feat(filesystem): scan in client/server mode (#1829)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
2025-12-22 07:10:41 -08:00 · 2022-03-21 19:51:18 +06:00
parent 12d0317a67
commit d6418cf0de
49 changed files with 763 additions and 1014 deletions
--- a/pkg/commands/artifact/inject.go
+++ b/pkg/commands/artifact/inject.go
@@ -13,9 +13,16 @@ import (
 	"github.com/aquasecurity/fanal/cache"
 	"github.com/aquasecurity/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/result"
+	"github.com/aquasecurity/trivy/pkg/rpc/client"
 	"github.com/aquasecurity/trivy/pkg/scanner"
 )

+//////////////
+// Standalone
+//////////////
+
+// initializeDockerScanner is for container image scanning in standalone mode
+// e.g. dockerd, container registry, podman, etc.
 func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache,
 	localArtifactCache cache.LocalArtifactCache, dockerOpt types.DockerOption, artifactOption artifact.Option,
 	configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) {
@@ -23,6 +30,8 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach
 	return scanner.Scanner{}, nil, nil
 }

+// initializeArchiveScanner is for container image archive scanning in standalone mode
+// e.g. docker save -o alpine.tar alpine:3.15
 func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
 	localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option,
 	configScannerOption config.ScannerOption) (scanner.Scanner, error) {
@@ -30,6 +39,7 @@ func initializeArchiveScanner(ctx context.Context, filePath string, artifactCach
 	return scanner.Scanner{}, nil
 }

+// initializeFilesystemScanner is for filesystem scanning in standalone mode
 func initializeFilesystemScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache,
 	localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option,
 	configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) {
@@ -48,3 +58,39 @@ func initializeResultClient() result.Client {
 	wire.Build(result.SuperSet)
 	return result.Client{}
 }
+
+/////////////////
+// Client/Server
+/////////////////
+
+// initializeRemoteDockerScanner is for container image scanning in client/server mode
+// e.g. dockerd, container registry, podman, etc.
+func initializeRemoteDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache,
+	remoteScanOptions client.ScannerOption, dockerOpt types.DockerOption, artifactOption artifact.Option,
+	configScannerOption config.ScannerOption) (
+	scanner.Scanner, func(), error) {
+	wire.Build(scanner.RemoteDockerSet)
+	return scanner.Scanner{}, nil, nil
+}
+
+// initializeRemoteArchiveScanner is for container image archive scanning in client/server mode
+// e.g. docker save -o alpine.tar alpine:3.15
+func initializeRemoteArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
+	remoteScanOptions client.ScannerOption, artifactOption artifact.Option, configScannerOption config.ScannerOption) (
+	scanner.Scanner, error) {
+	wire.Build(scanner.RemoteArchiveSet)
+	return scanner.Scanner{}, nil
+}
+
+// initializeRemoteFilesystemScanner is for filesystem scanning in client/server mode
+func initializeRemoteFilesystemScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache,
+	remoteScanOptions client.ScannerOption, artifactOption artifact.Option, configScannerOption config.ScannerOption) (
+	scanner.Scanner, func(), error) {
+	wire.Build(scanner.RemoteFilesystemSet)
+	return scanner.Scanner{}, nil, nil
+}
+
+func initializeRemoteResultClient() result.Client {
+	wire.Build(result.SuperSet)
+	return result.Client{}
+}