Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(os-pkg): add data sources #1636

Merged
merged 12 commits into from
Jan 28, 2022
Merged

feat(os-pkg): add data sources #1636

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
f9d7b5b
feat(os-pkg): add data sources info to vulnerabilities
afdesk Jan 27, 2022
4e37bf6
Add test data with data sources for os packages
afdesk Jan 27, 2022
0c1b5a4
Fix the link for Rocky test data
afdesk Jan 27, 2022
37094a3
Fix unit tests for testdata with data sources
afdesk Jan 27, 2022
6c186ad
Add data source bucket for integration tests
afdesk Jan 28, 2022
09fe92a
add DataSource info into testdata
afdesk Jan 28, 2022
d93569d
Merge branch 'main' of github.com:aquasecurity/trivy into ds_ospkg
afdesk Jan 28, 2022
f981b17
Add DataSource field to RPC results
afdesk Jan 28, 2022
0613096
Add smoky tests for ConvertFromRPCDataSource and ConvertToRPCDataSource
afdesk Jan 28, 2022
c2ca12a
Merge branch 'main' of github.com:aquasecurity/trivy into ds_ospkg
afdesk Jan 28, 2022
32b2577
improve unit tests for rpc
afdesk Jan 28, 2022
cf3d17d
fix panic for empty data sources
afdesk Jan 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add data source bucket for integration tests
  • Loading branch information
@afdesk
afdesk committed Jan 28, 2022
commit 6c186adbdf3bd7c06530663d866a31af98130fcc
382 changes: 382 additions & 0 deletions integration/testdata/fixtures/db/data-source.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,382 @@
- bucket: data-source
pairs:
- key: GitHub Security Advisory Composer
value:
Name: "GitHub Security Advisory Composer"
URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Acomposer"
- key: GitHub Security Advisory Maven
value:
Name: "GitHub Security Advisory Maven"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven"
- key: GitHub Security Advisory Npm
value:
Name: "GitHub Security Advisory Npm"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm"
- key: GitHub Security Advisory Nuget
value:
Name: "GitHub Security Advisory Nuget"
URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Anuget"
- key: GitHub Security Advisory Pip
value:
Name: "GitHub Security Advisory Pip"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
- key: GitHub Security Advisory RubyGems
value:
Name: "GitHub Security Advisory RubyGems"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arubygems"
- key: Oracle Linux 5
value:
Name: "Oracle Linux OVAL definitions"
URL: "https://linux.oracle.com/security/oval/"
- key: Oracle Linux 6
value:
Name: "Oracle Linux OVAL definitions"
URL: "https://linux.oracle.com/security/oval/"
- key: Oracle Linux 7
value:
Name: "Oracle Linux OVAL definitions"
URL: "https://linux.oracle.com/security/oval/"
- key: Oracle Linux 8
value:
Name: "Oracle Linux OVAL definitions"
URL: "https://linux.oracle.com/security/oval/"
- key: Photon OS 1.0
value:
Name: "Photon OS CVE metadata"
URL: "https://packages.vmware.com/photon/photon_cve_metadata/"
- key: Photon OS 2.0
value:
Name: "Photon OS CVE metadata"
URL: "https://packages.vmware.com/photon/photon_cve_metadata/"
- key: Photon OS 3.0
value:
Name: "Photon OS CVE metadata"
URL: "https://packages.vmware.com/photon/photon_cve_metadata/"
- key: Photon OS 4.0
value:
Name: "Photon OS CVE metadata"
URL: "https://packages.vmware.com/photon/photon_cve_metadata/"
- key: SUSE Linux Enterprise 11
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 11-PUBCLOUD
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 11.1
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 11.2
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 11.3
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 11.4
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 12
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 12.1
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 12.2
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 12.3
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 12.4
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 12.5
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 15
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 15-ESPOS
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 15.1
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 15.2
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 15.3
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 15.4
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 5.0
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: SUSE Linux Enterprise 5.1
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: alma 8
value:
Name: "AlmaLinux Product Errata"
URL: "https://errata.almalinux.org/"
- key: alpine 3.10
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.11
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.12
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.13
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.14
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.15
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.2
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.3
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.4
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.5
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.6
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.7
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.8
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: alpine 3.9
value:
Name: "Alpine Secdb"
URL: "https://secdb.alpinelinux.org/"
- key: amazon linux 1
value:
Name: "Amazon Linux Security Center"
URL: "https://alas.aws.amazon.com/"
- key: amazon linux 2
value:
Name: "Amazon Linux Security Center"
URL: "https://alas.aws.amazon.com/"
- key: archlinux
value:
Name: "Arch Linux Vulnerable issues"
URL: "https://security.archlinux.org/"
- key: cargo::Open Source Vulnerability
value:
Name: "RustSec Advisory Database"
URL: "https://github.com/RustSec/advisory-db"
- key: debian 10
value:
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: debian 11
value:
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: debian 12
value:
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: debian 7
value:
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: debian 8
value:
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: debian 9
value:
Name: "Debian Security Tracker"
URL: "https://salsa.debian.org/security-tracker-team/security-tracker"
- key: go::GitLab Advisory Database Community
value:
Name: "GitLab Advisory Database Community"
URL: "https://gitlab.com/gitlab-org/advisories-community"
- key: go::The Go Vulnerability Database
value:
Name: "The Go Vulnerability Database"
URL: "https://github.com/golang/vulndb"
- key: maven::GitLab Advisory Database Community
value:
Name: "GitLab Advisory Database Community"
URL: "https://gitlab.com/gitlab-org/advisories-community"
- key: nodejs-security-wg
value:
Name: "Node.js Ecosystem Security Working Group"
URL: "https://github.com/nodejs/security-wg"
- key: openSUSE Leap 15.0
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 15.1
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 15.2
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 15.3
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 15.4
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 42.1
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 42.2
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: openSUSE Leap 42.3
value:
Name: "SUSE CVRF"
URL: "https://ftp.suse.com/pub/projects/security/cvrf/"
- key: php-security-advisories
value:
Name: "PHP Security Advisories Database"
URL: "https://github.com/FriendsOfPHP/security-advisories"
- key: pip::Open Source Vulnerability
value:
Name: "Python Packaging Advisory Database"
URL: "https://github.com/pypa/advisory-db"
- key: rocky 8
value:
Name: "Rocky Linux updateinfo"
URL: "https://download.rockylinux.org/pub/rocky/"
- key: ruby-advisory-db
value:
Name: "Ruby Advisory Database"
URL: "https://github.com/rubysec/ruby-advisory-db"
- key: ubuntu 12.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 12.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 13.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 13.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 14.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 14.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 15.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 15.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 16.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 16.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 17.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 17.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 18.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 18.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 19.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 19.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 20.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 20.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 21.04
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"
- key: ubuntu 21.10
value:
Name: "Ubuntu CVE Tracker"
URL: "https://git.launchpad.net/ubuntu-cve-tracker"