From 232ba823e1f7784fcc5731d936206188a3e2e8a4 Mon Sep 17 00:00:00 2001 From: Teppei Fukuda Date: Wed, 26 Jul 2023 14:55:03 +0300 Subject: [PATCH] feat(vuln): support vulnerability status (#4867) * feat: support vulnerability status * feat: show status in table * don't add `fixed` status in debian/redhat * update test golden files * add Status in rpc * update docs * update ignore-status example * add ignore-status in integration test * docs: add the explanation for statuses --------- Co-authored-by: DmitriyLewen --- docs/docs/configuration/filtering.md | 79 +++++--- .../configuration/cli/trivy_filesystem.md | 1 + .../configuration/cli/trivy_image.md | 1 + .../configuration/cli/trivy_kubernetes.md | 1 + .../configuration/cli/trivy_repository.md | 1 + .../configuration/cli/trivy_rootfs.md | 1 + .../configuration/cli/trivy_sbom.md | 1 + .../references/configuration/cli/trivy_vm.md | 1 + go.mod | 2 + go.sum | 4 +- integration/docker_engine_test.go | 21 ++ integration/testdata/almalinux-8.json.golden | 1 + .../testdata/alpine-310-registry.json.golden | 4 + integration/testdata/alpine-310.json.golden | 4 + .../alpine-39-high-critical.json.golden | 2 + .../alpine-39-ignore-cveids.json.golden | 2 + integration/testdata/alpine-39.json.golden | 6 + .../testdata/alpine-distroless.json.golden | 1 + integration/testdata/amazon-1.json.golden | 1 + integration/testdata/amazon-2.json.golden | 2 + .../amazonlinux2-gp2-x86-vm.json.golden | 1 + .../busybox-with-lockfile.json.golden | 2 + integration/testdata/centos-6.json.golden | 2 + .../centos-7-ignore-unfixed.json.golden | 2 + .../testdata/centos-7-medium.json.golden | 1 + integration/testdata/centos-7.json.golden | 3 + .../testdata/composer.lock.json.golden | 1 + integration/testdata/conan.json.golden | 1 + .../debian-buster-ignore-unfixed.json.golden | 1 + .../testdata/debian-buster.json.golden | 2 + .../testdata/debian-stretch.json.golden | 5 + .../testdata/distroless-base.json.golden | 4 + .../testdata/distroless-python27.json.golden | 4 + integration/testdata/dotnet.json.golden | 1 + integration/testdata/fixtures/db/debian.yaml | 1 + integration/testdata/fixtures/db/redhat.yaml | 4 +- integration/testdata/fluentd-gems.json.golden | 2 + ...d-multiple-lockfiles-cyclonedx.json.golden | 3 + integration/testdata/gomod-skip.json.golden | 4 + integration/testdata/gomod.json.golden | 5 + integration/testdata/gradle.json.golden | 2 + integration/testdata/mariner-1.0.json.golden | 2 + integration/testdata/mix.lock.json.golden | 1 + integration/testdata/npm-with-dev.json.golden | 1 + integration/testdata/npm.json.golden | 1 + integration/testdata/nuget.json.golden | 1 + .../testdata/opensuse-leap-151.json.golden | 2 + .../testdata/oraclelinux-8.json.golden | 2 + integration/testdata/photon-30.json.golden | 3 + integration/testdata/pip.json.golden | 2 + integration/testdata/pipenv.json.golden | 2 + integration/testdata/pnpm.json.golden | 2 + integration/testdata/poetry.json.golden | 1 + integration/testdata/pom.json.golden | 2 + integration/testdata/pubspec.lock.json.golden | 1 + integration/testdata/rockylinux-8.json.golden | 1 + .../testdata/spring4shell-jre11.json.golden | 5 +- .../testdata/spring4shell-jre8.json.golden | 1 + integration/testdata/test-repo.json.golden | 2 + integration/testdata/ubi-7.json.golden | 1 + .../ubuntu-1804-ignore-unfixed.json.golden | 6 +- integration/testdata/ubuntu-1804.json.golden | 7 +- .../testdata/ubuntu-gp2-x86-vm.json.golden | 1 + integration/testdata/yarn.json.golden | 1 + pkg/detector/ospkg/debian/debian.go | 1 + pkg/detector/ospkg/debian/debian_test.go | 1 + .../debian/testdata/fixtures/debian.yaml | 1 + pkg/detector/ospkg/redhat/redhat.go | 1 + pkg/detector/ospkg/redhat/redhat_test.go | 1 + .../redhat/testdata/fixtures/redhat.yaml | 1 + pkg/flag/options.go | 2 +- pkg/flag/vulnerability_flags.go | 53 +++-- pkg/flag/vulnerability_flags_test.go | 12 -- pkg/report/table/table_test.go | 78 ++++---- pkg/report/table/vulnerability.go | 3 + pkg/result/filter.go | 12 +- pkg/result/filter_test.go | 22 +- pkg/rpc/convert.go | 2 + pkg/scanner/local/scan_test.go | 11 + pkg/types/vulnerability.go | 1 + pkg/vulnerability/vulnerability.go | 10 + pkg/vulnerability/vulnerability_test.go | 19 +- rpc/common/service.pb.go | 189 +++++++++--------- rpc/common/service.proto | 1 + 84 files changed, 442 insertions(+), 214 deletions(-) diff --git a/docs/docs/configuration/filtering.md b/docs/docs/configuration/filtering.md index b77b39b62987..53f600789e28 100644 --- a/docs/docs/configuration/filtering.md +++ b/docs/docs/configuration/filtering.md @@ -2,7 +2,7 @@ Trivy provides various methods for filtering the results. -## Hide Unfixed Vulnerabilities +## By Status | Scanner | Supported | |:----------------:|:---------:| @@ -11,53 +11,70 @@ Trivy provides various methods for filtering the results. | Secret | | | License | | -By default, `Trivy` also detects unpatched/unfixed vulnerabilities. -This means you can't fix these vulnerabilities even if you update all packages. -If you would like to ignore them, use the `--ignore-unfixed` option. +Trivy supports the following vulnerability statuses: + +- `unknown` +- `not_affected`: this package is not affected by this vulnerability on this platform +- `affected`: this package is affected by this vulnerability on this platform, but there is no patch released yet +- `fixed`: this vulnerability is fixed on this platform +- `under_investigation`: it is currently unknown whether or not this vulnerability affects this package on this platform, and it is under investigation +- `will_not_fix`: this package is affected by this vulnerability on this platform, but there is currently no intention to fix it (this would primarily be for flaws that are of Low or Moderate impact that pose no significant risk to customers) +- `fix_deferred`: this package is affected by this vulnerability on this platform, and may be fixed in the future +- `end_of_life`: this package has been identified to contain the impacted component, but analysis to determine whether it is affected or not by this vulnerability was not performed + +Note that vulnerabilities with the `unknown`, `not_affected` or `under_investigation` status are not detected. +These are only defined for comprehensiveness, and you will not have the opportunity to specify these statuses. + +Some statuses are supported in limited distributions. + +| OS | Fixed | Affected | Under Investigation | Will Not Fix | Fix Deferred | End of Life | +|:----------:|:-----:|:--------:|:-------------------:|:------------:|:------------:|:-----------:| +| Debian | ✓ | ✓ | | | ✓ | ✓ | +| RHEL | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | +| Other OSes | ✓ | ✓ | | | | | + + +To ignore vulnerabilities with specific statuses, use the `--ignore-status ` option. + ```bash -$ trivy image --ignore-unfixed ruby:2.4.0 +$ trivy image --ignore-status affected,fixed ruby:2.4.0 ```
Result ``` -2019-05-16T12:49:52.656+0900 INFO Updating vulnerability database... 2019-05-16T12:50:14.786+0900 INFO Detecting Debian vulnerabilities... ruby:2.4.0 (debian 8.7) ======================= -Total: 4730 (UNKNOWN: 1, LOW: 145, MEDIUM: 3487, HIGH: 1014, CRITICAL: 83) - -+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+ -| apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of the | -| | | | | | 302 redirect field in HTTP | -| | | | | | transport method of... | -+ +------------------+----------+ +----------------------------------+-----------------------------------------------------+ -| | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian | -| | | | | | jessie before 1.0.9.8.4, in | -| | | | | | Debian unstable before... | -+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+ -| bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in | -| | | | | | restricted bash shells | -+ +------------------+ + +----------------------------------+-----------------------------------------------------+ -| | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted | -| | | | | | SHELLOPTS+PS4 variables allows | -| | | | | | command substitution | -+ +------------------+----------+ + +-----------------------------------------------------+ -| | CVE-2016-0634 | MEDIUM | | | bash: Arbitrary code execution | -| | | | | | via malicious hostname | -+ +------------------+----------+ +----------------------------------+-----------------------------------------------------+ -| | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free | -+------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+ +Total: 527 (UNKNOWN: 0, LOW: 276, MEDIUM: 83, HIGH: 158, CRITICAL: 10) + +┌─────────────────────────────┬──────────────────┬──────────┬──────────────┬────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├─────────────────────────────┼──────────────────┼──────────┼──────────────┼────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤ +│ binutils │ CVE-2014-9939 │ CRITICAL │ will_not_fix │ 2.25-5 │ │ binutils: buffer overflow in ihex.c │ +│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2014-9939 │ +│ ├──────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ +│ │ CVE-2017-6969 │ │ │ │ │ binutils: Heap-based buffer over-read in readelf when │ +│ │ │ │ │ │ │ processing corrupt RL78 binaries │ +│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-6969 │ +│ ├──────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤ ... ```
+!!! tip + To skip all unfixed vulnerabilities, you can use the `--ignore-unfixed` flag . + It is a shorthand of `-ignore-status affected,will_not_fix,fix_deferred,end_of_life`. + It displays "fixed" vulnerabilities only. + +```bash +$ trivy image --ignore-unfixed ruby:2.4.0 +``` + ## By Severity | Scanner | Supported | diff --git a/docs/docs/references/configuration/cli/trivy_filesystem.md b/docs/docs/references/configuration/cli/trivy_filesystem.md index dd2381b32c03..6f133483fe83 100644 --- a/docs/docs/references/configuration/cli/trivy_filesystem.md +++ b/docs/docs/references/configuration/cli/trivy_filesystem.md @@ -40,6 +40,7 @@ trivy filesystem [flags] PATH --helm-values strings specify paths to override the Helm values.yaml files -h, --help help for filesystem --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignored-licenses strings specify a list of license to ignore --ignorefile string specify .trivyignore file (default ".trivyignore") diff --git a/docs/docs/references/configuration/cli/trivy_image.md b/docs/docs/references/configuration/cli/trivy_image.md index ed7edbfd5e2b..d644239d8961 100644 --- a/docs/docs/references/configuration/cli/trivy_image.md +++ b/docs/docs/references/configuration/cli/trivy_image.md @@ -57,6 +57,7 @@ trivy image [flags] IMAGE_NAME --helm-values strings specify paths to override the Helm values.yaml files -h, --help help for image --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignored-licenses strings specify a list of license to ignore --ignorefile string specify .trivyignore file (default ".trivyignore") diff --git a/docs/docs/references/configuration/cli/trivy_kubernetes.md b/docs/docs/references/configuration/cli/trivy_kubernetes.md index ec726f1b5b8b..d550474139a7 100644 --- a/docs/docs/references/configuration/cli/trivy_kubernetes.md +++ b/docs/docs/references/configuration/cli/trivy_kubernetes.md @@ -50,6 +50,7 @@ trivy kubernetes [flags] { cluster | all | specific resources like kubectl. eg: --helm-values strings specify paths to override the Helm values.yaml files -h, --help help for kubernetes --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignorefile string specify .trivyignore file (default ".trivyignore") --image-src strings image source(s) to use, in priority order (docker,containerd,podman,remote) (default [docker,containerd,podman,remote]) diff --git a/docs/docs/references/configuration/cli/trivy_repository.md b/docs/docs/references/configuration/cli/trivy_repository.md index 575637697369..0f499b5b8fbe 100644 --- a/docs/docs/references/configuration/cli/trivy_repository.md +++ b/docs/docs/references/configuration/cli/trivy_repository.md @@ -38,6 +38,7 @@ trivy repository [flags] REPO_URL --helm-values strings specify paths to override the Helm values.yaml files -h, --help help for repository --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignored-licenses strings specify a list of license to ignore --ignorefile string specify .trivyignore file (default ".trivyignore") diff --git a/docs/docs/references/configuration/cli/trivy_rootfs.md b/docs/docs/references/configuration/cli/trivy_rootfs.md index ef3708827371..683acba441ce 100644 --- a/docs/docs/references/configuration/cli/trivy_rootfs.md +++ b/docs/docs/references/configuration/cli/trivy_rootfs.md @@ -43,6 +43,7 @@ trivy rootfs [flags] ROOTDIR --helm-values strings specify paths to override the Helm values.yaml files -h, --help help for rootfs --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignored-licenses strings specify a list of license to ignore --ignorefile string specify .trivyignore file (default ".trivyignore") diff --git a/docs/docs/references/configuration/cli/trivy_sbom.md b/docs/docs/references/configuration/cli/trivy_sbom.md index e8dac626e7cd..664a8c12f302 100644 --- a/docs/docs/references/configuration/cli/trivy_sbom.md +++ b/docs/docs/references/configuration/cli/trivy_sbom.md @@ -34,6 +34,7 @@ trivy sbom [flags] SBOM_PATH -f, --format string format (table,json,template,sarif,cyclonedx,spdx,spdx-json,github,cosign-vuln) (default "table") -h, --help help for sbom --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignorefile string specify .trivyignore file (default ".trivyignore") --java-db-repository string OCI repository to retrieve trivy-java-db from (default "ghcr.io/aquasecurity/trivy-java-db") diff --git a/docs/docs/references/configuration/cli/trivy_vm.md b/docs/docs/references/configuration/cli/trivy_vm.md index 37c71009a905..95e409680a9f 100644 --- a/docs/docs/references/configuration/cli/trivy_vm.md +++ b/docs/docs/references/configuration/cli/trivy_vm.md @@ -41,6 +41,7 @@ trivy vm [flags] VM_IMAGE --helm-values strings specify paths to override the Helm values.yaml files -h, --help help for vm --ignore-policy string specify the Rego file path to evaluate each vulnerability + --ignore-status strings comma-separated list of vulnerability status to ignore (unknown,not_affected,affected,fixed,under_investigation,will_not_fix,fix_deferred,end_of_life) --ignore-unfixed display only fixed vulnerabilities --ignorefile string specify .trivyignore file (default ".trivyignore") --include-non-failures include successes and exceptions, available with '--scanners config' diff --git a/go.mod b/go.mod index 2f9304c680d5..c68ce29964a3 100644 --- a/go.mod +++ b/go.mod @@ -400,3 +400,5 @@ require ( // oras 1.2.2 is incompatible with github.com/docker/docker v23.0.0-rc.1+incompatible replace oras.land/oras-go => oras.land/oras-go v1.2.3 + +replace github.com/aquasecurity/trivy-db => github.com/knqyf263/trivy-db v0.0.0-20230724141103-6dde4f3b3952 diff --git a/go.sum b/go.sum index e0d37db5efc8..a1a6f0d1c144 100644 --- a/go.sum +++ b/go.sum @@ -343,8 +343,6 @@ github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da h1:pj/adfN github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da/go.mod h1:852lbQLpK2nCwlR4ZLYIccxYCfoQao6q9Nl6tjz54v8= github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo= github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= -github.com/aquasecurity/trivy-db v0.0.0-20230703082116-dc52e83376ce h1:swoQLWQoZ4HW13XeEji217TTcgi61MuMZdsKrqSTE0A= -github.com/aquasecurity/trivy-db v0.0.0-20230703082116-dc52e83376ce/go.mod h1:cXuqKo+FaMY0ixJNoUcyDHdfCBRPWOysI2Td8N4fRsg= github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 h1:0eS+V7SXHgqoT99tV1mtMW6HL4HdoB9qGLMCb1fZp8A= github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.5.7-0.20230708090141-f44c2292c9a9 h1:PA91rctNeAZY0hb2tPK68lAEpau3ItSto4FnqFXPF4g= @@ -1205,6 +1203,8 @@ github.com/knqyf263/go-rpmdb v0.0.0-20230517124904-b97c85e63254 h1:sWdRcroy0oENk github.com/knqyf263/go-rpmdb v0.0.0-20230517124904-b97c85e63254/go.mod h1:9LQcoMCMQ9vrF7HcDtXfvqGO4+ddxFQ8+YF/0CVGDww= github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc= github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk= +github.com/knqyf263/trivy-db v0.0.0-20230724141103-6dde4f3b3952 h1:dtN4/jADviE+/1Oha6hMdjHyWACdjxD8ay37f7oOy14= +github.com/knqyf263/trivy-db v0.0.0-20230724141103-6dde4f3b3952/go.mod h1:st35g9O0ecDGBqnRHNFFz8imlDD3GWTCwo1WyJixI2c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go index 9739c7fa10eb..75a9d3c6ace3 100644 --- a/integration/docker_engine_test.go +++ b/integration/docker_engine_test.go @@ -26,6 +26,7 @@ func TestDockerEngine(t *testing.T) { imageTag string invalidImage bool ignoreUnfixed bool + ignoreStatus []string severity []string ignoreIDs []string input string @@ -101,6 +102,13 @@ func TestDockerEngine(t *testing.T) { input: "testdata/fixtures/images/centos-7.tar.gz", golden: "testdata/centos-7-ignore-unfixed.json.golden", }, + { + name: "centos 7, with --ignore-status option", + imageTag: "ghcr.io/aquasecurity/trivy-test-images:centos-7", + ignoreStatus: []string{"will_not_fix"}, + input: "testdata/fixtures/images/centos-7.tar.gz", + golden: "testdata/centos-7-ignore-unfixed.json.golden", + }, { name: "centos 7, with --ignore-unfixed option, with medium severity", imageTag: "ghcr.io/aquasecurity/trivy-test-images:centos-7", @@ -128,6 +136,13 @@ func TestDockerEngine(t *testing.T) { input: "testdata/fixtures/images/debian-buster.tar.gz", golden: "testdata/debian-buster-ignore-unfixed.json.golden", }, + { + name: "debian buster/10, with --ignore-status option", + ignoreStatus: []string{"affected"}, + imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-buster", + input: "testdata/fixtures/images/debian-buster.tar.gz", + golden: "testdata/debian-buster-ignore-unfixed.json.golden", + }, { name: "debian stretch/9", imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-stretch", @@ -240,6 +255,12 @@ func TestDockerEngine(t *testing.T) { if tt.ignoreUnfixed { osArgs = append(osArgs, "--ignore-unfixed") } + + if len(tt.ignoreStatus) != 0 { + osArgs = append(osArgs, + []string{"--ignore-status", strings.Join(tt.ignoreStatus, ",")}..., + ) + } if len(tt.severity) != 0 { osArgs = append(osArgs, []string{"--severity", strings.Join(tt.severity, ",")}..., diff --git a/integration/testdata/almalinux-8.json.golden b/integration/testdata/almalinux-8.json.golden index 4d657c95c96e..960de9095253 100644 --- a/integration/testdata/almalinux-8.json.golden +++ b/integration/testdata/almalinux-8.json.golden @@ -57,6 +57,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.1.1k-4.el8", "FixedVersion": "1:1.1.1k-5.el8_5", + "Status": "fixed", "Layer": { "Digest": "sha256:a1f18d9dc5496c63197eb9a4f1d4bf5cc88c6a34f64f0fe11ea233070392ce48", "DiffID": "sha256:124d41c237c5e823577dda97e87cebaecce62d585c725d07e709ce410681de4d" diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden index cf8f991e049b..eb9c6fbfd7ce 100644 --- a/integration/testdata/alpine-310-registry.json.golden +++ b/integration/testdata/alpine-310-registry.json.golden @@ -65,6 +65,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" @@ -125,6 +126,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" @@ -195,6 +197,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" @@ -255,6 +258,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" diff --git a/integration/testdata/alpine-310.json.golden b/integration/testdata/alpine-310.json.golden index 5e11e7770263..8cd21b6114a0 100644 --- a/integration/testdata/alpine-310.json.golden +++ b/integration/testdata/alpine-310.json.golden @@ -59,6 +59,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" @@ -119,6 +120,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" @@ -189,6 +191,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" @@ -249,6 +252,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" diff --git a/integration/testdata/alpine-39-high-critical.json.golden b/integration/testdata/alpine-39-high-critical.json.golden index 80dac431a74b..12fe01b07923 100644 --- a/integration/testdata/alpine-39-high-critical.json.golden +++ b/integration/testdata/alpine-39-high-critical.json.golden @@ -59,6 +59,7 @@ "PkgName": "musl", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -97,6 +98,7 @@ "PkgName": "musl-utils", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" diff --git a/integration/testdata/alpine-39-ignore-cveids.json.golden b/integration/testdata/alpine-39-ignore-cveids.json.golden index 3e9f90d5a5ec..9753bdfeba54 100644 --- a/integration/testdata/alpine-39-ignore-cveids.json.golden +++ b/integration/testdata/alpine-39-ignore-cveids.json.golden @@ -59,6 +59,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -129,6 +130,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" diff --git a/integration/testdata/alpine-39.json.golden b/integration/testdata/alpine-39.json.golden index 8e7acd317a15..d994c1175530 100644 --- a/integration/testdata/alpine-39.json.golden +++ b/integration/testdata/alpine-39.json.golden @@ -59,6 +59,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -119,6 +120,7 @@ "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -189,6 +191,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -249,6 +252,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -319,6 +323,7 @@ "PkgName": "musl", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" @@ -357,6 +362,7 @@ "PkgName": "musl-utils", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", + "Status": "fixed", "Layer": { "Digest": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10", "DiffID": "sha256:f1b5933fe4b5f49bbe8258745cf396afe07e625bdab3168e364daf7c956b6b81" diff --git a/integration/testdata/alpine-distroless.json.golden b/integration/testdata/alpine-distroless.json.golden index 614788b22c42..23bc6875726f 100644 --- a/integration/testdata/alpine-distroless.json.golden +++ b/integration/testdata/alpine-distroless.json.golden @@ -54,6 +54,7 @@ "PkgName": "git", "InstalledVersion": "2.35.1-r2", "FixedVersion": "2.35.2-r0", + "Status": "fixed", "Layer": { "Digest": "sha256:6c6f69aa25501b090c54c62a9c17e978064c2f1328f67a7ef88c81ce5f2d7983", "DiffID": "sha256:89da7cc836da4b53ab1ceb572576458c005e7e444b8bb79abda196668a2f0c92" diff --git a/integration/testdata/amazon-1.json.golden b/integration/testdata/amazon-1.json.golden index d9c1208bc336..42517cebeedf 100644 --- a/integration/testdata/amazon-1.json.golden +++ b/integration/testdata/amazon-1.json.golden @@ -58,6 +58,7 @@ "PkgName": "curl", "InstalledVersion": "7.61.1-11.91.amzn1", "FixedVersion": "7.61.1-12.93.amzn1", + "Status": "fixed", "Layer": { "Digest": "sha256:105ff6bf468b1422ad7c47ea9d63eae82f875c93310cb8d34551951e754ef43b", "DiffID": "sha256:984fe1509738f6f00f34d9be7398b07ebeb8b98dda077ff6be2cdb87111b73cf" diff --git a/integration/testdata/amazon-2.json.golden b/integration/testdata/amazon-2.json.golden index 14302db661b3..5c48deeeefad 100644 --- a/integration/testdata/amazon-2.json.golden +++ b/integration/testdata/amazon-2.json.golden @@ -58,6 +58,7 @@ "PkgName": "curl", "InstalledVersion": "7.61.1-9.amzn2.0.1", "FixedVersion": "7.61.1-12.amzn2.0.1", + "Status": "fixed", "Layer": { "Digest": "sha256:72d97abdfae3b3c933ff41e39779cc72853d7bd9dc1e4800c5294d6715257799", "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" @@ -116,6 +117,7 @@ "PkgName": "curl", "InstalledVersion": "7.61.1-9.amzn2.0.1", "FixedVersion": "7.61.1-11.amzn2.0.2", + "Status": "fixed", "Layer": { "Digest": "sha256:72d97abdfae3b3c933ff41e39779cc72853d7bd9dc1e4800c5294d6715257799", "DiffID": "sha256:f387c8b346c85cae37abd1f1a63015acb69f593dc425d0269f57d1012c3a81f6" diff --git a/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden b/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden index 7cf97dbef5bd..fe4cc1c099c1 100644 --- a/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden +++ b/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden @@ -30,6 +30,7 @@ "PkgName": "bind-export-libs", "InstalledVersion": "32:9.11.4-26.P2.amzn2.5.2", "FixedVersion": "99:9.11.4-26.P2.amzn2.13", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-38177", diff --git a/integration/testdata/busybox-with-lockfile.json.golden b/integration/testdata/busybox-with-lockfile.json.golden index e3b11c4a31ea..e4477fc3fb3e 100644 --- a/integration/testdata/busybox-with-lockfile.json.golden +++ b/integration/testdata/busybox-with-lockfile.json.golden @@ -58,6 +58,7 @@ "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 2.1.0", + "Status": "fixed", "Layer": { "Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee", "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" @@ -96,6 +97,7 @@ "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0", + "Status": "fixed", "Layer": { "Digest": "sha256:fd2e3bc9bccc9c677572a542d020998389de94f127ca2c252ae627fc7c241cee", "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" diff --git a/integration/testdata/centos-6.json.golden b/integration/testdata/centos-6.json.golden index fde581f31c25..8d09d3d97ffa 100644 --- a/integration/testdata/centos-6.json.golden +++ b/integration/testdata/centos-6.json.golden @@ -79,6 +79,7 @@ "PkgID": "glibc@2.12-1.212.el6.x86_64", "PkgName": "glibc", "InstalledVersion": "2.12-1.212.el6", + "Status": "end_of_life", "Layer": { "Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e", "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" @@ -124,6 +125,7 @@ "PkgName": "openssl", "InstalledVersion": "1.0.1e-57.el6", "FixedVersion": "1.0.1e-58.el6_10", + "Status": "fixed", "Layer": { "Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e", "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" diff --git a/integration/testdata/centos-7-ignore-unfixed.json.golden b/integration/testdata/centos-7-ignore-unfixed.json.golden index 48c4d18f2254..aedf943fabf2 100644 --- a/integration/testdata/centos-7-ignore-unfixed.json.golden +++ b/integration/testdata/centos-7-ignore-unfixed.json.golden @@ -73,6 +73,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", + "Status": "fixed", "Layer": { "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b", "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a" @@ -154,6 +155,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", + "Status": "fixed", "Layer": { "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b", "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a" diff --git a/integration/testdata/centos-7-medium.json.golden b/integration/testdata/centos-7-medium.json.golden index 4c1dcca68c8e..b158a47a51d9 100644 --- a/integration/testdata/centos-7-medium.json.golden +++ b/integration/testdata/centos-7-medium.json.golden @@ -73,6 +73,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", + "Status": "fixed", "Layer": { "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b", "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a" diff --git a/integration/testdata/centos-7.json.golden b/integration/testdata/centos-7.json.golden index b445930f7153..118d661ea2ad 100644 --- a/integration/testdata/centos-7.json.golden +++ b/integration/testdata/centos-7.json.golden @@ -69,6 +69,7 @@ "PkgID": "bash@4.2.46-31.el7.x86_64", "PkgName": "bash", "InstalledVersion": "4.2.46-31.el7", + "Status": "will_not_fix", "Layer": { "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b", "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a" @@ -118,6 +119,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", + "Status": "fixed", "Layer": { "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b", "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a" @@ -199,6 +201,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", + "Status": "fixed", "Layer": { "Digest": "sha256:ac9208207adaac3a48e54a4dc6b49c69e78c3072d2b3add7efdabf814db2133b", "DiffID": "sha256:89169d87dbe2b72ba42bfbb3579c957322baca28e03a1e558076542a1c1b2b4a" diff --git a/integration/testdata/composer.lock.json.golden b/integration/testdata/composer.lock.json.golden index de199a8c8414..88a7c4203f8d 100644 --- a/integration/testdata/composer.lock.json.golden +++ b/integration/testdata/composer.lock.json.golden @@ -62,6 +62,7 @@ "PkgName": "guzzlehttp/psr7", "InstalledVersion": "1.8.3", "FixedVersion": "1.8.4", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24775", diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden index 51d480ca78e1..b7be6556c1b6 100644 --- a/integration/testdata/conan.json.golden +++ b/integration/testdata/conan.json.golden @@ -87,6 +87,7 @@ "PkgName": "pcre", "InstalledVersion": "8.43", "FixedVersion": "8.45", + "Status": "fixed", "Layer": {}, "Severity": "UNKNOWN" } diff --git a/integration/testdata/debian-buster-ignore-unfixed.json.golden b/integration/testdata/debian-buster-ignore-unfixed.json.golden index 9791d1e8f30d..4d31fa33bba0 100644 --- a/integration/testdata/debian-buster-ignore-unfixed.json.golden +++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden @@ -61,6 +61,7 @@ "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", + "Status": "fixed", "Layer": { "Digest": "sha256:4a56a430b2bac33260d6449e162017e2b23076c6411a17b46db67f5b84dde2bd", "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index 9528535baeb2..61009d538638 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -57,6 +57,7 @@ "PkgID": "bash@5.0-4", "PkgName": "bash", "InstalledVersion": "5.0-4", + "Status": "affected", "Layer": { "Digest": "sha256:4a56a430b2bac33260d6449e162017e2b23076c6411a17b46db67f5b84dde2bd", "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" @@ -111,6 +112,7 @@ "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", + "Status": "fixed", "Layer": { "Digest": "sha256:4a56a430b2bac33260d6449e162017e2b23076c6411a17b46db67f5b84dde2bd", "DiffID": "sha256:78c1b9419976227e05be9d243b7fa583bea44a5258e52018b2af4cdfe23d148d" diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index 97fa5951c3f3..f70c12fda9ad 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -58,6 +58,7 @@ "PkgID": "bash@4.4-5", "PkgName": "bash", "InstalledVersion": "4.4-5", + "Status": "end_of_life", "Layer": { "Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e", "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" @@ -112,6 +113,7 @@ "PkgName": "e2fslibs", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e", "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" @@ -172,6 +174,7 @@ "PkgName": "e2fsprogs", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e", "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" @@ -232,6 +235,7 @@ "PkgName": "libcomerr2", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e", "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" @@ -292,6 +296,7 @@ "PkgName": "libss2", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:9cc2ad81d40d54dcae7fa5e8e17d9c34e8bba3b7c2cc7e26fb22734608bda32e", "DiffID": "sha256:f73e7e79899a33b4b9b78da62efb71520844f8dd518f3c390e27bc3063bce307" diff --git a/integration/testdata/distroless-base.json.golden b/integration/testdata/distroless-base.json.golden index e5363758fc4b..5e2a989fe0d2 100644 --- a/integration/testdata/distroless-base.json.golden +++ b/integration/testdata/distroless-base.json.golden @@ -56,6 +56,7 @@ "PkgID": "libssl1.1@1.1.0k-1~deb9u1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", + "Status": "affected", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" @@ -129,6 +130,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" @@ -206,6 +208,7 @@ "PkgID": "openssl@1.1.0k-1~deb9u1", "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", + "Status": "affected", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" @@ -279,6 +282,7 @@ "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden index 1e45dae9a962..ec4e865fbb65 100644 --- a/integration/testdata/distroless-python27.json.golden +++ b/integration/testdata/distroless-python27.json.golden @@ -73,6 +73,7 @@ "PkgID": "libssl1.1@1.1.0k-1~deb9u1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", + "Status": "affected", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" @@ -146,6 +147,7 @@ "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" @@ -223,6 +225,7 @@ "PkgID": "openssl@1.1.0k-1~deb9u1", "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", + "Status": "affected", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" @@ -296,6 +299,7 @@ "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", + "Status": "fixed", "Layer": { "Digest": "sha256:e005d777a298a3529b1c8cf890883359e050cc966089ce84fea4d17b111907db", "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5" diff --git a/integration/testdata/dotnet.json.golden b/integration/testdata/dotnet.json.golden index 86a5c312e72c..7a765f6fc578 100644 --- a/integration/testdata/dotnet.json.golden +++ b/integration/testdata/dotnet.json.golden @@ -38,6 +38,7 @@ "PkgName": "Newtonsoft.Json", "InstalledVersion": "9.0.1", "FixedVersion": "13.0.1", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", diff --git a/integration/testdata/fixtures/db/debian.yaml b/integration/testdata/fixtures/db/debian.yaml index 4b4634a23667..a357227473f8 100644 --- a/integration/testdata/fixtures/db/debian.yaml +++ b/integration/testdata/fixtures/db/debian.yaml @@ -5,6 +5,7 @@ - key: CVE-2019-18276 value: Severity: 1.0 + Status: 7 # changed for test - bucket: openssl pairs: - key: CVE-2019-1551 diff --git a/integration/testdata/fixtures/db/redhat.yaml b/integration/testdata/fixtures/db/redhat.yaml index 7ce30f53b1fa..2d07860741b6 100644 --- a/integration/testdata/fixtures/db/redhat.yaml +++ b/integration/testdata/fixtures/db/redhat.yaml @@ -18,6 +18,7 @@ - Severity: 1.0 Arches: - x86_64 + Status: 5 - bucket: openssl pairs: - key: RHSA-2019:2304 @@ -72,4 +73,5 @@ - 857 - 858 Cves: - - Severity: 2.0 \ No newline at end of file + - Severity: 2.0 + Status: 7 \ No newline at end of file diff --git a/integration/testdata/fluentd-gems.json.golden b/integration/testdata/fluentd-gems.json.golden index 3c5c1ae744fc..5d25d7dca823 100644 --- a/integration/testdata/fluentd-gems.json.golden +++ b/integration/testdata/fluentd-gems.json.golden @@ -114,6 +114,7 @@ "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", + "Status": "fixed", "Layer": { "Digest": "sha256:000eee12ec04cc914bf96e8f5dee7767510c2aca3816af6078bd9fbe3150920c", "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f" @@ -175,6 +176,7 @@ "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec", "InstalledVersion": "6.0.2.1", "FixedVersion": "6.0.3.1, 5.2.4.3", + "Status": "fixed", "Layer": { "Digest": "sha256:a8877cad19f14a7044524a145ce33170085441a7922458017db1631dcd5f7602", "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9" diff --git a/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden b/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden index 0cd8ef6bde1b..8dd8e073653c 100644 --- a/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden @@ -28,6 +28,7 @@ "VulnerabilityID": "CVE-2019-18276", "PkgName": "bash", "InstalledVersion": "5.0-4", + "Status": "affected", "Layer": {}, "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", @@ -79,6 +80,7 @@ "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", @@ -138,6 +140,7 @@ "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec", "InstalledVersion": "6.0.2.1", "FixedVersion": "6.0.3.1, 5.2.4.3", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165", diff --git a/integration/testdata/gomod-skip.json.golden b/integration/testdata/gomod-skip.json.golden index 307fe26ac58b..716e6381fa69 100644 --- a/integration/testdata/gomod-skip.json.golden +++ b/integration/testdata/gomod-skip.json.golden @@ -26,6 +26,7 @@ "PkgName": "github.com/docker/distribution", "InstalledVersion": "2.7.1+incompatible", "FixedVersion": "v2.8.0", + "Status": "fixed", "Layer": {}, "DataSource": { "ID": "ghsa", @@ -48,6 +49,7 @@ "PkgName": "github.com/open-policy-agent/opa", "InstalledVersion": "0.35.0", "FixedVersion": "0.37.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23628", @@ -87,6 +89,7 @@ "PkgName": "golang.org/x/text", "InstalledVersion": "0.3.6", "FixedVersion": "0.3.7", + "Status": "fixed", "Layer": {}, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38561", "DataSource": { @@ -115,6 +118,7 @@ "PkgName": "github.com/docker/distribution", "InstalledVersion": "2.7.1+incompatible", "FixedVersion": "v2.8.0", + "Status": "fixed", "Layer": {}, "DataSource": { "ID": "ghsa", diff --git a/integration/testdata/gomod.json.golden b/integration/testdata/gomod.json.golden index d9abd561ae8b..c7280a8de15c 100644 --- a/integration/testdata/gomod.json.golden +++ b/integration/testdata/gomod.json.golden @@ -26,6 +26,7 @@ "PkgName": "github.com/docker/distribution", "InstalledVersion": "2.7.1+incompatible", "FixedVersion": "v2.8.0", + "Status": "fixed", "Layer": {}, "DataSource": { "ID": "ghsa", @@ -48,6 +49,7 @@ "PkgName": "github.com/open-policy-agent/opa", "InstalledVersion": "0.35.0", "FixedVersion": "0.37.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23628", @@ -87,6 +89,7 @@ "PkgName": "golang.org/x/text", "InstalledVersion": "0.3.6", "FixedVersion": "0.3.7", + "Status": "fixed", "Layer": {}, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38561", "DataSource": { @@ -115,6 +118,7 @@ "PkgName": "github.com/docker/distribution", "InstalledVersion": "2.7.1+incompatible", "FixedVersion": "v2.8.0", + "Status": "fixed", "Layer": {}, "DataSource": { "ID": "ghsa", @@ -144,6 +148,7 @@ "PkgName": "github.com/docker/distribution", "InstalledVersion": "2.7.1+incompatible", "FixedVersion": "v2.8.0", + "Status": "fixed", "Layer": {}, "DataSource": { "ID": "ghsa", diff --git a/integration/testdata/gradle.json.golden b/integration/testdata/gradle.json.golden index 52a97f26b5e4..a8b5251c894c 100644 --- a/integration/testdata/gradle.json.golden +++ b/integration/testdata/gradle.json.golden @@ -25,6 +25,7 @@ "PkgName": "com.fasterxml.jackson.core:jackson-databind", "InstalledVersion": "2.9.1", "FixedVersion": "2.9.10.4", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9548", @@ -80,6 +81,7 @@ "PkgName": "com.fasterxml.jackson.core:jackson-databind", "InstalledVersion": "2.9.1", "FixedVersion": "2.9.10.7", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20190", diff --git a/integration/testdata/mariner-1.0.json.golden b/integration/testdata/mariner-1.0.json.golden index 78c048864982..31bddad34ff8 100644 --- a/integration/testdata/mariner-1.0.json.golden +++ b/integration/testdata/mariner-1.0.json.golden @@ -41,6 +41,7 @@ "VulnerabilityID": "CVE-2022-0261", "PkgName": "vim", "InstalledVersion": "8.2.4081-1.cm1", + "Status": "affected", "Layer": { "Digest": "sha256:3df36548ffbf2fa7319966e038058a3d2a922880009e535202546a6b250b9d57", "DiffID": "sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804" @@ -71,6 +72,7 @@ "PkgName": "vim", "InstalledVersion": "8.2.4081-1.cm1", "FixedVersion": "8.2.4082-1.cm1", + "Status": "fixed", "Layer": { "Digest": "sha256:3df36548ffbf2fa7319966e038058a3d2a922880009e535202546a6b250b9d57", "DiffID": "sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804" diff --git a/integration/testdata/mix.lock.json.golden b/integration/testdata/mix.lock.json.golden index 3893c125cde5..10b08c5a90b3 100644 --- a/integration/testdata/mix.lock.json.golden +++ b/integration/testdata/mix.lock.json.golden @@ -148,6 +148,7 @@ "PkgName": "phoenix", "InstalledVersion": "1.6.13", "FixedVersion": "1.6.14", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42975", diff --git a/integration/testdata/npm-with-dev.json.golden b/integration/testdata/npm-with-dev.json.golden index 8c0f4f12c5ff..aa460f5ea53b 100644 --- a/integration/testdata/npm-with-dev.json.golden +++ b/integration/testdata/npm-with-dev.json.golden @@ -241,6 +241,7 @@ "PkgName": "jquery", "InstalledVersion": "3.3.9", "FixedVersion": "3.4.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", diff --git a/integration/testdata/npm.json.golden b/integration/testdata/npm.json.golden index 0f70af8f2dfd..3a0e9583c373 100644 --- a/integration/testdata/npm.json.golden +++ b/integration/testdata/npm.json.golden @@ -224,6 +224,7 @@ "PkgName": "jquery", "InstalledVersion": "3.3.9", "FixedVersion": "3.4.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", diff --git a/integration/testdata/nuget.json.golden b/integration/testdata/nuget.json.golden index c0e649ccd24d..eab5daf99660 100644 --- a/integration/testdata/nuget.json.golden +++ b/integration/testdata/nuget.json.golden @@ -55,6 +55,7 @@ "PkgName": "Newtonsoft.Json", "InstalledVersion": "12.0.3", "FixedVersion": "13.0.1", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", diff --git a/integration/testdata/opensuse-leap-151.json.golden b/integration/testdata/opensuse-leap-151.json.golden index fd1870c10e85..bf314ed0e8e4 100644 --- a/integration/testdata/opensuse-leap-151.json.golden +++ b/integration/testdata/opensuse-leap-151.json.golden @@ -66,6 +66,7 @@ "PkgName": "libopenssl1_1", "InstalledVersion": "1.1.0i-lp151.8.3.1", "FixedVersion": "1.1.0i-lp151.8.6.1", + "Status": "fixed", "Layer": { "Digest": "sha256:5c5a844f54abd051851758624820ae6a08a9d6ddffddaebbb335601c32608fb3", "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" @@ -91,6 +92,7 @@ "PkgName": "openssl-1_1", "InstalledVersion": "1.1.0i-lp151.8.3.1", "FixedVersion": "1.1.0i-lp151.8.6.1", + "Status": "fixed", "Layer": { "Digest": "sha256:5c5a844f54abd051851758624820ae6a08a9d6ddffddaebbb335601c32608fb3", "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" diff --git a/integration/testdata/oraclelinux-8.json.golden b/integration/testdata/oraclelinux-8.json.golden index b656a8bba41e..1755255d7760 100644 --- a/integration/testdata/oraclelinux-8.json.golden +++ b/integration/testdata/oraclelinux-8.json.golden @@ -67,6 +67,7 @@ "PkgName": "curl", "InstalledVersion": "7.61.1-8.el8", "FixedVersion": "7.61.1-11.el8", + "Status": "fixed", "Layer": { "Digest": "sha256:e1b9aa33b064e76023cc29e9fac51bcebe62740c92ed38f09ba6205ddd9aa6f4", "DiffID": "sha256:91bac58a9ffae0dc2031e3f90d7bf04f66ccf019f180372152b0916d6e8a796f" @@ -124,6 +125,7 @@ "PkgName": "curl", "InstalledVersion": "7.61.1-8.el8", "FixedVersion": "7.61.1-12.el8", + "Status": "fixed", "Layer": { "Digest": "sha256:e1b9aa33b064e76023cc29e9fac51bcebe62740c92ed38f09ba6205ddd9aa6f4", "DiffID": "sha256:91bac58a9ffae0dc2031e3f90d7bf04f66ccf019f180372152b0916d6e8a796f" diff --git a/integration/testdata/photon-30.json.golden b/integration/testdata/photon-30.json.golden index 52d846b186ab..b61b30e27dd2 100644 --- a/integration/testdata/photon-30.json.golden +++ b/integration/testdata/photon-30.json.golden @@ -68,6 +68,7 @@ "PkgName": "bash", "InstalledVersion": "4.4.18-1.ph3", "FixedVersion": "4.4.18-2.ph3", + "Status": "fixed", "Layer": { "Digest": "sha256:675aead3dff5e25094cb9f4d7cc64f05e9f04a3f3397d5d45bfbc1c8a99c3a73", "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" @@ -119,6 +120,7 @@ "PkgName": "curl", "InstalledVersion": "7.61.1-4.ph3", "FixedVersion": "7.61.1-5.ph3", + "Status": "fixed", "Layer": { "Digest": "sha256:675aead3dff5e25094cb9f4d7cc64f05e9f04a3f3397d5d45bfbc1c8a99c3a73", "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" @@ -177,6 +179,7 @@ "PkgName": "curl-libs", "InstalledVersion": "7.61.1-4.ph3", "FixedVersion": "7.61.1-5.ph3", + "Status": "fixed", "Layer": { "Digest": "sha256:675aead3dff5e25094cb9f4d7cc64f05e9f04a3f3397d5d45bfbc1c8a99c3a73", "DiffID": "sha256:0f379947a276b7b051643960392fa66c2f0cb493bc1dcd471abb5545005949fd" diff --git a/integration/testdata/pip.json.golden b/integration/testdata/pip.json.golden index 38ff8254879b..8d43fa84a6c6 100644 --- a/integration/testdata/pip.json.golden +++ b/integration/testdata/pip.json.golden @@ -62,6 +62,7 @@ "PkgName": "Werkzeug", "InstalledVersion": "0.11", "FixedVersion": "0.15.3", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806", @@ -108,6 +109,7 @@ "PkgName": "Werkzeug", "InstalledVersion": "0.11", "FixedVersion": "0.11.6", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-28724", diff --git a/integration/testdata/pipenv.json.golden b/integration/testdata/pipenv.json.golden index 982d757b958e..d5d4205e6470 100644 --- a/integration/testdata/pipenv.json.golden +++ b/integration/testdata/pipenv.json.golden @@ -38,6 +38,7 @@ "PkgName": "werkzeug", "InstalledVersion": "0.11.1", "FixedVersion": "0.15.3", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806", @@ -84,6 +85,7 @@ "PkgName": "werkzeug", "InstalledVersion": "0.11.1", "FixedVersion": "0.11.6", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-28724", diff --git a/integration/testdata/pnpm.json.golden b/integration/testdata/pnpm.json.golden index 328901193698..aa1446284052 100644 --- a/integration/testdata/pnpm.json.golden +++ b/integration/testdata/pnpm.json.golden @@ -26,6 +26,7 @@ "PkgName": "jquery", "InstalledVersion": "3.3.9", "FixedVersion": "3.4.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", @@ -142,6 +143,7 @@ "PkgName": "lodash", "InstalledVersion": "4.17.4", "FixedVersion": "4.17.12", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744", diff --git a/integration/testdata/poetry.json.golden b/integration/testdata/poetry.json.golden index 7013c30d99f9..8572eded2e44 100644 --- a/integration/testdata/poetry.json.golden +++ b/integration/testdata/poetry.json.golden @@ -50,6 +50,7 @@ "PkgName": "werkzeug", "InstalledVersion": "0.14", "FixedVersion": "0.15.3", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806", diff --git a/integration/testdata/pom.json.golden b/integration/testdata/pom.json.golden index 724d51263fc4..1371f2a6d3af 100644 --- a/integration/testdata/pom.json.golden +++ b/integration/testdata/pom.json.golden @@ -25,6 +25,7 @@ "PkgName": "com.fasterxml.jackson.core:jackson-databind", "InstalledVersion": "2.9.1", "FixedVersion": "2.9.10.4", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9548", @@ -80,6 +81,7 @@ "PkgName": "com.fasterxml.jackson.core:jackson-databind", "InstalledVersion": "2.9.1", "FixedVersion": "2.9.10.7", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20190", diff --git a/integration/testdata/pubspec.lock.json.golden b/integration/testdata/pubspec.lock.json.golden index 7bc706928436..1180f08218c2 100644 --- a/integration/testdata/pubspec.lock.json.golden +++ b/integration/testdata/pubspec.lock.json.golden @@ -41,6 +41,7 @@ "PkgName": "http", "InstalledVersion": "0.13.2", "FixedVersion": "0.13.3", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35669", diff --git a/integration/testdata/rockylinux-8.json.golden b/integration/testdata/rockylinux-8.json.golden index 79cd57be9945..fbd6e64c3d8a 100644 --- a/integration/testdata/rockylinux-8.json.golden +++ b/integration/testdata/rockylinux-8.json.golden @@ -57,6 +57,7 @@ "PkgName": "openssl-libs", "InstalledVersion": "1:1.1.1k-4.el8", "FixedVersion": "1:1.1.1k-5.el8_5", + "Status": "fixed", "Layer": { "Digest": "sha256:72a2451028f11c6927678e5f1bb8f35b4e723d3b342ec1a6980d7b5591cf81d6", "DiffID": "sha256:65dbea0a4b39709e0a2cc8624fd99478e9f302c0a5661d7676d6d3bd3cb6d181" diff --git a/integration/testdata/spring4shell-jre11.json.golden b/integration/testdata/spring4shell-jre11.json.golden index c2ab0c51d54a..a119d3c5b861 100644 --- a/integration/testdata/spring4shell-jre11.json.golden +++ b/integration/testdata/spring4shell-jre11.json.golden @@ -137,7 +137,7 @@ "empty_layer": true }, { - "created": "2022-06-06T13:51:56.544179Z", + "created": "2022-06-07T03:41:13.228952Z", "created_by": "/bin/sh -c #(nop) COPY file:4a1136b54136f8775efe918c4cd6af1ad1e507b36a49286d4f2c6bde722d33f4 in /usr/local/tomcat/webapps/ " } ], @@ -199,8 +199,9 @@ "PkgPath": "usr/local/tomcat/webapps/helloworld.war/WEB-INF/lib/spring-beans-5.3.15.jar", "InstalledVersion": "5.3.15", "FixedVersion": "5.3.18", + "Status": "fixed", "Layer": { - "Digest": "sha256:8eeeb69b4f5af871d1bc14ebb077b478a8260542f2c2a3897e8942bd90a8a62a", + "Digest": "sha256:b47862f824700e0ea830e568e989fba777d8223c1f8321c6256b0c965b9f61ee", "DiffID": "sha256:192960b65b1579403b36581de471fd2bd75a043b4743552f27ba16623f02c68f" }, "SeveritySource": "ghsa", diff --git a/integration/testdata/spring4shell-jre8.json.golden b/integration/testdata/spring4shell-jre8.json.golden index afdd5e43854f..c7c58e529ebb 100644 --- a/integration/testdata/spring4shell-jre8.json.golden +++ b/integration/testdata/spring4shell-jre8.json.golden @@ -199,6 +199,7 @@ "PkgPath": "usr/local/tomcat/webapps/helloworld.war/WEB-INF/lib/spring-beans-5.3.15.jar", "InstalledVersion": "5.3.15", "FixedVersion": "5.3.18", + "Status": "fixed", "Layer": { "Digest": "sha256:cc44af318e91e6f9f9bf73793fa4f0639487613f46aa1f819b02b6e8fb5c6c07", "DiffID": "sha256:eb769943b91f10a0418f2fc3b4a4fde6c6293be60c37293fcc0fa319edaf27a5" diff --git a/integration/testdata/test-repo.json.golden b/integration/testdata/test-repo.json.golden index f6ce98114dac..edb23d019f3b 100644 --- a/integration/testdata/test-repo.json.golden +++ b/integration/testdata/test-repo.json.golden @@ -26,6 +26,7 @@ "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 2.1.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15542", @@ -61,6 +62,7 @@ "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38193", diff --git a/integration/testdata/ubi-7.json.golden b/integration/testdata/ubi-7.json.golden index 50bba71b77ca..bee1bc2156fd 100644 --- a/integration/testdata/ubi-7.json.golden +++ b/integration/testdata/ubi-7.json.golden @@ -80,6 +80,7 @@ "PkgID": "bash@4.2.46-33.el7.x86_64", "PkgName": "bash", "InstalledVersion": "4.2.46-33.el7", + "Status": "will_not_fix", "Layer": { "Digest": "sha256:7b1c937e0f6794db2535be6e4cb6d60a0b668ef78c2576611a3fb9c97a95ccdf", "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" diff --git a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden index e12474e6475f..5428c8bb180d 100644 --- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden +++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden @@ -6,7 +6,7 @@ "OS": { "Family": "ubuntu", "Name": "18.04", - "Eosl": true + "EOSL": true }, "ImageID": "sha256:a2a15febcdf362f6115e801d37b5e60d6faaeedcb9896155e5fe9d754025be12", "DiffIDs": [ @@ -77,6 +77,7 @@ "PkgName": "e2fsprogs", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -134,6 +135,7 @@ "PkgName": "libcom-err2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -191,6 +193,7 @@ "PkgName": "libext2fs2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -248,6 +251,7 @@ "PkgName": "libss2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index 58a2332713e9..7f4b38fe2726 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -6,7 +6,7 @@ "OS": { "Family": "ubuntu", "Name": "18.04", - "Eosl": true + "EOSL": true }, "ImageID": "sha256:a2a15febcdf362f6115e801d37b5e60d6faaeedcb9896155e5fe9d754025be12", "DiffIDs": [ @@ -76,6 +76,7 @@ "PkgID": "bash@4.4.18-2ubuntu1.2", "PkgName": "bash", "InstalledVersion": "4.4.18-2ubuntu1.2", + "Status": "affected", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -127,6 +128,7 @@ "PkgName": "e2fsprogs", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -184,6 +186,7 @@ "PkgName": "libcom-err2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -241,6 +244,7 @@ "PkgName": "libext2fs2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" @@ -298,6 +302,7 @@ "PkgName": "libss2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", + "Status": "fixed", "Layer": { "Digest": "sha256:35c102085707f703de2d9eaad8752d6fe1b8f02b5d2149f1d8357c9cc7fb7d0a", "DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f" diff --git a/integration/testdata/ubuntu-gp2-x86-vm.json.golden b/integration/testdata/ubuntu-gp2-x86-vm.json.golden index d9d14e16a7bc..a558c8968360 100644 --- a/integration/testdata/ubuntu-gp2-x86-vm.json.golden +++ b/integration/testdata/ubuntu-gp2-x86-vm.json.golden @@ -29,6 +29,7 @@ "PkgID": "bash@5.1-6ubuntu1", "PkgName": "bash", "InstalledVersion": "5.1-6ubuntu1", + "Status": "affected", "Layer": {}, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3715", diff --git a/integration/testdata/yarn.json.golden b/integration/testdata/yarn.json.golden index e29f85a62d69..821a6710c541 100644 --- a/integration/testdata/yarn.json.golden +++ b/integration/testdata/yarn.json.golden @@ -40,6 +40,7 @@ "PkgName": "jquery", "InstalledVersion": "3.2.1", "FixedVersion": "3.4.0", + "Status": "fixed", "Layer": {}, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", diff --git a/pkg/detector/ospkg/debian/debian.go b/pkg/detector/ospkg/debian/debian.go index 3e0400427ed3..e8bc953c2708 100644 --- a/pkg/detector/ospkg/debian/debian.go +++ b/pkg/detector/ospkg/debian/debian.go @@ -106,6 +106,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa InstalledVersion: utils.FormatVersion(pkg), FixedVersion: adv.FixedVersion, PkgRef: pkg.Ref, + Status: adv.Status, Layer: pkg.Layer, Custom: adv.Custom, DataSource: adv.DataSource, diff --git a/pkg/detector/ospkg/debian/debian_test.go b/pkg/detector/ospkg/debian/debian_test.go index 4102f9c44632..e021d82b79cf 100644 --- a/pkg/detector/ospkg/debian/debian_test.go +++ b/pkg/detector/ospkg/debian/debian_test.go @@ -67,6 +67,7 @@ func TestScanner_Detect(t *testing.T) { PkgName: "htpasswd", VulnerabilityID: "CVE-2021-31618", InstalledVersion: "2.4.24", + Status: dbTypes.StatusWillNotFix, SeveritySource: vulnerability.Debian, Vulnerability: dbTypes.Vulnerability{ Severity: dbTypes.SeverityMedium.String(), diff --git a/pkg/detector/ospkg/debian/testdata/fixtures/debian.yaml b/pkg/detector/ospkg/debian/testdata/fixtures/debian.yaml index 79508261a9dc..903f7e46e54b 100644 --- a/pkg/detector/ospkg/debian/testdata/fixtures/debian.yaml +++ b/pkg/detector/ospkg/debian/testdata/fixtures/debian.yaml @@ -14,3 +14,4 @@ value: FixedVersion: "" Severity: 2 + Status: 5 diff --git a/pkg/detector/ospkg/redhat/redhat.go b/pkg/detector/ospkg/redhat/redhat.go index e2aa4007124d..9253b407cb5c 100644 --- a/pkg/detector/ospkg/redhat/redhat.go +++ b/pkg/detector/ospkg/redhat/redhat.go @@ -159,6 +159,7 @@ func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVuln PkgName: pkg.Name, InstalledVersion: utils.FormatVersion(pkg), PkgRef: pkg.Ref, + Status: adv.Status, Layer: pkg.Layer, SeveritySource: vulnerability.RedHat, Vulnerability: dbTypes.Vulnerability{ diff --git a/pkg/detector/ospkg/redhat/redhat_test.go b/pkg/detector/ospkg/redhat/redhat_test.go index 69c6ecbcc173..957d4a14c87f 100644 --- a/pkg/detector/ospkg/redhat/redhat_test.go +++ b/pkg/detector/ospkg/redhat/redhat_test.go @@ -69,6 +69,7 @@ func TestScanner_Detect(t *testing.T) { VulnerabilityID: "CVE-2017-5953", PkgName: "vim-minimal", InstalledVersion: "2:7.4.160-5.el7", + Status: dbTypes.StatusWillNotFix, SeveritySource: vulnerability.RedHat, Vulnerability: dbTypes.Vulnerability{ Severity: dbTypes.SeverityLow.String(), diff --git a/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml b/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml index 313a474fc89c..c3ba48072111 100644 --- a/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml +++ b/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml @@ -23,6 +23,7 @@ value: Entries: - FixedVersion: "" + Status: 5 Affected: - 0 - 1 diff --git a/pkg/flag/options.go b/pkg/flag/options.go index 94994295d7a9..760438ba7947 100644 --- a/pkg/flag/options.go +++ b/pkg/flag/options.go @@ -149,7 +149,7 @@ func (o *Options) RegistryOpts() ftypes.RegistryOptions { func (o *Options) FilterOpts() result.FilterOption { return result.FilterOption{ Severities: o.Severities, - IgnoreUnfixed: o.IgnoreUnfixed, + IgnoreStatuses: o.IgnoreStatuses, IncludeNonFailures: o.IncludeNonFailures, IgnoreFile: o.IgnoreFile, PolicyFile: o.IgnorePolicy, diff --git a/pkg/flag/vulnerability_flags.go b/pkg/flag/vulnerability_flags.go index 4c4a32a2bce9..b4adb4be1397 100644 --- a/pkg/flag/vulnerability_flags.go +++ b/pkg/flag/vulnerability_flags.go @@ -1,8 +1,9 @@ package flag import ( - "golang.org/x/exp/slices" + "github.com/samber/lo" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" ) @@ -27,22 +28,31 @@ var ( Default: false, Usage: "display only fixed vulnerabilities", } + IgnoreStatusFlag = Flag{ + Name: "ignore-status", + ConfigName: "vulnerability.ignore-status", + Default: []string{}, + Values: dbTypes.Statuses, + Usage: "comma-separated list of vulnerability status to ignore", + } ) type VulnerabilityFlagGroup struct { VulnType *Flag IgnoreUnfixed *Flag + IgnoreStatus *Flag } type VulnerabilityOptions struct { - VulnType []string - IgnoreUnfixed bool + VulnType []string + IgnoreStatuses []dbTypes.Status } func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup { return &VulnerabilityFlagGroup{ VulnType: &VulnTypeFlag, IgnoreUnfixed: &IgnoreUnfixedFlag, + IgnoreStatus: &IgnoreStatusFlag, } } @@ -54,24 +64,35 @@ func (f *VulnerabilityFlagGroup) Flags() []*Flag { return []*Flag{ f.VulnType, f.IgnoreUnfixed, + f.IgnoreStatus, } } func (f *VulnerabilityFlagGroup) ToOptions() VulnerabilityOptions { - return VulnerabilityOptions{ - VulnType: parseVulnType(getStringSlice(f.VulnType)), - IgnoreUnfixed: getBool(f.IgnoreUnfixed), + // Just convert string to dbTypes.Status as the validated values are passed here. + ignoreStatuses := lo.Map(getStringSlice(f.IgnoreStatus), func(s string, _ int) dbTypes.Status { + return dbTypes.NewStatus(s) + }) + ignoreUnfixed := getBool(f.IgnoreUnfixed) + + if ignoreUnfixed && len(ignoreStatuses) > 0 { + log.Logger.Warn("'--ignore-unfixed' is ignored because '--ignore-status' is specified") + } else if ignoreUnfixed { + // '--ignore-unfixed' is a shorthand of '--ignore-status'. + ignoreStatuses = lo.FilterMap(dbTypes.Statuses, func(s string, _ int) (dbTypes.Status, bool) { + fixed := dbTypes.StatusFixed + if s == fixed.String() { + return 0, false + } + return dbTypes.NewStatus(s), true + }) + } else if len(ignoreStatuses) == 0 { + ignoreStatuses = nil } -} + log.Logger.Debugw("Ignore statuses", "statuses", ignoreStatuses) -func parseVulnType(vulnType []string) []string { - var vulnTypes []string - for _, v := range vulnType { - if !slices.Contains(types.VulnTypes, v) { - log.Logger.Warnf("unknown vulnerability type: %s", v) - continue - } - vulnTypes = append(vulnTypes, v) + return VulnerabilityOptions{ + VulnType: getStringSlice(f.VulnType), + IgnoreStatuses: ignoreStatuses, } - return vulnTypes } diff --git a/pkg/flag/vulnerability_flags_test.go b/pkg/flag/vulnerability_flags_test.go index 7448eb21d7c3..a6055ab2a1ea 100644 --- a/pkg/flag/vulnerability_flags_test.go +++ b/pkg/flag/vulnerability_flags_test.go @@ -44,18 +44,6 @@ func TestVulnerabilityFlagGroup_ToOptions(t *testing.T) { VulnType: []string{types.VulnTypeLibrary}, }, }, - { - name: "wrong vuln type", - fields: fields{ - vulnType: "os,nonevuln", - }, - want: flag.VulnerabilityOptions{ - VulnType: []string{types.VulnTypeOS}, - }, - wantLogs: []string{ - `unknown vulnerability type: nonevuln`, - }, - }, } for _, tt := range tests { diff --git a/pkg/report/table/table_test.go b/pkg/report/table/table_test.go index 27cc70a392ff..cbce1fd18e22 100644 --- a/pkg/report/table/table_test.go +++ b/pkg/report/table/table_test.go @@ -30,8 +30,8 @@ func TestReportWriter_Table(t *testing.T) { VulnerabilityID: "CVE-2020-0001", PkgName: "foo", InstalledVersion: "1.2.3", - FixedVersion: "3.4.5", PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-0001", + Status: dbTypes.StatusWillNotFix, Vulnerability: dbTypes.Vulnerability{ Title: "foobar", Description: "baz", @@ -46,12 +46,12 @@ test () ======= Total: 1 (MEDIUM: 0, HIGH: 1) -┌─────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────┤ -│ foo │ CVE-2020-0001 │ HIGH │ 1.2.3 │ 3.4.5 │ foobar │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-0001 │ -└─────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘ +┌─────────┬───────────────┬──────────┬──────────────┬───────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├─────────┼───────────────┼──────────┼──────────────┼───────────────────┼───────────────┼───────────────────────────────────────────┤ +│ foo │ CVE-2020-0001 │ HIGH │ will_not_fix │ 1.2.3 │ │ foobar │ +│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-0001 │ +└─────────┴───────────────┴──────────┴──────────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘ `, }, { @@ -68,6 +68,7 @@ Total: 1 (MEDIUM: 0, HIGH: 1) InstalledVersion: "1.2.3", FixedVersion: "3.4.5", PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-0001", + Status: dbTypes.StatusFixed, Vulnerability: dbTypes.Vulnerability{ Title: "foobar", Description: "baz", @@ -82,12 +83,12 @@ test () ======= Total: 1 (MEDIUM: 0, HIGH: 1) -┌───────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├───────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────┤ -│ foo (bar) │ CVE-2020-0001 │ HIGH │ 1.2.3 │ 3.4.5 │ foobar │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-0001 │ -└───────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘ +┌───────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├───────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────┤ +│ foo (bar) │ CVE-2020-0001 │ HIGH │ fixed │ 1.2.3 │ 3.4.5 │ foobar │ +│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-0001 │ +└───────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘ `, }, { @@ -102,6 +103,7 @@ Total: 1 (MEDIUM: 0, HIGH: 1) PkgName: "foo", InstalledVersion: "1.2.3", FixedVersion: "3.4.5", + Status: dbTypes.StatusFixed, Vulnerability: dbTypes.Vulnerability{ Description: "foobar", Severity: "HIGH", @@ -115,11 +117,11 @@ test () ======= Total: 1 (MEDIUM: 0, HIGH: 1) -┌─────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────┤ -│ foo │ CVE-2020-0001 │ HIGH │ 1.2.3 │ 3.4.5 │ foobar │ -└─────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────┘ +┌─────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├─────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼────────┤ +│ foo │ CVE-2020-0001 │ HIGH │ fixed │ 1.2.3 │ 3.4.5 │ foobar │ +└─────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴────────┘ `, }, { @@ -135,6 +137,7 @@ Total: 1 (MEDIUM: 0, HIGH: 1) InstalledVersion: "1.2.3", FixedVersion: "3.4.5", PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-1234", + Status: dbTypes.StatusFixed, Vulnerability: dbTypes.Vulnerability{ Title: "a b c d e f g h i j k l m n o p q r s t u v", Description: "foobar", @@ -149,12 +152,12 @@ test () ======= Total: 1 (MEDIUM: 0, HIGH: 1) -┌─────────┬───────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├─────────┼───────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────┤ -│ foo │ CVE-2020-1234 │ HIGH │ 1.2.3 │ 3.4.5 │ a b c d e f g h i j k l... │ -│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-1234 │ -└─────────┴───────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘ +┌─────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├─────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────┤ +│ foo │ CVE-2020-1234 │ HIGH │ fixed │ 1.2.3 │ 3.4.5 │ a b c d e f g h i j k l... │ +│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-1234 │ +└─────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────┘ `, }, { @@ -219,6 +222,7 @@ Total: 1 (MEDIUM: 0, HIGH: 1) }, InstalledVersion: "1.7.3", FixedVersion: "2.6.7, 3.1.1", + Status: dbTypes.StatusFixed, }, { VulnerabilityID: "CVE-2021-26539", @@ -231,6 +235,7 @@ Total: 1 (MEDIUM: 0, HIGH: 1) }, InstalledVersion: "1.20.0", FixedVersion: "2.3.1", + Status: dbTypes.StatusFixed, }, }, }, @@ -240,13 +245,13 @@ package-lock.json (npm) ======================= Total: 2 (MEDIUM: 1, HIGH: 1) -┌───────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├───────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────┤ -│ node-fetch │ CVE-2022-0235 │ HIGH │ 1.7.3 │ 2.6.7, 3.1.1 │ foobar │ -├───────────────┼────────────────┼──────────┼───────────────────┼───────────────┤ │ -│ sanitize-html │ CVE-2021-26539 │ MEDIUM │ 1.20.0 │ 2.3.1 │ │ -└───────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────┘ +┌───────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├───────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────┤ +│ node-fetch │ CVE-2022-0235 │ HIGH │ fixed │ 1.7.3 │ 2.6.7, 3.1.1 │ foobar │ +├───────────────┼────────────────┼──────────┤ ├───────────────────┼───────────────┤ │ +│ sanitize-html │ CVE-2021-26539 │ MEDIUM │ │ 1.20.0 │ 2.3.1 │ │ +└───────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────┘ Dependency Origin Tree (Reversed) ================================= @@ -311,6 +316,7 @@ package-lock.json }, InstalledVersion: "1.7.3", FixedVersion: "2.6.7, 3.1.1", + Status: dbTypes.StatusFixed, }, }, }, @@ -320,11 +326,11 @@ package-lock.json (npm) ======================= Total: 1 (MEDIUM: 0, HIGH: 1) -┌────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────┐ -│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ -├────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────┤ -│ node-fetch │ CVE-2022-0235 │ HIGH │ 1.7.3 │ 2.6.7, 3.1.1 │ foobar │ -└────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────┘ +┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬────────┐ +│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ +├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼────────┤ +│ node-fetch │ CVE-2022-0235 │ HIGH │ fixed │ 1.7.3 │ 2.6.7, 3.1.1 │ foobar │ +└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴────────┘ Dependency Origin Tree (Reversed) ================================= diff --git a/pkg/report/table/vulnerability.go b/pkg/report/table/vulnerability.go index 1c5aadbb1d68..b144f76089cf 100644 --- a/pkg/report/table/vulnerability.go +++ b/pkg/report/table/vulnerability.go @@ -77,6 +77,7 @@ func (r *vulnerabilityRenderer) setHeaders() { "Library", "Vulnerability", "Severity", + "Status", "Installed Version", "Fixed Version", "Title", @@ -121,6 +122,7 @@ func (r *vulnerabilityRenderer) setVulnerabilityRows(vulns []types.DetectedVulne lib, v.VulnerabilityID, ColorizeSeverity(v.Severity, v.Severity), + v.Status.String(), v.InstalledVersion, v.FixedVersion, strings.TrimSpace(title), @@ -130,6 +132,7 @@ func (r *vulnerabilityRenderer) setVulnerabilityRows(vulns []types.DetectedVulne lib, v.VulnerabilityID, v.Severity, + v.Status.String(), v.InstalledVersion, v.FixedVersion, strings.TrimSpace(title), diff --git a/pkg/result/filter.go b/pkg/result/filter.go index e90aa0c322ad..7d9e343f5fb1 100644 --- a/pkg/result/filter.go +++ b/pkg/result/filter.go @@ -29,7 +29,7 @@ const ( type FilterOption struct { Severities []dbTypes.Severity - IgnoreUnfixed bool + IgnoreStatuses []dbTypes.Status IncludeNonFailures bool IgnoreFile string PolicyFile string @@ -56,7 +56,7 @@ func Filter(ctx context.Context, report types.Report, opt FilterOption) error { func FilterResult(ctx context.Context, result *types.Result, opt FilterOption) error { ignoredIDs := getIgnoredIDs(opt.IgnoreFile) - filteredVulns := filterVulnerabilities(result.Vulnerabilities, opt.Severities, opt.IgnoreUnfixed, ignoredIDs, opt.VEXPath) + filteredVulns := filterVulnerabilities(result.Vulnerabilities, opt.Severities, opt.IgnoreStatuses, ignoredIDs) misconfSummary, filteredMisconfs := filterMisconfigurations(result.Misconfigurations, opt.Severities, opt.IncludeNonFailures, ignoredIDs) result.Secrets = filterSecrets(result.Secrets, opt.Severities, ignoredIDs) result.Licenses = filterLicenses(result.Licenses, opt.Severities, opt.IgnoreLicenses) @@ -97,8 +97,8 @@ func filterByVEX(report types.Report, opt FilterOption) error { return nil } -func filterVulnerabilities(vulns []types.DetectedVulnerability, severities []dbTypes.Severity, ignoreUnfixed bool, - ignoredIDs []string, vexPath string) []types.DetectedVulnerability { +func filterVulnerabilities(vulns []types.DetectedVulnerability, severities []dbTypes.Severity, ignoreStatuses []dbTypes.Status, + ignoredIDs []string) []types.DetectedVulnerability { uniqVulns := make(map[string]types.DetectedVulnerability) for _, vuln := range vulns { @@ -111,8 +111,8 @@ func filterVulnerabilities(vulns []types.DetectedVulnerability, severities []dbT continue } - // Ignore unfixed vulnerabilities - if ignoreUnfixed && vuln.FixedVersion == "" { + // Ignore statuses + if slices.Contains(ignoreStatuses, vuln.Status) { continue } else if slices.Contains(ignoredIDs, vuln.VulnerabilityID) { continue diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index 25ffbb0f864d..612cee4f3d02 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -212,7 +212,7 @@ func TestFilterResult(t *testing.T) { type args struct { result types.Result severities []dbTypes.Severity - ignoreUnfixed bool + ignoreStatuses []dbTypes.Status ignoreFile string policyFile string ignoreLicenses []string @@ -318,7 +318,6 @@ func TestFilterResult(t *testing.T) { dbTypes.SeverityHigh, dbTypes.SeverityUnknown, }, - ignoreUnfixed: false, }, wantVulns: []types.DetectedVulnerability{ { @@ -403,14 +402,15 @@ func TestFilterResult(t *testing.T) { PkgName: "bar", InstalledVersion: "1.2.3", FixedVersion: "", + Status: dbTypes.StatusWillNotFix, Vulnerability: dbTypes.Vulnerability{ Severity: dbTypes.SeverityHigh.String(), }, }, }, }, - severities: []dbTypes.Severity{dbTypes.SeverityHigh}, - ignoreUnfixed: true, + severities: []dbTypes.Severity{dbTypes.SeverityHigh}, + ignoreStatuses: []dbTypes.Status{dbTypes.StatusWillNotFix, dbTypes.StatusEndOfLife}, }, wantVulns: []types.DetectedVulnerability{}, }, @@ -507,9 +507,8 @@ func TestFilterResult(t *testing.T) { }, }, }, - severities: []dbTypes.Severity{dbTypes.SeverityLow}, - ignoreUnfixed: false, - ignoreFile: "testdata/.trivyignore", + severities: []dbTypes.Severity{dbTypes.SeverityLow}, + ignoreFile: "testdata/.trivyignore", }, wantVulns: []types.DetectedVulnerability{ @@ -579,9 +578,8 @@ func TestFilterResult(t *testing.T) { }, }, }, - severities: []dbTypes.Severity{dbTypes.SeverityLow}, - ignoreUnfixed: false, - policyFile: "./testdata/test.rego", + severities: []dbTypes.Severity{dbTypes.SeverityLow}, + policyFile: "./testdata/test.rego", }, wantVulns: []types.DetectedVulnerability{ { @@ -679,7 +677,6 @@ func TestFilterResult(t *testing.T) { dbTypes.SeverityHigh, dbTypes.SeverityUnknown, }, - ignoreUnfixed: false, }, wantVulns: []types.DetectedVulnerability{ { @@ -811,7 +808,6 @@ func TestFilterResult(t *testing.T) { dbTypes.SeverityHigh, dbTypes.SeverityUnknown, }, - ignoreUnfixed: false, }, wantVulns: []types.DetectedVulnerability{ { @@ -871,7 +867,7 @@ func TestFilterResult(t *testing.T) { t.Run(tt.name, func(t *testing.T) { err := result.FilterResult(context.Background(), &tt.args.result, result.FilterOption{ Severities: tt.args.severities, - IgnoreUnfixed: tt.args.ignoreUnfixed, + IgnoreStatuses: tt.args.ignoreStatuses, IgnoreFile: tt.args.ignoreFile, PolicyFile: tt.args.policyFile, IgnoreLicenses: tt.args.ignoreLicenses, diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go index 4946ac79aae8..1c0831853df1 100644 --- a/pkg/rpc/convert.go +++ b/pkg/rpc/convert.go @@ -186,6 +186,7 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil PkgPath: vuln.PkgPath, InstalledVersion: vuln.InstalledVersion, FixedVersion: vuln.FixedVersion, + Status: int32(vuln.Status), Title: vuln.Title, Description: vuln.Description, Severity: common.Severity(severity), @@ -378,6 +379,7 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne PkgPath: vuln.PkgPath, InstalledVersion: vuln.InstalledVersion, FixedVersion: vuln.FixedVersion, + Status: dbTypes.Status(vuln.Status), Vulnerability: dbTypes.Vulnerability{ Title: vuln.Title, Description: vuln.Description, diff --git a/pkg/scanner/local/scan_test.go b/pkg/scanner/local/scan_test.go index a6dbd7e2ad55..ae177bb106d5 100644 --- a/pkg/scanner/local/scan_test.go +++ b/pkg/scanner/local/scan_test.go @@ -101,6 +101,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "musl", InstalledVersion: "1.2.3", FixedVersion: "1.2.4", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888", }, @@ -123,6 +124,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33", }, @@ -242,6 +244,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "musl", InstalledVersion: "1.2.3", FixedVersion: "1.2.4", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888", }, @@ -274,6 +277,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33", }, @@ -470,6 +474,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:9922bc15eeefe1637b803ef2106f178152ce19a391f24aec838cbe2e48e73303", }, @@ -550,6 +555,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, PrimaryURL: "https://avd.aquasec.com/nvd/cve-2014-0081", Vulnerability: dbTypes.Vulnerability{ Title: "xss", @@ -580,6 +586,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "laravel/framework", InstalledVersion: "6.0.0", FixedVersion: "8.22.1, 7.30.3, 6.20.12", + Status: dbTypes.StatusFixed, }, }, }, @@ -644,6 +651,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33", }, @@ -721,6 +729,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:9922bc15eeefe1637b803ef2106f178152ce19a391f24aec838cbe2e48e73303", }, @@ -839,6 +848,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "rails", InstalledVersion: "4.0.2", FixedVersion: "4.0.3, 3.2.17", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:5cb2a5009179b1e78ecfef81a19756328bb266456cf9a9dbbcf9af8b83b735f0", }, @@ -866,6 +876,7 @@ func TestScanner_Scan(t *testing.T) { PkgName: "laravel/framework", InstalledVersion: "6.0.0", FixedVersion: "8.22.1, 7.30.3, 6.20.12", + Status: dbTypes.StatusFixed, Layer: ftypes.Layer{ DiffID: "sha256:9922bc15eeefe1637b803ef2106f178152ce19a391f24aec838cbe2e48e73303", }, diff --git a/pkg/types/vulnerability.go b/pkg/types/vulnerability.go index fb8430f9cbdf..488a7d635184 100644 --- a/pkg/types/vulnerability.go +++ b/pkg/types/vulnerability.go @@ -14,6 +14,7 @@ type DetectedVulnerability struct { PkgPath string `json:",omitempty"` // This field is populated in the case of language-specific packages such as egg/wheel and gemspec InstalledVersion string `json:",omitempty"` FixedVersion string `json:",omitempty"` + Status types.Status `json:",omitempty"` Layer ftypes.Layer `json:",omitempty"` SeveritySource types.SourceID `json:",omitempty"` PrimaryURL string `json:",omitempty"` diff --git a/pkg/vulnerability/vulnerability.go b/pkg/vulnerability/vulnerability.go index 6bcdee7ea790..2b29e632e0f6 100644 --- a/pkg/vulnerability/vulnerability.go +++ b/pkg/vulnerability/vulnerability.go @@ -59,6 +59,16 @@ func NewClient(dbc db.Operation) Client { // FillInfo fills extra info in vulnerability objects func (c Client) FillInfo(vulns []types.DetectedVulnerability) { for i := range vulns { + // Add the vulnerability status + // Some vendors such as Red Hat have their own vulnerability status, and we use it. + // Otherwise, we put "fixed" or "affected" according to the fixed version. + if vulns[i].FixedVersion != "" { + vulns[i].Status = dbTypes.StatusFixed + } else if vulns[i].Status == dbTypes.StatusUnknown { + vulns[i].Status = dbTypes.StatusAffected + } + + // Get the vulnerability detail vulnID := vulns[i].VulnerabilityID vuln, err := c.dbc.GetVulnerability(vulnID) if err != nil { diff --git a/pkg/vulnerability/vulnerability_test.go b/pkg/vulnerability/vulnerability_test.go index 74d04ff40e1a..8caf314ae7fa 100644 --- a/pkg/vulnerability/vulnerability_test.go +++ b/pkg/vulnerability/vulnerability_test.go @@ -30,6 +30,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0001", + Status: dbTypes.StatusAffected, Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -58,6 +59,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "RUSTSEC-2018-0017", + Status: dbTypes.StatusAffected, Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -94,6 +96,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "GHSA-28fw-88hq-6jmm", + Status: dbTypes.StatusAffected, Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -125,6 +128,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0004", + Status: dbTypes.StatusAffected, Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -165,6 +169,7 @@ func TestClient_FillInfo(t *testing.T) { vulns: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0005", + Status: dbTypes.StatusAffected, DataSource: &dbTypes.DataSource{ ID: vulnerability.GHSA, Name: "GitHub Security Advisory Pip", @@ -175,6 +180,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0005", + Status: dbTypes.StatusAffected, Vulnerability: dbTypes.Vulnerability{ Title: "COVID-19", Description: "a nasty virus vulnerability for humans", @@ -209,6 +215,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0001", + Status: dbTypes.StatusAffected, SeveritySource: vulnerability.Debian, Vulnerability: dbTypes.Vulnerability{ Title: "dos", @@ -231,6 +238,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "GHSA-0000-aaaa-1111", + Status: dbTypes.StatusAffected, SeveritySource: vulnerability.GHSA, Vulnerability: dbTypes.Vulnerability{ Title: "dos", @@ -255,6 +263,7 @@ func TestClient_FillInfo(t *testing.T) { expectedVulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2022-0001", + Status: dbTypes.StatusAffected, SeveritySource: vulnerability.NVD, Vulnerability: dbTypes.Vulnerability{ Title: "dos", @@ -274,10 +283,16 @@ func TestClient_FillInfo(t *testing.T) { name: "GetVulnerability returns an error", fixtures: []string{"testdata/fixtures/sad.yaml"}, vulns: []types.DetectedVulnerability{ - {VulnerabilityID: "CVE-2019-0004"}, + { + VulnerabilityID: "CVE-2019-0004", + Status: dbTypes.StatusAffected, + }, }, expectedVulnerabilities: []types.DetectedVulnerability{ - {VulnerabilityID: "CVE-2019-0004"}, + { + VulnerabilityID: "CVE-2019-0004", + Status: dbTypes.StatusAffected, + }, }, }, } diff --git a/rpc/common/service.pb.go b/rpc/common/service.pb.go index 039a7ef8da61..0f2c44fbe49e 100644 --- a/rpc/common/service.pb.go +++ b/rpc/common/service.pb.go @@ -828,6 +828,7 @@ type Vulnerability struct { VendorSeverity map[string]Severity `protobuf:"bytes,21,rep,name=vendor_severity,json=vendorSeverity,proto3" json:"vendor_severity,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3,enum=trivy.common.Severity"` PkgPath string `protobuf:"bytes,22,opt,name=pkg_path,json=pkgPath,proto3" json:"pkg_path,omitempty"` PkgId string `protobuf:"bytes,23,opt,name=pkg_id,json=pkgId,proto3" json:"pkg_id,omitempty"` + Status int32 `protobuf:"varint,24,opt,name=status,proto3" json:"status,omitempty"` } func (x *Vulnerability) Reset() { @@ -1016,6 +1017,13 @@ func (x *Vulnerability) GetPkgId() string { return "" } +func (x *Vulnerability) GetStatus() int32 { + if x != nil { + return x.Status + } + return 0 +} + type DataSource struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1714,7 +1722,7 @@ var file_rpc_common_service_proto_rawDesc = []byte{ 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x29, 0x0a, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, 0x05, 0x6c, - 0x61, 0x79, 0x65, 0x72, 0x22, 0xa3, 0x09, 0x0a, 0x0d, 0x56, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, + 0x61, 0x79, 0x65, 0x72, 0x22, 0xbb, 0x09, 0x0a, 0x0d, 0x56, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x29, 0x0a, 0x10, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x49, @@ -1778,95 +1786,96 @@ var file_rpc_common_service_proto_rawDesc = []byte{ 0x12, 0x19, 0x0a, 0x08, 0x70, 0x6b, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x16, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x6b, 0x67, 0x50, 0x61, 0x74, 0x68, 0x12, 0x15, 0x0a, 0x06, 0x70, 0x6b, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x17, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x70, 0x6b, 0x67, - 0x49, 0x64, 0x1a, 0x4b, 0x0a, 0x09, 0x43, 0x76, 0x73, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x28, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x12, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x43, 0x56, 0x53, 0x53, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, - 0x59, 0x0a, 0x13, 0x56, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, - 0x79, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x42, 0x0a, 0x0a, 0x44, 0x61, - 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, - 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x57, - 0x0a, 0x05, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, - 0x17, 0x0a, 0x07, 0x64, 0x69, 0x66, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x64, 0x69, 0x66, 0x66, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x64, 0x42, 0x79, 0x22, 0x76, 0x0a, 0x04, 0x43, 0x56, 0x53, 0x53, 0x12, - 0x1b, 0x0a, 0x09, 0x76, 0x32, 0x5f, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x76, 0x32, 0x56, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, - 0x76, 0x33, 0x5f, 0x76, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x08, 0x76, 0x33, 0x56, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x32, 0x5f, - 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x76, 0x32, 0x53, - 0x63, 0x6f, 0x72, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x33, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x76, 0x33, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x22, - 0x98, 0x01, 0x0a, 0x0e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, - 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x50, - 0x61, 0x74, 0x68, 0x12, 0x29, 0x0a, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x2a, - 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xf3, 0x01, 0x0a, 0x04, 0x4c, - 0x69, 0x6e, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x63, - 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, - 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x73, 0x5f, 0x63, 0x61, 0x75, 0x73, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x69, 0x73, 0x43, 0x61, 0x75, 0x73, 0x65, - 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x09, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x20, - 0x0a, 0x0b, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0b, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, - 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, 0x72, 0x73, 0x74, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x69, 0x72, 0x73, 0x74, 0x43, 0x61, 0x75, 0x73, - 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x73, 0x74, 0x43, 0x61, 0x75, 0x73, 0x65, - 0x22, 0x30, 0x0a, 0x04, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x65, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x69, 0x6e, 0x65, 0x52, 0x05, 0x6c, 0x69, 0x6e, - 0x65, 0x73, 0x22, 0x9f, 0x02, 0x0a, 0x0d, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x46, 0x69, 0x6e, - 0x64, 0x69, 0x6e, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x75, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x75, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x1a, 0x0a, - 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x76, - 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x76, - 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x09, 0x73, 0x74, 0x61, 0x72, 0x74, 0x4c, 0x69, 0x6e, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6e, - 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x65, 0x6e, - 0x64, 0x4c, 0x69, 0x6e, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, - 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x12, 0x29, 0x0a, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x4a, 0x04, - 0x08, 0x09, 0x10, 0x0a, 0x22, 0x5d, 0x0a, 0x06, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x1a, - 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x70, 0x61, 0x74, 0x68, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x69, - 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, - 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x46, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x66, 0x69, 0x6e, 0x64, 0x69, - 0x6e, 0x67, 0x73, 0x2a, 0x44, 0x0a, 0x08, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, - 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, - 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x45, 0x44, 0x49, 0x55, 0x4d, 0x10, - 0x02, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x49, 0x47, 0x48, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x43, - 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x04, 0x42, 0x31, 0x5a, 0x2f, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x49, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x18, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x1a, 0x4b, 0x0a, 0x09, 0x43, 0x76, + 0x73, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x43, 0x56, 0x53, 0x53, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x59, 0x0a, 0x13, 0x56, 0x65, 0x6e, 0x64, 0x6f, + 0x72, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x2c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x16, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, + 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x22, 0x42, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x57, 0x0a, 0x05, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x12, + 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x69, 0x66, 0x66, 0x5f, + 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x66, 0x66, 0x49, 0x64, + 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x62, 0x79, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x42, 0x79, 0x22, + 0x76, 0x0a, 0x04, 0x43, 0x56, 0x53, 0x53, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x32, 0x5f, 0x76, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x32, 0x56, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x33, 0x5f, 0x76, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x33, 0x56, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x32, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x01, 0x52, 0x07, 0x76, 0x32, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x12, 0x19, 0x0a, 0x08, + 0x76, 0x33, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, + 0x76, 0x33, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x22, 0x98, 0x01, 0x0a, 0x0e, 0x43, 0x75, 0x73, 0x74, + 0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, + 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x29, 0x0a, 0x05, 0x6c, + 0x61, 0x79, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, + 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, + 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x04, 0x64, 0x61, + 0x74, 0x61, 0x22, 0xf3, 0x01, 0x0a, 0x04, 0x4c, 0x69, 0x6e, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x19, 0x0a, + 0x08, 0x69, 0x73, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x69, 0x73, 0x43, 0x61, 0x75, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6e, + 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x72, 0x75, 0x6e, + 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x74, 0x72, 0x75, + 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x69, + 0x67, 0x68, 0x74, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x68, 0x69, 0x67, + 0x68, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, 0x72, 0x73, + 0x74, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, + 0x69, 0x72, 0x73, 0x74, 0x43, 0x61, 0x75, 0x73, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x73, + 0x74, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, + 0x61, 0x73, 0x74, 0x43, 0x61, 0x75, 0x73, 0x65, 0x22, 0x30, 0x0a, 0x04, 0x43, 0x6f, 0x64, 0x65, + 0x12, 0x28, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x12, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, + 0x69, 0x6e, 0x65, 0x52, 0x05, 0x6c, 0x69, 0x6e, 0x65, 0x73, 0x22, 0x9f, 0x02, 0x0a, 0x0d, 0x53, + 0x65, 0x63, 0x72, 0x65, 0x74, 0x46, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x17, 0x0a, 0x07, + 0x72, 0x75, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, + 0x75, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, + 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, + 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, + 0x74, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x6c, 0x69, 0x6e, + 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x73, 0x74, 0x61, 0x72, 0x74, 0x4c, 0x69, + 0x6e, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x65, 0x6e, 0x64, 0x4c, 0x69, 0x6e, 0x65, 0x12, 0x26, 0x0a, + 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x72, + 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, + 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x08, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x29, 0x0a, 0x05, 0x6c, + 0x61, 0x79, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, + 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, + 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0x5d, 0x0a, 0x06, + 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x70, 0x61, + 0x74, 0x68, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x46, 0x69, 0x6e, 0x64, 0x69, 0x6e, + 0x67, 0x52, 0x08, 0x66, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x73, 0x2a, 0x44, 0x0a, 0x08, 0x53, + 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, + 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x0a, 0x0a, + 0x06, 0x4d, 0x45, 0x44, 0x49, 0x55, 0x4d, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x49, 0x47, + 0x48, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, + 0x04, 0x42, 0x31, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, + 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3b, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/rpc/common/service.proto b/rpc/common/service.proto index 782e9c587880..15fda3a8b915 100644 --- a/rpc/common/service.proto +++ b/rpc/common/service.proto @@ -109,6 +109,7 @@ message Vulnerability { map vendor_severity = 21; string pkg_path = 22; string pkg_id = 23; + int32 status = 24; } message DataSource {