Skip to content

Commit

Permalink
feat(trivy): Bump to v0.45.0 (aquasecurity#256)
Browse files Browse the repository at this point in the history
  • Loading branch information
simar7 authored Sep 1, 2023
1 parent 559eb12 commit fbd1636
Show file tree
Hide file tree
Showing 6 changed files with 151 additions and 178 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.43.1
TRIVY_VERSION: 0.45.0
BATS_LIB_PATH: '/usr/lib/'
jobs:
build:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/aquasecurity/trivy:0.43.1
FROM ghcr.io/aquasecurity/trivy:0.45.0
COPY entrypoint.sh /
RUN apk --no-cache add bash curl npm
RUN chmod +x /entrypoint.sh
Expand Down
2 changes: 1 addition & 1 deletion test/data/config-sarif.test
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
}
}
],
"version": "0.43.1"
"version": "0.45.0"
}
},
"results": [
Expand Down
150 changes: 69 additions & 81 deletions test/data/image-trivyignores.test

Large diffs are not rendered by default.

162 changes: 69 additions & 93 deletions test/data/image.test

Large diffs are not rendered by default.

11 changes: 10 additions & 1 deletion test/data/yamlconfig.test
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@
"PkgName": "apk-tools",
"InstalledVersion": "2.10.6-r0",
"FixedVersion": "2.10.7-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:396c31837116ac290458afcb928f68b6cc1c7bdd6963fc72f52f365a2a89c1b5",
"DiffID": "sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
Expand All @@ -75,6 +76,7 @@
"Name": "Alpine Secdb",
"URL": "https://secdb.alpinelinux.org/"
},
"Title": "an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash",
"Description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
"Severity": "CRITICAL",
"CweIDs": [
Expand All @@ -86,15 +88,22 @@
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"V2Score": 6.4,
"V3Score": 9.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"V3Score": 9.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2021-36159",
"https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch",
"https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749",
"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E",
"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E",
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E",
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E",
"https://nvd.nist.gov/vuln/detail/CVE-2021-36159",
"https://www.cve.org/CVERecord?id=CVE-2021-36159"
],
"PublishedDate": "2021-08-03T14:15:00Z",
"LastModifiedDate": "2021-10-18T12:19:00Z"
Expand Down

0 comments on commit fbd1636

Please sign in to comment.