Skip to content

Commit

Permalink
fix(cli): secret scanning perf link fix (#2607)
Browse files Browse the repository at this point in the history
  • Loading branch information
Moulick authored Aug 15, 2022
1 parent bc85441 commit ddffb1b
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 8 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION := $(shell git describe --tags --always)
VERSION := $(patsubst v%,%,$(shell git describe --tags --always)) #Strips the v prefix from the tag
LDFLAGS := -ldflags "-s -w -X=main.version=$(VERSION)"

GOPATH := $(shell go env GOPATH)
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/vulnerability/distributions.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ The following table provides an outline of the features Trivy offers.
2022-07-27T09:30:21.756Z INFO Vulnerability scanning is enabled
2022-07-27T09:30:21.756Z INFO Secret scanning is enabled
2022-07-27T09:30:21.756Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/0.30.4/docs/secret/scanning/#recommendation for faster secret detection
2022-07-27T09:30:21.756Z INFO Please see also https://aquasecurity.github.io/trivy/v0.30.4/docs/secret/scanning/#recommendation for faster secret detection
2022-07-27T09:30:22.205Z INFO Detected OS: cbl-mariner
2022-07-27T09:30:22.205Z INFO Detecting CBL-Mariner vulnerabilities...
2022-07-27T09:30:22.205Z INFO Number of language-specific files: 0
Expand All @@ -55,4 +55,4 @@ The following table provides an outline of the features Trivy offers.
See [here][source].

[mariner]: https://github.com/microsoft/CBL-Mariner
[source]: detection/data-source.md
[source]: detection/data-source.md
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ require (
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.4.0 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hcl/v2 v2.13.0 // indirect
github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect
github.com/huandu/xstrings v1.3.2 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -992,8 +992,8 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
Expand Down
2 changes: 1 addition & 1 deletion goreleaser-canary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ archives:
files:
- README.md
- LICENSE
- contrib/*.tpl
- contrib/*.tpl
24 changes: 23 additions & 1 deletion pkg/commands/artifact/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"golang.org/x/exp/slices"
"golang.org/x/xerrors"

"github.com/aquasecurity/go-version/pkg/semver"
"github.com/aquasecurity/trivy-db/pkg/db"
tcache "github.com/aquasecurity/trivy/pkg/cache"
"github.com/aquasecurity/trivy/pkg/commands/operation"
Expand Down Expand Up @@ -39,6 +40,8 @@ const (
TargetRepository TargetKind = "repo"
TargetImageArchive TargetKind = "archive"
TargetSBOM TargetKind = "sbom"

devVersion = "dev"
)

var (
Expand Down Expand Up @@ -471,9 +474,10 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi

// Do not load config file for secret scanning
if slices.Contains(opts.SecurityChecks, types.SecurityCheckSecret) {
ver := canonicalVersion(opts.AppVersion)
log.Logger.Info("Secret scanning is enabled")
log.Logger.Info("If your scanning is slow, please try '--security-checks vuln' to disable secret scanning")
log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", opts.AppVersion)
log.Logger.Infof("Please see also https://aquasecurity.github.io/trivy/%s/docs/secret/scanning/#recommendation for faster secret detection", ver)
} else {
opts.SecretConfigPath = ""
}
Expand Down Expand Up @@ -543,3 +547,21 @@ func Exit(opts flag.Options, failedResults bool) {
os.Exit(opts.ExitCode)
}
}

func canonicalVersion(ver string) string {
if ver == devVersion {
return ver
}
v, err := semver.Parse(ver)
if err != nil {
return devVersion
}
// Replace pre-release with "dev"
// e.g. v0.34.0-beta1+snapshot-1
if v.IsPreRelease() || v.Metadata() != "" {
return devVersion
}

// Add "v" prefix, "0.34.0" => "v0.34.0" for the url
return "v" + ver
}

0 comments on commit ddffb1b

Please sign in to comment.