feat(trivy): Bump Trivy to v0.37.1 (#199)

Signed-off-by: Simar <simar@linux.com>
1 year ago · cff3e9a7f6
parent ab15891596
commit cff3e9a7f6
6 changed files with 114 additions and 8 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -1,7 +1,7 @@
 name: "build"
 on: [push, pull_request]
 env:
-  TRIVY_VERSION: 0.34.0
+  TRIVY_VERSION: 0.37.1
  BATS_LIB_PATH: '/usr/lib/'
 jobs:
  build:
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM ghcr.io/aquasecurity/trivy:0.34.0
+FROM ghcr.io/aquasecurity/trivy:0.37.1
 COPY entrypoint.sh /
 RUN apk --no-cache add bash curl npm
 RUN chmod +x /entrypoint.sh
--- a/test/data/config-sarif.test
+++ b/test/data/config-sarif.test
@ -35,9 +35,36 @@
                  "HIGH"
                ]
              }
+            },
+            {
+              "id": "DS026",
+              "name": "Misconfiguration",
+              "shortDescription": {
+                "text": "No HEALTHCHECK defined"
+              },
+              "fullDescription": {
+                "text": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers."
+              },
+              "defaultConfiguration": {
+                "level": "note"
+              },
+              "helpUri": "https://avd.aquasec.com/misconfig/ds026",
+              "help": {
+                "text": "Misconfiguration DS026\nType: Dockerfile Security Check\nSeverity: LOW\nCheck: No HEALTHCHECK defined\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)\nYou shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
+                "markdown": "**Misconfiguration DS026**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Dockerfile Security Check|LOW|No HEALTHCHECK defined|Add HEALTHCHECK instruction in your Dockerfile|[DS026](https://avd.aquasec.com/misconfig/ds026)|\n\nYou shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers."
+              },
+              "properties": {
+                "precision": "very-high",
+                "security-severity": "2.0",
+                "tags": [
+                  "misconfiguration",
+                  "security",
+                  "LOW"
+                ]
+              }
            }
          ],
-          "version": "0.34.0"
+          "version": "0.37.1"
        }
      },
      "results": [
@ -67,6 +94,33 @@
              }
            }
          ]
+        },
+        {
+          "ruleId": "DS026",
+          "ruleIndex": 1,
+          "level": "note",
+          "message": {
+            "text": "Artifact: Dockerfile\nType: dockerfile\nVulnerability DS026\nSeverity: LOW\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "Dockerfile",
+                  "uriBaseId": "ROOTPATH"
+                },
+                "region": {
+                  "startLine": 1,
+                  "startColumn": 1,
+                  "endLine": 1,
+                  "endColumn": 1
+                }
+              },
+              "message": {
+                "text": "Dockerfile"
+              }
+            }
+          ]
        }
      ],
      "columnKind": "utf16CodeUnits",
--- a/test/data/config.test
+++ b/test/data/config.test
@ -20,8 +20,8 @@
      "Class": "config",
      "Type": "dockerfile",
      "MisconfSummary": {
-        "Successes": 21,
-        "Failures": 1,
+        "Successes": 22,
+        "Failures": 2,
        "Exceptions": 0
      },
      "Misconfigurations": [
@ -50,6 +50,32 @@
              "Lines": null
            }
          }
+        },
+        {
+          "Type": "Dockerfile Security Check",
+          "ID": "DS026",
+          "AVDID": "AVD-DS-0026",
+          "Title": "No HEALTHCHECK defined",
+          "Description": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
+          "Message": "Add HEALTHCHECK instruction in your Dockerfile",
+          "Namespace": "builtin.dockerfile.DS026",
+          "Query": "data.builtin.dockerfile.DS026.deny",
+          "Resolution": "Add HEALTHCHECK instruction in Dockerfile",
+          "Severity": "LOW",
+          "PrimaryURL": "https://avd.aquasec.com/misconfig/ds026",
+          "References": [
+            "https://blog.aquasec.com/docker-security-best-practices",
+            "https://avd.aquasec.com/misconfig/ds026"
+          ],
+          "Status": "FAIL",
+          "Layer": {},
+          "CauseMetadata": {
+            "Provider": "Dockerfile",
+            "Service": "general",
+            "Code": {
+              "Lines": null
+            }
+          }
        }
      ]
    }
--- a/test/data/fs-scheck.test
+++ b/test/data/fs-scheck.test
@ -20,8 +20,8 @@
      "Class": "config",
      "Type": "dockerfile",
      "MisconfSummary": {
-        "Successes": 21,
-        "Failures": 1,
+        "Successes": 22,
+        "Failures": 2,
        "Exceptions": 0
      },
      "Misconfigurations": [
@ -50,6 +50,32 @@
              "Lines": null
            }
          }
+        },
+        {
+          "Type": "Dockerfile Security Check",
+          "ID": "DS026",
+          "AVDID": "AVD-DS-0026",
+          "Title": "No HEALTHCHECK defined",
+          "Description": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
+          "Message": "Add HEALTHCHECK instruction in your Dockerfile",
+          "Namespace": "builtin.dockerfile.DS026",
+          "Query": "data.builtin.dockerfile.DS026.deny",
+          "Resolution": "Add HEALTHCHECK instruction in Dockerfile",
+          "Severity": "LOW",
+          "PrimaryURL": "https://avd.aquasec.com/misconfig/ds026",
+          "References": [
+            "https://blog.aquasec.com/docker-security-best-practices",
+            "https://avd.aquasec.com/misconfig/ds026"
+          ],
+          "Status": "FAIL",
+          "Layer": {},
+          "CauseMetadata": {
+            "Provider": "Dockerfile",
+            "Service": "general",
+            "Code": {
+              "Lines": null
+            }
+          }
        }
      ]
    }
--- a/test/data/image-sarif.test
+++ b/test/data/image-sarif.test
@ -37,7 +37,7 @@
              }
            }
          ],
-          "version": "0.34.0"
+          "version": "0.37.1"
        }
      },
      "results": [