cloud104 · gfalves87 · Nov 24, 2023 · Mar 12, 2024 · Jun 20, 2024 · Nov 4, 2024
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.2.2
+current_version = 0.2.3
 commit = True
 tag = True
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11-slim as base
+FROM python:3.13-slim as base
 
 # Run tests
 FROM base as tester
@@ -19,7 +19,7 @@ RUN make test
 FROM base as builder
 COPY requirements.txt /
 COPY scripts/download_trivy.sh /
-ARG TRIVY_VERSION=0.47.0
+ARG TRIVY_VERSION=0.57.1
 RUN apt-get update && apt-get install -y wget && apt-get clean autoclean && apt-get autoremove -y && rm -rf /var/lib/{apt,dpkg,cache,log}/
 RUN pip install --user -r /requirements.txt && \
     chmod +x /download_trivy.sh && /download_trivy.sh

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@ CONTAINER_NAME=runtime-image-scanner
 REGISTRY=$(CONTAINER_NAME)
 VERSION_FILE=version.py
 #Variable used only to download Trivy locally. For containers, the versions are declared in the Dockerfile.
-TRIVY_VERSION=0.47.0
+TRIVY_VERSION=0.57.1
 
 patch: build-patch git-push
 minor: build-minor git-push
@@ -42,7 +42,7 @@ build-major:
 
 build:
 	@$(eval VERSION=`cat $(VERSION_FILE) | grep "VERSION"|cut -d"=" -f2 | sed -e 's/"//g' -e 's/ //g'`)
-	docker build -t $(REGISTRY):$(VERSION) .
+	docker build -t $(REGISTRY):$(VERSION)-RC- .
 
 clean-dev:
 	docker rmi -f $(CONTAINER_NAME):devel

diff --git a/README.md b/README.md
@@ -55,6 +55,7 @@ All parameters of this scanner are adjustable via environment variables.
 | SCAN_INTERVAL | 43200 | no | Time in seconds of the execution interval |
 | HTTP_PORT | 8080 | no | Port where the endpoint will listen |
 | TRIVY_BIN_PATH | ./trivy | no | trivy binary path |
+| IGNORE_UNFIXED | true | no | hide unfixed vulnerabilities |
 
 ## Performing unit tests
 Test coverage: ![](coverage.svg)

diff --git a/README_pt-BR.md b/README_pt-BR.md
@@ -53,6 +53,7 @@ Todos os parâmetros desse scanner são ajustáveis via variáveis de ambiente.
 |SCAN_INTERVAL|43200|não|Tempo em segundos do intervalo de execução|
 |HTTP_PORT|8080|não|Porta onde o endpoint irá ouvir|
 |TRIVY_BIN_PATH|./trivy|não|Path do binário do trivy|
+|IGNORE_UNFIXED|true|no|Ignora as vulnerabilidades não corrigidas|
 
 ## Executando testes unitários
 Cobertura dos testes: ![](coverage.svg)

diff --git a/chart/runtime-image-scanner/Chart.yaml b/chart/runtime-image-scanner/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "v0.2.2"
+appVersion: "v0.2.4"
 description: Runtime image scanner.
 name: runtime-image-scanner
-version: 0.2.2
+version: 0.2.4
diff --git a/chart/runtime-image-scanner/values.yaml b/chart/runtime-image-scanner/values.yaml
@@ -1,6 +1,6 @@
 image:
   repository: gcr.io/totvs-kubernetes-service/runtime-image-scanner
-  tag: "v0.2.2"
+  tag: "v0.2.4"
   pullPolicy: IfNotPresent
 
 imagePullSecrets:
@@ -15,6 +15,10 @@ Envs:
     value: "43200"
   - name: HTTP_PORT
     value: "8080"
+  - name: IGNORE_UNFIXED
+    value: "true"
+  - name: DB_REPOSITORY
+    value: "us-east1-docker.pkg.dev/tks-gcr-pub/trivy-db-mirror/trivy-db-mirror"
 
 serviceAccount:
   create: true

diff --git a/requirements-development.txt b/requirements-development.txt
@@ -1,24 +1,24 @@
 bump2version==1.0.1
 # bumpversion==0.6.0
-cachetools==5.3.0
-certifi==2022.12.7
-chardet==5.1.0
-charset-normalizer==3.1.0
-coverage==7.2.2
-coverage-badge==1.1.0
-docutils==0.19
-google-auth==2.16.2
-kubernetes==26.1.0
+cachetools==5.5.0
+certifi==2024.8.30
+chardet==5.2.0
+charset-normalizer==3.4.0
+coverage==7.6.4
+coverage-badge==1.1.2
+docutils==0.21.2
+google-auth==2.35.0
+kubernetes==31.0.0
 lockfile==0.12.2
 oauthlib==3.2.2
-prometheus-client==0.16.0
-pyasn1==0.4.8
-pyasn1-modules==0.2.8
-python-dateutil==2.8.2
-PyYAML==6.0
-requests==2.31.0
-requests-oauthlib==1.3.1
+prometheus-client==0.21.0
+pyasn1==0.6.1
+pyasn1-modules==0.4.1
+python-dateutil==2.9.0;post0
+PyYAML==6.0.2
+requests==2.32.3
+requests-oauthlib==2.0.0
 rsa==4.9
 six==1.16.0
-urllib3==1.26.15
-websocket-client==1.5.1
+urllib3==2.2.3
+websocket-client==1.8.0
diff --git a/requirements.txt b/requirements.txt
@@ -1,23 +1,23 @@
-cachetools==5.3.2
-certifi==2023.11.17
+cachetools==5.5.0
+certifi==2024.8.30
 chardet==5.2.0
-charset-normalizer==3.3.2
-coverage==7.3.2
-coverage-badge==1.1.0
-docutils==0.20.1
-google-auth==2.23.4
-idna==3.4
-kubernetes==28.1.0
+charset-normalizer==3.4.0
+coverage==7.6.4
+coverage-badge==1.1.2
+docutils==0.21.2
+google-auth==2.35.0
+idna==3.10
+kubernetes==31.0.0
 lockfile==0.12.2
 oauthlib==3.2.2
-prometheus-client==0.19.0
-pyasn1==0.5.1
-pyasn1-modules==0.3.0
-python-dateutil==2.8.2
-PyYAML==6.0.1
-requests==2.31.0
-requests-oauthlib==1.3.1
+prometheus-client==0.21.0
+pyasn1==0.6.1
+pyasn1-modules==0.4.1
+python-dateutil==2.9.0.post0
+PyYAML==6.0.2
+requests==2.32.3
+requests-oauthlib==2.0.0
 rsa==4.9
 six==1.16.0
-urllib3==1.26.18
-websocket-client==1.6.4
+urllib3==2.2.3
+websocket-client==1.8.0