From f4dd062f582cc2f8809473250d09ef3607e5491f Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Wed, 15 Nov 2023 13:11:09 +0900 Subject: [PATCH] feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) Signed-off-by: knqyf263 Co-authored-by: knqyf263 --- docs/docs/supply-chain/attestation/vuln.md | 1 + integration/client_server_test.go | 4 +- integration/integration_test.go | 3 + integration/repo_test.go | 2 +- integration/testdata/almalinux-8.json.golden | 1 + .../testdata/alpine-310-registry.json.golden | 9 +- integration/testdata/alpine-310.asff.golden | 16 +- integration/testdata/alpine-310.gsbom.golden | 2 +- integration/testdata/alpine-310.html.golden | 4 +- integration/testdata/alpine-310.json.golden | 1 + .../alpine-39-high-critical.json.golden | 1 + .../alpine-39-ignore-cveids.json.golden | 1 + .../testdata/alpine-39-skip.json.golden | 1 + integration/testdata/alpine-39.json.golden | 1 + .../testdata/alpine-distroless.json.golden | 1 + integration/testdata/amazon-1.json.golden | 1 + integration/testdata/amazon-2.json.golden | 1 + .../amazonlinux2-gp2-x86-vm.json.golden | 1 + .../busybox-with-lockfile.json.golden | 1 + integration/testdata/centos-6.json.golden | 1 + .../centos-7-ignore-unfixed.json.golden | 1 + .../testdata/centos-7-medium.json.golden | 1 + integration/testdata/centos-7.json.golden | 1 + integration/testdata/cocoapods.json.golden | 1 + .../testdata/composer.lock.json.golden | 1 + integration/testdata/conan.json.golden | 1 + .../testdata/conda-cyclonedx.json.golden | 2 +- integration/testdata/conda-spdx.json.golden | 2 +- .../debian-buster-ignore-unfixed.json.golden | 1 + .../testdata/debian-buster.json.golden | 1 + .../testdata/debian-stretch.json.golden | 1 + .../testdata/distroless-base.json.golden | 1 + .../testdata/distroless-python27.json.golden | 1 + .../dockerfile-custom-policies.json.golden | 1 + ...dockerfile-namespace-exception.json.golden | 1 + .../dockerfile-rule-exception.json.golden | 1 + integration/testdata/dockerfile.json.golden | 1 + .../dockerfile_file_pattern.json.golden | 1 + integration/testdata/dotnet.json.golden | 1 + integration/testdata/fluentd-gems.json.golden | 1 + ...fluentd-multiple-lockfiles.cdx.json.golden | 2 +- .../fluentd-multiple-lockfiles.json.golden | 1 + integration/testdata/gomod-skip.json.golden | 1 + integration/testdata/gomod.json.golden | 1 + integration/testdata/gradle.json.golden | 1 + integration/testdata/helm.json.golden | 1 + integration/testdata/helm_badname.json.golden | 1 + .../testdata/helm_testchart.json.golden | 1 + .../helm_testchart.overridden.json.golden | 1 + integration/testdata/mariner-1.0.json.golden | 1 + .../testdata/minikube-kbom.json.golden | 4 +- integration/testdata/mix.lock.json.golden | 1 + integration/testdata/npm-with-dev.json.golden | 1 + integration/testdata/npm.json.golden | 1 + integration/testdata/nuget.json.golden | 1 + .../testdata/opensuse-leap-151.json.golden | 1 + .../testdata/oraclelinux-8.json.golden | 1 + integration/testdata/photon-30.json.golden | 1 + integration/testdata/pip.json.golden | 1 + integration/testdata/pipenv.json.golden | 1 + integration/testdata/pnpm.json.golden | 1 + integration/testdata/poetry.json.golden | 1 + .../testdata/pom-cyclonedx.json.golden | 158 +++++++++--------- integration/testdata/pom.json.golden | 1 + integration/testdata/pubspec.lock.json.golden | 1 + integration/testdata/rockylinux-8.json.golden | 1 + integration/testdata/secrets.asff.golden | 8 +- integration/testdata/secrets.json.golden | 1 + .../testdata/spring4shell-jre11.json.golden | 1 + .../testdata/spring4shell-jre8.json.golden | 1 + integration/testdata/swift.json.golden | 1 + integration/testdata/test-repo.json.golden | 1 + integration/testdata/ubi-7.json.golden | 1 + .../ubuntu-1804-ignore-unfixed.json.golden | 1 + integration/testdata/ubuntu-1804.json.golden | 1 + .../testdata/ubuntu-gp2-x86-vm.json.golden | 1 + integration/testdata/yarn.json.golden | 1 + magefiles/magefile.go | 9 +- pkg/scanner/scan.go | 2 + pkg/scanner/scan_test.go | 4 + pkg/types/report.go | 1 + 81 files changed, 189 insertions(+), 107 deletions(-) diff --git a/docs/docs/supply-chain/attestation/vuln.md b/docs/docs/supply-chain/attestation/vuln.md index e0f78a541a49..c17164f0f30b 100644 --- a/docs/docs/supply-chain/attestation/vuln.md +++ b/docs/docs/supply-chain/attestation/vuln.md @@ -30,6 +30,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10 }, "result": { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "alpine:3.10", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/client_server_test.go b/integration/client_server_test.go index eadd893cc8ed..6a85ca0b50a2 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -354,7 +354,7 @@ func TestClientServerWithFormat(t *testing.T) { }, } - fakeTime := time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC) + fakeTime := time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC) clock.SetFakeTime(t, fakeTime) report.CustomTemplateFuncMap = map[string]interface{}{ @@ -419,7 +419,7 @@ func TestClientServerWithCycloneDX(t *testing.T) { addr, cacheDir := setup(t, setupOptions{}) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC)) + clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)) uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d") osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden) diff --git a/integration/integration_test.go b/integration/integration_test.go index 8f4ca3bc3dd2..67dc9aeb49b5 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -27,6 +27,7 @@ import ( "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy-db/pkg/metadata" + "github.com/aquasecurity/trivy/pkg/clock" "github.com/aquasecurity/trivy/pkg/commands" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/types" @@ -43,6 +44,8 @@ func initDB(t *testing.T) string { entries, err := os.ReadDir(fixtureDir) require.NoError(t, err) + clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)) + var fixtures []string for _, entry := range entries { if entry.IsDir() { diff --git a/integration/repo_test.go b/integration/repo_test.go index 03dac4293c30..e917288a0319 100644 --- a/integration/repo_test.go +++ b/integration/repo_test.go @@ -480,7 +480,7 @@ func TestRepository(t *testing.T) { osArgs = append(osArgs, "--output", outputFile) osArgs = append(osArgs, tt.args.input) - clock.SetFakeTime(t, time.Date(2020, 9, 10, 14, 20, 30, 5, time.UTC)) + clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)) uuid.SetFakeUUID(t, "3ff14136-e09f-4df9-80ea-%012d") // Run "trivy repo" diff --git a/integration/testdata/almalinux-8.json.golden b/integration/testdata/almalinux-8.json.golden index 960de9095253..b0c63578f3c4 100644 --- a/integration/testdata/almalinux-8.json.golden +++ b/integration/testdata/almalinux-8.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/almalinux-8.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden index eb9c6fbfd7ce..7ceeca40e612 100644 --- a/integration/testdata/alpine-310-registry.json.golden +++ b/integration/testdata/alpine-310-registry.json.golden @@ -1,6 +1,7 @@ { "SchemaVersion": 2, - "ArtifactName": "localhost:55844/alpine:3.10", + "CreatedAt": 1629894030, + "ArtifactName": "localhost:53869/alpine:3.10", "ArtifactType": "container_image", "Metadata": { "OS": { @@ -13,10 +14,10 @@ "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" ], "RepoTags": [ - "localhost:55844/alpine:3.10" + "localhost:53869/alpine:3.10" ], "RepoDigests": [ - "localhost:55844/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60" + "localhost:53869/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60" ], "ImageConfig": { "architecture": "amd64", @@ -55,7 +56,7 @@ }, "Results": [ { - "Target": "localhost:55844/alpine:3.10 (alpine 3.10.2)", + "Target": "localhost:53869/alpine:3.10 (alpine 3.10.2)", "Class": "os-pkgs", "Type": "alpine", "Vulnerabilities": [ diff --git a/integration/testdata/alpine-310.asff.golden b/integration/testdata/alpine-310.asff.golden index 2f8e1a748955..6164ba5f1140 100644 --- a/integration/testdata/alpine-310.asff.golden +++ b/integration/testdata/alpine-310.asff.golden @@ -7,8 +7,8 @@ "GeneratorId": "Trivy/CVE-2019-1549", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], - "CreatedAt": "2020-08-10T07:28:17.000958601Z", - "UpdatedAt": "2020-08-10T07:28:17.000958601Z", + "CreatedAt": "2021-08-25T12:20:30.000000005Z", + "UpdatedAt": "2021-08-25T12:20:30.000000005Z", "Severity": { "Label": "MEDIUM" }, @@ -52,8 +52,8 @@ "GeneratorId": "Trivy/CVE-2019-1551", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], - "CreatedAt": "2020-08-10T07:28:17.000958601Z", - "UpdatedAt": "2020-08-10T07:28:17.000958601Z", + "CreatedAt": "2021-08-25T12:20:30.000000005Z", + "UpdatedAt": "2021-08-25T12:20:30.000000005Z", "Severity": { "Label": "MEDIUM" }, @@ -97,8 +97,8 @@ "GeneratorId": "Trivy/CVE-2019-1549", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], - "CreatedAt": "2020-08-10T07:28:17.000958601Z", - "UpdatedAt": "2020-08-10T07:28:17.000958601Z", + "CreatedAt": "2021-08-25T12:20:30.000000005Z", + "UpdatedAt": "2021-08-25T12:20:30.000000005Z", "Severity": { "Label": "MEDIUM" }, @@ -142,8 +142,8 @@ "GeneratorId": "Trivy/CVE-2019-1551", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], - "CreatedAt": "2020-08-10T07:28:17.000958601Z", - "UpdatedAt": "2020-08-10T07:28:17.000958601Z", + "CreatedAt": "2021-08-25T12:20:30.000000005Z", + "UpdatedAt": "2021-08-25T12:20:30.000000005Z", "Severity": { "Label": "MEDIUM" }, diff --git a/integration/testdata/alpine-310.gsbom.golden b/integration/testdata/alpine-310.gsbom.golden index d4808b108a39..006efffebf05 100644 --- a/integration/testdata/alpine-310.gsbom.golden +++ b/integration/testdata/alpine-310.gsbom.golden @@ -11,7 +11,7 @@ "correlator": "workflow-name_integration", "id": "1910764383" }, - "scanned": "2020-08-10T07:28:17Z", + "scanned": "2021-08-25T12:20:30Z", "manifests": { "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)": { "name": "alpine", diff --git a/integration/testdata/alpine-310.html.golden b/integration/testdata/alpine-310.html.golden index 0b369b3d9453..83840bd015d5 100644 --- a/integration/testdata/alpine-310.html.golden +++ b/integration/testdata/alpine-310.html.golden @@ -51,7 +51,7 @@ } a.toggle-more-links { cursor: pointer; } - testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC + testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC -

testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC

+

testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2021-08-25 12:20:30.000000005 +0000 UTC

diff --git a/integration/testdata/alpine-310.json.golden b/integration/testdata/alpine-310.json.golden index 8cd21b6114a0..b0d8dcfbf992 100644 --- a/integration/testdata/alpine-310.json.golden +++ b/integration/testdata/alpine-310.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/alpine-310.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/alpine-39-high-critical.json.golden b/integration/testdata/alpine-39-high-critical.json.golden index 12fe01b07923..5fa44cf795a2 100644 --- a/integration/testdata/alpine-39-high-critical.json.golden +++ b/integration/testdata/alpine-39-high-critical.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/alpine-39-ignore-cveids.json.golden b/integration/testdata/alpine-39-ignore-cveids.json.golden index 9753bdfeba54..8402925ba637 100644 --- a/integration/testdata/alpine-39-ignore-cveids.json.golden +++ b/integration/testdata/alpine-39-ignore-cveids.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/alpine-39-skip.json.golden b/integration/testdata/alpine-39-skip.json.golden index c3ad16e80cd0..6fedc78a89cf 100644 --- a/integration/testdata/alpine-39-skip.json.golden +++ b/integration/testdata/alpine-39-skip.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/alpine-39.json.golden b/integration/testdata/alpine-39.json.golden index d994c1175530..38f23f8a7a96 100644 --- a/integration/testdata/alpine-39.json.golden +++ b/integration/testdata/alpine-39.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/alpine-39.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/alpine-distroless.json.golden b/integration/testdata/alpine-distroless.json.golden index 23bc6875726f..2ca81fd332ce 100644 --- a/integration/testdata/alpine-distroless.json.golden +++ b/integration/testdata/alpine-distroless.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/alpine-distroless.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/amazon-1.json.golden b/integration/testdata/amazon-1.json.golden index 42517cebeedf..6377d1fc0531 100644 --- a/integration/testdata/amazon-1.json.golden +++ b/integration/testdata/amazon-1.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/amazon-1.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/amazon-2.json.golden b/integration/testdata/amazon-2.json.golden index 5c48deeeefad..bcf5d075f1ea 100644 --- a/integration/testdata/amazon-2.json.golden +++ b/integration/testdata/amazon-2.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/amazon-2.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden b/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden index fe4cc1c099c1..9571ef66604a 100644 --- a/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden +++ b/integration/testdata/amazonlinux2-gp2-x86-vm.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "disk.img", "ArtifactType": "vm", "Metadata": { diff --git a/integration/testdata/busybox-with-lockfile.json.golden b/integration/testdata/busybox-with-lockfile.json.golden index e4477fc3fb3e..af904c31f36b 100644 --- a/integration/testdata/busybox-with-lockfile.json.golden +++ b/integration/testdata/busybox-with-lockfile.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/busybox-with-lockfile.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/centos-6.json.golden b/integration/testdata/centos-6.json.golden index 8d09d3d97ffa..741e300d03ef 100644 --- a/integration/testdata/centos-6.json.golden +++ b/integration/testdata/centos-6.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/centos-6.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/centos-7-ignore-unfixed.json.golden b/integration/testdata/centos-7-ignore-unfixed.json.golden index aedf943fabf2..3c32c19fc701 100644 --- a/integration/testdata/centos-7-ignore-unfixed.json.golden +++ b/integration/testdata/centos-7-ignore-unfixed.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/centos-7-medium.json.golden b/integration/testdata/centos-7-medium.json.golden index b158a47a51d9..4fc41b8a0167 100644 --- a/integration/testdata/centos-7-medium.json.golden +++ b/integration/testdata/centos-7-medium.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/centos-7.json.golden b/integration/testdata/centos-7.json.golden index 118d661ea2ad..26138b9a32ee 100644 --- a/integration/testdata/centos-7.json.golden +++ b/integration/testdata/centos-7.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/cocoapods.json.golden b/integration/testdata/cocoapods.json.golden index 14685eac577a..a9a126997012 100644 --- a/integration/testdata/cocoapods.json.golden +++ b/integration/testdata/cocoapods.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/cocoapods", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/composer.lock.json.golden b/integration/testdata/composer.lock.json.golden index 0b5947077c42..d175123d144f 100644 --- a/integration/testdata/composer.lock.json.golden +++ b/integration/testdata/composer.lock.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/composer", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden index 4f8be4f3f884..ec7298b12054 100644 --- a/integration/testdata/conan.json.golden +++ b/integration/testdata/conan.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/conan", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden index b143acd7db35..e449defa008a 100644 --- a/integration/testdata/conda-cyclonedx.json.golden +++ b/integration/testdata/conda-cyclonedx.json.golden @@ -5,7 +5,7 @@ "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", "version": 1, "metadata": { - "timestamp": "2020-09-10T14:20:30+00:00", + "timestamp": "2021-08-25T12:20:30+00:00", "tools": [ { "vendor": "aquasecurity", diff --git a/integration/testdata/conda-spdx.json.golden b/integration/testdata/conda-spdx.json.golden index 0ddb0febe831..9fc685b4aa5b 100644 --- a/integration/testdata/conda-spdx.json.golden +++ b/integration/testdata/conda-spdx.json.golden @@ -9,7 +9,7 @@ "Organization: aquasecurity", "Tool: trivy-dev" ], - "created": "2020-09-10T14:20:30Z" + "created": "2021-08-25T12:20:30Z" }, "packages": [ { diff --git a/integration/testdata/debian-buster-ignore-unfixed.json.golden b/integration/testdata/debian-buster-ignore-unfixed.json.golden index 4d31fa33bba0..7d8e8418dc50 100644 --- a/integration/testdata/debian-buster-ignore-unfixed.json.golden +++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index 61009d538638..ef99f7455995 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/debian-buster.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index f70c12fda9ad..2cec165ac3cb 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/debian-stretch.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/distroless-base.json.golden b/integration/testdata/distroless-base.json.golden index 5e2a989fe0d2..39aba72910ac 100644 --- a/integration/testdata/distroless-base.json.golden +++ b/integration/testdata/distroless-base.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/distroless-base.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden index ec4e865fbb65..c5f72aa791d8 100644 --- a/integration/testdata/distroless-python27.json.golden +++ b/integration/testdata/distroless-python27.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/distroless-python27.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/dockerfile-custom-policies.json.golden b/integration/testdata/dockerfile-custom-policies.json.golden index cbe02296668c..aea2e3a5b235 100644 --- a/integration/testdata/dockerfile-custom-policies.json.golden +++ b/integration/testdata/dockerfile-custom-policies.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/custom-policy", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/dockerfile-namespace-exception.json.golden b/integration/testdata/dockerfile-namespace-exception.json.golden index 0f3427d8c289..53e6f93a6db3 100644 --- a/integration/testdata/dockerfile-namespace-exception.json.golden +++ b/integration/testdata/dockerfile-namespace-exception.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/namespace-exception", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/dockerfile-rule-exception.json.golden b/integration/testdata/dockerfile-rule-exception.json.golden index 1507a4af950f..6d447d980536 100644 --- a/integration/testdata/dockerfile-rule-exception.json.golden +++ b/integration/testdata/dockerfile-rule-exception.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/rule-exception", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/dockerfile.json.golden b/integration/testdata/dockerfile.json.golden index 4dc5cb289f74..72ebc7d00a9b 100644 --- a/integration/testdata/dockerfile.json.golden +++ b/integration/testdata/dockerfile.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/dockerfile", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/dockerfile_file_pattern.json.golden b/integration/testdata/dockerfile_file_pattern.json.golden index c50361b7934f..fae1f25b28c3 100644 --- a/integration/testdata/dockerfile_file_pattern.json.golden +++ b/integration/testdata/dockerfile_file_pattern.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/dockerfile_file_pattern", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/dotnet.json.golden b/integration/testdata/dotnet.json.golden index a822c8940c72..6409886f684b 100644 --- a/integration/testdata/dotnet.json.golden +++ b/integration/testdata/dotnet.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/dotnet", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/fluentd-gems.json.golden b/integration/testdata/fluentd-gems.json.golden index 5d25d7dca823..2a6f60da3886 100644 --- a/integration/testdata/fluentd-gems.json.golden +++ b/integration/testdata/fluentd-gems.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden index 88362c1fb577..d8583f1ad6ea 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.cdx.json.golden @@ -5,7 +5,7 @@ "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", "version": 1, "metadata": { - "timestamp": "2020-09-10T14:20:30+00:00", + "timestamp": "2021-08-25T12:20:30+00:00", "tools": [ { "vendor": "aquasecurity", diff --git a/integration/testdata/fluentd-multiple-lockfiles.json.golden b/integration/testdata/fluentd-multiple-lockfiles.json.golden index 8dd8e073653c..46cb86eda6ef 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/sbom/fluentd-multiple-lockfiles-cyclonedx.json", "ArtifactType": "cyclonedx", "Metadata": { diff --git a/integration/testdata/gomod-skip.json.golden b/integration/testdata/gomod-skip.json.golden index 1dfd67938b7e..b58c9abed51e 100644 --- a/integration/testdata/gomod-skip.json.golden +++ b/integration/testdata/gomod-skip.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/gomod", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/gomod.json.golden b/integration/testdata/gomod.json.golden index 30cee57c31ab..397cfac89244 100644 --- a/integration/testdata/gomod.json.golden +++ b/integration/testdata/gomod.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/gomod", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/gradle.json.golden b/integration/testdata/gradle.json.golden index a7cb4347977b..eac7bab6093a 100644 --- a/integration/testdata/gradle.json.golden +++ b/integration/testdata/gradle.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/gradle", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/helm.json.golden b/integration/testdata/helm.json.golden index 39789ee45107..08b89c8cbe89 100644 --- a/integration/testdata/helm.json.golden +++ b/integration/testdata/helm.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/helm", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/helm_badname.json.golden b/integration/testdata/helm_badname.json.golden index 9ca547ffbbd4..8b935eb05bb2 100644 --- a/integration/testdata/helm_badname.json.golden +++ b/integration/testdata/helm_badname.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/helm_badname", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/helm_testchart.json.golden b/integration/testdata/helm_testchart.json.golden index 3ee6bdc26cf9..00d8c862528f 100644 --- a/integration/testdata/helm_testchart.json.golden +++ b/integration/testdata/helm_testchart.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/helm_testchart", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/helm_testchart.overridden.json.golden b/integration/testdata/helm_testchart.overridden.json.golden index 88097a308e8c..6adb11041096 100644 --- a/integration/testdata/helm_testchart.overridden.json.golden +++ b/integration/testdata/helm_testchart.overridden.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/helm_testchart", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/mariner-1.0.json.golden b/integration/testdata/mariner-1.0.json.golden index 31bddad34ff8..7c93c46e7f44 100644 --- a/integration/testdata/mariner-1.0.json.golden +++ b/integration/testdata/mariner-1.0.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/mariner-1.0.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/minikube-kbom.json.golden b/integration/testdata/minikube-kbom.json.golden index 267725173303..4d4b277c7e3b 100644 --- a/integration/testdata/minikube-kbom.json.golden +++ b/integration/testdata/minikube-kbom.json.golden @@ -1,12 +1,12 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/sbom/minikube-kbom.json", "ArtifactType": "cyclonedx", "Metadata": { "OS": { "Family": "ubuntu", - "Name": "22.04.2", - "EOSL": false + "Name": "22.04.2" }, "ImageConfig": { "architecture": "", diff --git a/integration/testdata/mix.lock.json.golden b/integration/testdata/mix.lock.json.golden index bb558515422c..8af6ae404292 100644 --- a/integration/testdata/mix.lock.json.golden +++ b/integration/testdata/mix.lock.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/mixlock", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/npm-with-dev.json.golden b/integration/testdata/npm-with-dev.json.golden index 0b69c7067f27..a77dcd400ca4 100644 --- a/integration/testdata/npm-with-dev.json.golden +++ b/integration/testdata/npm-with-dev.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/npm", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/npm.json.golden b/integration/testdata/npm.json.golden index 3afbd63c5ceb..0fbf98b5eec2 100644 --- a/integration/testdata/npm.json.golden +++ b/integration/testdata/npm.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/npm", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/nuget.json.golden b/integration/testdata/nuget.json.golden index 5a38c64b0a4b..7f5eb95503dd 100644 --- a/integration/testdata/nuget.json.golden +++ b/integration/testdata/nuget.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/nuget", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/opensuse-leap-151.json.golden b/integration/testdata/opensuse-leap-151.json.golden index bf314ed0e8e4..70e4c9f700c7 100644 --- a/integration/testdata/opensuse-leap-151.json.golden +++ b/integration/testdata/opensuse-leap-151.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/opensuse-leap-151.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/oraclelinux-8.json.golden b/integration/testdata/oraclelinux-8.json.golden index 1755255d7760..f280f58ec20f 100644 --- a/integration/testdata/oraclelinux-8.json.golden +++ b/integration/testdata/oraclelinux-8.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/oraclelinux-8.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/photon-30.json.golden b/integration/testdata/photon-30.json.golden index b61b30e27dd2..e3919d189a52 100644 --- a/integration/testdata/photon-30.json.golden +++ b/integration/testdata/photon-30.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/photon-30.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/pip.json.golden b/integration/testdata/pip.json.golden index 01eaa3f295e1..0c69d66da2a4 100644 --- a/integration/testdata/pip.json.golden +++ b/integration/testdata/pip.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/pip", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/pipenv.json.golden b/integration/testdata/pipenv.json.golden index 663a4f247444..be56a0c3ea2f 100644 --- a/integration/testdata/pipenv.json.golden +++ b/integration/testdata/pipenv.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/pipenv", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/pnpm.json.golden b/integration/testdata/pnpm.json.golden index 5f79165b34d0..9a14d801262f 100644 --- a/integration/testdata/pnpm.json.golden +++ b/integration/testdata/pnpm.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/pnpm", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/poetry.json.golden b/integration/testdata/poetry.json.golden index 00a7c902e4a7..0e9389d65eea 100644 --- a/integration/testdata/poetry.json.golden +++ b/integration/testdata/poetry.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/poetry", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/pom-cyclonedx.json.golden b/integration/testdata/pom-cyclonedx.json.golden index 3e87c28beedd..b5e7f17e14f3 100644 --- a/integration/testdata/pom-cyclonedx.json.golden +++ b/integration/testdata/pom-cyclonedx.json.golden @@ -5,7 +5,7 @@ "serialNumber": "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001", "version": 1, "metadata": { - "timestamp": "2020-09-10T14:20:30+00:00", + "timestamp": "2021-08-25T12:20:30+00:00", "tools": [ { "vendor": "aquasecurity", @@ -103,35 +103,35 @@ ], "vulnerabilities": [ { - "id": "CVE-2020-9548", + "id": "CVE-2021-20190", "source": { - "name": "ghsa", - "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" + "name": "glad", + "url": "https://gitlab.com/gitlab-org/advisories-community" }, "ratings": [ { "source": { "name": "ghsa" }, - "severity": "critical" + "severity": "high" }, { "source": { "name": "nvd" }, - "score": 6.8, - "severity": "medium", + "score": 8.3, + "severity": "high", "method": "CVSSv2", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P" + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C" }, { "source": { "name": "nvd" }, - "score": 9.8, - "severity": "critical", + "score": 8.1, + "severity": "high", "method": "CVSSv31", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "source": { @@ -146,72 +146,42 @@ "cwes": [ 502 ], - "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", - "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.4", + "description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.7", "advisories": [ { - "url": "https://avd.aquasec.com/nvd/cve-2020-9548" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2020-9548" - }, - { - "url": "https://github.com/FasterXML/jackson-databind/issues/2634" - }, - { - "url": "https://github.com/advisories/GHSA-p43x-xfjf-5jhr" - }, - { - "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E" - }, - { - "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E" - }, - { - "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E" - }, - { - "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E" - }, - { - "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E" - }, - { - "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E" - }, - { - "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E" + "url": "https://avd.aquasec.com/nvd/cve-2021-20190" }, { - "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" + "url": "https://access.redhat.com/security/cve/CVE-2021-20190" }, { - "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html" + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" }, { - "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + "url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a" }, { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" + "url": "https://github.com/FasterXML/jackson-databind/issues/2854" }, { - "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" + "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w" }, { - "url": "https://www.oracle.com/security-alerts/cpujan2021.html" + "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E" }, { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { - "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190" }, { - "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" + "url": "https://security.netapp.com/advisory/ntap-20210219-0008/" } ], - "published": "2020-03-02T04:15:00+00:00", - "updated": "2021-12-02T21:23:00+00:00", + "published": "2021-01-19T17:15:00+00:00", + "updated": "2021-07-20T23:15:00+00:00", "affects": [ { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1", @@ -225,35 +195,35 @@ ] }, { - "id": "CVE-2021-20190", + "id": "CVE-2020-9548", "source": { - "name": "glad", - "url": "https://gitlab.com/gitlab-org/advisories-community" + "name": "ghsa", + "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" }, "ratings": [ { "source": { "name": "ghsa" }, - "severity": "high" + "severity": "critical" }, { "source": { "name": "nvd" }, - "score": 8.3, - "severity": "high", + "score": 6.8, + "severity": "medium", "method": "CVSSv2", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C" + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "source": { "name": "nvd" }, - "score": 8.1, - "severity": "high", + "score": 9.8, + "severity": "critical", "method": "CVSSv31", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "source": { @@ -268,42 +238,72 @@ "cwes": [ 502 ], - "description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", - "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.7", + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.4", "advisories": [ { - "url": "https://avd.aquasec.com/nvd/cve-2021-20190" + "url": "https://avd.aquasec.com/nvd/cve-2020-9548" }, { - "url": "https://access.redhat.com/security/cve/CVE-2021-20190" + "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" + "url": "https://github.com/FasterXML/jackson-databind/issues/2634" }, { - "url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a" + "url": "https://github.com/advisories/GHSA-p43x-xfjf-5jhr" }, { - "url": "https://github.com/FasterXML/jackson-databind/issues/2854" + "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E" }, { - "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w" + "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E" }, { - "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E" }, { - "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" + "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E" }, { - "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190" + "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E" }, { - "url": "https://security.netapp.com/advisory/ntap-20210219-0008/" + "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E" + }, + { + "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html" + }, + { + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + }, + { + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2021.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], - "published": "2021-01-19T17:15:00+00:00", - "updated": "2021-07-20T23:15:00+00:00", + "published": "2020-03-02T04:15:00+00:00", + "updated": "2021-12-02T21:23:00+00:00", "affects": [ { "ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1", diff --git a/integration/testdata/pom.json.golden b/integration/testdata/pom.json.golden index a3bfe78d3d5b..b15579088f5d 100644 --- a/integration/testdata/pom.json.golden +++ b/integration/testdata/pom.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/pom", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/pubspec.lock.json.golden b/integration/testdata/pubspec.lock.json.golden index 05ff31de633b..b67718d741a4 100644 --- a/integration/testdata/pubspec.lock.json.golden +++ b/integration/testdata/pubspec.lock.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/pubspec", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/rockylinux-8.json.golden b/integration/testdata/rockylinux-8.json.golden index fbd6e64c3d8a..5fc4816d0387 100644 --- a/integration/testdata/rockylinux-8.json.golden +++ b/integration/testdata/rockylinux-8.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/rockylinux-8.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/secrets.asff.golden b/integration/testdata/secrets.asff.golden index 88e9896e6539..818ad20f8237 100644 --- a/integration/testdata/secrets.asff.golden +++ b/integration/testdata/secrets.asff.golden @@ -6,8 +6,8 @@ "GeneratorId": "Trivy", "AwsAccountId": "123456789012", "Types": [ "Sensitive Data Identifications" ], - "CreatedAt": "2020-08-10T07:28:17.000958601Z", - "UpdatedAt": "2020-08-10T07:28:17.000958601Z", + "CreatedAt": "2021-08-25T12:20:30.000000005Z", + "UpdatedAt": "2021-08-25T12:20:30.000000005Z", "Severity": { "Label": "CRITICAL" }, @@ -35,8 +35,8 @@ "GeneratorId": "Trivy", "AwsAccountId": "123456789012", "Types": [ "Sensitive Data Identifications" ], - "CreatedAt": "2020-08-10T07:28:17.000958601Z", - "UpdatedAt": "2020-08-10T07:28:17.000958601Z", + "CreatedAt": "2021-08-25T12:20:30.000000005Z", + "UpdatedAt": "2021-08-25T12:20:30.000000005Z", "Severity": { "Label": "CRITICAL" }, diff --git a/integration/testdata/secrets.json.golden b/integration/testdata/secrets.json.golden index 10f7d03bcb2d..4da66ddf2f13 100644 --- a/integration/testdata/secrets.json.golden +++ b/integration/testdata/secrets.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/secrets", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/spring4shell-jre11.json.golden b/integration/testdata/spring4shell-jre11.json.golden index a119d3c5b861..794725cf657e 100644 --- a/integration/testdata/spring4shell-jre11.json.golden +++ b/integration/testdata/spring4shell-jre11.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/spring4shell-jre11.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/spring4shell-jre8.json.golden b/integration/testdata/spring4shell-jre8.json.golden index c7c58e529ebb..90927327dc99 100644 --- a/integration/testdata/spring4shell-jre8.json.golden +++ b/integration/testdata/spring4shell-jre8.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/spring4shell-jre8.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/swift.json.golden b/integration/testdata/swift.json.golden index ba7fe8ab567c..ab0b4ab44a7b 100644 --- a/integration/testdata/swift.json.golden +++ b/integration/testdata/swift.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/swift", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/test-repo.json.golden b/integration/testdata/test-repo.json.golden index edb23d019f3b..4fb33be4a35e 100644 --- a/integration/testdata/test-repo.json.golden +++ b/integration/testdata/test-repo.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "https://github.com/knqyf263/trivy-ci-test", "ArtifactType": "repository", "Metadata": { diff --git a/integration/testdata/ubi-7.json.golden b/integration/testdata/ubi-7.json.golden index bee1bc2156fd..bfad8f153e59 100644 --- a/integration/testdata/ubi-7.json.golden +++ b/integration/testdata/ubi-7.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/ubi-7.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden index 5428c8bb180d..1674c96f7d5b 100644 --- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden +++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index 7f4b38fe2726..312a3e19cb62 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/images/ubuntu-1804.tar.gz", "ArtifactType": "container_image", "Metadata": { diff --git a/integration/testdata/ubuntu-gp2-x86-vm.json.golden b/integration/testdata/ubuntu-gp2-x86-vm.json.golden index a558c8968360..e027cdd00bc9 100644 --- a/integration/testdata/ubuntu-gp2-x86-vm.json.golden +++ b/integration/testdata/ubuntu-gp2-x86-vm.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "disk.img", "ArtifactType": "vm", "Metadata": { diff --git a/integration/testdata/yarn.json.golden b/integration/testdata/yarn.json.golden index 0c8c7f2c44c1..816c3221c1bb 100644 --- a/integration/testdata/yarn.json.golden +++ b/integration/testdata/yarn.json.golden @@ -1,5 +1,6 @@ { "SchemaVersion": 2, + "CreatedAt": 1629894030, "ArtifactName": "testdata/fixtures/repo/yarn", "ArtifactType": "repository", "Metadata": { diff --git a/magefiles/magefile.go b/magefiles/magefile.go index 424c447ac945..7869eb1c5abd 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -266,6 +266,12 @@ func (t Test) Module() error { return sh.RunWithV(ENV, "go", "test", "-v", "-tags=module_integration", "./integration/...") } +// UpdateModuleGolden updates golden files for Wasm integration tests +func (t Test) UpdateModuleGolden() error { + mg.Deps(t.FixtureContainerImages, t.GenerateExampleModules) + return sh.RunWithV(ENV, "go", "test", "-v", "-tags=module_integration", "./integration/...", "-update") +} + // VM runs VM integration tests func (t Test) VM() error { mg.Deps(t.FixtureVMImages) @@ -273,7 +279,8 @@ func (t Test) VM() error { } // UpdateVMGolden updates golden files for integration tests -func (Test) UpdateVMGolden() error { +func (t Test) UpdateVMGolden() error { + mg.Deps(t.FixtureVMImages) return sh.RunWithV(ENV, "go", "test", "-v", "-tags=vm_integration", "./integration/...", "-update") } diff --git a/pkg/scanner/scan.go b/pkg/scanner/scan.go index 931b5b0ea035..1981f4828e64 100644 --- a/pkg/scanner/scan.go +++ b/pkg/scanner/scan.go @@ -6,6 +6,7 @@ import ( "github.com/google/wire" "golang.org/x/xerrors" + "github.com/aquasecurity/trivy/pkg/clock" "github.com/aquasecurity/trivy/pkg/fanal/artifact" aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image" flocal "github.com/aquasecurity/trivy/pkg/fanal/artifact/local" @@ -172,6 +173,7 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (t return types.Report{ SchemaVersion: report.SchemaVersion, + CreatedAt: clock.Now().Unix(), ArtifactName: artifactInfo.Name, ArtifactType: artifactInfo.Type, Metadata: types.Metadata{ diff --git a/pkg/scanner/scan_test.go b/pkg/scanner/scan_test.go index e32edc985590..808596f745ba 100644 --- a/pkg/scanner/scan_test.go +++ b/pkg/scanner/scan_test.go @@ -4,10 +4,12 @@ import ( "context" "errors" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/clock" "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" @@ -17,6 +19,7 @@ func TestScanner_ScanArtifact(t *testing.T) { type args struct { options types.ScanOptions } + clock.SetFakeTime(t, time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC)) tests := []struct { name string args args @@ -96,6 +99,7 @@ func TestScanner_ScanArtifact(t *testing.T) { }, want: types.Report{ SchemaVersion: 2, + CreatedAt: 1629894030, ArtifactName: "alpine:3.11", ArtifactType: ftypes.ArtifactContainerImage, Metadata: types.Metadata{ diff --git a/pkg/types/report.go b/pkg/types/report.go index a085ee454519..edead1568ca1 100644 --- a/pkg/types/report.go +++ b/pkg/types/report.go @@ -11,6 +11,7 @@ import ( // Report represents a scan result type Report struct { SchemaVersion int `json:",omitempty"` + CreatedAt int64 `json:",omitempty"` ArtifactName string `json:",omitempty"` ArtifactType ftypes.ArtifactType `json:",omitempty"` Metadata Metadata `json:",omitempty"`
alpine