diff --git a/.automation/generated/linters_matrix.json b/.automation/generated/linters_matrix.json index c4bb6a94fa7..5d3880bfa5e 100644 --- a/.automation/generated/linters_matrix.json +++ b/.automation/generated/linters_matrix.json @@ -86,8 +86,6 @@ "repository_secretlint", "repository_semgrep", "repository_syft", - "repository_trivy", - "repository_trivy_sbom", "repository_trufflehog", "repository_kingfisher", "robotframework_robocop", diff --git a/.github/workflows/deploy-ALPHA-flavors.yml b/.github/workflows/deploy-ALPHA-flavors.yml index 5e78759856a..4325ce31b55 100644 --- a/.github/workflows/deploy-ALPHA-flavors.yml +++ b/.github/workflows/deploy-ALPHA-flavors.yml @@ -138,16 +138,16 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha - format: 'table' - exit-code: '1' - ignore-unfixed: true - scanners: vuln - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - timeout: 10m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # scanners: vuln + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # timeout: 10m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy-BETA-flavors.yml b/.github/workflows/deploy-BETA-flavors.yml index c3036a62b4e..3e4ca376f24 100644 --- a/.github/workflows/deploy-BETA-flavors.yml +++ b/.github/workflows/deploy-BETA-flavors.yml @@ -210,16 +210,16 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0]}}" - format: "table" - exit-code: "1" - ignore-unfixed: true - scanners: vuln - vuln-type: "os,library" - severity: "CRITICAL,HIGH" - timeout: 10m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0]}}" + # format: "table" + # exit-code: "1" + # ignore-unfixed: true + # scanners: vuln + # vuln-type: "os,library" + # severity: "CRITICAL,HIGH" + # timeout: 10m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy-BETA-linters.yml b/.github/workflows/deploy-BETA-linters.yml index de44583e9d3..8d846002e5d 100644 --- a/.github/workflows/deploy-BETA-linters.yml +++ b/.github/workflows/deploy-BETA-linters.yml @@ -163,16 +163,16 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0]}}" - format: "table" - exit-code: "1" - ignore-unfixed: true - scanners: vuln - vuln-type: "os,library" - severity: "CRITICAL,HIGH" - timeout: 10m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0]}}" + # format: "table" + # exit-code: "1" + # ignore-unfixed: true + # scanners: vuln + # vuln-type: "os,library" + # severity: "CRITICAL,HIGH" + # timeout: 10m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy-BETA.yml b/.github/workflows/deploy-BETA.yml index d500272dc61..6e5d2e98e74 100644 --- a/.github/workflows/deploy-BETA.yml +++ b/.github/workflows/deploy-BETA.yml @@ -241,19 +241,19 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ steps.meta.outputs.tags }}" - format: 'table' - exit-code: '1' - ignore-unfixed: true - scanners: vuln - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - timeout: 15m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: "${{ steps.meta.outputs.tags }}" + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # scanners: vuln + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # timeout: 15m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-custom-flavor-builder: strategy: diff --git a/.github/workflows/deploy-DEV-linters.yml b/.github/workflows/deploy-DEV-linters.yml index f621a675f82..b85c46c0a71 100644 --- a/.github/workflows/deploy-DEV-linters.yml +++ b/.github/workflows/deploy-DEV-linters.yml @@ -149,16 +149,16 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0] }}" - format: "table" - exit-code: "1" - ignore-unfixed: true - scanners: vuln - vuln-type: "os,library" - severity: "CRITICAL,HIGH" - timeout: 10m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: "${{ fromJson(steps.meta.outputs.json).tags[0] }}" + # format: "table" + # exit-code: "1" + # ignore-unfixed: true + # scanners: vuln + # vuln-type: "os,library" + # severity: "CRITICAL,HIGH" + # timeout: 10m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy-RELEASE-flavors.yml b/.github/workflows/deploy-RELEASE-flavors.yml index c2670109e21..7258a74ade0 100644 --- a/.github/workflows/deploy-RELEASE-flavors.yml +++ b/.github/workflows/deploy-RELEASE-flavors.yml @@ -180,16 +180,16 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:${{ github.event.release.tag_name }}' - format: 'table' - exit-code: '1' - ignore-unfixed: true - scanners: vuln - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - timeout: 10m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: 'ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:${{ github.event.release.tag_name }}' + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # scanners: vuln + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # timeout: 10m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/deploy-RELEASE-linters.yml b/.github/workflows/deploy-RELEASE-linters.yml index aaf135ea693..fd01717c523 100644 --- a/.github/workflows/deploy-RELEASE-linters.yml +++ b/.github/workflows/deploy-RELEASE-linters.yml @@ -140,16 +140,16 @@ jobs: ############################################## # Check Docker image security with Trivy # ############################################## - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ github.event.release.tag_name }} - format: 'table' - exit-code: '1' - ignore-unfixed: true - scanners: vuln - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - timeout: 10m0s - env: - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Run Trivy vulnerability scanner + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ github.event.release.tag_name }} + # format: 'table' + # exit-code: '1' + # ignore-unfixed: true + # scanners: vuln + # vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # timeout: 10m0s + # env: + # ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.trivyignore b/.trivyignore index ba0de0213e9..2f598946e58 100644 --- a/.trivyignore +++ b/.trivyignore @@ -226,6 +226,8 @@ GHSA-qffp-2rhf-9h96 CVE-2026-29786 # https://avd.aquasec.com/nvd/2026/cve-2026-29786/: Docker for windows, this issue does not impact non-Windows binaries CVE-2025-15558 +# https://avd.aquasec.com/nvd/cve-2026-30922 : pyasn1, DDOS attack risk, not applicable in MegaLinter context +CVE-2026-30922 # Dockerfile DS001 DS-0001 diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c9f8909a7c..64ccf2dbed4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l - New linters - Disabled linters + - Disable trivy until their security issue is solved - Deprecated linters @@ -31,6 +32,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l - Doc - CI + - Disable trivy-action until their security issue is solved - mega-linter-runner diff --git a/Dockerfile b/Dockerfile index 81baac12b9c..68204d19d51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -322,10 +322,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=github-tags depName=mongodb/kingfisher ARG REPOSITORY_KINGFISHER_VERSION=1.88.0 # renovate: datasource=pypi depName=robotframework-robocop @@ -1199,14 +1195,6 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset # syft installation RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ # -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ # diff --git a/flavors/c_cpp/Dockerfile b/flavors/c_cpp/Dockerfile index 72bed1d72e5..81f01f6746e 100644 --- a/flavors/c_cpp/Dockerfile +++ b/flavors/c_cpp/Dockerfile @@ -157,10 +157,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -500,16 +496,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/c_cpp/flavor.json b/flavors/c_cpp/flavor.json index 835f1c79ca8..72e4bd03b85 100644 --- a/flavors/c_cpp/flavor.json +++ b/flavors/c_cpp/flavor.json @@ -47,8 +47,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile index c40c074584f..f5a35dd7bce 100644 --- a/flavors/ci_light/Dockerfile +++ b/flavors/ci_light/Dockerfile @@ -94,10 +94,6 @@ ARG NPM_SECRETLINT_SECRETLINT_RULE_PRESET_RECOMMEND_VERSION=11.3.1 ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=yamllint ARG PIP_YAMLLINT_VERSION=1.38.0 # renovate: datasource=pypi depName=pip @@ -284,16 +280,7 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/refs/tags/v${REPO # secretlint installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/ci_light/flavor.json b/flavors/ci_light/flavor.json index 673ca4af5b1..5d2a896fa7c 100644 --- a/flavors/ci_light/flavor.json +++ b/flavors/ci_light/flavor.json @@ -19,8 +19,6 @@ "REPOSITORY_LS_LINT", "REPOSITORY_SECRETLINT", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "XML_XMLLINT", "YAML_PRETTIER", diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index 6fc4cc149d4..8daa5eedbdc 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -256,10 +256,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=robotframework-robocop ARG PIP_ROBOT_FRAMEWORK_ROBOCOP_VERSION=8.2.2 # renovate: datasource=pypi depName=Pygments @@ -857,16 +853,7 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset # semgrep installation # # syft installation -RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - +RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/cupcake/flavor.json b/flavors/cupcake/flavor.json index 1f3a598beae..0f3905cc55c 100644 --- a/flavors/cupcake/flavor.json +++ b/flavors/cupcake/flavor.json @@ -74,8 +74,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "ROBOTFRAMEWORK_ROBOCOP", "RST_RST_LINT", diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index d95af05eaed..7c0dfca320d 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -155,10 +155,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -486,16 +482,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/documentation/flavor.json b/flavors/documentation/flavor.json index bc9a997ae24..fbb41f25f77 100644 --- a/flavors/documentation/flavor.json +++ b/flavors/documentation/flavor.json @@ -40,8 +40,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index 56b4df2c884..55a253a966e 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -185,10 +185,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -622,14 +618,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # syft installation && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ # -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ # diff --git a/flavors/dotnet/flavor.json b/flavors/dotnet/flavor.json index 09f4f947615..2281850be10 100644 --- a/flavors/dotnet/flavor.json +++ b/flavors/dotnet/flavor.json @@ -57,8 +57,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile index bee68dc2d59..54ea50130a6 100644 --- a/flavors/dotnetweb/Dockerfile +++ b/flavors/dotnetweb/Dockerfile @@ -221,10 +221,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -700,14 +696,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # syft installation && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ # -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ # diff --git a/flavors/dotnetweb/flavor.json b/flavors/dotnetweb/flavor.json index 4c7b9006c88..a88fdc9621b 100644 --- a/flavors/dotnetweb/flavor.json +++ b/flavors/dotnetweb/flavor.json @@ -63,8 +63,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index a32cfb7e936..f0de4921ddc 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -165,10 +165,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -507,16 +503,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/go/flavor.json b/flavors/go/flavor.json index f6b3309d47a..253cfcf9d7f 100644 --- a/flavors/go/flavor.json +++ b/flavors/go/flavor.json @@ -43,8 +43,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index 9bd176e863e..abfac416307 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -170,10 +170,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -579,16 +575,7 @@ RUN curl --retry 5 --retry-delay 5 -sSL \ # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/java/flavor.json b/flavors/java/flavor.json index a2d49cdf29d..01bf8d85b57 100644 --- a/flavors/java/flavor.json +++ b/flavors/java/flavor.json @@ -47,8 +47,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index 5f15ed072f7..614d9e5b13e 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -195,10 +195,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -572,16 +568,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/javascript/flavor.json b/flavors/javascript/flavor.json index 4364cbfa003..1f516e897e7 100644 --- a/flavors/javascript/flavor.json +++ b/flavors/javascript/flavor.json @@ -47,8 +47,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index eedbe159239..4cf4816fc3a 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -169,10 +169,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -540,16 +536,7 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/refs/tags/v${REPO # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/php/flavor.json b/flavors/php/flavor.json index bbe1bd8a303..a05e1d203d1 100644 --- a/flavors/php/flavor.json +++ b/flavors/php/flavor.json @@ -46,8 +46,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index 3888e091fc8..2224384a45a 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -177,10 +177,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=Pygments ARG PIP_PYGMENTS_VERSION=2.19.2 # renovate: datasource=pypi depName=restructuredtext_lint @@ -586,16 +582,7 @@ RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/refs/tags/v${REPO # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/python/flavor.json b/flavors/python/flavor.json index fa9a1bb6076..02803f0aff0 100644 --- a/flavors/python/flavor.json +++ b/flavors/python/flavor.json @@ -54,8 +54,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "RST_RST_LINT", "RST_RSTCHECK", diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index 5fdc4aa1461..2262ba72e65 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -155,10 +155,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=rubygems depName=rubocop ARG GEM_RUBOCOP_VERSION=1.85.1 # renovate: datasource=rubygems depName=rubocop-github @@ -509,16 +505,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/ruby/flavor.json b/flavors/ruby/flavor.json index 85a17c21d53..f0abb18d80f 100644 --- a/flavors/ruby/flavor.json +++ b/flavors/ruby/flavor.json @@ -40,8 +40,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "RUBY_RUBOCOP", "SNAKEMAKE_LINT", diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index f06d71d3126..a068a5a3939 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -155,10 +155,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -486,16 +482,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/rust/flavor.json b/flavors/rust/flavor.json index d5e9cfa865b..b98bb82ce41 100644 --- a/flavors/rust/flavor.json +++ b/flavors/rust/flavor.json @@ -40,8 +40,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "RUST_CLIPPY", "SNAKEMAKE_LINT", diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index 2d3bc0ae375..a51fb7010f2 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -165,10 +165,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=npm depName=@salesforce/plugin-code-analyzer ARG SALESFORCE_CODE_ANALYZER_VERSION=5.10.0 # renovate: datasource=npm depName=@salesforce/sfdx-scanner @@ -519,14 +515,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # syft installation && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ # -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ # diff --git a/flavors/salesforce/flavor.json b/flavors/salesforce/flavor.json index 27b0e554eb5..713e8e80d82 100644 --- a/flavors/salesforce/flavor.json +++ b/flavors/salesforce/flavor.json @@ -42,8 +42,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SALESFORCE_CODE_ANALYZER_APEX", "SALESFORCE_CODE_ANALYZER_AURA", diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 4ff926c3e42..1f62471241f 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -113,10 +113,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=github-tags depName=mongodb/kingfisher ARG REPOSITORY_KINGFISHER_VERSION=1.88.0 # renovate: datasource=pypi depName=pip @@ -336,14 +332,6 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset # syft installation RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ # -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ # diff --git a/flavors/security/flavor.json b/flavors/security/flavor.json index 135af6f8f47..9abe82c2a29 100644 --- a/flavors/security/flavor.json +++ b/flavors/security/flavor.json @@ -20,8 +20,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "REPOSITORY_KINGFISHER", "TERRAFORM_TFLINT", diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 6c96aacdc60..22b8be5f3e0 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -155,10 +155,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -489,16 +485,7 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel # semgrep installation # # syft installation - && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - + && curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/swift/flavor.json b/flavors/swift/flavor.json index 05df9578bce..b5ddfe85fbd 100644 --- a/flavors/swift/flavor.json +++ b/flavors/swift/flavor.json @@ -40,8 +40,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index 42c6710204b..88e3301e84f 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -169,10 +169,6 @@ ARG NPM_SECRETLINT_SECRETLINT_FORMATTER_SARIF_VERSION=11.3.1 ARG PIP_SEMGREP_VERSION=1.155.0 # renovate: datasource=github-tags depName=anchore/syft ARG REPOSITORY_SYFT_VERSION=1.42.2 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_VERSION=0.69.3 -# renovate: datasource=github-tags depName=aquasecurity/trivy -ARG REPOSITORY_TRIVY_SBOM_VERSION=0.69.3 # renovate: datasource=pypi depName=snakemake ARG PIP_SNAKEMAKE_VERSION=9.16.3 # renovate: datasource=pypi depName=snakefmt @@ -515,16 +511,7 @@ ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/asset # semgrep installation # # syft installation -RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin \ -# -# trivy installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) \ -# -# trivy-sbom installation - && wget --tries=5 -q -O - https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${REPOSITORY_TRIVY_SBOM_VERSION}" \ - && (trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress || trivy image --download-db-only --no-progress) - +RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/refs/tags/v${REPOSITORY_SYFT_VERSION}/install.sh | sh -s -- -b /usr/local/bin # # trufflehog installation # Managed with COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ diff --git a/flavors/terraform/flavor.json b/flavors/terraform/flavor.json index e85a1708564..03009870abb 100644 --- a/flavors/terraform/flavor.json +++ b/flavors/terraform/flavor.json @@ -41,8 +41,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/megalinter/descriptors/all_flavors.json b/megalinter/descriptors/all_flavors.json index f752c4b6fc7..1af67975af1 100644 --- a/megalinter/descriptors/all_flavors.json +++ b/megalinter/descriptors/all_flavors.json @@ -48,8 +48,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -87,8 +85,6 @@ "REPOSITORY_LS_LINT", "REPOSITORY_SECRETLINT", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "XML_XMLLINT", "YAML_PRETTIER", @@ -172,8 +168,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "ROBOTFRAMEWORK_ROBOCOP", "RST_RST_LINT", @@ -243,8 +237,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -320,8 +312,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -405,8 +395,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -505,8 +493,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -572,8 +558,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -639,8 +623,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -709,8 +691,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -783,8 +763,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "RST_RST_LINT", "RST_RSTCHECK", @@ -846,8 +824,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "RUBY_RUBOCOP", "SNAKEMAKE_LINT", @@ -907,8 +883,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "RUST_CLIPPY", "SNAKEMAKE_LINT", @@ -970,8 +944,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SALESFORCE_CODE_ANALYZER_APEX", "SALESFORCE_CODE_ANALYZER_AURA", @@ -1016,8 +988,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "REPOSITORY_KINGFISHER", "TERRAFORM_TFLINT", @@ -1067,8 +1037,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", @@ -1129,8 +1097,6 @@ "REPOSITORY_SECRETLINT", "REPOSITORY_SEMGREP", "REPOSITORY_SYFT", - "REPOSITORY_TRIVY", - "REPOSITORY_TRIVY_SBOM", "REPOSITORY_TRUFFLEHOG", "SNAKEMAKE_LINT", "SNAKEMAKE_SNAKEFMT", diff --git a/megalinter/descriptors/repository.megalinter-descriptor.yml b/megalinter/descriptors/repository.megalinter-descriptor.yml index b926d29e45f..373a7e3b4e5 100644 --- a/megalinter/descriptors/repository.megalinter-descriptor.yml +++ b/megalinter/descriptors/repository.megalinter-descriptor.yml @@ -747,6 +747,8 @@ linters: - linux/arm64 # TRIVY - linter_name: trivy + disabled: true + disabled_reason: https://github.com/aquasecurity/trivy/discussions/10425 class: TrivyLinter can_output_sarif: true descriptor_flavors: @@ -827,6 +829,8 @@ linters: # TRIVY SBOM - linter_name: trivy-sbom + disabled: true + disabled_reason: https://github.com/aquasecurity/trivy/discussions/10425 class: TrivySbomLinter can_output_sarif: true is_sbom: true