From d7eaa849fdb98d3916e3002a0944a026a0ec4dea Mon Sep 17 00:00:00 2001 From: Eli Schleifer Date: Thu, 14 May 2026 18:29:54 +0000 Subject: [PATCH] --- linters/trivy/README.md | 2 +- linters/trivy/plugin.yaml | 4 +- .../test_data/trivy_v0.70.0_config.check.shot | 65 +++++++ .../trivy_v0.70.0_fs-secret.check.shot | 175 ++++++++++++++++++ .../trivy_v0.70.0_fs-vuln.check.shot | 56 ++++++ 5 files changed, 299 insertions(+), 3 deletions(-) create mode 100644 linters/trivy/test_data/trivy_v0.70.0_config.check.shot create mode 100644 linters/trivy/test_data/trivy_v0.70.0_fs-secret.check.shot create mode 100644 linters/trivy/test_data/trivy_v0.70.0_fs-vuln.check.shot diff --git a/linters/trivy/README.md b/linters/trivy/README.md index 7b084dac4..a5f5d43e7 100644 --- a/linters/trivy/README.md +++ b/linters/trivy/README.md @@ -20,6 +20,6 @@ To enable/disable these, add the subcommands you want enabled in your trunk.yaml ```yaml lint: enabled: - - trivy@0.45.1: + - trivy@0.70.0: commands: [config, fs-vuln] ``` diff --git a/linters/trivy/plugin.yaml b/linters/trivy/plugin.yaml index e99eaf669..e100f1e9e 100644 --- a/linters/trivy/plugin.yaml +++ b/linters/trivy/plugin.yaml @@ -22,14 +22,14 @@ tools: - name: trivy download: trivy shims: [trivy] - known_good_version: 0.69.2 + known_good_version: 0.70.0 lint: definitions: - name: trivy tools: [trivy] suggest_if: config_present description: A comprehensive and versatile security scanner - known_good_version: 0.69.2 + known_good_version: 0.70.0 # trivy supports --format template --template "@contrib/sarif.tpl", but it reports the wrong filepaths. commands: - name: fs-vuln diff --git a/linters/trivy/test_data/trivy_v0.70.0_config.check.shot b/linters/trivy/test_data/trivy_v0.70.0_config.check.shot new file mode 100644 index 000000000..bcf500d03 --- /dev/null +++ b/linters/trivy/test_data/trivy_v0.70.0_config.check.shot @@ -0,0 +1,65 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Testing linter trivy test config 1`] = ` +{ + "issues": [], + "lintActions": [ + { + "command": "config", + "fileGroupName": "yaml", + "linter": "trivy", + "paths": [ + ".trunk/trunk.yaml", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "config", + "fileGroupName": "yaml", + "linter": "trivy", + "paths": [ + "plugin.yaml", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "config", + "fileGroupName": "terraform", + "linter": "trivy", + "paths": [ + "test_data/aws.tf", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "config", + "fileGroupName": "docker", + "linter": "trivy", + "paths": [ + "test_data/basic.Dockerfile", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "config", + "fileGroupName": "yaml", + "linter": "trivy", + "paths": [ + "test_data/basic.yaml", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "config", + "fileGroupName": "terraform", + "linter": "trivy", + "paths": [ + "test_data/main.tf", + ], + "verb": "TRUNK_VERB_CHECK", + }, + ], + "taskFailures": [], + "unformattedFiles": [], +} +`; diff --git a/linters/trivy/test_data/trivy_v0.70.0_fs-secret.check.shot b/linters/trivy/test_data/trivy_v0.70.0_fs-secret.check.shot new file mode 100644 index 000000000..e331e24e8 --- /dev/null +++ b/linters/trivy/test_data/trivy_v0.70.0_fs-secret.check.shot @@ -0,0 +1,175 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Testing linter trivy test fs-secret 1`] = ` +{ + "issues": [ + { + "code": "private-key", + "file": "other_data/secrets.py", + "isSecurity": true, + "level": "LEVEL_HIGH", + "line": "12", + "linter": "trivy", + "message": "Asymmetric Private Key", + "targetType": "ALL", + }, + ], + "lintActions": [ + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + ".trunk/trunk.yaml", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "other_data/secrets.py", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "plugin.yaml", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "result.json", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/Gemfile.lock", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/aws.tf", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/basic.Dockerfile", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/basic.yaml", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/go.mod", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/main.tf", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/nested/requirements.txt", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/no_errors/requirements.txt", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "test_data/requirements.txt", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "trivy.test.ts", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "trivy_config_to_sarif.py", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "trivy_fs_secret_to_sarif.py", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-secret", + "fileGroupName": "ALL", + "linter": "trivy", + "paths": [ + "trivy_fs_vuln_to_sarif.py", + ], + "verb": "TRUNK_VERB_CHECK", + }, + ], + "taskFailures": [], + "unformattedFiles": [], +} +`; diff --git a/linters/trivy/test_data/trivy_v0.70.0_fs-vuln.check.shot b/linters/trivy/test_data/trivy_v0.70.0_fs-vuln.check.shot new file mode 100644 index 000000000..1d5a59177 --- /dev/null +++ b/linters/trivy/test_data/trivy_v0.70.0_fs-vuln.check.shot @@ -0,0 +1,56 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Testing linter trivy test fs-vuln 1`] = ` +{ + "issues": [], + "lintActions": [ + { + "command": "fs-vuln", + "fileGroupName": "lockfile", + "linter": "trivy", + "paths": [ + "test_data/Gemfile.lock", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-vuln", + "fileGroupName": "lockfile", + "linter": "trivy", + "paths": [ + "test_data/go.mod", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-vuln", + "fileGroupName": "lockfile", + "linter": "trivy", + "paths": [ + "test_data/nested/requirements.txt", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-vuln", + "fileGroupName": "lockfile", + "linter": "trivy", + "paths": [ + "test_data/no_errors/requirements.txt", + ], + "verb": "TRUNK_VERB_CHECK", + }, + { + "command": "fs-vuln", + "fileGroupName": "lockfile", + "linter": "trivy", + "paths": [ + "test_data/requirements.txt", + ], + "verb": "TRUNK_VERB_CHECK", + }, + ], + "taskFailures": [], + "unformattedFiles": [], +} +`;