Migrate Trivy integration to use Trivy's gRPC API #4065
Labels
enhancement
New feature or request
integration/trivy
Related to the Trivy integration
p2
Non-critical bugs, and features that help organizations to identify and reduce risk
size/M
Medium effort
Milestone
Comments
nscuro
added
enhancement
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Sep 1, 2024
Closes DependencyTrack#4065 Signed-off-by: nscuro <[email protected]>
|
Tried to implement this (current WIP state here: nscuro@2495488), but realized that Trivy indeed only exposes its gRPC services via HTTP. Blocked until the gRPC services are exposed, if the Trivy project even wants to do it. |
|
Nvm, the HTTP server exposed by Trivy also supports |
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Sep 2, 2024
Closes DependencyTrack#4065 Signed-off-by: nscuro <[email protected]>
2 tasks
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Sep 2, 2024
Closes DependencyTrack#4065 Signed-off-by: nscuro <[email protected]>
Gepardgame
pushed a commit
to Gepardgame/dependency-track
that referenced
this issue
Sep 10, 2024
Closes DependencyTrack#4065 Signed-off-by: nscuro <[email protected]>
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Behavior
The recent breaking changes in our Trivy integration were caused by the fact that we use the HTTP API, which Trivy generates based on gRPC / Protobuf definitions. It does not actively support this API, and the team might remove it soon-ish: aquasecurity/trivy#7329 (reply in thread)
Proposed Behavior
Migrate to Trivy's gRPC API. Client code can be generated based on Trivy's
.protodefinitions:Checklist
The text was updated successfully, but these errors were encountered: