Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TrivyAnalysisTaskIntegrationTest is failing for Trivy v0.54.0 #4021

Closed
2 tasks done
nscuro opened this issue Jul 31, 2024 · 4 comments · Fixed by #4023
Closed
2 tasks done

TrivyAnalysisTaskIntegrationTest is failing for Trivy v0.54.0 #4021

nscuro opened this issue Jul 31, 2024 · 4 comments · Fixed by #4023
Labels
defect Something isn't working integration/trivy Related to the Trivy integration p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort
Milestone
4.11.6

Comments

@nscuro
Copy link
Member

nscuro commented Jul 31, 2024

Current Behavior

Trivy v0.54.0 just got released, and all test cases in TrivyAnalysisTaskIntegrationTest running against latest broke:

Error:    TrivyAnalysisTaskIntegrationTest.testWithPackageWithTrivyPropertiesWithDistroWithoutOS:392 
Expecting any element of:
  []
to satisfy the given assertions requirements but none did:


Error:    TrivyAnalysisTaskIntegrationTest.testWithPackageWithTrivyProperties:301 
Expecting any element of:
  []
to satisfy the given assertions requirements but none did:


Error:    TrivyAnalysisTaskIntegrationTest.test:131 
Expecting any element of:
  []
to satisfy the given assertions requirements but none did:

Steps to Reproduce

  1. Run TrivyAnalysisTaskIntegrationTest
  2. Observe test failures when running against latest

Expected Behavior

The tests should not fail.

Dependency-Track Version

4.12.0-SNAPSHOT

Dependency-Track Distribution

Container Image, Executable WAR

Database Server

N/A

Database Server Version

No response

Browser

N/A

Checklist
@nscuro nscuro added defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk integration/trivy Related to the Trivy integration size/M Medium effort labels Jul 31, 2024
@nscuro nscuro added this to the 4.12 milestone Jul 31, 2024
This was referenced Jul 31, 2024
Merged
Merged
@nscuro
Copy link
Member Author

nscuro commented Jul 31, 2024

Caused by aquasecurity/trivy@7cbdb0a

vuln_type is now pkg_type:

dependency-track/src/main/java/org/dependencytrack/parser/trivy/model/Options.java

Lines 24 to 25 in e3b856f

@SerializedName("vuln_type")
private String[] vulnType;

Fun... Because we don't know the Trivy version at runtime, and Trivy's API doesn't have a version indicator, we'll need to send the same data for both vuln_type and pkg_type, similar to 08dfb0a

nscuro added a commit to nscuro/dependency-track that referenced this issue Jul 31, 2024
@nscuro
Handle breaking change in Trivy v0.54.0 server API
eefa3aa 
See DependencyTrack#4021 (comment) for details.

Fixes DependencyTrack#4021

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Jul 31, 2024
Merged
2 tasks
nscuro added a commit to nscuro/dependency-track that referenced this issue Jul 31, 2024
@nscuro
Handle breaking change in Trivy v0.54.0 server API
60ced7b 
See DependencyTrack#4021 (comment) for details.

Fixes DependencyTrack#4021

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Aug 1, 2024
Open
2 tasks
@msonnlei
Copy link

msonnlei commented Aug 7, 2024

@nscuro thanks for the fix. Are you planning to backport it?

@nscuro
Copy link
Member Author

nscuro commented Aug 7, 2024

@msonnlei Yes, there are a few other fixes that should be backported. So another bugfix release is justified I think.

nscuro added a commit to nscuro/dependency-track that referenced this issue Aug 7, 2024
@nscuro
Handle breaking change in Trivy v0.54.0 server API
dab33c4 
See DependencyTrack#4021 (comment) for details.

Fixes DependencyTrack#4021

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Aug 7, 2024
Merged
2 tasks
netomi pushed a commit to netomi/dependency-track that referenced this issue Aug 8, 2024
@nscuro @netomi
Handle breaking change in Trivy v0.54.0 server API
6f7e0c2 
See DependencyTrack#4021 (comment) for details.

Fixes DependencyTrack#4021

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro modified the milestones: 4.12, 4.11.6 Aug 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
defect Something isn't working integration/trivy Related to the Trivy integration p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort
Projects
None yet
Milestone
4.11.6
Development

Successfully merging a pull request may close this issue.

Handle breaking change in Trivy v0.54.0 server API nscuro/dependency-track
2 participants
@nscuro @msonnlei