Merge pull request #656 from fnxpt/trivy

Trivy support
DependencyTrack · Feb 21, 2024 · b1ae7ab · b1ae7ab
2 parents 538e77e + 75874ef
commit b1ae7ab
Show file tree

Hide file tree

Showing 8 changed files with 167 additions and 1 deletion.
diff --git a/src/assets/img/trivy-logo.svg b/src/assets/img/trivy-logo.svg
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
@@ -553,6 +553,7 @@
     "oss_index": "Sonatype OSS Index",
     "vulndb": "VulnDB",
     "snyk": "Snyk (Beta)",
+    "trivy": "Trivy",
     "vuln_sources": "Vulnerability Sources",
     "nvd": "NVD",
     "nvd_enable_mirroring_via_api": "Enable mirroring via API",
@@ -639,6 +640,8 @@
     "analyzer_snyk_how_to_api_version_help": "Where do I find available versions?",
     "analyzer_snyk_multiple_tokens_info": "Multiple tokens may be provided by separating them with semicolons, e.g. ",
     "analyzer_snyk_why_multiple_cvss": "Why are there multiple CVSS Scores for the same vulnerability?",
+    "analyzer_trivy_enable": "Enable Trivy analyzer",
+    "analyzer_trivy_ignore_unfixed": "Ignores vulnerabilities that were not fixed",
     "vulnsource_alias_sync_enable": "Enable vulnerability alias synchronization",
     "vulnsource_alias_sync_enable_tooltip": "Alias data can help in identifying identical vulnerabilities across multiple databases. If the source provides this data, synchronize it with Dependency-Track's database.",
     "vulnsource_nvd_enable": "Enable National Vulnerability Database mirroring",

diff --git a/src/router/index.js b/src/router/index.js
@@ -30,6 +30,7 @@ const InternalAnalyzer = () => import('@/views/administration/analyzers/Internal
 const OssIndexAnalyzer = () => import('@/views/administration/analyzers/OssIndexAnalyzer')
 const VulnDbAnalyzer = () => import('@/views/administration/analyzers/VulnDbAnalyzer')
 const SnykAnalyzer = () => import('@/views/administration/analyzers/SnykAnalyzer')
+const TrivyAnalyzer = () => import('@/views/administration/analyzers/TrivyAnalyzer')
 
 const VulnSourceNvd = () => import('@/views/administration/vuln-sources/VulnSourceNvd')
 const VulnSourceGitHubAdvisories = () => import('@/views/administration/vuln-sources/VulnSourceGitHubAdvisories')
@@ -377,6 +378,16 @@ function configRoutes() {
                 permission: 'SYSTEM_CONFIGURATION'
               },
             },
+            {
+              path: 'analyzers/trivy',
+              component: TrivyAnalyzer,
+              meta: {
+                title: i18n.t('message.administration'),
+                i18n: 'message.administration',
+                sectionPath: '/admin',
+                permission: 'SYSTEM_CONFIGURATION'
+              },
+            },
             {
               path: 'vulnerabilitySources/nvd',
               alias: ['vulnerabilitySources'],

diff --git a/src/shared/common.js b/src/shared/common.js
@@ -134,6 +134,14 @@ $common.formatAnalyzerLabel = function formatAnalyzerLabel(analyzer, vulnSource,
       analyzerLabel = "Snyk";
       analyzerUrl = "https://security.snyk.io/vuln/" + vulnId;
       break;
+    case 'TRIVY_ANALYZER':
+        analyzerLabel = "Trivy";
+
+        analyzerUrl = "https://nvd.nist.gov/vuln/detail/" + vulnId;
+        if(vulnSource === "GITHUB") {
+          analyzerUrl = "https://github.com/advisories/" + vulnId;
+        }
+        break;
   }
   if (analyzerUrl) {
     analyzerLabel = `<a href="${analyzerUrl}" target="_blank">${analyzerLabel} <i class="fa fa-external-link"></i></a>`;

diff --git a/src/views/administration/AdminMenu.vue b/src/views/administration/AdminMenu.vue
@@ -109,6 +109,11 @@ import { ACCESS_MANAGEMENT, SYSTEM_CONFIGURATION } from "../../shared/permission
                 component: "SnykAnalyzer",
                 name: this.$t('admin.snyk'),
                 route: "analyzers/snyk"
+              },
+              {
+                component: "TrivyAnalyzer",
+                name: this.$t('admin.trivy'),
+                route: "analyzers/trivy"
               }
             ]
           },

diff --git a/src/views/administration/Administration.vue b/src/views/administration/Administration.vue
@@ -30,6 +30,7 @@ import TaskScheduler from "./configuration/TaskScheduler.vue";
 import InternalAnalyzer from "./analyzers/InternalAnalyzer";
 import OssIndexAnalyzer from "./analyzers/OssIndexAnalyzer";
 import SnykAnalyzer from "./analyzers/SnykAnalyzer";
+import TrivyAnalyzer from "./analyzers/TrivyAnalyzer";
 import VulnDbAnalyzer from "./analyzers/VulnDbAnalyzer";
 // Vulnerability sources
 import VulnSourceGitHubAdvisories from "./vuln-sources/VulnSourceGitHubAdvisories";
@@ -68,7 +69,7 @@ export default {
     EventBus,
     AdminMenu,
     General, BomFormats, Email, Jira, InternalComponents, TaskScheduler, Search,
-    InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer, SnykAnalyzer,
+    InternalAnalyzer, OssIndexAnalyzer, VulnDbAnalyzer, SnykAnalyzer, TrivyAnalyzer,
     VulnSourceNvd, VulnSourceGitHubAdvisories, VulnSourceOSVAdvisories,
     Cargo, Composer, Gem, GitHub, GoModules, Hex, Maven, Npm, Cpan, Nuget, Python,
     Alerts, Templates,

diff --git a/src/views/administration/analyzers/TrivyAnalyzer.vue b/src/views/administration/analyzers/TrivyAnalyzer.vue
@@ -0,0 +1,104 @@
+<template>
+    <b-card no-body :header="header">
+      <b-card-body>
+        <img alt="Trivy logo" src="@/assets/img/trivy-logo.svg" width="125"/>
+        <hr/>
+        <c-switch
+          :disabled="!this.scannerEnabled && (!this.baseUrl || !this.apitoken)"
+          id="scannerEnabled"
+          color="primary"
+          v-model="scannerEnabled"
+          label
+          v-bind="labelIcon"
+        />
+        {{$t('admin.analyzer_trivy_enable')}}
+        <b-validated-input-group-form-input
+          id="trivy-baseUrl"
+          :label="$t('admin.base_url')"
+          input-group-size="mb-3"
+          rules="required"
+          v-model="baseUrl"
+          lazy="true"
+        />
+        <b-validated-input-group-form-input
+          id="trivy-apitoken"
+          :label="$t('admin.api_token')"
+          input-group-size="mb-3"
+          rules="required"
+          type="password"
+          v-model="apitoken"
+          lazy="true"
+        />
+         <c-switch
+          id="ignoreUnfixed"
+          color="primary"
+          v-model="ignoreUnfixed"
+          label
+          v-bind="labelIcon"
+        />
+        {{$t('admin.analyzer_trivy_ignore_unfixed')}}
+      </b-card-body>
+      <b-card-footer>
+        <b-button
+          :disabled="!this.baseUrl || !this.apitoken"
+          variant="outline-primary"
+          class="px-4"
+          @click="saveChanges">
+          {{ $t('message.update') }}
+        </b-button>
+      </b-card-footer>
+    </b-card>
+  </template>
+
+  <script>
+    import { Switch as cSwitch } from '@coreui/vue';
+    import BValidatedInputGroupFormInput from '../../../forms/BValidatedInputGroupFormInput';
+    import common from "../../../shared/common";
+    import configPropertyMixin from "../mixins/configPropertyMixin";
+    export default {
+      mixins: [configPropertyMixin],
+      props: {
+        header: String
+      },
+      components: {
+        cSwitch,
+        BValidatedInputGroupFormInput
+      },
+      data() {
+        return {
+          scannerEnabled: false,
+          apitoken: '',
+          baseUrl: '',
+          ignoreUnfixed: false,
+        }
+      },
+      methods: {
+        saveChanges: function() {
+          this.updateConfigProperties([
+            {groupName: 'scanner', propertyName: 'trivy.enabled', propertyValue: this.scannerEnabled},
+            {groupName: 'scanner', propertyName: 'trivy.api.token', propertyValue: this.apitoken},
+            {groupName: 'scanner', propertyName: 'trivy.base.url', propertyValue: this.baseUrl},
+            {groupName: 'scanner', propertyName: 'trivy.ignore.unfixed', propertyValue: this.ignoreUnfixed},
+          ]);
+        }
+      },
+      created () {
+        this.axios.get(this.configUrl).then((response) => {
+          let configItems = response.data.filter(function (item) { return item.groupName === "scanner" });
+          for (let i=0; i<configItems.length; i++) {
+            let item = configItems[i];
+            switch (item.propertyName) {
+              case "trivy.enabled":
+                this.scannerEnabled = common.toBoolean(item.propertyValue); break;
+              case "trivy.api.token":
+                this.apitoken = item.propertyValue; break;
+              case "trivy.base.url":
+                this.baseUrl = item.propertyValue; break;
+              case "trivy.ignore.unfixed":
+                this.ignoreUnfixed = common.toBoolean(item.propertyValue); break;
+            }
+          }
+        });
+      }
+    }
+  </script>
diff --git a/src/views/portfolio/vulnerabilities/Vulnerability.vue b/src/views/portfolio/vulnerabilities/Vulnerability.vue
@@ -206,6 +206,8 @@
             return "VulnDB (Risk Based Security)";
           case 'SNYK':
             return "Snyk";
+          case 'TRIVY':
+            return "Trivy";
           default:
             return "";
         }