Comments (11)
can you retag the latest image to 0.51.2 on docker hub?
Else we need to downgrade alot of CI jobs in alot of projects until the fix is out
from trivy.
v0.51.4
released 👍
from trivy.
We deleted v0.51.3 for a workaround. Please downgrade to v0.51.2. Will fix it asap.
from trivy.
I'm closing this issue.
Please feel free to write here if you still have problems.
from trivy.
Downgrade works! Thank you @knqyf263
from trivy.
+1 for releasing fixed docker image #6771 (comment)
from trivy.
Can you revert the docker images as well? we are using the latest tag.
from trivy.
A note on the downgrade, the deb pakcages only have the most recent version available:
/# apt-cache policy trivy
trivy:
Installed: (none)
Candidate: 0.51.3
Version table:
0.51.3 500
500 https://aquasecurity.github.io/trivy-repo/deb jammy/main amd64 Packages
CI processes using trivy will break until a fix is made if using the repository installation described at https://aquasecurity.github.io/trivy/v0.51/getting-started/installation/.
from trivy.
v0.51.4
is available using the generic
directory - https://aquasecurity.github.io/trivy/v0.51/getting-started/installation/#debianubuntu-official
for v0.51.2
or previous versions - use OS release name or $(lsb_release -sc)
See - https://aquasecurity.github.io/trivy/v0.50/getting-started/installation/#debianubuntu-official
from trivy.
Hello, I just attempted those debian/ubuntu official methods. They can only install whatever the most recent package is.
I tried the following two ways. First the generic directory:
$ docker run -it --rm ubuntu:jammy
root@53f1032c9c33:/# apt-get update -y && apt-get install -y wget apt-transport-https gnupg ca-certificates --no-install-recommends
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] ...
:
:
root@53f1032c9c33:/# wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null
root@53f1032c9c33:/# echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | tee -a /etc/apt/sources.list.d/trivy.list
deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main
root@53f1032c9c33:/# apt-get update -y
Get:1 https://aquasecurity.github.io/trivy-repo/deb generic InRelease [3063 B]
:
:
root@53f1032c9c33:/# apt-cache policy trivy
trivy:
Installed: (none)
Candidate: 0.51.4
Version table:
0.51.4 500
500 https://aquasecurity.github.io/trivy-repo/deb generic/main amd64 Packages
root@53f1032c9c33:/# apt-get install trivy=0.51.2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package trivy is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Version '0.51.2' for 'trivy' was not found
As you can see, the generic only has the latest version available. Apt-cache policy only shows that version, and trying to install an earlier one will not work.
Doing the same with the OS release named version in a fresh container:
$ docker run -it --rm ubuntu:jammy
root@27da1888db8b:/# apt-get update -y && apt-get install -y wget apt-transport-https gnupg lsb-release ca-certificates --no-install-recommends
:
:
root@27da1888db8b:/# wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | tee /usr/share/keyrings/trivy.gpg > /dev/null
root@27da1888db8b:/# echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb jammy main
root@27da1888db8b:/# apt-get update -y
Get:1 https://aquasecurity.github.io/trivy-repo/deb jammy InRelease [3061 B]
:
:
root@27da1888db8b:/# apt-cache policy trivy
trivy:
Installed: (none)
Candidate: 0.51.4
Version table:
0.51.4 500
500 https://aquasecurity.github.io/trivy-repo/deb jammy/main amd64 Packages
root@27da1888db8b:/# apt-get install trivy=0.51.2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package trivy is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Version '0.51.2' for 'trivy' was not found
In both methods, a roll back was not possible. Perhaps that deb repository could have a few versions in it?
from trivy.
Helllo @dannystaple
I was in hurry to fix problem with v0.51.3 and told you wrong information.
You are right. trivy-repo
contains only latest Trivy version.
Perhaps that deb repository could have a few versions in it?
trivy-repo
is already large. So i think we won't add previous versions.
But you can always download any binary version from release page.
Regards, Dmitriy
from trivy.
Related Issues (20)
- feat(sbom): add vulnerability support for SPDX format
- feat(vex): add support for VEX Repository
- fix(misconf): directory filtering after scanning HOT 1
- feat(slemicro): Add support for the SUSE Linux Enterprise Micro family HOT 1
- feat(terraform): add variable support for Terraform Plan
- fix: Trivy should exit for incorrect paths/files HOT 1
- docs: auto-generate document for trivy.yaml HOT 3
- fix(misconf): do not set default values for `aws_cloudfront_distribution`
- feat(terraform): iterator argument support for dynamic blocks
- fix(misconf): unify the ACL bucket values HOT 1
- feat(misconf): improve S3 server logging access detection for AVD-AWS-0089
- Regression: segmentation violation when scanning a certain pom.xml
- feat(vex): retrieve VEX attestations from OCI registries
- feat(sbom): add image `labels` into `CycloneDX` report
- bug(misconf): AVD-AWS-0107 gets triggered for aws_security_group_rule when using a /23 netblock
- Add `--detection-priority`
- v0.54.0 is not installing plugins HOT 6
- test(plugin): add integration tests
- feat(pip): use minimum version in range
- BREAKING(report): Drop support for `EXCEPTIONS` from results
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trivy.