Skip to content

Commit

Permalink
chore: Upgrade Trivy from v0.19.2 to v0.20.0 (#736)
Browse files Browse the repository at this point in the history
Resolves: #735
  • Loading branch information
py-go authored Oct 8, 2021
1 parent f8a500f commit a986a4e
Show file tree
Hide file tree
Showing 8 changed files with 20 additions and 15 deletions.
2 changes: 1 addition & 1 deletion deploy/helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ starboard:

trivy:
# imageRef the Trivy image reference.
imageRef: docker.io/aquasec/trivy:0.19.2
imageRef: docker.io/aquasec/trivy:0.20.0

# mode is the Trivy client mode. Either Standalone or ClientServer. Depending
# on the active mode other settings might be applicable or required.
Expand Down
2 changes: 1 addition & 1 deletion deploy/static/05-starboard-operator.config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ metadata:
labels:
"app.kubernetes.io/managed-by": "starboard"
data:
trivy.imageRef: docker.io/aquasec/trivy:0.19.2
trivy.imageRef: docker.io/aquasec/trivy:0.20.0
trivy.severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
trivy.mode: Standalone
trivy.resources.requests.cpu: 100m
Expand Down
2 changes: 1 addition & 1 deletion docs/integrations/vulnerability-scanners/trivy.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ EOF

| CONFIGMAP KEY | DEFAULT | DESCRIPTION |
| --------------------------------- | ---------------------------------- | ----------- |
| `trivy.imageRef` | `docker.io/aquasec/trivy:0.19.2` | Trivy image reference |
| `trivy.imageRef` | `docker.io/aquasec/trivy:0.20.0` | Trivy image reference |
| `trivy.mode` | `Standalone` | Trivy client mode. Either `Standalone` or `ClientServer`. Depending on the active mode other settings might be applicable or required. |
| `trivy.severity` | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | A comma separated list of severity levels reported by Trivy |
| `trivy.ignoreUnfixed` | N/A | Whether to show only fixed vulnerabilities in vulnerabilities reported by Trivy. Set to `"true"` to enable it. |
Expand Down
2 changes: 1 addition & 1 deletion itest/matcher/matcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ var (
trivyScanner = v1alpha1.Scanner{
Name: "Trivy",
Vendor: "Aqua Security",
Version: "0.19.2",
Version: "0.20.0",
}
polarisScanner = v1alpha1.Scanner{
Name: "Polaris",
Expand Down
2 changes: 1 addition & 1 deletion itest/matcher/matcher_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func TestVulnerabilityReportMatcher(t *testing.T) {
Scanner: v1alpha1.Scanner{
Name: "Trivy",
Vendor: "Aqua Security",
Version: "0.19.2",
Version: "0.20.0",
},
Vulnerabilities: []v1alpha1.Vulnerability{},
},
Expand Down
6 changes: 5 additions & 1 deletion pkg/plugin/trivy/model.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,15 @@ import (
"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
)

type ScanReport struct {
type ScanResult struct {
Target string `json:"Target"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
}

type ScanReport struct {
Results []ScanResult `json:"Results"`
}

type Vulnerability struct {
VulnerabilityID string `json:"VulnerabilityID"`
PkgName string `json:"PkgName"`
Expand Down
7 changes: 3 additions & 4 deletions pkg/plugin/trivy/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator) vulnerabilityreport
func (p *plugin) Init(ctx starboard.PluginContext) error {
return ctx.EnsureConfig(starboard.PluginConfig{
Data: map[string]string{
keyTrivyImageRef: "docker.io/aquasec/trivy:0.19.2",
keyTrivyImageRef: "docker.io/aquasec/trivy:0.20.0",
keyTrivySeverity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
keyTrivyMode: string(Standalone),

Expand Down Expand Up @@ -851,15 +851,14 @@ func (p *plugin) ParseVulnerabilityReportData(ctx starboard.PluginContext, image
if err != nil {
return v1alpha1.VulnerabilityReportData{}, err
}

var reports []ScanReport
var reports ScanReport
err = json.NewDecoder(logsReader).Decode(&reports)
if err != nil {
return v1alpha1.VulnerabilityReportData{}, err
}
vulnerabilities := make([]v1alpha1.Vulnerability, 0)

for _, report := range reports {
for _, report := range reports.Results {
for _, sr := range report.Vulnerabilities {
vulnerabilities = append(vulnerabilities, v1alpha1.Vulnerability{
VulnerabilityID: sr.VulnerabilityID,
Expand Down
12 changes: 7 additions & 5 deletions pkg/plugin/trivy/plugin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ func TestPlugin_Init(t *testing.T) {
ResourceVersion: "1",
},
Data: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.19.2",
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
"trivy.mode": "Standalone",

Expand All @@ -355,7 +355,7 @@ func TestPlugin_Init(t *testing.T) {
ResourceVersion: "1",
},
Data: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.19.2",
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
"trivy.mode": "Standalone",
},
Expand Down Expand Up @@ -389,7 +389,7 @@ func TestPlugin_Init(t *testing.T) {
ResourceVersion: "1",
},
Data: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.19.2",
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
"trivy.mode": "Standalone",
},
Expand Down Expand Up @@ -2031,7 +2031,9 @@ CVE-2019-1543`,
}

var (
sampleReportAsString = `[{
sampleReportAsString = `{
"SchemaVersion": 2,
"Results":[{
"Target": "alpine:3.10.2 (alpine 3.10.2)",
"Type": "alpine",
"Vulnerabilities": [
Expand Down Expand Up @@ -2061,7 +2063,7 @@ var (
]
}
]
}]`
}]}`

sampleReport = v1alpha1.VulnerabilityReportData{
UpdateTimestamp: metav1.NewTime(fixedTime),
Expand Down

0 comments on commit a986a4e

Please sign in to comment.