feat(misconf): Fetch policies from OCI registry (#3015)

Signed-off-by: Simar <simar@linux.com>

pkg/commands/operation/operation.go

@@ -6,6 +6,8 @@ import (
 	"os"
 	"strings"
 
+	"github.com/aquasecurity/trivy/pkg/policy"
+
 	"github.com/samber/lo"
 
 	"github.com/aquasecurity/trivy/pkg/flag"
@@ -135,3 +137,38 @@ func showDBInfo(cacheDir string) error {
 		meta.Version, meta.UpdatedAt, meta.NextUpdate, meta.DownloadedAt)
 	return nil
 }
+
+// InitBuiltinPolicies downloads the built-in policies and loads them
+func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate bool) ([]string, error) {
+	client, err := policy.NewClient(cacheDir, quiet)
+	if err != nil {
+		return nil, xerrors.Errorf("policy client error: %w", err)
+	}
+
+	needsUpdate := false
+	if !skipUpdate {
+		needsUpdate, err = client.NeedsUpdate()
+		if err != nil {
+			return nil, xerrors.Errorf("unable to check if built-in policies need to be updated: %w", err)
+		}
+	}
+
+	if needsUpdate {
+		log.Logger.Info("Need to update the built-in policies")
+		log.Logger.Info("Downloading the built-in policies...")
+		if err = client.DownloadBuiltinPolicies(ctx); err != nil {
+			return nil, xerrors.Errorf("failed to download built-in policies: %w", err)
+		}
+	}
+
+	policyPaths, err := client.LoadBuiltinPolicies()
+	if err != nil {
+		if skipUpdate {
+			msg := "No downloadable policies were loaded as --skip-policy-update is enabled"
+			log.Logger.Info(msg)
+			return nil, xerrors.Errorf(msg)
+		}
+		return nil, xerrors.Errorf("policy load error: %w", err)
+	}
+	return policyPaths, nil
+}