-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consuming CSAF model from go v1.20 projects #508
Comments
Lowering the required Go version should be fine. PR #509 implements this. |
Ah that's awesome. Thanks! |
As i've overlooked the dependencies to log/slog and slices I've sat the PR back to draft. |
@s-l-teichmann / @bernhardreiter: We should discuss this in the next meeting. |
@mpermar Please test - this should be resolved with the current |
Looks good to me. Trivy builds now when pointing it to main branch's commit hash. When do you think there will be a release including this change? We will pin it to the hash for the time being, but it is nicer to have a release. |
There are a few things that we need to test before the next release. Nevertheless, the plan is to have it before the end of the year.
|
Understood. I think this issue can be closed now. Thanks for the quick response! |
The CSAF current model requires go 1.21.
As a continuation of #367 , @juan131 has been working with the folks from AquaSecurity to add support to the CSAF VEX profile in the Trivy Open Source scanner.
However, we haven't been able to find a workaround and Trivy's policy is to use the immediate older Golang version, currently 1.20. So, right now we are blocked as it is not possible to integrate it with this library. There are a couple of approaches we have been thinking:
max
andclear
functions from 1.21. So it's literally a few line changes.In the spirit of #367 which was aiming to make easier consumption, what do you think if we downgrade the golang dependency? The change is simple, we have the PR ready to be merged, all tests are passing and it will make adoption broader.
@bernhardreiter @tschmidtb51 @s-l-teichmann , thoughts?
The text was updated successfully, but these errors were encountered: