Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(cli): secret scanning perf link fix #2607

Merged
merged 7 commits into from
Aug 15, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION := $(shell git describe --tags --always)
VERSION := $(patsubst v%,%,$(shell git describe --tags --always)) #Strips the v prefix from the tag
LDFLAGS := -ldflags "-s -w -X=main.version=$(VERSION)"

GOPATH := $(shell go env GOPATH)
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/vulnerability/distributions.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ The following table provides an outline of the features Trivy offers.
2022-07-27T09:30:21.756Z INFO Vulnerability scanning is enabled
2022-07-27T09:30:21.756Z INFO Secret scanning is enabled
2022-07-27T09:30:21.756Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/0.30.4/docs/secret/scanning/#recommendation for faster secret detection
2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/v0.30.4/docs/secret/scanning/#recommendation for faster secret detection
2022-07-27T09:30:22.205Z INFO Detected OS: cbl-mariner
2022-07-27T09:30:22.205Z INFO Detecting CBL-Mariner vulnerabilities...
2022-07-27T09:30:22.205Z INFO Number of language-specific files: 0
Expand All @@ -55,4 +55,4 @@ The following table provides an outline of the features Trivy offers.
See [here][source].

[mariner]: https://github.com/microsoft/CBL-Mariner
[source]: detection/data-source.md
[source]: detection/data-source.md
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ require (
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.4.0 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hcl/v2 v2.13.0 // indirect
github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect
github.com/huandu/xstrings v1.3.2 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -992,8 +992,8 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
Expand Down
2 changes: 1 addition & 1 deletion goreleaser-canary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ archives:
files:
- README.md
- LICENSE
- contrib/*.tpl
- contrib/*.tpl
24 changes: 23 additions & 1 deletion pkg/commands/artifact/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"golang.org/x/exp/slices"
"golang.org/x/xerrors"

"github.com/aquasecurity/go-version/pkg/semver"
"github.com/aquasecurity/trivy-db/pkg/db"
tcache "github.com/aquasecurity/trivy/pkg/cache"
"github.com/aquasecurity/trivy/pkg/commands/operation"
Expand Down Expand Up @@ -39,6 +40,8 @@ const (
TargetRepository TargetKind = "repo"
TargetImageArchive TargetKind = "archive"
TargetSBOM TargetKind = "sbom"

devVersion = "dev"
)

var (
Expand Down Expand Up @@ -471,9 +474,10 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi

// Do not load config file for secret scanning
if slices.Contains(opts.SecurityChecks, types.SecurityCheckSecret) {
ver := canonicalVersion(opts.AppVersion)
log.Logger.Info("Secret scanning is enabled")
log.Logger.Info("If your scanning is slow, please try '--security-checks vuln' to disable secret scanning")
log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", opts.AppVersion)
log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", ver)
} else {
opts.SecretConfigPath = ""
}
Expand Down Expand Up @@ -543,3 +547,21 @@ func Exit(opts flag.Options, failedResults bool) {
os.Exit(opts.ExitCode)
}
}

func canonicalVersion(ver string) string {
if ver == devVersion {
return ver
}
v, err := semver.Parse(ver)
if err != nil {
return devVersion
}
// Replace pre-release with "dev"
// e.g. v0.34.0-beta1+snapshot-1
if v.IsPreRelease() || v.Metadata() != "" {
return devVersion
}

// Add "v" prefix, "0.34.0" => "v0.34.0" for the url
return "v" + ver
}