Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: update dependency packages #21

Merged
merged 2 commits into from
Sep 1, 2023
Merged

Fix: update dependency packages #21

merged 2 commits into from
Sep 1, 2023

Conversation

otms61
Copy link
Collaborator

@otms61 otms61 commented Aug 31, 2023
edited

Fix #17

This PR addresses the following updates:

In the latest commit, functionality has been checked using the following command.

$ trivy_0.42.1 image -q -f cyclonedx   localhost:5002/demo4:app | ./trivy-plugin-referrer put
2023-09-01T00:29:39.965+0900	WARN	Ignore the OS package as no OS information is found.
2023-09-01T00:29:39.965+0900	INFO	SBOM detected: cyclonedx-json
2023-09-01T00:29:40.012+0900	INFO	Pushing referrer to localhost:5002/demo4@sha256:9a21287212ce36b6ee0eeeea2450390120416bfcd0dd29dddcd3182494bbf1ab

$ trivy_0.44.1 image -q -f cyclonedx   localhost:5002/demo4:app | ./trivy-plugin-referrer put
2023-09-01T00:29:47.815+0900	WARN	Ignore the OS package as no OS information is found.
2023-09-01T00:29:47.815+0900	INFO	SBOM detected: cyclonedx-json
2023-09-01T00:29:47.860+0900	INFO	Pushing referrer to localhost:5002/demo4@sha256:c59fcee6d003f61a1782f44b210b7a9c2950715891948bf443da2b231cf246f0

$ trivy_0.42.1 image -q -f spdx-json  localhost:5002/demo4:app | ./trivy-plugin-referrer put
2023-09-01T00:29:54.154+0900	INFO	SBOM detected: spdx-json
2023-09-01T00:29:54.186+0900	INFO	Pushing referrer to localhost:5002/demo4@sha256:d9e277a527d80f96b5e25a233dddc38164e012e365d196655ab63405ab533b66

$ trivy_0.44.1 image -q -f spdx-json  localhost:5002/demo4:app | ./trivy-plugin-referrer put
2023-09-01T00:30:05.637+0900	INFO	SBOM detected: spdx-json
2023-09-01T00:30:05.681+0900	INFO	Pushing referrer to localhost:5002/demo4@sha256:43eafc79781c8452eaa5ae1c94a6b23cd27a3fd9b04e8faefa0b6b4e9134fec8

otms61
otms61 commented Aug 31, 2023
View reviewed changes
list.go
Comment on lines -259 to -262
if e, ok := err.(*transport.Error); ok && e.StatusCode == 404 {
// If the OCI registry returns 404, process it as an index with no referrer. This happens when the OCI registry does not support
// the referrers API.
index = &v1.IndexManifest{}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code was originally implemented to avoid a past bug, and is no longer necessary.
The original API now returns an empty IndexManifest as well.

This issue has been fixed in this PR.

tree.go
Comment on lines -54 to -58
if e, ok := err.(*transport.Error); ok && e.StatusCode == 404 {
// If the OCI registry returns 404, process it as an index with no referrer. This happens when the OCI registry does not support
// the referrers API.
return nil
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue has been resolved in the same PR as mentioned above: Related PR

This code was originally implemented to avoid a past bug, and is no longer necessary.
The original API now returns an empty IndexManifest as well.

@otms61 otms61 requested a review from knqyf263 August 31, 2023 15:33
@knqyf263 knqyf263 merged commit 4e4a33f into aquasecurity:main Sep 1, 2023
1 check passed
@otms61 otms61 deleted the support_cdx_1.5 branch September 1, 2023 05:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

failed to decode: CycloneDX
2 participants
@otms61 @knqyf263