aquasecurity
feat: Add support for openEuler OS.
Description
What's openEuler?
openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. openEuler is also an innovative platform that encourages everyone to propose new ideas, explore new approaches, and practice new solutions.
Learn more, please visit https://www.openeuler.org/en/
To support openEuler
Now, openEuler has 2,345,659 users, 18,072 contributors and 1,501 organization members(see https://datastat.openeuler.org/en/overview). It is necessary to support such a very mature open source operating system.
Discussion
Our discussion is here https://github.com/aquasecurity/trivy/discussions/6400
Related issues
- https://github.com/aquasecurity/trivy/discussions/6400
Related PRs
- [trivy-db ] (https://github.com/aquasecurity/trivy-db/pull/397)
- [vuln-list-update ] (https://github.com/aquasecurity/vuln-list-update/pull/284)
Remove this section if you don't have related PRs.
Self-test
I have tested the function to scan openEuler CVEs, see the following log
~# ./trivy image openeuler-22.03-lts-sp3:latest -d
2024-04-09T19:53:05.437+0800 DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-04-09T19:53:05.438+0800 DEBUG Ignore statuses {"statuses": null}
2024-04-09T19:53:05.476+0800 DEBUG cache dir: /Users/luweijun/Library/Caches/trivy
2024-04-09T19:53:05.477+0800 DEBUG DB update was skipped because the local DB is the latest
2024-04-09T19:53:05.477+0800 DEBUG DB Schema: 2, UpdatedAt: 2024-04-09 06:11:37.740307479 +0000 UTC, NextUpdate: 2024-04-09 12:11:37.740306928 +0000 UTC, DownloadedAt: 2024-04-09 06:19:11.548928 +0000 UTC
2024-04-09T19:53:05.483+0800 INFO Vulnerability scanning is enabled
2024-04-09T19:53:05.483+0800 DEBUG Vulnerability type: [os library]
2024-04-09T19:53:05.483+0800 INFO Secret scanning is enabled
2024-04-09T19:53:05.483+0800 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-04-09T19:53:05.483+0800 INFO Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-04-09T19:53:05.483+0800 DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-04-09T19:53:05.626+0800 DEBUG No secret config detected: trivy-secret.yaml
2024-04-09T19:53:05.628+0800 DEBUG The nuget packages directory couldn't be found. License search disabled
2024-04-09T19:53:05.628+0800 DEBUG No secret config detected: trivy-secret.yaml
2024-04-09T19:53:05.628+0800 DEBUG Entering Inspect...
2024-04-09T19:53:05.628+0800 DEBUG Image ID: sha256:1e1f6b42f136a4e5e2f5a8bd8c4036872da690fe4f626dc6b07617d2d08260a3
2024-04-09T19:53:05.628+0800 DEBUG Diff IDs: [sha256:7e0958b5167da951982e27ec84f3ffa84bbab380dc71ce668fe9e305673ba44e]
2024-04-09T19:53:05.628+0800 DEBUG Base Layers: []
2024-04-09T19:53:05.630+0800 DEBUG Missing image ID in cache: sha256:1e1f6b42f136a4e5e2f5a8bd8c4036872da690fe4f626dc6b07617d2d08260a3
2024-04-09T19:53:05.630+0800 DEBUG Running inspect...
2024-04-09T19:53:05.631+0800 DEBUG Missing diff ID in cache: sha256:7e0958b5167da951982e27ec84f3ffa84bbab380dc71ce668fe9e305673ba44e
2024-04-09T19:53:13.793+0800 INFO Family: openEuler, VersionID:
2024-04-09T19:53:13.827+0800 INFO Family: openEuler, VersionID: 22.03-LTS-SP3
2024-04-09T19:53:18.287+0800 INFO License acquired from METADATA classifiers may be subject to additional terms for [gpg:1.16.0]
2024-04-09T19:53:18.288+0800 INFO License acquired from METADATA classifiers may be subject to additional terms for [libcomps:0.1.19]
2024-04-09T19:53:18.380+0800 DEBUG No secrets found in container image config
2024-04-09T19:53:18.454+0800 DEBUG Finished inspect.
2024-04-09T19:53:18.457+0800 DEBUG Exited from Inspect
2024-04-09T19:53:18.464+0800 INFO Detected OS: openEuler
2024-04-09T19:53:18.466+0800 INFO Detecting openEuler vulnerabilities [HERE]...
2024-04-09T19:53:18.466+0800 DEBUG openEuler: os version: 22.03-LTS-SP3
2024-04-09T19:53:18.466+0800 DEBUG openEuler: the number of packages: 137
2024-04-09T19:53:18.477+0800 INFO Number of language-specific files: 1
2024-04-09T19:53:18.478+0800 INFO Detecting python-pkg vulnerabilities...
2024-04-09T19:53:18.478+0800 DEBUG Detecting library vulnerabilities, type: python-pkg, path:
openeuler-22.03-lts-sp3:latest (openEuler 22.03-LTS-SP3)
Total: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 4, HIGH: 3, CRITICAL: 0)
Checklist
- [x] I've read the guidelines for contributing to this repository.
- [x] I've followed the conventions in the PR title.
- [x] I've added tests that prove my fix is effective or that my feature works.
- [x] I've updated the documentation with the relevant information (if needed).
- [ ] I've added usage information (if the PR introduces new options)
- [x] I've included a "before" and "after" example to the description (if the PR is a user interface change).
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@knqyf263 Could you please run the tests first as you have time. Thank you very much!
The main errors occurred because https://github.com/aquasecurity/trivy-db/pull/397 has not been merged, which thus should be reviewed first.
@DmitriyLewen I have updated this PR as we discussed in https://github.com/aquasecurity/trivy-db/pull/397
2024-07-12T18:15:09+08:00 INFO [openEuler] Detecting openEuler vulnerabilities... os_version="20.03-LTS" pkg_num=352
2024-07-12T18:15:09+08:00 INFO Number of language-specific files num=1
2024-07-12T18:15:09+08:00 INFO [python-pkg] Detecting vulnerabilities...
2024-07-12T18:15:09+08:00 WARN This OS version is no longer supported by the distribution family="openEuler" version="20.03-LTS"
2024-07-12T18:15:09+08:00 WARN The vulnerability detection may be insufficient because security updates are not provided
@wjunLu left notes. Take a look. please.
Also use go mod edit -replace github.com/aquasecurity/trivy-db=github.com/wjunLu/trivy-db@<commit_hash> + go mod tidy ( currently https://github.com/aquasecurity/trivy-db/pull/397/commits/21eae95a765ba5ee9f151b7ff73cab2da715592d) command and push into this PR.
This is necessary to make it easier to review this PR and run CI/CD tests.
After merge #397 you will remove replace and update trivy-db version.
@wjunLu left notes. Take a look. please. Also use
go mod edit -replace github.com/aquasecurity/trivy-db=github.com/wjunLu/trivy-db@<commit_hash>+go mod tidy( currently aquasecurity/trivy-db@21eae95) command and push into this PR. This is necessary to make it easier to review this PR and run CI/CD tests. After merge #397 you will removereplaceand updatetrivy-dbversion.
As you mentioned before, I have changed code, the result looks good
Hi @DmitriyLewen @knqyf263! I'm so sad to see this PR has been closed, would you please take a final look at https://github.com/aquasecurity/trivy-db/pull/397?
I'm looking forward to your reply.
Hello @wjunLu Sorry for the delay in reviewing.
We are focused on fixing bugs, fixing 429 error in Trivy-db and other high priority tasks.
Your PR is adding a new OS for scanning. These changes require attention and careful review. When we restore stability to Trivy and have time to focus on your PR, we will do it.
Again, sorry for the wait and hope for your understanding
Hello @wjunLu Sorry for the delay in reviewing.
We are focused on fixing bugs, fixing
429error in Trivy-db and other high priority tasks.Your PR is adding a new OS for scanning. These changes require attention and careful review. When we restore stability to Trivy and have time to focus on your PR, we will do it.
Again, sorry for the wait and hope for your understanding
I get it! Thanks for your reply, please feel free to left your questions and I will try my best to solve them.