From 4e1316c37f6909c5c49ea3b2254a708a9de3a139 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Sun, 13 Aug 2023 13:32:08 +0600 Subject: [PATCH 1/3] revert 32bit bins (#4977) --- ci/deploy-deb.sh | 2 ++ goreleaser.yml | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ci/deploy-deb.sh b/ci/deploy-deb.sh index 1ddd68a7ee96..81cba977afa1 100755 --- a/ci/deploy-deb.sh +++ b/ci/deploy-deb.sh @@ -7,12 +7,14 @@ cd trivy-repo/deb for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do echo "Removing deb package of $release" + reprepro -A i386 remove $release trivy reprepro -A amd64 remove $release trivy reprepro -A arm64 remove $release trivy done for release in ${DEBIAN_RELEASES[@]} ${UBUNTU_RELEASES[@]}; do echo "Adding deb package to $release" + reprepro includedeb $release ../../dist/*Linux-32bit.deb reprepro includedeb $release ../../dist/*Linux-64bit.deb reprepro includedeb $release ../../dist/*Linux-ARM64.deb done diff --git a/goreleaser.yml b/goreleaser.yml index b3e9dce7c571..b8a8a08a1a50 100644 --- a/goreleaser.yml +++ b/goreleaser.yml @@ -12,6 +12,8 @@ builds: goos: - linux goarch: + - 386 + - arm - amd64 - arm64 - s390x @@ -31,6 +33,7 @@ builds: - freebsd goarch: # modernc.org/sqlite doesn't support freebsd/arm64, etc. + - 386 - amd64 - id: build-macos main: cmd/trivy/main.go @@ -60,6 +63,7 @@ builds: goos: - windows goarch: + # modernc.org/sqlite doesn't support windows/386 and windows/arm, etc. - amd64 goarm: - 7 @@ -88,6 +92,7 @@ nfpms: {{- else if eq .Os "dragonfly" }}DragonFlyBSD {{- else}}{{- title .Os }}{{ end }}- {{- if eq .Arch "amd64" }}64bit + {{- else if eq .Arch "386" }}32bit {{- else if eq .Arch "arm" }}ARM {{- else if eq .Arch "arm64" }}ARM64 {{- else if eq .Arch "ppc64le" }}PPC64LE @@ -112,6 +117,7 @@ archives: {{- else if eq .Os "dragonfly" }}DragonFlyBSD {{- else}}{{- .Os }}{{ end }}- {{- if eq .Arch "amd64" }}64bit + {{- else if eq .Arch "386" }}32bit {{- else if eq .Arch "arm" }}ARM {{- else if eq .Arch "arm64" }}ARM64 {{- else if eq .Arch "ppc64le" }}PPC64LE From c74870500ad9ec9b380f0f3548fe9c5a48649201 Mon Sep 17 00:00:00 2001 From: Anais Urlichs <33576047+AnaisUrlichs@users.noreply.github.com> Date: Sun, 13 Aug 2023 08:40:08 +0100 Subject: [PATCH 2/3] docs: adding blog post on ec2 (#4813) * adding blog post on ec2 Signed-off-by: AnaisUrlichs * update title of section Signed-off-by: AnaisUrlichs * changing the location of the article to be under Vulnerabilities --------- Signed-off-by: AnaisUrlichs --- docs/tutorials/additional-resources/community.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/additional-resources/community.md b/docs/tutorials/additional-resources/community.md index 9b24ae91c84e..c1ab7241e4e5 100644 --- a/docs/tutorials/additional-resources/community.md +++ b/docs/tutorials/additional-resources/community.md @@ -1,9 +1,10 @@ # Community References Below is a list of additional resources from the community. -## Vulnderability Scanning +## Vulnerability Scanning - [Detecting Spring4Shell with Trivy and Grype](https://youtu.be/mOfBcpJWwSs) +- [Scan OS of your EC2 instances with Trivy](https://pabis.eu/blog/2023-05-01-Scan-Instances-With-Trivy.html) ## CI/CD Pipelines @@ -34,4 +35,4 @@ Below is a list of additional resources from the community. ### Evaluations - [Istio evaluating to use Trivy](https://github.com/istio/release-builder/pull/687#issuecomment-874938417) -- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888) \ No newline at end of file +- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888) From 6f03c79405e7d3f77dac0c70c265d972a63ba629 Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Wed, 16 Aug 2023 17:34:03 +0600 Subject: [PATCH 3/3] feat(c): add location for lock file dependencies. (#4994) * add location for conan lock files * bump go-dep-parser * go mod tidy --- .../scanner/vulnerability/language/index.md | 2 +- go.mod | 12 ++-- go.sum | 24 ++++---- integration/testdata/conan.json.golden | 56 ++++++++++++++++--- .../analyzer/language/c/conan/conan_test.go | 12 ++++ 5 files changed, 80 insertions(+), 26 deletions(-) diff --git a/docs/docs/scanner/vulnerability/language/index.md b/docs/docs/scanner/vulnerability/language/index.md index 7190bc2b01f1..cdd833767876 100644 --- a/docs/docs/scanner/vulnerability/language/index.md +++ b/docs/docs/scanner/vulnerability/language/index.md @@ -28,7 +28,7 @@ | | go.mod[^6] | - | - | ✅ | ✅ | included | - | | [Rust](rust.md) | Cargo.lock | ✅ | ✅ | ✅ | ✅ | excluded | ✅ | | | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) | ✅ | ✅ | - | - | excluded | - | -| C/C++ | conan.lock[^12] | - | - | ✅ | ✅ | excluded | - | +| C/C++ | conan.lock[^12] | - | - | ✅ | ✅ | excluded | ✅ | | Elixir | mix.lock[^12] | - | - | ✅ | ✅ | excluded | ✅ | | Dart | pubspec.lock | - | - | ✅ | ✅ | included | - | diff --git a/go.mod b/go.mod index 9614b71c7edf..a6f523b138b6 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/alicebob/miniredis/v2 v2.30.4 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 github.com/aquasecurity/defsec v0.91.1 - github.com/aquasecurity/go-dep-parser v0.0.0-20230803125501-bd9cf68d8636 + github.com/aquasecurity/go-dep-parser v0.0.0-20230816082938-c86bfd152132 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 @@ -98,8 +98,8 @@ require ( golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/mod v0.12.0 golang.org/x/sync v0.3.0 - golang.org/x/term v0.10.0 - golang.org/x/text v0.11.0 + golang.org/x/term v0.11.0 + golang.org/x/text v0.12.0 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 google.golang.org/protobuf v1.31.0 gopkg.in/yaml.v3 v3.0.1 @@ -356,10 +356,10 @@ require ( go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.11.0 // indirect - golang.org/x/net v0.12.0 // indirect + golang.org/x/crypto v0.12.0 // indirect + golang.org/x/net v0.14.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.10.0 // indirect + golang.org/x/sys v0.11.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.10.0 // indirect google.golang.org/api v0.121.0 // indirect diff --git a/go.sum b/go.sum index ec0e561318f7..a405d68b7783 100644 --- a/go.sum +++ b/go.sum @@ -323,8 +323,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= github.com/aquasecurity/defsec v0.91.1 h1:dBIPm6Tva9I+ZTQv+6t9wob3ZlMSu8NFqMJr4mgJC5A= github.com/aquasecurity/defsec v0.91.1/go.mod h1:l/srzxtuuyb6c6FlqUvMp3xw2ZbvuZ0l9972MNJM7V8= -github.com/aquasecurity/go-dep-parser v0.0.0-20230803125501-bd9cf68d8636 h1:8f/1XPe9xcd8BkXU0LfQXNKmlCUB957674usf+Y/af0= -github.com/aquasecurity/go-dep-parser v0.0.0-20230803125501-bd9cf68d8636/go.mod h1:Cl6aYro+Ddzh1MB451j/C6rvwKdn/Ifa7z98sFirJ9I= +github.com/aquasecurity/go-dep-parser v0.0.0-20230816082938-c86bfd152132 h1:SiiJwsijT2zgXJLGAPc5xXYH6QAnZjfsegm6vi2h/qo= +github.com/aquasecurity/go-dep-parser v0.0.0-20230816082938-c86bfd152132/go.mod h1:0+GvQF0gL4YEAAUPpNeLeGpFDxMvvIHLMd7vk9bpwko= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s= github.com/aquasecurity/go-mock-aws v0.0.0-20230328195059-5bf52338aec3 h1:Vt9y1gZS5JGY3tsL9zc++Cg4ofX51CG7PaMyC5SXWPg= @@ -1814,8 +1814,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1928,8 +1928,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2108,8 +2108,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2117,8 +2117,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2133,8 +2133,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden index 33040c5bd2d8..4f8be4f3f884 100644 --- a/integration/testdata/conan.json.golden +++ b/integration/testdata/conan.json.golden @@ -25,21 +25,39 @@ "Name": "bzip2", "Version": "1.0.8", "Indirect": true, - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 37, + "EndLine": 43 + } + ] }, { "ID": "expat/2.4.8", "Name": "expat", "Version": "2.4.8", "Indirect": true, - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 51, + "EndLine": 57 + } + ] }, { "ID": "openssl/1.1.1q", "Name": "openssl", "Version": "1.1.1q", "Indirect": true, - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 65, + "EndLine": 71 + } + ] }, { "ID": "pcre/8.43", @@ -50,7 +68,13 @@ "bzip2/1.0.8", "zlib/1.2.12" ], - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 26, + "EndLine": 36 + } + ] }, { "ID": "poco/1.9.4", @@ -63,21 +87,39 @@ "sqlite3/3.39.2", "openssl/1.1.1q" ], - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 12, + "EndLine": 25 + } + ] }, { "ID": "sqlite3/3.39.2", "Name": "sqlite3", "Version": "3.39.2", "Indirect": true, - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 58, + "EndLine": 64 + } + ] }, { "ID": "zlib/1.2.12", "Name": "zlib", "Version": "1.2.12", "Indirect": true, - "Layer": {} + "Layer": {}, + "Locations": [ + { + "StartLine": 44, + "EndLine": 50 + } + ] } ], "Vulnerabilities": [ diff --git a/pkg/fanal/analyzer/language/c/conan/conan_test.go b/pkg/fanal/analyzer/language/c/conan/conan_test.go index c2bf42890162..fcb3237bfb61 100644 --- a/pkg/fanal/analyzer/language/c/conan/conan_test.go +++ b/pkg/fanal/analyzer/language/c/conan/conan_test.go @@ -35,12 +35,24 @@ func Test_conanLockAnalyzer_Analyze(t *testing.T) { DependsOn: []string{ "zlib/1.2.12", }, + Locations: []types.Location{ + { + StartLine: 12, + EndLine: 21, + }, + }, }, { ID: "zlib/1.2.12", Name: "zlib", Version: "1.2.12", Indirect: true, + Locations: []types.Location{ + { + StartLine: 22, + EndLine: 28, + }, + }, }, }, },