Merge branch 'aquasecurity:main' into ignore-policy

aquasecurity · Aug 10, 2023 · 84e4572 · 84e4572
2 parents 73561b7 + f105279
commit 84e4572
Show file tree

Hide file tree

Showing 515 changed files with 22,049 additions and 8,154 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,24 +1,15 @@
 # Global
 *   @knqyf263
 
-# Docs
-/docs/** @knqyf263 @AnaisUrlichs @itaysk
-/mkdocs.yml @knqyf263 @AnaisUrlichs @itaysk
-/README.md @knqyf263 @AnaisUrlichs @itaysk
+# Misconfiguration scanning
+docs/docs/scanner/misconfiguration  @knqyf263 @simar7
+docs/docs/target/aws.md             @knqyf263 @simar7
+pkg/fanal/analyzer/config           @knqyf263 @simar7
+pkg/cloud                           @knqyf263 @simar7
 
 # Helm chart
 helm/trivy/ @chen-keinan
 
-# Misconfiguration scanning
-examples/misconf/           @knqyf263
-docs/docs/misconfiguration  @knqyf263
-docs/docs/cloud             @knqyf263
-pkg/fanal/analyzer/config   @knqyf263
-pkg/fanal/handler/misconf   @knqyf263
-pkg/cloud                   @knqyf263
-pkg/flag/aws_flags.go       @knqyf263
-pkg/flag/misconf_flags.go   @knqyf263
-
 # Kubernetes scanning
 pkg/k8s/                @josedonizetti @chen-keinan @knqyf263
 docs/docs/kubernetes/   @josedonizetti @chen-keinan @knqyf263
diff --git a/.github/DISCUSSION_TEMPLATE/bugs.yml b/.github/DISCUSSION_TEMPLATE/bugs.yml
@@ -8,6 +8,8 @@ body:
         Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
         If you see any false positives or false negatives, please file a ticket [here](https://github.com/aquasecurity/trivy/discussions/new?category=false-detection).
         
+        **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
+        
         Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
   - type: textarea
     attributes:
@@ -114,7 +116,7 @@ body:
       label: Checklist
       description: Have you tried the following?
       options:
-        - label: Run `trivy --reset`
+        - label: Run `trivy image --reset`
         - label: Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
   - type: markdown
     attributes:

diff --git a/.github/DISCUSSION_TEMPLATE/documentation.yml b/.github/DISCUSSION_TEMPLATE/documentation.yml
@@ -0,0 +1,28 @@
+labels: ["kind/documentation"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        #### Note
+        Feel free to create a docs report if something doesn't work as expected or is unclear in the documentation.
+        Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
+        
+        Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
+  - type: textarea
+    attributes:
+      label: Description
+      description: Briefly describe the what has been unclear in the existing documentation
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Link
+      description: Please provide a link to the current documentation or where you thought to find the information you were looking for
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Suggestions
+      description: What would you like to have added or changed in the documentation?
+    validations:
+      required: true
diff --git a/.github/DISCUSSION_TEMPLATE/false-detection.yml b/.github/DISCUSSION_TEMPLATE/false-detection.yml
@@ -6,6 +6,8 @@ body:
         Feel free to raise a bug report if something doesn't work as expected.
         Please ensure that you're not creating a duplicate report by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
         
+        **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
+        
         Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
   - type: input
     attributes:

diff --git a/.github/DISCUSSION_TEMPLATE/ideas.yml b/.github/DISCUSSION_TEMPLATE/ideas.yml
@@ -7,6 +7,8 @@ body:
         Feel free to share your idea.
         Please ensure that you're not creating a duplicate ticket by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
         
+        **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
+        
         Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
   - type: textarea
     attributes:

diff --git a/.github/DISCUSSION_TEMPLATE/q-a.yml b/.github/DISCUSSION_TEMPLATE/q-a.yml
@@ -7,6 +7,8 @@ body:
         If you have any troubles/questions, feel free to ask.
         Please ensure that you're not asking a duplicate question by searching the [issues](https://github.com/aquasecurity/trivy/issues)/[discussions](https://github.com/aquasecurity/trivy/discussions) beforehand.
         
+        **Do not open a GitHub issue, please.** Maintainers triage discussions and then create issues.
+        
         Please also check [our contribution guidelines](https://aquasecurity.github.io/trivy/latest/community/contribute/discussion/).
   - type: textarea
     attributes:

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -6,6 +6,9 @@ contact_links:
   - name: Report a bug
     url: https://github.com/aquasecurity/trivy/discussions/new?category=bugs
     about: Report bugs
+  - name: Enhance documentation
+    url: https://github.com/aquasecurity/trivy/discussions/new?category=documentation
+    about: Make suggestions to the documentation
   - name: Request a feature enhancement
     url: https://github.com/aquasecurity/trivy/discussions/new?category=ideas
     about: Share ideas for new features

diff --git a/.github/workflows/bypass-cla.yaml b/.github/workflows/bypass-cla.yaml
@@ -0,0 +1,12 @@
+# This workflow is used to bypass the required status checks in merge queue.
+# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
+name: CLA
+on:
+  merge_group:
+
+jobs:
+  cla:
+    name: license/cla
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No test required"'
diff --git a/.github/workflows/bypass-test.yaml b/.github/workflows/bypass-test.yaml
@@ -0,0 +1,31 @@
+# This workflow is used to bypass the required status checks.
+# cf. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks
+name: Test
+on:
+  push:
+    paths:
+      - '**.md'
+      - 'docs/**'
+      - 'mkdocs.yml'
+      - 'LICENSE'
+  pull_request:
+    paths:
+      - '**.md'
+      - 'docs/**'
+      - 'mkdocs.yml'
+      - 'LICENSE'
+jobs:
+  test:
+    name: Test
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      matrix:
+        operating-system: [ubuntu-latest, windows-latest, macos-latest]
+    steps:
+      - run: 'echo "No test required"'
+
+  integration:
+    name: Integration Test
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No test required"'
diff --git a/.github/workflows/mkdocs-dev.yaml b/.github/workflows/mkdocs-dev.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout main
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
           persist-credentials: true

diff --git a/.github/workflows/mkdocs-latest.yaml b/.github/workflows/mkdocs-latest.yaml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout main
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
           persist-credentials: true

diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
       - name: Install Helm
@@ -37,7 +37,7 @@ jobs:
         id: lint
         uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76
       - name: Setup Kubernetes cluster (KIND)
-        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140
         with:
           version: ${{ env.KIND_VERSION }}
           image: ${{ env.KIND_IMAGE }}
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
       - name: Install chart-releaser

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
 
@@ -35,7 +35,7 @@ jobs:
           sudo apt-get -y install rpm reprepro createrepo-c distro-info
 
       - name: Checkout trivy-repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
         with:
           repository: ${{ github.repository_owner }}/trivy-repo
           path: trivy-repo

diff --git a/.github/workflows/reusable-release.yaml b/.github/workflows/reusable-release.yaml
@@ -26,8 +26,17 @@ jobs:
       packages: write # For GHCR
       contents: read  # Not required for public repositories, but for clarity
     steps:
+      - name: Maximize build space
+        uses: easimon/maximize-build-space@v7
+        with:
+          root-reserve-mb: 35840 # The Go cache (`~/.cache/go-build` and `~/go/pkg`) requires a lot of storage space.
+          remove-android: 'true'
+          remove-docker-images: 'true'
+          remove-dotnet: 'true'
+          remove-haskell: 'true'
+
       - name: Cosign install
-        uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343
+        uses: sigstore/cosign-installer@a5d81fb6bdbcbb3d239e864d6552820420254494
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
@@ -60,7 +69,7 @@ jobs:
           password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
 
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
         with:
           fetch-depth: 0
 
@@ -70,7 +79,7 @@ jobs:
           go-version-file: go.mod
 
       - name: Generate SBOM
-        uses: CycloneDX/gh-gomod-generate-sbom@v1
+        uses: CycloneDX/gh-gomod-generate-sbom@v2
         with:
           args: mod -licenses -json -output bom.json
           version: ^v1

diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v3.5.3
 
       - name: Run Trivy vulnerability scanner and create GitHub issues
         uses: knqyf263/[email protected]

diff --git a/.github/workflows/test-docs.yaml b/.github/workflows/test-docs.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v3.5.3
       with:
         fetch-depth: 0
         persist-credentials: true