Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2b6a709cf9 | ||
|
|
47e481a388 | ||
|
|
7b07fa7d6a | ||
|
|
f78e9ecf42 | ||
|
|
b77b85c025 | ||
|
|
69cbbc0cbb |
@@ -1,4 +1,4 @@
|
||||
FROM ghcr.io/aquasecurity/trivy:0.45.0
|
||||
FROM ghcr.io/aquasecurity/trivy:0.47.0
|
||||
COPY entrypoint.sh /
|
||||
RUN apk --no-cache add bash curl npm
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
@@ -8,7 +8,7 @@ inputs:
|
||||
default: 'image'
|
||||
image-ref:
|
||||
description: 'image reference(for backward compatibility)'
|
||||
required: true
|
||||
required: false
|
||||
input:
|
||||
description: 'reference of tar file to scan'
|
||||
required: false
|
||||
|
||||
@@ -77,7 +77,7 @@ done
|
||||
|
||||
scanType=$(echo $scanType | tr -d '\r')
|
||||
export artifactRef="${imageRef}"
|
||||
if [ "${scanType}" = "repo" ] || [ "${scanType}" = "fs" ] || [ "${scanType}" = "config" ] || [ "${scanType}" = "rootfs" ];then
|
||||
if [ "${scanType}" = "repo" ] || [ "${scanType}" = "fs" ] || [ "${scanType}" = "filesystem" ] || [ "${scanType}" = "config" ] || [ "${scanType}" = "rootfs" ];then
|
||||
artifactRef=$(echo $scanRef | tr -d '\r')
|
||||
fi
|
||||
input=$(echo $input | tr -d '\r')
|
||||
@@ -181,13 +181,12 @@ if [ "${format}" == "sarif" ] && [ "${limitSeveritiesForSARIF}" != "true" ]; the
|
||||
elif [ $trivyConfig ]; then
|
||||
echo "Running Trivy with trivy.yaml config from: " $trivyConfig
|
||||
trivy --config $trivyConfig ${scanType} ${artifactRef}
|
||||
returnCode=$?
|
||||
else
|
||||
echo "Running trivy with options: trivy ${scanType} ${ARGS}" "${artifactRef}"
|
||||
echo "Global options: " "${GLOBAL_ARGS}"
|
||||
trivy $GLOBAL_ARGS ${scanType} ${ARGS} ${artifactRef}
|
||||
returnCode=$?
|
||||
fi
|
||||
returnCode=$?
|
||||
|
||||
set -e
|
||||
if [[ "${format}" == "github" ]]; then
|
||||
|
||||
@@ -27,10 +27,10 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ CVE-2019-5481 │ │ │ │ 7.61.1-r3 │ curl: double free due to subsequent call of realloc() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5481 │
|
||||
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ curl: heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5482 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ git │ CVE-2018-17456 │ │ │ 2.15.2-r0 │ 2.15.3-r0 │ git: arbitrary code execution via .gitmodules │
|
||||
│ git │ CVE-2018-17456 │ │ │ 2.15.2-r0 │ 2.15.3-r0 │ arbitrary code execution via .gitmodules │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-17456 │
|
||||
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-1353 │ │ │ │ 2.15.4-r0 │ git: NTFS protections inactive when running Git in the │
|
||||
@@ -58,7 +58,7 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ CVE-2019-5481 │ │ │ │ 7.61.1-r3 │ curl: double free due to subsequent call of realloc() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5481 │
|
||||
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ curl: heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5482 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ musl │ CVE-2019-14697 │ │ │ 1.1.18-r3 │ 1.1.18-r4 │ musl libc through 1.1.23 has an x87 floating-point stack │
|
||||
@@ -69,6 +69,18 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ │ │ │ │ │ │
|
||||
│ │ │ │ │ │ │ │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ sqlite-libs │ CVE-2019-8457 │ │ │ 3.21.0-r1 │ 3.25.3-r1 │ sqlite: heap out-of-bound read in function rtreenode() │
|
||||
│ sqlite-libs │ CVE-2019-8457 │ │ │ 3.21.0-r1 │ 3.25.3-r1 │ heap out-of-bound read in function rtreenode() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-8457 │
|
||||
└─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
|
||||
|
||||
rust-app/Cargo.lock (cargo)
|
||||
===========================
|
||||
Total: 1 (CRITICAL: 1)
|
||||
|
||||
┌──────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
|
||||
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
|
||||
├──────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
|
||||
│ smallvec │ CVE-2021-25900 │ CRITICAL │ fixed │ 0.6.9 │ 0.6.14, 1.6.1 │ An issue was discovered in the smallvec crate before 0.6.14 │
|
||||
│ │ │ │ │ │ │ and 1.x... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-25900 │
|
||||
└──────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
|
||||
|
||||
@@ -27,10 +27,10 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ CVE-2019-5481 │ │ │ │ 7.61.1-r3 │ curl: double free due to subsequent call of realloc() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5481 │
|
||||
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ curl: heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5482 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ git │ CVE-2018-17456 │ │ │ 2.15.2-r0 │ 2.15.3-r0 │ git: arbitrary code execution via .gitmodules │
|
||||
│ git │ CVE-2018-17456 │ │ │ 2.15.2-r0 │ 2.15.3-r0 │ arbitrary code execution via .gitmodules │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-17456 │
|
||||
│ ├────────────────┤ │ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-1353 │ │ │ │ 2.15.4-r0 │ git: NTFS protections inactive when running Git in the │
|
||||
@@ -58,7 +58,7 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ CVE-2019-5481 │ │ │ │ 7.61.1-r3 │ curl: double free due to subsequent call of realloc() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5481 │
|
||||
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ curl: heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ CVE-2019-5482 │ │ │ │ │ heap buffer overflow in function tftp_receive_packet() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-5482 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ musl │ CVE-2019-14697 │ │ │ 1.1.18-r3 │ 1.1.18-r4 │ musl libc through 1.1.23 has an x87 floating-point stack │
|
||||
@@ -69,6 +69,30 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ │ │ │ │ │ │
|
||||
│ │ │ │ │ │ │ │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ sqlite-libs │ CVE-2019-8457 │ │ │ 3.21.0-r1 │ 3.25.3-r1 │ sqlite: heap out-of-bound read in function rtreenode() │
|
||||
│ sqlite-libs │ CVE-2019-8457 │ │ │ 3.21.0-r1 │ 3.25.3-r1 │ heap out-of-bound read in function rtreenode() │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-8457 │
|
||||
└─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
|
||||
|
||||
rust-app/Cargo.lock (cargo)
|
||||
===========================
|
||||
Total: 4 (CRITICAL: 4)
|
||||
|
||||
┌───────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
|
||||
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
|
||||
├───────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
|
||||
│ rand_core │ CVE-2020-25576 │ CRITICAL │ fixed │ 0.4.0 │ 0.4.2, 0.3.1 │ An issue was discovered in the rand_core crate before 0.4.2 │
|
||||
│ │ │ │ │ │ │ for Rust.... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25576 │
|
||||
├───────────┼────────────────┤ │ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
|
||||
│ smallvec │ CVE-2019-15551 │ │ │ 0.6.9 │ 0.6.10 │ An issue was discovered in the smallvec crate before 0.6.10 │
|
||||
│ │ │ │ │ │ │ for Rust.... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-15551 │
|
||||
│ ├────────────────┤ │ │ │ ├─────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2019-15554 │ │ │ │ │ An issue was discovered in the smallvec crate before 0.6.10 │
|
||||
│ │ │ │ │ │ │ for Rust.... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-15554 │
|
||||
│ ├────────────────┤ │ │ ├───────────────┼─────────────────────────────────────────────────────────────┤
|
||||
│ │ CVE-2021-25900 │ │ │ │ 0.6.14, 1.6.1 │ An issue was discovered in the smallvec crate before 0.6.14 │
|
||||
│ │ │ │ │ │ │ and 1.x... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-25900 │
|
||||
└───────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
|
||||
|
||||
Reference in New Issue
Block a user