feat(misconf): Add --reset-policy-bundle for policy bundle (#4167)

pkg/commands/app.go

@@ -1160,7 +1160,7 @@ func validateArgs(cmd *cobra.Command, args []string) error {
 	// '--clear-cache', '--download-db-only', '--download-java-db-only', '--reset' and '--generate-default-config' don't conduct the subsequent scanning
 	if viper.GetBool(flag.ClearCacheFlag.ConfigName) || viper.GetBool(flag.DownloadDBOnlyFlag.ConfigName) ||
 		viper.GetBool(flag.ResetFlag.ConfigName) || viper.GetBool(flag.GenerateDefaultConfigFlag.ConfigName) ||
-		viper.GetBool(flag.DownloadJavaDBOnlyFlag.ConfigName) {
+		viper.GetBool(flag.DownloadJavaDBOnlyFlag.ConfigName) || viper.GetBool(flag.ResetPolicyBundleFlag.ConfigName) {
 		return nil
 	}
 

pkg/commands/artifact/run.go

@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/aquasecurity/trivy/pkg/policy"
+
 	"github.com/hashicorp/go-multierror"
 	"github.com/spf13/viper"
 	"golang.org/x/exp/slices"
@@ -387,6 +389,18 @@ func (r *runner) initCache(opts flag.Options) error {
 		}
 		return SkipScan
 	}
+
+	if opts.ResetPolicyBundle {
+		c, err := policy.NewClient(fsutils.CacheDir(), true)
+		if err != nil {
+			return xerrors.Errorf("failed to instantiate policy client: %w", err)
+		}
+		if err := c.Clear(); err != nil {
+			return xerrors.Errorf("failed to remove the cache: %w", err)
+		}
+		return SkipScan
+	}
+
 	if opts.ClearCache {
 		defer cacheClient.Close()
 		if err = cacheClient.ClearArtifacts(); err != nil {