trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 3 weeks ago verified publisher icon aquasecurity

feat(redhat): Add support for Scientific Linux 7

Open jcpunk opened this issue 3 years ago • 6 comments

Description

This adds support for running against Scientific Linux 7 (another RHEL rebuild popular in scientific communities).

Checklist

  • [x] I've read the guidelines for contributing to this repository.
  • [x] I've followed the conventions in the PR title.
  • [ ] I've added tests that prove my fix is effective or that my feature works.
  • [ ] I've updated the documentation with the relevant information (if needed).
  • [ ] I've added usage information (if the PR introduces new options)
  • [ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).

jcpunk avatar Nov 16 '22 19:11 jcpunk

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Nov 16 '22 19:11 CLAassistant

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Nov 16 '22 19:11 CLAassistant

Odds are I'll need some help...

jcpunk avatar Nov 16 '22 19:11 jcpunk

Oops, Scientific linux uses a totally different repo set. How might i define it?

On Sun, Nov 20, 2022, 7:20 AM Teppei Fukuda @.***> wrote:

@.**** commented on this pull request.

In pkg/fanal/analyzer/os/redhatbase/sl.go https://github.com/aquasecurity/trivy/pull/3188#discussion_r1027280115:

+type slOSAnalyzer struct{} + +func (a slOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {

  • scanner := bufio.NewScanner(input.Content)
  • for scanner.Scan() {
  • line := scanner.Text()

  • result := redhatRe.FindStringSubmatch(strings.TrimSpace(line))

  • if len(result) != 3 {

  • 	return nil, xerrors.New("sl: invalid sl-release")

  • }

  • switch strings.ToLower(result[1]) {

  • case "sl", "scientific", "scientific linux":

  • 	return &analyzer.AnalysisResult{

  • 		OS: &types.OS{Family: aos.Alma, Name: result[2]},

Does Scientific Linux use Alma repositories? Normally we need to use different advisories for different distributions.

— Reply to this email directly, view it on GitHub https://github.com/aquasecurity/trivy/pull/3188#pullrequestreview-1187257628, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA2673S7IQARBCASKHDA4VTWJIJQXANCNFSM6AAAAAASCTINGQ . You are receiving this because you authored the thread.Message ID: @.***>

jcpunk avatar Nov 20 '22 21:11 jcpunk

At first, security advisories for Scientific Linux should be fetched in vuln-list-update. https://aquasecurity.github.io/trivy/v0.34/community/contribute/pr/#understand-where-your-pull-request-belongs

knqyf263 avatar Nov 21 '22 08:11 knqyf263

This PR is stale because it has been labeled with inactivity.

github-actions[bot] avatar Jan 21 '23 00:01 github-actions[bot]

This is on my backlog, but it may be a bit....

jcpunk avatar Jan 25 '23 18:01 jcpunk

This PR is stale because it has been labeled with inactivity.

github-actions[bot] avatar Apr 17 '23 00:04 github-actions[bot]

Please let me close this PR since it is not active now. We can be back once it gets ready.

knqyf263 avatar May 08 '23 14:05 knqyf263