diff --git a/.fpm b/.fpm index 607e163..01dbdfd 100644 --- a/.fpm +++ b/.fpm @@ -3,3 +3,4 @@ --description "Defguard Edge service" --url "https://defguard.net/" --maintainer "Defguard" +--config-files /etc/defguard/proxy.toml diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index c2b99e5..c0fb5c0 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -69,7 +69,7 @@ jobs: cache-to: type=gha,mode=max - name: Scan image with Trivy - uses: aquasecurity/trivy-action@0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}" format: "table" diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 5afa8f4..030dc5e 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -33,7 +33,7 @@ jobs: submodules: recursive - name: Create SBOM with Trivy - uses: aquasecurity/trivy-action@0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 with: scan-type: 'fs' format: 'spdx-json' @@ -43,7 +43,7 @@ jobs: scanners: "vuln" - name: Create Docker image SBOM with Trivy - uses: aquasecurity/trivy-action@0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: "ghcr.io/defguard/defguard-proxy:${{ steps.vars.outputs.VERSION }}" scan-type: 'image' @@ -53,7 +53,7 @@ jobs: scanners: "vuln" - name: Create security advisory file with Trivy - uses: aquasecurity/trivy-action@0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 with: scan-type: 'fs' format: 'json' @@ -63,7 +63,7 @@ jobs: scanners: "vuln" - name: Create Docker image security advisory file with Trivy - uses: aquasecurity/trivy-action@0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: "ghcr.io/defguard/defguard-proxy:${{ steps.vars.outputs.VERSION }}" scan-type: 'image' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9a63987..345db11 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -37,7 +37,10 @@ jobs: submodules: recursive - name: Scan code with Trivy - uses: aquasecurity/trivy-action@0.35.0 + uses: aquasecurity/trivy-action@v0.36.0 + env: + TRIVY_IGNOREFILE: ".trivyignore.yaml" + TRIVY_SHOW_SUPPRESSED: 1 with: scan-type: 'fs' scan-ref: '.' diff --git a/.trivyignore.yaml b/.trivyignore.yaml new file mode 100644 index 0000000..473a01f --- /dev/null +++ b/.trivyignore.yaml @@ -0,0 +1,4 @@ +vulnerabilities: + - id: GHSA-w5hq-g745-h8pq + expired_at: 2026-04-30 + statement: 'Not yet fixed in dependencies' diff --git a/Cargo.lock b/Cargo.lock index bf761b3..801c1d4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3737,9 +3737,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.38" +version = "0.23.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21" +checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e" dependencies = [ "aws-lc-rs", "log", diff --git a/freebsd/defguard-proxy b/freebsd/defguard-proxy index 6d54ff6..47b544b 100644 --- a/freebsd/defguard-proxy +++ b/freebsd/defguard-proxy @@ -6,15 +6,14 @@ . /etc/rc.subr -name="defguard" -rcvar=defguard_enable +name="defguard_proxy" +rcvar=defguard_proxy_enable command="/usr/local/bin/defguard-proxy" config="/etc/defguard/proxy.toml" -start_cmd="${name}_start" +start_cmd="${name}_proxy_start" -defguard_start() -{ - ${command} --config ${config} & +defguard_proxy_start() { + ${command} --config ${config} & } load_rc_config $name diff --git a/linux/defguard-proxy.service b/linux/defguard-proxy.service index ce614ee..3524e49 100644 --- a/linux/defguard-proxy.service +++ b/linux/defguard-proxy.service @@ -1,6 +1,6 @@ [Unit] Description=Defguard Edge service -Documentation=https://defguard.gitbook.io/defguard/ +Documentation=https://docs.defguard.net/ Wants=network-online.target After=network-online.target