Skip to content

Commit

Permalink
docs: fix dead links (#7998)
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
knqyf263 authored Nov 26, 2024
1 parent 7e2a8cb commit ad0ff5d
Show file tree
Hide file tree
Showing 15 changed files with 36 additions and 36 deletions.
2 changes: 1 addition & 1 deletion docs/community/maintainer/release-flow.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ For detailed behavior, please refer to [the GitHub Actions configuration][workfl

!!! note
Commits with prefixes like `chore` or `build` are not considered releasable, and no release PR is created.
To include such commits in a release, you need to either include commits with `feat` or `fix` prefixes or perform a manual release as described [below](#manual-release).
To include such commits in a release, you need to either include commits with `feat` or `fix` prefixes or perform a manual release as described [below](#manual-release-pr-creation).

## Flow
The release flow consists of the following main steps:
Expand Down
2 changes: 1 addition & 1 deletion docs/community/maintainer/triage.md
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ We use two labels [help wanted](https://github.com/aquasecurity/trivy/issues?q=i
and [good first issue](https://github.com/aquasecurity/trivy/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
to identify issues that have been specially groomed for new contributors.

We have specific [guidelines](/docs/community/maintainer/help-wanted.md)
We have specific [guidelines](./help-wanted.md)
for how to use these labels. If you see an issue that satisfies these
guidelines, you can add the `help wanted` label and the `good first issue` label.
Please note that adding the `good first issue` label must also
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/compliance/contrib-compliance.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
Trivy supports several different compliance specs. The details on compliance scanning with Trivy are provided in the [compliance documentation](../../docs/compliance/compliance.md).
All of the Compliance Specs currently available in Trivy can be found in the `trivy-checks/pkg/specs/compliance/` directory ([Link](https://github.com/aquasecurity/trivy-checks/tree/main/pkg/specs/compliance)).

New checks are based on the custom compliance report detailed in the [main documentation.](../../docs/compliance/compliance/#custom-compliance)
New checks are based on the custom compliance report detailed in the [main documentation.](./compliance.md#custom-compliance)
If you would like to create your custom compliance report, please reference the information in the main documentation. This section details how community members can contribute new Compliance Specs to Trivy.

All compliance specs in Trivy are based on formal compliance reports such as CIS Benchmarks.
Expand All @@ -20,7 +20,7 @@ Create a new file under `trivy-checks/specs/compliance/` and name the file in th

### Minimum spec structure

The structure of the compliance spec is detailed in the [main documentation](./compliance/#custom-compliance).
The structure of the compliance spec is detailed in the [main documentation](./compliance.md#custom-compliance).

The first section in the spec is focused on the metadata of the spec. Replace all the fields of the metadata with the information relevant to the compliance spec that will be added. This information can be taken from the official report e.g. the CIS Benchmark report.

Expand Down
4 changes: 2 additions & 2 deletions docs/docs/configuration/reporting.md
Original file line number Diff line number Diff line change
Expand Up @@ -450,8 +450,8 @@ $ trivy convert --format table --severity CRITICAL result.json
[dotnet-packages-lock]: ../coverage/language/dotnet.md#packageslockjson
[poetry-lock]: ../coverage/language/python.md#poetry
[gemfile-lock]: ../coverage/language/ruby.md#bundler
[go-mod]: ../coverage/language/golang.md#go-modules
[composer-lock]: ../coverage/language/php.md#composer
[go-mod]: ../coverage/language/golang.md#go-module
[composer-lock]: ../coverage/language/php.md#composerlock
[pom-xml]: ../coverage/language/java.md#pomxml
[gradle-lockfile]: ../coverage/language/java.md#gradlelock
[sbt-lockfile]: ../coverage/language/java.md#sbt
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/coverage/kubernetes.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Container image is scanned for:

Kubernetes resource definition is scanned for:

- Vulnerabilities - partially supported through [KBOM scanning](#KBOM)
- Vulnerabilities - partially supported through [KBOM scanning](../target/kubernetes.md#kbom)
- Misconfigurations
- Exposed secrets

Expand Down
18 changes: 9 additions & 9 deletions docs/docs/coverage/language/golang.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@ The following scanners are supported.

The table below provides an outline of the features Trivy offers.

| Artifact | Offline[^1] | Dev dependencies | [Dependency graph][dependency-graph] | Stdlib | [Detection Priority][detection-priority] |
|----------|:-----------:|:-----------------|:------------------------------------:|:------------------------:|:----------------------------------------:|
| Modules || Include | [](#dependency-graph) | [](#standard-library) | [](#standard-library) |
| Binaries || Exclude | - | [](#standard-library-1) | Not needed |
| Artifact | Offline[^1] | Dev dependencies | [Dependency graph][dependency-graph] | Stdlib | [Detection Priority][detection-priority] |
|----------|:-----------:|:-----------------|:------------------------------------:|:----------------------:|:----------------------------------------:|
| Modules || Include | [](#dependency-graph) | [](#gomod-stdlib) | [](#gomod-stdlib) |
| Binaries || Exclude | - | [](#go-binary-stdlib) | Not needed |

!!! note
When scanning Go projects (go.mod or binaries built with Go), Trivy scans only dependencies of the project, and does not detect vulnerabilities of application itself.
For example, when scanning the Docker project (Docker's source code with go.mod or the Docker binary), Trivy might find vulnerabilities in Go modules that Docker depends on, but won't find vulnerabilities of Docker itself. Moreover, when scanning the Trivy project, which happens to use Docker, Docker's vulnerabilities might be detected as dependencies of Trivy.

## Data Sources
The data sources are listed [here](../../scanner/vulnerability.md#data-sources-1).
The data sources are listed [here](../../scanner/vulnerability.md#langpkg-data-sources).
Trivy uses Go Vulnerability Database for [standard library](https://pkg.go.dev/std) and uses GitHub Advisory Database for other Go modules.

## Go Module
Expand Down Expand Up @@ -60,12 +60,12 @@ If you want to have better detection, please consider updating the Go version in
$ go mod tidy -go=1.18
```

### Main Module
### Main Module { #gomod-main }
Trivy scans only dependencies of the project, and does not detect vulnerabilities of the main module.
For example, when scanning the Docker project (Docker's source code with go.mod), Trivy might find vulnerabilities in Go modules that Docker depends on, but won't find vulnerabilities of Docker itself.
Moreover, when scanning the Trivy project, which happens to use Docker, Docker's vulnerabilities might be detected as dependencies of Trivy.

### Standard Library
### Standard Library { #gomod-stdlib }
Detecting the version of Go used in the project can be tricky.
The go.mod file include hints that allows Trivy to guess the Go version but it eventually depends on the Go tool version in the build environment.
Since this strategy is not fully deterministic and accurate, it is enabled only in [--detection-priority comprehensive][detection-priority] mode.
Expand Down Expand Up @@ -105,7 +105,7 @@ In other cases, Go uses the `(devel)` version[^2].
In this case, Trivy will attempt to parse any `-ldflags` as it's a common practice to pass versions this way.
If unsuccessful, the version will be empty[^3].

### Standard Library
### Standard Library { #go-binary-stdlib }
Trivy detects the Go version used to compile the binary and detects its vulnerabilities in the standard libraries.
It possibly produces false positives.
See [the caveat](#stdlib-vulnerabilities) for details.
Expand All @@ -120,7 +120,7 @@ There are a few ways to mitigate this:
2. Suppress non-applicable vulnerabilities using either [ignore file](../../configuration/filtering.md) for self-use or [VEX Hub](../../supply-chain/vex/repo.md) for public use.

### Empty Version
As described in the [Main Module](#main-module-1) section, the main module of Go binaries might have an empty version.
As described in the [Main Module](#gomod-main) section, the main module of Go binaries might have an empty version.
Also, dependencies replaced with local ones will have an empty version.

[^1]: It doesn't require the Internet access.
Expand Down
9 changes: 4 additions & 5 deletions docs/docs/coverage/language/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ On the other hand, when the target is a post-build artifact, like a container im
| [.NET](dotnet.md) | packages.lock.json |||||
| | packages.config |||||
| | .deps.json |||||
| | *Packages.props[^10] |||||
| | *Packages.props[^9] |||||
| [Java](java.md) | JAR/WAR/PAR/EAR[^3] ||| - | - |
| | pom.xml | - | - |||
| | *gradle.lockfile | - | - |||
Expand All @@ -44,7 +44,7 @@ On the other hand, when the target is a post-build artifact, like a container im
| [Rust](rust.md) | Cargo.lock |||||
| | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) ||| - | - |
| [C/C++](c.md) | conan.lock | - | - |||
| [Elixir](elixir.md) | mix.lock[^9] | - | - |||
| [Elixir](elixir.md) | mix.lock[^8] | - | - |||
| [Dart](dart.md) | pubspec.lock | - | - |||
| [Swift](swift.md) | Podfile.lock | - | - |||
| | Package.resolved | - | - |||
Expand All @@ -65,6 +65,5 @@ Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Do
[^5]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
[^6]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
[^7]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
[^8]: ✅ means that Trivy detects line numbers where each dependency is declared in the scanned file. Only supported in [json](../../configuration/reporting.md#json) and [sarif](../../configuration/reporting.md#sarif) formats. SARIF uses `startline == 1 and endline == 1` for unsupported file types
[^9]: To scan a filename other than the default filename use [file-patterns](../../configuration/skipping.md#file-patterns)
[^10]: `Directory.Packages.props` and legacy `Packages.props` file names are supported
[^8]: To scan a filename other than the default filename use [file-patterns](../../configuration/skipping.md#file-patterns)
[^9]: `Directory.Packages.props` and legacy `Packages.props` file names are supported
2 changes: 1 addition & 1 deletion docs/docs/coverage/language/java.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Trivy reproduces Maven's repository selection and priority:

!!! Note
Trivy only takes information about packages. We don't take a list of vulnerabilities for packages from the `maven repository`.
Information about data sources for Java you can see [here](../../scanner/vulnerability.md#data-sources-1).
Information about data sources for Java you can see [here](../../scanner/vulnerability.md#langpkg-data-sources).

You can disable connecting to the maven repository with the `--offline-scan` flag.
The `--offline-scan` flag does not affect the Trivy database.
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/coverage/language/python.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Trivy parses your files generated by package managers in filesystem/repository s
#### Dependency detection
By default, Trivy only parses [version specifiers](https://packaging.python.org/en/latest/specifications/version-specifiers/#id5) with `==` comparison operator and without `.*`.

Using the [--detection-priority comprehensive](#detection-priority) option ensures that the tool establishes a minimum version, which is particularly useful in scenarios where identifying the exact version is challenging.
Using the [--detection-priority comprehensive][detection-priority] option ensures that the tool establishes a minimum version, which is particularly useful in scenarios where identifying the exact version is challenging.
In such case Trivy parses specifiers `>=`,`~=` and a trailing `.*`.

```
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/references/troubleshooting.md
Original file line number Diff line number Diff line change
Expand Up @@ -269,4 +269,4 @@ $ trivy clean --all

[air-gapped]: ../advanced/air-gap.md
[network]: ../advanced/air-gap.md#network-requirements
[redis-cache]: ../../vulnerability/examples/cache/#cache-backend
[redis-cache]: ../configuration/cache.md#redis
2 changes: 1 addition & 1 deletion docs/docs/scanner/misconfiguration/check/builtin.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ See [here](../../../coverage/iac/index.md) for the list of supported config type
When performing a misconfiguration scan, Trivy will automatically download the relevant Checks bundle. The bundle is cached locally and Trivy will reuse it for subsequent scans on the same machine. Trivy takes care of updating the cache automatically, so normally users can be oblivious to it.

## Checks Distribution
Trivy checks are distributed as an [OPA bundle](opa-bundle) hosted in the following GitHub Container Registry: <https://ghcr.io/aquasecurity/trivy-checks>.
Trivy checks are distributed as an [OPA bundle][opa-bundle] hosted in the following GitHub Container Registry: <https://ghcr.io/aquasecurity/trivy-checks>.
Trivy checks for updates to OPA bundle on GHCR every 24 hours and pulls it if there are any updates.

### External connectivity
Expand Down
16 changes: 8 additions & 8 deletions docs/docs/scanner/vulnerability.md
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ To hide unfixed/unfixable vulnerabilities, you can use the `--ignore-unfixed` fl
### Supported Languages
See [here](../coverage/language/index.md#supported-languages) for the supported languages.

### Data Sources
### Data Sources { #langpkg-data-sources }

| Language | Source | Commercial Use | Delay[^1] |
|----------|-----------------------------------------------------|:--------------:|:---------:|
Expand Down Expand Up @@ -141,20 +141,20 @@ See [here](../coverage/language/index.md#supported-languages) for the supported

If you have software that is not managed by a package manager, Trivy can still detect vulnerabilities in it in some cases:

- [Using SBOM from Sigstore Rekor](../supply-chain/attestation/rekor/#non-packaged-binaries)
- [Go Binaries with embedded module information](../coverage/language/golang/#go-binaries)
- [Rust Binaries with embedded information](../coverage/language/rust/#binaries)
- [SBOM embedded in container images](../supply-chain/container-image/#sbom-embedded-in-container-images)
- [Using SBOM from Sigstore Rekor](../supply-chain/attestation/rekor.md#non-packaged-binaries)
- [Go Binaries with embedded module information](../coverage/language/golang.md#go-binary)
- [Rust Binaries with embedded information](../coverage/language/rust.md#binaries)
- [SBOM embedded in container images](../supply-chain/sbom.md#sbom-detection-inside-targets)

## Kubernetes

Trivy can detect vulnerabilities in Kubernetes clusters and components by scanning a Kubernetes Cluster, or a KBOM (Kubernetes bill of Material). To learn more, see the [documentation for Kubernetes scanning](../target/kubernetes.md).

### Data Sources

| Vendor | Source |
| ------------- |---------------------------------------------|
| Kubernetes | [Kubernetes Official CVE feed][k8s-cve][^1] |
| Vendor | Source |
|------------|---------------------------------------------|
| Kubernetes | [Kubernetes Official CVE feed][k8s-cve][^1] |

[^1]: Some manual triage and correction has been made.

Expand Down
1 change: 1 addition & 0 deletions docs/docs/supply-chain/sbom.md
Original file line number Diff line number Diff line change
Expand Up @@ -738,6 +738,7 @@ See [here](../target/sbom.md) for more details.

### SBOM Detection inside Targets
Trivy searches for SBOM files in container images with the following extensions:

- `.spdx`
- `.spdx.json`
- `.cdx`
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/target/sbom.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Trivy can take the following SBOM formats as an input and scan for vulnerabiliti
- SPDX
- SPDX JSON
- CycloneDX-type attestation
- [KBOM](./kubernetes.md#KBOM) in CycloneDX format
- [KBOM](./kubernetes.md#kbom) in CycloneDX format

To scan SBOM, you can use the `sbom` subcommand and pass the path to the SBOM.
The input format is automatically detected.
Expand Down Expand Up @@ -118,7 +118,7 @@ Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 2)

## KBOM

To read more about KBOM, see the [documentation for Kubernetes scanning](./kubernetes.md#KBOM).
To read more about KBOM, see the [documentation for Kubernetes scanning](./kubernetes.md#kbom).

The supported Kubernetes distributions for core components vulnerability scanning are:

Expand Down
2 changes: 1 addition & 1 deletion docs/tutorials/kubernetes/cluster-scanning.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ This has several benefits:

- The CRDs can be both machine and human-readable depending on which applications consume the CRDs. This allows for more versatile applications of the Trivy operator.

There are several ways that you can install the Trivy Operator in your cluster. In this guide, we’re going to use the Helm installation based on the [following documentation.](../../docs/target/kubernetes.md#trivy-operator)
There are several ways that you can install the Trivy Operator in your cluster. In this guide, we’re going to use the Helm installation.

Please follow the Trivy Operator documentation for further information on:

Expand Down

0 comments on commit ad0ff5d

Please sign in to comment.