Skip to content

Commit

Permalink
docs(license): review fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@dus7eh
dus7eh committed Mar 1, 2024
1 parent b63f6ec commit 61dcb50
Show file tree
Hide file tree
Showing 3 changed files with 115 additions and 7 deletions.
4 changes: 2 additions & 2 deletions docs/docs/configuration/filtering.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,7 @@ Available fields:
| Field | Required | Type | Description |
|------------|:--------:|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| id || string | The identifier of the vulnerability, misconfiguration, secret, or license[^1]. |
| paths | | string array | The list of file paths to ignore. If `paths` is not set, the ignore finding is applied to all files. |
| paths[^2] | | string array | The list of file paths to ignore. If `paths` is not set, the ignore finding is applied to all files. |
| purls | | string array | The list of PURLs to ignore packages. If `purls` is not set, the ignore finding is applied to all packages. This field is currently available only for vulnerabilities. |
| expired_at | | date (`yyyy-mm-dd`) | The expiration date of the ignore finding. If `expired_at` is not set, the ignore finding is always valid. |
| statement | | string | The reason for ignoring the finding. (This field is not used for filtering.) |
Expand Down Expand Up @@ -494,4 +494,4 @@ Please refer to the [VEX documentation](../supply-chain/vex.md) for the details.
[^1]: license name is used as id for `.trivyignore.yaml` files.
[^2]: This doesn't work for os package licenses (e.g. apk, dpkg, rpm).
[^2]: This doesn't work for os package licenses (e.g. apk, dpkg, rpm). For projects which manage dependencies through a dependency file (e.g. go.mod, yarn.lock) `path` should point to that particular file.
9 changes: 4 additions & 5 deletions pkg/scanner/local/scan.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,6 @@ func (s Scanner) scanLicenses(target types.ScanTarget, options types.ScanOptions
Confidence: 1.0,
})
}

}
results = append(results, types.Result{
Target: "OS Packages",
Expand All @@ -312,10 +311,10 @@ func (s Scanner) scanLicenses(target types.ScanTarget, options types.ScanOptions
for _, license := range lib.Licenses {
category, severity := scanner.Scan(license)
langLicenses = append(langLicenses, types.DetectedLicense{
Severity: severity,
Category: category,
PkgName: lib.Name,
Name: license,
Severity: severity,
Category: category,
PkgName: lib.Name,
Name: license,
// Lock files use app.FilePath - https://github.com/aquasecurity/trivy/blob/6ccc0a554b07b05fd049f882a1825a0e1e0aabe1/pkg/fanal/types/artifact.go#L245-L246
// Applications use lib.FilePath - https://github.com/aquasecurity/trivy/blob/6ccc0a554b07b05fd049f882a1825a0e1e0aabe1/pkg/fanal/types/artifact.go#L93-L94
FilePath: lo.Ternary(lib.FilePath != "", lib.FilePath, app.FilePath),
Expand Down
109 changes: 109 additions & 0 deletions pkg/scanner/local/scan_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,115 @@ func TestScanner_Scan(t *testing.T) {
Eosl: true,
},
},
{
name: "happy path",
args: args{
target: "alpine:latest",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
Scanners: types.Scanners{types.LicenseScanner},
},
},
fixtures: []string{"testdata/fixtures/happy.yaml"},
applyLayersExpectation: ApplierApplyLayersExpectation{
Args: ApplierApplyLayersArgs{
BlobIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
},
Returns: ApplierApplyLayersReturns{
Detail: ftypes.ArtifactDetail{
OS: ftypes.OS{
Family: ftypes.Alpine,
Name: "3.11",
},
Packages: []ftypes.Package{
{
Name: "musl",
Version: "1.2.3",
SrcName: "musl",
SrcVersion: "1.2.3",
Layer: ftypes.Layer{
DiffID: "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888",
},
},
},
Applications: []ftypes.Application{
{
FilePath: "/app/go.mod",
Libraries: []ftypes.Package{
{
Name: "github.com/google/uuid",
Version: "1.6.0",
FilePath: "",
Layer: ftypes.Layer{
DiffID: "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33",
},
Licenses: []string{"LGPL"},
},
},
},
{
FilePath: "",
Libraries: []ftypes.Package{
{
Name: "urllib3",
Version: "3.2.1",
FilePath: "/usr/lib/python/site-packages/urllib3-3.2.1/METADATA",
Layer: ftypes.Layer{
DiffID: "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33",
},
Licenses: []string{"MIT"},
},
},
},
},
},
},
},
wantResults: types.Results{
{
Target: "OS Packages",
Class: types.ClassLicense,
},
{
Target: "/app/go.mod",
Class: types.ClassLicense,
Licenses: []types.DetectedLicense{
{
Severity: "UNKNOWN",
Category: "unknown",
PkgName: "github.com/google/uuid",
FilePath: "/app/go.mod",
Name: "LGPL",
Confidence: 1,
Link: "",
},
},
},
{
Target: "",
Class: types.ClassLicense,
Licenses: []types.DetectedLicense{
{
Severity: "UNKNOWN",
Category: "unknown",
PkgName: "urllib3",
FilePath: "/usr/lib/python/site-packages/urllib3-3.2.1/METADATA",
Name: "MIT",
Confidence: 1,
},
},
},
{
Target: "Loose File License(s)",
Class: types.ClassLicenseFile,
},
},
wantOS: ftypes.OS{
Family: "alpine",
Name: "3.11",
Eosl: false,
},
},
{
name: "happy path with list all packages",
args: args{
Expand Down

0 comments on commit 61dcb50

Please sign in to comment.