From ab70c0d5be293e5ec1c7f816c9105754917ff35d Mon Sep 17 00:00:00 2001 From: Thomas Ubensee <34603111+tomuben@users.noreply.github.com> Date: Thu, 5 Dec 2024 07:56:37 -0300 Subject: [PATCH] #1029: Extended trivy rego for Kernel CVE's (#482) related to exasol/script-languages-release#1029 --- .../flavor_base/security_scan/trivy.rego | 2 +- .../flavor_base/security_scan/trivy.rego | 2 +- .../flavor_base/security_scan/trivy.rego | 2 +- .../flavor_base/security_scan/trivy.rego | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/security_scan/trivy.rego b/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/security_scan/trivy.rego index fc807388..ea531bfa 100644 --- a/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/security_scan/trivy.rego +++ b/flavors/template-Exasol-8-python-3.10-cuda-conda/flavor_base/security_scan/trivy.rego @@ -6,5 +6,5 @@ default ignore = false ignore { input.PkgName == "linux-libc-dev" - regex.match("^kernel:", input.Title) + regex.match("^(kernel:|In the Linux kernel)", input.Title) } \ No newline at end of file diff --git a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego index fc807388..ea531bfa 100644 --- a/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego +++ b/flavors/template-Exasol-all-java-17/flavor_base/security_scan/trivy.rego @@ -6,5 +6,5 @@ default ignore = false ignore { input.PkgName == "linux-libc-dev" - regex.match("^kernel:", input.Title) + regex.match("^(kernel:|In the Linux kernel)", input.Title) } \ No newline at end of file diff --git a/flavors/template-Exasol-all-python-3.10-conda/flavor_base/security_scan/trivy.rego b/flavors/template-Exasol-all-python-3.10-conda/flavor_base/security_scan/trivy.rego index fc807388..ea531bfa 100644 --- a/flavors/template-Exasol-all-python-3.10-conda/flavor_base/security_scan/trivy.rego +++ b/flavors/template-Exasol-all-python-3.10-conda/flavor_base/security_scan/trivy.rego @@ -6,5 +6,5 @@ default ignore = false ignore { input.PkgName == "linux-libc-dev" - regex.match("^kernel:", input.Title) + regex.match("^(kernel:|In the Linux kernel)", input.Title) } \ No newline at end of file diff --git a/flavors/template-Exasol-all-python-3.10/flavor_base/security_scan/trivy.rego b/flavors/template-Exasol-all-python-3.10/flavor_base/security_scan/trivy.rego index fc807388..ea531bfa 100644 --- a/flavors/template-Exasol-all-python-3.10/flavor_base/security_scan/trivy.rego +++ b/flavors/template-Exasol-all-python-3.10/flavor_base/security_scan/trivy.rego @@ -6,5 +6,5 @@ default ignore = false ignore { input.PkgName == "linux-libc-dev" - regex.match("^kernel:", input.Title) + regex.match("^(kernel:|In the Linux kernel)", input.Title) } \ No newline at end of file