update scanner registry from dev registry (#217)

Author: fproulx-boostsecurity

.github/workflows/scorecards.yml

@@ -58,11 +58,11 @@ setup:
       cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
-      VERSION: 0.67.0
-      LINUX_X86_64_SHA: 5b10e9bba00a508b0f3bcb98e78f1039f7eee26b57c9266961a415642a9208ab
-      LINUX_ARM64_SHA: 0f3ac33954dd918cad708bdf06731b4aa8cc14b12e879932b4ceef2f22640a9e
-      MACOS_X86_64_SHA: ae8a13d8c3abf7f7e7981ac1a5f5ec094d68835f2aac67da102d4ba36e820c3c
-      MACOS_ARM64_SHA: feea8727b501f654683774fe0f98a9c1a128c7d8bcd7c942a8e6f6d05b33bd4b
+      VERSION: 0.67.2
+      LINUX_X86_64_SHA: 546511a5514afc813c0b72e4abeea2c16a32228a13a1e5114d927c190e76b1f9
+      LINUX_ARM64_SHA: e4f28390b06cdaaed94f8c49cce2c4c847938b5188aefdeb82453f2e933e57cb
+      MACOS_X86_64_SHA: 4a5b936a8d89b508ecdc6edd65933b6fe3e9a368796cbdf917fd0df393f26542
+      MACOS_ARM64_SHA: 6b3163667f29fc608a2ed647c1bd42023af5779349286148190a168c5b3f28f1
     run: |
       BINARY_URL="https://github.com/aquasecurity/trivy/releases/download/v${VERSION}"
       ARCH=$(uname -m)

scanners/boostsecurityio/boost-sca/module.yaml

@@ -17,7 +17,7 @@ steps:
       format: metadata
       command:
         docker:
-          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:38a1ebd@sha256:b71b2c0117caeb145566cc1abcd7ce14102dc26ca130b4bee65e9ad641fc1b1d
+          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:0b5a854@sha256:90b4d286e983db1b63125e52bd463cb85466edc0846f03ea7657678e5c6e7d3c
           command: scan
           workdir: /src
           environment:

scanners/boostsecurityio/composition/module.yaml

@@ -16,7 +16,7 @@ steps:
       format: supply_chain_inventory
       command:
         docker:
-          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:38a1ebd@sha256:b71b2c0117caeb145566cc1abcd7ce14102dc26ca130b4bee65e9ad641fc1b1d
+          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:0b5a854@sha256:90b4d286e983db1b63125e52bd463cb85466edc0846f03ea7657678e5c6e7d3c
           command: inventory
           workdir: /src
           environment:

scanners/boostsecurityio/supply-chain-inventory/module.yaml

@@ -4,7 +4,6 @@ id: boostsecurityio/trivy-fs
 name: Trivy (Filesystem scanning)
 namespace: boostsecurityio/trivy-fs
 scan_types:
-  - secrets
   - sca
 
 config:
@@ -59,11 +58,11 @@ setup:
       cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
-      VERSION: 0.67.0
-      LINUX_X86_64_SHA: 5b10e9bba00a508b0f3bcb98e78f1039f7eee26b57c9266961a415642a9208ab
-      LINUX_ARM64_SHA: 0f3ac33954dd918cad708bdf06731b4aa8cc14b12e879932b4ceef2f22640a9e
-      MACOS_X86_64_SHA: ae8a13d8c3abf7f7e7981ac1a5f5ec094d68835f2aac67da102d4ba36e820c3c
-      MACOS_ARM64_SHA: feea8727b501f654683774fe0f98a9c1a128c7d8bcd7c942a8e6f6d05b33bd4b
+      VERSION: 0.67.2
+      LINUX_X86_64_SHA: 546511a5514afc813c0b72e4abeea2c16a32228a13a1e5114d927c190e76b1f9
+      LINUX_ARM64_SHA: e4f28390b06cdaaed94f8c49cce2c4c847938b5188aefdeb82453f2e933e57cb
+      MACOS_X86_64_SHA: 4a5b936a8d89b508ecdc6edd65933b6fe3e9a368796cbdf917fd0df393f26542
+      MACOS_ARM64_SHA: 6b3163667f29fc608a2ed647c1bd42023af5779349286148190a168c5b3f28f1
     run: |
       BINARY_URL="https://github.com/aquasecurity/trivy/releases/download/v${VERSION}"
       ARCH=$(uname -m)
@@ -107,7 +106,7 @@ steps:
           TRIVY_ADDITIONAL_ARGS: ${TRIVY_ADDITIONAL_ARGS---ignore-unfixed}
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1,ghcr.io/aquasecurity/trivy-java-db:1
-          TRIVY_SCANNERS: vuln,secret
+          TRIVY_SCANNERS: vuln
         run: >
           $SETUP_PATH/trivy fs 
           ${TRIVY_ADDITIONAL_ARGS} 

scanners/boostsecurityio/trivy-fs/module.yaml

@@ -1,3 +1,2 @@
 import:
   - boostsecurityio/sca-cve
-  - boostsecurityio/stored-secrets

scanners/boostsecurityio/trivy-fs/rules.yaml

@@ -14,11 +14,11 @@ config:
 setup:
   - name: download trivy
     environment:
-      VERSION: 0.67.0
-      LINUX_X86_64_SHA: 5b10e9bba00a508b0f3bcb98e78f1039f7eee26b57c9266961a415642a9208ab
-      LINUX_ARM64_SHA: 0f3ac33954dd918cad708bdf06731b4aa8cc14b12e879932b4ceef2f22640a9e
-      MACOS_X86_64_SHA: ae8a13d8c3abf7f7e7981ac1a5f5ec094d68835f2aac67da102d4ba36e820c3c
-      MACOS_ARM64_SHA: feea8727b501f654683774fe0f98a9c1a128c7d8bcd7c942a8e6f6d05b33bd4b
+      VERSION: 0.67.2
+      LINUX_X86_64_SHA: 546511a5514afc813c0b72e4abeea2c16a32228a13a1e5114d927c190e76b1f9
+      LINUX_ARM64_SHA: e4f28390b06cdaaed94f8c49cce2c4c847938b5188aefdeb82453f2e933e57cb
+      MACOS_X86_64_SHA: 4a5b936a8d89b508ecdc6edd65933b6fe3e9a368796cbdf917fd0df393f26542
+      MACOS_ARM64_SHA: 6b3163667f29fc608a2ed647c1bd42023af5779349286148190a168c5b3f28f1
     run: |
       BINARY_URL="https://github.com/aquasecurity/trivy/releases/download/v${VERSION}"
       ARCH=$(uname -m)

scanners/boostsecurityio/trivy-image/module.yaml

@@ -12,11 +12,11 @@ config:
 setup:
   - name: download trivy
     environment:
-      VERSION: 0.67.0
-      LINUX_X86_64_SHA: 5b10e9bba00a508b0f3bcb98e78f1039f7eee26b57c9266961a415642a9208ab
-      LINUX_ARM64_SHA: 0f3ac33954dd918cad708bdf06731b4aa8cc14b12e879932b4ceef2f22640a9e
-      MACOS_X86_64_SHA: ae8a13d8c3abf7f7e7981ac1a5f5ec094d68835f2aac67da102d4ba36e820c3c
-      MACOS_ARM64_SHA: feea8727b501f654683774fe0f98a9c1a128c7d8bcd7c942a8e6f6d05b33bd4b
+      VERSION: 0.67.2
+      LINUX_X86_64_SHA: 546511a5514afc813c0b72e4abeea2c16a32228a13a1e5114d927c190e76b1f9
+      LINUX_ARM64_SHA: e4f28390b06cdaaed94f8c49cce2c4c847938b5188aefdeb82453f2e933e57cb
+      MACOS_X86_64_SHA: 4a5b936a8d89b508ecdc6edd65933b6fe3e9a368796cbdf917fd0df393f26542
+      MACOS_ARM64_SHA: 6b3163667f29fc608a2ed647c1bd42023af5779349286148190a168c5b3f28f1
     run: |
       BINARY_URL="https://github.com/aquasecurity/trivy/releases/download/v${VERSION}"
       ARCH=$(uname -m)

scanners/boostsecurityio/trivy-sbom-image/module.yaml

@@ -56,11 +56,11 @@ setup:
       cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
-      VERSION: 0.67.0
-      LINUX_X86_64_SHA: 5b10e9bba00a508b0f3bcb98e78f1039f7eee26b57c9266961a415642a9208ab
-      LINUX_ARM64_SHA: 0f3ac33954dd918cad708bdf06731b4aa8cc14b12e879932b4ceef2f22640a9e
-      MACOS_X86_64_SHA: ae8a13d8c3abf7f7e7981ac1a5f5ec094d68835f2aac67da102d4ba36e820c3c
-      MACOS_ARM64_SHA: feea8727b501f654683774fe0f98a9c1a128c7d8bcd7c942a8e6f6d05b33bd4b
+      VERSION: 0.67.2
+      LINUX_X86_64_SHA: 546511a5514afc813c0b72e4abeea2c16a32228a13a1e5114d927c190e76b1f9
+      LINUX_ARM64_SHA: e4f28390b06cdaaed94f8c49cce2c4c847938b5188aefdeb82453f2e933e57cb
+      MACOS_X86_64_SHA: 4a5b936a8d89b508ecdc6edd65933b6fe3e9a368796cbdf917fd0df393f26542
+      MACOS_ARM64_SHA: 6b3163667f29fc608a2ed647c1bd42023af5779349286148190a168c5b3f28f1
     run: |
       BINARY_URL="https://github.com/aquasecurity/trivy/releases/download/v${VERSION}"
       ARCH=$(uname -m)