Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add overview page for others #7972

Merged
merged 4 commits into from
Nov 21, 2024
Merged

docs: add overview page for others #7972

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
19bd1d3
docs: add overview page for `others`
DmitriyLewen Nov 21, 2024
cd01a84
docs: remove conda from language page
DmitriyLewen Nov 21, 2024
8a6c5cb
refactor
DmitriyLewen Nov 21, 2024
cce672b
docs: fix typo
DmitriyLewen Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 12 additions & 14 deletions docs/docs/coverage/language/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This is because Trivy primarily categorizes targets into two groups:
If the target is a pre-build project, like a code repository, Trivy will analyze files used for building, such as lock files.
On the other hand, when the target is a post-build artifact, like a container image, Trivy will analyze installed package metadata like `.gemspec`, binary files, and so on.

| Language | File | Image[^5] | Rootfs[^6] | Filesystem[^7] | Repository[^8] |
| Language | File | Image[^4] | Rootfs[^5] | Filesystem[^6] | Repository[^7] |
|----------------------|--------------------------------------------------------------------------------------------|:---------:|:----------:|:--------------:|:--------------:|
| [Ruby](ruby.md) | Gemfile.lock | - | - | ✅ | ✅ |
| | gemspec | ✅ | ✅ | - | - |
Expand All @@ -25,7 +25,6 @@ On the other hand, when the target is a post-build artifact, like a container im
| | requirements.txt | - | - | ✅ | ✅ |
| | egg package[^1] | ✅ | ✅ | - | - |
| | wheel package[^2] | ✅ | ✅ | - | - |
| | conda package[^3] | ✅ | ✅ | - | - |
| [PHP](php.md) | composer.lock | - | - | ✅ | ✅ |
| | installed.json | ✅ | ✅ | - | - |
| [Node.js](nodejs.md) | package-lock.json | - | - | ✅ | ✅ |
Expand All @@ -35,8 +34,8 @@ On the other hand, when the target is a post-build artifact, like a container im
| [.NET](dotnet.md) | packages.lock.json | ✅ | ✅ | ✅ | ✅ |
| | packages.config | ✅ | ✅ | ✅ | ✅ |
| | .deps.json | ✅ | ✅ | ✅ | ✅ |
| | *Packages.props[^11] | ✅ | ✅ | ✅ | ✅ |
| [Java](java.md) | JAR/WAR/PAR/EAR[^4] | ✅ | ✅ | - | - |
| | *Packages.props[^10] | ✅ | ✅ | ✅ | ✅ |
| [Java](java.md) | JAR/WAR/PAR/EAR[^3] | ✅ | ✅ | - | - |
| | pom.xml | - | - | ✅ | ✅ |
| | *gradle.lockfile | - | - | ✅ | ✅ |
| | *.sbt.lock | - | - | ✅ | ✅ |
Expand All @@ -45,7 +44,7 @@ On the other hand, when the target is a post-build artifact, like a container im
| [Rust](rust.md) | Cargo.lock | ✅ | ✅ | ✅ | ✅ |
| | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) | ✅ | ✅ | - | - |
| [C/C++](c.md) | conan.lock | - | - | ✅ | ✅ |
| [Elixir](elixir.md) | mix.lock[^10] | - | - | ✅ | ✅ |
| [Elixir](elixir.md) | mix.lock[^9] | - | - | ✅ | ✅ |
| [Dart](dart.md) | pubspec.lock | - | - | ✅ | ✅ |
| [Swift](swift.md) | Podfile.lock | - | - | ✅ | ✅ |
| | Package.resolved | - | - | ✅ | ✅ |
Expand All @@ -61,12 +60,11 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do

[^1]: `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO`
[^2]: `.dist-info/META-DATA`
[^3]: `envs/*/conda-meta/*.json`
[^4]: `*.jar`, `*.war`, `*.par` and `*.ear`
[^5]: ✅ means "enabled" and `-` means "disabled" in the image scanning
[^6]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^7]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^8]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
[^9]: ✅ means that Trivy detects line numbers where each dependency is declared in the scanned file. Only supported in [json](../../configuration/reporting.md#json) and [sarif](../../configuration/reporting.md#sarif) formats. SARIF uses `startline == 1 and endline == 1` for unsupported file types
[^10]: To scan a filename other than the default filename use [file-patterns](../../configuration/skipping.md#file-patterns)
[^11]: `Directory.Packages.props` and legacy `Packages.props` file names are supported
[^3]: `*.jar`, `*.war`, `*.par` and `*.ear`
[^4]: ✅ means "enabled" and `-` means "disabled" in the image scanning
[^5]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^6]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^7]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
[^8]: ✅ means that Trivy detects line numbers where each dependency is declared in the scanned file. Only supported in [json](../../configuration/reporting.md#json) and [sarif](../../configuration/reporting.md#sarif) formats. SARIF uses `startline == 1 and endline == 1` for unsupported file types
[^9]: To scan a filename other than the default filename use [file-patterns](../../configuration/skipping.md#file-patterns)
[^10]: `Directory.Packages.props` and legacy `Packages.props` file names are supported
28 changes: 28 additions & 0 deletions docs/docs/coverage/others/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Others

In this section we have placed images, package managers and files that we can't assign to existing sections.

Trivy supports them for

- [SBOM][sbom]
- [Vulnerabilities][vuln]
- [Licenses][license]

## Supported elements

| Element | File | Image[^1] | Rootfs[^2] | Filesystem[^3] | Repository[^4] |
|--------------------------------|-----------------------------------------------------|:---------:|:----------:|:--------------:|:--------------:|
| [Bitnami packages](bitnami.md) | `/opt/bitnami/<component>/.spdx-<component>.spdx` | ✅ | ✅ | - | - |
| [Conda](conda.md) | `<conda-root>/envs/<env>/conda-meta/<package>.json` | ✅ | ✅ | - | - |
| | `environment.yml` | - | - | ✅ | ✅ |
| [RPM Archives](rpm.md) | `*.rpm` | ✅[^5] | ✅[^5] | ✅[^5] | ✅[^5] |

[sbom]: ../../supply-chain/sbom.md
[vuln]: ../../scanner/vulnerability.md
[license]: ../../scanner/license.md

[^1]: ✅ means "enabled" and `-` means "disabled" in the image scanning
[^2]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^3]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^4]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
[^5]: Only if the `TRIVY_EXPERIMENTAL_RPM_ARCHIVE` env is set.
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ nav:
- Kubernetes: docs/coverage/iac/kubernetes.md
- Terraform: docs/coverage/iac/terraform.md
- Others:
- Overview: docs/coverage/others/index.md
- Bitnami Images: docs/coverage/others/bitnami.md
- Conda: docs/coverage/others/conda.md
- RPM Archives: docs/coverage/others/rpm.md
Expand Down