Skip to content

Commit

Permalink
chore(deps): Update trivy to v0.43.1 (#243)
Browse files Browse the repository at this point in the history
* chore(deps): Update trivy to v0.43.1

* fix tests

Signed-off-by: Simar <[email protected]>

---------

Signed-off-by: Simar <[email protected]>
  • Loading branch information
simar7 authored Jul 17, 2023
1 parent 41f05d9 commit 3dd517d
Show file tree
Hide file tree
Showing 6 changed files with 8 additions and 14 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.42.1
TRIVY_VERSION: 0.43.1
BATS_LIB_PATH: '/usr/lib/'
jobs:
build:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/aquasecurity/trivy:0.42.1
FROM ghcr.io/aquasecurity/trivy:0.43.1
COPY entrypoint.sh /
RUN apk --no-cache add bash curl npm
RUN chmod +x /entrypoint.sh
Expand Down
2 changes: 1 addition & 1 deletion test/data/config-sarif.test
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
}
}
],
"version": "0.42.1"
"version": "0.43.1"
}
},
"results": [
Expand Down
2 changes: 1 addition & 1 deletion test/data/image-sarif.test
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
}
}
],
"version": "0.42.1"
"version": "0.43.1"
}
},
"results": [
Expand Down
7 changes: 2 additions & 5 deletions test/data/image-trivyignores.test
Original file line number Diff line number Diff line change
Expand Up @@ -75,15 +75,12 @@ Total: 19 (CRITICAL: 19)

rust-app/Cargo.lock (cargo)
===========================
Total: 2 (CRITICAL: 2)
Total: 1 (CRITICAL: 1)

┌──────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├──────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ openssl │ CVE-2018-20997 │ CRITICAL │ 0.8.3 │ 0.10.9 │ Use after free in openssl │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20997 │
├──────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ smallvec │ CVE-2021-25900 │ │ 0.6.9 │ 1.6.1, 0.6.14 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ smallvec │ CVE-2021-25900 │ CRITICAL │ 0.6.9 │ 1.6.1, 0.6.14 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ │ │ │ │ │ and 1.x... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-25900 │
└──────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
7 changes: 2 additions & 5 deletions test/data/image.test
Original file line number Diff line number Diff line change
Expand Up @@ -75,15 +75,12 @@ Total: 19 (CRITICAL: 19)

rust-app/Cargo.lock (cargo)
===========================
Total: 5 (CRITICAL: 5)
Total: 4 (CRITICAL: 4)

┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ openssl │ CVE-2018-20997 │ CRITICAL │ 0.8.3 │ 0.10.9 │ Use after free in openssl │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20997 │
├───────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ rand_core │ CVE-2020-25576 │ │ 0.4.0 │ 0.3.1, 0.4.2 │ An issue was discovered in the rand_core crate before 0.4.2 │
│ rand_core │ CVE-2020-25576 │ CRITICAL │ 0.4.0 │ 0.3.1, 0.4.2 │ An issue was discovered in the rand_core crate before 0.4.2 │
│ │ │ │ │ │ for Rust.... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25576 │
├───────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
Expand Down

0 comments on commit 3dd517d

Please sign in to comment.