-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(trivy): Bump to support v0.56.1 #387
Conversation
66e9e1a
to
8327bc0
Compare
@nikpivkin any idea why the tests are red in the CI? Locally I don't see any failures. BATS_LIB_PATH=/opt/homebrew/lib TRIVY_DISABLE_VEX_NOTICE=true bats -r -T .
./test/test.bats
✓ trivy repo with securityCheck secret only [1000]
✓ trivy image [1000]
✓ trivy config sarif report [1000]
✓ trivy config [1000]
✓ trivy rootfs [1000]
✓ trivy fs [1000]
✓ trivy image with trivyIgnores option [1000]
✓ trivy image with sbom output [1000]
✓ trivy image with trivy.yaml config [1000]
✓ trivy image with custom docker-host [1000]
✓ trivy config with terraform variables [1000]
11 tests, 0 failures in 12 seconds |
@simar7 The tests use the This is the difference in local run on the main branch: ✗ trivy config sarif report [607]
(from function `assert_files_equal' in file /opt/homebrew/lib/bats-file/src/file.bash, line 266,
from function `compare_files' in file ./test/test.bats, line 54,
in test file ./test/test.bats, line 72)
`compare_files config-sarif.sarif ./test/data/config-sarif-report/report.sarif' failed
Building SARIF report with options: ./test/data/config-sarif-report/main.tf
3c3
< "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
---
> "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3c3
< "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
---
> "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
-- files are not the same --
path : config-sarif.sarif
path : ./test/data/config-sarif-report/report.sarif
-- |
cd2dfcc
to
65f8c7e
Compare
@nikpivkin I've updated the PR to Trivy v0.56.0, when it is released we can merge this one in. |
@nikpivkin could you take another look? |
{ | ||
"id": "AVD-AWS-0086", | ||
"name": "Misconfiguration", | ||
"shortDescription": { | ||
"text": "S3 Access block should block public ACL" | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this make sense to you @nikpivkin? I understand that the Go rule was deprecated but should the Rego rule in it's place still pick this up?
The tests use checks bundle from here and it is not updated |
Refs #400 |
066a168
to
f398ce6
Compare
* feat(trivy): Bump to support v0.55.2 * fix tests * update github workflow * upgrade to v0.56.0 * bump to trivy v0.56.1 * update tests
No description provided.