From 053fe7195f077d41467a61f1329915d7f11ce93b Mon Sep 17 00:00:00 2001 From: John B <128255094+Biehlj@users.noreply.github.com> Date: Fri, 1 Dec 2023 21:06:51 +0000 Subject: [PATCH 1/2] Fixed broken links associated with Issue #4947 --- docs/community/contribute/discussion.md | 3 ++- docs/docs/advanced/air-gap.md | 2 +- docs/docs/advanced/modules.md | 2 +- docs/docs/scanner/misconfiguration/custom/index.md | 2 +- docs/docs/scanner/misconfiguration/custom/schema.md | 2 +- docs/docs/scanner/misconfiguration/policy/exceptions.md | 4 ++-- docs/docs/supply-chain/attestation/sbom.md | 2 +- docs/docs/supply-chain/attestation/vuln.md | 2 +- docs/ecosystem/ide.md | 2 +- docs/tutorials/additional-resources/community.md | 3 ++- 10 files changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/community/contribute/discussion.md b/docs/community/contribute/discussion.md index bfcf2355dc55..d30411c1ed8e 100644 --- a/docs/community/contribute/discussion.md +++ b/docs/community/contribute/discussion.md @@ -24,7 +24,7 @@ There are 4 categories: If you find any false positives or false negatives, please make sure to report them under the "False Detection" category, not "Bugs". ## False detection -Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/data-source/). +Trivy depends on [multiple data sources](https://aquasecurity.github.io/trivy/latest/docs/scanner/vulnerability/#data-sources). Sometime these databases contain mistakes. If Trivy can't detect any CVE-IDs or shows false positive result, at first please follow the next steps: @@ -42,6 +42,7 @@ If you find a problem, it'll be nice to fix it: [How to contribute to a GitHub s ### GitLab Advisory Database Visit [here](https://advisories.gitlab.com/) and search CVE-ID. + If you find a problem, it'll be nice to fix it: [Create an issue to GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/new) ### Red Hat CVE Database diff --git a/docs/docs/advanced/air-gap.md b/docs/docs/advanced/air-gap.md index 8793defbb5c5..1f99722339a7 100644 --- a/docs/docs/advanced/air-gap.md +++ b/docs/docs/advanced/air-gap.md @@ -137,6 +137,6 @@ $ trivy conf --skip-policy-update /path/to/conf ``` [allowlist]: ../references/troubleshooting.md -[oras]: https://oras.land/cli/ +[oras]: https://oras.land/docs/installation/ [^1]: This is only required to scan `jar` files. More information about `Java index db` [here](../coverage/language/java.md) diff --git a/docs/docs/advanced/modules.md b/docs/docs/advanced/modules.md index 71a56a0cdc32..fe9ee2867158 100644 --- a/docs/docs/advanced/modules.md +++ b/docs/docs/advanced/modules.md @@ -355,4 +355,4 @@ Digest: sha256:6416d0199d66ce52ced19f01d75454b22692ff3aa7737e45f7a189880840424f [trivy-module-wordpress]: https://github.com/aquasecurity/trivy-module-wordpress [tinygo-installation]: https://tinygo.org/getting-started/install/ -[oras]: https://oras.land/cli/ \ No newline at end of file +[oras]: https://oras.land/docs/installation/ \ No newline at end of file diff --git a/docs/docs/scanner/misconfiguration/custom/index.md b/docs/docs/scanner/misconfiguration/custom/index.md index ef34d0f20414..bab559de49c8 100644 --- a/docs/docs/scanner/misconfiguration/custom/index.md +++ b/docs/docs/scanner/misconfiguration/custom/index.md @@ -103,7 +103,7 @@ Any package prefixes such as `main` and `user` are allowed. ### Metadata Metadata helps enrich Trivy's scan results with useful information. -The annotation format is described in the [OPA documentation](https://www.openpolicyagent.org/docs/latest/annotations/). +The annotation format is described in the [OPA documentation](https://www.openpolicyagent.org/docs/latest/policy-language/#annotations). Trivy supports extra fields in the `custom` section as described below. diff --git a/docs/docs/scanner/misconfiguration/custom/schema.md b/docs/docs/scanner/misconfiguration/custom/schema.md index 8791d1a22752..17c4859cbfaf 100644 --- a/docs/docs/scanner/misconfiguration/custom/schema.md +++ b/docs/docs/scanner/misconfiguration/custom/schema.md @@ -89,4 +89,4 @@ To use such a policy with Trivy, use the `--config-policy` flag that points to t $ trivy --config-policy=/Users/user/my-custom-policies ``` -For more details on how to define schemas within Rego policies, please see the [OPA guide](https://www.openpolicyagent.org/docs/latest/schemas/#schema-annotations) that describes it in more detail. \ No newline at end of file +For more details on how to define schemas within Rego policies, please see the [OPA guide](https://www.openpolicyagent.org/docs/latest/policy-language/#schema-annotations) that describes it in more detail. \ No newline at end of file diff --git a/docs/docs/scanner/misconfiguration/policy/exceptions.md b/docs/docs/scanner/misconfiguration/policy/exceptions.md index 9d0e109fcdd5..b3eb1385b294 100644 --- a/docs/docs/scanner/misconfiguration/policy/exceptions.md +++ b/docs/docs/scanner/misconfiguration/policy/exceptions.md @@ -92,7 +92,7 @@ You can get the package names in the [trivy-policies repository][trivy-policies] For more details, see [an example][rule-example]. -[ns-example]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/namespace-exception -[rule-example]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/rule-exception +[ns-example]:https://github.com/aquasecurity/trivy/tree/main/integration/testdata/fixtures/repo/namespace-exception +[rule-example]:https://github.com/aquasecurity/trivy/tree/main/integration/testdata/fixtures/repo/rule-exception [ksv012]: https://github.com/aquasecurity/trivy-policies/blob/main/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego [trivy-policies]: https://github.com/aquasecurity/trivy-policies/ \ No newline at end of file diff --git a/docs/docs/supply-chain/attestation/sbom.md b/docs/docs/supply-chain/attestation/sbom.md index 5d2667d0e100..37b1a7bc22e2 100644 --- a/docs/docs/supply-chain/attestation/sbom.md +++ b/docs/docs/supply-chain/attestation/sbom.md @@ -9,7 +9,7 @@ And, Trivy can take an SBOM attestation as input and scan for vulnerabilities ## Sign with a local key pair -Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/cosign/key-generation). +Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/key_management/signing_with_self-managed_keys/). ```bash $ cosign generate-key-pair diff --git a/docs/docs/supply-chain/attestation/vuln.md b/docs/docs/supply-chain/attestation/vuln.md index c17164f0f30b..1698428df410 100644 --- a/docs/docs/supply-chain/attestation/vuln.md +++ b/docs/docs/supply-chain/attestation/vuln.md @@ -154,7 +154,7 @@ $ trivy image --format cosign-vuln --output vuln.json alpine:3.10 ### Sign with a local key pair -Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/cosign/key-generation). +Cosign can generate key pairs and use them for signing and verification. After you run the following command, you will get a public and private key pair. Read more about [how to generate key pairs](https://docs.sigstore.dev/key_management/signing_with_self-managed_keys/). ```bash $ cosign generate-key-pair diff --git a/docs/ecosystem/ide.md b/docs/ecosystem/ide.md index e179eb7883cd..336813eee77a 100644 --- a/docs/ecosystem/ide.md +++ b/docs/ecosystem/ide.md @@ -36,7 +36,7 @@ Trivy Docker Desktop extension for scanning container images for vulnerabilities ## Rancher Desktop (Community) [Rancher Desktop](https://rancherdesktop.io/) is an easy way to use containers and Kubernetes on your development machine, and manage it in a GUI. -Trivy is natively integrated with Rancher, no installation is needed. More info in Rancher documentation: +Trivy is natively integrated with Rancher, no installation is needed. More info in Rancher documentation: ## LazyTrivy (Community) A terminal native UI for Trivy diff --git a/docs/tutorials/additional-resources/community.md b/docs/tutorials/additional-resources/community.md index c1ab7241e4e5..6a31e8540112 100644 --- a/docs/tutorials/additional-resources/community.md +++ b/docs/tutorials/additional-resources/community.md @@ -30,9 +30,10 @@ Below is a list of additional resources from the community. - [the vulnerability remediation lifecycle of Alpine containers](https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/) - [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy](https://boxboat.com/2020/04/24/image-scanning-tech-compared/) -- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy](https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/) + ### Evaluations - [Istio evaluating to use Trivy](https://github.com/istio/release-builder/pull/687#issuecomment-874938417) - [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888) + From a92b09791689d8f5a068a85ddd0e7a70598d5962 Mon Sep 17 00:00:00 2001 From: John B <128255094+Biehlj@users.noreply.github.com> Date: Mon, 4 Dec 2023 20:46:58 +0000 Subject: [PATCH 2/2] Updated based on comments. --- docs/docs/scanner/misconfiguration/policy/exceptions.md | 4 ++-- docs/tutorials/additional-resources/community.md | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/docs/scanner/misconfiguration/policy/exceptions.md b/docs/docs/scanner/misconfiguration/policy/exceptions.md index b3eb1385b294..ea254241b25c 100644 --- a/docs/docs/scanner/misconfiguration/policy/exceptions.md +++ b/docs/docs/scanner/misconfiguration/policy/exceptions.md @@ -92,7 +92,7 @@ You can get the package names in the [trivy-policies repository][trivy-policies] For more details, see [an example][rule-example]. -[ns-example]:https://github.com/aquasecurity/trivy/tree/main/integration/testdata/fixtures/repo/namespace-exception -[rule-example]:https://github.com/aquasecurity/trivy/tree/main/integration/testdata/fixtures/repo/rule-exception +[ns-example]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/integration/testdata/fixtures/repo/namespace-exception +[rule-example]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/integration/testdata/fixtures/repo/rule-exception [ksv012]: https://github.com/aquasecurity/trivy-policies/blob/main/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego [trivy-policies]: https://github.com/aquasecurity/trivy-policies/ \ No newline at end of file diff --git a/docs/tutorials/additional-resources/community.md b/docs/tutorials/additional-resources/community.md index 6a31e8540112..5fc9ec3338d7 100644 --- a/docs/tutorials/additional-resources/community.md +++ b/docs/tutorials/additional-resources/community.md @@ -30,7 +30,6 @@ Below is a list of additional resources from the community. - [the vulnerability remediation lifecycle of Alpine containers](https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/) - [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy](https://boxboat.com/2020/04/24/image-scanning-tech-compared/) - ### Evaluations