Compare commits
2 Commits
0.32.0
...
fix-gh-act
| Author | SHA1 | Date | |
|---|---|---|---|
|
c7c2c6533b | ||
|
|
f2e28516ef |
5
.github/workflows/sync-trivy-checks.yaml
vendored
5
.github/workflows/sync-trivy-checks.yaml
vendored
@@ -11,7 +11,10 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
|
||||
- name: setup-oras
|
||||
uses: oras-project/setup-oras@v1.2.3
|
||||
|
||||
- name: Login to GitHub Packages Container registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
|
||||
3
.github/workflows/sync-trivy-db.yaml
vendored
3
.github/workflows/sync-trivy-db.yaml
vendored
@@ -12,6 +12,9 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: setup-oras
|
||||
uses: oras-project/setup-oras@v1.2.3
|
||||
|
||||
- name: Login to GitHub Packages Container registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
|
||||
3
.github/workflows/sync-trivy-java-db.yaml
vendored
3
.github/workflows/sync-trivy-java-db.yaml
vendored
@@ -12,6 +12,9 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: setup-oras
|
||||
uses: oras-project/setup-oras@v1.2.3
|
||||
|
||||
- name: Login to GitHub Packages Container registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
|
||||
2
.github/workflows/test.yaml
vendored
2
.github/workflows/test.yaml
vendored
@@ -6,7 +6,7 @@ on:
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
TRIVY_VERSION: 0.64.1
|
||||
TRIVY_VERSION: 0.61.1
|
||||
BATS_LIB_PATH: '/usr/lib/'
|
||||
|
||||
jobs:
|
||||
|
||||
@@ -215,7 +215,7 @@ jobs:
|
||||
uses: aquasecurity/setup-trivy@v0.2.0
|
||||
with:
|
||||
cache: true
|
||||
version: v0.64.1
|
||||
version: v0.61.1
|
||||
|
||||
- name: Run Trivy vulnerability scanner in repo mode
|
||||
uses: aquasecurity/trivy-action@master
|
||||
@@ -847,7 +847,7 @@ Following inputs can be used as `step.with` keys:
|
||||
| `github-pat` | String | | Authentication token to enable sending SBOM scan results to GitHub Dependency Graph. Can be either a GitHub Personal Access Token (PAT) or GITHUB_TOKEN |
|
||||
| `limit-severities-for-sarif` | Boolean | false | By default *SARIF* format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to **true** |
|
||||
| `docker-host` | String | | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values (`unix:/` or other prefix is required) |
|
||||
| `version` | String | `v0.64.1` | Trivy version to use, e.g. `latest` or `v0.64.1` |
|
||||
| `version` | String | `v0.61.1` | Trivy version to use, e.g. `latest` or `v0.61.1` |
|
||||
| `skip-setup-trivy` | Boolean | false | Skip calling the `setup-trivy` action to install `trivy` |
|
||||
| `token-setup-trivy` | Boolean | | Overwrite `github.token` used by `setup-trivy` to checkout the `trivy` repository |
|
||||
|
||||
|
||||
@@ -98,7 +98,7 @@ inputs:
|
||||
version:
|
||||
description: 'Trivy version to use'
|
||||
required: false
|
||||
default: 'v0.64.1'
|
||||
default: 'v0.61.1'
|
||||
cache:
|
||||
description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.'
|
||||
required: false
|
||||
|
||||
@@ -51,7 +51,8 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ │ │ │ │ │ Windows Subsystem for... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1353 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ libbz2 │ CVE-2019-12900 │ │ │ 1.0.6-r6 │ 1.0.6-r7 │ bzip2: out-of-bounds write in function BZ2_decompress │
|
||||
│ libbz2 │ CVE-2019-12900 │ │ │ 1.0.6-r6 │ 1.0.6-r7 │ bzip2: bzip2: Data integrity error when decompressing (with │
|
||||
│ │ │ │ │ │ │ data integrity tests fail).... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-12900 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ libcurl │ CVE-2018-16839 │ │ │ 7.61.1-r0 │ 7.61.1-r1 │ curl: Integer overflow leading to heap-based buffer overflow │
|
||||
|
||||
@@ -51,7 +51,8 @@ Total: 19 (CRITICAL: 19)
|
||||
│ │ │ │ │ │ │ Windows Subsystem for... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1353 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ libbz2 │ CVE-2019-12900 │ │ │ 1.0.6-r6 │ 1.0.6-r7 │ bzip2: out-of-bounds write in function BZ2_decompress │
|
||||
│ libbz2 │ CVE-2019-12900 │ │ │ 1.0.6-r6 │ 1.0.6-r7 │ bzip2: bzip2: Data integrity error when decompressing (with │
|
||||
│ │ │ │ │ │ │ data integrity tests fail).... │
|
||||
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-12900 │
|
||||
├─────────────┼────────────────┤ │ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
|
||||
│ libcurl │ CVE-2018-16839 │ │ │ 7.61.1-r0 │ 7.61.1-r1 │ curl: Integer overflow leading to heap-based buffer overflow │
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
{
|
||||
"SchemaVersion": 2,
|
||||
"CreatedAt": "2025-06-03T01:26:45.367171-06:00",
|
||||
"ArtifactName": "alpine:3.10",
|
||||
"ArtifactType": "container_image",
|
||||
"Metadata": {
|
||||
@@ -72,7 +71,7 @@
|
||||
"PkgID": "apk-tools@2.10.6-r0",
|
||||
"PkgName": "apk-tools",
|
||||
"PkgIdentifier": {
|
||||
"PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64\u0026distro=3.10.9",
|
||||
"PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64&distro=3.10.9",
|
||||
"UID": "b7a64ae671a99195"
|
||||
},
|
||||
"InstalledVersion": "2.10.6-r0",
|
||||
@@ -123,7 +122,7 @@
|
||||
"https://www.cve.org/CVERecord?id=CVE-2021-36159"
|
||||
],
|
||||
"PublishedDate": "2021-08-03T14:15:08.233Z",
|
||||
"LastModifiedDate": "2023-11-07T03:36:43.337Z"
|
||||
"LastModifiedDate": "2024-11-21T06:13:13.57Z"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user