From 2a07b1707a55dfa4d786ab9f52a6f43d36ceb0f4 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Sat, 2 Nov 2024 16:16:04 +0600 Subject: [PATCH 1/9] chore(deps): use fork of trivy-db --- go.mod | 2 ++ go.sum | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index f4a034a8063a..e8c4907ad54e 100644 --- a/go.mod +++ b/go.mod @@ -423,3 +423,5 @@ require ( sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) + +replace github.com/aquasecurity/trivy-db => github.com/bpfoster/trivy-db v0.0.0-20241102100020-ed3cdbf030cb diff --git a/go.sum b/go.sum index 5eadfbf83818..1732fe4c71fc 100644 --- a/go.sum +++ b/go.sum @@ -351,8 +351,6 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= github.com/aquasecurity/trivy-checks v1.2.2 h1:EVHi0gthYzDLfqdAqBBwVGfg2l/gdZ622pIlC9rP+lU= github.com/aquasecurity/trivy-checks v1.2.2/go.mod h1:TNV0QNVFyBIkt865eO2PtfpubmHt3Ve19Klny//SWIU= -github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1 h1:G0gnacAORRUqz2Tm5MqivSpldY2GZ74ijhJcMsae+sA= -github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1/go.mod h1:PYkSRx4dlgFATEt+okGwibvbxVEtqsOdH+vX/saACYE= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4 h1:i0Z0JS4xtMAcBVOpYSciS7slmIBi1SmjT6garbrJtcA= @@ -420,6 +418,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/bpfoster/trivy-db v0.0.0-20241102100020-ed3cdbf030cb h1:h1WaB6D68Q72lDQUMss4sNjIuphrNTK+m9yguX3zhSg= +github.com/bpfoster/trivy-db v0.0.0-20241102100020-ed3cdbf030cb/go.mod h1:zCVvBtp/UyymPTAtJ6B52isz8AB8KkPjbyfCjWyyuDI= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= From 04011de40b00d7e7e45b9a3e4a6a96871e2ad2cb Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Sat, 2 Nov 2024 16:16:21 +0600 Subject: [PATCH 2/9] refactor: use `PackageFlavor` function from trivy-db --- pkg/detector/ospkg/oracle/oracle.go | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/pkg/detector/ospkg/oracle/oracle.go b/pkg/detector/ospkg/oracle/oracle.go index dd66c11a3cf1..3dbc8c90677f 100644 --- a/pkg/detector/ospkg/oracle/oracle.go +++ b/pkg/detector/ospkg/oracle/oracle.go @@ -2,7 +2,6 @@ package oracle import ( "context" - "strings" "time" version "github.com/knqyf263/go-rpm-version" @@ -43,16 +42,6 @@ func NewScanner() *Scanner { } } -func extractKsplice(v string) string { - subs := strings.Split(strings.ToLower(v), ".") - for _, s := range subs { - if strings.HasPrefix(s, "ksplice") { - return s - } - } - return "" -} - // Detect scans and return vulnerability in Oracle scanner func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) { osVer = osver.Major(osVer) @@ -69,10 +58,9 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository installed := utils.FormatVersion(pkg) installedVersion := version.NewVersion(installed) for _, adv := range advisories { - // when one of them doesn't have ksplice, we'll also skip it - // extract kspliceX and compare it with kspliceY in advisories - // if kspliceX and kspliceY are different, we will skip the advisory - if extractKsplice(adv.FixedVersion) != extractKsplice(pkg.Release) { + // We need to use only advisories from the same flavor as the package flavors. + // See more in https://github.com/aquasecurity/trivy/issues/1967 + if oracleoval.PackageFlavor(adv.FixedVersion) != oracleoval.PackageFlavor(pkg.Release) { continue } From a120c5fb3ba8f451c4d7ec829c20ed82fd2b8b4e Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Sat, 2 Nov 2024 16:17:30 +0600 Subject: [PATCH 3/9] test: add test for `fips` --- pkg/detector/ospkg/oracle/oracle_test.go | 36 +++++++++++++++++++ .../oracle/testdata/fixtures/oracle7.yaml | 13 +++++++ 2 files changed, 49 insertions(+) diff --git a/pkg/detector/ospkg/oracle/oracle_test.go b/pkg/detector/ospkg/oracle/oracle_test.go index 6fdc73a90e6a..834bc06d9406 100644 --- a/pkg/detector/ospkg/oracle/oracle_test.go +++ b/pkg/detector/ospkg/oracle/oracle_test.go @@ -221,6 +221,42 @@ func TestScanner_Detect(t *testing.T) { }, }, }, + { + name: "with fips", + fixtures: []string{ + "testdata/fixtures/oracle7.yaml", + "testdata/fixtures/data-source.yaml", + }, + args: args{ + osVer: "7", + pkgs: []ftypes.Package{ + { + Name: "gnutls", + Epoch: 10, + Version: "3.6.15", + Release: "4.0.1.el8_fips", + Arch: "x86_64", + SrcEpoch: 2, + SrcName: "gnutls", + SrcVersion: "3.6.15", + SrcRelease: "4.0.1.el8_fips", + }, + }, + }, + want: []types.DetectedVulnerability{ + { + VulnerabilityID: "CVE-2021-20232", + PkgName: "gnutls", + InstalledVersion: "10:3.6.15-4.0.1.el8_fips", + FixedVersion: "10:3.6.16-4.0.1.el8_fips", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.OracleOVAL, + Name: "Oracle Linux OVAL definitions", + URL: "https://linux.oracle.com/security/oval/", + }, + }, + }, + }, { name: "malformed", fixtures: []string{ diff --git a/pkg/detector/ospkg/oracle/testdata/fixtures/oracle7.yaml b/pkg/detector/ospkg/oracle/testdata/fixtures/oracle7.yaml index 47c9931d8f1c..7dce7818c32e 100644 --- a/pkg/detector/ospkg/oracle/testdata/fixtures/oracle7.yaml +++ b/pkg/detector/ospkg/oracle/testdata/fixtures/oracle7.yaml @@ -5,8 +5,21 @@ - key: CVE-2020-8177 value: FixedVersion: "7.29.0-59.0.1.el7_9.1" + Entries: + - FixedVersion: "7.29.0-59.0.1.el7_9.1" - bucket: glibc pairs: - key: CVE-2017-1000364 value: FixedVersion: "2:2.17-157.ksplice1.el7_3.4" + Entries: + - FixedVersion: "2:2.17-157.ksplice1.el7_3.4" + - bucket: gnutls + pairs: + - key: CVE-2021-20232 + value: + FixedVersion: "3.6.16-4.el8" + Entries: + - FixedVersion: "10:3.6.16-4.0.1.el8_fips" + - FixedVersion: "3.6.16-4.el8" + From 19c7a05a142b30de7077dbaf69bbb7ed968c7ea0 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Sat, 2 Nov 2024 16:59:47 +0600 Subject: [PATCH 4/9] docs: add info about flavors --- docs/docs/coverage/os/oracle.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/docs/coverage/os/oracle.md b/docs/docs/coverage/os/oracle.md index 3799918b9a31..5fc5dd5dba05 100644 --- a/docs/docs/coverage/os/oracle.md +++ b/docs/docs/coverage/os/oracle.md @@ -28,6 +28,20 @@ See [here](../../scanner/vulnerability.md#data-sources). ### Fixed Version Trivy takes fixed versions from [Oracle security advisories][alerts]. +#### Flavors +Trivy detects the flavor for version of the found package and finds vulnerabilities only for that flavor. + +| Flavor | Format | Example | +|:--------:|:------------------------------------:|--------------------------------| +| normal | version without `fips` and `ksplice` | 3.6.16-4.el8 | +| fips | `*_fips` | 10:3.6.16-4.0.1.el8_fips | +| ksplice1 | `*.ksplice1.*` | 2:2.34-60.0.3.ksplice1.el9_2.7 | +| ksplice1 | `*.ksplice2.*` | 151.0.1.ksplice2.el8 | + + +For example Trivy finds [CVE-2021-33560](https://linux.oracle.com/cve/CVE-2021-33560.html) only for the `normal` and `fips` flavors. +For the `ksplice1` or `ksplice` flavors, [CVE-2021-33560](https://linux.oracle.com/cve/CVE-2021-33560.html) will be skipped. + ### Severity Trivy determines vulnerability severity based on the severity metric provided in [Oracle security advisories][alerts]. For example, the security patch for [CVE-2023-0464][CVE-2023-0464] is provided as [ELSA-2023-2645][ELSA-2023-2645]. From 110cf58cced09f9d355e89a08f769ac1c16a3e5a Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 5 Nov 2024 11:02:07 +0600 Subject: [PATCH 5/9] chore(deps): bump trivy-db version --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e8c4907ad54e..0c19650ba3e6 100644 --- a/go.mod +++ b/go.mod @@ -424,4 +424,4 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) -replace github.com/aquasecurity/trivy-db => github.com/bpfoster/trivy-db v0.0.0-20241102100020-ed3cdbf030cb +replace github.com/aquasecurity/trivy-db => github.com/bpfoster/trivy-db v0.0.0-20241105044614-a135499d61b1 diff --git a/go.sum b/go.sum index 1732fe4c71fc..b4108bb740f8 100644 --- a/go.sum +++ b/go.sum @@ -418,8 +418,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= -github.com/bpfoster/trivy-db v0.0.0-20241102100020-ed3cdbf030cb h1:h1WaB6D68Q72lDQUMss4sNjIuphrNTK+m9yguX3zhSg= -github.com/bpfoster/trivy-db v0.0.0-20241102100020-ed3cdbf030cb/go.mod h1:zCVvBtp/UyymPTAtJ6B52isz8AB8KkPjbyfCjWyyuDI= +github.com/bpfoster/trivy-db v0.0.0-20241105044614-a135499d61b1 h1:yensoeGEksLkf7Emu2ET3g7sTflRZqBC9/KiDdtJZD4= +github.com/bpfoster/trivy-db v0.0.0-20241105044614-a135499d61b1/go.mod h1:zCVvBtp/UyymPTAtJ6B52isz8AB8KkPjbyfCjWyyuDI= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= From 733b8c31ca7844b98312249a7d697866240edaae Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Wed, 20 Nov 2024 15:07:53 +0600 Subject: [PATCH 6/9] test(integration): update fixtures/db --- integration/testdata/fixtures/db/oracle.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/integration/testdata/fixtures/db/oracle.yaml b/integration/testdata/fixtures/db/oracle.yaml index 7cc73092d651..8418edcfd6cb 100644 --- a/integration/testdata/fixtures/db/oracle.yaml +++ b/integration/testdata/fixtures/db/oracle.yaml @@ -4,7 +4,11 @@ pairs: - key: CVE-2019-3823 value: - FixedVersion: 7.61.1-11.el8 + FixedVersion: "7.61.1-11.el8" + Entries: + - FixedVersion: "7.61.1-11.el8" - key: CVE-2019-5436 value: - FixedVersion: 7.61.1-12.el8 + FixedVersion: "7.61.1-12.el8" + Entries: + - FixedVersion: "7.61.1-12.el8" From bed673664d7346d01b219ed8915d111e81abdcb9 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Wed, 20 Nov 2024 15:54:01 +0600 Subject: [PATCH 7/9] chore(deps): bump trivy-db --- go.mod | 8 +++----- go.sum | 11 ++++++----- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 0c19650ba3e6..904b7f9f34fe 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8 github.com/aquasecurity/tml v0.6.1 github.com/aquasecurity/trivy-checks v1.2.2 - github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1 + github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4 github.com/aws/aws-sdk-go-v2 v1.31.0 @@ -125,7 +125,7 @@ require ( golang.org/x/net v0.29.0 golang.org/x/sync v0.8.0 golang.org/x/term v0.25.0 - golang.org/x/text v0.18.0 + golang.org/x/text v0.19.0 golang.org/x/vuln v1.1.3 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 google.golang.org/protobuf v1.34.2 @@ -202,7 +202,7 @@ require ( github.com/containerd/ttrpc v1.2.5 // indirect github.com/containerd/typeurl/v2 v2.2.0 // indirect github.com/cpuguy83/dockercfg v0.3.1 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect github.com/cyphar/filepath-securejoin v0.3.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -423,5 +423,3 @@ require ( sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) - -replace github.com/aquasecurity/trivy-db => github.com/bpfoster/trivy-db v0.0.0-20241105044614-a135499d61b1 diff --git a/go.sum b/go.sum index b4108bb740f8..077315f2abe1 100644 --- a/go.sum +++ b/go.sum @@ -351,6 +351,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= github.com/aquasecurity/trivy-checks v1.2.2 h1:EVHi0gthYzDLfqdAqBBwVGfg2l/gdZ622pIlC9rP+lU= github.com/aquasecurity/trivy-checks v1.2.2/go.mod h1:TNV0QNVFyBIkt865eO2PtfpubmHt3Ve19Klny//SWIU= +github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45 h1:ljinbg7JTQvdnzuRsPYS6btA51SyGYWKCQInxSIwbRw= +github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45/go.mod h1:Lg2avQhFy5qeGA0eMysI/61REVvWpEltverCarGc3l0= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4 h1:i0Z0JS4xtMAcBVOpYSciS7slmIBi1SmjT6garbrJtcA= @@ -418,8 +420,6 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= -github.com/bpfoster/trivy-db v0.0.0-20241105044614-a135499d61b1 h1:yensoeGEksLkf7Emu2ET3g7sTflRZqBC9/KiDdtJZD4= -github.com/bpfoster/trivy-db v0.0.0-20241105044614-a135499d61b1/go.mod h1:zCVvBtp/UyymPTAtJ6B52isz8AB8KkPjbyfCjWyyuDI= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= @@ -508,8 +508,9 @@ github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlS github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= +github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0= github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/csaf-poc/csaf_distribution/v3 v3.0.0 h1:ob9+Fmpff0YWgTP3dYaw7G2hKQ9cegh9l3zksc+q3sM= @@ -1733,8 +1734,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 15fb9e53e53f1ae4c4be2ae6a8a26b1dccd17749 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Wed, 20 Nov 2024 15:58:25 +0600 Subject: [PATCH 8/9] docs: use 1 line in table for ksplice --- docs/docs/coverage/os/oracle.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/docs/coverage/os/oracle.md b/docs/docs/coverage/os/oracle.md index 5fc5dd5dba05..fcdf8abb9f0f 100644 --- a/docs/docs/coverage/os/oracle.md +++ b/docs/docs/coverage/os/oracle.md @@ -31,12 +31,11 @@ Trivy takes fixed versions from [Oracle security advisories][alerts]. #### Flavors Trivy detects the flavor for version of the found package and finds vulnerabilities only for that flavor. -| Flavor | Format | Example | -|:--------:|:------------------------------------:|--------------------------------| -| normal | version without `fips` and `ksplice` | 3.6.16-4.el8 | -| fips | `*_fips` | 10:3.6.16-4.0.1.el8_fips | -| ksplice1 | `*.ksplice1.*` | 2:2.34-60.0.3.ksplice1.el9_2.7 | -| ksplice1 | `*.ksplice2.*` | 151.0.1.ksplice2.el8 | +| Flavor | Format | Example | +|:-------:|:------------------------------------:|------------------------------------------------------| +| normal | version without `fips` and `ksplice` | 3.6.16-4.el8 | +| fips | `*_fips` | 10:3.6.16-4.0.1.el8_fips | +| ksplice | `*.ksplice*.*` | 2:2.34-60.0.3.ksplice1.el9_2.7, 151.0.1.ksplice2.el8 | For example Trivy finds [CVE-2021-33560](https://linux.oracle.com/cve/CVE-2021-33560.html) only for the `normal` and `fips` flavors. From ae85806b4b4d929315792e570a01a85cc1db79bf Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Wed, 20 Nov 2024 16:01:25 +0600 Subject: [PATCH 9/9] docs: fix typo --- docs/docs/coverage/os/oracle.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/coverage/os/oracle.md b/docs/docs/coverage/os/oracle.md index fcdf8abb9f0f..46ab22bc5238 100644 --- a/docs/docs/coverage/os/oracle.md +++ b/docs/docs/coverage/os/oracle.md @@ -39,7 +39,7 @@ Trivy detects the flavor for version of the found package and finds vulnerabilit For example Trivy finds [CVE-2021-33560](https://linux.oracle.com/cve/CVE-2021-33560.html) only for the `normal` and `fips` flavors. -For the `ksplice1` or `ksplice` flavors, [CVE-2021-33560](https://linux.oracle.com/cve/CVE-2021-33560.html) will be skipped. +For the `ksplice` flavor, [CVE-2021-33560](https://linux.oracle.com/cve/CVE-2021-33560.html) will be skipped. ### Severity Trivy determines vulnerability severity based on the severity metric provided in [Oracle security advisories][alerts].