Skip to content

Commit

Permalink
Merge branch 'main' into fix/validate_envs
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
knqyf263 committed Jan 6, 2024
2 parents aed23be + 2cdd65d commit 6d33016
Show file tree
Hide file tree
Showing 105 changed files with 1,354 additions and 775 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/auto-update-labels.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mkdocs-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install dependencies
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/mkdocs-latest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install dependencies
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/publish-chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
with:
version: v3.5.0
- name: Set up python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: 3.7
- name: Setup Chart Linting
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
remove-haskell: 'true'

- name: Cosign install
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
Expand Down Expand Up @@ -74,7 +74,7 @@ jobs:
fetch-depth: 0

- name: Setup Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/stale-issues.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ jobs:
timeout-minutes: 1
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v8
- uses: actions/stale@v9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: 'This PR is stale because it has been labeled with inactivity.'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test-docs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-python@v4
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install dependencies
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand Down Expand Up @@ -72,7 +72,7 @@ jobs:
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand Down Expand Up @@ -101,7 +101,7 @@ jobs:
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand All @@ -121,7 +121,7 @@ jobs:
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand Down Expand Up @@ -152,7 +152,7 @@ jobs:
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Install tools
Expand Down Expand Up @@ -186,7 +186,7 @@ jobs:
uses: actions/[email protected]

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version-file: go.mod

Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.18.5
FROM alpine:3.19.0
RUN apk --no-cache add ca-certificates git
COPY trivy /usr/local/bin/trivy
COPY contrib/*.tpl contrib/
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.canary
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.18.5
FROM alpine:3.19.0
RUN apk --no-cache add ca-certificates git

# binaries were created with GoReleaser
Expand Down
5 changes: 4 additions & 1 deletion docs/docs/coverage/language/nodejs.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,10 @@ By default, Trivy doesn't report development dependencies. Use the `--include-de

### Yarn
Trivy parses `yarn.lock`, which doesn't contain information about development dependencies.
To exclude devDependencies, `package.json` also needs to be present next to `yarn.lock`.
Trivy also uses `package.json` file to handle [aliases](https://classic.yarnpkg.com/lang/en/docs/cli/add/#toc-yarn-add-alias).

To exclude devDependencies and allow aliases, `package.json` also needs to be present next to `yarn.lock`.

Trivy analyzes `.yarn` (Yarn 2+) or `node_modules` (Yarn Classic) folder next to the yarn.lock file to detect licenses.

By default, Trivy doesn't report development dependencies. Use the `--include-dev-deps` flag to include them.
Expand Down
71 changes: 36 additions & 35 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@ require (
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728
github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231203080602-50a069120091
github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842
github.com/aws/aws-sdk-go-v2 v1.23.5
github.com/aws/aws-sdk-go-v2 v1.24.1
github.com/aws/aws-sdk-go-v2/config v1.25.11
github.com/aws/aws-sdk-go-v2/credentials v1.16.9
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.90
github.com/aws/aws-sdk-go-v2/service/ec2 v1.134.0
github.com/aws/aws-sdk-go-v2/service/ecr v1.24.1
github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2
github.com/aws/aws-sdk-go-v2/service/sts v1.26.2
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
github.com/bmatcuk/doublestar/v4 v4.6.0
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cheggaaa/pb/v3 v3.1.4
Expand All @@ -52,9 +52,9 @@ require (
github.com/golang/protobuf v1.5.3
github.com/google/go-containerregistry v0.17.0
github.com/google/licenseclassifier/v2 v2.0.0
github.com/google/uuid v1.4.0
github.com/google/uuid v1.5.0
github.com/google/wire v0.5.0
github.com/hashicorp/go-getter v1.7.2
github.com/hashicorp/go-getter v1.7.3
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/golang-lru/v2 v2.0.6
github.com/in-toto/in-toto-golang v0.9.0
Expand All @@ -76,7 +76,7 @@ require (
github.com/mitchellh/hashstructure/v2 v2.0.2
github.com/mitchellh/mapstructure v1.5.0
github.com/moby/buildkit v0.11.6
github.com/open-policy-agent/opa v0.58.0
github.com/open-policy-agent/opa v0.60.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc5
github.com/openvex/go-vex v0.2.5
Expand All @@ -85,13 +85,13 @@ require (
github.com/quasilyte/go-ruleguard/dsl v0.3.22
github.com/samber/lo v1.39.0
github.com/saracen/walker v0.1.3
github.com/secure-systems-lab/go-securesystemslib v0.7.0
github.com/secure-systems-lab/go-securesystemslib v0.8.0
github.com/sigstore/rekor v1.2.2
github.com/sirupsen/logrus v1.9.3
github.com/sosedoff/gitkit v0.4.0
github.com/spdx/tools-golang v0.5.4-0.20231108154018-0c0f394b5e1a // v0.5.3 with necessary changes. Can be upgraded to version 0.5.4 after release.
github.com/spf13/cast v1.5.1
github.com/spf13/cobra v1.7.0
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.16.0
github.com/stretchr/testify v1.8.4
Expand All @@ -109,20 +109,20 @@ require (
golang.org/x/term v0.15.0
golang.org/x/text v0.14.0
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
google.golang.org/protobuf v1.31.0
google.golang.org/protobuf v1.32.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.28.4
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
modernc.org/sqlite v1.23.1
modernc.org/sqlite v1.28.0
)

require github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c

require (
cloud.google.com/go v0.110.7 // indirect
cloud.google.com/go v0.110.8 // indirect
cloud.google.com/go/compute v1.23.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.1 // indirect
cloud.google.com/go/iam v1.1.2 // indirect
cloud.google.com/go/storage v1.31.0 // indirect
dario.cat/mergo v1.0.0 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
Expand Down Expand Up @@ -158,8 +158,8 @@ require (
github.com/aws/aws-sdk-go v1.48.4 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.14 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.6 // indirect
github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.21.1 // indirect
Expand All @@ -182,10 +182,10 @@ require (
github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.20.6 // indirect
github.com/aws/aws-sdk-go-v2/service/emr v1.28.7 // indirect
github.com/aws/aws-sdk-go-v2/service/iam v1.22.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.38 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.35 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.6 // indirect
github.com/aws/aws-sdk-go-v2/service/kafka v1.22.6 // indirect
github.com/aws/aws-sdk-go-v2/service/kinesis v1.18.5 // indirect
Expand All @@ -201,7 +201,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/sso v1.18.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2 // indirect
github.com/aws/aws-sdk-go-v2/service/workspaces v1.31.1 // indirect
github.com/aws/smithy-go v1.18.1 // indirect
github.com/aws/smithy-go v1.19.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
github.com/briandowns/spinner v1.23.0 // indirect
Expand All @@ -218,7 +218,7 @@ require (
github.com/containerd/typeurl v1.0.2 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/cpuguy83/dockercfg v0.3.1 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
Expand All @@ -235,7 +235,7 @@ require (
github.com/emirpasic/gods v1.18.1 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
Expand Down Expand Up @@ -267,7 +267,7 @@ require (
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/gosuri/uitable v0.0.4 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
Expand Down Expand Up @@ -342,7 +342,7 @@ require (
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rubenv/sql-migrate v1.5.2 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/skeema/knownhosts v1.2.1 // indirect
Expand All @@ -362,25 +362,26 @@ require (
github.com/zclconf/go-cty-yaml v1.0.3 // indirect
go.mongodb.org/mongo-driver v1.11.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
go.opentelemetry.io/otel v1.19.0 // indirect
go.opentelemetry.io/otel/metric v1.19.0 // indirect
go.opentelemetry.io/otel/sdk v1.19.0 // indirect
go.opentelemetry.io/otel/trace v1.19.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/sdk v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
go.uber.org/goleak v1.3.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.17.0 // indirect
golang.org/x/net v0.19.0 // indirect
golang.org/x/oauth2 v0.11.0 // indirect
golang.org/x/oauth2 v0.13.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.13.0 // indirect
google.golang.org/api v0.138.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect
google.golang.org/grpc v1.60.1 // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
Expand All @@ -399,9 +400,9 @@ require (
lukechampine.com/uint128 v1.2.0 // indirect
modernc.org/cc/v3 v3.40.0 // indirect
modernc.org/ccgo/v3 v3.16.13 // indirect
modernc.org/libc v1.22.5 // indirect
modernc.org/mathutil v1.5.0 // indirect
modernc.org/memory v1.5.0 // indirect
modernc.org/libc v1.29.0 // indirect
modernc.org/mathutil v1.6.0 // indirect
modernc.org/memory v1.7.2 // indirect
modernc.org/opt v0.1.3 // indirect
modernc.org/strutil v1.1.3 // indirect
modernc.org/token v1.0.1 // indirect
Expand Down
Loading

0 comments on commit 6d33016

Please sign in to comment.