added support for CoreOS

amitverse · amitverse · commit 9f767cad8f9d · 2025-09-13T13:44:37.000+05:30
diff --git a/docs/docs/coverage/os/coreos.md b/docs/docs/coverage/os/coreos.md
@@ -0,0 +1,15 @@
+# CoreOS
+Trivy supports the following scanners for OS packages.
+
+|    Scanner    | Supported |
+| :-----------: | :-------: |
+|     SBOM      |     ✓     |
+| Vulnerability |     -     |
+|    License    |     -     |
+
+Please see [here](index.md#supported-os) for supported versions.
+
+## SBOM
+Trivy detects packages that are listed in the [software inventory].
+
+[software inventory]: https://bottlerocket.dev/en/os/1.37.x/concepts/variants/#software-inventory
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
@@ -28,11 +28,12 @@ Trivy supports operating systems for
 | [SUSE Linux Enterprise](suse.md)      | 11, 12, 15                          | zypper/rpm       |
 | [SUSE Linux Enterprise Micro](suse.md)| 5, 6                                | zypper/rpm       |
 | [Photon OS](photon.md)                | 1.0, 2.0, 3.0, 4.0                  | tndf/yum/rpm     |
+| [CoreOS Container Linux](coreos.md)   | All versions (EOL)                  | rpm              |
 | [Echo](echo.md)                       | (n/a)                               | apt/dpkg         |
 | [Debian GNU/Linux](debian.md)         | 7, 8, 9, 10, 11, 12                 | apt/dpkg         |
 | [Ubuntu](ubuntu.md)                   | All versions supported by Canonical | apt/dpkg         |
 | [Bottlerocket](bottlerocket.md)       | 1.7.0 and upper                     | bottlerocket     |
-| [OSs with installed Conda](../others/conda.md)  | -                                   | conda            |
+| [OSs with installed Conda](../others/conda.md) | -                                   | conda            |
 
 ## Supported container images
 
@@ -45,6 +46,7 @@ Each page gives more details.
 
 [^1]: CentOS Stream is not supported 
 [^2]: https://github.com/GoogleContainerTools/distroless
+[^3]: CoreOS Container Linux reached end-of-life on May 26, 2020. Consider migrating to Fedora CoreOS.
 
 
 [sbom]: ../../supply-chain/sbom.md
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -90,6 +90,7 @@ nav:
               - Ubuntu: docs/coverage/os/ubuntu.md
               - Wolfi: docs/coverage/os/wolfi.md
               - Google Distroless (Images): docs/coverage/os/google-distroless.md
+              - CoreOS Container Linux: docs/coverage/os/coreos.md
           - Language:
               - Overview: docs/coverage/language/index.md
               - C/C++: docs/coverage/language/c.md
diff --git a/pkg/detector/ospkg/coreos/coreos.go b/pkg/detector/ospkg/coreos/coreos.go
@@ -0,0 +1,28 @@
+package coreos
+
+import (
+	"context"
+
+	osver "github.com/aquasecurity/trivy/pkg/detector/ospkg/version"
+	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+// Scanner implements the CoreOS scanner
+type Scanner struct {
+}
+
+// NewScanner is the factory method for Scanner
+func NewScanner() *Scanner {
+	return &Scanner{}
+}
+
+func (s *Scanner) Detect(ctx context.Context, _ string, _ *ftypes.Repository, _ []ftypes.Package) ([]types.DetectedVulnerability, error) {
+	log.InfoContext(ctx, "Vulnerability detection of CoreOS packages is currently not supported.")
+	return nil, nil
+}
+
+func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType, osVer string) bool {
+	return osver.Supported(ctx, nil, osFamily, osver.Minor(osVer))
+}
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
@@ -12,6 +12,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/azure"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/bottlerocket"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/chainguard"
+	"github.com/aquasecurity/trivy/pkg/detector/ospkg/coreos"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/debian"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/driver"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg/echo"
@@ -55,6 +56,7 @@ var (
 		ftypes.Chainguard:         chainguard.NewScanner(),
 		ftypes.Echo:               echo.NewScanner(),
 		ftypes.MinimOS:            minimos.NewScanner(),
+		ftypes.CoreOS:             coreos.NewScanner(),
 	}
 
 	// providers dynamically generate drivers based on package information
diff --git a/pkg/fanal/analyzer/const.go b/pkg/fanal/analyzer/const.go
@@ -26,6 +26,7 @@ const (
 	TypeSUSE       Type = "suse"
 	TypeUbuntu     Type = "ubuntu"
 	TypeUbuntuESM  Type = "ubuntu-esm"
+	TypeCoreOS     Type = "coreos"
 
 	// OS Package
 	TypeApk                   Type = "apk"
diff --git a/pkg/fanal/analyzer/os/release/release.go b/pkg/fanal/analyzer/os/release/release.go
@@ -78,6 +78,8 @@ func (a osReleaseAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInp
 			family = types.Echo
 		case "minimos":
 			family = types.MinimOS
+		case "coreos":
+			family = types.CoreOS
 		}
 
 		if family != "" && versionID != "" {
diff --git a/pkg/fanal/analyzer/os/release/release_test.go b/pkg/fanal/analyzer/os/release/release_test.go
@@ -179,6 +179,16 @@ func Test_osReleaseAnalyzer_Analyze(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:      "CoreOS",
+			inputFile: "testdata/coreos",
+			want: &analyzer.AnalysisResult{
+				OS: types.OS{
+					Family: types.CoreOS,
+					Name:   "3.15.4",
+				},
+			},
+		},
 		{
 			name:      "Unknown OS",
 			inputFile: "testdata/unknown",
diff --git a/pkg/fanal/analyzer/os/release/testdata/coreos b/pkg/fanal/analyzer/os/release/testdata/coreos
@@ -0,0 +1,2 @@
+ID=coreos
+VERSION_ID=3.15.4
diff --git a/pkg/fanal/analyzer/pkg/rpm/rpm.go b/pkg/fanal/analyzer/pkg/rpm/rpm.go
@@ -40,6 +40,9 @@ var (
 		// SQLite3
 		"usr/lib/sysimage/rpm/rpmdb.sqlite",
 		"var/lib/rpm/rpmdb.sqlite",
+
+		// CoreOS
+		"usr/share/rpm/rpmdb.sqlite",
 	}
 
 	errUnexpectedNameFormat = xerrors.New("unexpected name format")
diff --git a/pkg/fanal/types/const.go b/pkg/fanal/types/const.go
@@ -44,6 +44,7 @@ const (
 	SLES               OSType = "sles"
 	Ubuntu             OSType = "ubuntu"
 	Wolfi              OSType = "wolfi"
+	CoreOS             OSType = "coreos"
 )
 
 // OSTypeAliases is a map of aliases for operating systems.

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,8 @@ func (a osReleaseAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInp`
`78`	`78`	`family = types.Echo`
`79`	`79`	`case "minimos":`
`80`	`80`	`family = types.MinimOS`
	`81`	`+ case "coreos":`
	`82`	`+ family = types.CoreOS`
`81`	`83`	`}`
`82`	`84`
`83`	`85`	`if family != "" && versionID != "" {`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,9 @@ var (`
`40`	`40`	`// SQLite3`
`41`	`41`	`"usr/lib/sysimage/rpm/rpmdb.sqlite",`
`42`	`42`	`"var/lib/rpm/rpmdb.sqlite",`
	`43`	`+`
	`44`	`+ // CoreOS`
	`45`	`+ "usr/share/rpm/rpmdb.sqlite",`
`43`	`46`	`}`
`44`	`47`
`45`	`48`	`errUnexpectedNameFormat = xerrors.New("unexpected name format")`