mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-23 07:29:00 -08:00
Add --refresh option
This commit is contained in:
knqyf263
@@ -81,6 +81,10 @@ OPTIONS:
|
|||||||
Name: "ignore-unfixed",
|
Name: "ignore-unfixed",
|
||||||
Usage: "display only fixed vulnerabilities",
|
Usage: "display only fixed vulnerabilities",
|
||||||
},
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "refresh",
|
||||||
|
Usage: "refresh DB (usually used after version update of trivy)",
|
||||||
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "debug, d",
|
Name: "debug, d",
|
||||||
Usage: "debug mode",
|
Usage: "debug mode",
|
||||||
|
|||||||
32
pkg/db/db.go
32
pkg/db/db.go
@@ -2,10 +2,11 @@ package db
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"github.com/knqyf263/trivy/pkg/log"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
|
"github.com/knqyf263/trivy/pkg/log"
|
||||||
|
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
"github.com/knqyf263/trivy/pkg/utils"
|
"github.com/knqyf263/trivy/pkg/utils"
|
||||||
@@ -15,10 +16,10 @@ import (
|
|||||||
|
|
||||||
var (
|
var (
|
||||||
db *bolt.DB
|
db *bolt.DB
|
||||||
|
dbDir = filepath.Join(utils.CacheDir(), "db")
|
||||||
)
|
)
|
||||||
|
|
||||||
func Init() (err error) {
|
func Init() (err error) {
|
||||||
dbDir := filepath.Join(utils.CacheDir(), "db")
|
|
||||||
if err = os.MkdirAll(dbDir, 0700); err != nil {
|
if err = os.MkdirAll(dbDir, 0700); err != nil {
|
||||||
return xerrors.Errorf("failed to mkdir: %w", err)
|
return xerrors.Errorf("failed to mkdir: %w", err)
|
||||||
}
|
}
|
||||||
@@ -32,6 +33,33 @@ func Init() (err error) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Reset() error {
|
||||||
|
if err := os.RemoveAll(dbDir); err != nil {
|
||||||
|
return xerrors.Errorf("failed to reset DB: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetVersion() string {
|
||||||
|
var version string
|
||||||
|
value, err := Get("trivy", "metadata", "version")
|
||||||
|
if err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
if err = json.Unmarshal(value, &version); err != nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return version
|
||||||
|
}
|
||||||
|
|
||||||
|
func SetVersion(version string) error {
|
||||||
|
err := Update("trivy", "metadata", "version", version)
|
||||||
|
if err != nil {
|
||||||
|
return xerrors.Errorf("failed to save DB version: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func Update(rootBucket, nestedBucket, key string, value interface{}) error {
|
func Update(rootBucket, nestedBucket, key string, value interface{}) error {
|
||||||
err := db.Update(func(tx *bolt.Tx) error {
|
err := db.Update(func(tx *bolt.Tx) error {
|
||||||
return PutNestedBucket(tx, rootBucket, nestedBucket, key, value)
|
return PutNestedBucket(tx, rootBucket, nestedBucket, key, value)
|
||||||
|
|||||||
@@ -5,6 +5,8 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/knqyf263/trivy/pkg/db"
|
||||||
|
|
||||||
"github.com/knqyf263/trivy/pkg/log"
|
"github.com/knqyf263/trivy/pkg/log"
|
||||||
"github.com/knqyf263/trivy/pkg/utils"
|
"github.com/knqyf263/trivy/pkg/utils"
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
@@ -52,6 +54,10 @@ func CloneOrPull(url, repoPath string) (map[string]struct{}, error) {
|
|||||||
return nil, xerrors.Errorf("failed to clone repository: %w", err)
|
return nil, xerrors.Errorf("failed to clone repository: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Need to refresh all vulnerabilities
|
||||||
|
if db.GetVersion() == "" {
|
||||||
err = filepath.Walk(repoPath, func(path string, info os.FileInfo, err error) error {
|
err = filepath.Walk(repoPath, func(path string, info os.FileInfo, err error) error {
|
||||||
if info.IsDir() {
|
if info.IsDir() {
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
23
pkg/run.go
23
pkg/run.go
@@ -23,6 +23,8 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func Run(c *cli.Context) (err error) {
|
func Run(c *cli.Context) (err error) {
|
||||||
|
cliVersion := c.App.Version
|
||||||
|
|
||||||
debug := c.Bool("debug")
|
debug := c.Bool("debug")
|
||||||
if err = log.InitLogger(debug); err != nil {
|
if err = log.InitLogger(debug); err != nil {
|
||||||
l.Fatal(err)
|
l.Fatal(err)
|
||||||
@@ -68,10 +70,22 @@ func Run(c *cli.Context) (err error) {
|
|||||||
severities = append(severities, severity)
|
severities = append(severities, severity)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.Bool("refresh") {
|
||||||
|
log.Logger.Info("Resetting DB...")
|
||||||
|
if err = db.Reset(); err != nil {
|
||||||
|
return xerrors.Errorf("error in refresh DB: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if err = db.Init(); err != nil {
|
if err = db.Init(); err != nil {
|
||||||
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
|
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dbVersion := db.GetVersion()
|
||||||
|
if dbVersion != "" && dbVersion != cliVersion {
|
||||||
|
log.Logger.Fatal("Detected version update of trivy. Please try again with --refresh option")
|
||||||
|
}
|
||||||
|
|
||||||
if !c.Bool("skip-update") {
|
if !c.Bool("skip-update") {
|
||||||
if err = vulnsrc.Update(); err != nil {
|
if err = vulnsrc.Update(); err != nil {
|
||||||
return xerrors.Errorf("error in vulnerability DB update: %w", err)
|
return xerrors.Errorf("error in vulnerability DB update: %w", err)
|
||||||
@@ -103,9 +117,16 @@ func Run(c *cli.Context) (err error) {
|
|||||||
return xerrors.Errorf("failed to write results: %w", err)
|
return xerrors.Errorf("failed to write results: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err = db.SetVersion(cliVersion); err != nil {
|
||||||
|
return xerrors.Errorf("unexpected error: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
exitCode := c.Int("exit-code")
|
||||||
|
if exitCode != 0 {
|
||||||
for _, result := range results {
|
for _, result := range results {
|
||||||
if len(result.Vulnerabilities) > 0 {
|
if len(result.Vulnerabilities) > 0 {
|
||||||
os.Exit(c.Int("exit-code"))
|
os.Exit(exitCode)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,8 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"sort"
|
"sort"
|
||||||
|
|
||||||
|
"github.com/genuinetools/reg/registry"
|
||||||
|
|
||||||
"github.com/knqyf263/trivy/pkg/log"
|
"github.com/knqyf263/trivy/pkg/log"
|
||||||
|
|
||||||
"github.com/knqyf263/trivy/pkg/report"
|
"github.com/knqyf263/trivy/pkg/report"
|
||||||
@@ -37,6 +39,14 @@ func ScanImage(imageName, filePath string, severities []vulnerability.Severity,
|
|||||||
var err error
|
var err error
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
|
image, err := registry.ParseImage(imageName)
|
||||||
|
if err != nil {
|
||||||
|
return nil, xerrors.Errorf("invalid image: %w", err)
|
||||||
|
}
|
||||||
|
if image.Tag == "latest" {
|
||||||
|
log.Logger.Warn("You should avoid using the :latest tag as it is cached. You need to specify '--clean' option when :latest image is changed")
|
||||||
|
}
|
||||||
|
|
||||||
var target string
|
var target string
|
||||||
var files extractor.FileMap
|
var files extractor.FileMap
|
||||||
if imageName != "" {
|
if imageName != "" {
|
||||||
|
|||||||
Reference in New Issue
Block a user