fix image_scan.sh script and download trivy version (#7950)

Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
2023-07-13 15:03:50 -03:00 · 2023-07-13 15:03:50 -03:00 · 58a8deb25d
parent 3eb4e12c3b
commit 58a8deb25d
2 changed files with 19 additions and 13 deletions
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@ -19,17 +19,23 @@ RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget c

 RUN python3 -m pip install awscli

-RUN TRIVY_VERSION="0.42.0"                                                                                                                          && \
-    if [ "$(go env GOARCH)" = "arm64" ] || [ "$(go env GOARCH)" = "arm" ]; then                                                                        \
-    # Turn arm64 and arm into uppercase ARM64 and ARM, respectively, for Trivy's download
-    TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]")                                                                                        && \
-    wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
-    tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz"                                                                                   && \
-    mv trivy /usr/local/bin;                                                                                                                           \
-    elif [ "$(go env GOARCH)" = "amd64" ]; then                                                                                                        \
-    wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"         && \
-    tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"                                                                                           && \
-    mv trivy /usr/local/bin;                                                                                                                           \
+RUN TRIVY_VERSION="0.43.1" && \
+    if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \
+        if [ "$(go env GOARCH)" = "arm64" ]; then \
+            # Turn arm64 into uppercase ARM64 for Trivy's download
+            TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \
+            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
+            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \
+            mv trivy /usr/local/bin; \
+        elif [ "$(go env GOARCH)" = "amd64" ]; then \
+            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
+            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
+            mv trivy /usr/local/bin; \
+        elif [ "$(go env GOARCH)" = "s390x" ]; then \
+            wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
+            tar -zxvf "trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \
+            mv trivy /usr/local/bin; \
+        fi \
    fi

 # this works for both go 1.17 and 1.18
--- a/scripts/image_scan.sh
+++ b/scripts/image_scan.sh
@ -9,8 +9,8 @@ fi

 ARCH=$2

-# skipping image scan for s390x since trivy doesn't support s390x arch yet
-if [ "${ARCH}" == "s390x" ]; then
+# skipping image scan for 32 bits image since trivy dropped support for those https://github.com/aquasecurity/trivy/discussions/4789
+if  [[ "${ARCH}" = "arm" ]] || [ "${ARCH}" != "386" ]; then
    exit 0
 fi