From 6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 Mon Sep 17 00:00:00 2001 From: Vinayak S <84206636+Dr-DevOps@users.noreply.github.com> Date: Tue, 9 Jul 2024 11:49:25 +0530 Subject: [PATCH] Upgrade trivy to v0.53.0 (#369) * Upgrade trivy to v0.53.0 * update tests --------- Co-authored-by: Simar --- .github/workflows/test.yaml | 2 +- Dockerfile | 2 +- Makefile | 2 +- test/data/config-sarif-report/report.sarif | 14 +- test/data/config-scan/report.json | 1 - test/data/github-dep-snapshot/report.gsbom | 225 ++++++--------------- test/data/secret-scan/report.json | 1 - test/data/with-tf-vars/report.json | 1 - test/data/with-trivy-yaml-cfg/report.json | 3 +- 9 files changed, 67 insertions(+), 184 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 697a058b..bf8d889e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -6,7 +6,7 @@ on: workflow_dispatch: env: - TRIVY_VERSION: 0.52.2 + TRIVY_VERSION: 0.53.0 BATS_LIB_PATH: '/usr/lib/' jobs: diff --git a/Dockerfile b/Dockerfile index 08da527f..aecb1aa5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/aquasecurity/trivy:0.52.2 +FROM ghcr.io/aquasecurity/trivy:0.53.0 COPY entrypoint.sh / RUN apk --no-cache add bash curl npm RUN chmod +x /entrypoint.sh diff --git a/Makefile b/Makefile index 5c105348..ff89e22e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ .PHONY: test test: - BATS_LIB_PATH=/usr/local/lib/ bats -r . \ No newline at end of file + BATS_LIB_PATH=/usr/local/lib/ bats --recurisve --timing --verbose-run . \ No newline at end of file diff --git a/test/data/config-sarif-report/report.sarif b/test/data/config-sarif-report/report.sarif index 0602e452..71d4b80c 100644 --- a/test/data/config-sarif-report/report.sarif +++ b/test/data/config-sarif-report/report.sarif @@ -205,7 +205,7 @@ "text": "S3 buckets should each define an aws_s3_bucket_public_access_block" }, "fullDescription": { - "text": "The \u0026#34;block public access\u0026#34; settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it." + "text": "The "block public access" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it." }, "defaultConfiguration": { "level": "note" @@ -252,8 +252,7 @@ ] } } - ], - "version": "0.50.0" + ] } }, "results": [ @@ -501,12 +500,7 @@ ] } ], - "columnKind": "utf16CodeUnits", - "originalUriBaseIds": { - "ROOTPATH": { - "uri": "file://D:\\projects\\trivy-action\\test\\data\\config-sarif-report/" - } - } + "columnKind": "utf16CodeUnits" } ] -} \ No newline at end of file +} diff --git a/test/data/config-scan/report.json b/test/data/config-scan/report.json index 61c7dc88..62aab6c7 100644 --- a/test/data/config-scan/report.json +++ b/test/data/config-scan/report.json @@ -1,6 +1,5 @@ { "SchemaVersion": 2, - "CreatedAt": "2024-04-12T16:53:35.5567541+03:00", "ArtifactName": "test/data/config-scan", "ArtifactType": "filesystem", "Metadata": { diff --git a/test/data/github-dep-snapshot/report.gsbom b/test/data/github-dep-snapshot/report.gsbom index 355b1eca..b39d586a 100644 --- a/test/data/github-dep-snapshot/report.gsbom +++ b/test/data/github-dep-snapshot/report.gsbom @@ -2,23 +2,18 @@ "version": 0, "detector": { "name": "trivy", - "version": "0.50.0", "url": "https://github.com/aquasecurity/trivy" }, "metadata": { "aquasecurity:trivy:RepoDigest": "knqyf263/vuln-image@sha256:1e8b199249d6d0ef3419ddc6eda2348d9fbdb10d350d3bb70aa98e87faa227c9", "aquasecurity:trivy:RepoTag": "knqyf263/vuln-image:1.2.3" }, - "job": { - "correlator": "_" - }, - "scanned": "2024-04-12T16:02:51+03:00", "manifests": { "knqyf263/vuln-image:1.2.3 (alpine 3.7.1)": { "name": "alpine", "resolved": { ".composer-phpext-rundeps": { - "package_url": "pkg:apk/alpine/.composer-phpext-rundeps@0?arch=noarch\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/.composer-phpext-rundeps@0?arch=noarch&distro=3.7.1", "relationship": "direct", "dependencies": [ "libsodium@1.0.15-r0", @@ -28,7 +23,7 @@ "scope": "runtime" }, ".persistent-deps": { - "package_url": "pkg:apk/alpine/.persistent-deps@0?arch=noarch\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/.persistent-deps@0?arch=noarch&distro=3.7.1", "relationship": "direct", "dependencies": [ "ca-certificates@20171114-r0", @@ -40,7 +35,7 @@ "scope": "runtime" }, ".php-rundeps": { - "package_url": "pkg:apk/alpine/.php-rundeps@0?arch=noarch\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/.php-rundeps@0?arch=noarch&distro=3.7.1", "relationship": "direct", "dependencies": [ "libcurl@7.61.1-r0", @@ -55,7 +50,7 @@ "scope": "runtime" }, "alpine-baselayout": { - "package_url": "pkg:apk/alpine/alpine-baselayout@3.0.5-r2?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/alpine-baselayout@3.0.5-r2?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "busybox@1.27.2-r11", @@ -64,12 +59,12 @@ "scope": "runtime" }, "alpine-keys": { - "package_url": "pkg:apk/alpine/alpine-keys@2.1-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/alpine-keys@2.1-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "scope": "runtime" }, "apk-tools": { - "package_url": "pkg:apk/alpine/apk-tools@2.10.1-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/apk-tools@2.10.1-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -80,7 +75,7 @@ "scope": "runtime" }, "apr": { - "package_url": "pkg:apk/alpine/apr@1.6.3-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/apr@1.6.3-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libuuid@2.31-r0", @@ -89,7 +84,7 @@ "scope": "runtime" }, "apr-util": { - "package_url": "pkg:apk/alpine/apr-util@1.6.1-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/apr-util@1.6.1-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "apr@1.6.3-r0", @@ -100,7 +95,7 @@ "scope": "runtime" }, "bash": { - "package_url": "pkg:apk/alpine/bash@4.4.19-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/bash@4.4.19-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "busybox@1.27.2-r11", @@ -111,7 +106,7 @@ "scope": "runtime" }, "busybox": { - "package_url": "pkg:apk/alpine/busybox@1.27.2-r11?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/busybox@1.27.2-r11?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -119,7 +114,7 @@ "scope": "runtime" }, "ca-certificates": { - "package_url": "pkg:apk/alpine/ca-certificates@20171114-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/ca-certificates@20171114-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "busybox@1.27.2-r11", @@ -129,7 +124,7 @@ "scope": "runtime" }, "curl": { - "package_url": "pkg:apk/alpine/curl@7.61.0-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/curl@7.61.0-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "ca-certificates@20171114-r0", @@ -140,7 +135,7 @@ "scope": "runtime" }, "db": { - "package_url": "pkg:apk/alpine/db@5.3.28-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/db@5.3.28-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -148,7 +143,7 @@ "scope": "runtime" }, "expat": { - "package_url": "pkg:apk/alpine/expat@2.2.5-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/expat@2.2.5-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -156,7 +151,7 @@ "scope": "runtime" }, "gdbm": { - "package_url": "pkg:apk/alpine/gdbm@1.13-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/gdbm@1.13-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -164,7 +159,7 @@ "scope": "runtime" }, "git": { - "package_url": "pkg:apk/alpine/git@2.15.2-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/git@2.15.2-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "expat@2.2.5-r0", @@ -176,7 +171,7 @@ "scope": "runtime" }, "libbz2": { - "package_url": "pkg:apk/alpine/libbz2@1.0.6-r6?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libbz2@1.0.6-r6?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -184,7 +179,7 @@ "scope": "runtime" }, "libc-utils": { - "package_url": "pkg:apk/alpine/libc-utils@0.7.1-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libc-utils@0.7.1-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl-utils@1.1.18-r3" @@ -192,7 +187,7 @@ "scope": "runtime" }, "libcurl": { - "package_url": "pkg:apk/alpine/libcurl@7.61.1-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libcurl@7.61.1-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "ca-certificates@20171114-r0", @@ -205,7 +200,7 @@ "scope": "runtime" }, "libedit": { - "package_url": "pkg:apk/alpine/libedit@20170329.3.1-r3?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libedit@20170329.3.1-r3?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -214,7 +209,7 @@ "scope": "runtime" }, "libffi": { - "package_url": "pkg:apk/alpine/libffi@3.2.1-r4?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libffi@3.2.1-r4?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -222,7 +217,7 @@ "scope": "runtime" }, "libressl": { - "package_url": "pkg:apk/alpine/libressl@2.6.5-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libressl@2.6.5-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -233,7 +228,7 @@ "scope": "runtime" }, "libressl2.6-libcrypto": { - "package_url": "pkg:apk/alpine/libressl2.6-libcrypto@2.6.5-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libressl2.6-libcrypto@2.6.5-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -241,7 +236,7 @@ "scope": "runtime" }, "libressl2.6-libssl": { - "package_url": "pkg:apk/alpine/libressl2.6-libssl@2.6.5-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libressl2.6-libssl@2.6.5-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -250,7 +245,7 @@ "scope": "runtime" }, "libressl2.6-libtls": { - "package_url": "pkg:apk/alpine/libressl2.6-libtls@2.6.5-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libressl2.6-libtls@2.6.5-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -260,7 +255,7 @@ "scope": "runtime" }, "libsasl": { - "package_url": "pkg:apk/alpine/libsasl@2.1.26-r11?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libsasl@2.1.26-r11?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "db@5.3.28-r0", @@ -269,7 +264,7 @@ "scope": "runtime" }, "libsodium": { - "package_url": "pkg:apk/alpine/libsodium@1.0.15-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libsodium@1.0.15-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -277,7 +272,7 @@ "scope": "runtime" }, "libssh2": { - "package_url": "pkg:apk/alpine/libssh2@1.8.0-r2?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libssh2@1.8.0-r2?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -287,7 +282,7 @@ "scope": "runtime" }, "libuuid": { - "package_url": "pkg:apk/alpine/libuuid@2.31-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libuuid@2.31-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -295,7 +290,7 @@ "scope": "runtime" }, "libxml2": { - "package_url": "pkg:apk/alpine/libxml2@2.9.7-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/libxml2@2.9.7-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -304,7 +299,7 @@ "scope": "runtime" }, "mercurial": { - "package_url": "pkg:apk/alpine/mercurial@4.5.2-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/mercurial@4.5.2-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -313,12 +308,12 @@ "scope": "runtime" }, "musl": { - "package_url": "pkg:apk/alpine/musl@1.1.18-r3?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/musl@1.1.18-r3?arch=x86_64&distro=3.7.1", "relationship": "direct", "scope": "runtime" }, "musl-utils": { - "package_url": "pkg:apk/alpine/musl-utils@1.1.18-r3?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/musl-utils@1.1.18-r3?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -327,7 +322,7 @@ "scope": "runtime" }, "ncurses-libs": { - "package_url": "pkg:apk/alpine/ncurses-libs@6.0_p20171125-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/ncurses-libs@6.0_p20171125-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -337,7 +332,7 @@ "scope": "runtime" }, "ncurses-terminfo": { - "package_url": "pkg:apk/alpine/ncurses-terminfo@6.0_p20171125-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/ncurses-terminfo@6.0_p20171125-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "ncurses-terminfo-base@6.0_p20171125-r1" @@ -345,12 +340,12 @@ "scope": "runtime" }, "ncurses-terminfo-base": { - "package_url": "pkg:apk/alpine/ncurses-terminfo-base@6.0_p20171125-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/ncurses-terminfo-base@6.0_p20171125-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "scope": "runtime" }, "openssh": { - "package_url": "pkg:apk/alpine/openssh@7.5_p1-r9?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/openssh@7.5_p1-r9?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -362,7 +357,7 @@ "scope": "runtime" }, "openssh-client": { - "package_url": "pkg:apk/alpine/openssh-client@7.5_p1-r9?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/openssh-client@7.5_p1-r9?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -373,7 +368,7 @@ "scope": "runtime" }, "openssh-keygen": { - "package_url": "pkg:apk/alpine/openssh-keygen@7.5_p1-r9?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/openssh-keygen@7.5_p1-r9?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -382,7 +377,7 @@ "scope": "runtime" }, "openssh-server": { - "package_url": "pkg:apk/alpine/openssh-server@7.5_p1-r9?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/openssh-server@7.5_p1-r9?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libcrypto@2.6.5-r0", @@ -394,12 +389,12 @@ "scope": "runtime" }, "openssh-server-common": { - "package_url": "pkg:apk/alpine/openssh-server-common@7.5_p1-r9?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/openssh-server-common@7.5_p1-r9?arch=x86_64&distro=3.7.1", "relationship": "direct", "scope": "runtime" }, "openssh-sftp-server": { - "package_url": "pkg:apk/alpine/openssh-sftp-server@7.5_p1-r9?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/openssh-sftp-server@7.5_p1-r9?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -407,7 +402,7 @@ "scope": "runtime" }, "patch": { - "package_url": "pkg:apk/alpine/patch@2.7.5-r2?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/patch@2.7.5-r2?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -415,7 +410,7 @@ "scope": "runtime" }, "pcre2": { - "package_url": "pkg:apk/alpine/pcre2@10.30-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/pcre2@10.30-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -423,7 +418,7 @@ "scope": "runtime" }, "pkgconf": { - "package_url": "pkg:apk/alpine/pkgconf@1.3.10-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/pkgconf@1.3.10-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -431,7 +426,7 @@ "scope": "runtime" }, "python2": { - "package_url": "pkg:apk/alpine/python2@2.7.15-r2?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/python2@2.7.15-r2?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "expat@2.2.5-r0", @@ -449,7 +444,7 @@ "scope": "runtime" }, "readline": { - "package_url": "pkg:apk/alpine/readline@7.0.003-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/readline@7.0.003-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -458,7 +453,7 @@ "scope": "runtime" }, "scanelf": { - "package_url": "pkg:apk/alpine/scanelf@1.2.2-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/scanelf@1.2.2-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -466,7 +461,7 @@ "scope": "runtime" }, "serf": { - "package_url": "pkg:apk/alpine/serf@1.3.9-r3?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/serf@1.3.9-r3?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "apr-util@1.6.1-r1", @@ -479,7 +474,7 @@ "scope": "runtime" }, "sqlite-libs": { - "package_url": "pkg:apk/alpine/sqlite-libs@3.21.0-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/sqlite-libs@3.21.0-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -487,7 +482,7 @@ "scope": "runtime" }, "ssl_client": { - "package_url": "pkg:apk/alpine/ssl_client@1.27.2-r11?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/ssl_client@1.27.2-r11?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "libressl2.6-libtls@2.6.5-r0", @@ -496,7 +491,7 @@ "scope": "runtime" }, "subversion": { - "package_url": "pkg:apk/alpine/subversion@1.9.7-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/subversion@1.9.7-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "apr-util@1.6.1-r1", @@ -509,7 +504,7 @@ "scope": "runtime" }, "subversion-libs": { - "package_url": "pkg:apk/alpine/subversion-libs@1.9.7-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/subversion-libs@1.9.7-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "apr-util@1.6.1-r1", @@ -525,7 +520,7 @@ "scope": "runtime" }, "tar": { - "package_url": "pkg:apk/alpine/tar@1.29-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/tar@1.29-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -533,7 +528,7 @@ "scope": "runtime" }, "tini": { - "package_url": "pkg:apk/alpine/tini@0.16.1-r0?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/tini@0.16.1-r0?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -541,7 +536,7 @@ "scope": "runtime" }, "xz": { - "package_url": "pkg:apk/alpine/xz@5.2.3-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/xz@5.2.3-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3", @@ -550,7 +545,7 @@ "scope": "runtime" }, "xz-libs": { - "package_url": "pkg:apk/alpine/xz-libs@5.2.3-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/xz-libs@5.2.3-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -558,7 +553,7 @@ "scope": "runtime" }, "zlib": { - "package_url": "pkg:apk/alpine/zlib@1.2.11-r1?arch=x86_64\u0026distro=3.7.1", + "package_url": "pkg:apk/alpine/zlib@1.2.11-r1?arch=x86_64&distro=3.7.1", "relationship": "direct", "dependencies": [ "musl@1.1.18-r3" @@ -567,108 +562,6 @@ } } }, - "php-app/composer.lock": { - "name": "composer", - "file": { - "source_location": "knqyf263/vuln-image:1.2.3@sha256:1e8b199249d6d0ef3419ddc6eda2348d9fbdb10d350d3bb70aa98e87faa227c9" - }, - "resolved": { - "guzzlehttp/guzzle": { - "package_url": "pkg:composer/guzzlehttp/guzzle@6.2.0", - "relationship": "direct", - "dependencies": [ - "guzzlehttp/promises@v1.3.1", - "guzzlehttp/psr7@1.5.2" - ], - "scope": "runtime" - }, - "guzzlehttp/promises": { - "package_url": "pkg:composer/guzzlehttp/promises@v1.3.1", - "relationship": "direct", - "scope": "runtime" - }, - "guzzlehttp/psr7": { - "package_url": "pkg:composer/guzzlehttp/psr7@1.5.2", - "relationship": "direct", - "dependencies": [ - "psr/http-message@1.0.1", - "ralouphie/getallheaders@2.0.5" - ], - "scope": "runtime" - }, - "laravel/installer": { - "package_url": "pkg:composer/laravel/installer@v2.0.1", - "relationship": "direct", - "dependencies": [ - "guzzlehttp/guzzle@6.2.0", - "symfony/console@v4.2.7", - "symfony/filesystem@v4.2.7", - "symfony/process@v4.2.7" - ], - "scope": "runtime" - }, - "pear/log": { - "package_url": "pkg:composer/pear/log@1.13.1", - "relationship": "direct", - "dependencies": [ - "pear/pear_exception@v1.0.0" - ], - "scope": "runtime" - }, - "pear/pear_exception": { - "package_url": "pkg:composer/pear/pear_exception@v1.0.0", - "relationship": "direct", - "scope": "runtime" - }, - "psr/http-message": { - "package_url": "pkg:composer/psr/http-message@1.0.1", - "relationship": "direct", - "scope": "runtime" - }, - "ralouphie/getallheaders": { - "package_url": "pkg:composer/ralouphie/getallheaders@2.0.5", - "relationship": "direct", - "scope": "runtime" - }, - "symfony/console": { - "package_url": "pkg:composer/symfony/console@v4.2.7", - "relationship": "direct", - "dependencies": [ - "symfony/contracts@v1.0.2", - "symfony/polyfill-mbstring@v1.11.0" - ], - "scope": "runtime" - }, - "symfony/contracts": { - "package_url": "pkg:composer/symfony/contracts@v1.0.2", - "relationship": "direct", - "scope": "runtime" - }, - "symfony/filesystem": { - "package_url": "pkg:composer/symfony/filesystem@v4.2.7", - "relationship": "direct", - "dependencies": [ - "symfony/polyfill-ctype@v1.11.0" - ], - "scope": "runtime" - }, - "symfony/polyfill-ctype": { - "package_url": "pkg:composer/symfony/polyfill-ctype@v1.11.0", - "relationship": "direct", - "scope": "runtime" - }, - "symfony/polyfill-mbstring": { - "package_url": "pkg:composer/symfony/polyfill-mbstring@v1.11.0", - "relationship": "direct", - "scope": "runtime" - }, - "symfony/process": { - "package_url": "pkg:composer/symfony/process@v4.2.7", - "relationship": "direct", - "scope": "runtime" - } - } - }, "rust-app/Cargo.lock": { "name": "cargo", "file": { @@ -1235,4 +1128,4 @@ } } } -} \ No newline at end of file +} diff --git a/test/data/secret-scan/report.json b/test/data/secret-scan/report.json index 2c483fdf..b7bc4dca 100644 --- a/test/data/secret-scan/report.json +++ b/test/data/secret-scan/report.json @@ -1,6 +1,5 @@ { "SchemaVersion": 2, - "CreatedAt": "2024-01-02T23:40:04.647712097Z", "ArtifactName": "https://github.com/krol3/demo-trivy/", "ArtifactType": "repository", "Metadata": { diff --git a/test/data/with-tf-vars/report.json b/test/data/with-tf-vars/report.json index 562b065f..773d923c 100644 --- a/test/data/with-tf-vars/report.json +++ b/test/data/with-tf-vars/report.json @@ -1,6 +1,5 @@ { "SchemaVersion": 2, - "CreatedAt": "2024-04-12T14:09:09.5680191+03:00", "ArtifactName": "test/data/with-tf-vars/main.tf", "ArtifactType": "filesystem", "Metadata": { diff --git a/test/data/with-trivy-yaml-cfg/report.json b/test/data/with-trivy-yaml-cfg/report.json index ec66d25e..cce08116 100644 --- a/test/data/with-trivy-yaml-cfg/report.json +++ b/test/data/with-trivy-yaml-cfg/report.json @@ -1,6 +1,5 @@ { "SchemaVersion": 2, - "CreatedAt": "2024-01-02T23:40:21.039454971Z", "ArtifactName": "alpine:3.10", "ArtifactType": "container_image", "Metadata": { @@ -64,7 +63,7 @@ "PkgID": "apk-tools@2.10.6-r0", "PkgName": "apk-tools", "PkgIdentifier": { - "PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64\u0026distro=3.10.9", + "PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64&distro=3.10.9", "UID": "a6adb154870b6380" }, "InstalledVersion": "2.10.6-r0",