fix: not recommended patterns are now included in semgrep config CF-1809

pedrobpereira · pedrobpereira · commit a30823cc1c6e · 2025-09-17T10:06:28.000+01:00
diff --git a/cmd/init_test.go b/cmd/init_test.go
@@ -25,7 +25,7 @@ func TestConfigFileTemplate(t *testing.T) {
 				"node@22.2.0",
 				"python@3.11.11",
 				"eslint@8.57.0",
-				"trivy@0.65.0",
+				"trivy@0.66.0",
 				"pylint@3.3.6",
 				"pmd@7.11.0",
 			},
diff --git a/integration-tests/config-discover/expected/codacy.yaml b/integration-tests/config-discover/expected/codacy.yaml
@@ -10,4 +10,4 @@ tools:
     - pmd@7.11.0
     - pylint@3.3.6
     - semgrep@1.78.0
-    - trivy@0.65.0
+    - trivy@0.66.0
diff --git a/integration-tests/init-with-token/expected/codacy.yaml b/integration-tests/init-with-token/expected/codacy.yaml
@@ -8,4 +8,4 @@ tools:
     - pmd@6.55.0
     - pylint@3.3.7
     - semgrep@1.78.0
-    - trivy@0.65.0
+    - trivy@0.66.0
diff --git a/integration-tests/init-without-token/expected/codacy.yaml b/integration-tests/init-without-token/expected/codacy.yaml
@@ -12,4 +12,4 @@ tools:
     - pylint@3.3.6
     - revive@1.7.0
     - semgrep@1.78.0
-    - trivy@0.65.0
+    - trivy@0.66.0
diff --git a/plugins/tools/trivy/plugin.yaml b/plugins/tools/trivy/plugin.yaml
@@ -1,6 +1,6 @@
 name: trivy
 description: Trivy is a comprehensive security scanner for containers and other artifacts.
-default_version: 0.65.0
+default_version: 0.66.0
 download:
   url_template: "https://github.com/aquasecurity/trivy/releases/download/v{{.Version}}/trivy_{{.Version}}_{{.OS}}-{{.Arch}}.{{.Extension}}"
   file_name_template: "trivy_{{.Version}}_{{.OS}}_{{.Arch}}"
diff --git a/plugins/tools/trivy/test/expected.sarif b/plugins/tools/trivy/test/expected.sarif
@@ -34,7 +34,7 @@
             "text": "Package: brace-expansion\nInstalled Version: 1.1.11\nVulnerability CVE-2025-5889\nSeverity: LOW\nFixed Version: 2.0.2, 1.1.12, 3.0.1, 4.0.1\nLink: [CVE-2025-5889](https://avd.aquasec.com/nvd/cve-2025-5889)"
           },
           "ruleId": "CVE-2025-5889",
-          "ruleIndex": 0
+          "ruleIndex": 4
         },
         {
           "level": "error",
@@ -115,7 +115,7 @@
             "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2021-33203\nSeverity: MEDIUM\nFixed Version: 2.2.24, 3.1.12, 3.2.4\nLink: [CVE-2021-33203](https://avd.aquasec.com/nvd/cve-2021-33203)"
           },
           "ruleId": "CVE-2021-33203",
-          "ruleIndex": 3
+          "ruleIndex": 5
         },
         {
           "level": "warning",
@@ -142,7 +142,34 @@
             "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2024-45231\nSeverity: MEDIUM\nFixed Version: 5.1.1, 5.0.9, 4.2.16\nLink: [CVE-2024-45231](https://avd.aquasec.com/nvd/cve-2024-45231)"
           },
           "ruleId": "CVE-2024-45231",
-          "ruleIndex": 4
+          "ruleIndex": 6
+        },
+        {
+          "level": "error",
+          "locations": [
+            {
+              "message": {
+                "text": "requirements.txt: django@1.11.29"
+              },
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "requirements.txt",
+                  "uriBaseId": "ROOTPATH"
+                },
+                "region": {
+                  "endColumn": 1,
+                  "endLine": 1,
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-57833\nSeverity: HIGH\nFixed Version: 4.2.24, 5.1.12, 5.2.6\nLink: [CVE-2025-57833](https://avd.aquasec.com/nvd/cve-2025-57833)"
+          },
+          "ruleId": "CVE-2025-57833",
+          "ruleIndex": 3
         },
         {
           "level": "warning",
@@ -178,10 +205,10 @@
           "informationUri": "https://github.com/aquasecurity/trivy",
           "name": "Trivy",
           "rules": null,
-          "version": "0.65.0"
+          "version": "0.66.0"
         }
       }
     }
   ],
   "version": "2.1.0"
-}
+}
diff --git a/tools/semgrepConfigCreator.go b/tools/semgrepConfigCreator.go
@@ -35,7 +35,7 @@ func FilterRulesFromFile(rulesData []byte, config []domain.PatternConfiguration)
 	// Create a map of enabled pattern IDs for faster lookup
 	enabledPatterns := make(map[string]bool)
 	for _, pattern := range config {
-		if pattern.Enabled && pattern.PatternDefinition.Enabled {
+		if pattern.Enabled {
 			// Extract rule ID from pattern ID
 			parts := strings.SplitN(pattern.PatternDefinition.Id, "_", 2)
 			if len(parts) == 2 {
diff --git a/tools/testdata/repositories/trivy/expected.sarif b/tools/testdata/repositories/trivy/expected.sarif
@@ -37,7 +37,7 @@
               }
             }
           ],
-          "version": "0.65.0"
+          "version": "0.66.0"
         }
       },
       "results": [

-Original file line number
+Diff line change
 				"[email protected]",
 				"[email protected]",
 				"[email protected]",
 -				"trivy@0.65.0",
 +				"trivy@0.66.0",
 				"[email protected]",
 				"[email protected]",
 			},
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`	`],`
`40`		`- "version": "0.65.0"`
	`40`	`+ "version": "0.66.0"`
`41`	`41`	`}`
`42`	`42`	`},`
`43`	`43`	`"results": [`