From 91713af97dc80187565512baba96e4364e983601 Mon Sep 17 00:00:00 2001 From: Ivan Santos <301291+pragmaticivan@users.noreply.github.com> Date: Fri, 8 Dec 2023 12:08:35 -0600 Subject: [PATCH] Update to trivy version 0.48.0 (#289) * Update to trivy version 0.48.0 --------- Signed-off-by: Simar Co-authored-by: Simar --- .github/workflows/build.yaml | 4 +- Dockerfile | 2 +- test/data/config-sarif.test | 72 ++++++++++++++++++------------------ test/data/config.test | 31 ++++++++++++++++ test/data/fs-scheck.test | 31 ++++++++++++++++ test/data/image-sarif.test | 2 +- test/data/repo.test | 1 + test/data/tfvars.test | 1 + test/data/yamlconfig.test | 3 +- 9 files changed, 106 insertions(+), 41 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f4d2a52..46e63a8 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,7 +1,7 @@ name: "build" on: [push, pull_request] env: - TRIVY_VERSION: 0.45.0 + TRIVY_VERSION: 0.48.0 BATS_LIB_PATH: '/usr/lib/' jobs: build: @@ -25,4 +25,4 @@ jobs: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ env.TRIVY_VERSION }} - name: Test - run: BATS_LIB_PATH=${{ env.BATS_LIB_PATH }} bats --recursive --timing . \ No newline at end of file + run: BATS_LIB_PATH=${{ env.BATS_LIB_PATH }} bats --recursive --timing . diff --git a/Dockerfile b/Dockerfile index 05cd4a6..ebbe6bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/aquasecurity/trivy:0.47.0 +FROM ghcr.io/aquasecurity/trivy:0.48.0 COPY entrypoint.sh / RUN apk --no-cache add bash curl npm RUN chmod +x /entrypoint.sh diff --git a/test/data/config-sarif.test b/test/data/config-sarif.test index a3ce247..5269f31 100644 --- a/test/data/config-sarif.test +++ b/test/data/config-sarif.test @@ -1,6 +1,6 @@ { "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "runs": [ { "tool": { @@ -23,8 +23,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/ds002", "help": { - "text": "Misconfiguration DS002\nType: Dockerfile Security Check\nSeverity: HIGH\nCheck: Image user should not be 'root'\nMessage: Specify at least 1 USER command in Dockerfile with non-root user as argument\nLink: [DS002](https://avd.aquasec.com/misconfig/ds002)\nRunning containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", - "markdown": "**Misconfiguration DS002**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Dockerfile Security Check|HIGH|Image user should not be 'root'|Specify at least 1 USER command in Dockerfile with non-root user as argument|[DS002](https://avd.aquasec.com/misconfig/ds002)|\n\nRunning containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile." + "text": "Misconfiguration DS002\\nType: Dockerfile Security Check\\nSeverity: HIGH\\nCheck: Image user should not be 'root'\\nMessage: Specify at least 1 USER command in Dockerfile with non-root user as argument\\nLink: [DS002](https://avd.aquasec.com/misconfig/ds002)\\nRunning containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "markdown": "**Misconfiguration DS002**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Dockerfile Security Check|HIGH|Image user should not be 'root'|Specify at least 1 USER command in Dockerfile with non-root user as argument|[DS002](https://avd.aquasec.com/misconfig/ds002)|\\n\\nRunning containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile." }, "properties": { "precision": "very-high", @@ -50,8 +50,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/ds026", "help": { - "text": "Misconfiguration DS026\nType: Dockerfile Security Check\nSeverity: LOW\nCheck: No HEALTHCHECK defined\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)\nYou should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", - "markdown": "**Misconfiguration DS026**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Dockerfile Security Check|LOW|No HEALTHCHECK defined|Add HEALTHCHECK instruction in your Dockerfile|[DS026](https://avd.aquasec.com/misconfig/ds026)|\n\nYou should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers." + "text": "Misconfiguration DS026\\nType: Dockerfile Security Check\\nSeverity: LOW\\nCheck: No HEALTHCHECK defined\\nMessage: Add HEALTHCHECK instruction in your Dockerfile\\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)\\nYou should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "markdown": "**Misconfiguration DS026**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Dockerfile Security Check|LOW|No HEALTHCHECK defined|Add HEALTHCHECK instruction in your Dockerfile|[DS026](https://avd.aquasec.com/misconfig/ds026)|\\n\\nYou should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers." }, "properties": { "precision": "very-high", @@ -77,8 +77,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0086", "help": { - "text": "Misconfiguration AVD-AWS-0086\nType: Terraform Security Check\nSeverity: HIGH\nCheck: S3 Access block should block public ACL\nMessage: No public access block so not blocking public acls\nLink: [AVD-AWS-0086](https://avd.aquasec.com/misconfig/avd-aws-0086)\n\nS3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n", - "markdown": "**Misconfiguration AVD-AWS-0086**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|S3 Access block should block public ACL|No public access block so not blocking public acls|[AVD-AWS-0086](https://avd.aquasec.com/misconfig/avd-aws-0086)|\n\n\nS3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n" + "text": "Misconfiguration AVD-AWS-0086\\nType: Terraform Security Check\\nSeverity: HIGH\\nCheck: S3 Access block should block public ACL\\nMessage: No public access block so not blocking public acls\\nLink: [AVD-AWS-0086](https://avd.aquasec.com/misconfig/avd-aws-0086)\\n\nS3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n", + "markdown": "**Misconfiguration AVD-AWS-0086**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|HIGH|S3 Access block should block public ACL|No public access block so not blocking public acls|[AVD-AWS-0086](https://avd.aquasec.com/misconfig/avd-aws-0086)|\\n\\n\nS3 buckets should block public ACLs on buckets and any objects they contain. By blocking, PUTs with fail if the object has any public ACL a.\n" }, "properties": { "precision": "very-high", @@ -104,8 +104,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0087", "help": { - "text": "Misconfiguration AVD-AWS-0087\nType: Terraform Security Check\nSeverity: HIGH\nCheck: S3 Access block should block public policy\nMessage: No public access block so not blocking public policies\nLink: [AVD-AWS-0087](https://avd.aquasec.com/misconfig/avd-aws-0087)\n\nS3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.\n", - "markdown": "**Misconfiguration AVD-AWS-0087**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|S3 Access block should block public policy|No public access block so not blocking public policies|[AVD-AWS-0087](https://avd.aquasec.com/misconfig/avd-aws-0087)|\n\n\nS3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.\n" + "text": "Misconfiguration AVD-AWS-0087\\nType: Terraform Security Check\\nSeverity: HIGH\\nCheck: S3 Access block should block public policy\\nMessage: No public access block so not blocking public policies\\nLink: [AVD-AWS-0087](https://avd.aquasec.com/misconfig/avd-aws-0087)\\n\nS3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.\n", + "markdown": "**Misconfiguration AVD-AWS-0087**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|HIGH|S3 Access block should block public policy|No public access block so not blocking public policies|[AVD-AWS-0087](https://avd.aquasec.com/misconfig/avd-aws-0087)|\\n\\n\nS3 bucket policy should have block public policy to prevent users from putting a policy that enable public access.\n" }, "properties": { "precision": "very-high", @@ -131,8 +131,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0088", "help": { - "text": "Misconfiguration AVD-AWS-0088\nType: Terraform Security Check\nSeverity: HIGH\nCheck: Unencrypted S3 bucket.\nMessage: Bucket does not have encryption enabled\nLink: [AVD-AWS-0088](https://avd.aquasec.com/misconfig/avd-aws-0088)\nS3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.", - "markdown": "**Misconfiguration AVD-AWS-0088**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|Unencrypted S3 bucket.|Bucket does not have encryption enabled|[AVD-AWS-0088](https://avd.aquasec.com/misconfig/avd-aws-0088)|\n\nS3 Buckets should be encrypted to protect the data that is stored within them if access is compromised." + "text": "Misconfiguration AVD-AWS-0088\\nType: Terraform Security Check\\nSeverity: HIGH\\nCheck: Unencrypted S3 bucket.\\nMessage: Bucket does not have encryption enabled\\nLink: [AVD-AWS-0088](https://avd.aquasec.com/misconfig/avd-aws-0088)\\nS3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.", + "markdown": "**Misconfiguration AVD-AWS-0088**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|HIGH|Unencrypted S3 bucket.|Bucket does not have encryption enabled|[AVD-AWS-0088](https://avd.aquasec.com/misconfig/avd-aws-0088)|\\n\\nS3 Buckets should be encrypted to protect the data that is stored within them if access is compromised." }, "properties": { "precision": "very-high", @@ -158,8 +158,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0089", "help": { - "text": "Misconfiguration AVD-AWS-0089\nType: Terraform Security Check\nSeverity: LOW\nCheck: S3 Bucket Logging\nMessage: Bucket has logging disabled\nLink: [AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)\nEnsures S3 bucket logging is enabled for S3 buckets", - "markdown": "**Misconfiguration AVD-AWS-0089**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|LOW|S3 Bucket Logging|Bucket has logging disabled|[AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)|\n\nEnsures S3 bucket logging is enabled for S3 buckets" + "text": "Misconfiguration AVD-AWS-0089\\nType: Terraform Security Check\\nSeverity: LOW\\nCheck: S3 Bucket Logging\\nMessage: Bucket has logging disabled\\nLink: [AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)\\nEnsures S3 bucket logging is enabled for S3 buckets", + "markdown": "**Misconfiguration AVD-AWS-0089**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|LOW|S3 Bucket Logging|Bucket has logging disabled|[AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)|\\n\\nEnsures S3 bucket logging is enabled for S3 buckets" }, "properties": { "precision": "very-high", @@ -185,8 +185,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0090", "help": { - "text": "Misconfiguration AVD-AWS-0090\nType: Terraform Security Check\nSeverity: MEDIUM\nCheck: S3 Data should be versioned\nMessage: Bucket does not have versioning enabled\nLink: [AVD-AWS-0090](https://avd.aquasec.com/misconfig/avd-aws-0090)\n\nVersioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. \nYou can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. \nWith versioning you can recover more easily from both unintended user actions and application failures.\n", - "markdown": "**Misconfiguration AVD-AWS-0090**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|MEDIUM|S3 Data should be versioned|Bucket does not have versioning enabled|[AVD-AWS-0090](https://avd.aquasec.com/misconfig/avd-aws-0090)|\n\n\nVersioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. \nYou can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. \nWith versioning you can recover more easily from both unintended user actions and application failures.\n" + "text": "Misconfiguration AVD-AWS-0090\\nType: Terraform Security Check\\nSeverity: MEDIUM\\nCheck: S3 Data should be versioned\\nMessage: Bucket does not have versioning enabled\\nLink: [AVD-AWS-0090](https://avd.aquasec.com/misconfig/avd-aws-0090)\\n\nVersioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. \nYou can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. \nWith versioning you can recover more easily from both unintended user actions and application failures.\n", + "markdown": "**Misconfiguration AVD-AWS-0090**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|MEDIUM|S3 Data should be versioned|Bucket does not have versioning enabled|[AVD-AWS-0090](https://avd.aquasec.com/misconfig/avd-aws-0090)|\\n\\n\nVersioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. \nYou can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. \nWith versioning you can recover more easily from both unintended user actions and application failures.\n" }, "properties": { "precision": "very-high", @@ -212,8 +212,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0091", "help": { - "text": "Misconfiguration AVD-AWS-0091\nType: Terraform Security Check\nSeverity: HIGH\nCheck: S3 Access Block should Ignore Public Acl\nMessage: No public access block so not ignoring public acls\nLink: [AVD-AWS-0091](https://avd.aquasec.com/misconfig/avd-aws-0091)\n\nS3 buckets should ignore public ACLs on buckets and any objects they contain. By ignoring rather than blocking, PUT calls with public ACLs will still be applied but the ACL will be ignored.\n", - "markdown": "**Misconfiguration AVD-AWS-0091**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|S3 Access Block should Ignore Public Acl|No public access block so not ignoring public acls|[AVD-AWS-0091](https://avd.aquasec.com/misconfig/avd-aws-0091)|\n\n\nS3 buckets should ignore public ACLs on buckets and any objects they contain. By ignoring rather than blocking, PUT calls with public ACLs will still be applied but the ACL will be ignored.\n" + "text": "Misconfiguration AVD-AWS-0091\\nType: Terraform Security Check\\nSeverity: HIGH\\nCheck: S3 Access Block should Ignore Public Acl\\nMessage: No public access block so not ignoring public acls\\nLink: [AVD-AWS-0091](https://avd.aquasec.com/misconfig/avd-aws-0091)\\n\nS3 buckets should ignore public ACLs on buckets and any objects they contain. By ignoring rather than blocking, PUT calls with public ACLs will still be applied but the ACL will be ignored.\n", + "markdown": "**Misconfiguration AVD-AWS-0091**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|HIGH|S3 Access Block should Ignore Public Acl|No public access block so not ignoring public acls|[AVD-AWS-0091](https://avd.aquasec.com/misconfig/avd-aws-0091)|\\n\\n\nS3 buckets should ignore public ACLs on buckets and any objects they contain. By ignoring rather than blocking, PUT calls with public ACLs will still be applied but the ACL will be ignored.\n" }, "properties": { "precision": "very-high", @@ -239,8 +239,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0093", "help": { - "text": "Misconfiguration AVD-AWS-0093\nType: Terraform Security Check\nSeverity: HIGH\nCheck: S3 Access block should restrict public bucket to limit access\nMessage: No public access block so not restricting public buckets\nLink: [AVD-AWS-0093](https://avd.aquasec.com/misconfig/avd-aws-0093)\nS3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy.", - "markdown": "**Misconfiguration AVD-AWS-0093**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|S3 Access block should restrict public bucket to limit access|No public access block so not restricting public buckets|[AVD-AWS-0093](https://avd.aquasec.com/misconfig/avd-aws-0093)|\n\nS3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy." + "text": "Misconfiguration AVD-AWS-0093\\nType: Terraform Security Check\\nSeverity: HIGH\\nCheck: S3 Access block should restrict public bucket to limit access\\nMessage: No public access block so not restricting public buckets\\nLink: [AVD-AWS-0093](https://avd.aquasec.com/misconfig/avd-aws-0093)\\nS3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy.", + "markdown": "**Misconfiguration AVD-AWS-0093**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|HIGH|S3 Access block should restrict public bucket to limit access|No public access block so not restricting public buckets|[AVD-AWS-0093](https://avd.aquasec.com/misconfig/avd-aws-0093)|\\n\\nS3 buckets should restrict public policies for the bucket. By enabling, the restrict_public_buckets, only the bucket owner and AWS Services can access if it has a public policy." }, "properties": { "precision": "very-high", @@ -266,8 +266,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0094", "help": { - "text": "Misconfiguration AVD-AWS-0094\nType: Terraform Security Check\nSeverity: LOW\nCheck: S3 buckets should each define an aws_s3_bucket_public_access_block\nMessage: Bucket does not have a corresponding public access block.\nLink: [AVD-AWS-0094](https://avd.aquasec.com/misconfig/avd-aws-0094)\nThe \"block public access\" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it.", - "markdown": "**Misconfiguration AVD-AWS-0094**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|LOW|S3 buckets should each define an aws_s3_bucket_public_access_block|Bucket does not have a corresponding public access block.|[AVD-AWS-0094](https://avd.aquasec.com/misconfig/avd-aws-0094)|\n\nThe \"block public access\" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it." + "text": "Misconfiguration AVD-AWS-0094\\nType: Terraform Security Check\\nSeverity: LOW\\nCheck: S3 buckets should each define an aws_s3_bucket_public_access_block\\nMessage: Bucket does not have a corresponding public access block.\\nLink: [AVD-AWS-0094](https://avd.aquasec.com/misconfig/avd-aws-0094)\\nThe \"block public access\" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it.", + "markdown": "**Misconfiguration AVD-AWS-0094**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|LOW|S3 buckets should each define an aws_s3_bucket_public_access_block|Bucket does not have a corresponding public access block.|[AVD-AWS-0094](https://avd.aquasec.com/misconfig/avd-aws-0094)|\\n\\nThe \"block public access\" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it." }, "properties": { "precision": "very-high", @@ -293,8 +293,8 @@ }, "helpUri": "https://avd.aquasec.com/misconfig/avd-aws-0132", "help": { - "text": "Misconfiguration AVD-AWS-0132\nType: Terraform Security Check\nSeverity: HIGH\nCheck: S3 encryption should use Customer Managed Keys\nMessage: Bucket does not encrypt data with a customer managed key.\nLink: [AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)\nEncryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.", - "markdown": "**Misconfiguration AVD-AWS-0132**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Terraform Security Check|HIGH|S3 encryption should use Customer Managed Keys|Bucket does not encrypt data with a customer managed key.|[AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)|\n\nEncryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys." + "text": "Misconfiguration AVD-AWS-0132\\nType: Terraform Security Check\\nSeverity: HIGH\\nCheck: S3 encryption should use Customer Managed Keys\\nMessage: Bucket does not encrypt data with a customer managed key.\\nLink: [AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)\\nEncryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys.", + "markdown": "**Misconfiguration AVD-AWS-0132**\\n| Type | Severity | Check | Message | Link |\\n| --- | --- | --- | --- | --- |\\n|Terraform Security Check|HIGH|S3 encryption should use Customer Managed Keys|Bucket does not encrypt data with a customer managed key.|[AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)|\\n\\nEncryption using AWS keys provides protection for your S3 buckets. To increase control of the encryption and manage factors like rotation use customer managed keys." }, "properties": { "precision": "very-high", @@ -307,7 +307,7 @@ } } ], - "version": "0.45.0" + "version": "0.48.0" } }, "results": [ @@ -316,7 +316,7 @@ "ruleIndex": 0, "level": "error", "message": { - "text": "Artifact: Dockerfile\nType: dockerfile\nVulnerability DS002\nSeverity: HIGH\nMessage: Specify at least 1 USER command in Dockerfile with non-root user as argument\nLink: [DS002](https://avd.aquasec.com/misconfig/ds002)" + "text": "Artifact: Dockerfile\\nType: dockerfile\\nVulnerability DS002\\nSeverity: HIGH\\nMessage: Specify at least 1 USER command in Dockerfile with non-root user as argument\\nLink: [DS002](https://avd.aquasec.com/misconfig/ds002)" }, "locations": [ { @@ -343,7 +343,7 @@ "ruleIndex": 1, "level": "note", "message": { - "text": "Artifact: Dockerfile\nType: dockerfile\nVulnerability DS026\nSeverity: LOW\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)" + "text": "Artifact: Dockerfile\\nType: dockerfile\\nVulnerability DS026\\nSeverity: LOW\\nMessage: Add HEALTHCHECK instruction in your Dockerfile\\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)" }, "locations": [ { @@ -370,7 +370,7 @@ "ruleIndex": 2, "level": "error", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0086\nSeverity: HIGH\nMessage: No public access block so not blocking public acls\nLink: [AVD-AWS-0086](https://avd.aquasec.com/misconfig/avd-aws-0086)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0086\\nSeverity: HIGH\\nMessage: No public access block so not blocking public acls\\nLink: [AVD-AWS-0086](https://avd.aquasec.com/misconfig/avd-aws-0086)" }, "locations": [ { @@ -397,7 +397,7 @@ "ruleIndex": 3, "level": "error", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0087\nSeverity: HIGH\nMessage: No public access block so not blocking public policies\nLink: [AVD-AWS-0087](https://avd.aquasec.com/misconfig/avd-aws-0087)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0087\\nSeverity: HIGH\\nMessage: No public access block so not blocking public policies\\nLink: [AVD-AWS-0087](https://avd.aquasec.com/misconfig/avd-aws-0087)" }, "locations": [ { @@ -424,7 +424,7 @@ "ruleIndex": 4, "level": "error", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0088\nSeverity: HIGH\nMessage: Bucket does not have encryption enabled\nLink: [AVD-AWS-0088](https://avd.aquasec.com/misconfig/avd-aws-0088)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0088\\nSeverity: HIGH\\nMessage: Bucket does not have encryption enabled\\nLink: [AVD-AWS-0088](https://avd.aquasec.com/misconfig/avd-aws-0088)" }, "locations": [ { @@ -451,7 +451,7 @@ "ruleIndex": 5, "level": "note", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0089\nSeverity: LOW\nMessage: Bucket has logging disabled\nLink: [AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0089\\nSeverity: LOW\\nMessage: Bucket has logging disabled\\nLink: [AVD-AWS-0089](https://avd.aquasec.com/misconfig/avd-aws-0089)" }, "locations": [ { @@ -478,7 +478,7 @@ "ruleIndex": 6, "level": "warning", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0090\nSeverity: MEDIUM\nMessage: Bucket does not have versioning enabled\nLink: [AVD-AWS-0090](https://avd.aquasec.com/misconfig/avd-aws-0090)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0090\\nSeverity: MEDIUM\\nMessage: Bucket does not have versioning enabled\\nLink: [AVD-AWS-0090](https://avd.aquasec.com/misconfig/avd-aws-0090)" }, "locations": [ { @@ -505,7 +505,7 @@ "ruleIndex": 7, "level": "error", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0091\nSeverity: HIGH\nMessage: No public access block so not ignoring public acls\nLink: [AVD-AWS-0091](https://avd.aquasec.com/misconfig/avd-aws-0091)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0091\\nSeverity: HIGH\\nMessage: No public access block so not ignoring public acls\\nLink: [AVD-AWS-0091](https://avd.aquasec.com/misconfig/avd-aws-0091)" }, "locations": [ { @@ -532,7 +532,7 @@ "ruleIndex": 8, "level": "error", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0093\nSeverity: HIGH\nMessage: No public access block so not restricting public buckets\nLink: [AVD-AWS-0093](https://avd.aquasec.com/misconfig/avd-aws-0093)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0093\\nSeverity: HIGH\\nMessage: No public access block so not restricting public buckets\\nLink: [AVD-AWS-0093](https://avd.aquasec.com/misconfig/avd-aws-0093)" }, "locations": [ { @@ -559,7 +559,7 @@ "ruleIndex": 9, "level": "note", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0094\nSeverity: LOW\nMessage: Bucket does not have a corresponding public access block.\nLink: [AVD-AWS-0094](https://avd.aquasec.com/misconfig/avd-aws-0094)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0094\\nSeverity: LOW\\nMessage: Bucket does not have a corresponding public access block.\\nLink: [AVD-AWS-0094](https://avd.aquasec.com/misconfig/avd-aws-0094)" }, "locations": [ { @@ -586,7 +586,7 @@ "ruleIndex": 10, "level": "error", "message": { - "text": "Artifact: test/data/main.tf\nType: terraform\nVulnerability AVD-AWS-0132\nSeverity: HIGH\nMessage: Bucket does not encrypt data with a customer managed key.\nLink: [AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)" + "text": "Artifact: test/data/main.tf\\nType: terraform\\nVulnerability AVD-AWS-0132\\nSeverity: HIGH\\nMessage: Bucket does not encrypt data with a customer managed key.\\nLink: [AVD-AWS-0132](https://avd.aquasec.com/misconfig/avd-aws-0132)" }, "locations": [ { @@ -612,7 +612,7 @@ "columnKind": "utf16CodeUnits", "originalUriBaseIds": { "ROOTPATH": { - "uri": "file:///" + "uri": "file:///Users/simarpreetsingh/repos/trivy-action/" } } } diff --git a/test/data/config.test b/test/data/config.test index 33de38a..df498d2 100644 --- a/test/data/config.test +++ b/test/data/config.test @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": "2023-12-08T11:02:54.295987-07:00", "ArtifactName": ".", "ArtifactType": "filesystem", "Metadata": { @@ -130,6 +131,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -139,6 +141,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -148,6 +151,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -186,6 +190,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -195,6 +200,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -204,6 +210,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -242,6 +249,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -251,6 +259,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -260,6 +269,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -299,6 +309,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -308,6 +319,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -317,6 +329,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -355,6 +368,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket_versioning\"\u001b[0m \u001b[38;5;37m\"bucket_versioning\"\u001b[0m {", "FirstCause": false, "LastCause": false }, @@ -364,6 +378,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = aws_s3_bucket.bucket.id", "FirstCause": false, "LastCause": false }, @@ -382,6 +397,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": " versioning_configuration {", "FirstCause": false, "LastCause": false }, @@ -391,6 +407,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mstatus\u001b[0m = \u001b[38;5;33mvar\u001b[0m.bucket_versioning_enabled", "FirstCause": true, "LastCause": true }, @@ -400,6 +417,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": " }", "FirstCause": false, "LastCause": false }, @@ -409,6 +427,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": "}", "FirstCause": false, "LastCause": false } @@ -465,6 +484,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -474,6 +494,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -483,6 +504,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -521,6 +543,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -530,6 +553,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -539,6 +563,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -577,6 +602,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -586,6 +612,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -595,6 +622,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -633,6 +661,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -642,6 +671,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -651,6 +681,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } diff --git a/test/data/fs-scheck.test b/test/data/fs-scheck.test index 33de38a..30474a4 100644 --- a/test/data/fs-scheck.test +++ b/test/data/fs-scheck.test @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": "2023-12-08T11:02:56.571535-07:00", "ArtifactName": ".", "ArtifactType": "filesystem", "Metadata": { @@ -130,6 +131,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -139,6 +141,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -148,6 +151,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -186,6 +190,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -195,6 +200,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -204,6 +210,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -242,6 +249,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -251,6 +259,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -260,6 +269,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -299,6 +309,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -308,6 +319,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -317,6 +329,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -355,6 +368,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket_versioning\"\u001b[0m \u001b[38;5;37m\"bucket_versioning\"\u001b[0m {", "FirstCause": false, "LastCause": false }, @@ -364,6 +378,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = aws_s3_bucket.bucket.id", "FirstCause": false, "LastCause": false }, @@ -382,6 +397,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": " versioning_configuration {", "FirstCause": false, "LastCause": false }, @@ -391,6 +407,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mstatus\u001b[0m = \u001b[38;5;33mvar\u001b[0m.bucket_versioning_enabled", "FirstCause": true, "LastCause": true }, @@ -400,6 +417,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": " }", "FirstCause": false, "LastCause": false }, @@ -409,6 +427,7 @@ "IsCause": false, "Annotation": "", "Truncated": false, + "Highlighted": "}", "FirstCause": false, "LastCause": false } @@ -465,6 +484,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -474,6 +494,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -483,6 +504,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -521,6 +543,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -530,6 +553,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -539,6 +563,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -577,6 +602,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -586,6 +612,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -595,6 +622,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } @@ -633,6 +661,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket\"\u001b[0m \u001b[38;5;37m\"bucket\"\u001b[0m {", "FirstCause": true, "LastCause": false }, @@ -642,6 +671,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": " \u001b[38;5;245mbucket\u001b[0m = \u001b[38;5;37m\"trivy-action-bucket\"", "FirstCause": false, "LastCause": false }, @@ -651,6 +681,7 @@ "IsCause": true, "Annotation": "", "Truncated": false, + "Highlighted": "\u001b[0m}", "FirstCause": false, "LastCause": true } diff --git a/test/data/image-sarif.test b/test/data/image-sarif.test index 932ff7b..c6295c9 100644 --- a/test/data/image-sarif.test +++ b/test/data/image-sarif.test @@ -74,4 +74,4 @@ } } ] -} \ No newline at end of file +} diff --git a/test/data/repo.test b/test/data/repo.test index b7bc4dc..f39a664 100644 --- a/test/data/repo.test +++ b/test/data/repo.test @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": "2023-12-08T11:02:50.045151-07:00", "ArtifactName": "https://github.com/krol3/demo-trivy/", "ArtifactType": "repository", "Metadata": { diff --git a/test/data/tfvars.test b/test/data/tfvars.test index 428b11b..1eaecaa 100644 --- a/test/data/tfvars.test +++ b/test/data/tfvars.test @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": "2023-12-08T11:03:02.76948-07:00", "ArtifactName": "test/data", "ArtifactType": "filesystem", "Metadata": { diff --git a/test/data/yamlconfig.test b/test/data/yamlconfig.test index d04683c..498bb77 100644 --- a/test/data/yamlconfig.test +++ b/test/data/yamlconfig.test @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": "2023-12-08T11:03:01.877209-07:00", "ArtifactName": "alpine:3.10", "ArtifactType": "container_image", "Metadata": { @@ -76,7 +77,7 @@ "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, - "Title": "an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash", + "Title": "libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash", "Description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.", "Severity": "CRITICAL", "CweIDs": [