# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 inherit go-module DESCRIPTION="Vulnerability scanner for container images, file systems, and Git repos" HOMEPAGE="https://trivy.dev https://github.com/aquasecurity/trivy" SRC_URI="https://github.com/aquasecurity/trivy/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="Apache-2.0" # Dependent (bundled, statically linked) Go module licenses LICENSE+=" BSD BSD-2 ISC MIT MPL-2.0 Unlicense" SLOT="0" KEYWORDS="~amd64" # Go modules are downloaded in src_unpack (upstream stopped publishing a vendor # tarball after v0.55.2), so the network sandbox must be disabled. Tests need # network/registry fixtures and are restricted. RESTRICT="network-sandbox test" BDEPEND=">=dev-lang/go-1.26.3" src_unpack() { default cd "${S}" || die ego mod download } src_compile() { # Trivy (pkg/x/json) uses the experimental encoding/json/v2 stdlib API, # which is gated behind the jsonv2 Go experiment. export GOEXPERIMENT=jsonv2 ego build \ -ldflags="-s -X github.com/aquasecurity/trivy/pkg/version/app.ver=${PV}" \ -o trivy ./cmd/trivy } src_install() { dobin trivy einstalldocs }