Skip to content

Commit

Permalink
chore(deps): bump Trivy from v0.20.0 to v0.22.0 (#931)
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak authored Jan 25, 2022
1 parent 329c812 commit ac8b74c
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 37 deletions.
2 changes: 1 addition & 1 deletion deploy/helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ trivy:
createConfig: true

# imageRef the Trivy image reference.
imageRef: docker.io/aquasec/trivy:0.20.0
imageRef: docker.io/aquasec/trivy:0.22.0

# mode is the Trivy client mode. Either Standalone or ClientServer. Depending
# on the active mode other settings might be applicable or required.
Expand Down
2 changes: 1 addition & 1 deletion deploy/static/03-starboard-operator.config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ metadata:
app.kubernetes.io/version: "0.14.0"
app.kubernetes.io/managed-by: kubectl
data:
trivy.imageRef: "docker.io/aquasec/trivy:0.20.0"
trivy.imageRef: "docker.io/aquasec/trivy:0.22.0"
trivy.mode: "Standalone"
trivy.severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
trivy.resources.requests.cpu: 100m
Expand Down
52 changes: 26 additions & 26 deletions docs/integrations/vulnerability-scanners/trivy.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,33 +80,33 @@ EOF

## Settings

| CONFIGMAP KEY | DEFAULT | DESCRIPTION |
| --------------------------------- | ---------------------------------- | ----------- |
| `trivy.imageRef` | `docker.io/aquasec/trivy:0.20.0` | Trivy image reference |
| `trivy.mode` | `Standalone` | Trivy client mode. Either `Standalone` or `ClientServer`. Depending on the active mode other settings might be applicable or required. |
| `trivy.severity` | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | A comma separated list of severity levels reported by Trivy |
| `trivy.ignoreUnfixed` | N/A | Whether to show only fixed vulnerabilities in vulnerabilities reported by Trivy. Set to `"true"` to enable it. |
| `trivy.skipFiles` | N/A | A comma separated list of file paths for Trivy to skip traversal. |
| `trivy.skipDirs` | N/A | A comma separated list of directories for Trivy to skip traversal. |
| `trivy.ignoreFile` | N/A | It specifies the `.trivyignore` file which contains a list of vulnerability IDs to be ignored from vulnerabilities reported by Trivy. |
| `trivy.serverURL` | N/A | The endpoint URL of the Trivy server. Required in `ClientServer` mode. |
| `trivy.serverTokenHeader` | `Trivy-Token` | The name of the HTTP header to send the authentication token to Trivy server. Only application in `ClientServer` mode when `trivy.serverToken` is specified. |
| `trivy.insecureRegistry.<id>` | N/A | The registry to which insecure connections are allowed. There can be multiple registries with different registry `<id>`. |
| `trivy.nonSslRegistry.<id>` | N/A | A registry without SSL. There can be multiple registries with different registry `<id>`. |
| `trivy.registry.mirror.<registry>`| N/A | Mirror for the registry `<registry>`, e.g. `trivy.registry.mirror.index.docker.io: mirror.io` would use `mirror.io` to get images originated from `index.docker.io` |
| `trivy.httpProxy` | N/A | The HTTP proxy used by Trivy to download the vulnerabilities database from GitHub. |
| `trivy.httpsProxy` | N/A | The HTTPS proxy used by Trivy to download the vulnerabilities database from GitHub. |
| `trivy.noProxy` | N/A | A comma separated list of IPs and domain names that are not subject to proxy settings. |
| `trivy.resources.requests.cpu` | `100m` | The minimum amount of CPU required to run Trivy scanner pod. |
| `trivy.resources.requests.memory` | `100M` | The minimum amount of memory required to run Trivy scanner pod. |
| `trivy.resources.limits.cpu` | `500m` | The maximum amount of CPU allowed to run Trivy scanner pod. |
| `trivy.resources.limits.memory` | `500M` | The maximum amount of memory allowed to run Trivy scanner pod. |

| SECRET KEY | DESCRIPTION |
| --------------------------- | ----------- |
| CONFIGMAP KEY | DEFAULT | DESCRIPTION |
|------------------------------------|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `trivy.imageRef` | `docker.io/aquasec/trivy:0.22.0` | Trivy image reference |
| `trivy.mode` | `Standalone` | Trivy client mode. Either `Standalone` or `ClientServer`. Depending on the active mode other settings might be applicable or required. |
| `trivy.severity` | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` | A comma separated list of severity levels reported by Trivy |
| `trivy.ignoreUnfixed` | N/A | Whether to show only fixed vulnerabilities in vulnerabilities reported by Trivy. Set to `"true"` to enable it. |
| `trivy.skipFiles` | N/A | A comma separated list of file paths for Trivy to skip traversal. |
| `trivy.skipDirs` | N/A | A comma separated list of directories for Trivy to skip traversal. |
| `trivy.ignoreFile` | N/A | It specifies the `.trivyignore` file which contains a list of vulnerability IDs to be ignored from vulnerabilities reported by Trivy. |
| `trivy.serverURL` | N/A | The endpoint URL of the Trivy server. Required in `ClientServer` mode. |
| `trivy.serverTokenHeader` | `Trivy-Token` | The name of the HTTP header to send the authentication token to Trivy server. Only application in `ClientServer` mode when `trivy.serverToken` is specified. |
| `trivy.insecureRegistry.<id>` | N/A | The registry to which insecure connections are allowed. There can be multiple registries with different registry `<id>`. |
| `trivy.nonSslRegistry.<id>` | N/A | A registry without SSL. There can be multiple registries with different registry `<id>`. |
| `trivy.registry.mirror.<registry>` | N/A | Mirror for the registry `<registry>`, e.g. `trivy.registry.mirror.index.docker.io: mirror.io` would use `mirror.io` to get images originated from `index.docker.io` |
| `trivy.httpProxy` | N/A | The HTTP proxy used by Trivy to download the vulnerabilities database from GitHub. |
| `trivy.httpsProxy` | N/A | The HTTPS proxy used by Trivy to download the vulnerabilities database from GitHub. |
| `trivy.noProxy` | N/A | A comma separated list of IPs and domain names that are not subject to proxy settings. |
| `trivy.resources.requests.cpu` | `100m` | The minimum amount of CPU required to run Trivy scanner pod. |
| `trivy.resources.requests.memory` | `100M` | The minimum amount of memory required to run Trivy scanner pod. |
| `trivy.resources.limits.cpu` | `500m` | The maximum amount of CPU allowed to run Trivy scanner pod. |
| `trivy.resources.limits.memory` | `500M` | The maximum amount of memory allowed to run Trivy scanner pod. |

| SECRET KEY | DESCRIPTION |
|-----------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| `trivy.githubToken` | The GitHub access token used by Trivy to download the vulnerabilities database from GitHub. Only applicable in `Standalone` mode. |
| `trivy.serverToken` | The token to authenticate Trivy client with Trivy server. Only applicable in `ClientServer` mode. |
| `trivy.serverCustomHeaders` | A comma separated list of custom HTTP headers sent by Trivy client to Trivy server. Only applicable in `ClientServer` mode. |
| `trivy.serverToken` | The token to authenticate Trivy client with Trivy server. Only applicable in `ClientServer` mode. |
| `trivy.serverCustomHeaders` | A comma separated list of custom HTTP headers sent by Trivy client to Trivy server. Only applicable in `ClientServer` mode. |

[trivy-standalone]: https://aquasecurity.github.io/trivy/latest/modes/standalone/
[emptyDir-volume]: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
Expand Down
2 changes: 1 addition & 1 deletion itest/matcher/matcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ var (
trivyScanner = v1alpha1.Scanner{
Name: "Trivy",
Vendor: "Aqua Security",
Version: "0.20.0",
Version: "0.22.0",
}
polarisScanner = v1alpha1.Scanner{
Name: "Polaris",
Expand Down
2 changes: 1 addition & 1 deletion itest/matcher/matcher_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func TestVulnerabilityReportMatcher(t *testing.T) {
Scanner: v1alpha1.Scanner{
Name: "Trivy",
Vendor: "Aqua Security",
Version: "0.20.0",
Version: "0.22.0",
},
Vulnerabilities: []v1alpha1.Vulnerability{},
},
Expand Down
2 changes: 1 addition & 1 deletion pkg/plugin/trivy/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, client client.Clien
func (p *plugin) Init(ctx starboard.PluginContext) error {
return ctx.EnsureConfig(starboard.PluginConfig{
Data: map[string]string{
keyTrivyImageRef: "docker.io/aquasec/trivy:0.20.0",
keyTrivyImageRef: "docker.io/aquasec/trivy:0.22.0",
keyTrivySeverity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
keyTrivyMode: string(Standalone),

Expand Down
12 changes: 6 additions & 6 deletions pkg/plugin/trivy/plugin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -470,7 +470,7 @@ func TestPlugin_Init(t *testing.T) {
ResourceVersion: "1",
},
Data: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.imageRef": "docker.io/aquasec/trivy:0.22.0",
"trivy.severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
"trivy.mode": "Standalone",

Expand All @@ -495,7 +495,7 @@ func TestPlugin_Init(t *testing.T) {
ResourceVersion: "1",
},
Data: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.imageRef": "docker.io/aquasec/trivy:0.22.0",
"trivy.severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
"trivy.mode": "Standalone",
},
Expand Down Expand Up @@ -529,7 +529,7 @@ func TestPlugin_Init(t *testing.T) {
ResourceVersion: "1",
},
Data: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.imageRef": "docker.io/aquasec/trivy:0.22.0",
"trivy.severity": "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL",
"trivy.mode": "Standalone",
},
Expand Down Expand Up @@ -2693,7 +2693,7 @@ CVE-2019-1543`,
{
name: "Trivy fs scan command in Standalone mode",
config: map[string]string{
"trivy.imageRef": "docker.io/aquasec/trivy:0.20.0",
"trivy.imageRef": "docker.io/aquasec/trivy:0.22.0",
"trivy.mode": string(trivy.Standalone),
"trivy.command": string(trivy.FileSystemScan),
"trivy.resources.requests.cpu": "100m",
Expand Down Expand Up @@ -2737,7 +2737,7 @@ CVE-2019-1543`,
InitContainers: []corev1.Container{
{
Name: "00000000-0000-0000-0000-000000000001",
Image: "docker.io/aquasec/trivy:0.20.0",
Image: "docker.io/aquasec/trivy:0.22.0",
ImagePullPolicy: corev1.PullIfNotPresent,
TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
Command: []string{
Expand Down Expand Up @@ -2766,7 +2766,7 @@ CVE-2019-1543`,
},
{
Name: "00000000-0000-0000-0000-000000000002",
Image: "docker.io/aquasec/trivy:0.20.0",
Image: "docker.io/aquasec/trivy:0.22.0",
ImagePullPolicy: corev1.PullIfNotPresent,
TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
Env: []corev1.EnvVar{
Expand Down

0 comments on commit ac8b74c

Please sign in to comment.