feature: Add 'Scan Type' to pattern information [TAROT-2626]

* feature: Add 'Scan Type' to pattern information [TAROT-2626] * clean: Delete unused documentation files [TAROT-2626] * clean: Update Trivy version in CircleCI [TAROT-2626] This commit also adds reminders to keep Trivy versions up-to-date everywhere.
codacy · May 11, 2024 · 9802317 · 9802317
1 parent 65da4fa
commit 9802317
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 40 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -48,9 +48,9 @@ jobs:
     steps:
       - attach_run_command_and_persist:
           cmd_name: Install trivy and download DBs
-          # https://aquasecurity.github.io/trivy/v0.45/getting-started/installation/#install-script
+          # https://aquasecurity.github.io/trivy/v0.49/getting-started/installation/#install-script
           cmd: |
-            curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.47.0
+            curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v0.49.1
             mkdir cache
             ./trivy --cache-dir ./cache image --download-db-only
           # For now this step is not necessary, please uncomment when needed

diff --git a/README.md b/README.md
@@ -47,6 +47,10 @@ If you're using this docker image please guarantee that you're always using the
 
 The `latest` tag is also available but you should avoid using it, as it is harder to track which version of the image is running and more difficult to roll back properly.
 
+## Updating Trivy
+
+After updating the Trivy version in `go.mod`, you need to update the version in [CircleCI's configuration](/.circleci/config.yml) to make sure the vulnerabilities DB downloaded are compatible.
+
 ## What is Codacy?
 
 [Codacy](https://www.codacy.com/) is an Automated Code Review Tool that monitors your technical debt, helps you improve your code quality, teaches best practices to your developers, and helps you save time in Code Reviews.

diff --git a/docs/description/description.json b/docs/description/description.json
diff --git a/docs/patterns.json b/docs/patterns.json
diff --git a/go.mod b/go.mod
@@ -3,9 +3,9 @@ module github.com/codacy/codacy-trivy
 go 1.21
 
 require (
-	github.com/aquasecurity/trivy v0.49.1
+	github.com/aquasecurity/trivy v0.49.1 // Also update .config.yml
 	github.com/aquasecurity/trivy-db v0.0.0-20231106053131-81d747dba6ac
-	github.com/codacy/codacy-engine-golang-seed/v6 v6.1.4
+	github.com/codacy/codacy-engine-golang-seed/v6 v6.2.0
 	github.com/samber/lo v1.39.0
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/mock v0.4.0

diff --git a/go.sum b/go.sum
@@ -422,8 +422,8 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/codacy/codacy-engine-golang-seed/v6 v6.1.4 h1:wiHrfn2LzzJPthHBB9MLfs4azVoZObeuXK56T6uBqE0=
-github.com/codacy/codacy-engine-golang-seed/v6 v6.1.4/go.mod h1:74FKDkdXzHlZOLfjU9Khp8cvcz4sLB6S7I3eyzFJ/5I=
+github.com/codacy/codacy-engine-golang-seed/v6 v6.2.0 h1:2rHGhdllDvzk4YvrMr8jOkIXeQWDUpaJbElQKzqJDZM=
+github.com/codacy/codacy-engine-golang-seed/v6 v6.2.0/go.mod h1:74FKDkdXzHlZOLfjU9Khp8cvcz4sLB6S7I3eyzFJ/5I=
 github.com/codacy/go-dep-parser v0.0.3 h1:sdsHMjNECq6g1fXQYg7Aib30jVrPli/cjndo2pi1izo=
 github.com/codacy/go-dep-parser v0.0.3/go.mod h1:6sh6f0Ixlt+oIMEPGxJyDOmzB03tK2v2rsAlc/9q12g=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=

diff --git a/internal/docgen/rule.go b/internal/docgen/rule.go
@@ -10,6 +10,7 @@ type Rule struct {
 	Level       string
 	Category    string
 	SubCategory string
+	ScanType    string
 	Enabled     bool
 }
 
@@ -19,6 +20,7 @@ func (r Rule) toCodacyPattern() codacy.Pattern {
 		Category:    r.Category,
 		Level:       r.Level,
 		SubCategory: r.SubCategory,
+		ScanType:    r.ScanType,
 		Enabled:     r.Enabled,
 	}
 }
@@ -60,6 +62,7 @@ func trivyRules() Rules {
 			Level:       "Error",
 			Category:    "Security",
 			SubCategory: "Cryptography",
+			ScanType:    "Secrets",
 			Enabled:     true,
 		},
 		{
@@ -69,6 +72,7 @@ func trivyRules() Rules {
 			Level:       "Error",
 			Category:    "Security",
 			SubCategory: "InsecureModulesLibraries",
+			ScanType:    "SCA",
 			Enabled:     true,
 		},
 	}