Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(rocky): support modular package #1624

Closed
wants to merge 1 commit into from
Closed

feat(rocky): support modular package #1624

wants to merge 1 commit into from

Conversation

MaineK00n
Copy link
Contributor

@MaineK00n MaineK00n commented Jan 25, 2022
edited
Loading

Description

Enables Rocky Linux to detect modular packages.

$ docker run --rm -it rockylinux:trivy /bin/bash
[root@807cf1bbc8d1 /]# rpm -qa | grep .module+el
libecap-1.0.1-2.module+el8.3.0+180+86811c21.x86_64

$ trivy --cache-dir ~/.cache/trivy/ image rockylinux:trivy
2022-01-26T03:50:23.933+0900	INFO	Detected OS: rocky
2022-01-26T03:50:23.933+0900	INFO	Detecting Rocky Linux vulnerabilities...
2022-01-26T03:50:23.933+0900	INFO	Number of language-specific files: 1
2022-01-26T03:50:23.933+0900	INFO	Detecting python-pkg vulnerabilities...

rockylinux:trivy (rocky 8.5)
============================
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

+--------------+------------------+----------+-------------------------------------+-------------------------------------+---------------------------------------+
|   LIBRARY    | VULNERABILITY ID | SEVERITY |          INSTALLED VERSION          |            FIXED VERSION            |                 TITLE                 |
+--------------+------------------+----------+-------------------------------------+-------------------------------------+---------------------------------------+
| libecap      | CVE-2020-25097   | HIGH     | 1.0.1-2.module+el8.3.0+180+86811c21 | 1.0.1-2.module+el8.4.0+404+316a0dc5 | Important: squid:4 security update    |
|              |                  |          |                                     |                                     | -->avd.aquasec.com/nvd/cve-2020-25097 |
+--------------+------------------+----------+-------------------------------------+-------------------------------------+---------------------------------------+
| openssl-libs | CVE-2021-3712    | MEDIUM   | 1:1.1.1k-4.el8                      | 1:1.1.1k-5.el8_5                    | Moderate: openssl security update     |
|              |                  |          |                                     |                                     | -->avd.aquasec.com/nvd/cve-2021-3712  |
+--------------+------------------+----------+-------------------------------------+-------------------------------------+---------------------------------------+

Python (python-pkg)
===================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Related issues

Related PRs

Remove this section if you don't have related PRs.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@github-actions
Copy link

This PR is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Jun 30, 2022
@github-actions github-actions bot closed this Jul 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MaineK00n