Skip to content

feat(sbom): added support for CoreOS #9448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DmitriyLewen merged 5 commits into from
Sep 22, 2025
Merged

feat(sbom): added support for CoreOS #9448

DmitriyLewen merged 5 commits into from
Sep 22, 2025

Conversation

@amitverse
Copy link
Contributor

@amitverse amitverse commented Sep 6, 2025

Description

Added usr/share/rpm/rpmdb.sqlite filepath in RPM analyzer required files to support CoreOS

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@amitverse amitverse changed the title feat(sbom):added required file in rpm analyzer to support CoreOS feat(sbom): added required file in rpm analyzer to support CoreOS Sep 6, 2025
@DmitriyLewen DmitriyLewen marked this pull request as draft September 8, 2025 09:32
@DmitriyLewen
Copy link
Contributor

DmitriyLewen commented Sep 8, 2025

Hi, @amitverse
I don’t think it makes sense to split the tasks from #9384 into several PRs.
I’ve converted your PR into a draft.
Please mark it as ready for review once it includes all the required changes.

@amitverse amitverse force-pushed the add-support-for-coreos branch 4 times, most recently from 370cde8 to 9f767ca Compare September 13, 2025 08:14
@amitverse
Copy link
Contributor Author

amitverse commented Sep 13, 2025

Source of truth of using filepath etc/os-release for checking the release info: coreos/fedora-coreos-tracker#21

In the above link, it has mentioned that ID=coreos implies Container Linux, used this information for writing os-analyzer.

@amitverse amitverse force-pushed the add-support-for-coreos branch from 9f767ca to 002dce8 Compare September 13, 2025 09:15
@amitverse amitverse marked this pull request as ready for review September 13, 2025 09:39
@amitverse amitverse changed the title feat(sbom): added required file in rpm analyzer to support CoreOS feat(sbom): added support for CoreOS Sep 13, 2025
DmitriyLewen
DmitriyLewen reviewed Sep 15, 2025
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @amitverse
Thanks for your work!

I left comments.

Also, I forgot to write about this in #9384.
You need to update the purl package.
For the purl type, you can use coreos (see https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/docs/candidate-purl-types.md?plain=1#L13).

@amitverse amitverse force-pushed the add-support-for-coreos branch from 002dce8 to c026a78 Compare September 15, 2025 17:05
@amitverse amitverse marked this pull request as draft September 15, 2025 17:09
@amitverse amitverse force-pushed the add-support-for-coreos branch 5 times, most recently from 786b1eb to 80865d5 Compare September 15, 2025 18:18
@amitverse amitverse force-pushed the add-support-for-coreos branch from 80865d5 to 0e1c1aa Compare September 15, 2025 18:22
@DmitriyLewen
Copy link
Contributor

DmitriyLewen commented Sep 17, 2025

Hello @amitverse,
I refactored your code a bit. Could you take a look?

@amitverse
Copy link
Contributor Author

amitverse commented Sep 18, 2025

Thanks @DmitriyLewen for the changes.
Also, I think the PR is ready for review. Making it ready for review. Please check it once and let me know if i need to make any changes.

@amitverse amitverse marked this pull request as ready for review September 18, 2025 09:28
DmitriyLewen
DmitriyLewen approved these changes Sep 18, 2025
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@amitverse Thanks for your contribution!
LGTM.

@knqyf263 Could you take a quick look if you have time?

knqyf263
knqyf263 reviewed Sep 18, 2025
View reviewed changes
@DmitriyLewen DmitriyLewen added this pull request to the merge queue Sep 22, 2025
Merged via the queue into aquasecurity:main with commit 6d562a3 Sep 22, 2025
26 of 29 checks passed
@aqua-bot aqua-bot mentioned this pull request Sep 22, 2025
Merged
alexlebens pushed a commit to alexlebens/infrastructure that referenced this pull request Sep 30, 2025
@alexlebens
Update mirror.gcr.io/aquasec/trivy Docker tag to v0.67.0 (#1622)
c62e888 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [mirror.gcr.io/aquasec/trivy](https://www.aquasec.com/products/trivy/) ([source](https://github.com/aquasecurity/trivy)) | minor | `0.66.0` -> `0.67.0` |

---

### Release Notes

<details>
<summary>aquasecurity/trivy (mirror.gcr.io/aquasec/trivy)</summary>

### [`v0.67.0`](https://github.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0670-2025-09-30)

[Compare Source](aquasecurity/trivy@v0.66.0...v0.67.0)

##### Features

- add documentation URL for database lock errors ([#&#8203;9531](aquasecurity/trivy#9531)) ([eba48af](aquasecurity/trivy@eba48af))
- **cli:** change --list-all-pkgs default to true ([#&#8203;9510](aquasecurity/trivy#9510)) ([7b663d8](aquasecurity/trivy@7b663d8))
- **cloudformation:** support default values and list results in Fn::FindInMap ([#&#8203;9515](aquasecurity/trivy#9515)) ([42b3bf3](aquasecurity/trivy@42b3bf3))
- **cyclonedx:** preserve SBOM structure when scanning SBOM files with vulnerability updates ([#&#8203;9439](aquasecurity/trivy#9439)) ([aff03eb](aquasecurity/trivy@aff03eb))
- **redhat:** add os-release detection for RHEL-based images ([#&#8203;9458](aquasecurity/trivy#9458)) ([cb25a07](aquasecurity/trivy@cb25a07))
- **sbom:** added support for CoreOS ([#&#8203;9448](aquasecurity/trivy#9448)) ([6d562a3](aquasecurity/trivy@6d562a3))
- **seal:** add seal support ([#&#8203;9370](aquasecurity/trivy#9370)) ([e4af279](aquasecurity/trivy@e4af279))

##### Bug Fixes

- **aws:** use `BuildableClient` insead of `xhttp.Client` ([#&#8203;9436](aquasecurity/trivy#9436)) ([fa6f1bf](aquasecurity/trivy@fa6f1bf))
- close file descriptors and pipes on error paths ([#&#8203;9536](aquasecurity/trivy#9536)) ([a4cbd6a](aquasecurity/trivy@a4cbd6a))
- **db:** Dowload database when missing but metadata still exists ([#&#8203;9393](aquasecurity/trivy#9393)) ([92ebc7e](aquasecurity/trivy@92ebc7e))
- **k8s:** disable parallel traversal with fs cache for k8s images ([#&#8203;9534](aquasecurity/trivy#9534)) ([c0c7a6b](aquasecurity/trivy@c0c7a6b))
- **misconf:** handle tofu files in module detection ([#&#8203;9486](aquasecurity/trivy#9486)) ([bfd2f6b](aquasecurity/trivy@bfd2f6b))
- **misconf:** strip build metadata suffixes from image history ([#&#8203;9498](aquasecurity/trivy#9498)) ([c938806](aquasecurity/trivy@c938806))
- **misconf:** unmark cty values before access ([#&#8203;9495](aquasecurity/trivy#9495)) ([8e40d27](aquasecurity/trivy@8e40d27))
- **misconf:** wrap legacy ENV values in quotes to preserve spaces ([#&#8203;9497](aquasecurity/trivy#9497)) ([267a970](aquasecurity/trivy@267a970))
- **nodejs:** parse workspaces as objects for package-lock.json files ([#&#8203;9518](aquasecurity/trivy#9518)) ([404abb3](aquasecurity/trivy@404abb3))
- **nodejs:** use snapshot string as `Package.ID` for pnpm packages ([#&#8203;9330](aquasecurity/trivy#9330)) ([4517e8c](aquasecurity/trivy@4517e8c))
- **vex:** don't  suppress vulns for packages with infinity loop ([#&#8203;9465](aquasecurity/trivy#9465)) ([78f0d4a](aquasecurity/trivy@78f0d4a))
- **vuln:** compare `nuget` package names in lower case ([#&#8203;9456](aquasecurity/trivy#9456)) ([1ff9ac7](aquasecurity/trivy@1ff9ac7))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMTYuNiIsInVwZGF0ZWRJblZlciI6IjQxLjExNi42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbWFnZSJdfQ==-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/1622
Co-authored-by: Renovate Bot <[email protected]>
Co-committed-by: Renovate Bot <[email protected]>
@shino shino mentioned this pull request Nov 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(sbom): add CoreOS support

3 participants

@amitverse @DmitriyLewen @knqyf263