}},{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"musl-utils@1.2.4-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"musl"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.2.4-r1"}]},{"bom-ref":"pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"musl","version":"1.2.4-r1","purl":"pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"daa1cb11a76eed0a41bb3f241c1e440c5de6281e"}],"licenses":[{"license":{"name":"MIT"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"musl@1.2.4-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"musl"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.2.4-r1"}]},{"bom-ref":"pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"scanelf","version":"1.3.7-r1","purl":"pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"e27abda38faea3635a2db4d50d007751ea280b43"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"scanelf@1.3.7-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"pax-utils"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.3.7-r1"}]},{"bom-ref":"pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","type":"library","name":"ssl_client","version":"1.36.1-r2","purl":"pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"8fa2c75a96af9a716da588f34241fb6a948854e7"}],"licenses":[{"license":{"name":"GPL-2.0"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"ssl_client@1.36.1-r2"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"busybox"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.36.1-r2"}]},{"bom-ref":"pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64\u0026distro=3.18.4","type":"library","name":"zlib","version":"1.2.13-r1","purl":"pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64\u0026distro=3.18.4","supplier":{},"hashes":[{"alg":"SHA-1","content":"2656e848992b378aa40dca24af8cde9e97161174"}],"licenses":[{"license":{"name":"Zlib"}}],"properties":[{"name":"aquasecurity:trivy:LayerDiffID","value":"sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"},{"name":"aquasecurity:trivy:LayerDigest","value":"sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"},{"name":"aquasecurity:trivy:PkgID","value":"zlib@1.2.13-r1"},{"name":"aquasecurity:trivy:PkgType","value":"alpine"},{"name":"aquasecurity:trivy:SrcName","value":"zlib"},{"name":"aquasecurity:trivy:SrcVersion","value":"1.2.13-r1"}]}],"dependencies":[{"ref":"3329179b-b954-4543-87dc-4fd2e651bdec","dependsOn":["pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":[]},{"ref":"pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":[]},{"ref":"pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64\u0026distro=3.18.4","dependsOn":[]},{"ref":"pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":[]},{"ref":"pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4","pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64\u0026distro=3.18.4","dependsOn":["pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64\u0026distro=3.18.4"]},{"ref":"pkg:oci/alpine@sha256%3Aeece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978?arch=amd64\u0026repository_url=index.docker.io%2Flibrary%2Falpine","dependsOn":["3329179b-b954-4543-87dc-4fd2e651bdec"]}]}`)}, + }, + err: nil, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + sbomFile, err := os.ReadFile(tc.sbomDataFilePath) + assert.NoError(t, err) + var bom v1alpha1.BOM + err = json.Unmarshal([]byte(sbomFile), &bom) + assert.NoError(t, err) + got, err := trivy.CreateSbomDataAsSecret(bom, tc.secretName) + if err == nil { + assert.Equal(t, tc.wantSecret, got) + } + }) + } +} + +func TestCreateVolumes(t *testing.T) { + testCases := []struct { + name string + vm []corev1.VolumeMount + v []corev1.Volume + sn string + fn string + }{ + { + name: "cretae volumes", + vm: []corev1.VolumeMount{}, + v: []corev1.Volume{}, + sn: "test", + fn: "name", + }, + } + tc := testCases[0] + t.Run(tc.name, func(t *testing.T) { + trivy.CreateVolumeSbomFiles(&tc.vm, &tc.v, &tc.sn, tc.fn) + assert.Equal(t, len(tc.vm), 1) + assert.Equal(t, len(tc.v), 1) + assert.Equal(t, tc.vm[0].Name, "sbomvol") + assert.Equal(t, tc.vm[0].MountPath, "/sbom") + assert.Equal(t, tc.v[0].Name, "sbomvol") + assert.Equal(t, tc.v[0].Secret.SecretName, tc.sn) + assert.Equal(t, tc.v[0].Secret.Items[0].Key, "bom") + assert.Equal(t, tc.v[0].Secret.Items[0].Path, tc.fn) + }) + +} diff --git a/pkg/plugins/trivy/plugin.go b/pkg/plugins/trivy/plugin.go index 0b46cbba1..5abda0c95 100644 --- a/pkg/plugins/trivy/plugin.go +++ b/pkg/plugins/trivy/plugin.go @@ -113,14 +113,14 @@ func (p *plugin) Init(ctx trivyoperator.PluginContext) error { }) } -func (p *plugin) GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext) (corev1.PodSpec, []*corev1.Secret, error) { +func (p *plugin) GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth, securityContext *corev1.SecurityContext, sbomClusterReport map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { config, err := getConfig(ctx) if err != nil { return corev1.PodSpec{}, nil, err } var podSpec corev1.PodSpec var secrets []*corev1.Secret - podSpec, secrets, err = NewPodSpecMgr(config).GetPodSpec(ctx, config, workload, credentials, securityContext, p) + podSpec, secrets, err = NewPodSpecMgr(config).GetPodSpec(ctx, config, workload, credentials, securityContext, p, sbomClusterReport) // add image pull secret to be used when pulling trivy image fom private registry podSpec.ImagePullSecrets = config.GetImagePullSecret() diff --git a/pkg/plugins/trivy/plugin_test.go b/pkg/plugins/trivy/plugin_test.go index ee2203673..729300dcb 100644 --- a/pkg/plugins/trivy/plugin_test.go +++ b/pkg/plugins/trivy/plugin_test.go @@ -6104,7 +6104,7 @@ default ignore = false`, }, ReadOnlyRootFilesystem: ptr.To[bool](true), } - jobSpec, secrets, err := instance.GetScanJobSpec(pluginContext, tc.workloadSpec, tc.credentials, securityContext) + jobSpec, secrets, err := instance.GetScanJobSpec(pluginContext, tc.workloadSpec, tc.credentials, securityContext, map[string]v1alpha1.SbomReportData{}) require.NoError(t, err) assert.Equal(t, tc.expectedJobSpec, jobSpec) assert.Equal(t, len(tc.expectedSecretsData), len(secrets)) @@ -6516,7 +6516,7 @@ default ignore = false`, // Root expected for standalone mode - the user would need to know this RunAsUser: ptr.To[int64](0), } - jobSpec, secrets, err := instance.GetScanJobSpec(pluginContext, tc.workloadSpec, tc.credentials, securityContext) + jobSpec, secrets, err := instance.GetScanJobSpec(pluginContext, tc.workloadSpec, tc.credentials, securityContext, map[string]v1alpha1.SbomReportData{}) require.NoError(t, err) assert.Equal(t, tc.expectedJobSpec, jobSpec) assert.Equal(t, len(tc.expectedSecretsData), len(secrets)) @@ -7012,7 +7012,7 @@ func TestGetContainers(t *testing.T) { Get() resolver := kube.NewObjectResolver(fakeclient, &kube.CompatibleObjectMapper{}) instance := trivy.NewPlugin(fixedClock, ext.NewSimpleIDGenerator(), &resolver) - jobSpec, _, err := instance.GetScanJobSpec(pluginContext, workloadSpec, nil, nil) + jobSpec, _, err := instance.GetScanJobSpec(pluginContext, workloadSpec, nil, nil, map[string]v1alpha1.SbomReportData{}) assert.NoError(t, err) containers := make([]string, 0) diff --git a/pkg/plugins/trivy/testdata/fixture/alpine_sbom.json b/pkg/plugins/trivy/testdata/fixture/alpine_sbom.json new file mode 100644 index 000000000..b25483485 --- /dev/null +++ b/pkg/plugins/trivy/testdata/fixture/alpine_sbom.json @@ -0,0 +1,893 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:9ba1d0c6-b4e3-4bc0-b8f4-2d3d21c7cfc5", + "version": 1, + "metadata": { + "timestamp": "2023-11-09T23:34:52+00:00", + "tools": [ + { + "vendor": "aquasecurity", + "name": "trivy", + "version": "0.47.0" + } + ], + "component": { + "bom-ref": "pkg:oci/alpine@sha256%3Aeece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978?arch=amd64&repository_url=index.docker.io%2Flibrary%2Falpine", + "type": "container", + "name": "alpine:3.18", + "purl": "pkg:oci/alpine@sha256%3Aeece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978?arch=amd64&repository_url=index.docker.io%2Flibrary%2Falpine", + "properties": [ + { + "name": "aquasecurity:trivy:DiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:ImageID", + "value": "sha256:8ca4688f4f356596b5ae539337c9941abc78eda10021d35cbc52659c74d9b443" + }, + { + "name": "aquasecurity:trivy:RepoDigest", + "value": "alpine@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978" + }, + { + "name": "aquasecurity:trivy:RepoTag", + "value": "alpine:3.18" + }, + { + "name": "aquasecurity:trivy:SchemaVersion", + "value": "2" + } + ] + } + }, + "components": [ + { + "bom-ref": "3329179b-b954-4543-87dc-4fd2e651bdec", + "type": "operating-system", + "name": "alpine", + "version": "3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:Class", + "value": "os-pkgs" + }, + { + "name": "aquasecurity:trivy:Type", + "value": "alpine" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "602007ee374ed96f35e9bf39b1487d67c6afe027" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "alpine-baselayout-data@3.4.3-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "alpine-baselayout" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.4.3-r1" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf0bca32762cd5be9974f4c127467b0f93f78f20" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "alpine-baselayout@3.4.3-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "alpine-baselayout" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.4.3-r1" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "alpine-keys", + "version": "2.4-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "ec3a3d5ef4c7a168d09516097bb3219ca77c1534" + } + ], + "licenses": [ + { + "license": { + "name": "MIT" + } + } + ], + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "alpine-keys@2.4-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "alpine-keys" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.4-r1" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "apk-tools", + "version": "2.14.0-r2", + "hashes": [ + { + "alg": "SHA-1", + "content": "8cde25f239ebf691cd135a3954e5193c1ac2ae13" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "apk-tools@2.14.0-r2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "apk-tools" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "2.14.0-r2" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "hashes": [ + { + "alg": "SHA-1", + "content": "9e0f4ae337ae0115b922df25796870c68af47114" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "busybox-binsh@1.36.1-r2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "busybox" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.36.1-r2" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "busybox", + "version": "1.36.1-r2", + "hashes": [ + { + "alg": "SHA-1", + "content": "810fcbdd40674a382415610741a524503b9ba9d2" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "busybox@1.36.1-r2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "busybox" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.36.1-r2" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "hashes": [ + { + "alg": "SHA-1", + "content": "47f485d08670a9eb21ebf10e70ae65dc43ab6c3d" + } + ], + "licenses": [ + { + "license": { + "name": "MPL-2.0" + } + }, + { + "license": { + "name": "MIT" + } + } + ], + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "ca-certificates-bundle@20230506-r0" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "ca-certificates" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "20230506-r0" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "libc-utils", + "version": "0.7.2-r5", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e59dafeb8bca0786540846c686f121ae8348a42" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "BSD-3-Clause" + } + } + ], + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libc-utils@0.7.2-r5" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "libc-dev" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "0.7.2-r5" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "libcrypto3", + "version": "3.1.3-r0", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa12c7857510118cad0c71e2695361574e3ddd3b" + } + ], + "licenses": [ + { + "license": { + "name": "Apache-2.0" + } + } + ], + "purl": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libcrypto3@3.1.3-r0" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "openssl" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.1.3-r0" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "libssl3", + "version": "3.1.3-r0", + "hashes": [ + { + "alg": "SHA-1", + "content": "ceb37221d0f02272791d42e583b952031bcb7957" + } + ], + "licenses": [ + { + "license": { + "name": "Apache-2.0" + } + } + ], + "purl": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "libssl3@3.1.3-r0" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "openssl" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "3.1.3-r0" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "musl-utils", + "version": "1.2.4-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "c78b141d78d68d4cd83f914fbc92f51d60632f53" + } + ], + "licenses": [ + { + "license": { + "name": "MIT" + } + }, + { + "license": { + "name": "BSD-2-Clause" + } + }, + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "musl-utils@1.2.4-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "musl" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.4-r1" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "musl", + "version": "1.2.4-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "daa1cb11a76eed0a41bb3f241c1e440c5de6281e" + } + ], + "licenses": [ + { + "license": { + "name": "MIT" + } + } + ], + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "musl@1.2.4-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "musl" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.4-r1" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "scanelf", + "version": "1.3.7-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "e27abda38faea3635a2db4d50d007751ea280b43" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "scanelf@1.3.7-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "pax-utils" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.3.7-r1" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "ssl_client", + "version": "1.36.1-r2", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fa2c75a96af9a716da588f34241fb6a948854e7" + } + ], + "licenses": [ + { + "license": { + "name": "GPL-2.0" + } + } + ], + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "ssl_client@1.36.1-r2" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "busybox" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.36.1-r2" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4", + "type": "library", + "name": "zlib", + "version": "1.2.13-r1", + "hashes": [ + { + "alg": "SHA-1", + "content": "2656e848992b378aa40dca24af8cde9e97161174" + } + ], + "licenses": [ + { + "license": { + "name": "Zlib" + } + } + ], + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4", + "properties": [ + { + "name": "aquasecurity:trivy:LayerDiffID", + "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438" + }, + { + "name": "aquasecurity:trivy:LayerDigest", + "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa" + }, + { + "name": "aquasecurity:trivy:PkgID", + "value": "zlib@1.2.13-r1" + }, + { + "name": "aquasecurity:trivy:PkgType", + "value": "alpine" + }, + { + "name": "aquasecurity:trivy:SrcName", + "value": "zlib" + }, + { + "name": "aquasecurity:trivy:SrcVersion", + "value": "1.2.13-r1" + } + ] + } + ], + "dependencies": [ + { + "ref": "3329179b-b954-4543-87dc-4fd2e651bdec", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [] + }, + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4", + "dependsOn": [] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=3.18.4" + ] + }, + { + "ref": "pkg:oci/alpine@sha256%3Aeece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978?arch=amd64&repository_url=index.docker.io%2Flibrary%2Falpine", + "dependsOn": [ + "3329179b-b954-4543-87dc-4fd2e651bdec" + ] + } + ], + "vulnerabilities": [] +} \ No newline at end of file diff --git a/pkg/sbomreport/builder.go b/pkg/sbomreport/builder.go index 5d784d6b6..976606648 100644 --- a/pkg/sbomreport/builder.go +++ b/pkg/sbomreport/builder.go @@ -3,6 +3,7 @@ package sbomreport import ( "fmt" "strings" + "time" "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/kube" @@ -14,6 +15,9 @@ import ( "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + + "github.com/aws/aws-sdk-go/aws/arn" + containerimage "github.com/google/go-containerregistry/pkg/name" ) type ReportBuilder struct { @@ -24,6 +28,7 @@ type ReportBuilder struct { data v1alpha1.SbomReportData resourceLabelsToInclude []string additionalReportLabels labels.Set + cacheTTL *time.Duration } func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder { @@ -62,6 +67,11 @@ func (b *ReportBuilder) AdditionalReportLabels(additionalReportLabels map[string return b } +func (b *ReportBuilder) CacheTTL(cacheTTL *time.Duration) *ReportBuilder { + b.cacheTTL = cacheTTL + return b +} + func (b *ReportBuilder) reportName() string { kind := b.controller.GetObjectKind().GroupVersionKind().Kind name := b.controller.GetName() @@ -72,8 +82,22 @@ func (b *ReportBuilder) reportName() string { return fmt.Sprintf("%s-%s", strings.ToLower(kind), kube.ComputeHash(name+"-"+b.container)) } +func ReportGlobalName(artifact string) string { + return kube.ComputeHash(artifact) +} + +func ParseReference(ref string) (containerimage.Reference, error) { + if strings.HasPrefix(ref, "arn:aws:ecr") { + parsed, err := arn.Parse(ref) + if err != nil { + return nil, err + } + ref = parsed.Resource + } + return containerimage.ParseReference(ref) +} -func (b *ReportBuilder) Get() (v1alpha1.SbomReport, error) { +func (b *ReportBuilder) NamespacedReport() (v1alpha1.SbomReport, error) { reportLabels := map[string]string{ trivyoperator.LabelContainerName: b.container, } @@ -114,3 +138,35 @@ func (b *ReportBuilder) Get() (v1alpha1.SbomReport, error) { report.OwnerReferences[0].BlockOwnerDeletion = ptr.To[bool](false) return report, nil } + +func (b *ReportBuilder) Get() (v1alpha1.SbomReport, v1alpha1.ClusterSbomReport, error) { + report, err := b.NamespacedReport() + if err != nil { + return v1alpha1.SbomReport{}, v1alpha1.ClusterSbomReport{}, err + } + return report, b.clusterReport(), nil +} + +func (b *ReportBuilder) clusterReport() v1alpha1.ClusterSbomReport { + artifactRef := ArtifactRef(b.data) + reportLabels := map[string]string{ + trivyoperator.LabelResourceImageID: artifactRef, + } + clusterReport := v1alpha1.ClusterSbomReport{ + ObjectMeta: metav1.ObjectMeta{ + Name: artifactRef, + Labels: reportLabels, + }, + Report: b.data, + } + if b.cacheTTL != nil { + clusterReport.Annotations = map[string]string{ + v1alpha1.TTLReportAnnotation: b.cacheTTL.String(), + } + } + return clusterReport +} + +func ArtifactRef(data v1alpha1.SbomReportData) string { + return ReportGlobalName(fmt.Sprintf("%s/%s:%s", data.Registry.Server, strings.TrimPrefix(data.Artifact.Repository, "library/"), data.Artifact.Tag)) +} diff --git a/pkg/sbomreport/builder_test.go b/pkg/sbomreport/builder_test.go index b05ac0e89..4659e60cf 100644 --- a/pkg/sbomreport/builder_test.go +++ b/pkg/sbomreport/builder_test.go @@ -7,6 +7,7 @@ import ( "github.com/aquasecurity/trivy-operator/pkg/sbomreport" "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" "github.com/onsi/gomega" + "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -16,7 +17,7 @@ import ( func TestReportBuilder(t *testing.T) { g := gomega.NewGomegaWithT(t) - report, err := sbomreport.NewReportBuilder(scheme.Scheme). + report, _, err := sbomreport.NewReportBuilder(scheme.Scheme). Controller(&appsv1.ReplicaSet{ TypeMeta: metav1.TypeMeta{ Kind: "ReplicaSet", @@ -60,3 +61,72 @@ func TestReportBuilder(t *testing.T) { Report: v1alpha1.SbomReportData{}, })) } + +func TestArtifactRef(t *testing.T) { + testCases := []struct { + name string + data v1alpha1.SbomReportData + want string + }{ + { + name: "get image ref with libary", + data: v1alpha1.SbomReportData{ + Registry: v1alpha1.Registry{ + Server: "index.docker.io", + }, + Artifact: v1alpha1.Artifact{ + Repository: "library/alpine", + Tag: "3.12.0", + }, + }, + want: "56bcdb7c95", + }, + { + name: "get image ref without libary", + data: v1alpha1.SbomReportData{ + Registry: v1alpha1.Registry{ + Server: "index.docker.io", + }, + Artifact: v1alpha1.Artifact{ + Repository: "alpine", + Tag: "3.12.0", + }, + }, + want: "56bcdb7c95", + }, + { + name: "get image ref without index", + data: v1alpha1.SbomReportData{ + Registry: v1alpha1.Registry{ + Server: "index.docker.io", + }, + Artifact: v1alpha1.Artifact{ + Repository: "rancher/local-path-provisioner", + Tag: "v0.0.14", + }, + }, + want: "79b568748c", + }, + { + name: "get image ref non docker registry", + data: v1alpha1.SbomReportData{ + Registry: v1alpha1.Registry{ + Server: "k8s.gcr.io", + }, + Artifact: v1alpha1.Artifact{ + Repository: "kube-apiserver", + Tag: "v1.21.1", + }, + }, + want: "6857f776bb", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + ref := sbomreport.ArtifactRef(tc.data) + assert.Equal(t, ref, tc.want) + }) + + } +} diff --git a/pkg/sbomreport/io.go b/pkg/sbomreport/io.go index 338be0ab9..e068151d7 100644 --- a/pkg/sbomreport/io.go +++ b/pkg/sbomreport/io.go @@ -2,9 +2,12 @@ package sbomreport import ( "context" + "fmt" + "strings" "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/kube" + "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" @@ -16,6 +19,7 @@ import ( // instances. type Writer interface { Write(context.Context, []v1alpha1.SbomReport) error + WriteCluster(context.Context, []v1alpha1.ClusterSbomReport) error } // Reader is the interface that wraps methods for finding v1alpha1.SbomReport objects. @@ -24,6 +28,7 @@ type Writer interface { // owned by the given kube.ObjectRef or an empty slice if the reports are not found. type Reader interface { FindByOwner(context.Context, kube.ObjectRef) ([]v1alpha1.SbomReport, error) + FindReportByImageRef(ctx context.Context, imageRef string) ([]v1alpha1.ClusterSbomReport, error) } type ReadWriter interface { @@ -54,6 +59,16 @@ func (r *readWriter) Write(ctx context.Context, reports []v1alpha1.SbomReport) e return nil } +func (r *readWriter) WriteCluster(ctx context.Context, reports []v1alpha1.ClusterSbomReport) error { + for _, report := range reports { + err := r.createOrUpdateCluster(ctx, report) + if err != nil { + return err + } + } + return nil +} + func (r *readWriter) createOrUpdate(ctx context.Context, report v1alpha1.SbomReport) error { var existing v1alpha1.SbomReport err := r.Get(ctx, types.NamespacedName{ @@ -76,6 +91,27 @@ func (r *readWriter) createOrUpdate(ctx context.Context, report v1alpha1.SbomRep return err } +func (r *readWriter) createOrUpdateCluster(ctx context.Context, report v1alpha1.ClusterSbomReport) error { + var existing v1alpha1.ClusterSbomReport + err := r.Get(ctx, types.NamespacedName{ + Name: report.Name, + }, &existing) + + if err == nil { + copied := existing.DeepCopy() + copied.Labels = report.Labels + copied.Report = report.Report + + return r.Update(ctx, copied) + } + + if errors.IsNotFound(err) { + return r.Create(ctx, &report) + } + + return err +} + func (r *readWriter) FindByOwner(ctx context.Context, owner kube.ObjectRef) ([]v1alpha1.SbomReport, error) { var list v1alpha1.SbomReportList @@ -88,3 +124,33 @@ func (r *readWriter) FindByOwner(ctx context.Context, owner kube.ObjectRef) ([]v return list.DeepCopy().Items, nil } + +func (r *readWriter) FindReportByImageRef(ctx context.Context, imageRef string) ([]v1alpha1.ClusterSbomReport, error) { + var list v1alpha1.ClusterSbomReportList + imageRef, err := ImageRef(imageRef) + if err != nil { + return nil, err + } + labels := client.MatchingLabels(map[string]string{ + trivyoperator.LabelResourceImageID: imageRef, + }) + + err = r.List(ctx, &list, labels) + if err != nil { + return nil, err + } + + return list.DeepCopy().Items, nil +} + +func ImageRef(imageRef string) (string, error) { + parsedRef, err := ParseReference(imageRef) + if err != nil { + return "", err + } + server := parsedRef.Context().RegistryStr() + repo := parsedRef.Context().RepositoryStr() + tag := parsedRef.Identifier() + + return ReportGlobalName(fmt.Sprintf("%s/%s:%s", server, strings.TrimPrefix(repo, "library/"), tag)), nil +} diff --git a/pkg/sbomreport/io_test.go b/pkg/sbomreport/io_test.go index 65a6df7bd..67ec91fa8 100644 --- a/pkg/sbomreport/io_test.go +++ b/pkg/sbomreport/io_test.go @@ -259,3 +259,45 @@ func TestNewReadWriter(t *testing.T) { }, reports) }) } + +func TestImageRef(t *testing.T) { + testCases := []struct { + name string + imageID string + want string + }{ + { + name: "get image ref with libary", + imageID: "index.docker.io/library/alpine:3.12.0", + + want: "56bcdb7c95", + }, + { + name: "get image ref without libary", + imageID: "index.docker.io/alpine:3.12.0", + + want: "56bcdb7c95", + }, + { + name: "get image ref without index", + imageID: "docker.io/rancher/local-path-provisioner:v0.0.14", + + want: "79b568748c", + }, + { + name: "get image ref non docker registry", + imageID: "k8s.gcr.io/kube-apiserver:v1.21.1", + + want: "6857f776bb", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + ref, err := sbomreport.ImageRef(tc.imageID) + assert.NoError(t, err) + assert.Equal(t, ref, tc.want) + }) + + } +} diff --git a/pkg/trivyoperator/constants.go b/pkg/trivyoperator/constants.go index 58efdbb51..a0aacc437 100644 --- a/pkg/trivyoperator/constants.go +++ b/pkg/trivyoperator/constants.go @@ -26,6 +26,8 @@ const ( LabelContainerName = "trivy-operator.container.name" LabelResourceSpecHash = "resource-spec-hash" LabelPluginConfigHash = "plugin-config-hash" + LabelResourceImageID = "resource-image-id" + LabelReusedReport = "reused-report" LabelVulnerabilityReportScanner = "vulnerabilityReport.scanner" LabelNodeInfoCollector = "node-info.collector" diff --git a/pkg/vulnerabilityreport/builder.go b/pkg/vulnerabilityreport/builder.go index 79e2cc3f3..c861eb468 100644 --- a/pkg/vulnerabilityreport/builder.go +++ b/pkg/vulnerabilityreport/builder.go @@ -36,6 +36,7 @@ type ScanJobBuilder struct { containerSecurityContext *corev1.SecurityContext podPriorityClassName string skipInitContainers bool + sbomClusterReports map[string]v1alpha1.SbomReportData } func NewScanJobBuilder() *ScanJobBuilder { @@ -112,13 +113,18 @@ func (s *ScanJobBuilder) WithCredentials(credentials map[string]docker.Auth) *Sc return s } +func (s *ScanJobBuilder) WithSbomClusterReports(sbomClusterReports map[string]v1alpha1.SbomReportData) *ScanJobBuilder { + s.sbomClusterReports = sbomClusterReports + return s +} + func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error) { spec, err := kube.GetPodSpec(s.object) if err != nil { return nil, nil, err } - templateSpec, secrets, err := s.plugin.GetScanJobSpec(s.pluginContext, s.object, s.credentials, s.containerSecurityContext) + templateSpec, secrets, err := s.plugin.GetScanJobSpec(s.pluginContext, s.object, s.credentials, s.containerSecurityContext, s.sbomClusterReports) if err != nil { return nil, nil, err } @@ -144,6 +150,9 @@ func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error) { trivyoperator.LabelK8SAppManagedBy: trivyoperator.AppTrivyOperator, trivyoperator.LabelVulnerabilityReportScanner: s.pluginContext.GetName(), } + if len(s.sbomClusterReports) > 0 { + jobLabels[trivyoperator.LabelReusedReport] = "true" + } podTemplateLabels := make(map[string]string) for k, v := range jobLabels { diff --git a/pkg/vulnerabilityreport/builder_test.go b/pkg/vulnerabilityreport/builder_test.go index f2cf82475..9c1d651ea 100644 --- a/pkg/vulnerabilityreport/builder_test.go +++ b/pkg/vulnerabilityreport/builder_test.go @@ -225,7 +225,7 @@ func (p *testPlugin) Init(_ trivyoperator.PluginContext) error { return nil } -func (p *testPlugin) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Object, _ map[string]docker.Auth, _ *corev1.SecurityContext) (corev1.PodSpec, []*corev1.Secret, error) { +func (p *testPlugin) GetScanJobSpec(_ trivyoperator.PluginContext, _ client.Object, _ map[string]docker.Auth, _ *corev1.SecurityContext, _ map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) { return corev1.PodSpec{}, nil, nil } diff --git a/pkg/vulnerabilityreport/controller/helper.go b/pkg/vulnerabilityreport/controller/helper.go index 2d428dffc..49c4aea2f 100644 --- a/pkg/vulnerabilityreport/controller/helper.go +++ b/pkg/vulnerabilityreport/controller/helper.go @@ -4,8 +4,10 @@ import ( "context" "reflect" + "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" "github.com/aquasecurity/trivy-operator/pkg/exposedsecretreport" "github.com/aquasecurity/trivy-operator/pkg/kube" + "github.com/aquasecurity/trivy-operator/pkg/sbomreport" "github.com/aquasecurity/trivy-operator/pkg/trivyoperator" "github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport" ) @@ -56,3 +58,20 @@ func compareReports(actual map[string]bool, images kube.ContainerImages) bool { return reflect.DeepEqual(actual, expected) } + +func getGlobalSbomReports(ctx context.Context, sbomReadWriter sbomreport.ReadWriter, images kube.ContainerImages) (map[string]v1alpha1.SbomReportData, error) { + sbomReportDataMap := make(map[string]v1alpha1.SbomReportData, 0) + for name, ref := range images { + list, err := sbomReadWriter.FindReportByImageRef(ctx, ref) + if err != nil { + return nil, err + } + + if len(list) > 0 { + for _, data := range list { + sbomReportDataMap[name] = data.Report + } + } + } + return sbomReportDataMap, nil +} diff --git a/pkg/vulnerabilityreport/controller/scanjob.go b/pkg/vulnerabilityreport/controller/scanjob.go index d6172c694..e74c77fc2 100644 --- a/pkg/vulnerabilityreport/controller/scanjob.go +++ b/pkg/vulnerabilityreport/controller/scanjob.go @@ -142,17 +142,19 @@ func (r *ScanJobController) processCompleteScanJob(ctx context.Context, job *bat var vulnerabilityReports []v1alpha1.VulnerabilityReport var secretReports []v1alpha1.ExposedSecretReport - var sbomReports []v1alpha1.SbomReport + var sbomNameSpacedReports []v1alpha1.SbomReport + var sbomClusterReports []v1alpha1.ClusterSbomReport var merr error for containerName, containerImage := range containerImages { - vulnReports, secReports, sbomReport, err := r.processScanJobResults(ctx, job, containerName, containerImage, owner) + vulnReports, secReports, sbomReports, err := r.processScanJobResults(ctx, job, containerName, containerImage, owner) if err != nil { merr = multierr.Append(merr, err) } vulnerabilityReports = append(vulnerabilityReports, vulnReports...) secretReports = append(secretReports, secReports...) - sbomReports = append(sbomReports, sbomReport) + sbomNameSpacedReports = append(sbomNameSpacedReports, sbomReports.sbomNamespaceReports...) + sbomClusterReports = append(sbomClusterReports, sbomReports.sbomClusterReports...) } if merr != nil { return merr @@ -173,7 +175,11 @@ func (r *ScanJobController) processCompleteScanJob(ctx context.Context, job *bat } if r.Config.SbomGenerationEnable { - err = r.SbomReadWriter.Write(ctx, sbomReports) + err = r.SbomReadWriter.Write(ctx, sbomNameSpacedReports) + if err != nil { + return err + } + err = r.SbomReadWriter.WriteCluster(ctx, sbomClusterReports) if err != nil { return err } @@ -183,29 +189,34 @@ func (r *ScanJobController) processCompleteScanJob(ctx context.Context, job *bat return r.deleteJob(ctx, job) } -func (r *ScanJobController) processScanJobResults(ctx context.Context, job *batchv1.Job, containerName, containerImage string, owner client.Object) ([]v1alpha1.VulnerabilityReport, []v1alpha1.ExposedSecretReport, v1alpha1.SbomReport, error) { +type SbomReports struct { + sbomNamespaceReports []v1alpha1.SbomReport + sbomClusterReports []v1alpha1.ClusterSbomReport +} + +func (r *ScanJobController) processScanJobResults(ctx context.Context, job *batchv1.Job, containerName, containerImage string, owner client.Object) ([]v1alpha1.VulnerabilityReport, []v1alpha1.ExposedSecretReport, *SbomReports, error) { log := r.Logger.WithValues("job-results-processor", fmt.Sprintf("%s/%s", job.Namespace, job.Name)) var vulnerabilityReports []v1alpha1.VulnerabilityReport var secretReports []v1alpha1.ExposedSecretReport - var sbomReport v1alpha1.SbomReport + sbomReports := &SbomReports{} podSpecHash, ok := job.Labels[trivyoperator.LabelResourceSpecHash] if !ok { - return nil, nil, v1alpha1.SbomReport{}, fmt.Errorf("expected label %s not set", trivyoperator.LabelResourceSpecHash) + return nil, nil, nil, fmt.Errorf("expected label %s not set", trivyoperator.LabelResourceSpecHash) } logsStream, err := r.LogsReader.GetLogsByJobAndContainerName(ctx, job, containerName) if err != nil { if k8sapierror.IsNotFound(err) { log.V(1).Info("Cached job must have been deleted") - return nil, nil, v1alpha1.SbomReport{}, nil + return nil, nil, nil, nil } if kube.IsPodControlledByJobNotFound(err) { log.V(1).Info("Pod must have been deleted") - return nil, nil, v1alpha1.SbomReport{}, r.deleteJob(ctx, job) + return nil, nil, nil, r.deleteJob(ctx, job) } - return nil, nil, v1alpha1.SbomReport{}, fmt.Errorf("getting logs for pod %q: %w", job.Namespace+"/"+job.Name, err) + return nil, nil, nil, fmt.Errorf("getting logs for pod %q: %w", job.Namespace+"/"+job.Name, err) } defer func() { @@ -217,64 +228,71 @@ func (r *ScanJobController) processScanJobResults(ctx context.Context, job *batc vulnReportData, secretReportData, sbomReportData, err := r.Plugin.ParseReportData(r.PluginContext, containerImage, logsStream) if err != nil { - return nil, nil, v1alpha1.SbomReport{}, err + return nil, nil, nil, err } resourceLabelsToInclude := r.GetReportResourceLabels() additionalCustomLabels, err := r.GetAdditionalReportLabels() if err != nil { - return nil, nil, v1alpha1.SbomReport{}, err + return nil, nil, nil, err } + if r.Config.VulnerabilityScannerEnabled { + reportBuilder := vulnerabilityreport.NewReportBuilder(r.Client.Scheme()). + Controller(owner). + Container(containerName). + Data(vulnReportData). + PodSpecHash(podSpecHash). + ResourceLabelsToInclude(resourceLabelsToInclude). + AdditionalReportLabels(additionalCustomLabels) - reportBuilder := vulnerabilityreport.NewReportBuilder(r.Client.Scheme()). - Controller(owner). - Container(containerName). - Data(vulnReportData). - PodSpecHash(podSpecHash). - ResourceLabelsToInclude(resourceLabelsToInclude). - AdditionalReportLabels(additionalCustomLabels) + if r.Config.ScannerReportTTL != nil { + reportBuilder.ReportTTL(r.Config.ScannerReportTTL) + } - if r.Config.ScannerReportTTL != nil { - reportBuilder.ReportTTL(r.Config.ScannerReportTTL) + report, err := reportBuilder.Get() + if err != nil { + return nil, nil, nil, err + } + vulnerabilityReports = append(vulnerabilityReports, report) } - - report, err := reportBuilder.Get() - if err != nil { - return nil, nil, v1alpha1.SbomReport{}, err + _, reused := job.Labels[trivyoperator.LabelReusedReport] + if !ok { + return nil, nil, nil, fmt.Errorf("expected label %s not set", trivyoperator.LabelResourceSpecHash) } - secretReportBuilder := exposedsecretreport.NewReportBuilder(r.Client.Scheme()). - Controller(owner). - Container(containerName). - Data(secretReportData). - PodSpecHash(podSpecHash). - ResourceLabelsToInclude(resourceLabelsToInclude). - AdditionalReportLabels(additionalCustomLabels) - if r.Config.ScannerReportTTL != nil { - secretReportBuilder.ReportTTL(r.Config.ScannerReportTTL) - } - secretReport, err := secretReportBuilder.Get() - if err != nil { - return nil, nil, v1alpha1.SbomReport{}, err + if r.ExposedSecretScannerEnabled && !reused { + secretReport, err := exposedsecretreport.NewReportBuilder(r.Client.Scheme()). + Controller(owner). + Container(containerName). + Data(secretReportData). + PodSpecHash(podSpecHash). + ResourceLabelsToInclude(resourceLabelsToInclude). + AdditionalReportLabels(additionalCustomLabels). + Get() + if err != nil { + return nil, nil, nil, err + } + secretReports = append(secretReports, secretReport) } - if sbomReportData != nil { + + if r.SbomGenerationEnable && sbomReportData != nil && !reused { sbomReportBuilder := sbomreport.NewReportBuilder(r.Client.Scheme()). Controller(owner). Container(containerName). Data(*sbomReportData). PodSpecHash(podSpecHash). + CacheTTL(r.Config.CacheReportTTL). ResourceLabelsToInclude(resourceLabelsToInclude). AdditionalReportLabels(additionalCustomLabels) - sbomReport, err = sbomReportBuilder.Get() + sbomReport, clusterReport, err := sbomReportBuilder.Get() if err != nil { - return nil, nil, v1alpha1.SbomReport{}, err + return nil, nil, nil, err } - } - - vulnerabilityReports = append(vulnerabilityReports, report) - secretReports = append(secretReports, secretReport) + sbomReports.sbomClusterReports = []v1alpha1.ClusterSbomReport{clusterReport} + sbomReports.sbomNamespaceReports = []v1alpha1.SbomReport{sbomReport} - return vulnerabilityReports, secretReports, sbomReport, nil + } + return vulnerabilityReports, secretReports, sbomReports, nil } func (r *ScanJobController) processFailedScanJob(ctx context.Context, scanJob *batchv1.Job) error { diff --git a/pkg/vulnerabilityreport/controller/workload.go b/pkg/vulnerabilityreport/controller/workload.go index 5afc001b9..21de7accd 100644 --- a/pkg/vulnerabilityreport/controller/workload.go +++ b/pkg/vulnerabilityreport/controller/workload.go @@ -61,8 +61,9 @@ type ScanJobResult struct { // ScanJobRequest encapsulate workload and context for processing type ScanJobRequest struct { - Workload client.Object - Context context.Context + Workload client.Object + Context context.Context + ClusterSbomReport map[string]v1alpha1.SbomReportData } // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch @@ -75,6 +76,7 @@ type ScanJobRequest struct { // +kubebuilder:rbac:groups=aquasecurity.github.io,resources=vulnerabilityreports,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=aquasecurity.github.io,resources=exposedsecretreports,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=aquasecurity.github.io,resources=sbomreports,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=aquasecurity.github.io,resources=clustersbomreports,verbs=get;list;watch;create;update;patch;delete // Manage scan jobs with image pull secrets // kubebuilder:rbac:groups="",resources=secrets,verbs=create;update @@ -169,6 +171,7 @@ func (r *WorkloadController) reconcileWorkload(workloadKind kube.Kind) reconcile log.V(1).Info("VulnerabilityReports or Secret Reports already exist") return ctrl.Result{}, nil } + var reportsData map[string]v1alpha1.SbomReportData _, job, err := r.hasActiveScanJob(ctx, workloadRef, hash) if err != nil { @@ -190,9 +193,21 @@ func (r *WorkloadController) reconcileWorkload(workloadKind kube.Kind) reconcile return ctrl.Result{RequeueAfter: r.Config.ScanJobRetryAfter}, nil } } + if r.Config.SbomGenerationEnable { + reportsData, err = getGlobalSbomReports(ctx, r.SbomReadWriter, containerImages) + if err != nil { + return ctrl.Result{}, err + } + if len(reportsData) > 0 { + err = r.reuseReport(ctx, workloadObj, reportsData) + if err != nil { + return ctrl.Result{}, err + } + } + } log.V(1).Info("Submitting a scan for the workload") // sync all potential workload for scanning - r.SubmitScanJobChan <- ScanJobRequest{Workload: workloadObj, Context: ctx} + r.SubmitScanJobChan <- ScanJobRequest{Workload: workloadObj, Context: ctx, ClusterSbomReport: reportsData} // collect scan job processing results scanJobResult := <-r.ResultScanJobChan return scanJobResult.Result, scanJobResult.Error @@ -214,7 +229,7 @@ func (r *WorkloadController) ProcessScanJob() { r.ResultScanJobChan <- ScanJobResult{Result: ctrl.Result{RequeueAfter: r.Config.ScanJobRetryAfter}, Error: nil} continue } - err = r.submitScanJob(workloadRequest.Context, workloadRequest.Workload) + err = r.submitScanJob(workloadRequest.Context, workloadRequest.Workload, workloadRequest.ClusterSbomReport) r.ResultScanJobChan <- ScanJobResult{Result: ctrl.Result{}, Error: err} } } @@ -235,7 +250,8 @@ func (r *WorkloadController) hasActiveScanJob(ctx context.Context, owner kube.Ob return false, nil, nil } -func (r *WorkloadController) submitScanJob(ctx context.Context, owner client.Object) error { +func (r *WorkloadController) submitScanJob(ctx context.Context, owner client.Object, reusedReports map[string]v1alpha1.SbomReportData) error { + log := r.Logger.WithValues("kind", owner.GetObjectKind().GroupVersionKind().Kind, "name", owner.GetName(), "namespace", owner.GetNamespace()) var err error @@ -291,7 +307,7 @@ func (r *WorkloadController) submitScanJob(ctx context.Context, owner client.Obj return fmt.Errorf("getting scan job priority class name: %w", err) } - scanJob, secrets, err := vulnerabilityreport.NewScanJobBuilder(). + scanJobBuilder := vulnerabilityreport.NewScanJobBuilder(). WithPlugin(r.Plugin). WithPluginContext(r.PluginContext). WithTimeout(r.Config.ScanJobTimeout). @@ -305,8 +321,11 @@ func (r *WorkloadController) submitScanJob(ctx context.Context, owner client.Obj WithSkipInitContainers(r.GetSkipInitContainers()). WithPodTemplateLabels(scanJobPodTemplateLabels). WithCredentials(credentials). - WithPodPriorityClassName(scanJobPodPriorityClassName). - Get() + WithPodPriorityClassName(scanJobPodPriorityClassName) + if len(reusedReports) > 0 { + scanJobBuilder.WithSbomClusterReports(reusedReports) + } + scanJob, secrets, err := scanJobBuilder.Get() if err != nil { if errors.Is(err, kube.ErrReplicaSetNotFound) || errors.Is(err, kube.ErrNoRunningPods) || @@ -352,3 +371,31 @@ func (r *WorkloadController) submitScanJob(ctx context.Context, owner client.Obj return nil } + +func (r *WorkloadController) reuseReport(ctx context.Context, owner client.Object, sbomReportDataMap map[string]v1alpha1.SbomReportData) error { + hash, err := kube.ComputeSpecHash(owner) + if err != nil { + return err + } + resourceLabelsToInclude := r.GetReportResourceLabels() + additionalCustomLabels, err := r.GetAdditionalReportLabels() + if err != nil { + return err + } + sbomReports := make([]v1alpha1.SbomReport, 0) + for containerName, sbomReportData := range sbomReportDataMap { + sbomReportBuilder := sbomreport.NewReportBuilder(r.Client.Scheme()). + Controller(owner). + Container(containerName). + Data(sbomReportData). + PodSpecHash(hash). + ResourceLabelsToInclude(resourceLabelsToInclude). + AdditionalReportLabels(additionalCustomLabels) + sbomReport, err := sbomReportBuilder.NamespacedReport() + if err != nil { + return err + } + sbomReports = append(sbomReports, sbomReport) + } + return r.SbomReadWriter.Write(ctx, sbomReports) +} diff --git a/pkg/vulnerabilityreport/plugin.go b/pkg/vulnerabilityreport/plugin.go index a6b82b727..ca6d5037d 100644 --- a/pkg/vulnerabilityreport/plugin.go +++ b/pkg/vulnerabilityreport/plugin.go @@ -25,7 +25,7 @@ type Plugin interface { // which can be passed to the scanner as environment variables with values // set from returned secrets. GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth, - securityContext *corev1.SecurityContext) (corev1.PodSpec, []*corev1.Secret, error) + securityContext *corev1.SecurityContext, clusterSbomReport map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error) // ParseReportData is a callback to parse and convert logs of // the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult. diff --git a/tests/config/client-server-sbom.yaml b/tests/config/client-server-sbom.yaml new file mode 100644 index 000000000..79ea2e73c --- /dev/null +++ b/tests/config/client-server-sbom.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestSuite +commands: + - command: helm install trivy-operator ./deploy/helm --namespace trivy-system + --create-namespace --set="operator.builtInTrivyServer=true" + --set="image.tag=e2e" --set="excludeNamespaces=kube-system" + --set="operator.sbomGenerationEnabled=true" +testDirs: + - tests/e2e/sbom-client-server +timeout: 240 diff --git a/tests/config/fs-sbom.yaml b/tests/config/fs-sbom.yaml new file mode 100644 index 000000000..e58c07abf --- /dev/null +++ b/tests/config/fs-sbom.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestSuite +commands: + - command: helm install trivy-operator ./deploy/helm --namespace trivy-system + --create-namespace --set="trivy.command=filesystem" + --set="trivyOperator.scanJobPodTemplateContainerSecurityContext.runAsUser=0" + --set="image.tag=e2e" --set="excludeNamespaces=kube-system" + --set="operator.sbomGenerationEnabled=true" +testDirs: + - tests/e2e/sbom-fs +timeout: 240 diff --git a/tests/config/sbom-standalone.yaml b/tests/config/sbom-standalone.yaml new file mode 100644 index 000000000..903f584f5 --- /dev/null +++ b/tests/config/sbom-standalone.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestSuite +commands: + - command: helm install trivy-operator ./deploy/helm --namespace trivy-system + --create-namespace --set="image.tag=e2e" + --set="excludeNamespaces=kube-system" + --set="trivyOperator.additionalReportLabels=myname=test" + --set="operator.sbomGenerationEnabled=true" + --set="trivyOperator.reportResourceLabels=team" +testDirs: + - tests/e2e/sbom-standalone +timeout: 240 +kindNodeCache: true diff --git a/tests/e2e/client-server/workload/04-assert.yaml b/tests/e2e/client-server/workload/04-assert.yaml index 1578f9046..b2501de15 100644 --- a/tests/e2e/client-server/workload/04-assert.yaml +++ b/tests/e2e/client-server/workload/04-assert.yaml @@ -2,8 +2,6 @@ apiVersion: aquasecurity.github.io/v1alpha1 kind: ExposedSecretReport metadata: - annotations: - trivy-operator.aquasecurity.github.io/report-ttl: 24h0m0s name: pod-my-pod-app report: artifact: diff --git a/tests/e2e/fs-mode/workload/04-assert.yaml b/tests/e2e/fs-mode/workload/04-assert.yaml index 1578f9046..b2501de15 100644 --- a/tests/e2e/fs-mode/workload/04-assert.yaml +++ b/tests/e2e/fs-mode/workload/04-assert.yaml @@ -2,8 +2,6 @@ apiVersion: aquasecurity.github.io/v1alpha1 kind: ExposedSecretReport metadata: - annotations: - trivy-operator.aquasecurity.github.io/report-ttl: 24h0m0s name: pod-my-pod-app report: artifact: diff --git a/tests/e2e/image-mode/workload/04-assert.yaml b/tests/e2e/image-mode/workload/04-assert.yaml index 131f0e747..139df9fbc 100644 --- a/tests/e2e/image-mode/workload/04-assert.yaml +++ b/tests/e2e/image-mode/workload/04-assert.yaml @@ -5,8 +5,6 @@ metadata: labels: team: rnd myname: test - annotations: - trivy-operator.aquasecurity.github.io/report-ttl: 24h0m0s name: pod-my-pod-app report: artifact: diff --git a/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml b/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml new file mode 100644 index 000000000..be2f3adb1 --- /dev/null +++ b/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml @@ -0,0 +1,3531 @@ +--- +apiVersion: aquasecurity.github.io/v1alpha1 +kind: ClusterSbomReport +metadata: + labels: + resource-image-id: 6df5684d + name: 6df5684d +report: + artifact: + digest: sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369 + repository: library/nginx + tag: 1.14.2 + components: + bomFormat: CycloneDX + components: + - bom-ref: 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + name: debian + properties: + - name: aquasecurity:trivy:Class + value: os-pkgs + - name: aquasecurity:trivy:Type + value: debian + supplier: {} + type: operating-system + version: "9.8" + - bom-ref: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: adduser + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: adduser@3.115 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: adduser + - name: aquasecurity:trivy:SrcVersion + value: "3.115" + purl: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + supplier: + name: Debian Adduser Developers + type: library + version: "3.115" + - bom-ref: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: apt + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: apt@1.4.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: apt + - name: aquasecurity:trivy:SrcVersion + value: 1.4.9 + purl: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + supplier: + name: APT Development Team + type: library + version: 1.4.9 + - bom-ref: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: base-files + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: base-files@9.9+deb9u8 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: base-files + - name: aquasecurity:trivy:SrcVersion + value: 9.9+deb9u8 + purl: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + supplier: + name: Santiago Vila + type: library + version: 9.9+deb9u8 + - bom-ref: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: PD + name: base-passwd + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: base-passwd@3.5.43 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: base-passwd + - name: aquasecurity:trivy:SrcVersion + value: 3.5.43 + purl: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + supplier: + name: Colin Watson + type: library + version: 3.5.43 + - bom-ref: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: bash + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: bash@4.4-5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: bash + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + supplier: + name: Matthias Klose + type: library + version: 4.4-5 + - bom-ref: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: bsdutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: bsdutils@1:2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: coreutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: coreutils@8.26-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: coreutils + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "8.26" + purl: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + supplier: + name: Michael Stone + type: library + version: 8.26-3 + - bom-ref: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: dash + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: dash@0.5.8-2.4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: dash + - name: aquasecurity:trivy:SrcRelease + value: "2.4" + - name: aquasecurity:trivy:SrcVersion + value: 0.5.8 + purl: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + supplier: + name: Gerrit Pape + type: library + version: 0.5.8-2.4 + - bom-ref: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + licenses: + - license: + name: BSD-2-Clause + name: debconf + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debconf@1.5.61 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debconf + - name: aquasecurity:trivy:SrcVersion + value: 1.5.61 + purl: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + supplier: + name: Debconf Developers + type: library + version: 1.5.61 + - bom-ref: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: debian-archive-keyring + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debian-archive-keyring@2017.5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debian-archive-keyring + - name: aquasecurity:trivy:SrcVersion + value: "2017.5" + purl: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + supplier: + name: Debian Release Team + type: library + version: "2017.5" + - bom-ref: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: debianutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debianutils@4.8.1.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debianutils + - name: aquasecurity:trivy:SrcVersion + value: 4.8.1.1 + purl: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + supplier: + name: Clint Adams + type: library + version: 4.8.1.1 + - bom-ref: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL + name: diffutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: diffutils@1:3.5-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: diffutils + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "3.5" + purl: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Santiago Vila + type: library + version: 3.5-3 + - bom-ref: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: BSD-2-Clause + - license: + name: public-domain-s-s-d + - license: + name: public-domain-md5 + name: dpkg + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: dpkg@1.18.25 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: dpkg + - name: aquasecurity:trivy:SrcVersion + value: 1.18.25 + purl: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + supplier: + name: Dpkg Developers + type: library + version: 1.18.25 + - bom-ref: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.0 + name: e2fslibs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: e2fslibs@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.0 + name: e2fsprogs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: e2fsprogs@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL-1.3 + name: findutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: findutils@4.6.0+git+20161106-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: findutils + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 4.6.0+git+20161106 + purl: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + supplier: + name: Andreas Metzler + type: library + version: 4.6.0+git+20161106-2 + - bom-ref: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + name: fontconfig-config + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: fontconfig-config@2.11.0-6.7 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fontconfig + - name: aquasecurity:trivy:SrcRelease + value: "6.7" + - name: aquasecurity:trivy:SrcVersion + value: 2.11.0 + purl: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + supplier: + name: Keith Packard + type: library + version: 2.11.0-6.7 + - bom-ref: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + licenses: + - license: + name: bitstream-vera + - license: + name: GPL-2.0 + name: fonts-dejavu-core + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: fonts-dejavu-core@2.37-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fonts-dejavu + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "2.37" + purl: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + supplier: + name: Debian Fonts Task Force + type: library + version: 2.37-1 + - bom-ref: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL-1.2 + - license: + name: GPL-2.0 + - license: + name: Artistic + name: gcc-6-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gcc-6-base@6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + - license: + name: GFDL + name: gettext-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: gettext-base@0.19.8.1-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gettext + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 0.19.8.1 + purl: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + supplier: + name: Santiago Vila + type: library + version: 0.19.8.1-2 + - bom-ref: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: permissive + - license: + name: LGPL-2.1 + - license: + name: Expat + - license: + name: BSD-3-Clause + - license: + name: LGPL-3.0 + - license: + name: RFC-Reference + - license: + name: TinySCHEME + name: gpgv + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gpgv@2.1.18-8~deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gnupg2 + - name: aquasecurity:trivy:SrcRelease + value: 8~deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 2.1.18 + purl: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuPG Maintainers + type: library + version: 2.1.18-8~deb9u4 + - bom-ref: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: grep + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: grep@2.27-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: grep + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.27" + purl: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.27-2 + - bom-ref: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: gzip + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gzip@1.6-5+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gzip + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: "1.6" + purl: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Bdale Garbee + type: library + version: 1.6-5+b1 + - bom-ref: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: hostname + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: hostname@3.18+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: hostname + - name: aquasecurity:trivy:SrcVersion + value: "3.18" + purl: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Hostname Team + type: library + version: 3.18+b1 + - bom-ref: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + licenses: + - license: + name: BSD-3-Clause + - license: + name: GPL-2.0 + name: init-system-helpers + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: init-system-helpers@1.48 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: init-system-helpers + - name: aquasecurity:trivy:SrcVersion + value: "1.48" + purl: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: "1.48" + - bom-ref: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + name: libacl1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libacl1@2.2.52-3+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: acl + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 2.2.52 + purl: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.2.52-3+b1 + - bom-ref: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libapt-pkg5.0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libapt-pkg5.0@1.4.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: apt + - name: aquasecurity:trivy:SrcVersion + value: 1.4.9 + purl: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + supplier: + name: APT Development Team + type: library + version: 1.4.9 + - bom-ref: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libattr1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libattr1@1:2.4.47-2+b2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: attr + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.4.47 + purl: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.4.47-2+b2 + - bom-ref: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-1.0 + name: libaudit-common + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libaudit-common@1:2.6.7-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: audit + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.7 + purl: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + supplier: + name: Laurent Bigonville + type: library + version: 2.6.7-2 + - bom-ref: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-1.0 + name: libaudit1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libaudit1@1:2.6.7-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: audit + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.7 + purl: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Laurent Bigonville + type: library + version: 2.6.7-2 + - bom-ref: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libblkid1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libblkid1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: BSD-3-Clause + - license: + name: BSD-4-clause-Niels-Provos + - license: + name: BSD-4-clause-Christopher-G-Demetriou + - license: + name: BSD-3-clause-Regents + - license: + name: BSD-3-clause-Peter-Wemm + - license: + name: BSD-5-clause-Peter-Wemm + - license: + name: BSD-2-clause-NetBSD + - license: + name: BSD-2-Clause + - license: + name: BSD-2-clause-verbatim + - license: + name: BSD-2-clause-author + - license: + name: ISC + - license: + name: ISC-Original + - license: + name: Expat + - license: + name: public-domain-Colin-Plumb + - license: + name: public-domain + - license: + name: Beerware + name: libbsd0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libbsd0@0.8.3-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libbsd + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 0.8.3 + purl: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + supplier: + name: Guillem Jover + type: library + version: 0.8.3-1 + - bom-ref: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libbz2-1.0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libbz2-1.0@1.0.6-8.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: bzip2 + - name: aquasecurity:trivy:SrcRelease + value: "8.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.6 + purl: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 1.0.6-8.1 + - bom-ref: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libc-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libc-bin@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libc6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libc6@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + - license: + name: GPL-3.0 + name: libcap-ng0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libcap-ng0@0.7.7-3+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libcap-ng + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 0.7.7 + purl: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Pierre Chifflier + type: library + version: 0.7.7-3+b1 + - bom-ref: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + name: libcomerr2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libcomerr2@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libdb5.3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libdb5.3@5.3.28-12+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: db5.3 + - name: aquasecurity:trivy:SrcRelease + value: 12+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 5.3.28 + purl: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Berkeley DB Group + type: library + version: 5.3.28-12+deb9u1 + - bom-ref: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + name: libdebconfclient0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libdebconfclient0@0.227 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: cdebconf + - name: aquasecurity:trivy:SrcVersion + value: "0.227" + purl: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Install System Team + type: library + version: "0.227" + - bom-ref: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + name: libedit2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libedit2@3.1-20160903-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libedit + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 3.1-20160903 + purl: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + supplier: + name: LLVM Packaging Team + type: library + version: 3.1-20160903-3 + - bom-ref: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libexpat1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libexpat1@2.2.0-2+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: expat + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.2.0 + purl: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 2.2.0-2+deb9u1 + - bom-ref: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libfdisk1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libfdisk1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + name: libfontconfig1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libfontconfig1@2.11.0-6.7+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fontconfig + - name: aquasecurity:trivy:SrcRelease + value: "6.7" + - name: aquasecurity:trivy:SrcVersion + value: 2.11.0 + purl: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Keith Packard + type: library + version: 2.11.0-6.7+b1 + - bom-ref: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: FTL + - license: + name: Catharon-OSL + - license: + name: GZip + - license: + name: BSD-3-Clause + - license: + name: BSD-2-Clause + - license: + name: OpenGroup-BSD-like + name: libfreetype6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libfreetype6@2.6.3-3.2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: freetype + - name: aquasecurity:trivy:SrcRelease + value: "3.2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.3 + purl: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 2.6.3-3.2 + - bom-ref: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + name: libgcc1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgcc1@1:6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-2.0 + name: libgcrypt20 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgcrypt20@1.7.6-2+deb9u3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgcrypt20 + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u3 + - name: aquasecurity:trivy:SrcVersion + value: 1.7.6 + purl: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuTLS Maintainers + type: library + version: 1.7.6-2+deb9u3 + - bom-ref: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GD + - license: + name: GAP~Makefile.in + - license: + name: GPL-2.0-with-autoconf-exception + - license: + name: BSD-3-Clause + - license: + name: GAP~configure + - license: + name: MIT + - license: + name: HPND + - license: + name: XFIG + - license: + name: WEBP + - license: + name: GPL-2.0 + name: libgd3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libgd3@2.2.4-2+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgd2 + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 2.2.4 + purl: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GD team + type: library + version: 2.2.4-2+deb9u4 + - bom-ref: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: ISC + name: libgeoip1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libgeoip1@1.6.9-4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: geoip + - name: aquasecurity:trivy:SrcRelease + value: "4" + - name: aquasecurity:trivy:SrcVersion + value: 1.6.9 + purl: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + supplier: + name: Patrick Matthäi + type: library + version: 1.6.9-4 + - bom-ref: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.1+ + - license: + name: LGPL-2.1 + name: libgpg-error0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgpg-error0@1.26-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgpg-error + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "1.26" + purl: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuPG Maintainers + type: library + version: 1.26-2 + - bom-ref: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libicu57 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libicu57@57.1-6+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: icu + - name: aquasecurity:trivy:SrcRelease + value: 6+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: "57.1" + purl: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 57.1-6+deb9u2 + - bom-ref: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libjbig0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libjbig0@2.1-3.1+b2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: jbigkit + - name: aquasecurity:trivy:SrcRelease + value: "3.1" + - name: aquasecurity:trivy:SrcVersion + value: "2.1" + purl: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + supplier: + name: Michael van der Kolff + type: library + version: 2.1-3.1+b2 + - bom-ref: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: BSD-BY-LC-NE + - license: + name: BSD-3 + - license: + name: Expat + name: libjpeg62-turbo + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libjpeg62-turbo@1:1.5.1-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libjpeg-turbo + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.5.1 + purl: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: OndÅ™ej Surý + type: library + version: 1.5.1-2 + - bom-ref: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: BSD-2-Clause + - license: + name: GPL-2.0 + name: liblz4-1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: liblz4-1@0.0~r131-2+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: lz4 + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 0.0~r131 + purl: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Nobuhiro Iwamatsu + type: library + version: 0.0~r131-2+b1 + - bom-ref: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: PD + - license: + name: probably-PD + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: permissive-fsf + - license: + name: Autoconf + - license: + name: none + - license: + name: permissive-nowarranty + - license: + name: config-h + - license: + name: LGPL-2.0 + - license: + name: noderivs + - license: + name: PD-debian + - license: + name: GPL-3.0 + name: liblzma5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: liblzma5@5.2.2-1.2+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: xz-utils + - name: aquasecurity:trivy:SrcRelease + value: "1.2" + - name: aquasecurity:trivy:SrcVersion + value: 5.2.2 + purl: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Jonathan Nieder + type: library + version: 5.2.2-1.2+b1 + - bom-ref: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libmount1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libmount1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libncurses5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libncurses5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libncursesw5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libncursesw5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-modules-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-modules-bin@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-modules + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-modules@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-runtime + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-runtime@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam0g + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam0g@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + name: libpcre3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpcre3@2:8.39-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: pcre3 + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "8.39" + purl: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + supplier: + name: Matthew Vernon + type: library + version: 8.39-3 + - bom-ref: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: libpng + - license: + name: expat + - license: + name: GPL-2.0 + - license: + name: BSD-like-with-advertising-clause + name: libpng16-16 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libpng16-16@1.6.28-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libpng1.6 + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 1.6.28 + purl: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 1.6.28-1 + - bom-ref: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libselinux1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libselinux1@2.6-3+b3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libselinux + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-3+b3 + - bom-ref: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsemanage-common + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsemanage-common@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsemanage + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsemanage1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsemanage1@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsemanage + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsepol1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsepol1@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsepol + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libsmartcols1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsmartcols1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + name: libss2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libss2@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + name: libssl1.1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libssl1.1@1.1.0j-1~deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: openssl + - name: aquasecurity:trivy:SrcRelease + value: 1~deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.1.0j + purl: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian OpenSSL Team + type: library + version: 1.1.0j-1~deb9u1 + - bom-ref: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libstdc++6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libstdc++6@6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: CC0 + - license: + name: GPL-2.0 + - license: + name: Expat + - license: + name: public-domain + name: libsystemd0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsystemd0@232-25+deb9u9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: systemd + - name: aquasecurity:trivy:SrcRelease + value: 25+deb9u9 + - name: aquasecurity:trivy:SrcVersion + value: "232" + purl: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: 232-25+deb9u9 + - bom-ref: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: Hylafax + name: libtiff5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libtiff5@4.0.8-2+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tiff + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 4.0.8 + purl: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 4.0.8-2+deb9u4 + - bom-ref: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libtinfo5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libtinfo5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: CC0 + - license: + name: GPL-2.0 + - license: + name: Expat + - license: + name: public-domain + name: libudev1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libudev1@232-25+deb9u9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: systemd + - name: aquasecurity:trivy:SrcRelease + value: 25+deb9u9 + - name: aquasecurity:trivy:SrcVersion + value: "232" + purl: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: 232-25+deb9u9 + - bom-ref: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.0 + - license: + name: BSD-2-Clause + - license: + name: MIT + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + name: libustr-1.0-1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libustr-1.0-1@1.0.4-6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ustr + - name: aquasecurity:trivy:SrcRelease + value: "6" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.4 + purl: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + supplier: + name: Vaclav Ovsik + type: library + version: 1.0.4-6 + - bom-ref: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libuuid1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libuuid1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: Apache-2.0 + name: libwebp6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libwebp6@0.5.2-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libwebp + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 0.5.2 + purl: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + supplier: + name: Jeff Breidenbach + type: library + version: 0.5.2-1 + - bom-ref: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + name: libx11-6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libx11-6@2:1.6.4-3+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: libx11 + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.6.4 + purl: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + supplier: + name: Debian X Strike Force + type: library + version: 1.6.4-3+deb9u1 + - bom-ref: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + name: libx11-data + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libx11-data@2:1.6.4-3+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: libx11 + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.6.4 + purl: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + supplier: + name: Debian X Strike Force + type: library + version: 1.6.4-3+deb9u1 + - bom-ref: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + name: libxau6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxau6@1:1.0.8-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxau + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.8 + purl: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 1.0.8-1 + - bom-ref: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + name: libxcb1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxcb1@1.12-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxcb + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "1.12" + purl: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian X Strike Force + type: library + version: 1.12-1 + - bom-ref: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + name: libxdmcp6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxdmcp6@1:1.1.2-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxdmcp + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.2 + purl: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 1.1.2-3 + - bom-ref: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libxml2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxml2@2.9.4+dfsg1-2.2+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxml2 + - name: aquasecurity:trivy:SrcRelease + value: 2.2+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 2.9.4+dfsg1 + purl: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian XML/SGML Group + type: library + version: 2.9.4+dfsg1-2.2+deb9u2 + - bom-ref: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + name: libxpm4 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxpm4@1:3.5.12-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxpm + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 3.5.12 + purl: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 3.5.12-1 + - bom-ref: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + name: libxslt1.1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxslt1.1@1.1.29-2.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxslt + - name: aquasecurity:trivy:SrcRelease + value: "2.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.29 + purl: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian XML/SGML Group + type: library + version: 1.1.29-2.1 + - bom-ref: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + name: login + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: login@1:4.4-4.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: shadow + - name: aquasecurity:trivy:SrcRelease + value: "4.1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Shadow package maintainers + type: library + version: 4.4-4.1 + - bom-ref: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: BSD-3-Clause + name: lsb-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: lsb-base@9.20161125 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: lsb + - name: aquasecurity:trivy:SrcVersion + value: "9.20161125" + purl: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + supplier: + name: Debian LSB Team + type: library + version: "9.20161125" + - bom-ref: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: mawk + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: mawk@1.3.3-17+b3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: mawk + - name: aquasecurity:trivy:SrcRelease + value: "17" + - name: aquasecurity:trivy:SrcVersion + value: 1.3.3 + purl: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.3.3-17+b3 + - bom-ref: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: mount + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: mount@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: multiarch-support + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: multiarch-support@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + name: ncurses-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: ncurses-base@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: ncurses-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: ncurses-bin@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-geoip + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-geoip@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-geoip + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-image-filter + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-image-filter@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-image-filter + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-njs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-njs@1.14.2.0.2.6-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-njs + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2.0.2.6 + purl: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2.0.2.6-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-xslt + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-xslt@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-xslt + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + name: passwd + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: passwd@1:4.4-4.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: shadow + - name: aquasecurity:trivy:SrcRelease + value: "4.1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Shadow package maintainers + type: library + version: 4.4-4.1 + - bom-ref: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + name: perl-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: perl-base@5.24.1-3+deb9u5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: perl + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u5 + - name: aquasecurity:trivy:SrcVersion + value: 5.24.1 + purl: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + supplier: + name: Niko Tyni + type: library + version: 5.24.1-3+deb9u5 + - bom-ref: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: sed + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sed@4.4-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sed + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + supplier: + name: Clint Adams + type: library + version: 4.4-1 + - bom-ref: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: sensible-utils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sensible-utils@0.0.9+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sensible-utils + - name: aquasecurity:trivy:SrcVersion + value: 0.0.9+deb9u1 + purl: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 0.0.9+deb9u1 + - bom-ref: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: sysvinit-utils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sysvinit-utils@2.88dsf-59.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sysvinit + - name: aquasecurity:trivy:SrcRelease + value: "59.9" + - name: aquasecurity:trivy:SrcVersion + value: 2.88dsf + purl: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian sysvinit maintainers + type: library + version: 2.88dsf-59.9 + - bom-ref: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GPL-2.0 + name: tar + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: tar@1.29b-1.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tar + - name: aquasecurity:trivy:SrcRelease + value: "1.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.29b + purl: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + supplier: + name: Bdale Garbee + type: library + version: 1.29b-1.1 + - bom-ref: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + name: tzdata + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: tzdata@2018i-0+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tzdata + - name: aquasecurity:trivy:SrcRelease + value: 0+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2018i + purl: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2018i-0+deb9u1 + - bom-ref: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: ucf + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: ucf@3.0036 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ucf + - name: aquasecurity:trivy:SrcVersion + value: "3.0036" + purl: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + supplier: + name: Manoj Srivastava + type: library + version: "3.0036" + - bom-ref: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: util-linux + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: util-linux@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + name: zlib1g + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: zlib1g@1:1.2.8.dfsg-5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: zlib + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: 1.2.8.dfsg + purl: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Mark Brown + type: library + version: 1.2.8.dfsg-5 + dependencies: + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + - pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + - pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + - pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + - pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + ref: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - dependsOn: [] + ref: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + ref: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + ref: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + metadata: + component: + bom-ref: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + name: nginx:1.14.2 + properties: + - name: aquasecurity:trivy:DiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda,sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a,sha256:82ae01d5004e2143b642b1a008624e7521c73ab18e5776a22f18a172b9dbec80 + - name: aquasecurity:trivy:ImageID + value: sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369 + - name: aquasecurity:trivy:RepoDigest + value: nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d + - name: aquasecurity:trivy:RepoTag + value: nginx:1.14.2 + - name: aquasecurity:trivy:SchemaVersion + value: "2" + purl: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + supplier: {} + type: container + timestamp: 2023-11-12T18:51:06+00:00 + tools: + - name: trivy + vendor: aquasecurity + serialNumber: urn:uuid:d81232a6-d89d-4533-ba43-228468c411f5 + specVersion: "1.5" + version: 1 + registry: + server: index.docker.io + scanner: + name: Trivy + vendor: Aqua Security + version: 0.45.1 + summary: + componentsCount: 110 + dependenciesCount: 110 + updateTimestamp: 2023-11-12T18:51:06Z diff --git a/tests/e2e/sbom-client-server/workload/01-assert.yaml b/tests/e2e/sbom-client-server/workload/01-assert.yaml new file mode 100644 index 000000000..ee9927eb6 --- /dev/null +++ b/tests/e2e/sbom-client-server/workload/01-assert.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: aquasecurity.github.io/v1alpha1 +kind: VulnerabilityReport +metadata: + annotations: + trivy-operator.aquasecurity.github.io/report-ttl: 24h0m0s + name: pod-my-pod-app +report: + artifact: + repository: library/nginx + tag: 1.14.2 + registry: + server: index.docker.io + scanner: + name: Trivy + vendor: Aqua Security diff --git a/tests/e2e/sbom-client-server/workload/01-pod.yaml b/tests/e2e/sbom-client-server/workload/01-pod.yaml new file mode 100644 index 000000000..a2c150343 --- /dev/null +++ b/tests/e2e/sbom-client-server/workload/01-pod.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: my-pod + labels: + app.kubernetes.io/name: wordpress + pod-template-hash: 84bbf6f4dd + app: nginx + team: rnd +spec: + containers: + - image: nginx:1.14.2 + name: app diff --git a/tests/e2e/sbom-client-server/workload/02-assert.yaml b/tests/e2e/sbom-client-server/workload/02-assert.yaml new file mode 100644 index 000000000..b00f14829 --- /dev/null +++ b/tests/e2e/sbom-client-server/workload/02-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +commands: + - script: > + cnt="$(kubectl get -n $NAMESPACE + sbomreports.aquasecurity.github.io pod-my-pod-app \ + -o=jsonpath='{.report.summary.componentsCount}')" + if [ $cnt -gt 0 ] + + then + echo "Pass: SbomReport ComponentCount ($cnt) is greater than 0" + else + echo "Fail: SbomReport ComponentCount ($cnt) should be greater than 0" + exit 1 + fi +kind: TestAssert +timeout: 30 diff --git a/tests/e2e/sbom-client-server/workload/03-assert.yaml b/tests/e2e/sbom-client-server/workload/03-assert.yaml new file mode 100644 index 000000000..7a05f311c --- /dev/null +++ b/tests/e2e/sbom-client-server/workload/03-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +commands: + - script: > + cnt="$(kubectl get -n $NAMESPACE + vulnerabilityreports.aquasecurity.github.io pod-my-pod-app \ + -o=jsonpath='{.report.summary.criticalCount}')" + if [ $cnt -gt 0 ] + + then + echo "Pass: VulnerabilityReport CriticalCount ($cnt) is greater than 0" + else + echo "Fail: VulnerabilityReport CriticalCount ($cnt) should be greater than 0" + exit 1 + fi +kind: TestAssert +timeout: 30 diff --git a/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml b/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml new file mode 100644 index 000000000..be2f3adb1 --- /dev/null +++ b/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml @@ -0,0 +1,3531 @@ +--- +apiVersion: aquasecurity.github.io/v1alpha1 +kind: ClusterSbomReport +metadata: + labels: + resource-image-id: 6df5684d + name: 6df5684d +report: + artifact: + digest: sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369 + repository: library/nginx + tag: 1.14.2 + components: + bomFormat: CycloneDX + components: + - bom-ref: 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + name: debian + properties: + - name: aquasecurity:trivy:Class + value: os-pkgs + - name: aquasecurity:trivy:Type + value: debian + supplier: {} + type: operating-system + version: "9.8" + - bom-ref: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: adduser + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: adduser@3.115 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: adduser + - name: aquasecurity:trivy:SrcVersion + value: "3.115" + purl: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + supplier: + name: Debian Adduser Developers + type: library + version: "3.115" + - bom-ref: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: apt + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: apt@1.4.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: apt + - name: aquasecurity:trivy:SrcVersion + value: 1.4.9 + purl: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + supplier: + name: APT Development Team + type: library + version: 1.4.9 + - bom-ref: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: base-files + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: base-files@9.9+deb9u8 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: base-files + - name: aquasecurity:trivy:SrcVersion + value: 9.9+deb9u8 + purl: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + supplier: + name: Santiago Vila + type: library + version: 9.9+deb9u8 + - bom-ref: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: PD + name: base-passwd + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: base-passwd@3.5.43 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: base-passwd + - name: aquasecurity:trivy:SrcVersion + value: 3.5.43 + purl: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + supplier: + name: Colin Watson + type: library + version: 3.5.43 + - bom-ref: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: bash + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: bash@4.4-5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: bash + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + supplier: + name: Matthias Klose + type: library + version: 4.4-5 + - bom-ref: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: bsdutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: bsdutils@1:2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: coreutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: coreutils@8.26-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: coreutils + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "8.26" + purl: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + supplier: + name: Michael Stone + type: library + version: 8.26-3 + - bom-ref: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: dash + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: dash@0.5.8-2.4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: dash + - name: aquasecurity:trivy:SrcRelease + value: "2.4" + - name: aquasecurity:trivy:SrcVersion + value: 0.5.8 + purl: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + supplier: + name: Gerrit Pape + type: library + version: 0.5.8-2.4 + - bom-ref: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + licenses: + - license: + name: BSD-2-Clause + name: debconf + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debconf@1.5.61 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debconf + - name: aquasecurity:trivy:SrcVersion + value: 1.5.61 + purl: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + supplier: + name: Debconf Developers + type: library + version: 1.5.61 + - bom-ref: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: debian-archive-keyring + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debian-archive-keyring@2017.5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debian-archive-keyring + - name: aquasecurity:trivy:SrcVersion + value: "2017.5" + purl: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + supplier: + name: Debian Release Team + type: library + version: "2017.5" + - bom-ref: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: debianutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debianutils@4.8.1.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debianutils + - name: aquasecurity:trivy:SrcVersion + value: 4.8.1.1 + purl: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + supplier: + name: Clint Adams + type: library + version: 4.8.1.1 + - bom-ref: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL + name: diffutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: diffutils@1:3.5-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: diffutils + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "3.5" + purl: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Santiago Vila + type: library + version: 3.5-3 + - bom-ref: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: BSD-2-Clause + - license: + name: public-domain-s-s-d + - license: + name: public-domain-md5 + name: dpkg + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: dpkg@1.18.25 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: dpkg + - name: aquasecurity:trivy:SrcVersion + value: 1.18.25 + purl: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + supplier: + name: Dpkg Developers + type: library + version: 1.18.25 + - bom-ref: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.0 + name: e2fslibs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: e2fslibs@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.0 + name: e2fsprogs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: e2fsprogs@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL-1.3 + name: findutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: findutils@4.6.0+git+20161106-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: findutils + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 4.6.0+git+20161106 + purl: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + supplier: + name: Andreas Metzler + type: library + version: 4.6.0+git+20161106-2 + - bom-ref: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + name: fontconfig-config + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: fontconfig-config@2.11.0-6.7 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fontconfig + - name: aquasecurity:trivy:SrcRelease + value: "6.7" + - name: aquasecurity:trivy:SrcVersion + value: 2.11.0 + purl: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + supplier: + name: Keith Packard + type: library + version: 2.11.0-6.7 + - bom-ref: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + licenses: + - license: + name: bitstream-vera + - license: + name: GPL-2.0 + name: fonts-dejavu-core + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: fonts-dejavu-core@2.37-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fonts-dejavu + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "2.37" + purl: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + supplier: + name: Debian Fonts Task Force + type: library + version: 2.37-1 + - bom-ref: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL-1.2 + - license: + name: GPL-2.0 + - license: + name: Artistic + name: gcc-6-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gcc-6-base@6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + - license: + name: GFDL + name: gettext-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: gettext-base@0.19.8.1-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gettext + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 0.19.8.1 + purl: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + supplier: + name: Santiago Vila + type: library + version: 0.19.8.1-2 + - bom-ref: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: permissive + - license: + name: LGPL-2.1 + - license: + name: Expat + - license: + name: BSD-3-Clause + - license: + name: LGPL-3.0 + - license: + name: RFC-Reference + - license: + name: TinySCHEME + name: gpgv + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gpgv@2.1.18-8~deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gnupg2 + - name: aquasecurity:trivy:SrcRelease + value: 8~deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 2.1.18 + purl: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuPG Maintainers + type: library + version: 2.1.18-8~deb9u4 + - bom-ref: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: grep + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: grep@2.27-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: grep + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.27" + purl: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.27-2 + - bom-ref: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: gzip + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gzip@1.6-5+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gzip + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: "1.6" + purl: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Bdale Garbee + type: library + version: 1.6-5+b1 + - bom-ref: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: hostname + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: hostname@3.18+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: hostname + - name: aquasecurity:trivy:SrcVersion + value: "3.18" + purl: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Hostname Team + type: library + version: 3.18+b1 + - bom-ref: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + licenses: + - license: + name: BSD-3-Clause + - license: + name: GPL-2.0 + name: init-system-helpers + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: init-system-helpers@1.48 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: init-system-helpers + - name: aquasecurity:trivy:SrcVersion + value: "1.48" + purl: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: "1.48" + - bom-ref: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + name: libacl1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libacl1@2.2.52-3+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: acl + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 2.2.52 + purl: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.2.52-3+b1 + - bom-ref: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libapt-pkg5.0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libapt-pkg5.0@1.4.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: apt + - name: aquasecurity:trivy:SrcVersion + value: 1.4.9 + purl: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + supplier: + name: APT Development Team + type: library + version: 1.4.9 + - bom-ref: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libattr1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libattr1@1:2.4.47-2+b2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: attr + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.4.47 + purl: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.4.47-2+b2 + - bom-ref: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-1.0 + name: libaudit-common + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libaudit-common@1:2.6.7-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: audit + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.7 + purl: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + supplier: + name: Laurent Bigonville + type: library + version: 2.6.7-2 + - bom-ref: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-1.0 + name: libaudit1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libaudit1@1:2.6.7-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: audit + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.7 + purl: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Laurent Bigonville + type: library + version: 2.6.7-2 + - bom-ref: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libblkid1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libblkid1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: BSD-3-Clause + - license: + name: BSD-4-clause-Niels-Provos + - license: + name: BSD-4-clause-Christopher-G-Demetriou + - license: + name: BSD-3-clause-Regents + - license: + name: BSD-3-clause-Peter-Wemm + - license: + name: BSD-5-clause-Peter-Wemm + - license: + name: BSD-2-clause-NetBSD + - license: + name: BSD-2-Clause + - license: + name: BSD-2-clause-verbatim + - license: + name: BSD-2-clause-author + - license: + name: ISC + - license: + name: ISC-Original + - license: + name: Expat + - license: + name: public-domain-Colin-Plumb + - license: + name: public-domain + - license: + name: Beerware + name: libbsd0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libbsd0@0.8.3-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libbsd + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 0.8.3 + purl: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + supplier: + name: Guillem Jover + type: library + version: 0.8.3-1 + - bom-ref: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libbz2-1.0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libbz2-1.0@1.0.6-8.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: bzip2 + - name: aquasecurity:trivy:SrcRelease + value: "8.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.6 + purl: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 1.0.6-8.1 + - bom-ref: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libc-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libc-bin@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libc6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libc6@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + - license: + name: GPL-3.0 + name: libcap-ng0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libcap-ng0@0.7.7-3+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libcap-ng + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 0.7.7 + purl: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Pierre Chifflier + type: library + version: 0.7.7-3+b1 + - bom-ref: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + name: libcomerr2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libcomerr2@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libdb5.3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libdb5.3@5.3.28-12+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: db5.3 + - name: aquasecurity:trivy:SrcRelease + value: 12+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 5.3.28 + purl: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Berkeley DB Group + type: library + version: 5.3.28-12+deb9u1 + - bom-ref: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + name: libdebconfclient0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libdebconfclient0@0.227 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: cdebconf + - name: aquasecurity:trivy:SrcVersion + value: "0.227" + purl: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Install System Team + type: library + version: "0.227" + - bom-ref: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + name: libedit2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libedit2@3.1-20160903-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libedit + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 3.1-20160903 + purl: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + supplier: + name: LLVM Packaging Team + type: library + version: 3.1-20160903-3 + - bom-ref: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libexpat1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libexpat1@2.2.0-2+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: expat + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.2.0 + purl: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 2.2.0-2+deb9u1 + - bom-ref: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libfdisk1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libfdisk1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + name: libfontconfig1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libfontconfig1@2.11.0-6.7+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fontconfig + - name: aquasecurity:trivy:SrcRelease + value: "6.7" + - name: aquasecurity:trivy:SrcVersion + value: 2.11.0 + purl: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Keith Packard + type: library + version: 2.11.0-6.7+b1 + - bom-ref: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: FTL + - license: + name: Catharon-OSL + - license: + name: GZip + - license: + name: BSD-3-Clause + - license: + name: BSD-2-Clause + - license: + name: OpenGroup-BSD-like + name: libfreetype6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libfreetype6@2.6.3-3.2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: freetype + - name: aquasecurity:trivy:SrcRelease + value: "3.2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.3 + purl: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 2.6.3-3.2 + - bom-ref: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + name: libgcc1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgcc1@1:6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-2.0 + name: libgcrypt20 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgcrypt20@1.7.6-2+deb9u3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgcrypt20 + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u3 + - name: aquasecurity:trivy:SrcVersion + value: 1.7.6 + purl: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuTLS Maintainers + type: library + version: 1.7.6-2+deb9u3 + - bom-ref: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GD + - license: + name: GAP~Makefile.in + - license: + name: GPL-2.0-with-autoconf-exception + - license: + name: BSD-3-Clause + - license: + name: GAP~configure + - license: + name: MIT + - license: + name: HPND + - license: + name: XFIG + - license: + name: WEBP + - license: + name: GPL-2.0 + name: libgd3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libgd3@2.2.4-2+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgd2 + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 2.2.4 + purl: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GD team + type: library + version: 2.2.4-2+deb9u4 + - bom-ref: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: ISC + name: libgeoip1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libgeoip1@1.6.9-4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: geoip + - name: aquasecurity:trivy:SrcRelease + value: "4" + - name: aquasecurity:trivy:SrcVersion + value: 1.6.9 + purl: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + supplier: + name: Patrick Matthäi + type: library + version: 1.6.9-4 + - bom-ref: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.1+ + - license: + name: LGPL-2.1 + name: libgpg-error0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgpg-error0@1.26-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgpg-error + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "1.26" + purl: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuPG Maintainers + type: library + version: 1.26-2 + - bom-ref: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libicu57 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libicu57@57.1-6+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: icu + - name: aquasecurity:trivy:SrcRelease + value: 6+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: "57.1" + purl: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 57.1-6+deb9u2 + - bom-ref: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libjbig0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libjbig0@2.1-3.1+b2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: jbigkit + - name: aquasecurity:trivy:SrcRelease + value: "3.1" + - name: aquasecurity:trivy:SrcVersion + value: "2.1" + purl: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + supplier: + name: Michael van der Kolff + type: library + version: 2.1-3.1+b2 + - bom-ref: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: BSD-BY-LC-NE + - license: + name: BSD-3 + - license: + name: Expat + name: libjpeg62-turbo + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libjpeg62-turbo@1:1.5.1-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libjpeg-turbo + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.5.1 + purl: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: OndÅ™ej Surý + type: library + version: 1.5.1-2 + - bom-ref: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: BSD-2-Clause + - license: + name: GPL-2.0 + name: liblz4-1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: liblz4-1@0.0~r131-2+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: lz4 + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 0.0~r131 + purl: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Nobuhiro Iwamatsu + type: library + version: 0.0~r131-2+b1 + - bom-ref: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: PD + - license: + name: probably-PD + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: permissive-fsf + - license: + name: Autoconf + - license: + name: none + - license: + name: permissive-nowarranty + - license: + name: config-h + - license: + name: LGPL-2.0 + - license: + name: noderivs + - license: + name: PD-debian + - license: + name: GPL-3.0 + name: liblzma5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: liblzma5@5.2.2-1.2+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: xz-utils + - name: aquasecurity:trivy:SrcRelease + value: "1.2" + - name: aquasecurity:trivy:SrcVersion + value: 5.2.2 + purl: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Jonathan Nieder + type: library + version: 5.2.2-1.2+b1 + - bom-ref: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libmount1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libmount1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libncurses5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libncurses5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libncursesw5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libncursesw5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-modules-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-modules-bin@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-modules + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-modules@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-runtime + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-runtime@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam0g + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam0g@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + name: libpcre3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpcre3@2:8.39-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: pcre3 + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "8.39" + purl: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + supplier: + name: Matthew Vernon + type: library + version: 8.39-3 + - bom-ref: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: libpng + - license: + name: expat + - license: + name: GPL-2.0 + - license: + name: BSD-like-with-advertising-clause + name: libpng16-16 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libpng16-16@1.6.28-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libpng1.6 + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 1.6.28 + purl: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 1.6.28-1 + - bom-ref: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libselinux1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libselinux1@2.6-3+b3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libselinux + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-3+b3 + - bom-ref: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsemanage-common + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsemanage-common@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsemanage + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsemanage1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsemanage1@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsemanage + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsepol1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsepol1@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsepol + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libsmartcols1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsmartcols1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + name: libss2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libss2@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + name: libssl1.1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libssl1.1@1.1.0j-1~deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: openssl + - name: aquasecurity:trivy:SrcRelease + value: 1~deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.1.0j + purl: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian OpenSSL Team + type: library + version: 1.1.0j-1~deb9u1 + - bom-ref: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libstdc++6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libstdc++6@6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: CC0 + - license: + name: GPL-2.0 + - license: + name: Expat + - license: + name: public-domain + name: libsystemd0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsystemd0@232-25+deb9u9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: systemd + - name: aquasecurity:trivy:SrcRelease + value: 25+deb9u9 + - name: aquasecurity:trivy:SrcVersion + value: "232" + purl: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: 232-25+deb9u9 + - bom-ref: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: Hylafax + name: libtiff5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libtiff5@4.0.8-2+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tiff + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 4.0.8 + purl: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 4.0.8-2+deb9u4 + - bom-ref: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libtinfo5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libtinfo5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: CC0 + - license: + name: GPL-2.0 + - license: + name: Expat + - license: + name: public-domain + name: libudev1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libudev1@232-25+deb9u9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: systemd + - name: aquasecurity:trivy:SrcRelease + value: 25+deb9u9 + - name: aquasecurity:trivy:SrcVersion + value: "232" + purl: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: 232-25+deb9u9 + - bom-ref: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.0 + - license: + name: BSD-2-Clause + - license: + name: MIT + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + name: libustr-1.0-1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libustr-1.0-1@1.0.4-6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ustr + - name: aquasecurity:trivy:SrcRelease + value: "6" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.4 + purl: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + supplier: + name: Vaclav Ovsik + type: library + version: 1.0.4-6 + - bom-ref: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libuuid1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libuuid1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: Apache-2.0 + name: libwebp6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libwebp6@0.5.2-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libwebp + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 0.5.2 + purl: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + supplier: + name: Jeff Breidenbach + type: library + version: 0.5.2-1 + - bom-ref: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + name: libx11-6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libx11-6@2:1.6.4-3+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: libx11 + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.6.4 + purl: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + supplier: + name: Debian X Strike Force + type: library + version: 1.6.4-3+deb9u1 + - bom-ref: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + name: libx11-data + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libx11-data@2:1.6.4-3+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: libx11 + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.6.4 + purl: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + supplier: + name: Debian X Strike Force + type: library + version: 1.6.4-3+deb9u1 + - bom-ref: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + name: libxau6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxau6@1:1.0.8-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxau + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.8 + purl: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 1.0.8-1 + - bom-ref: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + name: libxcb1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxcb1@1.12-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxcb + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "1.12" + purl: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian X Strike Force + type: library + version: 1.12-1 + - bom-ref: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + name: libxdmcp6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxdmcp6@1:1.1.2-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxdmcp + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.2 + purl: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 1.1.2-3 + - bom-ref: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libxml2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxml2@2.9.4+dfsg1-2.2+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxml2 + - name: aquasecurity:trivy:SrcRelease + value: 2.2+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 2.9.4+dfsg1 + purl: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian XML/SGML Group + type: library + version: 2.9.4+dfsg1-2.2+deb9u2 + - bom-ref: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + name: libxpm4 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxpm4@1:3.5.12-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxpm + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 3.5.12 + purl: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 3.5.12-1 + - bom-ref: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + name: libxslt1.1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxslt1.1@1.1.29-2.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxslt + - name: aquasecurity:trivy:SrcRelease + value: "2.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.29 + purl: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian XML/SGML Group + type: library + version: 1.1.29-2.1 + - bom-ref: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + name: login + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: login@1:4.4-4.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: shadow + - name: aquasecurity:trivy:SrcRelease + value: "4.1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Shadow package maintainers + type: library + version: 4.4-4.1 + - bom-ref: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: BSD-3-Clause + name: lsb-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: lsb-base@9.20161125 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: lsb + - name: aquasecurity:trivy:SrcVersion + value: "9.20161125" + purl: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + supplier: + name: Debian LSB Team + type: library + version: "9.20161125" + - bom-ref: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: mawk + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: mawk@1.3.3-17+b3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: mawk + - name: aquasecurity:trivy:SrcRelease + value: "17" + - name: aquasecurity:trivy:SrcVersion + value: 1.3.3 + purl: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.3.3-17+b3 + - bom-ref: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: mount + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: mount@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: multiarch-support + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: multiarch-support@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + name: ncurses-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: ncurses-base@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: ncurses-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: ncurses-bin@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-geoip + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-geoip@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-geoip + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-image-filter + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-image-filter@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-image-filter + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-njs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-njs@1.14.2.0.2.6-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-njs + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2.0.2.6 + purl: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2.0.2.6-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-xslt + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-xslt@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-xslt + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + name: passwd + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: passwd@1:4.4-4.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: shadow + - name: aquasecurity:trivy:SrcRelease + value: "4.1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Shadow package maintainers + type: library + version: 4.4-4.1 + - bom-ref: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + name: perl-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: perl-base@5.24.1-3+deb9u5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: perl + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u5 + - name: aquasecurity:trivy:SrcVersion + value: 5.24.1 + purl: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + supplier: + name: Niko Tyni + type: library + version: 5.24.1-3+deb9u5 + - bom-ref: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: sed + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sed@4.4-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sed + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + supplier: + name: Clint Adams + type: library + version: 4.4-1 + - bom-ref: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: sensible-utils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sensible-utils@0.0.9+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sensible-utils + - name: aquasecurity:trivy:SrcVersion + value: 0.0.9+deb9u1 + purl: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 0.0.9+deb9u1 + - bom-ref: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: sysvinit-utils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sysvinit-utils@2.88dsf-59.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sysvinit + - name: aquasecurity:trivy:SrcRelease + value: "59.9" + - name: aquasecurity:trivy:SrcVersion + value: 2.88dsf + purl: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian sysvinit maintainers + type: library + version: 2.88dsf-59.9 + - bom-ref: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GPL-2.0 + name: tar + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: tar@1.29b-1.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tar + - name: aquasecurity:trivy:SrcRelease + value: "1.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.29b + purl: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + supplier: + name: Bdale Garbee + type: library + version: 1.29b-1.1 + - bom-ref: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + name: tzdata + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: tzdata@2018i-0+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tzdata + - name: aquasecurity:trivy:SrcRelease + value: 0+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2018i + purl: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2018i-0+deb9u1 + - bom-ref: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: ucf + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: ucf@3.0036 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ucf + - name: aquasecurity:trivy:SrcVersion + value: "3.0036" + purl: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + supplier: + name: Manoj Srivastava + type: library + version: "3.0036" + - bom-ref: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: util-linux + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: util-linux@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + name: zlib1g + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: zlib1g@1:1.2.8.dfsg-5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: zlib + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: 1.2.8.dfsg + purl: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Mark Brown + type: library + version: 1.2.8.dfsg-5 + dependencies: + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + - pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + - pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + - pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + - pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + ref: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - dependsOn: [] + ref: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + ref: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + ref: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + metadata: + component: + bom-ref: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + name: nginx:1.14.2 + properties: + - name: aquasecurity:trivy:DiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda,sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a,sha256:82ae01d5004e2143b642b1a008624e7521c73ab18e5776a22f18a172b9dbec80 + - name: aquasecurity:trivy:ImageID + value: sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369 + - name: aquasecurity:trivy:RepoDigest + value: nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d + - name: aquasecurity:trivy:RepoTag + value: nginx:1.14.2 + - name: aquasecurity:trivy:SchemaVersion + value: "2" + purl: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + supplier: {} + type: container + timestamp: 2023-11-12T18:51:06+00:00 + tools: + - name: trivy + vendor: aquasecurity + serialNumber: urn:uuid:d81232a6-d89d-4533-ba43-228468c411f5 + specVersion: "1.5" + version: 1 + registry: + server: index.docker.io + scanner: + name: Trivy + vendor: Aqua Security + version: 0.45.1 + summary: + componentsCount: 110 + dependenciesCount: 110 + updateTimestamp: 2023-11-12T18:51:06Z diff --git a/tests/e2e/sbom-fs/workload/01-assert.yaml b/tests/e2e/sbom-fs/workload/01-assert.yaml new file mode 100644 index 000000000..ee9927eb6 --- /dev/null +++ b/tests/e2e/sbom-fs/workload/01-assert.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: aquasecurity.github.io/v1alpha1 +kind: VulnerabilityReport +metadata: + annotations: + trivy-operator.aquasecurity.github.io/report-ttl: 24h0m0s + name: pod-my-pod-app +report: + artifact: + repository: library/nginx + tag: 1.14.2 + registry: + server: index.docker.io + scanner: + name: Trivy + vendor: Aqua Security diff --git a/tests/e2e/sbom-fs/workload/01-pod.yaml b/tests/e2e/sbom-fs/workload/01-pod.yaml new file mode 100644 index 000000000..a2c150343 --- /dev/null +++ b/tests/e2e/sbom-fs/workload/01-pod.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: my-pod + labels: + app.kubernetes.io/name: wordpress + pod-template-hash: 84bbf6f4dd + app: nginx + team: rnd +spec: + containers: + - image: nginx:1.14.2 + name: app diff --git a/tests/e2e/sbom-fs/workload/02-assert.yaml b/tests/e2e/sbom-fs/workload/02-assert.yaml new file mode 100644 index 000000000..b00f14829 --- /dev/null +++ b/tests/e2e/sbom-fs/workload/02-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +commands: + - script: > + cnt="$(kubectl get -n $NAMESPACE + sbomreports.aquasecurity.github.io pod-my-pod-app \ + -o=jsonpath='{.report.summary.componentsCount}')" + if [ $cnt -gt 0 ] + + then + echo "Pass: SbomReport ComponentCount ($cnt) is greater than 0" + else + echo "Fail: SbomReport ComponentCount ($cnt) should be greater than 0" + exit 1 + fi +kind: TestAssert +timeout: 30 diff --git a/tests/e2e/sbom-fs/workload/03-assert.yaml b/tests/e2e/sbom-fs/workload/03-assert.yaml new file mode 100644 index 000000000..7a05f311c --- /dev/null +++ b/tests/e2e/sbom-fs/workload/03-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +commands: + - script: > + cnt="$(kubectl get -n $NAMESPACE + vulnerabilityreports.aquasecurity.github.io pod-my-pod-app \ + -o=jsonpath='{.report.summary.criticalCount}')" + if [ $cnt -gt 0 ] + + then + echo "Pass: VulnerabilityReport CriticalCount ($cnt) is greater than 0" + else + echo "Fail: VulnerabilityReport CriticalCount ($cnt) should be greater than 0" + exit 1 + fi +kind: TestAssert +timeout: 30 diff --git a/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml b/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml new file mode 100644 index 000000000..be2f3adb1 --- /dev/null +++ b/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml @@ -0,0 +1,3531 @@ +--- +apiVersion: aquasecurity.github.io/v1alpha1 +kind: ClusterSbomReport +metadata: + labels: + resource-image-id: 6df5684d + name: 6df5684d +report: + artifact: + digest: sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369 + repository: library/nginx + tag: 1.14.2 + components: + bomFormat: CycloneDX + components: + - bom-ref: 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + name: debian + properties: + - name: aquasecurity:trivy:Class + value: os-pkgs + - name: aquasecurity:trivy:Type + value: debian + supplier: {} + type: operating-system + version: "9.8" + - bom-ref: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: adduser + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: adduser@3.115 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: adduser + - name: aquasecurity:trivy:SrcVersion + value: "3.115" + purl: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + supplier: + name: Debian Adduser Developers + type: library + version: "3.115" + - bom-ref: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: apt + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: apt@1.4.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: apt + - name: aquasecurity:trivy:SrcVersion + value: 1.4.9 + purl: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + supplier: + name: APT Development Team + type: library + version: 1.4.9 + - bom-ref: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: base-files + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: base-files@9.9+deb9u8 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: base-files + - name: aquasecurity:trivy:SrcVersion + value: 9.9+deb9u8 + purl: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + supplier: + name: Santiago Vila + type: library + version: 9.9+deb9u8 + - bom-ref: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: PD + name: base-passwd + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: base-passwd@3.5.43 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: base-passwd + - name: aquasecurity:trivy:SrcVersion + value: 3.5.43 + purl: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + supplier: + name: Colin Watson + type: library + version: 3.5.43 + - bom-ref: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: bash + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: bash@4.4-5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: bash + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + supplier: + name: Matthias Klose + type: library + version: 4.4-5 + - bom-ref: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: bsdutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: bsdutils@1:2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: coreutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: coreutils@8.26-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: coreutils + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "8.26" + purl: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + supplier: + name: Michael Stone + type: library + version: 8.26-3 + - bom-ref: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: dash + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: dash@0.5.8-2.4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: dash + - name: aquasecurity:trivy:SrcRelease + value: "2.4" + - name: aquasecurity:trivy:SrcVersion + value: 0.5.8 + purl: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + supplier: + name: Gerrit Pape + type: library + version: 0.5.8-2.4 + - bom-ref: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + licenses: + - license: + name: BSD-2-Clause + name: debconf + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debconf@1.5.61 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debconf + - name: aquasecurity:trivy:SrcVersion + value: 1.5.61 + purl: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + supplier: + name: Debconf Developers + type: library + version: 1.5.61 + - bom-ref: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: debian-archive-keyring + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debian-archive-keyring@2017.5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debian-archive-keyring + - name: aquasecurity:trivy:SrcVersion + value: "2017.5" + purl: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + supplier: + name: Debian Release Team + type: library + version: "2017.5" + - bom-ref: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: debianutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: debianutils@4.8.1.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: debianutils + - name: aquasecurity:trivy:SrcVersion + value: 4.8.1.1 + purl: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + supplier: + name: Clint Adams + type: library + version: 4.8.1.1 + - bom-ref: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL + name: diffutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: diffutils@1:3.5-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: diffutils + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "3.5" + purl: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Santiago Vila + type: library + version: 3.5-3 + - bom-ref: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: BSD-2-Clause + - license: + name: public-domain-s-s-d + - license: + name: public-domain-md5 + name: dpkg + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: dpkg@1.18.25 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: dpkg + - name: aquasecurity:trivy:SrcVersion + value: 1.18.25 + purl: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + supplier: + name: Dpkg Developers + type: library + version: 1.18.25 + - bom-ref: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.0 + name: e2fslibs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: e2fslibs@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.0 + name: e2fsprogs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: e2fsprogs@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL-1.3 + name: findutils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: findutils@4.6.0+git+20161106-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: findutils + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 4.6.0+git+20161106 + purl: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + supplier: + name: Andreas Metzler + type: library + version: 4.6.0+git+20161106-2 + - bom-ref: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + name: fontconfig-config + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: fontconfig-config@2.11.0-6.7 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fontconfig + - name: aquasecurity:trivy:SrcRelease + value: "6.7" + - name: aquasecurity:trivy:SrcVersion + value: 2.11.0 + purl: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + supplier: + name: Keith Packard + type: library + version: 2.11.0-6.7 + - bom-ref: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + licenses: + - license: + name: bitstream-vera + - license: + name: GPL-2.0 + name: fonts-dejavu-core + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: fonts-dejavu-core@2.37-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fonts-dejavu + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "2.37" + purl: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + supplier: + name: Debian Fonts Task Force + type: library + version: 2.37-1 + - bom-ref: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GFDL-1.2 + - license: + name: GPL-2.0 + - license: + name: Artistic + name: gcc-6-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gcc-6-base@6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + - license: + name: GFDL + name: gettext-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: gettext-base@0.19.8.1-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gettext + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 0.19.8.1 + purl: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + supplier: + name: Santiago Vila + type: library + version: 0.19.8.1-2 + - bom-ref: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: permissive + - license: + name: LGPL-2.1 + - license: + name: Expat + - license: + name: BSD-3-Clause + - license: + name: LGPL-3.0 + - license: + name: RFC-Reference + - license: + name: TinySCHEME + name: gpgv + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gpgv@2.1.18-8~deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gnupg2 + - name: aquasecurity:trivy:SrcRelease + value: 8~deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 2.1.18 + purl: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuPG Maintainers + type: library + version: 2.1.18-8~deb9u4 + - bom-ref: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: grep + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: grep@2.27-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: grep + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.27" + purl: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.27-2 + - bom-ref: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: gzip + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: gzip@1.6-5+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gzip + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: "1.6" + purl: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Bdale Garbee + type: library + version: 1.6-5+b1 + - bom-ref: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: hostname + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: hostname@3.18+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: hostname + - name: aquasecurity:trivy:SrcVersion + value: "3.18" + purl: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Hostname Team + type: library + version: 3.18+b1 + - bom-ref: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + licenses: + - license: + name: BSD-3-Clause + - license: + name: GPL-2.0 + name: init-system-helpers + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: init-system-helpers@1.48 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: init-system-helpers + - name: aquasecurity:trivy:SrcVersion + value: "1.48" + purl: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: "1.48" + - bom-ref: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + name: libacl1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libacl1@2.2.52-3+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: acl + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 2.2.52 + purl: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.2.52-3+b1 + - bom-ref: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libapt-pkg5.0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libapt-pkg5.0@1.4.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: apt + - name: aquasecurity:trivy:SrcVersion + value: 1.4.9 + purl: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + supplier: + name: APT Development Team + type: library + version: 1.4.9 + - bom-ref: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libattr1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libattr1@1:2.4.47-2+b2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: attr + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.4.47 + purl: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 2.4.47-2+b2 + - bom-ref: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-1.0 + name: libaudit-common + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libaudit-common@1:2.6.7-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: audit + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.7 + purl: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + supplier: + name: Laurent Bigonville + type: library + version: 2.6.7-2 + - bom-ref: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-1.0 + name: libaudit1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libaudit1@1:2.6.7-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: audit + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.7 + purl: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Laurent Bigonville + type: library + version: 2.6.7-2 + - bom-ref: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libblkid1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libblkid1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: BSD-3-Clause + - license: + name: BSD-4-clause-Niels-Provos + - license: + name: BSD-4-clause-Christopher-G-Demetriou + - license: + name: BSD-3-clause-Regents + - license: + name: BSD-3-clause-Peter-Wemm + - license: + name: BSD-5-clause-Peter-Wemm + - license: + name: BSD-2-clause-NetBSD + - license: + name: BSD-2-Clause + - license: + name: BSD-2-clause-verbatim + - license: + name: BSD-2-clause-author + - license: + name: ISC + - license: + name: ISC-Original + - license: + name: Expat + - license: + name: public-domain-Colin-Plumb + - license: + name: public-domain + - license: + name: Beerware + name: libbsd0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libbsd0@0.8.3-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libbsd + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 0.8.3 + purl: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + supplier: + name: Guillem Jover + type: library + version: 0.8.3-1 + - bom-ref: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libbz2-1.0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libbz2-1.0@1.0.6-8.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: bzip2 + - name: aquasecurity:trivy:SrcRelease + value: "8.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.6 + purl: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 1.0.6-8.1 + - bom-ref: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libc-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libc-bin@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libc6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libc6@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + - license: + name: GPL-3.0 + name: libcap-ng0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libcap-ng0@0.7.7-3+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libcap-ng + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 0.7.7 + purl: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Pierre Chifflier + type: library + version: 0.7.7-3+b1 + - bom-ref: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + name: libcomerr2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libcomerr2@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libdb5.3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libdb5.3@5.3.28-12+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: db5.3 + - name: aquasecurity:trivy:SrcRelease + value: 12+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 5.3.28 + purl: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Berkeley DB Group + type: library + version: 5.3.28-12+deb9u1 + - bom-ref: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + name: libdebconfclient0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libdebconfclient0@0.227 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: cdebconf + - name: aquasecurity:trivy:SrcVersion + value: "0.227" + purl: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + supplier: + name: Debian Install System Team + type: library + version: "0.227" + - bom-ref: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + name: libedit2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libedit2@3.1-20160903-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libedit + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 3.1-20160903 + purl: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + supplier: + name: LLVM Packaging Team + type: library + version: 3.1-20160903-3 + - bom-ref: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libexpat1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libexpat1@2.2.0-2+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: expat + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.2.0 + purl: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 2.2.0-2+deb9u1 + - bom-ref: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libfdisk1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libfdisk1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + name: libfontconfig1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libfontconfig1@2.11.0-6.7+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: fontconfig + - name: aquasecurity:trivy:SrcRelease + value: "6.7" + - name: aquasecurity:trivy:SrcVersion + value: 2.11.0 + purl: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Keith Packard + type: library + version: 2.11.0-6.7+b1 + - bom-ref: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: FTL + - license: + name: Catharon-OSL + - license: + name: GZip + - license: + name: BSD-3-Clause + - license: + name: BSD-2-Clause + - license: + name: OpenGroup-BSD-like + name: libfreetype6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libfreetype6@2.6.3-3.2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: freetype + - name: aquasecurity:trivy:SrcRelease + value: "3.2" + - name: aquasecurity:trivy:SrcVersion + value: 2.6.3 + purl: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 2.6.3-3.2 + - bom-ref: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + name: libgcc1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgcc1@1:6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-2.0 + name: libgcrypt20 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgcrypt20@1.7.6-2+deb9u3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgcrypt20 + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u3 + - name: aquasecurity:trivy:SrcVersion + value: 1.7.6 + purl: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuTLS Maintainers + type: library + version: 1.7.6-2+deb9u3 + - bom-ref: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GD + - license: + name: GAP~Makefile.in + - license: + name: GPL-2.0-with-autoconf-exception + - license: + name: BSD-3-Clause + - license: + name: GAP~configure + - license: + name: MIT + - license: + name: HPND + - license: + name: XFIG + - license: + name: WEBP + - license: + name: GPL-2.0 + name: libgd3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libgd3@2.2.4-2+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgd2 + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 2.2.4 + purl: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GD team + type: library + version: 2.2.4-2+deb9u4 + - bom-ref: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: ISC + name: libgeoip1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libgeoip1@1.6.9-4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: geoip + - name: aquasecurity:trivy:SrcRelease + value: "4" + - name: aquasecurity:trivy:SrcVersion + value: 1.6.9 + purl: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + supplier: + name: Patrick Matthäi + type: library + version: 1.6.9-4 + - bom-ref: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.1+ + - license: + name: LGPL-2.1 + name: libgpg-error0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libgpg-error0@1.26-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libgpg-error + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "1.26" + purl: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GnuPG Maintainers + type: library + version: 1.26-2 + - bom-ref: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libicu57 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libicu57@57.1-6+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: icu + - name: aquasecurity:trivy:SrcRelease + value: 6+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: "57.1" + purl: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 57.1-6+deb9u2 + - bom-ref: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: libjbig0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libjbig0@2.1-3.1+b2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: jbigkit + - name: aquasecurity:trivy:SrcRelease + value: "3.1" + - name: aquasecurity:trivy:SrcVersion + value: "2.1" + purl: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + supplier: + name: Michael van der Kolff + type: library + version: 2.1-3.1+b2 + - bom-ref: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: BSD-BY-LC-NE + - license: + name: BSD-3 + - license: + name: Expat + name: libjpeg62-turbo + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libjpeg62-turbo@1:1.5.1-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libjpeg-turbo + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.5.1 + purl: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: OndÅ™ej Surý + type: library + version: 1.5.1-2 + - bom-ref: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: BSD-2-Clause + - license: + name: GPL-2.0 + name: liblz4-1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: liblz4-1@0.0~r131-2+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: lz4 + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 0.0~r131 + purl: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Nobuhiro Iwamatsu + type: library + version: 0.0~r131-2+b1 + - bom-ref: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: PD + - license: + name: probably-PD + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: permissive-fsf + - license: + name: Autoconf + - license: + name: none + - license: + name: permissive-nowarranty + - license: + name: config-h + - license: + name: LGPL-2.0 + - license: + name: noderivs + - license: + name: PD-debian + - license: + name: GPL-3.0 + name: liblzma5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: liblzma5@5.2.2-1.2+b1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: xz-utils + - name: aquasecurity:trivy:SrcRelease + value: "1.2" + - name: aquasecurity:trivy:SrcVersion + value: 5.2.2 + purl: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + supplier: + name: Jonathan Nieder + type: library + version: 5.2.2-1.2+b1 + - bom-ref: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libmount1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libmount1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libncurses5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libncurses5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libncursesw5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libncursesw5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-modules-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-modules-bin@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-modules + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-modules@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam-runtime + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam-runtime@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: libpam0g + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpam0g@1.1.8-3.6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: pam + - name: aquasecurity:trivy:SrcRelease + value: "3.6" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.8 + purl: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.1.8-3.6 + - bom-ref: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + name: libpcre3 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libpcre3@2:8.39-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: pcre3 + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "8.39" + purl: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + supplier: + name: Matthew Vernon + type: library + version: 8.39-3 + - bom-ref: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: libpng + - license: + name: expat + - license: + name: GPL-2.0 + - license: + name: BSD-like-with-advertising-clause + name: libpng16-16 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libpng16-16@1.6.28-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libpng1.6 + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 1.6.28 + purl: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 1.6.28-1 + - bom-ref: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: libselinux1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libselinux1@2.6-3+b3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libselinux + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-3+b3 + - bom-ref: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsemanage-common + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsemanage-common@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsemanage + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsemanage1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsemanage1@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsemanage + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-3.0 + - license: + name: GPL-3.0 + name: libsepol1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsepol1@2.6-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libsepol + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: "2.6" + purl: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian SELinux maintainers + type: library + version: 2.6-2 + - bom-ref: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libsmartcols1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsmartcols1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + name: libss2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libss2@1.43.4-2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: e2fsprogs + - name: aquasecurity:trivy:SrcRelease + value: "2" + - name: aquasecurity:trivy:SrcVersion + value: 1.43.4 + purl: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + supplier: + name: Theodore Y. Ts'o + type: library + version: 1.43.4-2 + - bom-ref: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + name: libssl1.1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libssl1.1@1.1.0j-1~deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: openssl + - name: aquasecurity:trivy:SrcRelease + value: 1~deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.1.0j + purl: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian OpenSSL Team + type: library + version: 1.1.0j-1~deb9u1 + - bom-ref: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + name: libstdc++6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libstdc++6@6.3.0-18+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: gcc-6 + - name: aquasecurity:trivy:SrcRelease + value: 18+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 6.3.0 + purl: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian GCC Maintainers + type: library + version: 6.3.0-18+deb9u1 + - bom-ref: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: CC0 + - license: + name: GPL-2.0 + - license: + name: Expat + - license: + name: public-domain + name: libsystemd0 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libsystemd0@232-25+deb9u9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: systemd + - name: aquasecurity:trivy:SrcRelease + value: 25+deb9u9 + - name: aquasecurity:trivy:SrcVersion + value: "232" + purl: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: 232-25+deb9u9 + - bom-ref: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: Hylafax + name: libtiff5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libtiff5@4.0.8-2+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tiff + - name: aquasecurity:trivy:SrcRelease + value: 2+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: 4.0.8 + purl: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: Laszlo Boszormenyi (GCS) + type: library + version: 4.0.8-2+deb9u4 + - bom-ref: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libtinfo5 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libtinfo5@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: CC0 + - license: + name: GPL-2.0 + - license: + name: Expat + - license: + name: public-domain + name: libudev1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libudev1@232-25+deb9u9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: systemd + - name: aquasecurity:trivy:SrcRelease + value: 25+deb9u9 + - name: aquasecurity:trivy:SrcVersion + value: "232" + purl: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian systemd Maintainers + + type: library + version: 232-25+deb9u9 + - bom-ref: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.0 + - license: + name: BSD-2-Clause + - license: + name: MIT + - license: + name: GPL-2.0 + - license: + name: LGPL-2.1 + name: libustr-1.0-1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libustr-1.0-1@1.0.4-6 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ustr + - name: aquasecurity:trivy:SrcRelease + value: "6" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.4 + purl: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + supplier: + name: Vaclav Ovsik + type: library + version: 1.0.4-6 + - bom-ref: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: libuuid1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: libuuid1@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: Apache-2.0 + name: libwebp6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libwebp6@0.5.2-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libwebp + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 0.5.2 + purl: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + supplier: + name: Jeff Breidenbach + type: library + version: 0.5.2-1 + - bom-ref: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + name: libx11-6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libx11-6@2:1.6.4-3+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: libx11 + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.6.4 + purl: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + supplier: + name: Debian X Strike Force + type: library + version: 1.6.4-3+deb9u1 + - bom-ref: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + name: libx11-data + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libx11-data@2:1.6.4-3+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "2" + - name: aquasecurity:trivy:SrcName + value: libx11 + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 1.6.4 + purl: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + supplier: + name: Debian X Strike Force + type: library + version: 1.6.4-3+deb9u1 + - bom-ref: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + name: libxau6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxau6@1:1.0.8-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxau + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 1.0.8 + purl: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 1.0.8-1 + - bom-ref: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + name: libxcb1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxcb1@1.12-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxcb + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "1.12" + purl: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian X Strike Force + type: library + version: 1.12-1 + - bom-ref: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + name: libxdmcp6 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxdmcp6@1:1.1.2-3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxdmcp + - name: aquasecurity:trivy:SrcRelease + value: "3" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.2 + purl: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 1.1.2-3 + - bom-ref: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: libxml2 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxml2@2.9.4+dfsg1-2.2+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxml2 + - name: aquasecurity:trivy:SrcRelease + value: 2.2+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 2.9.4+dfsg1 + purl: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Debian XML/SGML Group + type: library + version: 2.9.4+dfsg1-2.2+deb9u2 + - bom-ref: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + name: libxpm4 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxpm4@1:3.5.12-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: libxpm + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: 3.5.12 + purl: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Debian X Strike Force + type: library + version: 3.5.12-1 + - bom-ref: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + name: libxslt1.1 + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: libxslt1.1@1.1.29-2.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: libxslt + - name: aquasecurity:trivy:SrcRelease + value: "2.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.1.29 + purl: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian XML/SGML Group + type: library + version: 1.1.29-2.1 + - bom-ref: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + name: login + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: login@1:4.4-4.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: shadow + - name: aquasecurity:trivy:SrcRelease + value: "4.1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Shadow package maintainers + type: library + version: 4.4-4.1 + - bom-ref: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: BSD-3-Clause + name: lsb-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: lsb-base@9.20161125 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: lsb + - name: aquasecurity:trivy:SrcVersion + value: "9.20161125" + purl: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + supplier: + name: Debian LSB Team + type: library + version: "9.20161125" + - bom-ref: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: mawk + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: mawk@1.3.3-17+b3 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: mawk + - name: aquasecurity:trivy:SrcRelease + value: "17" + - name: aquasecurity:trivy:SrcVersion + value: 1.3.3 + purl: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + supplier: + name: Steve Langasek + type: library + version: 1.3.3-17+b3 + - bom-ref: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: mount + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: mount@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: LGPL-2.1 + - license: + name: GPL-2.0 + name: multiarch-support + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: multiarch-support@2.24-11+deb9u4 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: glibc + - name: aquasecurity:trivy:SrcRelease + value: 11+deb9u4 + - name: aquasecurity:trivy:SrcVersion + value: "2.24" + purl: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2.24-11+deb9u4 + - bom-ref: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + name: ncurses-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: ncurses-base@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + name: ncurses-bin + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: ncurses-bin@6.0+20161126-1+deb9u2 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ncurses + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u2 + - name: aquasecurity:trivy:SrcVersion + value: 6.0+20161126 + purl: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + supplier: + name: Craig Small + type: library + version: 6.0+20161126-1+deb9u2 + - bom-ref: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-geoip + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-geoip@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-geoip + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-image-filter + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-image-filter@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-image-filter + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-njs + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-njs@1.14.2.0.2.6-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-njs + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2.0.2.6 + purl: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2.0.2.6-1~stretch + - bom-ref: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx-module-xslt + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx-module-xslt@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx-module-xslt + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + name: nginx + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: nginx@1.14.2-1~stretch + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: nginx + - name: aquasecurity:trivy:SrcRelease + value: 1~stretch + - name: aquasecurity:trivy:SrcVersion + value: 1.14.2 + purl: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + supplier: + name: Sergey Budnevitch + type: library + version: 1.14.2-1~stretch + - bom-ref: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + licenses: + - license: + name: GPL-2.0 + name: passwd + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: passwd@1:4.4-4.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: shadow + - name: aquasecurity:trivy:SrcRelease + value: "4.1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Shadow package maintainers + type: library + version: 4.4-4.1 + - bom-ref: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + name: perl-base + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: perl-base@5.24.1-3+deb9u5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: perl + - name: aquasecurity:trivy:SrcRelease + value: 3+deb9u5 + - name: aquasecurity:trivy:SrcVersion + value: 5.24.1 + purl: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + supplier: + name: Niko Tyni + type: library + version: 5.24.1-3+deb9u5 + - bom-ref: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + name: sed + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sed@4.4-1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sed + - name: aquasecurity:trivy:SrcRelease + value: "1" + - name: aquasecurity:trivy:SrcVersion + value: "4.4" + purl: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + supplier: + name: Clint Adams + type: library + version: 4.4-1 + - bom-ref: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: sensible-utils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sensible-utils@0.0.9+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sensible-utils + - name: aquasecurity:trivy:SrcVersion + value: 0.0.9+deb9u1 + purl: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + supplier: + name: Anibal Monsalve Salazar + type: library + version: 0.0.9+deb9u1 + - bom-ref: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: sysvinit-utils + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: sysvinit-utils@2.88dsf-59.9 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: sysvinit + - name: aquasecurity:trivy:SrcRelease + value: "59.9" + - name: aquasecurity:trivy:SrcVersion + value: 2.88dsf + purl: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + supplier: + name: Debian sysvinit maintainers + type: library + version: 2.88dsf-59.9 + - bom-ref: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-3.0 + - license: + name: GPL-2.0 + name: tar + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: tar@1.29b-1.1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tar + - name: aquasecurity:trivy:SrcRelease + value: "1.1" + - name: aquasecurity:trivy:SrcVersion + value: 1.29b + purl: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + supplier: + name: Bdale Garbee + type: library + version: 1.29b-1.1 + - bom-ref: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + name: tzdata + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: tzdata@2018i-0+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: tzdata + - name: aquasecurity:trivy:SrcRelease + value: 0+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2018i + purl: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + supplier: + name: GNU Libc Maintainers + type: library + version: 2018i-0+deb9u1 + - bom-ref: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + name: ucf + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a + - name: aquasecurity:trivy:LayerDigest + value: sha256:0f23e58bd0b7c74311703e20c21c690a6847e62240ed456f8821f4c067d3659b + - name: aquasecurity:trivy:PkgID + value: ucf@3.0036 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: ucf + - name: aquasecurity:trivy:SrcVersion + value: "3.0036" + purl: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + supplier: + name: Manoj Srivastava + type: library + version: "3.0036" + - bom-ref: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + licenses: + - license: + name: GPL-2.0 + - license: + name: public-domain + - license: + name: BSD-4-Clause + - license: + name: MIT + - license: + name: BSD-2-Clause + - license: + name: BSD-3-Clause + - license: + name: LGPL-2.0 + - license: + name: LGPL-2.1 + - license: + name: GPL-3.0 + - license: + name: LGPL-3.0 + name: util-linux + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: util-linux@2.29.2-1+deb9u1 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcName + value: util-linux + - name: aquasecurity:trivy:SrcRelease + value: 1+deb9u1 + - name: aquasecurity:trivy:SrcVersion + value: 2.29.2 + purl: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + supplier: + name: Debian util-linux Maintainers + type: library + version: 2.29.2-1+deb9u1 + - bom-ref: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + name: zlib1g + properties: + - name: aquasecurity:trivy:LayerDiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda + - name: aquasecurity:trivy:LayerDigest + value: sha256:27833a3ba0a545deda33bb01eaf95a14d05d43bf30bce9267d92d17f069fe897 + - name: aquasecurity:trivy:PkgID + value: zlib1g@1:1.2.8.dfsg-5 + - name: aquasecurity:trivy:PkgType + value: debian + - name: aquasecurity:trivy:SrcEpoch + value: "1" + - name: aquasecurity:trivy:SrcName + value: zlib + - name: aquasecurity:trivy:SrcRelease + value: "5" + - name: aquasecurity:trivy:SrcVersion + value: 1.2.8.dfsg + purl: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + supplier: + name: Mark Brown + type: library + version: 1.2.8.dfsg-5 + dependencies: + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + - pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + - pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + - pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + - pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/apt@1.4.9?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/base-passwd@3.5.43?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/base-files@9.9%2Bdeb9u8?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/bash@4.4-5?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/bsdutils@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/dash@0.5.8-2.4?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/debian-archive-keyring@2017.5?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/debianutils@4.8.1.1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/diffutils@3.5-3?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/e2fslibs@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/e2fsprogs@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/findutils@4.6.0%2Bgit%2B20161106-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/fonts-dejavu-core@2.37-1?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/gettext-base@0.19.8.1-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/gpgv@2.1.18-8~deb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/grep@2.27-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/dpkg@1.18.25?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/gzip@1.6-5%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/hostname@3.18%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libacl1@2.2.52-3%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libapt-pkg5.0@1.4.9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libattr1@2.4.47-2%2Bb2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libaudit-common@2.6.7-2?arch=all&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libc-bin@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libcap-ng0@0.7.7-3%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libdb5.3@5.3.28-12%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libdebconfclient0@0.227?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libfdisk1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/fontconfig-config@2.11.0-6.7?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libexpat1@2.2.0-2%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfontconfig1@2.11.0-6.7%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libfreetype6@2.6.3-3.2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libgpg-error0@1.26-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/liblz4-1@0.0~r131-2%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libblkid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libmount1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libncurses5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libncursesw5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam-modules-bin@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam-runtime@1.1.8-3.6?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libpng16-16@1.6.28-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + ref: pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libbz2-1.0@1.0.6-8.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage-common@2.6-2?arch=all&distro=debian-9.8 + - pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsepol1@2.6-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libsmartcols1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libcomerr2@1.43.4-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libss2@1.43.4-2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/gcc-6-base@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcc1@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libstdc%2B%2B6@6.3.0-18%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/libsystemd0@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjbig0@2.1-3.1%2Bb2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libjpeg62-turbo@1.5.1-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libtiff5@4.0.8-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libtinfo5@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libudev1@232-25%2Bdeb9u9?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libustr-1.0-1@1.0.4-6?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libuuid1@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libwebp6@0.5.2-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + - dependsOn: [] + ref: pkg:deb/debian/libx11-data@1.6.4-3%2Bdeb9u1?arch=all&distro=debian-9.8&epoch=2 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxau6@1.0.8-1?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libxcb1@1.12-1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libbsd0@0.8.3-1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxdmcp6@1.1.2-3?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libicu57@57.1-6%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/liblzma5@5.2.2-1.2%2Bb1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libx11-6@1.6.4-3%2Bdeb9u1?arch=amd64&distro=debian-9.8&epoch=2 + ref: pkg:deb/debian/libxpm4@3.5.12-1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgcrypt20@1.7.6-2%2Bdeb9u3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/login@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/mawk@1.3.3-17%2Bb3?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/mount@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/multiarch-support@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/ncurses-base@6.0%2B20161126-1%2Bdeb9u2?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/ncurses-bin@6.0%2B20161126-1%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgeoip1@1.6.9-4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-geoip@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libgd3@2.2.4-2%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-image-filter@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libedit2@3.1-20160903-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-njs@1.14.2.0.2.6-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libxslt1.1@1.1.29-2.1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/nginx-module-xslt@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/adduser@3.115?arch=all&distro=debian-9.8 + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpcre3@8.39-3?arch=amd64&distro=debian-9.8&epoch=2 + - pkg:deb/debian/libssl1.1@1.1.0j-1~deb9u1?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/lsb-base@9.20161125?arch=all&distro=debian-9.8 + - pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + ref: pkg:deb/debian/nginx@1.14.2-1~stretch?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libaudit1@2.6.7-2?arch=amd64&distro=debian-9.8&epoch=1 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam-modules@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libpam0g@1.1.8-3.6?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libselinux1@2.6-3%2Bb3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/libsemanage1@2.6-2?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/passwd@4.4-4.1?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: [] + ref: pkg:deb/debian/perl-base@5.24.1-3%2Bdeb9u5?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/sed@4.4-1?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/sensible-utils@0.0.9%2Bdeb9u1?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/init-system-helpers@1.48?arch=all&distro=debian-9.8 + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/sysvinit-utils@2.88dsf-59.9?arch=amd64&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/tar@1.29b-1.1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/tzdata@2018i-0%2Bdeb9u1?arch=all&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/coreutils@8.26-3?arch=amd64&distro=debian-9.8 + - pkg:deb/debian/debconf@1.5.61?arch=all&distro=debian-9.8 + ref: pkg:deb/debian/ucf@3.0036?arch=all&distro=debian-9.8 + - dependsOn: [] + ref: pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1?arch=amd64&distro=debian-9.8 + - dependsOn: + - pkg:deb/debian/libc6@2.24-11%2Bdeb9u4?arch=amd64&distro=debian-9.8 + ref: pkg:deb/debian/zlib1g@1.2.8.dfsg-5?arch=amd64&distro=debian-9.8&epoch=1 + - dependsOn: + - 2ab629c3-fe9d-4416-ace3-9a301dfb60e0 + ref: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + metadata: + component: + bom-ref: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + name: nginx:1.14.2 + properties: + - name: aquasecurity:trivy:DiffID + value: sha256:5dacd731af1b0386ead06c8b1feff9f65d9e0bdfec032d2cd0bc03690698feda,sha256:b8f18c3b860b067be09836beadd676a0aa1e784ec28cf730986859b4146c344a,sha256:82ae01d5004e2143b642b1a008624e7521c73ab18e5776a22f18a172b9dbec80 + - name: aquasecurity:trivy:ImageID + value: sha256:295c7be079025306c4f1d65997fcf7adb411c88f139ad1d34b537164aa060369 + - name: aquasecurity:trivy:RepoDigest + value: nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d + - name: aquasecurity:trivy:RepoTag + value: nginx:1.14.2 + - name: aquasecurity:trivy:SchemaVersion + value: "2" + purl: pkg:oci/nginx@sha256%3Af7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d?arch=amd64&repository_url=index.docker.io%2Flibrary%2Fnginx + supplier: {} + type: container + timestamp: 2023-11-12T18:51:06+00:00 + tools: + - name: trivy + vendor: aquasecurity + serialNumber: urn:uuid:d81232a6-d89d-4533-ba43-228468c411f5 + specVersion: "1.5" + version: 1 + registry: + server: index.docker.io + scanner: + name: Trivy + vendor: Aqua Security + version: 0.45.1 + summary: + componentsCount: 110 + dependenciesCount: 110 + updateTimestamp: 2023-11-12T18:51:06Z diff --git a/tests/e2e/sbom-standalone/workload/01-assert.yaml b/tests/e2e/sbom-standalone/workload/01-assert.yaml new file mode 100644 index 000000000..72c36af9d --- /dev/null +++ b/tests/e2e/sbom-standalone/workload/01-assert.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: aquasecurity.github.io/v1alpha1 +kind: VulnerabilityReport +metadata: + labels: + team: rnd + myname: test + annotations: + trivy-operator.aquasecurity.github.io/report-ttl: 24h0m0s + name: pod-my-pod-app +report: + artifact: + repository: library/nginx + tag: 1.14.2 + registry: + server: index.docker.io + scanner: + name: Trivy + vendor: Aqua Security diff --git a/tests/e2e/sbom-standalone/workload/01-pod.yaml b/tests/e2e/sbom-standalone/workload/01-pod.yaml new file mode 100644 index 000000000..a2c150343 --- /dev/null +++ b/tests/e2e/sbom-standalone/workload/01-pod.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: my-pod + labels: + app.kubernetes.io/name: wordpress + pod-template-hash: 84bbf6f4dd + app: nginx + team: rnd +spec: + containers: + - image: nginx:1.14.2 + name: app diff --git a/tests/e2e/sbom-standalone/workload/02-assert.yaml b/tests/e2e/sbom-standalone/workload/02-assert.yaml new file mode 100644 index 000000000..b00f14829 --- /dev/null +++ b/tests/e2e/sbom-standalone/workload/02-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +commands: + - script: > + cnt="$(kubectl get -n $NAMESPACE + sbomreports.aquasecurity.github.io pod-my-pod-app \ + -o=jsonpath='{.report.summary.componentsCount}')" + if [ $cnt -gt 0 ] + + then + echo "Pass: SbomReport ComponentCount ($cnt) is greater than 0" + else + echo "Fail: SbomReport ComponentCount ($cnt) should be greater than 0" + exit 1 + fi +kind: TestAssert +timeout: 30 diff --git a/tests/e2e/sbom-standalone/workload/03-assert.yaml b/tests/e2e/sbom-standalone/workload/03-assert.yaml new file mode 100644 index 000000000..7a05f311c --- /dev/null +++ b/tests/e2e/sbom-standalone/workload/03-assert.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kuttl.dev/v1beta1 +commands: + - script: > + cnt="$(kubectl get -n $NAMESPACE + vulnerabilityreports.aquasecurity.github.io pod-my-pod-app \ + -o=jsonpath='{.report.summary.criticalCount}')" + if [ $cnt -gt 0 ] + + then + echo "Pass: VulnerabilityReport CriticalCount ($cnt) is greater than 0" + else + echo "Fail: VulnerabilityReport CriticalCount ($cnt) should be greater than 0" + exit 1 + fi +kind: TestAssert +timeout: 30 diff --git a/tests/resources-cleanup.sh b/tests/resources-cleanup.sh index efc4f194c..af676ce14 100755 --- a/tests/resources-cleanup.sh +++ b/tests/resources-cleanup.sh @@ -6,3 +6,5 @@ kubectl delete crd clusterconfigauditreports.aquasecurity.github.io kubectl delete crd rbacassessmentreports.aquasecurity.github.io kubectl delete crd infraassessmentreports.aquasecurity.github.io kubectl delete crd clusterrbacassessmentreports.aquasecurity.github.io +kubectl delete crd sbomreports.aquasecurity.github.io +kubectl delete crd clustersbomreports.aquasecurity.github.io From 2df74016cb17f3052f8bdb69f1cbf9bc1d6cbe03 Mon Sep 17 00:00:00 2001 From: chenk Date: Mon, 13 Nov 2023 14:50:33 +0200 Subject: [PATCH 04/14] docs: helm install (#1625) Signed-off-by: chenk --- docs/getting-started/installation/helm.md | 64 ++++++++++++++--------- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/docs/getting-started/installation/helm.md b/docs/getting-started/installation/helm.md index 630fc904b..f5e15424c 100644 --- a/docs/getting-started/installation/helm.md +++ b/docs/getting-started/installation/helm.md @@ -10,56 +10,71 @@ As an example, let's install the operator in the `trivy-system` namespace and co except `kube-system` and `trivy-system`: 1. Clone the chart directory: - ``` + +```sh git clone --depth 1 --branch {{ git.tag }} https://github.com/aquasecurity/trivy-operator.git cd trivy-operator - ``` +``` + Or add Aqua chart repository: - ``` + +```sh helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update - ``` +``` + 2. Install the chart from a local directory: - ``` + +```sh + helm install trivy-operator ./deploy/helm \ --namespace trivy-system \ - --create-namespace \ - ``` + --create-namespace +``` + Or install the chart from the Aqua chart repository: - ``` + +```sh helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ --version {{ var.chart_version }} - ``` +``` Configuration options can be passed using the `--set` parameter. To list only the fixed vulnerabilities in the cluster, one can use the following command. - ``` + +```sh helm install trivy-operator ./deploy/helm \ --namespace trivy-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true" - ``` - - There are many [values] in the chart that can be set to configure Trivy-Operator. See the [Customising][customising] section for more details. +``` + + There are many [values] in the chart that can be set to configure Trivy-Operator. See the [Customisin[customising] section for more details. + 4. Check that the `trivy-operator` Helm release is created in the `trivy-system` namespace, and it has status `deployed`: - ```console + +```sh $ helm list -n trivy-system NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION trivy-operator trivy-system 1 2021-01-27 20:09:53.158961 +0100 CET deployed trivy-operator-{{ var.chart_version }} {{ git.tag[1:] }} - ``` +``` + To confirm that the operator is running, check that the `trivy-operator` Deployment in the `trivy-system` namespace is available and all its containers are ready: - ```console + +```sh $ kubectl get deployment -n trivy-system NAME READY UP-TO-DATE AVAILABLE AGE trivy-operator 1/1 1 1 11m - ``` +``` + If for some reason it's not ready yet, check the logs of the Deployment for errors: - ``` + +```sh kubectl logs deployment/trivy-operator -n trivy-system - ``` +``` ## Install as Helm dependency @@ -80,7 +95,7 @@ You have to manually delete custom resource definitions created by the `helm ins !!! danger Deleting custom resource definitions will also delete all security reports generated by the operator. - ``` +```sh kubectl delete crd vulnerabilityreports.aquasecurity.github.io kubectl delete crd exposedsecretreports.aquasecurity.github.io kubectl delete crd configauditreports.aquasecurity.github.io @@ -92,7 +107,7 @@ You have to manually delete custom resource definitions created by the `helm ins kubectl delete crd clusterinfraassessmentreports.aquasecurity.github.io kubectl delete crd clusterconfigauditreports.aquasecurity.github.io kubectl delete crd sbomreports.aquasecurity.github.io - ``` +``` ## Customising the Helm Chart @@ -105,10 +120,11 @@ There are two ways to overwrite values in a Helm chart upon installation: **Create a custom values.yaml file with your changes and give Helm the file upon installation** e.g. to specfy that Trivy should ignore all unfixed vulnerabilities: - ```yaml + +```yaml trivy: ignoreUnfixed: true - ``` +``` The file can be passed into Trivy with the `--values` flag in Helm: @@ -119,7 +135,7 @@ There are two ways to overwrite values in a Helm chart upon installation: --values values.yaml ``` -**Set the values that you want to customise in the installation command** +### Set the values that you want to customise in the installation command This is done with the `--set` command in Helm: From 93e3824820f8d66e78829a3e1b1839e21c86289b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 22:05:36 +0200 Subject: [PATCH 05/14] build(deps): bump aquaproj/aqua-installer from 2.1.3 to 2.2.0 (#1627) Bumps [aquaproj/aqua-installer](https://github.com/aquaproj/aqua-installer) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/aquaproj/aqua-installer/releases) - [Commits](https://github.com/aquaproj/aqua-installer/compare/v2.1.3...v2.2.0) --- updated-dependencies: - dependency-name: aquaproj/aqua-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yaml | 8 ++++---- .github/workflows/release.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c8a319dc1..4157a81c2 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -41,7 +41,7 @@ jobs: with: go-version-file: go.mod - name: Install tools - uses: aquaproj/aqua-installer@v2.1.3 + uses: aquaproj/aqua-installer@v2.2.0 with: aqua_version: v1.25.0 - name: Verify Go code @@ -70,7 +70,7 @@ jobs: with: go-version-file: go.mod - name: Install tools - uses: aquaproj/aqua-installer@v2.1.3 + uses: aquaproj/aqua-installer@v2.2.0 with: aqua_version: v1.25.0 - name: Run unit tests @@ -93,7 +93,7 @@ jobs: with: go-version-file: go.mod - name: Install tools - uses: aquaproj/aqua-installer@v2.1.3 + uses: aquaproj/aqua-installer@v2.2.0 with: aqua_version: v1.25.0 - name: Run envtest @@ -116,7 +116,7 @@ jobs: with: go-version-file: go.mod - name: Install tools - uses: aquaproj/aqua-installer@v2.1.3 + uses: aquaproj/aqua-installer@v2.2.0 with: aqua_version: v1.25.0 - name: Setup Kubernetes cluster (KIND) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2cb2cb1c1..b77550ee9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: with: go-version-file: go.mod - name: Install tools - uses: aquaproj/aqua-installer@v2.1.3 + uses: aquaproj/aqua-installer@v2.2.0 with: aqua_version: v1.25.0 - name: Run unit tests @@ -46,7 +46,7 @@ jobs: with: go-version-file: go.mod - name: Install tools - uses: aquaproj/aqua-installer@v2.1.3 + uses: aquaproj/aqua-installer@v2.2.0 with: aqua_version: v1.25.0 - name: Setup Kubernetes cluster (KIND) From 9d61589efb3920ba0195f4e73b9b6291bc12e44d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 22:05:55 +0200 Subject: [PATCH 06/14] build(deps): bump github.com/onsi/gomega from 1.29.0 to 1.30.0 (#1629) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.29.0 to 1.30.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.29.0...v1.30.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3b9a150f7..5914a7396 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75 github.com/liamg/memoryfs v1.6.0 github.com/onsi/ginkgo/v2 v2.13.0 - github.com/onsi/gomega v1.29.0 + github.com/onsi/gomega v1.30.0 github.com/openshift/api v0.0.0-20231025170628-b8a18fdc040d github.com/prometheus/client_golang v1.17.0 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index e8c550f9e..dcb023082 100644 --- a/go.sum +++ b/go.sum @@ -1362,8 +1362,8 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/open-policy-agent/opa v0.58.0 h1:S5qvevW8JoFizU7Hp66R/Y1SOXol0aCdFYVkzIqIpUo= github.com/open-policy-agent/opa v0.58.0/go.mod h1:EGWBwvmyt50YURNvL8X4W5hXdlKeNhAHn3QXsetmYcc= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= From b1f432a32e66b4538ba157f4e8c73657a9b40b74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 23:01:26 +0200 Subject: [PATCH 07/14] build(deps): bump github.com/aws/aws-sdk-go from 1.46.6 to 1.47.9 (#1631) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.46.6 to 1.47.9. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.46.6...v1.47.9) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5914a7396..4af2aa796 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( ) require ( - github.com/aws/aws-sdk-go v1.46.6 + github.com/aws/aws-sdk-go v1.47.9 github.com/magefile/mage v1.15.0 ) diff --git a/go.sum b/go.sum index dcb023082..9ad5f108a 100644 --- a/go.sum +++ b/go.sum @@ -731,8 +731,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.46.6 h1:6wFnNC9hETIZLMf6SOTN7IcclrOGwp/n9SLp8Pjt6E8= -github.com/aws/aws-sdk-go v1.46.6/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.47.9 h1:rarTsos0mA16q+huicGx0e560aYRtOucV5z2Mw23JRY= +github.com/aws/aws-sdk-go v1.47.9/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= github.com/aws/aws-sdk-go-v2 v1.22.1 h1:sjnni/AuoTXxHitsIdT0FwmqUuNUuHtufcVDErVFT9U= github.com/aws/aws-sdk-go-v2 v1.22.1/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c= From a9573a6bee81ea073b16c52c7162c3b8755954cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 07:30:30 +0200 Subject: [PATCH 08/14] build(deps): bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 (#1628) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.13.0 to 2.13.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.13.0...v2.13.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 4af2aa796..2c13ed53c 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/google/uuid v1.4.0 github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75 github.com/liamg/memoryfs v1.6.0 - github.com/onsi/ginkgo/v2 v2.13.0 + github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 github.com/openshift/api v0.0.0-20231025170628-b8a18fdc040d github.com/prometheus/client_golang v1.17.0 @@ -291,7 +291,7 @@ require ( golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d golang.org/x/oauth2 v0.13.0 // indirect - golang.org/x/sys v0.13.0 // indirect + golang.org/x/sys v0.14.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.14.0 golang.org/x/time v0.3.0 // indirect diff --git a/go.sum b/go.sum index 9ad5f108a..1a2f3ad37 100644 --- a/go.sum +++ b/go.sum @@ -1360,8 +1360,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= +github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= +github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/open-policy-agent/opa v0.58.0 h1:S5qvevW8JoFizU7Hp66R/Y1SOXol0aCdFYVkzIqIpUo= @@ -1880,8 +1880,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From e99ff79afc150210243cdbd64d87fbbf756dab6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 09:42:17 +0200 Subject: [PATCH 09/14] build(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 (#1630) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 2c13ed53c..7f6cf725c 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/stretchr/testify v1.8.4 go.uber.org/automaxprocs v1.5.3 go.uber.org/multierr v1.11.0 - golang.org/x/net v0.17.0 + golang.org/x/net v0.18.0 k8s.io/api v0.28.3 k8s.io/apiextensions-apiserver v0.28.3 k8s.io/apimachinery v0.28.3 @@ -288,11 +288,11 @@ require ( github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/zclconf/go-cty v1.14.1 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.14.0 // indirect + golang.org/x/crypto v0.15.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.13.0 // indirect + golang.org/x/term v0.14.0 // indirect golang.org/x/text v0.14.0 golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.14.0 // indirect diff --git a/go.sum b/go.sum index 1a2f3ad37..1b962ba8e 100644 --- a/go.sum +++ b/go.sum @@ -1627,8 +1627,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= +golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1748,8 +1748,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1890,8 +1890,8 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 7afc6e223af6343ca6d93f4f692a57eca627e29e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 12:00:06 +0200 Subject: [PATCH 10/14] build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1626) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.2 to 3.2.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release-snapshot.yaml | 2 +- .github/workflows/release.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-snapshot.yaml b/.github/workflows/release-snapshot.yaml index 5a824d756..62cbd6267 100644 --- a/.github/workflows/release-snapshot.yaml +++ b/.github/workflows/release-snapshot.yaml @@ -36,7 +36,7 @@ jobs: with: go-version-file: go.mod - name: Install cosign - uses: sigstore/cosign-installer@v3.1.2 + uses: sigstore/cosign-installer@v3.2.0 - name: Release snapshot uses: goreleaser/goreleaser-action@v5 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b77550ee9..12451bdbd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -95,7 +95,7 @@ jobs: with: go-version-file: go.mod - name: Install cosign - uses: sigstore/cosign-installer@v3.1.2 + uses: sigstore/cosign-installer@v3.2.0 - name: Login to docker.io registry uses: docker/login-action@v3.0.0 with: From 50a257b537e1e88a3589ab46a14d155b99cf3e87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=98=A3=EF=B8=8F=20Arka=20=E2=98=A3=EF=B8=8F?= Date: Tue, 14 Nov 2023 15:58:02 +0530 Subject: [PATCH 11/14] Fix chart version (#1633) Get the chart version from environment variables directly --- docs/tutorials/grafana-dashboard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/grafana-dashboard.md b/docs/tutorials/grafana-dashboard.md index ccbd1fce1..99c7478f8 100644 --- a/docs/tutorials/grafana-dashboard.md +++ b/docs/tutorials/grafana-dashboard.md @@ -92,7 +92,7 @@ Next, we can install the operator with the following command: helm install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.16.4 \ + --version {{ var.chart_version }} \ --values trivy-values.yaml ``` From 3902dc508eaf0f1b9bf1c3e6b655ae6ce6b62972 Mon Sep 17 00:00:00 2001 From: chenk Date: Tue, 14 Nov 2023 12:28:56 +0200 Subject: [PATCH 12/14] chore: bump trivy 0.47.0 (#1632) Signed-off-by: chenk --- deploy/helm/README.md | 2 +- deploy/helm/values.yaml | 2 +- deploy/static/trivy-operator.yaml | 2 +- docs/docs/crds/sbom-report.md | 2 +- pkg/plugins/trivy/config_test.go | 2 +- pkg/plugins/trivy/plugin.go | 2 +- tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml | 2 +- tests/e2e/sbom-fs/workload/00-sbom-pod.yaml | 2 +- tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index ddffe7d71..a3469e623 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -113,7 +113,7 @@ Keeps security report resources updated | trivy.image.pullPolicy | string | `"IfNotPresent"` | pullPolicy is the imge pull policy used for trivy image , valid values are (Always, Never, IfNotPresent) | | trivy.image.registry | string | `"ghcr.io"` | registry of the Trivy image | | trivy.image.repository | string | `"aquasecurity/trivy"` | repository of the Trivy image | -| trivy.image.tag | string | `"0.45.1"` | tag version of the Trivy image | +| trivy.image.tag | string | `"0.47.0"` | tag version of the Trivy image | | trivy.imageScanCacheDir | string | `"/tmp/trivy/.cache"` | imageScanCacheDir the flag to set custom path for trivy image scan `cache-dir` parameter. Only applicable in image scan mode. | | trivy.insecureRegistries | object | `{}` | The registry to which insecure connections are allowed. There can be multiple registries with different keys. | | trivy.javaDbRegistry | string | `"ghcr.io"` | javaDbRegistry is the registry for the Java vulnerability database. | diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index aee9916e2..8be3962d3 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -270,7 +270,7 @@ trivy: # -- repository of the Trivy image repository: aquasecurity/trivy # -- tag version of the Trivy image - tag: 0.45.1 + tag: 0.47.0 # -- imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace imagePullSecret: ~ diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index d23d7ade5..82bfaacfe 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2482,7 +2482,7 @@ metadata: app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" - trivy.tag: "0.45.1" + trivy.tag: "0.47.0" trivy.imagePullPolicy: "IfNotPresent" trivy.additionalVulnerabilityReportFields: "" trivy.severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" diff --git a/docs/docs/crds/sbom-report.md b/docs/docs/crds/sbom-report.md index 37f41e90f..16d298328 100644 --- a/docs/docs/crds/sbom-report.md +++ b/docs/docs/crds/sbom-report.md @@ -162,7 +162,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: 0.45.1 + version: 0.47.0 summary: componentsCount: 5 dependenciesCount: 5 diff --git a/pkg/plugins/trivy/config_test.go b/pkg/plugins/trivy/config_test.go index e0e6f4291..dc120dbf9 100644 --- a/pkg/plugins/trivy/config_test.go +++ b/pkg/plugins/trivy/config_test.go @@ -728,7 +728,7 @@ func TestPlugin_Init(t *testing.T) { }, Data: map[string]string{ "trivy.repository": DefaultImageRepository, - "trivy.tag": "0.45.1", + "trivy.tag": "0.47.0", "trivy.severity": DefaultSeverity, "trivy.slow": "true", "trivy.mode": string(Standalone), diff --git a/pkg/plugins/trivy/plugin.go b/pkg/plugins/trivy/plugin.go index 5abda0c95..1698e391e 100644 --- a/pkg/plugins/trivy/plugin.go +++ b/pkg/plugins/trivy/plugin.go @@ -96,7 +96,7 @@ func (p *plugin) Init(ctx trivyoperator.PluginContext) error { return ctx.EnsureConfig(trivyoperator.PluginConfig{ Data: map[string]string{ keyTrivyImageRepository: DefaultImageRepository, - keyTrivyImageTag: "0.45.1", + keyTrivyImageTag: "0.47.0", KeyTrivySeverity: DefaultSeverity, keyTrivySlow: "true", keyTrivyMode: string(Standalone), diff --git a/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml b/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml index be2f3adb1..986356463 100644 --- a/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml +++ b/tests/e2e/sbom-client-server/workload/00-sbom-pod.yaml @@ -3524,7 +3524,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: 0.45.1 + version: 0.47.0 summary: componentsCount: 110 dependenciesCount: 110 diff --git a/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml b/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml index be2f3adb1..986356463 100644 --- a/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml +++ b/tests/e2e/sbom-fs/workload/00-sbom-pod.yaml @@ -3524,7 +3524,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: 0.45.1 + version: 0.47.0 summary: componentsCount: 110 dependenciesCount: 110 diff --git a/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml b/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml index be2f3adb1..986356463 100644 --- a/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml +++ b/tests/e2e/sbom-standalone/workload/00-sbom-pod.yaml @@ -3524,7 +3524,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: 0.45.1 + version: 0.47.0 summary: componentsCount: 110 dependenciesCount: 110 From 54e6c909263e0394cb67dedc2c44bbfc06216894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=98=A3=EF=B8=8F=20Arka=20=E2=98=A3=EF=B8=8F?= Date: Tue, 14 Nov 2023 16:17:12 +0530 Subject: [PATCH 13/14] docs: fix chart version (#1634) --- docs/tutorials/private-registries.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 527f4f187..3fe18a76a 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -47,7 +47,7 @@ Lastly, we can deploy the operator inside our cluster with referencing our new ` helm upgrade --install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.16.4 + --version {{ var.chart_version }} --values ./values.yaml ``` @@ -57,7 +57,7 @@ Alternatively, it is possible to set the values directly through Helm instead of helm upgrade --install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.16.4 + --version {{ var.chart_version }} --set="trivy.command=fs" --set="trivyOperator.scanJobPodTemplateContainerSecurityContext.runAsUser=0" ``` @@ -230,7 +230,7 @@ Lastly, we can deploy the operator inside our cluster with referencing our new ` helm upgrade --install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.16.4 + --version {{ var.chart_version }} --values ./values.yaml ``` @@ -240,7 +240,7 @@ Alternatively, it is possible to set the values directly through Helm instead of helm upgrade --install trivy-operator aqua/trivy-operator \ --namespace trivy-system \ --create-namespace \ - --version 0.16.4 + --version {{ var.chart_version }} --set-json='operator.privateRegistryScanSecretsNames={"app":"dockerconfigjson-github-com"}' ``` From 567bc7d1a7a142793fb46927a3d1015bbcee9fef Mon Sep 17 00:00:00 2001 From: chenk Date: Wed, 15 Nov 2023 14:07:56 +0200 Subject: [PATCH 14/14] sec: bump node-collector v0.0.9 fix node-collector CVE-2023-39325 (#1637) * sec: bump node-collector v0.0.9 fix node-collector CVE-2023-39325 Signed-off-by: chenk * chore: bump node-collector v0.0.9 Signed-off-by: chenk --------- Signed-off-by: chenk --- deploy/helm/README.md | 2 +- deploy/helm/values.yaml | 2 +- deploy/static/trivy-operator.yaml | 2 +- go.mod | 2 +- go.sum | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index a3469e623..a7155efd8 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -31,7 +31,7 @@ Keeps security report resources updated | nodeCollector.imagePullSecret | string | `nil` | imagePullSecret is the secret name to be used when pulling node-collector image from private registries example : reg-secret It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace | | nodeCollector.registry | string | `"ghcr.io"` | registry of the node-collector image | | nodeCollector.repository | string | `"aquasecurity/node-collector"` | repository of the node-collector image | -| nodeCollector.tag | string | `"0.0.8"` | tag version of the node-collector image | +| nodeCollector.tag | string | `"0.0.9"` | tag version of the node-collector image | | nodeCollector.volumeMounts | list | `[{"mountPath":"/var/lib/etcd","name":"var-lib-etcd","readOnly":true},{"mountPath":"/var/lib/kubelet","name":"var-lib-kubelet","readOnly":true},{"mountPath":"/var/lib/kube-scheduler","name":"var-lib-kube-scheduler","readOnly":true},{"mountPath":"/var/lib/kube-controller-manager","name":"var-lib-kube-controller-manager","readOnly":true},{"mountPath":"/etc/systemd","name":"etc-systemd","readOnly":true},{"mountPath":"/lib/systemd/","name":"lib-systemd","readOnly":true},{"mountPath":"/etc/kubernetes","name":"etc-kubernetes","readOnly":true},{"mountPath":"/etc/cni/net.d/","name":"etc-cni-netd","readOnly":true}]` | node-collector pod volume mounts definition for collecting config files information | | nodeCollector.volumes | list | `[{"hostPath":{"path":"/var/lib/etcd"},"name":"var-lib-etcd"},{"hostPath":{"path":"/var/lib/kubelet"},"name":"var-lib-kubelet"},{"hostPath":{"path":"/var/lib/kube-scheduler"},"name":"var-lib-kube-scheduler"},{"hostPath":{"path":"/var/lib/kube-controller-manager"},"name":"var-lib-kube-controller-manager"},{"hostPath":{"path":"/etc/systemd"},"name":"etc-systemd"},{"hostPath":{"path":"/lib/systemd"},"name":"lib-systemd"},{"hostPath":{"path":"/etc/kubernetes"},"name":"etc-kubernetes"},{"hostPath":{"path":"/etc/cni/net.d/"},"name":"etc-cni-netd"}]` | node-collector pod volumes definition for collecting config files information | | nodeSelector | object | `{}` | nodeSelector set the operator nodeSelector | diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index 8be3962d3..09e1e2016 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -558,7 +558,7 @@ nodeCollector: # -- repository of the node-collector image repository: aquasecurity/node-collector # -- tag version of the node-collector image - tag: 0.0.8 + tag: 0.0.9 # -- imagePullSecret is the secret name to be used when pulling node-collector image from private registries example : reg-secret # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace imagePullSecret: ~ diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 82bfaacfe..8b8fe8f19 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2454,7 +2454,7 @@ data: configAuditReports.scanner: "Trivy" compliance.failEntriesLimit: "10" report.recordFailedChecksOnly: "true" - node.collector.imageRef: "ghcr.io/aquasecurity/node-collector:0.0.8" + node.collector.imageRef: "ghcr.io/aquasecurity/node-collector:0.0.9" --- # Source: trivy-operator/templates/configmaps/policies.yaml apiVersion: v1 diff --git a/go.mod b/go.mod index 7f6cf725c..4036aa576 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/CycloneDX/cyclonedx-go v0.7.2 github.com/aquasecurity/defsec v0.93.1 github.com/aquasecurity/trivy v0.47.0 - github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231019164303-dcdfdc50763f + github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231115100645-921512b4d163 github.com/bluele/gcache v0.0.2 github.com/caarlos0/env/v6 v6.10.1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc diff --git a/go.sum b/go.sum index 1b962ba8e..19b604d99 100644 --- a/go.sum +++ b/go.sum @@ -722,8 +722,8 @@ github.com/aquasecurity/trivy-db v0.0.0-20231020043206-3770774790ce h1:53T1cV67m github.com/aquasecurity/trivy-db v0.0.0-20231020043206-3770774790ce/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= github.com/aquasecurity/trivy-java-db v0.0.0-20230514115002-fb1b70d903ce h1:WzPuUf6V4S4jGcxf5d4o+HJjNne/xxBAQWJ46Z7eCTE= github.com/aquasecurity/trivy-java-db v0.0.0-20230514115002-fb1b70d903ce/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= -github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231019164303-dcdfdc50763f h1:HDWxGTNMAeX8LFUDQKME+JwE2sPkFEFLso1OicnoXgw= -github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231019164303-dcdfdc50763f/go.mod h1:k2Nf7s+Gx88BZE/yjBv7Kqdng/quv/hwaYI2bjSWFqY= +github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231115100645-921512b4d163 h1:6TsI0lQN7H/d3pM5vK1/taYbWMgnNYEOk+V2ydBdg0s= +github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231115100645-921512b4d163/go.mod h1:u+rEg3lTLpv3EJVSC7HOhWWlUwuuxlfczMncYPMqTPI= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=