From 29aaa16fe906f9e3f7a317d98ea8e2fad66d7264 Mon Sep 17 00:00:00 2001 From: MorAlon1 <101275199+MorAlon1@users.noreply.github.com> Date: Mon, 16 Oct 2023 13:21:34 +0300 Subject: [PATCH 01/15] Update plugin.yaml --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4094c323..84cbd23c 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.149.1" +version: "v0.149.2" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.2/linux_amd64_v0.149.2.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.2/linux_arm64_v0.149.2.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.2/darwin_amd64_v0.149.2.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.2/darwin_arm64_v0.149.2.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/windows_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.2/windows_amd64_v0.149.2.tar.gz bin: ./aqua From 9eac7deeeab5017ccb83d7514f20c2ff3743ef1d Mon Sep 17 00:00:00 2001 From: aqua-ci Date: Mon, 16 Oct 2023 12:45:35 +0000 Subject: [PATCH 02/15] [create-pull-request] automated change --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4094c323..1f3b2b2f 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.149.1" +version: "v0.149.3" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/linux_amd64_v0.149.3.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/linux_arm64_v0.149.3.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/darwin_amd64_v0.149.3.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/darwin_arm64_v0.149.3.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/windows_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/windows_amd64_v0.149.3.tar.gz bin: ./aqua From fa3c64758dd2917e90086bf482571ca250019b21 Mon Sep 17 00:00:00 2001 From: MorAlon1 <101275199+MorAlon1@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:39:00 +0300 Subject: [PATCH 03/15] Update README-dockerhub.md --- README-dockerhub.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README-dockerhub.md b/README-dockerhub.md index 8770a61a..2181f51c 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -70,6 +70,10 @@ There are some env vars for overriding this data; | CA-CRET | Use this environment variable to set path to CA certificate | | XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | | XDG_CACHE_HOME | use this environment variable for setting the cache directory | +| ENABLE_TRIVY_STDOUT | use this environment variable with true value for full desplay of your scan results in your environment | +| SAST_LOGS | use this environment variable with true value for writing sast logs to file | +| SAST_LOGS_DIR | yse this environment variable to explicitly specify the location where the log file should be written | + ## Command Line Arguments @@ -124,6 +128,7 @@ jobs: ### Usage for running manually using docker command ```bash +EXPORT AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} docker run -it aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . ``` From 92a2bdc1ab2bc0a0663d6aadab758c89b26458ef Mon Sep 17 00:00:00 2001 From: MorAlon1 <101275199+MorAlon1@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:39:50 +0300 Subject: [PATCH 04/15] Update README-dockerhub.md --- README-dockerhub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 2181f51c..367d2210 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -72,7 +72,7 @@ There are some env vars for overriding this data; | XDG_CACHE_HOME | use this environment variable for setting the cache directory | | ENABLE_TRIVY_STDOUT | use this environment variable with true value for full desplay of your scan results in your environment | | SAST_LOGS | use this environment variable with true value for writing sast logs to file | -| SAST_LOGS_DIR | yse this environment variable to explicitly specify the location where the log file should be written | +| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written | From 845607b754d13cb2833abad392220a52a0005ab8 Mon Sep 17 00:00:00 2001 From: Daniel Ciuraru <105148851+danielciuraru86@users.noreply.github.com> Date: Tue, 17 Oct 2023 15:03:23 +0300 Subject: [PATCH 05/15] feat(): restore limited images (#701) --- .github/workflows/pr-merged.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml index f1be3548..4d86efe5 100644 --- a/.github/workflows/pr-merged.yml +++ b/.github/workflows/pr-merged.yml @@ -35,18 +35,18 @@ jobs: docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64 aquasec/aqua-scanner:latest-arm64 docker push aquasec/aqua-scanner:latest-arm64 - #docker pull aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited - #docker tag aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited aquasec/aqua-scanner:latest-amd64-limited - #docker push aquasec/aqua-scanner:latest-amd64-limited + docker pull aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited + docker tag aquasec/aqua-scanner:${{ env.new_version }}-amd64-limited aquasec/aqua-scanner:latest-amd64-limited + docker push aquasec/aqua-scanner:latest-amd64-limited - #docker pull aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited - #docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited aquasec/aqua-scanner:latest-arm64-limited - #docker push aquasec/aqua-scanner:latest-arm64-limited + docker pull aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited + docker tag aquasec/aqua-scanner:${{ env.new_version }}-arm64-limited aquasec/aqua-scanner:latest-arm64-limited + docker push aquasec/aqua-scanner:latest-arm64-limited docker manifest create aquasec/aqua-scanner:latest aquasec/aqua-scanner:latest-amd64 aquasec/aqua-scanner:latest-arm64 docker manifest push aquasec/aqua-scanner:latest - #docker manifest create aquasec/aqua-scanner:latest-limited aquasec/aqua-scanner:latest-amd64-limited aquasec/aqua-scanner:latest-arm64-limited - #docker manifest push aquasec/aqua-scanner:latest-limited + docker manifest create aquasec/aqua-scanner:latest-limited aquasec/aqua-scanner:latest-amd64-limited aquasec/aqua-scanner:latest-arm64-limited + docker manifest push aquasec/aqua-scanner:latest-limited - name: DockerHub description update uses: peter-evans/dockerhub-description@v3 with: From fd0690887944be08bc168807482a48cffe46a54f Mon Sep 17 00:00:00 2001 From: Naor Talmor <74590681+naortalmor1@users.noreply.github.com> Date: Tue, 17 Oct 2023 16:30:43 +0300 Subject: [PATCH 06/15] [create-pull-request] automated change (#704) Co-authored-by: aqua-ci Co-authored-by: Daniel Ciuraru <105148851+danielciuraru86@users.noreply.github.com> --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 1f3b2b2f..0ed844c0 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.149.3" +version: "v0.149.4" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/linux_amd64_v0.149.3.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/linux_amd64_v0.149.4.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/linux_arm64_v0.149.3.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/linux_arm64_v0.149.4.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/darwin_amd64_v0.149.3.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/darwin_amd64_v0.149.4.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/darwin_arm64_v0.149.3.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/darwin_arm64_v0.149.4.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.3/windows_amd64_v0.149.3.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/windows_amd64_v0.149.4.tar.gz bin: ./aqua From 1577631808ea3fbbac394dea23263941c7bffa1f Mon Sep 17 00:00:00 2001 From: Daniel Ciuraru <105148851+danielciuraru86@users.noreply.github.com> Date: Wed, 25 Oct 2023 14:54:53 +0300 Subject: [PATCH 07/15] update (#705) --- README-dockerhub.md | 113 +++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 59 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 367d2210..98347730 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -21,8 +21,8 @@ The **Aqua Security Trivy Plugin** is a premium offering designed to enhance the - **CI/CD Pipeline Integration**: Seamlessly incorporate into your CI/CD pipelines to ensure stringent security checks throughout your software development lifecycle. ## Get Started -To begin leveraging the Aqua Security Trivy Integration to protect your code repositories, reach out to our sales or support team to learn more about the benefits and access. +To begin leveraging the Aqua Security Trivy Integration to protect your code repositories, reach out to our sales or support team to learn more about the benefits and access. ## Environment Variables @@ -30,20 +30,17 @@ To begin leveraging the Aqua Security Trivy Integration to protect your code rep The only explicitly required environment variables are -| Variable | Purpose | -|:------------|:--------------------------------------------------------------| -| AQUA_KEY | Generated through CSPM UI | -| AQUA_SECRET | Generated through CSPM UI | - +| Variable | Purpose | +| :---------- | :------------------------ | +| AQUA_KEY | Generated through CSPM UI | +| AQUA_SECRET | Generated through CSPM UI | ### Optional -| Variable | Purpose | -|:------------|:--------------------------------------------------------------| -| CSPM_URL | Aqua CSPM URL (default: us-east-1 CSPM) | -| AQUA_URL | Aqua platform URL (default: us-east-1 Aqua platform) | - - +| Variable | Purpose | +| :------- | :--------------------------------------------------- | +| CSPM_URL | Aqua CSPM URL (default: us-east-1 CSPM) | +| AQUA_URL | Aqua platform URL (default: us-east-1 Aqua platform) | Trivy will attempt to resolve the following details from the available environment variables; @@ -55,42 +52,36 @@ Trivy will attempt to resolve the following details from the available environme There are some env vars for overriding this data; -| Variable | Purpose | -| :------------------- | :------------------------------------------------------------------------------------- | -| OVERRIDE_REPOSITORY | Use this environment variable to explicitly specify the repository used by Trivy | -| FALLBACK_REPOSITORY | Use this environment variable as a backup if no other repository env vars can be found | -| OVERRIDE_BRANCH | Use this environment variable to explicitly specify the branch used by Trivy | -| FALLBACK_BRANCH | Use this environment variable as a backup if no other branch env vars can be found | -| OVERRIDE_BUILDSYSTEM | Use this environment variable to explicitly specify the build system | -| OVERRIDE_SCMID | Use this environment variable to explicitly specify the scm id | -| IGNORE_PANIC | Use this environment variable to return exit code 0 on cli panic | -| OVERRIDE_REPOSITORY_URL | Use this environment variable to explicitly specify the repository link used by Trivy (For result's web link) | -| OVERRIDE_REPOSITORY_SOURCE | Use this environment variable to explicitly specify the repository source used by Trivy | -| HTTP_PROXY/HTTPS_PROXY | Use these environment variable for proxy configuration | -| CA-CRET | Use this environment variable to set path to CA certificate | -| XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | -| XDG_CACHE_HOME | use this environment variable for setting the cache directory | -| ENABLE_TRIVY_STDOUT | use this environment variable with true value for full desplay of your scan results in your environment | -| SAST_LOGS | use this environment variable with true value for writing sast logs to file | -| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written | - - +| Variable | Purpose | +| :------------------------- | :------------------------------------------------------------------------------------------------------------ | +| OVERRIDE_REPOSITORY | Use this environment variable to explicitly specify the repository used by Trivy | +| FALLBACK_REPOSITORY | Use this environment variable as a backup if no other repository env vars can be found | +| OVERRIDE_BRANCH | Use this environment variable to explicitly specify the branch used by Trivy | +| FALLBACK_BRANCH | Use this environment variable as a backup if no other branch env vars can be found | +| OVERRIDE_BUILDSYSTEM | Use this environment variable to explicitly specify the build system | +| OVERRIDE_SCMID | Use this environment variable to explicitly specify the scm id | +| IGNORE_PANIC | Use this environment variable to return exit code 0 on cli panic | +| OVERRIDE_REPOSITORY_URL | Use this environment variable to explicitly specify the repository link used by Trivy (For result's web link) | +| OVERRIDE_REPOSITORY_SOURCE | Use this environment variable to explicitly specify the repository source used by Trivy | +| HTTP_PROXY/HTTPS_PROXY | Use these environment variable for proxy configuration | +| CA-CRET | Use this environment variable to set path to CA certificate | +| XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | +| XDG_CACHE_HOME | use this environment variable for setting the cache directory | +| ENABLE_TRIVY_STDOUT | use this environment variable with true value for full desplay of your scan results in your environment | +| SAST_LOGS | use this environment variable with true value for writing sast logs to file | +| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written | ## Command Line Arguments -| Argument | Purpose | Example Usage | -| ---------------- | ------------------------------------------ | --------------------------------------------- | -| `--debug` | Get more detailed output as Trivy runs. | `--debug` | -| `--severities` | The Severities that you are interested in. | `--severities CRITICAL,HIGH,UNKNOWN` | -| `--skip-pipelines` | Skip scan repository pipeline files. | `--skip-pipelines` | -| `--sast` | To enable SAST scanning. | `--sast` | -| `--reachability` | To enable reachability scanning. | `--reachability` | -| `--package-json` | Scan package.json files without lock files | `--package-json` / `PACKAGE_JSON=1 trivy ...` | -| `--dotnet-proj` | Scan dotnet proj files without lock files | `--dotnet-proj` / `DOTNET_PROJ=1 trivy ...` | - - - - +| Argument | Purpose | Example Usage | +| ------------------ | ------------------------------------------ | --------------------------------------------- | +| `--debug` | Get more detailed output as Trivy runs. | `--debug` | +| `--severities` | The Severities that you are interested in. | `--severities CRITICAL,HIGH,UNKNOWN` | +| `--skip-pipelines` | Skip scan repository pipeline files. | `--skip-pipelines` | +| `--sast` | To enable SAST scanning. | `--sast` | +| `--reachability` | To enable reachability scanning. | `--reachability` | +| `--package-json` | Scan package.json files without lock files | `--package-json` / `PACKAGE_JSON=1 trivy ...` | +| `--dotnet-proj` | Scan dotnet proj files without lock files | `--dotnet-proj` / `DOTNET_PROJ=1 trivy ...` | ## GitHub Action Integration Example @@ -108,11 +99,11 @@ on: jobs: security_scan: runs-on: ubuntu-latest - + steps: - name: Checkout code uses: actions/checkout@v2 - + - name: Run Aqua scanner uses: docker://aquasec/aqua-scanner with: @@ -121,7 +112,7 @@ jobs: AQUA_KEY: ${{ secrets.AQUA_KEY }} AQUA_SECRET: ${{ secrets.AQUA_SECRET }} GITHUB_TOKEN: ${{ github.token }} - TRIVY_RUN_AS_PLUGIN: 'aqua' + TRIVY_RUN_AS_PLUGIN: "aqua" # For proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate) ``` @@ -134,7 +125,6 @@ docker run -it aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . ## Usage with Podman - ```bash podman run --rm \ -e AQUA_KEY=${AQUA_KEY} \ @@ -150,20 +140,23 @@ podman run --rm \ When working within CI environment, it's important to include the Source Code Management (SCM) tokens for pull requests. You can find additional guidance and details on this matter within our platform for your reference about each SCM. -# aqua-scanner limited Tag +# aqua-scanner limited Tag (Beta) + +We now provide a dedicated limited permission tag, for running the aqua-scanner on a non-root user. -We provide a dedicated limited tag, for running the aqua-scanner on a non-root user. +Tag name: `latest-limited` +Support for: linux/amd64, linux/arm64 ## Running limited tag on Azure DevOps pipeline -To use this tag effectively in Azure DevOps Pipelines, follow the steps below ([Azure documentation](https://learn.microsoft.com/en-us/azure/devops/pipelines/process/container-phases?view=azure-devops&tabs=yaml#linux-based-containers)), consider the following Azure DevOps pipeline example (with the -u 0 option): +To use the limited tag effectively on Azure DevOps Pipelines, follow the steps below ([Azure documentation](https://learn.microsoft.com/en-us/azure/devops/pipelines/process/container-phases?view=azure-devops&tabs=yaml#linux-based-containers)), consider the following Azure DevOps pipeline example (with the -u 0 option): ```yaml trigger: - main container: - image: aquasec/aqua-scanner:limited + image: aquasec/aqua-scanner:latest-limited options: -u 0 env: AQUA_KEY: $(AQUA_KEY) @@ -171,15 +164,17 @@ container: AZURE_TOKEN: $(AZURE_TOKEN) TRIVY_RUN_AS_PLUGIN: aqua steps: -- checkout: self - fetchDepth: 0 -- script: | - trivy fs --scanners config,vuln,secret . - displayName: Aqua scanner + - checkout: self + fetchDepth: 0 + - script: | + trivy fs --scanners config,vuln,secret . + displayName: Aqua scanner ``` ## Compatibility -The plugin is designed for Docker environments and is compatible with Linux containers. + +The plugin is designed for Docker environments and is compatible with Linux containers. ## License + This GitHub repository is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0). It is exclusively available for Aqua Security customers and is not open source. Please contact Aqua Security for licensing details. From 382216e510b6566e4a120c069443e2d617cbfc4f Mon Sep 17 00:00:00 2001 From: Naor Talmor Date: Wed, 25 Oct 2023 17:29:52 +0300 Subject: [PATCH 08/15] docker hub docs refinment --- README-dockerhub.md | 67 +++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 98347730..26a54229 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -6,7 +6,7 @@ The **Aqua Security Trivy Plugin** is a premium offering designed to enhance the ## Features -- **Enhanced Security Scans**: Aqua Security customers benefit from advanced features including Better Secret Scanning, SAST (Static application security testing), and Reachability Checks. +- **Enhanced Security Scans**: Aqua Security customers benefit from advanced features including Enhenced Secret Scanning engine, SAST (Static application security testing), Reachability Checks, and more. - **Better Secret Scanning**: Detect sensitive information such as API keys and passwords within your codebase and configuration files to prevent potential leaks. @@ -50,38 +50,40 @@ Trivy will attempt to resolve the following details from the available environme - committing user - build system -There are some env vars for overriding this data; - -| Variable | Purpose | -| :------------------------- | :------------------------------------------------------------------------------------------------------------ | -| OVERRIDE_REPOSITORY | Use this environment variable to explicitly specify the repository used by Trivy | -| FALLBACK_REPOSITORY | Use this environment variable as a backup if no other repository env vars can be found | -| OVERRIDE_BRANCH | Use this environment variable to explicitly specify the branch used by Trivy | -| FALLBACK_BRANCH | Use this environment variable as a backup if no other branch env vars can be found | -| OVERRIDE_BUILDSYSTEM | Use this environment variable to explicitly specify the build system | -| OVERRIDE_SCMID | Use this environment variable to explicitly specify the scm id | -| IGNORE_PANIC | Use this environment variable to return exit code 0 on cli panic | -| OVERRIDE_REPOSITORY_URL | Use this environment variable to explicitly specify the repository link used by Trivy (For result's web link) | -| OVERRIDE_REPOSITORY_SOURCE | Use this environment variable to explicitly specify the repository source used by Trivy | -| HTTP_PROXY/HTTPS_PROXY | Use these environment variable for proxy configuration | -| CA-CRET | Use this environment variable to set path to CA certificate | -| XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | -| XDG_CACHE_HOME | use this environment variable for setting the cache directory | -| ENABLE_TRIVY_STDOUT | use this environment variable with true value for full desplay of your scan results in your environment | -| SAST_LOGS | use this environment variable with true value for writing sast logs to file | -| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written | +There are some environments variables for overriding default values and behaviors; + +| Variable | Purpose | +| :------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| OVERRIDE_REPOSITORY | Use this environment variable to explicitly specify the repository name used by Trivy | +| FALLBACK_REPOSITORY | Use this environment variable as a backup if no other repository env vars can be found | +| OVERRIDE_BRANCH | Use this environment variable to explicitly specify the branch used by Trivy | +| FALLBACK_BRANCH | Use this environment variable as a backup if no other branch env vars can be found | +| OVERRIDE_BUILDSYSTEM | Use this environment variable to explicitly specify the build system | +| IGNORE_PANIC | Use this environment variable to return exit code 0 on cli panic error | +| OVERRIDE_REPOSITORY_URL | Use this environment variable to explicitly specify the repository link used by Trivy (For result's web link) | +| OVERRIDE_REPOSITORY_SOURCE | Use this environment variable to explicitly specify the repository source used by Trivy | +| HTTP_PROXY/HTTPS_PROXY | Use these environment variable for proxy configuration | +| XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | +| XDG_CACHE_HOME | use this environment variable for setting the cache directory | +| SAST_LOGS | use this boolean environment variable with true value for writing sast logs to a file (The file name is: ${REPOSITORY_NAME}-sast-logs.txt under the SAST_LOGS_DIR directory) | +| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written (Default is /tmp/.trivy/plugins/aqua) | +| TRIVY_QUIET | Disable trivy output report in log | +| AQUA_ASSURANCE_EXPORT | The path to export policies results (JSON) | ## Command Line Arguments -| Argument | Purpose | Example Usage | -| ------------------ | ------------------------------------------ | --------------------------------------------- | -| `--debug` | Get more detailed output as Trivy runs. | `--debug` | -| `--severities` | The Severities that you are interested in. | `--severities CRITICAL,HIGH,UNKNOWN` | -| `--skip-pipelines` | Skip scan repository pipeline files. | `--skip-pipelines` | -| `--sast` | To enable SAST scanning. | `--sast` | -| `--reachability` | To enable reachability scanning. | `--reachability` | -| `--package-json` | Scan package.json files without lock files | `--package-json` / `PACKAGE_JSON=1 trivy ...` | -| `--dotnet-proj` | Scan dotnet proj files without lock files | `--dotnet-proj` / `DOTNET_PROJ=1 trivy ...` | +| Argument | Environment variable | Purpose | Example Usage | +| ------------------------- | --------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------- | +| `--debug` | DEBUG | Get more detailed output as Trivy runs. | `--debug` / DEBUG=true | +| `--severities` | TRIVY_SEVERITY | The Severities that you are interested in. | `--severities CRITICAL,HIGH,UNKNOWN` / TRIVY_SEVERITY= CRITICAL,HIGH,UNKNOWN | +| `--skip-pipelines` | SKIP_PIPELINES | Skip scan repository pipeline files. | `--skip-pipelines` / SKIP_PIPELINES=true | +| `--sast` | SAST | To enable SAST scanning. | `--sast` / SAST=true | +| `--reachability` | REACHABILITY | To enable reachability scanning. | `--reachability` / REACHABILITY=true | +| `--package-json` | PACKAGE_JSON | Scan package.json files without lock files | `--package-json` / `PACKAGE_JSON=true` | +| `--dotnet-proj` | DOTNET_PROJ | Scan dotnet proj files without lock files | `--dotnet-proj` / `DOTNET_PROJ=true` | +| `--skip-policies` | TRIVY_SKIP_POLICIES | Skip policies checks | `--skip-policies` / `TRIVY_SKIP_POLICIES=true` | +| `--skip-result-upload` | TRIVY_SKIP_RESULT_UPLOAD | Disable uploading scan results to aqua platform | `--skip-result-upload` / `TRIVY_SKIP_RESULT_UPLOAD=true` | +| `--skip-policy-exit-code` | TRIVY_SKIP_POLICY_EXIT_CODE | Prevent non-zero exit code if an assurance policy has failed | `--skip-policy-exit-code` / `TRIVY_SKIP_POLICY_EXIT_CODE=true` | ## GitHub Action Integration Example @@ -113,14 +115,13 @@ jobs: AQUA_SECRET: ${{ secrets.AQUA_SECRET }} GITHUB_TOKEN: ${{ github.token }} TRIVY_RUN_AS_PLUGIN: "aqua" - # For proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate) + # Use here any other environment variable ``` ### Usage for running manually using docker command ```bash -EXPORT AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} -docker run -it aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . +AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} TRIVY_RUN_AS_PLUGIN=aqua docker run -it -e AQUA_KEY -e AQUA_SECRET -e INPUT_WORKING_DIRECTORY=/scanning -v "${YOUR_WORKSPACE}":"/scanning" aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . ``` ## Usage with Podman From bbbd0adf6bab26393ac1d92ca2e79f0230fb9c19 Mon Sep 17 00:00:00 2001 From: Naor Talmor Date: Wed, 25 Oct 2023 17:33:37 +0300 Subject: [PATCH 09/15] remove boolean --- README-dockerhub.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 26a54229..caacd5a5 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -52,23 +52,23 @@ Trivy will attempt to resolve the following details from the available environme There are some environments variables for overriding default values and behaviors; -| Variable | Purpose | -| :------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| OVERRIDE_REPOSITORY | Use this environment variable to explicitly specify the repository name used by Trivy | -| FALLBACK_REPOSITORY | Use this environment variable as a backup if no other repository env vars can be found | -| OVERRIDE_BRANCH | Use this environment variable to explicitly specify the branch used by Trivy | -| FALLBACK_BRANCH | Use this environment variable as a backup if no other branch env vars can be found | -| OVERRIDE_BUILDSYSTEM | Use this environment variable to explicitly specify the build system | -| IGNORE_PANIC | Use this environment variable to return exit code 0 on cli panic error | -| OVERRIDE_REPOSITORY_URL | Use this environment variable to explicitly specify the repository link used by Trivy (For result's web link) | -| OVERRIDE_REPOSITORY_SOURCE | Use this environment variable to explicitly specify the repository source used by Trivy | -| HTTP_PROXY/HTTPS_PROXY | Use these environment variable for proxy configuration | -| XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | -| XDG_CACHE_HOME | use this environment variable for setting the cache directory | -| SAST_LOGS | use this boolean environment variable with true value for writing sast logs to a file (The file name is: ${REPOSITORY_NAME}-sast-logs.txt under the SAST_LOGS_DIR directory) | -| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written (Default is /tmp/.trivy/plugins/aqua) | -| TRIVY_QUIET | Disable trivy output report in log | -| AQUA_ASSURANCE_EXPORT | The path to export policies results (JSON) | +| Variable | Purpose | +| :------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| OVERRIDE_REPOSITORY | Use this environment variable to explicitly specify the repository name used by Trivy | +| FALLBACK_REPOSITORY | Use this environment variable as a backup if no other repository env vars can be found | +| OVERRIDE_BRANCH | Use this environment variable to explicitly specify the branch used by Trivy | +| FALLBACK_BRANCH | Use this environment variable as a backup if no other branch env vars can be found | +| OVERRIDE_BUILDSYSTEM | Use this environment variable to explicitly specify the build system | +| IGNORE_PANIC | Use this environment variable to return exit code 0 on cli panic error | +| OVERRIDE_REPOSITORY_URL | Use this environment variable to explicitly specify the repository link used by Trivy (For result's web link) | +| OVERRIDE_REPOSITORY_SOURCE | Use this environment variable to explicitly specify the repository source used by Trivy | +| HTTP_PROXY/HTTPS_PROXY | Use these environment variable for proxy configuration | +| XDG_DATA_HOME | use this environment variable to designate the base directory for storing user-specific data | +| XDG_CACHE_HOME | use this environment variable for setting the cache directory | +| SAST_LOGS | use this environment variable with true value for writing sast logs to a file (The file name is: ${REPOSITORY_NAME}-sast-logs.txt under the SAST_LOGS_DIR directory) | +| SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written (Default is /tmp/.trivy/plugins/aqua) | +| TRIVY_QUIET | Disable trivy output report in log | +| AQUA_ASSURANCE_EXPORT | The path to export policies results (JSON) | ## Command Line Arguments From 0b036d7b955ceb6063bc8de4c524509781e00023 Mon Sep 17 00:00:00 2001 From: Naor Talmor Date: Thu, 26 Oct 2023 12:21:30 +0300 Subject: [PATCH 10/15] add TRIVY_RUN_AS_PLUGIN env --- README-dockerhub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index caacd5a5..ed9a5f03 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -121,7 +121,7 @@ jobs: ### Usage for running manually using docker command ```bash -AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} TRIVY_RUN_AS_PLUGIN=aqua docker run -it -e AQUA_KEY -e AQUA_SECRET -e INPUT_WORKING_DIRECTORY=/scanning -v "${YOUR_WORKSPACE}":"/scanning" aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . +AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} TRIVY_RUN_AS_PLUGIN=aqua docker run -e AQUA_KEY -e AQUA_SECRET -e TRIVY_RUN_AS_PLUGIN -e INPUT_WORKING_DIRECTORY=/scanning -v "${YOUR_WORKSPACE}":"/scanning" aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . ``` ## Usage with Podman From dd6eb2c57d544059e4b3f30ec32c49e8ca5f3977 Mon Sep 17 00:00:00 2001 From: Naor Talmor Date: Thu, 26 Oct 2023 12:24:26 +0300 Subject: [PATCH 11/15] fix docker comman --- README-dockerhub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index ed9a5f03..722038b7 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -121,7 +121,7 @@ jobs: ### Usage for running manually using docker command ```bash -AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} TRIVY_RUN_AS_PLUGIN=aqua docker run -e AQUA_KEY -e AQUA_SECRET -e TRIVY_RUN_AS_PLUGIN -e INPUT_WORKING_DIRECTORY=/scanning -v "${YOUR_WORKSPACE}":"/scanning" aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . +AQUA_KEY=${AQUA_KEY} AQUA_SECRET=${AQUA_SECRET} TRIVY_RUN_AS_PLUGIN=aqua docker run -it -e AQUA_KEY -e AQUA_SECRET -e TRIVY_RUN_AS_PLUGIN -e INPUT_WORKING_DIRECTORY=/scanning -v "${YOUR_WORKSPACE}":"/scanning" aquasec/aqua-scanner trivy fs --scanners config,vuln,secret . ``` ## Usage with Podman From e52dfb245e176253ce06a10ac60e2e4f66556d4d Mon Sep 17 00:00:00 2001 From: Naor Talmor <74590681+naortalmor1@users.noreply.github.com> Date: Tue, 31 Oct 2023 11:22:30 +0200 Subject: [PATCH 12/15] Update Plugin Artifacts Links for v0.150.0 (#708) --- README-dockerhub.md | 6 ++++-- plugin.yaml | 12 ++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/README-dockerhub.md b/README-dockerhub.md index 722038b7..a1017db7 100644 --- a/README-dockerhub.md +++ b/README-dockerhub.md @@ -69,7 +69,9 @@ There are some environments variables for overriding default values and behavior | SAST_LOGS_DIR | use this environment variable to explicitly specify the location where the log file should be written (Default is /tmp/.trivy/plugins/aqua) | | TRIVY_QUIET | Disable trivy output report in log | | AQUA_ASSURANCE_EXPORT | The path to export policies results (JSON) | - +| OVERRIDE_AUTHOR | Use this environment variable to override the author of the scan (commit pusher by default) | +| OVERRIDE_RUN_ID | Use this environment variable to override the run id (default to SCM run build number) | +| OVERRIDE_BUILD_ID | Use this environment variable to override the job/build id (default to SCM build id) | ## Command Line Arguments | Argument | Environment variable | Purpose | Example Usage | @@ -178,4 +180,4 @@ The plugin is designed for Docker environments and is compatible with Linux cont ## License -This GitHub repository is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0). It is exclusively available for Aqua Security customers and is not open source. Please contact Aqua Security for licensing details. +This GitHub repository is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0). It is exclusively available for Aqua Security customers and is not open source. Please contact Aqua Security for licensing details. \ No newline at end of file diff --git a/plugin.yaml b/plugin.yaml index 0ed844c0..edbb93ad 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.149.4" +version: "v0.150.0" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/linux_amd64_v0.149.4.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/linux_amd64_v0.150.0.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/linux_arm64_v0.149.4.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/linux_arm64_v0.150.0.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/darwin_amd64_v0.149.4.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/darwin_amd64_v0.150.0.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/darwin_arm64_v0.149.4.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/darwin_arm64_v0.150.0.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.4/windows_amd64_v0.149.4.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/windows_amd64_v0.150.0.tar.gz bin: ./aqua From 5a85708dfd82a3a4c9bbd982e93430c5551c5f45 Mon Sep 17 00:00:00 2001 From: Naor Talmor <74590681+naortalmor1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:03:30 +0200 Subject: [PATCH 13/15] [create-pull-request] automated change (#709) --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index edbb93ad..279fa185 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.150.0" +version: "v0.151.0" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/linux_amd64_v0.150.0.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.0/linux_amd64_v0.151.0.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/linux_arm64_v0.150.0.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.0/linux_arm64_v0.151.0.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/darwin_amd64_v0.150.0.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.0/darwin_amd64_v0.151.0.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/darwin_arm64_v0.150.0.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.0/darwin_arm64_v0.151.0.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.150.0/windows_amd64_v0.150.0.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.0/windows_amd64_v0.151.0.tar.gz bin: ./aqua From b902c0263877109a694f7b6732e02f3a6496a666 Mon Sep 17 00:00:00 2001 From: aqua-ci Date: Sun, 5 Nov 2023 13:46:41 +0000 Subject: [PATCH 14/15] [create-pull-request] automated change --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4094c323..21b495d4 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.149.1" +version: "v0.151.1" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.1/linux_amd64_v0.151.1.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.1/linux_arm64_v0.151.1.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.1/darwin_amd64_v0.151.1.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.1/darwin_arm64_v0.151.1.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/windows_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.1/windows_amd64_v0.151.1.tar.gz bin: ./aqua From 80e73ae3c3958c489c08f3d3108585a219d60d93 Mon Sep 17 00:00:00 2001 From: aqua-ci Date: Tue, 7 Nov 2023 16:13:23 +0000 Subject: [PATCH 15/15] [create-pull-request] automated change --- plugin.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/plugin.yaml b/plugin.yaml index 4094c323..a629e738 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,31 +1,31 @@ name: "aqua" repository: github.com/aquasecurity/trivy-plugin-aqua -version: "v0.149.1" +version: "v0.151.2" usage: trivy aqua description: A Trivy plugin that sends results to Aqua. platforms: - selector: # optional os: linux arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.2/linux_amd64_v0.151.2.tar.gz bin: ./aqua - selector: os: linux arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/linux_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.2/linux_arm64_v0.151.2.tar.gz bin: ./aqua - selector: os: darwin arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.2/darwin_amd64_v0.151.2.tar.gz bin: ./aqua - selector: os: darwin arch: arm64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/darwin_arm64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.2/darwin_arm64_v0.151.2.tar.gz bin: ./aqua - selector: os: windows arch: amd64 - uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.149.1/windows_amd64_v0.149.1.tar.gz + uri: https://github.com/aquasecurity/trivy-plugin-aqua/releases/download/v0.151.2/windows_amd64_v0.151.2.tar.gz bin: ./aqua