feat: add --vuln-severity-source flag (#8269)

2025-12-23 07:29:00 -08:00 · 2025-03-03 16:59:30 +06:00
parent 6b4cebe959
commit d464807321
26 changed files with 661 additions and 247 deletions
--- a/integration/client_server_test.go
+++ b/integration/client_server_test.go
@@ -22,21 +22,22 @@ import (
 )

 type csArgs struct {
-	Command           string
-	RemoteAddrOption  string
-	Format            types.Format
-	TemplatePath      string
-	IgnoreUnfixed     bool
-	Severity          []string
-	IgnoreIDs         []string
-	Input             string
-	ClientToken       string
-	ClientTokenHeader string
-	PathPrefix        string
-	ListAllPackages   bool
-	Target            string
-	secretConfig      string
-	Distro            string
+	Command             string
+	RemoteAddrOption    string
+	Format              types.Format
+	TemplatePath        string
+	IgnoreUnfixed       bool
+	Severity            []string
+	IgnoreIDs           []string
+	Input               string
+	ClientToken         string
+	ClientTokenHeader   string
+	PathPrefix          string
+	ListAllPackages     bool
+	Target              string
+	secretConfig        string
+	Distro              string
+	VulnSeveritySources []string
 }

 func TestClientServer(t *testing.T) {
@@ -280,6 +281,19 @@ func TestClientServer(t *testing.T) {
 			},
 			golden: "testdata/npm.json.golden",
 		},
+		{
+			name: "scan package-lock.json with severity from `ubuntu` in client/server mode",
+			args: csArgs{
+				Command:          "repo",
+				RemoteAddrOption: "--server",
+				Target:           "testdata/fixtures/repo/npm/",
+				VulnSeveritySources: []string{
+					"alpine",
+					"ubuntu",
+				},
+			},
+			golden: "testdata/npm-ubuntu-severity.json.golden",
+		},
 		{
 			name: "scan sample.pem with repo command in client/server mode",
 			args: csArgs{
@@ -677,6 +691,12 @@ func setupClient(t *testing.T, c csArgs, addr string, cacheDir string) []string
 		)
 	}

+	if len(c.VulnSeveritySources) != 0 {
+		osArgs = append(osArgs,
+			"--vuln-severity-source", strings.Join(c.VulnSeveritySources, ","),
+		)
+	}
+
 	if len(c.IgnoreIDs) != 0 {
 		trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore")
 		err := os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0444)