Skip to content

Commit

Permalink
Merge pull request #5 from reasonerjt/prepare-v0-32-0-ga-release-branch
Browse files Browse the repository at this point in the history
Prepare v0 32 0 ga release branch
  • Loading branch information
reasonerjt authored Nov 4, 2024
2 parents b051a07 + 952f039 commit 1087bb6
Show file tree
Hide file tree
Showing 9 changed files with 119 additions and 91 deletions.
7 changes: 3 additions & 4 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,15 @@ changelog:
- '^release'
dockers:
- image_templates:
- "docker.io/aquasec/harbor-scanner-trivy:{{ .Version }}"
- "public.ecr.aws/aquasecurity/harbor-scanner-trivy:{{ .Version }}"
- "docker.io/goharbor/harbor-scanner-trivy:{{ .Version }}"
ids:
- scanner-trivy
build_flag_templates:
- "--label=org.label-schema.schema-version=1.0"
- "--label=org.label-schema.name={{ .ProjectName }}"
- "--label=org.label-schema.description=Harbor scanner adapter for Trivy"
- "--label=org.label-schema.vendor=Aqua Security"
- "--label=org.label-schema.vendor=Harbor community"
- "--label=org.label-schema.version={{ .Version }}"
- "--label=org.label-schema.build-date={{ .Date }}"
- "--label=org.label-schema.vcs=https://github.com/aquasecurity/harbor-scanner-trivy"
- "--label=org.label-schema.vcs=https://github.com/goharbor/harbor-scanner-trivy"
- "--label=org.label-schema.vcs-ref={{ .FullCommit }}"
81 changes: 42 additions & 39 deletions README.md

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions helm/harbor-scanner-trivy/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: v1
name: harbor-scanner-trivy
version: 0.31.4
appVersion: 0.31.4
version: 0.32.0
appVersion: 0.32.0
description: Harbor scanner adapter for Trivy
keywords:
- scanner
- harbor
- vulnerability
sources:
- https://github.com/aquasecurity/harbor-scanner-trivy
- https://github.com/goharbor/harbor-scanner-trivy
86 changes: 44 additions & 42 deletions helm/harbor-scanner-trivy/README.md

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions helm/harbor-scanner-trivy/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ spec:
value: {{ .Values.scanner.trivy.skipJavaDBUpdate | quote }}
- name: "SCANNER_TRIVY_OFFLINE_SCAN"
value: {{ .Values.scanner.trivy.offlineScan | quote }}
- name: "SCANNER_TRIVY_DB_REPOSITORY"
value: {{ .Values.scanner.trivy.dbRepository | quote }}
- name: "SCANNER_TRIVY_JAVA_DB_REPOSITORY"
value: {{ .Values.scanner.trivy.javaDBRepository | quote }}
- name: "SCANNER_TRIVY_GITHUB_TOKEN"
valueFrom:
secretKeyRef:
Expand Down
10 changes: 7 additions & 3 deletions helm/harbor-scanner-trivy/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ fullnameOverride: ""

image:
registry: docker.io
repository: aquasec/harbor-scanner-trivy
tag: 0.31.4
repository: goharbor/harbor-scanner-trivy
tag: 0.32.0
pullPolicy: IfNotPresent

replicaCount: 1
Expand Down Expand Up @@ -78,6 +78,10 @@ scanner:
## If the flag is enabled you have to manually download the `trivy-java.db` file and mount it in the
## `/home/scanner/.cache/trivy/java-db/trivy-java.db` path (see `cacheDir`).
skipJavaDBUpdate: false
# OCI repository to retrieve the trivy vulnerability database from
dbRepository: "ghcr.io/aquasecurity/trivy-db"
# OCI repository to retrieve the Java trivy vulnerability database from
javaDBRepository: "ghcr.io/aquasecurity/trivy-java-db"
# offlineScan the flag to disable external API requests to identify dependencies.
offlineScan: false
## gitHubToken the GitHub access token to download Trivy DB
Expand All @@ -98,7 +102,7 @@ scanner:
gitHubToken: ""
## insecure the flag to skip verifying registry certificate
insecure: false
# See https://github.com/aquasecurity/trivy#filter-the-vulnerabilities-by-open-policy-agent-policy for details
# See https://github.com/goharbor/trivy#filter-the-vulnerabilities-by-open-policy-agent-policy for details
ignorePolicy: ""
# ignorePolicy: |
# package trivy
Expand Down
2 changes: 2 additions & 0 deletions pkg/etc/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ type Trivy struct {
IgnorePolicy string `env:"SCANNER_TRIVY_IGNORE_POLICY"`
SkipDBUpdate bool `env:"SCANNER_TRIVY_SKIP_UPDATE" envDefault:"false"`
SkipJavaDBUpdate bool `env:"SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE" envDefault:"false"`
DBRepository string `env:"SCANNER_TRIVY_DB_REPOSITORY" envDefault:"ghcr.io/aquasecurity/trivy-db"`
JavaDBRepository string `env:"SCANNER_TRIVY_JAVA_DB_REPOSITORY" envDefault:"ghcr.io/aquasecurity/trivy-java-db"`
OfflineScan bool `env:"SCANNER_TRIVY_OFFLINE_SCAN" envDefault:"false"`
GitHubToken string `env:"SCANNER_TRIVY_GITHUB_TOKEN"`
Insecure bool `env:"SCANNER_TRIVY_INSECURE" envDefault:"false"`
Expand Down
8 changes: 8 additions & 0 deletions pkg/trivy/wrapper.go
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,14 @@ func (w *wrapper) prepareScanCmd(target ScanTarget, outputFile string, opt ScanO
args = append(args, "--ignore-policy", w.config.IgnorePolicy)
}

if w.config.DBRepository != "" {
args = append(args, "--db-repository", w.config.DBRepository)
}

if w.config.JavaDBRepository != "" {
args = append(args, "--java-db-repository", w.config.JavaDBRepository)
}

if w.config.DebugMode {
args = append(args, "--debug")
}
Expand Down
6 changes: 6 additions & 0 deletions pkg/trivy/wrapper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ func TestWrapper_Scan(t *testing.T) {
IgnorePolicy: "/home/scanner/opa/policy.rego",
SkipDBUpdate: true,
SkipJavaDBUpdate: true,
DBRepository: "ghcr.io/aquasecurity/trivy-db",
JavaDBRepository: "ghcr.io/aquasecurity/trivy-java-db",
GitHubToken: "<github_token>",
Insecure: true,
Timeout: 5 * time.Minute,
Expand Down Expand Up @@ -153,6 +155,10 @@ func TestWrapper_Scan(t *testing.T) {
"--ignore-unfixed",
"--skip-db-update",
"--skip-java-db-update",
"--db-repository",
"ghcr.io/aquasecurity/trivy-db",
"--java-db-repository",
"ghcr.io/aquasecurity/trivy-java-db",
"--ignore-policy",
"/home/scanner/opa/policy.rego",
"--debug",
Expand Down

0 comments on commit 1087bb6

Please sign in to comment.