github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add TrivyConfig.VulnSeveritySources (Trivy's --vuln-severity-source) (#3943)

Browse Source 
And default it to ["auto"] when unset, with an info log from applyDefaultValues.

Refactor CVE NewScanner to take *CVEConfig instead of separate DB repository
strings so the full Trivy block is available to the scanner.

Extend CLI and search tests for the new field and logged config; document
CVE/Trivy in examples/README and add examples/config-cve-trivy.json.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
This commit is contained in:
Andrei Aaron
2026-04-08 09:39:26 +03:00
committed by GitHub
parent c6289ec5ba
commit 451e7b8e47
15 changed files with 285 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/blackbox/upgrade.bats
+2 -1
View File
@@ -419,7 +419,8 @@ JSON
found=0
for i in "${lines[@]}"
do
if [[ "$i" = *"CVE-2025-26519 UNKNOWN musl libc 0.9.13 through 1.2.5 before 1.2.6 h..."* ]]; then
# Severity can change with Trivy DB / vulnSeveritySources (e.g. auto); match CVE id + title only.
if [[ "$i" = *"CVE-2025-26519"* && "$i" = *"musl libc 0.9.13 through 1.2.5 before 1.2.6 h"* ]]; then
found=1
fi
done