feat(vex): VEX Repository support (#7206)

Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
2025-12-23 15:37:50 -08:00 · 2024-07-25 16:18:37 +04:00
parent 174b1e3515
commit 88ba46047c
77 changed files with 3505 additions and 651 deletions
--- a/pkg/commands/app.go
+++ b/pkg/commands/app.go
@@ -27,6 +27,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/version"
 	"github.com/aquasecurity/trivy/pkg/version/app"
+	vexrepo "github.com/aquasecurity/trivy/pkg/vex/repo"
 	xstrings "github.com/aquasecurity/trivy/pkg/x/strings"
 )

@@ -98,6 +99,7 @@ func NewApp() *cobra.Command {
 		NewVersionCommand(globalFlags),
 		NewVMCommand(globalFlags),
 		NewCleanCommand(globalFlags),
+		NewVEXCommand(globalFlags),
 	)

 	if plugins := loadPluginCommands(); len(plugins) > 0 {
@@ -1228,6 +1230,92 @@ func NewCleanCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	return cmd
 }

+func NewVEXCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
+	vexFlags := &flag.Flags{
+		GlobalFlagGroup: globalFlags,
+	}
+	var vexOptions flag.Options
+	cmd := &cobra.Command{
+		Use:           "vex subcommand",
+		GroupID:       groupManagement,
+		Short:         "[EXPERIMENTAL] VEX utilities",
+		SilenceErrors: true,
+		SilenceUsage:  true,
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) (err error) {
+			cmd.SetContext(log.WithContextPrefix(cmd.Context(), "vex"))
+
+			vexOptions, err = vexFlags.ToOptions(args)
+			if err != nil {
+				return err
+			}
+			return nil
+		},
+	}
+
+	repoCmd := &cobra.Command{
+		Use:           "repo subcommand",
+		Short:         "Manage VEX repositories",
+		SilenceErrors: true,
+		SilenceUsage:  true,
+		Example: `  # Initialize the configuration file
+  $ trivy vex repo init
+
+  # List VEX repositories
+  $ trivy vex repo list
+
+  # Download the VEX repositories
+  $ trivy vex repo download
+`,
+	}
+
+	repoCmd.AddCommand(
+		&cobra.Command{
+			Use:           "init",
+			Short:         "Initialize a configuration file",
+			SilenceErrors: true,
+			SilenceUsage:  true,
+			Args:          cobra.ExactArgs(0),
+			RunE: func(cmd *cobra.Command, args []string) error {
+				if err := vexrepo.NewManager(vexOptions.CacheDir).Init(cmd.Context()); err != nil {
+					return xerrors.Errorf("config init error: %w", err)
+				}
+				return nil
+			},
+		},
+		&cobra.Command{
+			Use:           "list",
+			Short:         "List VEX repositories",
+			SilenceErrors: true,
+			SilenceUsage:  true,
+			Args:          cobra.ExactArgs(0),
+			RunE: func(cmd *cobra.Command, args []string) error {
+				if err := vexrepo.NewManager(vexOptions.CacheDir).List(cmd.Context()); err != nil {
+					return xerrors.Errorf("list error: %w", err)
+				}
+				return nil
+			},
+		},
+		&cobra.Command{
+			Use:           "download [REPO_NAMES]",
+			Short:         "Download the VEX repositories",
+			Long:          `Downloads enabled VEX repositories. If specific repository names are provided as arguments, only those repositories will be downloaded. Otherwise, all enabled repositories are downloaded.`,
+			SilenceErrors: true,
+			SilenceUsage:  true,
+			RunE: func(cmd *cobra.Command, args []string) error {
+				err := vexrepo.NewManager(vexOptions.CacheDir).DownloadRepositories(cmd.Context(), args,
+					vexrepo.Options{Insecure: vexOptions.Insecure})
+				if err != nil {
+					return xerrors.Errorf("repository download error: %w", err)
+				}
+				return nil
+			},
+		},
+	)
+
+	cmd.AddCommand(repoCmd)
+	return cmd
+}
+
 func NewVersionCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	var versionFormat string
 	cmd := &cobra.Command{