Skip to content

chore(deps): Update trivy to v0.65.0 #481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 27, 2025
Merged

chore(deps): Update trivy to v0.65.0 #481

merged 6 commits into from
Aug 27, 2025

Conversation

aqua-bot
Copy link
Contributor

Automated changes by create-pull-request GitHub action

@simar7 simar7 force-pushed the bump-trivy-1755898251 branch from 6389d65 to 636fd3c Compare August 27, 2025 01:12
@simar7
Copy link
Member

simar7 commented Aug 27, 2025

Tests are red as we need to sync the DBs. Depends on #482

@simar7 simar7 requested a review from Copilot August 27, 2025 01:19
Copilot
Copilot AI reviewed Aug 27, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates Trivy to version v0.65.0 across all configuration files and test data. This is a dependency update that ensures the project uses the latest version of the Trivy security scanner.

Key changes:

  • Updates default Trivy version from v0.64.1 to v0.65.0 in action configuration
  • Updates test data files to reflect output format changes from the new Trivy version
  • Updates documentation to reference the new version

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
action.yaml Updates default Trivy version parameter from v0.64.1 to v0.65.0
README.md Updates documentation examples and version references to v0.65.0
.github/workflows/test.yaml Updates TRIVY_VERSION environment variable to 0.65.0
test/data/with-trivy-yaml-cfg/report.json Updates test data to reflect new Trivy output format (PURL encoding and timestamp changes)
test/data/with-ignore-files/report Updates test data with modified CVE description formatting
test/data/image-scan/report Updates test data with modified CVE description formatting

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@simar7 simar7 requested a review from nikpivkin August 27, 2025 01:19
@nikpivkin
test: update golden files
bf330b1 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
@nikpivkin
dev: add update-golden goal
71f6a8f 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
@nikpivkin
Copy link
Contributor

@simar7 I added a goal for updating golden files 71f6a8f (#481)

simar7
simar7 reviewed Aug 27, 2025
View reviewed changes
Makefile Outdated
Comment on lines 23 to 26
.PHONY: update-golden
update-golden:
mkdir -p .cache
UPDATE_GOLDEN=1 $(BATS_ENV) bats $(BATS_FLAGS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's nice, should we add this target to the action that upgrades the trivy version? We would always review the PR it will create prior to merge, thereby avoiding us to run the target ourselves manually.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done a169870 (#481)

@nikpivkin
ci: update golden files on Trivy bump
a169870 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
@nikpivkin
dev: delete fanal.db before tests
85abccb 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
@nikpivkin
Copy link
Contributor

Tests are red as we need to sync the DBs. Depends on #482

In general, we don't need to update the databases unless we upgrade Trivy to a version that uses new database schemas. This minimizes updates to golden files.

@nikpivkin nikpivkin merged commit f9424c1 into master Aug 27, 2025
3 checks passed
@nikpivkin nikpivkin deleted the bump-trivy-1755898251 branch August 27, 2025 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 left review comments

Copilot code review Copilot Copilot left review comments

@nikpivkin nikpivkin nikpivkin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aqua-bot @simar7 @nikpivkin