Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Trivy support #1343

Open
2 tasks done
nscuro opened this issue Jun 18, 2024 · 0 comments
Open
2 tasks done

Implement Trivy support #1343

nscuro opened this issue Jun 18, 2024 · 0 comments
Assignees
@sahibamittal
Labels
domain/vuln-analysis enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/L High effort v4-port PRs that were ported from the Dependency-Track v4.x code base
Milestone
0.7.0

Comments

@nscuro
Copy link
Member

nscuro commented Jun 18, 2024

Current Behavior

Trivy support was added in Dependency-Track v4.11:

Proposed Behavior

Implement Trivy support in Hyades.

Some notes:

  • Trivy needs access to component properties, so vuln_analysis.proto will need to be updated
  • Trivy's vulnerability detection for OS packages relies on a specific component in the project of type OPERATING_SYSTEM. In Hyades, components are analyzed one-by-one, so that context is currently not available. Will need to figure out how to solve this.

Checklist
@nscuro nscuro added enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk domain/vuln-analysis size/L High effort v4-port PRs that were ported from the Dependency-Track v4.x code base labels Jun 18, 2024
@nscuro nscuro added this to the 0.5.0 milestone Jun 18, 2024
@nscuro nscuro mentioned this issue Jun 18, 2024
Closed
2 tasks
@sahibamittal sahibamittal self-assigned this Jun 27, 2024
This was referenced Jul 2, 2024
Open
Open
@nscuro nscuro modified the milestones: 0.5.0, 0.6.0 Jul 18, 2024
@nscuro nscuro modified the milestones: 0.6.0, 0.7.0 Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sahibamittal sahibamittal

Labels
domain/vuln-analysis enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/L High effort v4-port PRs that were ported from the Dependency-Track v4.x code base
Projects
None yet
Milestone
0.7.0
Development

No branches or pull requests
2 participants
@nscuro @sahibamittal