Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#2689 Handle 'Packages' attribute in Trivy parser #2727

Merged
merged 2 commits into from
Nov 19, 2024
Merged

#2689 Handle 'Packages' attribute in Trivy parser #2727

merged 2 commits into from
Nov 19, 2024
+70,832 −8,285

Conversation

BorisShek
Copy link
Contributor

@BorisShek BorisShek commented Oct 22, 2024
edited
Loading

Add 'Packages' to the expected attributes. However, this attribute will not be parsed due to its irrelevance for vulnerability findings.

Description

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

Sorry, something went wrong.

@netlify Netlify
Copy link

netlify bot commented Oct 22, 2024
edited
Loading

Deploy Preview for docs-securecodebox ready!

Name Link
🔨 Latest commit aebba11
🔍 Latest deploy log https://app.netlify.com/sites/docs-securecodebox/deploys/67337266c6c48d000872647e
😎 Deploy Preview https://deploy-preview-2727--docs-securecodebox.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@BorisShek
Copy link
Contributor Author

Resolves #2689

@BorisShek BorisShek marked this pull request as ready for review October 22, 2024 12:38
@BorisShek BorisShek self-assigned this Oct 22, 2024
@BorisShek BorisShek linked an issue Oct 22, 2024 that may be closed by this pull request
Failed to parse trivy-k8s output Unexpected attribute 'Packages' on resource-item #2689
Closed
@BorisShek BorisShek added the bug Bugs label Oct 22, 2024
@BorisShek BorisShek marked this pull request as draft October 23, 2024 13:02
@BorisShek BorisShek force-pushed the scb-2689_handling_'packages'_attr_in_trivy_parser branch from 9aa7d71 to 7eb5ee1 Compare November 4, 2024 14:37
@BorisShek BorisShek marked this pull request as ready for review November 4, 2024 14:48
@BorisShek
secureCodeBox#2689 Handle 'Packages' attribute in Trivy parser
55f08dc 
Add 'Packages' to the expected attributes. However, this attribute will not be parsed due to its irrelevance for vulnerability findings.

Signed-off-by: Boris Shek <boris.shek@iteratec.com>
@BorisShek BorisShek force-pushed the scb-2689_handling_'packages'_attr_in_trivy_parser branch from 7eb5ee1 to 26f95dd Compare November 8, 2024 13:29
@Ilyesbdlala
Copy link
Member

Is there a reason why "Packages": is empty in all test files ?

@BorisShek
secureCodeBox#2689 Update all Trivy parser test files to match with t…
aebba11 
…he new version

Update snapshot test files.
Add a 'Packages' attribute to each result entry to simulate the new Trivy scanner conventions. Set its value as an empty list, as this attribute isnt parsed by the Trivy parser and is only included to match the updated format in Trivy 0.56.0 (aquasecurity/trivy#6765).

Signed-off-by: Boris Shek <boris.shek@iteratec.com>
@BorisShek BorisShek force-pushed the scb-2689_handling_'packages'_attr_in_trivy_parser branch from 26f95dd to aebba11 Compare November 12, 2024 15:21
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@BorisShek
Copy link
Contributor Author

Is there a reason why "Packages": is empty in all test files ?

Yes, i added a 'Packages' attribute to each result entry to simulate the new Trivy scanner conventions. I have set its value as an empty list, as this attribute isn't parsed by the Trivy parser and is only included to match the updated format in Trivy 0.56.0 (aquasecurity/trivy#6765).

@Ilyesbdlala Ilyesbdlala merged commit 5d4e48f into secureCodeBox:main Nov 19, 2024
52 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ilyesbdlala Ilyesbdlala

Assignees

@BorisShek BorisShek

Labels
bug Bugs
Projects
secureCodeBox v4
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Failed to parse trivy-k8s output Unexpected attribute 'Packages' on resource-item
2 participants
@BorisShek @Ilyesbdlala