fix(trivy): Bump up Trivy adapter to v0.11.0

This commit bumps up Trivy to resolve the following issues reported
in the aquasecurity/harbor-scanner-trivy repository:

- https://github.com/aquasecurity/harbor-scanner-trivy/issues/114
- https://github.com/aquasecurity/harbor-scanner-trivy/issues/108

Note that this adapter vendors in Trivy v0.9.0 which has changed
the algorithm for qualifying severities. Previous versions of Trivy
preferred NVD scores, whereas this version will use vendor score
whenever it's possible.

We believe it's more suitable approach for qualifying severities.
Even though this change might impact vulnerability summaries in
some cases, the total number of vulnerabilities should stay the
same.

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
This commit is contained in:
Daniel Pacak 2020-06-05 10:35:56 +02:00
parent c261555b59
commit dfcee80ae5

View File

@ -103,8 +103,8 @@ NOTARYVERSION=v0.6.1
CLAIRVERSION=v2.1.3 CLAIRVERSION=v2.1.3
NOTARYMIGRATEVERSION=v3.5.4 NOTARYMIGRATEVERSION=v3.5.4
CLAIRADAPTERVERSION=v1.0.2 CLAIRADAPTERVERSION=v1.0.2
TRIVYVERSION=v0.7.0 TRIVYVERSION=v0.9.0
TRIVYADAPTERVERSION=v0.10.0 TRIVYADAPTERVERSION=v0.11.0
# version of chartmuseum # version of chartmuseum
CHARTMUSEUMVERSION=v0.12.0 CHARTMUSEUMVERSION=v0.12.0