bump trivy version to v0.51.1 (#353 )

* bump trivy version to v0.51.1 * update tests
Update bump-trivy.yaml
6 changed files with 10 additions and 10 deletions
--- a/.github/workflows/bump-trivy.yaml
+++ b/.github/workflows/bump-trivy.yaml
@ -18,7 +18,6 @@ jobs:
      - name: Update Trivy versions
        run: |
          sed -r -i "s/ghcr.io\/aquasecurity\/trivy:[0-9]+\.[0-9]+\.[0-9]+/ghcr.io\/aquasecurity\/trivy:${{ inputs.trivy_version }}/" Dockerfile
-          sed -r -i "s/TRIVY_VERSION: [0-9]+\.[0-9]+\.[0-9]+/TRIVY_VERSION: ${{ inputs.trivy_version }}/" .github/workflows/build.yaml
          find test/data -type f -name '*.test' | xargs sed -r -i 's/"version": "[0-9]+\.[0-9]+\.[0-9]+"/"version": "${{ inputs.trivy_version }}"/'

      - name: Create PR
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@ -6,7 +6,7 @@ on:
  workflow_dispatch:

 env:
-  TRIVY_VERSION: 0.50.2
+  TRIVY_VERSION: 0.51.1
  BATS_LIB_PATH: '/usr/lib/'

 jobs:
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM ghcr.io/aquasecurity/trivy:0.50.2
+FROM ghcr.io/aquasecurity/trivy:0.51.1
 COPY entrypoint.sh /
 RUN apk --no-cache add bash curl npm
 RUN chmod +x /entrypoint.sh
--- a/test/data/image-scan/report
+++ b/test/data/image-scan/report
@ -27,7 +27,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ git         │ CVE-2018-17456 │          │        │ 2.15.2-r0         │ 2.15.3-r0     │ git: arbitrary code execution via .gitmodules                │
@ -58,7 +58,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ musl        │ CVE-2019-14697 │          │        │ 1.1.18-r3         │ 1.1.18-r4     │ musl libc through 1.1.23 has an x87 floating-point stack     │
@ -69,7 +69,7 @@ Total: 19 (CRITICAL: 19)
 │             │                │          │        │                   │               │                                                              │
 │             │                │          │        │                   │               │                                                              │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
-│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ heap out-of-bound read in function rtreenode()               │
+│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ sqlite: heap out-of-bound read in function rtreenode()       │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-8457                    │
 └─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

--- a/test/data/with-ignore-files/report
+++ b/test/data/with-ignore-files/report
@ -27,7 +27,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ git         │ CVE-2018-17456 │          │        │ 2.15.2-r0         │ 2.15.3-r0     │ git: arbitrary code execution via .gitmodules                │
@ -58,7 +58,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ musl        │ CVE-2019-14697 │          │        │ 1.1.18-r3         │ 1.1.18-r4     │ musl libc through 1.1.23 has an x87 floating-point stack     │
@ -69,7 +69,7 @@ Total: 19 (CRITICAL: 19)
 │             │                │          │        │                   │               │                                                              │
 │             │                │          │        │                   │               │                                                              │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
-│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ heap out-of-bound read in function rtreenode()               │
+│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ sqlite: heap out-of-bound read in function rtreenode()       │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-8457                    │
 └─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

--- a/test/data/with-trivy-yaml-cfg/report.json
+++ b/test/data/with-trivy-yaml-cfg/report.json
@ -64,7 +64,8 @@
          "PkgID": "apk-tools@2.10.6-r0",
          "PkgName": "apk-tools",
          "PkgIdentifier": {
-            "PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64\u0026distro=3.10.9"
+            "PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64\u0026distro=3.10.9",
+            "UID": "a6adb154870b6380"
          },
          "InstalledVersion": "2.10.6-r0",
          "FixedVersion": "2.10.7-r0",
Author	SHA1	Message	Date
simar7	b2933f565d	bump trivy version to v0.51.1 (#353 ) * bump trivy version to v0.51.1 * update tests	2 weeks ago
simar7	b2cd5ff52c	Update bump-trivy.yaml	2 weeks ago