Skip to content

Commit c3abb28

Browse files
committed
update to trivy 0.71.2
1 parent 8aaa496 commit c3abb28

3 files changed

Lines changed: 87 additions & 13 deletions

File tree

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## [0.71.2.1] - 2026-06-23
9+
10+
### Changed
11+
- Updated Trivy binary from v0.70.0 to v0.71.2
12+
- Updated all platform binary checksums
13+
814
## [0.70.0.1] - 2026-04-26
915

1016
### Changed

CLAUDE.md

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
# CLAUDE.md
2+
3+
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
4+
5+
## What this is
6+
7+
`trivy-py-ecc` is a **pip-installable wrapper around the [Trivy](https://trivy.dev/) binary**. It contains
8+
no application source code — at install time, `setuptools-download` fetches the correct pre-built Trivy
9+
binary for the host platform and installs it as a console entry point named `trivy` (`trivy.exe` on Windows).
10+
It doubles as a [pre-commit](https://pre-commit.com) hook provider (`trivy-fs`, `trivy-config`).
11+
12+
The package is published under the eccenca org but mirrors upstream `trivy-py` (by asottile). Recent commits
13+
merge from `upstream/main`.
14+
15+
## Architecture
16+
17+
The entire mechanism lives in two declarative files — there is no runtime Python logic to read:
18+
19+
- **`setup.cfg`** — the heart of the project. The `[setuptools_download]` section declares one `[trivy]`
20+
download entry per platform (Linux x86_64/aarch64/armv7l, macOS arm64/x86_64, Windows). Each entry pins a
21+
release `url`, a `sha256` checksum, and an `extract_path`. The `marker` lines select which binary installs
22+
on a given platform. The package version in `[metadata]` (e.g. `0.70.0.1`) encodes the wrapped Trivy
23+
version `0.70.0` plus a wrapper revision suffix.
24+
- **`setup.py`** — only customizes wheel building: a `bdist_wheel` subclass marks the wheel as non-pure
25+
(platform-specific) and rewrites `linux` platform tags to `manylinux2014` for PyPI compatibility. The
26+
`py2.py3` / `none` tag reflects that the wheel carries a binary, not Python code.
27+
- **`.pre-commit-hooks.yaml`** — defines the `trivy-fs` (filesystem vuln scan) and `trivy-config` (IaC
28+
misconfig scan) hooks consumers reference in their `.pre-commit-config.yaml`.
29+
30+
## The one task that matters: bumping the Trivy version
31+
32+
This repo's lifecycle is almost entirely "update to a new Trivy release" (see `CHANGELOG.md` history). To do it:
33+
34+
1. In `setup.cfg`, update `version` under `[metadata]` to `<trivy-version>.<wrapper-rev>`.
35+
2. In **every** `[trivy]`/`[trivy.exe]` block, update both the `url` (release version) **and** the matching
36+
`sha256`. All 6 platform entries must point at the same Trivy release. Get checksums from the Trivy
37+
release `*.tar.gz`/`*.zip` assets — a stale or mismatched `sha256` makes install fail on that platform.
38+
3. Add a dated entry to `CHANGELOG.md` (Keep a Changelog format, semver).
39+
40+
Publishing is automated: pushing a `v*` tag triggers `.github/workflows/publish.yml` to build and `twine
41+
upload` to PyPI.
42+
43+
## Commands
44+
45+
```bash
46+
# Run the full test matrix (installs the binary, runs pre-commit)
47+
tox
48+
49+
# The "tests" — tox's [testenv] just verifies the downloaded binary runs:
50+
trivy --version
51+
trivy --help
52+
53+
# Lint / format (also the pre-commit testenv)
54+
pre-commit run --all-files
55+
56+
# Local install to test the download mechanism end-to-end
57+
pip install .
58+
```
59+
60+
There is no unit-test suite; `tox` validates that the platform binary downloads and executes, then runs
61+
pre-commit (flake8, autopep8, pyupgrade, reorder-python-imports, etc. — config in `.pre-commit-config.yaml`).
62+
63+
## Conventions
64+
65+
- Python ≥ 3.9; code style enforced entirely by pre-commit. New `.py` files must start with
66+
`from __future__ import annotations` (added automatically by `reorder-python-imports`).
67+
- This is a mirror — prefer keeping `setup.py`/wheel-tagging logic aligned with upstream `trivy-py` unless an
68+
eccenca-specific change is intended.

setup.cfg

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[metadata]
22
name = trivy-py-ecc
3-
version = 0.70.0.1
3+
version = 0.71.2.1
44
description = Python wrapper around invoking trivy (https://trivy.dev/)
55
long_description = file: README.md
66
long_description_content_type = text/markdown
@@ -25,48 +25,48 @@ download_scripts =
2525
[trivy]
2626
group = trivy-binary
2727
marker = sys_platform == "linux" and platform_machine == "x86_64"
28-
url = https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_Linux-64bit.tar.gz
29-
sha256 = 8b4376d5d6befe5c24d503f10ff136d9e0c49f9127a4279fd110b727929a5aa9
28+
url = https://github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_Linux-64bit.tar.gz
29+
sha256 = 0510e71e2fd39bf863856d499c8dc19feb4e7336546394c502a8f5cc7ab27460
3030
extract = tar
3131
extract_path = trivy
3232

3333
[trivy]
3434
group = trivy-binary
3535
marker = sys_platform == "linux" and platform_machine == "aarch64"
36-
url = https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_Linux-ARM64.tar.gz
37-
sha256 = 2f6bb988b553a1bbac6bdd1ce890f5e412439564e17522b88a4541b4f364fc8d
36+
url = https://github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_Linux-ARM64.tar.gz
37+
sha256 = fe1c7106e15a5365d485b098a8c338f91e3b7ba71cb0e4963b98a3a098763cfc
3838
extract = tar
3939
extract_path = trivy
4040

4141
[trivy]
4242
group = trivy-binary
4343
marker = sys_platform == "linux" and platform_machine == "armv7l"
44-
url = https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_Linux-ARM.tar.gz
45-
sha256 = 12537cc6bf3f45e28e0b6b8bea0382ec9fabb468e0c3372e376474d5002c2ffe
44+
url = https://github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_Linux-ARM.tar.gz
45+
sha256 = 8ba4ebfdd644a81accfb45cb929393aef445640b9b7b8e525cac32ad0b81a3f4
4646
extract = tar
4747
extract_path = trivy
4848

4949
[trivy]
5050
group = trivy-binary
5151
marker = sys_platform == "darwin" and platform_machine == "arm64"
52-
url = https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_macOS-ARM64.tar.gz
53-
sha256 = 68e543c51dcc96e1c344053a4fde9660cf602c25565d9f09dc17dd41e13b838a
52+
url = https://github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_macOS-ARM64.tar.gz
53+
sha256 = a9f585cad53542a54ef286b5fa4199d081e5a061f8894635bdf3ce2608ece7a9
5454
extract = tar
5555
extract_path = trivy
5656

5757
[trivy]
5858
group = trivy-binary
5959
marker = sys_platform == "darwin" and platform_machine == "x86_64"
60-
url = https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_macOS-64bit.tar.gz
61-
sha256 = 52d531452b19e7593da29366007d02a810e1e0080d02f9cf6a1afb46c35aaa93
60+
url = https://github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_macOS-64bit.tar.gz
61+
sha256 = c27bcf4ddd281aecb7267eb5df804ec49ac0f8fa23fe018d33932e17f30a38bf
6262
extract = tar
6363
extract_path = trivy
6464

6565
[trivy.exe]
6666
group = trivy-binary
6767
marker = sys_platform == "win32" and platform_machine == "AMD64"
6868
marker = sys_platform == "cygwin" and platform_machine == "x86_64"
69-
url = https://github.com/aquasecurity/trivy/releases/download/v0.70.0/trivy_0.70.0_windows-64bit.zip
70-
sha256 = eea5442eab86f9e26cd718d7618d43899e72a83767619e8bee47911bddbfb825
69+
url = https://github.com/aquasecurity/trivy/releases/download/v0.71.2/trivy_0.71.2_windows-64bit.zip
70+
sha256 = ea31c2a927382410cfa2b4eb5970aed62308cf28902e1d167ea36bbfa0515095
7171
extract = zip
7272
extract_path = trivy.exe

0 commit comments

Comments
 (0)