From 4a4adf7b0dcf81ee30b4dc5fd52986fef42a2264 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Tue, 11 Jun 2024 09:24:14 +0000 Subject: [PATCH 1/2] Upgrading trivy from 0.50.4 to 0.52.1 Signed-off-by: secureCodeBoxBot --- scanners/trivy/Chart.yaml | 2 +- scanners/trivy/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index 3ef9e90208..cf9654d59c 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the trivy security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "0.50.4" +appVersion: "0.52.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index 7c23829a0b..75a8999ad4 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -3,7 +3,7 @@ title: "Trivy" category: "scanner" type: "Container" state: "released" -appVersion: "0.50.4" +appVersion: "0.52.1" usecase: "Container Vulnerability Scanner" --- From 2ce3e032c792ff0ccd1a84bbbaa34cbecdaca33a Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Tue, 11 Jun 2024 17:35:03 +0200 Subject: [PATCH 2/2] Update trivy integration test for k8s scan Refactor the trivy integration test for the k8s scan to include the new `--include-namespaces` flag . Context does not have to explicitly set. Default is used Signed-off-by: Ilyes Ben Dlala --- scanners/trivy/integration-tests/trivy.test.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scanners/trivy/integration-tests/trivy.test.js b/scanners/trivy/integration-tests/trivy.test.js index adfe998298..5364b9cf16 100644 --- a/scanners/trivy/integration-tests/trivy.test.js +++ b/scanners/trivy/integration-tests/trivy.test.js @@ -98,7 +98,6 @@ test.concurrent( }, 3 * 60 * 1000 ); - test.concurrent( "trivy k8s scan should not fail", async () => { @@ -106,7 +105,7 @@ test.concurrent( "trivy-k8s-test", "trivy-k8s", // scanners is limited to config, and namespace to default to reduce the time of the test - ["cluster", "--debug","--scanners", "config", "--namespace", "default"], + ["--debug","--scanners", "config", "--include-namespaces", "securecodebox-system"], 10 * 60 * 1000 );