feat: support config scanning (#931)

2025-12-22 07:10:41 -08:00 · 2021-07-09 08:18:53 +03:00
parent 712f9eba35
commit a0e5c3a2e2
122 changed files with 4499 additions and 1226 deletions
--- a/pkg/commands/operation/operation.go
+++ b/pkg/commands/operation/operation.go
@@ -13,6 +13,7 @@ import (
 	"github.com/aquasecurity/fanal/cache"
 	"github.com/aquasecurity/trivy/pkg/db"
 	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/policy"
 	"github.com/aquasecurity/trivy/pkg/utils"
 )

@@ -102,6 +103,40 @@ func DownloadDB(appVersion, cacheDir string, quiet, light, skipUpdate bool) erro
 	return nil
 }

+// InitBuiltinPolicies downloads the builtin policies and loads them
+func InitBuiltinPolicies(ctx context.Context, skipUpdate bool) ([]string, error) {
+	client, err := policy.NewClient()
+	if err != nil {
+		return nil, xerrors.Errorf("policy client error: %w", err)
+	}
+
+	needsUpdate := false
+	if !skipUpdate {
+		needsUpdate, err = client.NeedsUpdate()
+		if err != nil {
+			return nil, xerrors.Errorf("unable to check if builtin policies need to be updated: %w", err)
+		}
+	}
+
+	if needsUpdate {
+		log.Logger.Info("Need to update the builtin policies")
+		log.Logger.Info("Downloading the builtin policies...")
+		if err = client.DownloadBuiltinPolicies(ctx); err != nil {
+			return nil, xerrors.Errorf("failed to download builtin policies: %w", err)
+		}
+	}
+
+	policyPaths, err := client.LoadBuiltinPolicies()
+	if err != nil {
+		if skipUpdate {
+			log.Logger.Info("No builtin policies were loaded")
+			return nil, nil
+		}
+		return nil, xerrors.Errorf("policy load error: %w", err)
+	}
+	return policyPaths, nil
+}
+
 func showDBInfo(cacheDir string) error {
 	m := db.NewMetadata(afero.NewOsFs(), cacheDir)
 	metadata, err := m.Get()