Skip to content

Commit

Permalink
feat(trivy): Bump Trivy to v0.37.1 (#199)
Browse files Browse the repository at this point in the history 
Signed-off-by: Simar <simar@linux.com>
  • Loading branch information
@simar7
simar7 committed Feb 2, 2023
1 parent ab15891 commit cff3e9a
Show file tree
Hide file tree
Showing 6 changed files with 114 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yaml
View file
@@ -1,7 +1,7 @@
name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.34.0
TRIVY_VERSION: 0.37.1
BATS_LIB_PATH: '/usr/lib/'
jobs:
build:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
@@ -1,4 +1,4 @@
FROM ghcr.io/aquasecurity/trivy:0.34.0
FROM ghcr.io/aquasecurity/trivy:0.37.1
COPY entrypoint.sh /
RUN apk --no-cache add bash curl npm
RUN chmod +x /entrypoint.sh
Expand Down
56 changes: 55 additions & 1 deletion test/data/config-sarif.test
View file
Expand Up @@ -35,9 +35,36 @@
"HIGH"
]
}
},
{
"id": "DS026",
"name": "Misconfiguration",
"shortDescription": {
"text": "No HEALTHCHECK defined"
},
"fullDescription": {
"text": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers."
},
"defaultConfiguration": {
"level": "note"
},
"helpUri": "https://avd.aquasec.com/misconfig/ds026",
"help": {
"text": "Misconfiguration DS026\nType: Dockerfile Security Check\nSeverity: LOW\nCheck: No HEALTHCHECK defined\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)\nYou shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
"markdown": "**Misconfiguration DS026**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Dockerfile Security Check|LOW|No HEALTHCHECK defined|Add HEALTHCHECK instruction in your Dockerfile|[DS026](https://avd.aquasec.com/misconfig/ds026)|\n\nYou shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers."
},
"properties": {
"precision": "very-high",
"security-severity": "2.0",
"tags": [
"misconfiguration",
"security",
"LOW"
]
}
}
],
"version": "0.34.0"
"version": "0.37.1"
}
},
"results": [
Expand Down Expand Up @@ -67,6 +94,33 @@
}
}
]
},
{
"ruleId": "DS026",
"ruleIndex": 1,
"level": "note",
"message": {
"text": "Artifact: Dockerfile\nType: dockerfile\nVulnerability DS026\nSeverity: LOW\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "Dockerfile",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "Dockerfile"
}
}
]
}
],
"columnKind": "utf16CodeUnits",
Expand Down
30 changes: 28 additions & 2 deletions test/data/config.test
View file
Expand Up @@ -20,8 +20,8 @@
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 21,
"Failures": 1,
"Successes": 22,
"Failures": 2,
"Exceptions": 0
},
"Misconfigurations": [
Expand Down Expand Up @@ -50,6 +50,32 @@
"Lines": null
}
}
},
{
"Type": "Dockerfile Security Check",
"ID": "DS026",
"AVDID": "AVD-DS-0026",
"Title": "No HEALTHCHECK defined",
"Description": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
"Message": "Add HEALTHCHECK instruction in your Dockerfile",
"Namespace": "builtin.dockerfile.DS026",
"Query": "data.builtin.dockerfile.DS026.deny",
"Resolution": "Add HEALTHCHECK instruction in Dockerfile",
"Severity": "LOW",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds026",
"References": [
"https://blog.aquasec.com/docker-security-best-practices",
"https://avd.aquasec.com/misconfig/ds026"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
}
Expand Down
30 changes: 28 additions & 2 deletions test/data/fs-scheck.test
View file
Expand Up @@ -20,8 +20,8 @@
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 21,
"Failures": 1,
"Successes": 22,
"Failures": 2,
"Exceptions": 0
},
"Misconfigurations": [
Expand Down Expand Up @@ -50,6 +50,32 @@
"Lines": null
}
}
},
{
"Type": "Dockerfile Security Check",
"ID": "DS026",
"AVDID": "AVD-DS-0026",
"Title": "No HEALTHCHECK defined",
"Description": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
"Message": "Add HEALTHCHECK instruction in your Dockerfile",
"Namespace": "builtin.dockerfile.DS026",
"Query": "data.builtin.dockerfile.DS026.deny",
"Resolution": "Add HEALTHCHECK instruction in Dockerfile",
"Severity": "LOW",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds026",
"References": [
"https://blog.aquasec.com/docker-security-best-practices",
"https://avd.aquasec.com/misconfig/ds026"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion test/data/image-sarif.test
View file
Expand Up @@ -37,7 +37,7 @@
}
}
],
"version": "0.34.0"
"version": "0.37.1"
}
},
"results": [
Expand Down

0 comments on commit cff3e9a

Please sign in to comment.