Skip to content

feat(echo): Add Echo Support #350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
May 21, 2025
Merged

feat(echo): Add Echo Support #350

merged 11 commits into from
May 21, 2025

Conversation

orizerah
Copy link
Contributor

@orizerah orizerah commented May 6, 2025
edited
Loading

Adding support for Echo Images to Trivy
The advisory json file is pulled from https://advisory.echohq.com/data.json

Relevant Discussion: aquasecurity/trivy#8834

This was referenced May 6, 2025
Merged
Merged
DmitriyLewen
DmitriyLewen reviewed May 20, 2025
View reviewed changes
@DmitriyLewen
Copy link
Contributor

DmitriyLewen commented May 20, 2025
edited
Loading

Can you also add Echo in README.md, please.

And will be great to see that it works in GitHub CI/CD (you can create fork of vuln-list and run action for this PR).

@orizerah
Copy link
Contributor Author

@DmitriyLewen I went over the comments and addressed them all.

Here's a working GitHub action
https://github.com/orizerah/vuln-list-update/actions/runs/15144338839/job/42576210143

Here's the fork with the new echo dir
https://github.com/orizerah/vuln-list/tree/main/echo

DmitriyLewen
DmitriyLewen reviewed May 21, 2025
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Left small refactor/test comments

@orizerah
Copy link
Contributor Author

@DmitriyLewen, I went through all of the comments :)

DmitriyLewen
DmitriyLewen approved these changes May 21, 2025
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@orizerah Thanks for your contribution and patience :)
LGTM

Can you run the update action again just in case?

cc. @knqyf263

@orizerah
Copy link
Contributor Author

orizerah commented May 21, 2025
edited
Loading

@DmitriyLewen I ran it again
https://github.com/orizerah/vuln-list-update/actions/runs/15155862378/job/42610547961

Thank you for your time :)

@knqyf263 knqyf263 merged commit eb71601 into aquasecurity:main May 21, 2025
2 checks passed
knqyf263 added a commit that referenced this pull request May 21, 2025
@knqyf263
Revert "feat(echo): Add Echo Support (#350)"
5dbd420 
This reverts commit eb71601.
@knqyf263 knqyf263 mentioned this pull request May 21, 2025
Merged
DmitriyLewen pushed a commit that referenced this pull request May 21, 2025
@knqyf263
Revert "feat(echo): Add Echo Support (#350)" (#352)
9a2a743 
This reverts commit eb71601.
DmitriyLewen
DmitriyLewen reviewed May 22, 2025
View reviewed changes
echo/types.go
package echo

type Advisory map[string]map[string]struct {
Severity string `json:"severity,omitempty"`
Copy link
Contributor

@DmitriyLewen DmitriyLewen May 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @orizerah
I'm checking the thivy-db from aquasecurity/trivy-db#528 (comment)

I found that https://advisory.echohq.com/data.json doesn't have severity fields.
Why did you add this field?
Does echo plan to add severity levels?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We wanted to have that option

@itaysk itaysk mentioned this pull request May 28, 2025
Closed
DmitriyLewen added a commit to DmitriyLewen/vuln-list-update that referenced this pull request May 29, 2025
@DmitriyLewen
Revert "Revert "feat(echo): Add Echo Support (aquasecurity#350)" (aqu…
345a551 
…asecurity#352)"

This reverts commit 9a2a743.
@DmitriyLewen DmitriyLewen mentioned this pull request May 29, 2025
Merged
2 tasks
DmitriyLewen added a commit that referenced this pull request May 29, 2025
@DmitriyLewen
feat(echo): Add Echo Support
fbd72eb 
Revert "Revert "feat(echo): Add Echo Support (#350)" (#352)" (#353)
This reverts commit 9a2a743.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@orizerah @DmitriyLewen @knqyf263