Proto commits in aquasecurity/trivy

These 64 commits are when the Protocol Buffers files have changed:

2025-04-23

feat(image): save layers metadata into report (#8394) Co-authored-by: knqyf263 <knqyf263@gmail.com>

The documentation is generated from this commit.

2025-03-04

feat: add report summary table (#8177) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>

2025-03-03

feat: add `--vuln-severity-source` flag (#8269)

2025-02-28

feat(misconf): render causes for Terraform (#8360) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

2025-02-19

fix(server): secrets inspectation for the config analyzer in client server mode (#8418)

2024-12-09

feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

2024-11-21

feat: add cvss v4 score and vector in scan response (#7968)

fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)

2024-10-29

refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776) Signed-off-by: Simar <simar@linux.com>

2024-09-05

fix(license): stop spliting a long license text (#7336) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>

2024-08-21

feat(misconf): variable support for Terraform Plan (#7228) Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>

2024-07-29

feat(vuln): add `--pkg-relationships` (#7237) Signed-off-by: knqyf263 <knqyf263@gmail.com>

2024-07-09

feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104)

2024-05-28

fix: include packages unless it is not needed (#6765) Signed-off-by: knqyf263 <knqyf263@gmail.com>

2024-05-20

refactor: unify Library and Package structs (#6633) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

2024-05-07

refactor: unify Library and Package structs (#6633) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

2024-05-03

feat: introduce package UIDs for improved vulnerability mapping (#6583) Signed-off-by: knqyf263 <knqyf263@gmail.com>

2024-03-24

fix(server): add Locations for `Packages` in client/server mode (#6366)

2023-12-29

refactor: move PkgRef under PkgIdentifier (#5831) Signed-off-by: knqyf263 <knqyf263@gmail.com>

2023-12-27

feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Signed-off-by: juan131 <jariza@vmware.com> Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io> Co-authored-by: knqyf263 <knqyf263@gmail.com>

2023-11-02

fix(server): add licenses to `BlobInfo` message (#5382)

2023-08-17

fix(server): add indirect prop to package (#4974) * fix(server): add indirect prop to package * fix(server): fix test

2023-08-08

fix(server): add licenses to the Result message (#4955)

2023-07-30

fix(misconf): add missing fields to proto (#4861) * fix(misconf): add missing fields to proto * mark deleted fields as reserved

2023-07-26

feat(vuln): support vulnerability status (#4867) * feat: support vulnerability status * feat: show status in table * don't add `fixed` status in debian/redhat * update test golden files * add Status in rpc * update docs * update ignore-status example * add ignore-status in integration test * docs: add the explanation for statuses --------- Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

2023-06-29

feat(cli): add include-dev-deps flag (#4700) * add Dev field for Package * fix integration test * update docs * feat(cli): add include-dev flag * bump go-dep-parser * update docs * add integration test * refactor * refactor * fix integration test * refactor: rename flag to include-dev-deps * update docs * update docs * filter dev deps when scanning packages * add flag support for server mode * refactor: remove comment that might confuse * refactor: move --include-dev-deps to the scanner flag group * refactor: not return apps * docs: update --------- Co-authored-by: knqyf263 <knqyf263@gmail.com>

2023-03-30

fix(sbom): add checksum to files (#3888) Co-authored-by: knqyf263 <knqyf263@gmail.com>

2023-01-23

refactor: rename security-checks to scanners (#3467)

2022-12-27

feat(ubuntu): added support ubuntu ESM versions (#1893) Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>

2022-09-15

feat(secret): add line from dockerfile where secret was added to secret result (#2780) Co-authored-by: knqyf263 <knqyf263@gmail.com>

2022-08-25

fix(secret): Consider secrets in rpc calls (#2753)

2022-07-13

feat: Add support for license scanning (#2418) Co-authored-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

2022-06-27

feat: added license parser for dpkg (#2381) Co-authored-by: knqyf263 <knqyf263@gmail.com>

2022-06-16

fix(lang): fix dependency graph in client server mode (#2336)

2022-04-14

feat(alpine): support apk repositories (#1987)

2022-03-30

fix(rpc): add PkgPath field to client / server mode (#1643)

2022-03-27

feat(cache): remove temporary cache after filesystem scanning (#1868)

2022-03-22

feat(cyclonedx): add vulnerabilities (#1832) Co-authored-by: knqyf263 <knqyf263@gmail.com>

2022-02-13

fix(rpc): Supports RPC calls for new identifier CustomResource (#1605)

2022-02-10

build: Make `make protoc` be consistent (#1682) Signed-off-by: Yuval Goldberg <yuvigoldi@gmail.com>

2022-01-31

refactor: migrate to prefixed buckets (#1644)

2022-01-28

feat(os-pkg): add data sources (#1636)

2021-12-30

test(integration): use fixtures (#1532)

2021-10-14

feat(custom-forward): Forward the extended advisory data (#1247) Co-authored-by: knqyf263 <knqyf263@gmail.com>

2021-09-22

fix:added layer info in packages (#1248) * added layer info in packages * fixed unit cases

2021-09-09

feat(license): Added support to new License field of go-dep-parser's library (#1167)

2021-08-15

Add license info to package data (#1176)

2021-07-27

feat(report): add end of service life flag to OS metadata (#1142) Co-authored-by: knqyf263 <knqyf263@gmail.com>

2021-07-09

feat: support config scanning (#931)

2021-06-06

chore(rpc): update protoc and twirp (#1044)

2021-06-03

Added support for list all packages flag in client (#1032) * Added support for list all packages flag in client This commit is to support --list-all_pkgs argument in client command Example command: trivy -d client --list-all-pkgs --remote http://localhost:8080 ubuntu:18.04. * Updated argument in client.md * Fixed all format issues

2021-05-20

feat: prepare for config scanning (#1005) * temp: disable config scanning

2021-02-14

feat(java): support jar/war/ear (#837) * refactor(server): remove Detect endpoint * refactor(library): do not use interface * refactor: add dbtest package * test: add bolt fixtures * feat: support jar scanning * refactor: rename node to npm * refactor: fix lint issues * test(maven): remove some tests * chore(mod): update fanal * docs: update README * chore(mod): update trivy-db * fix(library/drive): add ecosystem * fix: do not display 0 vulnerabilities * refactor(table): split method * Update README.md (#838) * fix(app): increase the default value of timeout (#842) * feat(maven): use go-mvn-version * test(maven): update tests * fix(scan): skip files and dirs before vulnerability detection * fix: display log messages only once per type * docs(README): add file suffixes * chore(mod): update go-mvn-version * feat(log): set go-dep-parser logger * chore(mod): update fanal * docs: update README * docs(README): add java source * test(maven): fix invalid case

2020-12-14

NVD: Add timestamps. (#761) * (feat): Add NVD published and modified dates Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix registry_test.go golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix distroless-base-ignore-unfixed.json.golden with ignore-unfixed option. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix fluentd-multiple-lockfiles.json.golden. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix alpine-310.html.golden file. Signed-off-by: Simarpreet Singh <simar@linux.com> * fix(convert): fix disparency between standalone and client/server * test(integration): update trivy.db * test(integration): update golden files * (test): Add a check for non nil date types. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Add a unit test for ConvertFromRPCResults. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Add a nil date case for ConvertFromRPCResults. Signed-off-by: Simarpreet Singh <simar@linux.com> * refactor: sort imports Co-authored-by: knqyf263 <knqyf263@gmail.com>

2020-11-26

feat(vulnerability): add primary URLs (#752) * refactor(vulnerability): rename a method * feat(vulnerability): add primary url * fix(templates): add primary links * feat(writer): add url * refactor(convert): remove an unnecessary function * feat(rpc): add primary_url * test(integration): update golden files

2020-09-02

feat(rpc): add CWE-ID (#614)

2020-07-26

rpc: Add CVSS information to client/server (#564) Signed-off-by: Simarpreet Singh <simar@linux.com>

2020-05-30

feat: support repository and filesystem scan (#503) * refactor: embed config * refactor: replace image and layer with artifact and blob * feat(config): add ArtifactConfig * fix(scanner): use Artifact * test(scanner): update mocks * feat: add repo and fs subcommands * chore(mod): update * refactor: fix warn message * feat(cli): add --no-progress to repo and fs * mod: Update fanal dependency Signed-off-by: Simarpreet Singh <simar@linux.com> Co-authored-by: Simarpreet Singh <simar@linux.com>

2020-04-16

Override with Vendor score if exists (#433) * wip: Add a failing test to demo severity override Signed-off-by: Simarpreet Singh <simar@linux.com> * scan.go: Return osFound for use in determining vendor. Signed-off-by: Simarpreet Singh <simar@linux.com> * pkg: Fix ScanImage return in case an OSFound Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Include a package-lock.json for happy path Signed-off-by: Simarpreet Singh <simar@linux.com> * wip: Add a test to include various reportResult types Signed-off-by: Simarpreet Singh <simar@linux.com> * Makefile: Add a target to generate mocks. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Pass reportType as argument for FillInfo. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add other types of vulnerabilities. Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Update golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * ospkg: Fix FillInfo for ospkg/server Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Add os.Family type to Response. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test.go: Add case where no vendor severity exists. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Fallback to NVD if it exists. Also add tests for other cases. Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Fix a few sites with reportType info and tests. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Remove VendorSeverity from displayed results Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add vulnerability source information. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Add VendorSeverity logic for lightDB as well. This commit also makes FillInfo logic common to both light and full DBs. Signed-off-by: Simarpreet Singh <simar@linux.com> * remove some crufty TODOs Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability_test: Add a case for light db for documentation purposes Signed-off-by: Simarpreet Singh <simar@linux.com> * mod: update trivy-db to point to master Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Remove cruft and bring back test cases Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Add pkg Type to mock return Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: reorder err check after err Signed-off-by: Simarpreet Singh <simar@linux.com> * client_test: Fix import ordering Signed-off-by: Simarpreet Singh <simar@linux.com> * convert.go: Use result.Type Signed-off-by: Simarpreet Singh <simar@linux.com> * convert: Use result.Type and simplify ConvertFromRpcResults signature Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Refactor calls to getVendorSeverity Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Remove centos-7-critical.json.golden There's no critical vulnerability in CentOS 7 anymore. In addition this test was not adding any value that is already not covered by existing tests cases. Signed-off-by: Simarpreet Singh <simar@linux.com> * rpc: Include severity source in tests. Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Update test db to include VendorSeverity. Test DB is now a snapshot of full database from trivy-db. Also update golden files to include SeveritySource. Signed-off-by: Simarpreet Singh <simar@linux.com> * vulnerability: Make centos7 use RHEL vendor severities Signed-off-by: Simarpreet Singh <simar@linux.com>

2020-04-14

fix: replace containers/image with google/go-containerregistry (#456) * chore(mod): update dependencies * fix(internal): remove cleanup * fix: use only diff_id * fix: use string instead of digest * fix: replace LayerID with Layer * test(integration): negotiate API version * feat(conf): add TRIVY_NONSSL * test(integration): update golden files * test(integration): fix the error message * chore(debian): add comments * chore(mod): update dependencies

2020-03-04

detector: Add LayerID to detect vulns (#419) * detector/alpine: Add LayerID to detect vulns Signed-off-by: Simarpreet Singh <simar@linux.com> * amazon: Add LayerID to DetectedVulns Signed-off-by: Simarpreet Singh <simar@linux.com> * debian: Add LayerID to DetectVulns + tests Signed-off-by: Simarpreet Singh <simar@linux.com> * oracle: Add LayerID to DetectVulns + tests Signed-off-by: Simarpreet Singh <simar@linux.com> * photon: Add LayerID to DetectVulns + tests Signed-off-by: Simarpreet Singh <simar@linux.com> * redhat: Add LayerID to DetectVulns + tests Signed-off-by: Simarpreet Singh <simar@linux.com> * suse: Add LayerID to DetectVulns + tests Signed-off-by: Simarpreet Singh <simar@linux.com> * ubuntu: Add LayerID to DetectVulns + tests Signed-off-by: Simarpreet Singh <simar@linux.com> * integration: Fix integration tests to include LayerID Signed-off-by: Simarpreet Singh <simar@linux.com> * fix(rpc): add layer_id * fix(rpc): insert layer_id to the struct * fix(extractor): add cleanup function * fix(library): add layer ID to detected vulnerabilities * test: update mocks * chore(mod): point to the feature branch of fanal * mod: Point to fanal/master Signed-off-by: Simarpreet Singh <simar@linux.com> * scan_test: Include LayerID as part of the assertion Signed-off-by: Simarpreet Singh <simar@linux.com> * docker_engine_test.go: Update an error message to conform with fanal/master. Signed-off-by: Simarpreet Singh <simar@linux.com> Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>

2020-02-27

feat(cache): based on JSON (#398) * refactor(docker_conf): rename and remove unnecessary options * feat(rpc): define new API * fix(cli): change default timeout * fix(import): fix package names * refactor(vulnerability): remove old mock * refactor(utils): remove un-needed functions * feat(cache): implement cache communicating with a server * refactor(scan): separate scan function as local scanner * test(scanner): add tests for ScanImage * refactor(scan): remove unused options * test(vulnerability): generate mock * refactor(server): split a file * feat(server): implement new RPC server * feat(client): implement new RPC client * fix(cache): use new cache interface * fix(standalone): use new scanner * fix(client): use new scanner * fix(server): pass cache * test(integration): make sure an error is not nil before calling the method * fix(mod): update dependencies * test(integration): ensure the image load finishes * feat(docker): support DOCKER_HOST and DOCKER_CERT_PATH * chore(mod): update dependencies * refactor(rpc): remove old client * feat(server): support old API for backward compatibility * fix(server): check a schema version of JSON cache * fix(rpc): add a version to packages * feat(rpc): add PutImage * test: rename expectations * refactor(cache): rename LayerCache to ImageCache * refactor: rename ImageInfo to ImageReference * fix(applier): pass image_id to ApplyLayer * feat(cache): handle image cache * chore(mod): update dependencies * refactor(server): pass only config * feat(cli): add -removed-pkgs option * refactor(err): wrap errors

2020-02-16

fix(client): add image name and build time (#402) * WIP: Add imageName and BuildTime for Remote detector Signed-off-by: Simarpreet Singh <simar@linux.com> * wip Signed-off-by: Simarpreet Singh <simar@linux.com> * change name from build_time to created * remove an unused function * fix(library): add image_name and created_at * fix(ospkg): add image_name and created_at * fix(scan): add image_name and created_at * fix(library): remove unused param Co-authored-by: Simarpreet Singh <simar@linux.com>

2019-12-13

feat: support client/server mode (#295) * chore(app): change dir * feat(rpc): add a proto file and auto-generated files * chore(dep): add dependencies * fix(app): fix import path * fix(integration): fix import path * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * refactor: split functions for client/server (#296) * refactor(db): split db.Download * refactor(standalone): create a different package * refactor(vulnerability): split FillAndFilter * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * fix(db): remove an unused variable * fix(db): expose the github client as an argument of constructor * refactor(vulnerability): add the detail message * feat(rpc): add rpc client (#302) * fix(protoc): use enum for severity * chore(Makefile): add fmt andd protoc * chore(clang): add .clang-format * feat(rpc): convert types * feat(rpc): add rpc client * token: Refactor to handle bad headers being set Signed-off-by: Simarpreet Singh <simar@linux.com> * feat(rpc): add rpc server (#303) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * test(mock): add mocks * test(rpc/server): add tests * test(rpc/ospkg/server): add tests * tets(os/detector): add tests * refactor(library): move directories * chore(dependency): add google/wire * refactor(library): introduce google/wire * refactor(ospkg/detector): move directory * feat(rpc): add eosl * refactor(ospkg): introduce google/wire * refactor(wire): bind an interface * refactor(client): use wire.Struct * chore(Makefile): fix wire * test(server): add AssertExpectations * test(server): add AssertExpectations * refactor(server): remove debug log * refactor(error): add more context messages * test(server): fix error message * refactor(test): create a constructor of mock * refactor(config): remove an unused variable * test(config): add an assertion to test the config struct * feat(client/server): add sub commands (#304) * feat(rpc): add rpc server * feat(utils): add CopyFile * feat(server/config): add config struct * feat(detector): add detector * feat(scanner): delegate procedures to detector * fix(scanner): fix the interface * feat(client/server): add sub commands * merge(server3) * test(scan): remove an unused mock * refactor(client): generate the constructor by wire * fix(cli): change the default port * fix(server): use auto-generated constructor * feat(ospkg): return eosl * test(integration): add integration tests for client/server (#306) * fix(server): remove unnecessary options * test(integration): add integration tests for client/server * fix(server): wrap an error * fix(server): change the update interval * fix(server): display the error detail * test(config): add an assertion to test the config struct * fix(client): returns an error when failing to initizlie a logger * test(ospkg/server): add eosl * Squashed commit of the following: * test(server): refactor and add tests (#307) * test(github): create a mock * test(db): create a mock * test(server): add tests for DB hot update * chore(db): add a log message * refactor(db): introduce google/wire * refactor(rpc): move directory * refactor(injector): fix import name * refactor(import): remove new lines * fix(server): display the error detail * fix(server): change the update interval * fix(server): wrap an error * test(integration): add integration tests for client/server * fix(server): remove unnecessary options * refactor(server): return an error when failing to initialize a logger * refactor(server): remove unused error * fix(client/server): fix default port * chore(README): add client/server * chore(README): update