Closed msmeissn closed 2 months ago
I tried to build using "mage", but it does not work with mage-v1.11.0~git0.07afc7d-150500.1.1.x86_64 on SLES 15 SP5.
"No .go files marked with the mage build tag in this directory." (neither in top or in cmd/trivy/)
go build cmd/trivy/main.go goes through
i did some test but i need to figure out how to run tests first, the mage howto does not seem to work on older mage
Trivy mage commands - https://aquasecurity.github.io/trivy/v0.52/community/contribute/pr/#development
Also you can always use go test
One thing, scans work (the image currently will always report this one entry, as the version was lowered after the update):
./trivy image registry.opensuse.org/opensuse/bci/bci-init:latest
2024-07-03T16:48:59+02:00 INFO Vulnerability scanning is enabled
2024-07-03T16:48:59+02:00 INFO Secret scanning is enabled
2024-07-03T16:48:59+02:00 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-07-03T16:48:59+02:00 INFO Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret#recommendation for faster secret detection
2024-07-03T16:49:01+02:00 INFO Detected OS family="opensuse.tumbleweed" version="20240607"
2024-07-03T16:49:01+02:00 INFO [opensuse.tumbleweed] Detecting vulnerabilities... os_version="20240607" pkg_num=149
2024-07-03T16:49:01+02:00 INFO Number of language-specific files num=0
registry.opensuse.org/opensuse/bci/bci-init:latest (opensuse.tumbleweed 20240607)
=================================================================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
┌─────────────┬──────────────────────────┬──────────┬────────┬───────────────────┬────────────────────┬────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────┼──────────────────────────┼──────────┼────────┼───────────────────┼────────────────────┼────────────────────────────────────────┤
│ permissions │ openSUSE-SU-2024:11165-1 │ MEDIUM │ fixed │ 1699_20240522-1.1 │ 20210901.1550-29.2 │ chkstat-1550_20210901-29.2 on GA media │
└─────────────┴──────────────────────────┴──────────┴────────┴───────────────────┴────────────────────┴────────────────────────────────────────┘
I otherwise started on more tests, but the integration tests are a bit large:
how does the reference image get onto ghcr.io/aquasecurity/trivy-test-images: ?
you need to add your image to this script - https://github.com/aquasecurity/trivy-test-images/blob/master/copy-images.sh
how is golden generated? manually edited?
Use mage:updateGolden
command to update integration golden files
Update:
I added some integration tests now, and mage test:integration seems to go through. trying to get test:unit to work, but i need to find/build a working tinygo for openSUSE first.
@msmeissn Thanks for your great contribution!
Description
This adds openSUSE Tumbleweed support. Tumbleweed is a rolling release, it has no version and currently no EOL.
The CVRF data is in the same location as the openSUSE Leap data.
The os detector is already detecting it.
Related issues
Related PRs
Checklist