trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 3 weeks ago verified publisher icon aquasecurity

feat(nodejs): Bun support

Open knqyf263 opened this issue 11 months ago • 5 comments

Description

Support bun.lock introduced in Bun v1.1.39 https://bun.sh/blog/bun-lock-text-lockfile

Discussed in https://github.com/aquasecurity/trivy/discussions/5996

knqyf263 avatar Jan 29 '25 02:01 knqyf263

+1 very interested

pathscale avatar Apr 08 '25 18:04 pathscale

Hi @knqyf263 can I work on this issue?

sneaky-potato avatar May 05 '25 15:05 sneaky-potato

Sure. You need to write a parser first. https://github.com/aquasecurity/trivy/tree/8995838e8d184ee9178d5b52d2d3fa9b4e403015/pkg/fanal/analyzer/language/nodejs

knqyf263 avatar May 05 '25 16:05 knqyf263

Hi @knqyf263, I looked through the code and found parser being used in the analyzer you pointed out, for example yarn We will require a parser for bun as a requirement for the analyzer, right?

sneaky-potato avatar May 06 '25 15:05 sneaky-potato

Right. I think it's a good idea to open a PR only with a parser implementation to keep the PR small.

knqyf263 avatar May 07 '25 06:05 knqyf263

Added in #8839 + #8840

DmitriyLewen avatar May 30 '25 07:05 DmitriyLewen