Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 (#1885)

Browse Source 
* chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1

Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.49.1 to 0.50.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml)
- [Commits](https://github.com/aquasecurity/trivy/compare/v0.49.1...v0.50.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* refactor(cmd/report): use trivy default for trivy-java-db-repository default value

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
This commit is contained in:
dependabot[bot]
2024-03-28 13:09:49 +09:00
committed by GitHub
parent e25ec99968
commit 5d5dcd5f41
9 changed files with 185 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scanner/trivy/jar/jar.go
View File

@@ -9,10 +9,10 @@ import (
"golang.org/x/xerrors"
dio "github.com/aquasecurity/go-dep-parser/pkg/io"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/parallel"
xio "github.com/aquasecurity/trivy/pkg/x/io"
)
func init() {
@@ -41,7 +41,7 @@ func newJavaLibraryAnalyzer(options analyzer.AnalyzerOptions) (analyzer.PostAnal
func (a *javaLibraryAnalyzer) PostAnalyze(ctx context.Context, input analyzer.PostAnalysisInput) (*analyzer.AnalysisResult, error) {
// It will be called on each JAR file
onFile := func(path string, info fs.FileInfo, r dio.ReadSeekerAt) (*types.Application, error) {
onFile := func(path string, info fs.FileInfo, r xio.ReadSeekerAt) (*types.Application, error) {
p := newParser(withSize(info.Size()), withFilePath(path))
parsedLibs, err := p.parse(r)
if err != nil {

8
scanner/trivy/jar/parse.go
View File

@@ -11,9 +11,9 @@ import (
"regexp"
"strings"
dio "github.com/aquasecurity/go-dep-parser/pkg/io"
"github.com/aquasecurity/go-dep-parser/pkg/log"
"github.com/aquasecurity/trivy/pkg/digest"
"github.com/aquasecurity/trivy/pkg/log"
xio "github.com/aquasecurity/trivy/pkg/x/io"
"github.com/samber/lo"
"go.uber.org/zap"
"golang.org/x/xerrors"
@@ -87,7 +87,7 @@ func newParser(opts ...option) *parser {
return p
}
func (p *parser) parse(r dio.ReadSeekerAt) ([]jarLibrary, error) {
func (p *parser) parse(r xio.ReadSeekerAt) ([]jarLibrary, error) {
libs, err := p.parseArtifact(p.rootFilePath, p.size, r)
if err != nil {
return nil, xerrors.Errorf("Failed to parse %s. err: %w", p.rootFilePath, err)
@@ -98,7 +98,7 @@ func (p *parser) parse(r dio.ReadSeekerAt) ([]jarLibrary, error) {
// This function MUST NOT return empty list unless an error occurred.
// The least element contains file path and SHA1 digest, they can be used at detect phase to
// determine actual name and version.
func (p *parser) parseArtifact(filePath string, size int64, r dio.ReadSeekerAt) ([]jarLibrary, error) {
func (p *parser) parseArtifact(filePath string, size int64, r xio.ReadSeekerAt) ([]jarLibrary, error) {
log.Logger.Debugw("Parsing Java artifacts...", zap.String("file", filePath))
sha1, err := digest.CalcSHA1(r)