Merge branch 'remove_klar_from_specs' into 'master'

Replaces Klar by Trivy from the specs

See merge request gitlab-org/gitlab!62328

ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb

@@ -320,7 +320,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
         subject { described_class.new(pipeline: pipeline).execute }
 
         it 'returns all vulnerabilities with all scanners available' do
-          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium klar zaproxy]
+          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium trivy zaproxy]
         end
       end
 
@@ -335,11 +335,11 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
 
     context 'by all filters' do
       context 'with found entity' do
-        let(:params) { { report_type: %w[sast dast container_scanning dependency_scanning], scanner: %w[bundler_audit find_sec_bugs gemnasium klar zaproxy], scope: 'all' } }
+        let(:params) { { report_type: %w[sast dast container_scanning dependency_scanning], scanner: %w[bundler_audit find_sec_bugs gemnasium trivy zaproxy], scope: 'all' } }
 
         it 'filters by all params' do
           expect(subject.findings.count).to eq(cs_count + dast_count + ds_count + sast_count)
-          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium klar zaproxy]
+          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium trivy zaproxy]
           expect(subject.findings.map(&:confidence).uniq).to match_array(%w[unknown low medium high])
           expect(subject.findings.map(&:severity).uniq).to match_array(%w[unknown low medium high critical info])
         end

ee/spec/fixtures/security_reports/feature-branch/gl-container-scanning-report.json

@@ -11,8 +11,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade musl from 1.1.18-r3 to 1.1.18-r4",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -42,9 +42,9 @@
   "remediations": [],
   "scan": {
     "scanner": {
-      "id": "clair",
-      "name": "Clair",
-      "url": "https://github.com/coreos/clair",
+      "id": "trivy",
+      "name": "Trivy",
+      "url": "https://github.com/aquasecurity/trivy",
       "vendor": {
         "name": "GitLab"
       },

ee/spec/fixtures/security_reports/master/gl-container-scanning-report.json

@@ -10,8 +10,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade glibc from 2.24-11+deb9u3 to 2.24-11+deb9u4",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -46,8 +46,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade glibc from 2.24-11+deb9u3 to 2.24-11+deb9u4",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -81,8 +81,8 @@
       "severity": "High",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -116,8 +116,8 @@
       "severity": "Medium",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -151,8 +151,8 @@
       "severity": "Low",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -186,8 +186,8 @@
       "severity": "Low",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -221,8 +221,8 @@
       "severity": "Unknown",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -257,8 +257,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade perl from 5.24.1-3+deb9u3 to 5.24.1-3+deb9u5",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -288,9 +288,9 @@
   "remediations": [],
   "scan": {
     "scanner": {
-      "id": "clair",
-      "name": "Clair",
-      "url": "https://github.com/coreos/clair",
+      "id": "trivy",
+      "name": "Trivy",
+      "url": "https://github.com/aquasecurity/trivy",
       "vendor": {
         "name": "GitLab"
       },

ee/spec/fixtures/vulnerabilities/exports/root-security-reports_vulnerabilities_2020-03-12T1235.csv

 Group Name,Project Name,Scanner Type,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2017-16997 in glibc,,CVE-2017-16997 in glibc,critical,CVE-2017-16997
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2017-18269 in glibc,,CVE-2017-18269 in glibc,critical,CVE-2017-18269
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2018-1000001 in glibc,,CVE-2018-1000001 in glibc,high,CVE-2018-1000001
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2016-10228 in glibc,,CVE-2016-10228 in glibc,medium,CVE-2016-10228
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2010-4052 in glibc,,CVE-2010-4052 in glibc,low,CVE-2010-4052
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2018-18520 in elfutils,,CVE-2018-18520 in elfutils,low,CVE-2018-18520
-Gitlab.org,Defend,container_scanning,Clair,detected,CVE-2018-16869 in nettle,,CVE-2018-16869 in nettle,unknown,CVE-2018-16869,CWE-1
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2017-16997 in glibc,,CVE-2017-16997 in glibc,critical,CVE-2017-16997
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2017-18269 in glibc,,CVE-2017-18269 in glibc,critical,CVE-2017-18269
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2018-1000001 in glibc,,CVE-2018-1000001 in glibc,high,CVE-2018-1000001
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2016-10228 in glibc,,CVE-2016-10228 in glibc,medium,CVE-2016-10228
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2010-4052 in glibc,,CVE-2010-4052 in glibc,low,CVE-2010-4052
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2018-18520 in elfutils,,CVE-2018-18520 in elfutils,low,CVE-2018-18520
+Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2018-16869 in nettle,,CVE-2018-16869 in nettle,unknown,CVE-2018-16869,CWE-1
 Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Regular Expression Denial of Service in debug,,Regular Expression Denial of Service in debug,unknown,CVE-2021-1234,CWE-2,"""yarn.lock:debug:gemnasium:37283ed4-0380-40d7-ada7-2d994afcc62a"""
 Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js,,Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js,unknown,,,"""yarn.lock:saml2-js:gemnasium:9952e574-7b5b-46fa-a270-aeb694198a98"""
 Gitlab.org,Defend,sast,Find Security Bugs,detected,Predictable pseudorandom number generator,,Predictable pseudorandom number generator,medium,,,"""818bf5dacb291e15d9e6dc3c5ac32178:PREDICTABLE_RANDOM:src/main/java/com/gitlab/security_products/tests/App.java:47"""

ee/spec/frontend/security_dashboard/store/modules/vulnerabilities/data/mock_data_vulnerabilities.js

@@ -527,8 +527,8 @@ export default [
     confidence: 'unknown',
     url: '/testgroup/testproject/-/security/vulnerabilities/8',
     scanner: {
-      external_id: 'clair',
-      name: 'Clair',
+      external_id: 'trivy',
+      name: 'Trivy',
       vendor: 'GitLab',
     },
     identifiers: [
@@ -585,8 +585,8 @@ export default [
     confidence: 'unknown',
     url: '/testgroup/testproject/-/security/vulnerabilities/9',
     scanner: {
-      external_id: 'clair',
-      name: 'Clair',
+      external_id: 'trivy',
+      name: 'Trivy',
       vendor: 'GitLab',
     },
     identifiers: [

ee/spec/frontend/vue_shared/security_reports/components/vulnerability_details_spec.js

@@ -325,8 +325,8 @@ describe('VulnerabilityDetails component', () => {
       beforeEach(() => {
         const vulnerability = makeVulnerability({
           scanner: {
-            id: 'clair',
-            name: 'Clair',
+            id: 'trivy',
+            name: 'Trivy',
           },
         });
         componentFactory(vulnerability);

ee/spec/lib/ee/gitlab/background_migration/remove_duplicate_cs_findings_spec.rb

@@ -22,7 +22,7 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveDuplicateCsFindings, :migratio
   let!(:project) { projects.create!(id: 12058473, namespace_id: group.id, name: 'gitlab', path: 'gitlab') }
   let!(:user) { users.create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
   let!(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   it 'removes duplicate findings and vulnerabilities' do

ee/spec/lib/ee/gitlab/background_migration/remove_duplicated_cs_findings_without_vulnerability_id_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveDuplicatedCsFindingsWithoutVul
 
   let!(:project) { projects.create!(id: 12058473, namespace_id: group.id, name: 'gitlab', path: 'gitlab') }
   let!(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   it 'removes duplicate findings and vulnerabilities' do

ee/spec/lib/ee/gitlab/background_migration/remove_undefined_occurrence_confidence_level_spec.rb

@@ -20,7 +20,7 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveUndefinedOccurrenceConfidenceL
                           name: 'SECURITY_IDENTIFIER 0')
     end
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vul1 = vulnerabilities.create!(vuln_params(1))
     vulnerabilities.create!(vuln_params(2))

ee/spec/lib/ee/gitlab/background_migration/remove_undefined_occurrence_severity_level_spec.rb

@@ -20,7 +20,7 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveUndefinedOccurrenceSeverityLev
                           name: 'SECURITY_IDENTIFIER 0')
     end
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vul1 = vulnerabilities.create!(vuln_params(1))
     vulnerabilities.create!(vuln_params(2))

ee/spec/lib/ee/gitlab/background_migration/update_location_fingerprint_for_container_scanning_findings_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateLocationFingerprintForContaine
   let!(:project) { projects.create!(id: 123, namespace_id: group.id, name: 'gitlab', path: 'gitlab') }
 
   let!(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   it 'updates location fingerprint' do

ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_from_dismissal_feedback_spec.rb

@@ -25,7 +25,7 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFe
   end
 
   let(:scanner) do
-    scanners.create!(project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   let(:identifier) do

ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_to_dismissed_spec.rb

@@ -20,7 +20,7 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed, :m
   let!(:project) { projects.create!(id: 123, namespace_id: 12, name: 'gitlab', path: 'gitlab') }
 
   let(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   let(:identifier) do

ee/spec/lib/ee/gitlab/background_migration/update_vulnerability_confidence_spec.rb

@@ -20,7 +20,7 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilityConfidence, schem
                           name: 'SECURITY_IDENTIFIER 0')
     end
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vul1 = vulnerabilities.create!(container_scanning_vuln_params(1))
     vulnerabilities.create!(container_scanning_vuln_params(2))

ee/spec/lib/ee/gitlab/usage_data_spec.rb

@@ -581,7 +581,7 @@ RSpec.describe Gitlab::UsageData do
         ds_bundler_audit_build = create(:ci_build, :failed, user: user, name: 'retirejs')
         ds_bundler_build = create(:ci_build, name: 'bundler-audit', user: user, commit_id: ds_build.pipeline.id, status: 'success')
         secret_detection_build = create(:ci_build, name: 'secret', user: user, commit_id: ds_build.pipeline.id, status: 'success')
-        cs_build = create(:ci_build, name: 'klar', user: user, status: 'success')
+        cs_build = create(:ci_build, name: 'container-scanning', user: user, status: 'success')
         sast_build = create(:ci_build, name: 'sast', user: user, status: 'success', retried: true)
         create(:security_scan, build: ds_build, scan_type: 'dependency_scanning' )
         create(:security_scan, build: ds_bundler_build, scan_type: 'dependency_scanning')

ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb

@@ -18,7 +18,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::ContainerScanning do
     it "parses all identifiers and findings for unapproved vulnerabilities" do
       expect(report.findings.length).to eq(8)
       expect(report.identifiers.length).to eq(8)
-      expect(report.scanners.length).to eq(2)
+      expect(report.scanners).to include("trivy")
+      expect(report.scanners.length).to eq(1)
     end
 
     it 'generates expected location' do

ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb

@@ -44,8 +44,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
     end
 
     specify do
-      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0'
-      expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/klar/tmp:glibc'))
+      params[:image] = 'registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0'
+      expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp:glibc'))
     end
 
     specify do

ee/spec/migrations/remove_duplicated_cs_findings_spec.rb

@@ -18,7 +18,7 @@ RSpec.describe RemoveDuplicatedCsFindings, :migration do
   let(:identifiers) { table(:vulnerability_identifiers) }
   let!(:project) { projects.create!(id: 12058473, namespace_id: group.id, name: 'gitlab', path: 'gitlab') }
   let!(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   before do

ee/spec/migrations/remove_duplicated_cs_findings_without_vulnerability_id_spec.rb

@@ -20,7 +20,7 @@ RSpec.describe RemoveDuplicatedCsFindingsWithoutVulnerabilityId, :migration do
 
   let!(:project) { projects.create!(id: 12058473, namespace_id: group.id, name: 'gitlab', path: 'gitlab') }
   let!(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   before do

ee/spec/migrations/update_cs_vulnerability_confidence_column_spec.rb

@@ -34,7 +34,7 @@ RSpec.describe UpdateCsVulnerabilityConfidenceColumn do
                         external_id: 'SECURITY_0',
                         name: 'SECURITY_IDENTIFIER 0')
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vulnerabilities.create!(id: 1,
                             severity: 2,

ee/spec/migrations/update_location_fingerprint_column_for_cs_spec.rb

@@ -15,7 +15,7 @@ RSpec.describe UpdateLocationFingerprintColumnForCs, :migration do
   let!(:project) { projects.create!(id: 123, namespace_id: group.id, name: 'gitlab', path: 'gitlab') }
 
   let!(:scanner) do
-    scanners.create!(id: 6, project_id: project.id, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
   end
 
   let!(:user) do

ee/spec/migrations/update_occurrence_severity_column_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe UpdateOccurrenceSeverityColumn do
                         external_id: 'SECURITY_0',
                         name: 'SECURITY_IDENTIFIER 0')
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vulnerabilities.create!(severity: 0,
                             confidence: 5,
@@ -80,7 +80,7 @@ RSpec.describe UpdateOccurrenceSeverityColumn do
                         external_id: 'SECURITY_0',
                         name: 'SECURITY_IDENTIFIER 0')
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vulnerabilities.create!(severity: 0,
                             confidence: 5,

ee/spec/migrations/update_undefined_confidence_from_occurrences_spec.rb

@@ -34,7 +34,7 @@ RSpec.describe UpdateUndefinedConfidenceFromOccurrences, :migration do
                         external_id: 'SECURITY_0',
                         name: 'SECURITY_IDENTIFIER 0')
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vulnerabilities.create!(id: vul1[:id],
                             confidence: 0,
@@ -83,7 +83,7 @@ RSpec.describe UpdateUndefinedConfidenceFromOccurrences, :migration do
                         external_id: 'SECURITY_0',
                         name: 'SECURITY_IDENTIFIER 0')
 
-    scanners.create!(id: 6, project_id: 123, external_id: 'clair', name: 'Security Scanner')
+    scanners.create!(id: 6, project_id: 123, external_id: 'trivy', name: 'Security Scanner')
 
     vulnerabilities.create!(id: vul1[:id],
                             confidence: 0,

qa/qa/ee/fixtures/secure_premade_reports/gl-container-scanning-report.json

@@ -10,8 +10,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade glibc from 2.24-11+deb9u3 to 2.24-11+deb9u4",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -46,8 +46,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade glibc from 2.24-11+deb9u3 to 2.24-11+deb9u4",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -81,8 +81,8 @@
       "severity": "High",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -116,8 +116,8 @@
       "severity": "Medium",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -151,8 +151,8 @@
       "severity": "Low",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -186,8 +186,8 @@
       "severity": "Low",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -221,8 +221,8 @@
       "severity": "Unknown",
       "confidence": "Unknown",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {
@@ -257,8 +257,8 @@
       "confidence": "Unknown",
       "solution": "Upgrade perl from 5.24.1-3+deb9u3 to 5.24.1-3+deb9u5",
       "scanner": {
-        "id": "klar",
-        "name": "klar"
+        "id": "trivy",
+        "name": "trivy"
       },
       "location": {
         "dependency": {