feat(trivy): Bump to support v0.56.1 #387
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
simar7
changed the title
simar7
force-pushed
the
upgrade-v0.55.1
branch
2 times, most recently
from
66e9e1a
to
8327bc0
Compare
|
@nikpivkin any idea why the tests are red in the CI? Locally I don't see any failures. BATS_LIB_PATH=/opt/homebrew/lib TRIVY_DISABLE_VEX_NOTICE=true bats -r -T .
./test/test.bats
✓ trivy repo with securityCheck secret only [1000]
✓ trivy image [1000]
✓ trivy config sarif report [1000]
✓ trivy config [1000]
✓ trivy rootfs [1000]
✓ trivy fs [1000]
✓ trivy image with trivyIgnores option [1000]
✓ trivy image with sbom output [1000]
✓ trivy image with trivy.yaml config [1000]
✓ trivy image with custom docker-host [1000]
✓ trivy config with terraform variables [1000]
11 tests, 0 failures in 12 seconds |
|
@simar7 The tests use the This is the difference in local run on the main branch: ✗ trivy config sarif report [607]
(from function `assert_files_equal' in file /opt/homebrew/lib/bats-file/src/file.bash, line 266,
from function `compare_files' in file ./test/test.bats, line 54,
in test file ./test/test.bats, line 72)
`compare_files config-sarif.sarif ./test/data/config-sarif-report/report.sarif' failed
Building SARIF report with options: ./test/data/config-sarif-report/main.tf
3c3
< "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
---
> "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3c3
< "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
---
> "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
-- files are not the same --
path : config-sarif.sarif
path : ./test/data/config-sarif-report/report.sarif
-- |
simar7
force-pushed
the
upgrade-v0.55.1
branch
2 times, most recently
from
cd2dfcc
to
65f8c7e
Compare
simar7
changed the title
|
@nikpivkin I've updated the PR to Trivy v0.56.0, when it is released we can merge this one in. |
This was referenced Oct 2, 2024
BertelBB
reviewed
Oct 3, 2024
|
@nikpivkin could you take another look? |
simar7
commented
Oct 3, 2024
Comment on lines
-12
to
-17
| { | ||
| "id": "AVD-AWS-0086", | ||
| "name": "Misconfiguration", | ||
| "shortDescription": { | ||
| "text": "S3 Access block should block public ACL" | ||
| }, |
There was a problem hiding this comment.
does this make sense to you @nikpivkin? I understand that the Go rule was deprecated but should the Rego rule in it's place still pick this up?
simar7
changed the title
|
The tests use checks bundle from here and it is not updated |
|
Refs #400 |
simar7
force-pushed
the
upgrade-v0.55.1
branch
from
066a168
to
f398ce6
Compare
knqyf263
pushed a commit
to knqyf263/trivy-action
that referenced
this pull request
Oct 8, 2024
* feat(trivy): Bump to support v0.55.2 * fix tests * update github workflow * upgrade to v0.56.0 * bump to trivy v0.56.1 * update tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.