From 6dda1d069bc71e07225157c319f9fbfa9e7ec588 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 23 Aug 2022 13:05:43 +0600 Subject: [PATCH] add gradle.lockfile to docs --- docs/docs/vulnerability/detection/language.md | 45 ++++++++++--------- pkg/fanal/analyzer/const.go | 4 +- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/docs/docs/vulnerability/detection/language.md b/docs/docs/vulnerability/detection/language.md index c8737d65a25..81c9c4b1288 100644 --- a/docs/docs/vulnerability/detection/language.md +++ b/docs/docs/vulnerability/detection/language.md @@ -2,28 +2,29 @@ `Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies. -| Language | File | Image[^8] | Rootfs[^9] | Filesystem[^10] | Repository[^11] | Dev dependencies | -| -------- |-------------------------| :-------: | :--------: | :-------------: | :-------------: | ---------------- | -| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included | -| | gemspec | ✅ | ✅ | - | - | included | -| Python | Pipfile.lock | - | - | ✅ | ✅ | excluded | -| | poetry.lock | - | - | ✅ | ✅ | included | -| | requirements.txt | - | - | ✅ | ✅ | included | -| | egg package[^1] | ✅ | ✅ | - | - | excluded | -| | wheel package[^2] | ✅ | ✅ | - | - | excluded | -| PHP | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded | -| Node.js | package-lock.json | - | - | ✅ | ✅ | excluded | -| | yarn.lock | - | - | ✅ | ✅ | included | -| | pnpm-lock.yaml | - | - | ✅ | ✅ | excluded | -| | package.json | ✅ | ✅ | - | - | excluded | -| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included | -| | packages.config | ✅ | ✅ | ✅ | ✅ | excluded | -| | .deps.json | ✅ | ✅ | ✅ | ✅ | excluded | -| Java | JAR/WAR/PAR/EAR[^3][^4] | ✅ | ✅ | - | - | included | -| | pom.xml[^5] | - | - | ✅ | ✅ | excluded | -| Go | Binaries built by Go[^6] | ✅ | ✅ | - | - | excluded | -| | go.mod[^7] | - | - | ✅ | ✅ | included | -| Rust | Cargo.lock | ✅ | ✅ | ✅ | ✅ | included | +| Language | File | Image[^8] | Rootfs[^9] | Filesystem[^10] | Repository[^11] | Dev dependencies | +| -------- |--------------------------------------------------------------------------------------------| :-------: | :--------: | :-------------: | :-------------: | ---------------- | +| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included | +| | gemspec | ✅ | ✅ | - | - | included | +| Python | Pipfile.lock | - | - | ✅ | ✅ | excluded | +| | poetry.lock | - | - | ✅ | ✅ | included | +| | requirements.txt | - | - | ✅ | ✅ | included | +| | egg package[^1] | ✅ | ✅ | - | - | excluded | +| | wheel package[^2] | ✅ | ✅ | - | - | excluded | +| PHP | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded | +| Node.js | package-lock.json | - | - | ✅ | ✅ | excluded | +| | yarn.lock | - | - | ✅ | ✅ | included | +| | pnpm-lock.yaml | - | - | ✅ | ✅ | excluded | +| | package.json | ✅ | ✅ | - | - | excluded | +| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included | +| | packages.config | ✅ | ✅ | ✅ | ✅ | excluded | +| | .deps.json | ✅ | ✅ | ✅ | ✅ | excluded | +| Java | JAR/WAR/PAR/EAR[^3][^4] | ✅ | ✅ | - | - | included | +| | pom.xml[^5] | - | - | ✅ | ✅ | excluded | +| | *gradle.lockfile | - | - | ✅ | ✅ | excluded | +| Go | Binaries built by Go[^6] | ✅ | ✅ | - | - | excluded | +| | go.mod[^7] | - | - | ✅ | ✅ | included | +| Rust | Cargo.lock | ✅ | ✅ | ✅ | ✅ | included | | | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) | ✅ | ✅ | - | - | excluded The path of these files does not matter. diff --git a/pkg/fanal/analyzer/const.go b/pkg/fanal/analyzer/const.go index 21699376c0c..33a46cea361 100644 --- a/pkg/fanal/analyzer/const.go +++ b/pkg/fanal/analyzer/const.go @@ -114,7 +114,7 @@ var ( // TypeLanguages has all language analyzers TypeLanguages = []Type{ - TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom, + TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom, TypeGradleLock, TypeNpmPkgLock, TypeNodePkg, TypeYarn, TypePnpm, TypeNuget, TypeDotNetDeps, TypePythonPkg, TypePip, TypePipenv, TypePoetry, TypeGoBinary, TypeGoMod, TypeRustBinary, } @@ -122,7 +122,7 @@ var ( // TypeLockfiles has all lock file analyzers TypeLockfiles = []Type{ TypeBundler, TypeNpmPkgLock, TypeYarn, - TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom, + TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom, TypeGradleLock, } // TypeIndividualPkgs has all analyzers for individual packages