diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index bd50db9..daa0f0a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -6,7 +6,7 @@ on: workflow_dispatch: env: - TRIVY_VERSION: 0.57.1 + TRIVY_VERSION: 0.60.0 BATS_LIB_PATH: '/usr/lib/' jobs: diff --git a/README.md b/README.md index 646d827..78160ce 100644 --- a/README.md +++ b/README.md @@ -215,7 +215,7 @@ jobs: uses: aquasecurity/setup-trivy@v0.2.0 with: cache: true - version: v0.57.1 + version: v0.60.1 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master @@ -847,7 +847,7 @@ Following inputs can be used as `step.with` keys: | `github-pat` | String | | Authentication token to enable sending SBOM scan results to GitHub Dependency Graph. Can be either a GitHub Personal Access Token (PAT) or GITHUB_TOKEN | | `limit-severities-for-sarif` | Boolean | false | By default *SARIF* format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to **true** | | `docker-host` | String | | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values | -| `version` | String | `v0.57.1` | Trivy version to use, e.g. `latest` or `v0.57.1` | +| `version` | String | `v0.60.0` | Trivy version to use, e.g. `latest` or `v0.60.0` | | `skip-setup-trivy` | Boolean | false | Skip calling the `setup-trivy` action to install `trivy` | | `token-setup-trivy` | Boolean | | Overwrite `github.token` used by `setup-trivy` to checkout the `trivy` repository | diff --git a/action.yaml b/action.yaml index ddfce8f..24775a9 100644 --- a/action.yaml +++ b/action.yaml @@ -98,7 +98,7 @@ inputs: version: description: 'Trivy version to use' required: false - default: 'v0.57.1' + default: 'v0.60.0' cache: description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.' required: false diff --git a/test/data/config-sarif-report/report.sarif b/test/data/config-sarif-report/report.sarif index db8444c..dcaa667 100644 --- a/test/data/config-sarif-report/report.sarif +++ b/test/data/config-sarif-report/report.sarif @@ -205,7 +205,7 @@ "text": "S3 buckets should each define an aws_s3_bucket_public_access_block" }, "fullDescription": { - "text": "The "block public access" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it.\n" + "text": "The \"block public access\" settings in S3 override individual policies that apply to a given bucket, meaning that all public access can be controlled in one central types for that bucket. It is therefore good practice to define these settings for each bucket in order to clearly define the public access that can be allowed for it.\n" }, "defaultConfiguration": { "level": "note" diff --git a/test/data/config-scan/report.json b/test/data/config-scan/report.json index 7501a22..f1ac724 100644 --- a/test/data/config-scan/report.json +++ b/test/data/config-scan/report.json @@ -90,7 +90,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -150,7 +151,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -210,7 +212,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -271,7 +274,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -388,7 +392,11 @@ "EndLine": 18 } } - ] + ], + "RenderedCause": { + "Raw": "resource \"aws_s3_bucket_versioning\" \"bucket_versioning\" {\n versioning_configuration {\n status = \"Disabled\"\n }\n}", + "Highlighted": "\u001b[38;5;33mresource\u001b[0m \u001b[38;5;37m\"aws_s3_bucket_versioning\"\u001b[0m \u001b[38;5;37m\"bucket_versioning\"\u001b[0m {\n versioning_configuration {\n \u001b[38;5;245mstatus\u001b[0m = \u001b[38;5;37m\"Disabled\"\n\u001b[0m }\n}" + } } }, { @@ -448,7 +456,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -508,7 +517,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -568,7 +578,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } }, { @@ -628,7 +639,8 @@ "LastCause": true } ] - } + }, + "RenderedCause": {} } } ] diff --git a/test/data/fs-scan/report b/test/data/fs-scan/report index e69de29..b7ce3fd 100644 --- a/test/data/fs-scan/report +++ b/test/data/fs-scan/report @@ -0,0 +1,12 @@ + +Report Summary + +┌────────┬──────┬─────────────────┬─────────┐ +│ Target │ Type │ Vulnerabilities │ Secrets │ +├────────┼──────┼─────────────────┼─────────┤ +│ - │ - │ - │ - │ +└────────┴──────┴─────────────────┴─────────┘ +Legend: +- '-': Not scanned +- '0': Clean (no security findings detected) + diff --git a/test/data/image-scan/report b/test/data/image-scan/report index 8db9602..5b10bb1 100644 --- a/test/data/image-scan/report +++ b/test/data/image-scan/report @@ -1,4 +1,18 @@ +Report Summary + +┌──────────────────────────────────────────┬────────┬─────────────────┬─────────┐ +│ Target │ Type │ Vulnerabilities │ Secrets │ +├──────────────────────────────────────────┼────────┼─────────────────┼─────────┤ +│ knqyf263/vuln-image:1.2.3 (alpine 3.7.1) │ alpine │ 19 │ - │ +├──────────────────────────────────────────┼────────┼─────────────────┼─────────┤ +│ rust-app/Cargo.lock │ cargo │ 4 │ - │ +└──────────────────────────────────────────┴────────┴─────────────────┴─────────┘ +Legend: +- '-': Not scanned +- '0': Clean (no security findings detected) + + knqyf263/vuln-image:1.2.3 (alpine 3.7.1) ======================================== Total: 19 (CRITICAL: 19) diff --git a/test/data/rootfs-scan/report b/test/data/rootfs-scan/report index e69de29..b7ce3fd 100644 --- a/test/data/rootfs-scan/report +++ b/test/data/rootfs-scan/report @@ -0,0 +1,12 @@ + +Report Summary + +┌────────┬──────┬─────────────────┬─────────┐ +│ Target │ Type │ Vulnerabilities │ Secrets │ +├────────┼──────┼─────────────────┼─────────┤ +│ - │ - │ - │ - │ +└────────┴──────┴─────────────────┴─────────┘ +Legend: +- '-': Not scanned +- '0': Clean (no security findings detected) + diff --git a/test/data/with-ignore-files/report b/test/data/with-ignore-files/report index b617724..c31dc97 100644 --- a/test/data/with-ignore-files/report +++ b/test/data/with-ignore-files/report @@ -1,4 +1,18 @@ +Report Summary + +┌──────────────────────────────────────────┬────────┬─────────────────┬─────────┐ +│ Target │ Type │ Vulnerabilities │ Secrets │ +├──────────────────────────────────────────┼────────┼─────────────────┼─────────┤ +│ knqyf263/vuln-image:1.2.3 (alpine 3.7.1) │ alpine │ 19 │ - │ +├──────────────────────────────────────────┼────────┼─────────────────┼─────────┤ +│ rust-app/Cargo.lock │ cargo │ 1 │ - │ +└──────────────────────────────────────────┴────────┴─────────────────┴─────────┘ +Legend: +- '-': Not scanned +- '0': Clean (no security findings detected) + + knqyf263/vuln-image:1.2.3 (alpine 3.7.1) ======================================== Total: 19 (CRITICAL: 19)