Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(report): add support for SPDX #2059

Merged
merged 21 commits into from
May 2, 2022
Merged

feat(report): add support for SPDX #2059

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
8067742
added spdx format support
ShiraCohen33 Apr 27, 2022
57a5276
combined spdx and spdx-json to the same case
ShiraCohen33 Apr 27, 2022
cede86d
delete vendor folder
ShiraCohen33 Apr 27, 2022
4f18de4
added spdx doc
ShiraCohen33 Apr 27, 2022
45c97f6
added usage information
ShiraCohen33 Apr 27, 2022
fec9bb4
fix conflict
ShiraCohen33 Apr 27, 2022
4111f0b
fix error from documentation test
ShiraCohen33 Apr 27, 2022
1de6540
added error handling
ShiraCohen33 Apr 27, 2022
ed510f0
fix linter
ShiraCohen33 Apr 27, 2022
f75604a
changed to SPDX-2.2 version
ShiraCohen33 Apr 28, 2022
04b89f1
changed package spdx identifier to hash function
ShiraCohen33 Apr 28, 2022
67e94ef
deleted result files
ShiraCohen33 Apr 28, 2022
2a292a6
checked return value fo getPackgeID function
ShiraCohen33 Apr 28, 2022
8aa0677
refactor: group imports
knqyf263 Apr 30, 2022
e2cc6de
fix spdx.md file
ShiraCohen33 May 1, 2022
2f1c81f
Merge branch 'support-spdx' of https://github.com/ShiraCohen33/trivy …
ShiraCohen33 May 1, 2022
d334a41
delete replace
ShiraCohen33 May 1, 2022
7227eb1
fix go.mod
ShiraCohen33 May 1, 2022
c49450b
refactor: use exp/slices
knqyf263 May 2, 2022
52c9edb
docs: add SPDX
knqyf263 May 2, 2022
d2e230c
test(report): fix
knqyf263 May 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix linter
  • Loading branch information
@ShiraCohen33
ShiraCohen33 committed Apr 27, 2022
commit ed510f011c56c847950e86b6289054a172d3c5ab
213 changes: 107 additions & 106 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,111 +13,112 @@ nav:
- Installation: getting-started/installation.md
- Quick Start: getting-started/quickstart.md
- Further Reading: getting-started/further.md
- Docs:
- Overview: docs/index.md
- Vulnerability:
- Scanning:
- Overview: docs/vulnerability/scanning/index.md
- Container Image: docs/vulnerability/scanning/image.md
- Filesystem: docs/vulnerability/scanning/filesystem.md
- Rootfs: docs/vulnerability/scanning/rootfs.md
- Git Repository: docs/vulnerability/scanning/git-repository.md
- Detection:
- OS Packages: docs/vulnerability/detection/os.md
- Language-specific Packages: docs/vulnerability/detection/language.md
- Data Sources: docs/vulnerability/detection/data-source.md
- Supported: docs/vulnerability/detection/supported.md
- Examples:
- Vulnerability Filtering: docs/vulnerability/examples/filter.md
- Report Formats: docs/vulnerability/examples/report.md
- Vulnerability DB: docs/vulnerability/examples/db.md
- Cache: docs/vulnerability/examples/cache.md
- Others: docs/vulnerability/examples/others.md
- Distributions: docs/vulnerability/distributions.md
- Languages:
- Go: docs/vulnerability/languages/golang.md
- Misconfiguration:
- Scanning:
- Overview: docs/misconfiguration/index.md
- Infrastructure as Code: docs/misconfiguration/iac.md
- Filesystem: docs/misconfiguration/filesystem.md
- Policy:
- Built-in Policies: docs/misconfiguration/policy/builtin.md
- Exceptions: docs/misconfiguration/policy/exceptions.md
- Custom Policies:
- Overview: docs/misconfiguration/custom/index.md
- Data: docs/misconfiguration/custom/data.md
- Combine: docs/misconfiguration/custom/combine.md
- Testing: docs/misconfiguration/custom/testing.md
- Debugging Policies: docs/misconfiguration/custom/debug.md
- Examples: docs/misconfiguration/custom/examples.md
- Options:
- Policy: docs/misconfiguration/options/policy.md
- Filtering: docs/misconfiguration/options/filter.md
- Report Formats: docs/misconfiguration/options/report.md
- Others: docs/misconfiguration/options/others.md
- Comparison:
- vs Conftest: docs/misconfiguration/comparison/conftest.md
- vs tfsec: docs/misconfiguration/comparison/tfsec.md
- vs cfsec: docs/misconfiguration/comparison/cfsec.md
- Secret:
- Scanning: docs/secret/scanning.md
- Configuration: docs/secret/configuration.md
- Examples: docs/secret/examples.md
- SBOM:
- Overview: docs/sbom/index.md
- CycloneDX: docs/sbom/cyclonedx.md
- Integrations:
- Overview: docs/integrations/index.md
- GitHub Actions: docs/integrations/github-actions.md
- CircleCI: docs/integrations/circleci.md
- Travis CI: docs/integrations/travis-ci.md
- GitLab CI: docs/integrations/gitlab-ci.md
- Bitbucket Pipelines: docs/integrations/bitbucket.md
- AWS CodePipeline: docs/integrations/aws-codepipeline.md
- AWS Security Hub: docs/integrations/aws-security-hub.md
- Advanced:
- Plugins: docs/advanced/plugins.md
- Air-Gapped Environment: docs/advanced/air-gap.md
- Container Image:
- Embed in Dockerfile: docs/advanced/container/embed-in-dockerfile.md
- Unpacked container image filesystem: docs/advanced/container/unpacked-filesystem.md
- OCI Image: docs/advanced/container/oci.md
- Podman: docs/advanced/container/podman.md
- Private Docker Registries:
- Overview: docs/advanced/private-registries/index.md
- Docker Hub: docs/advanced/private-registries/docker-hub.md
- AWS ECR (Elastic Container Registry): docs/advanced/private-registries/ecr.md
- GCR (Google Container Registry): docs/advanced/private-registries/gcr.md
- ACR (Azure Container Registry): docs/advanced/private-registries/acr.md
- Self-Hosted: docs/advanced/private-registries/self.md
- References:
- CLI:
- Overview: docs/references/cli/index.md
- Image: docs/references/cli/image.md
- Config: docs/references/cli/config.md
- Filesystem: docs/references/cli/fs.md
- Rootfs: docs/references/cli/rootfs.md
- Repository: docs/references/cli/repo.md
- Client: docs/references/cli/client.md
- Server: docs/references/cli/server.md
- Plugins: docs/references/cli/plugins.md
- SBOM: docs/references/cli/sbom.md
- Modes:
- Standalone: docs/references/modes/standalone.md
- Client/Server: docs/references/modes/client-server.md
- Troubleshooting: docs/references/troubleshooting.md
- Community:
- Tools: community/tools.md
- References: community/references.md
- CKS Reference: community/cks.md
- Credits: community/credit.md
- How to contribute:
- Issues: community/contribute/issue.md
- Pull Requests: community/contribute/pr.md
- Maintainer:
- Help Wanted: community/maintainer/help-wanted.md
- Triage: community/maintainer/triage.md
- Docs:
- Overview: docs/index.md
- Vulnerability:
- Scanning:
- Overview: docs/vulnerability/scanning/index.md
- Container Image: docs/vulnerability/scanning/image.md
- Filesystem: docs/vulnerability/scanning/filesystem.md
- Rootfs: docs/vulnerability/scanning/rootfs.md
- Git Repository: docs/vulnerability/scanning/git-repository.md
- Detection:
- OS Packages: docs/vulnerability/detection/os.md
- Language-specific Packages: docs/vulnerability/detection/language.md
- Data Sources: docs/vulnerability/detection/data-source.md
- Supported: docs/vulnerability/detection/supported.md
- Examples:
- Vulnerability Filtering: docs/vulnerability/examples/filter.md
- Report Formats: docs/vulnerability/examples/report.md
- Vulnerability DB: docs/vulnerability/examples/db.md
- Cache: docs/vulnerability/examples/cache.md
- Others: docs/vulnerability/examples/others.md
- Distributions: docs/vulnerability/distributions.md
- Languages:
- Go: docs/vulnerability/languages/golang.md
- Misconfiguration:
- Scanning:
- Overview: docs/misconfiguration/index.md
- Infrastructure as Code: docs/misconfiguration/iac.md
- Filesystem: docs/misconfiguration/filesystem.md
- Policy:
- Built-in Policies: docs/misconfiguration/policy/builtin.md
- Exceptions: docs/misconfiguration/policy/exceptions.md
- Custom Policies:
- Overview: docs/misconfiguration/custom/index.md
- Data: docs/misconfiguration/custom/data.md
- Combine: docs/misconfiguration/custom/combine.md
- Testing: docs/misconfiguration/custom/testing.md
- Debugging Policies: docs/misconfiguration/custom/debug.md
- Examples: docs/misconfiguration/custom/examples.md
- Options:
- Policy: docs/misconfiguration/options/policy.md
- Filtering: docs/misconfiguration/options/filter.md
- Report Formats: docs/misconfiguration/options/report.md
- Others: docs/misconfiguration/options/others.md
- Comparison:
- vs Conftest: docs/misconfiguration/comparison/conftest.md
- vs tfsec: docs/misconfiguration/comparison/tfsec.md
- vs cfsec: docs/misconfiguration/comparison/cfsec.md
- Secret:
- Scanning: docs/secret/scanning.md
- Configuration: docs/secret/configuration.md
- Examples: docs/secret/examples.md
- SBOM:
- Overview: docs/sbom/index.md
- CycloneDX: docs/sbom/cyclonedx.md
- SPDX: docs/sbom/spdx.md
- Integrations:
- Overview: docs/integrations/index.md
- GitHub Actions: docs/integrations/github-actions.md
- CircleCI: docs/integrations/circleci.md
- Travis CI: docs/integrations/travis-ci.md
- GitLab CI: docs/integrations/gitlab-ci.md
- Bitbucket Pipelines: docs/integrations/bitbucket.md
- AWS CodePipeline: docs/integrations/aws-codepipeline.md
- AWS Security Hub: docs/integrations/aws-security-hub.md
- Advanced:
- Plugins: docs/advanced/plugins.md
- Air-Gapped Environment: docs/advanced/air-gap.md
- Container Image:
- Embed in Dockerfile: docs/advanced/container/embed-in-dockerfile.md
- Unpacked container image filesystem: docs/advanced/container/unpacked-filesystem.md
- OCI Image: docs/advanced/container/oci.md
- Podman: docs/advanced/container/podman.md
- Private Docker Registries:
- Overview: docs/advanced/private-registries/index.md
- Docker Hub: docs/advanced/private-registries/docker-hub.md
- AWS ECR (Elastic Container Registry): docs/advanced/private-registries/ecr.md
- GCR (Google Container Registry): docs/advanced/private-registries/gcr.md
- ACR (Azure Container Registry): docs/advanced/private-registries/acr.md
- Self-Hosted: docs/advanced/private-registries/self.md
- References:
- CLI:
- Overview: docs/references/cli/index.md
- Image: docs/references/cli/image.md
- Config: docs/references/cli/config.md
- Filesystem: docs/references/cli/fs.md
- Rootfs: docs/references/cli/rootfs.md
- Repository: docs/references/cli/repo.md
- Client: docs/references/cli/client.md
- Server: docs/references/cli/server.md
- Plugins: docs/references/cli/plugins.md
- SBOM: docs/references/cli/sbom.md
- Modes:
- Standalone: docs/references/modes/standalone.md
- Client/Server: docs/references/modes/client-server.md
- Troubleshooting: docs/references/troubleshooting.md
- Community:
- Tools: community/tools.md
- References: community/references.md
- CKS Reference: community/cks.md
- Credits: community/credit.md
- How to contribute:
- Issues: community/contribute/issue.md
- Pull Requests: community/contribute/pr.md
- Maintainer:
- Help Wanted: community/maintainer/help-wanted.md
- Triage: community/maintainer/triage.md
theme:
name: material
language: "en"
Expand Down Expand Up @@ -148,4 +149,4 @@ extra:

plugins:
- search
- macros
- macros
5 changes: 3 additions & 2 deletions pkg/report/spdx/spdx.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,14 @@ import (

"golang.org/x/xerrors"

ftypes "github.com/aquasecurity/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/google/uuid"
"github.com/spdx/tools-golang/jsonsaver"
"github.com/spdx/tools-golang/spdx"
"github.com/spdx/tools-golang/tvsaver"
"k8s.io/utils/clock"

ftypes "github.com/aquasecurity/fanal/types"
"github.com/aquasecurity/trivy/pkg/types"
)

const (
Expand Down