Skip to content

Fix failing TrivyAnalysisTaskIntegrationTest#5231

Merged
nscuro merged 1 commit intoDependencyTrack:masterfrom
nscuro:fix-trivy-analysis-it
Aug 25, 2025
Merged

Fix failing TrivyAnalysisTaskIntegrationTest#5231
nscuro merged 1 commit intoDependencyTrack:masterfrom
nscuro:fix-trivy-analysis-it

Conversation

@nscuro
Copy link
Copy Markdown
Member

@nscuro nscuro commented Aug 25, 2025

Description

Fixes failing TrivyAnalysisTaskIntegrationTest.

Addressed Issue

N/A

Additional Details

CVE-2016-20013 is no longer reported because Ubuntu has changed its status to "ignored": https://ubuntu.com/security/CVE-2016-20013#status

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added this to the 4.14.0 milestone Aug 25, 2025
Copilot AI review requested due to automatic review settings August 25, 2025 15:44
@nscuro nscuro added the defect Something isn't working label Aug 25, 2025
@owasp-dt-bot
Copy link
Copy Markdown

owasp-dt-bot commented Aug 25, 2025

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

Copilot AI reviewed Aug 25, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a failing integration test for the TrivyAnalysisTask by updating the expected CVE reference from CVE-2016-20013 to CVE-2025-4802, as the original CVE is no longer reported by Ubuntu's security database (marked as "ignored").

  • Updates the CVE ID expectation in the test assertion
  • Changes the title assertion from expecting blank to non-blank for the new CVE

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@nscuro
Copy link
Copy Markdown
Member Author

nscuro commented Aug 25, 2025

Remaining test failure is due to ComposerMetaAnalyzerTest. It's unrelated and needs to be addressed separately.

@nscuro nscuro merged commit 893a268 into DependencyTrack:master Aug 25, 2025
8 of 9 checks passed
@nscuro nscuro deleted the fix-trivy-analysis-it branch August 25, 2025 16:11
@nscuro nscuro mentioned this pull request Aug 25, 2025
Merged
2 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 25, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

defect Something isn't working

Projects

None yet

Milestone

4.14.0

Development

Successfully merging this pull request may close these issues.

3 participants

@nscuro @owasp-dt-bot