From dfcee80ae509ff4bbbaf1e66492e97bb04801b84 Mon Sep 17 00:00:00 2001
From: Daniel Pacak <pacak.daniel@gmail.com>
Date: Fri, 5 Jun 2020 10:35:56 +0200
Subject: [PATCH] fix(trivy): Bump up Trivy adapter to v0.11.0

This commit bumps up Trivy to resolve the following issues reported
in the aquasecurity/harbor-scanner-trivy repository:

- https://github.com/aquasecurity/harbor-scanner-trivy/issues/114
- https://github.com/aquasecurity/harbor-scanner-trivy/issues/108

Note that this adapter vendors in Trivy v0.9.0 which has changed
the algorithm for qualifying severities. Previous versions of Trivy
preferred NVD scores, whereas this version will use vendor score
whenever it's possible.

We believe it's more suitable approach for qualifying severities.
Even though this change might impact vulnerability summaries in
some cases, the total number of vulnerabilities should stay the
same.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 4c08ef3b8..22123695d 100644
--- a/Makefile
+++ b/Makefile
@@ -103,8 +103,8 @@ NOTARYVERSION=v0.6.1
 CLAIRVERSION=v2.1.3
 NOTARYMIGRATEVERSION=v3.5.4
 CLAIRADAPTERVERSION=v1.0.2
-TRIVYVERSION=v0.7.0
-TRIVYADAPTERVERSION=v0.10.0
+TRIVYVERSION=v0.9.0
+TRIVYADAPTERVERSION=v0.11.0
 
 # version of chartmuseum
 CHARTMUSEUMVERSION=v0.12.0