mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-23 15:37:50 -08:00
refactor(deps): move dependencies to package (#2189)
This commit is contained in:
AndreyLevchenko
2
go.mod
2
go.mod
@@ -7,7 +7,7 @@ require (
|
|||||||
github.com/Masterminds/sprig/v3 v3.2.2
|
github.com/Masterminds/sprig/v3 v3.2.2
|
||||||
github.com/NYTimes/gziphandler v1.1.1
|
github.com/NYTimes/gziphandler v1.1.1
|
||||||
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
|
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
|
||||||
github.com/aquasecurity/fanal v0.0.0-20220531101952-e8bca3153e2b
|
github.com/aquasecurity/fanal v0.0.0-20220531120423-6434a96075a0
|
||||||
github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff
|
github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff
|
||||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
|
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
|
||||||
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
|
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
|
||||||
|
|||||||
4
go.sum
4
go.sum
@@ -179,8 +179,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
|
|||||||
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
|
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
|
||||||
github.com/aquasecurity/defsec v0.58.2 h1:cT9c9Ybxmg2uiscBukfuUOi2llIsGm9sGhHZlF8OWSc=
|
github.com/aquasecurity/defsec v0.58.2 h1:cT9c9Ybxmg2uiscBukfuUOi2llIsGm9sGhHZlF8OWSc=
|
||||||
github.com/aquasecurity/defsec v0.58.2/go.mod h1:42FxKif2itz+MHFlJ3TJjdroL9Jzj3THoexlueBTU5w=
|
github.com/aquasecurity/defsec v0.58.2/go.mod h1:42FxKif2itz+MHFlJ3TJjdroL9Jzj3THoexlueBTU5w=
|
||||||
github.com/aquasecurity/fanal v0.0.0-20220531101952-e8bca3153e2b h1:L5UyVUtnVRxqyRlS7iwNwW4FvLB4ER7yxnCl90so7q8=
|
github.com/aquasecurity/fanal v0.0.0-20220531120423-6434a96075a0 h1:swTngelbdVVpoed07iPZhNI48JizULaI405KPvrh7Fk=
|
||||||
github.com/aquasecurity/fanal v0.0.0-20220531101952-e8bca3153e2b/go.mod h1:1N/p/orwp3237JpnorWj5A90YyUhzBZIZ7isICwctks=
|
github.com/aquasecurity/fanal v0.0.0-20220531120423-6434a96075a0/go.mod h1:1N/p/orwp3237JpnorWj5A90YyUhzBZIZ7isICwctks=
|
||||||
github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff h1:YNlzRYB0n4mZtfuWx6AWaGEjnLVNekchyoFDlYFZegs=
|
github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff h1:YNlzRYB0n4mZtfuWx6AWaGEjnLVNekchyoFDlYFZegs=
|
||||||
github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff/go.mod h1:7EOQWQmyavVPY3fScbbPdd3dB/b0Q4ZbJ/NZCvNKrLs=
|
github.com/aquasecurity/go-dep-parser v0.0.0-20220503151658-d316f5cc2cff/go.mod h1:7EOQWQmyavVPY3fScbbPdd3dB/b0Q4ZbJ/NZCvNKrLs=
|
||||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
|
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
|
||||||
|
|||||||
@@ -116,7 +116,7 @@ func (w Writer) Write(report types.Report) error {
|
|||||||
githubPkg := Package{}
|
githubPkg := Package{}
|
||||||
githubPkg.Scope = RuntimeScope
|
githubPkg.Scope = RuntimeScope
|
||||||
githubPkg.Relationship = getPkgRelationshipType(pkg)
|
githubPkg.Relationship = getPkgRelationshipType(pkg)
|
||||||
githubPkg.Dependencies = getDependencies(result, pkg)
|
githubPkg.Dependencies = pkg.DependsOn
|
||||||
githubPkg.PackageUrl, err = buildPurl(result.Type, pkg)
|
githubPkg.PackageUrl, err = buildPurl(result.Type, pkg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return xerrors.Errorf("unable to build purl for %s: %w", pkg.Name, err)
|
return xerrors.Errorf("unable to build purl for %s: %w", pkg.Name, err)
|
||||||
@@ -153,15 +153,6 @@ func getMetadata(report types.Report) Metadata {
|
|||||||
return metadata
|
return metadata
|
||||||
}
|
}
|
||||||
|
|
||||||
func getDependencies(result types.Result, pkg ftypes.Package) []string {
|
|
||||||
for _, dep := range result.Dependencies {
|
|
||||||
if dep.ID == pkg.ID {
|
|
||||||
return dep.DependsOn
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return []string{}
|
|
||||||
}
|
|
||||||
|
|
||||||
func getPkgRelationshipType(pkg ftypes.Package) string {
|
func getPkgRelationshipType(pkg ftypes.Package) string {
|
||||||
if pkg.Indirect {
|
if pkg.Indirect {
|
||||||
return IndirectRelationship
|
return IndirectRelationship
|
||||||
|
|||||||
@@ -109,24 +109,24 @@ func TestWriter_Write(t *testing.T) {
|
|||||||
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
||||||
},
|
},
|
||||||
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
||||||
spdx.ElementID("65e3655ffcc41ab9"): {
|
spdx.ElementID("3639080be74a6685"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("65e3655ffcc41ab9"),
|
PackageSPDXIdentifier: spdx.ElementID("3639080be74a6685"),
|
||||||
PackageName: "actioncontroller",
|
PackageName: "actioncontroller",
|
||||||
PackageVersion: "7.0.0",
|
PackageVersion: "7.0.0",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NONE",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NONE",
|
||||||
IsFilesAnalyzedTagPresent: true,
|
IsFilesAnalyzedTagPresent: true,
|
||||||
},
|
},
|
||||||
spdx.ElementID("97cf5c89611089c6"): {
|
spdx.ElementID("8ee950e6d31d8cf9"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("97cf5c89611089c6"),
|
PackageSPDXIdentifier: spdx.ElementID("8ee950e6d31d8cf9"),
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.0",
|
PackageVersion: "7.0.0",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NONE",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NONE",
|
||||||
IsFilesAnalyzedTagPresent: true,
|
IsFilesAnalyzedTagPresent: true,
|
||||||
},
|
},
|
||||||
spdx.ElementID("3ee76dba6a695d6d"): {
|
spdx.ElementID("d234c2159623e835"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("3ee76dba6a695d6d"),
|
PackageSPDXIdentifier: spdx.ElementID("d234c2159623e835"),
|
||||||
PackageName: "binutils",
|
PackageName: "binutils",
|
||||||
PackageVersion: "2.30",
|
PackageVersion: "2.30",
|
||||||
PackageLicenseConcluded: "GPLv3+",
|
PackageLicenseConcluded: "GPLv3+",
|
||||||
@@ -220,24 +220,24 @@ func TestWriter_Write(t *testing.T) {
|
|||||||
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
||||||
},
|
},
|
||||||
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
||||||
spdx.ElementID("40d016db96700ecb"): {
|
spdx.ElementID("bb78dad8374b2a15"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("40d016db96700ecb"),
|
PackageSPDXIdentifier: spdx.ElementID("bb78dad8374b2a15"),
|
||||||
PackageName: "acl",
|
PackageName: "acl",
|
||||||
PackageVersion: "2.2.53",
|
PackageVersion: "2.2.53",
|
||||||
PackageLicenseConcluded: "GPLv2+",
|
PackageLicenseConcluded: "GPLv2+",
|
||||||
PackageLicenseDeclared: "GPLv2+",
|
PackageLicenseDeclared: "GPLv2+",
|
||||||
IsFilesAnalyzedTagPresent: true,
|
IsFilesAnalyzedTagPresent: true,
|
||||||
},
|
},
|
||||||
spdx.ElementID("ff543ca421929db5"): {
|
spdx.ElementID("73217041edb86985"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("ff543ca421929db5"),
|
PackageSPDXIdentifier: spdx.ElementID("73217041edb86985"),
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.0",
|
PackageVersion: "7.0.0",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NONE",
|
||||||
PackageLicenseDeclared: "NONE",
|
PackageLicenseDeclared: "NONE",
|
||||||
IsFilesAnalyzedTagPresent: true,
|
IsFilesAnalyzedTagPresent: true,
|
||||||
},
|
},
|
||||||
spdx.ElementID("639cce3bbd87450f"): {
|
spdx.ElementID("81bcacb3a43392d2"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("639cce3bbd87450f"),
|
PackageSPDXIdentifier: spdx.ElementID("81bcacb3a43392d2"),
|
||||||
PackageName: "actionpack",
|
PackageName: "actionpack",
|
||||||
PackageVersion: "7.0.1",
|
PackageVersion: "7.0.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NONE",
|
||||||
@@ -285,8 +285,8 @@ func TestWriter_Write(t *testing.T) {
|
|||||||
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
||||||
},
|
},
|
||||||
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
||||||
spdx.ElementID("9572b967bcbc8ea2"): {
|
spdx.ElementID("2540a9d087ba8509"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("9572b967bcbc8ea2"),
|
PackageSPDXIdentifier: spdx.ElementID("2540a9d087ba8509"),
|
||||||
PackageName: "actioncable",
|
PackageName: "actioncable",
|
||||||
PackageVersion: "6.1.4.1",
|
PackageVersion: "6.1.4.1",
|
||||||
PackageLicenseConcluded: "NONE",
|
PackageLicenseConcluded: "NONE",
|
||||||
@@ -334,8 +334,8 @@ func TestWriter_Write(t *testing.T) {
|
|||||||
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
ExternalDocumentReferences: map[string]spdx.ExternalDocumentRef2_2{},
|
||||||
},
|
},
|
||||||
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
Packages: map[spdx.ElementID]*spdx.Package2_2{
|
||||||
spdx.ElementID("1275fe237f4887b3"): {
|
spdx.ElementID("932072222bf5ccd6"): {
|
||||||
PackageSPDXIdentifier: spdx.ElementID("1275fe237f4887b3"),
|
PackageSPDXIdentifier: spdx.ElementID("932072222bf5ccd6"),
|
||||||
PackageName: "ruby-typeprof",
|
PackageName: "ruby-typeprof",
|
||||||
PackageVersion: "0.20.1",
|
PackageVersion: "0.20.1",
|
||||||
PackageLicenseConcluded: "MIT",
|
PackageLicenseConcluded: "MIT",
|
||||||
|
|||||||
@@ -233,7 +233,6 @@ func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOption
|
|||||||
}
|
}
|
||||||
if options.ListAllPackages {
|
if options.ListAllPackages {
|
||||||
libReport.Packages = app.Libraries
|
libReport.Packages = app.Libraries
|
||||||
libReport.Dependencies = app.Dependencies
|
|
||||||
}
|
}
|
||||||
results = append(results, libReport)
|
results = append(results, libReport)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ import (
|
|||||||
v1 "github.com/google/go-containerregistry/pkg/v1" // nolint: goimports
|
v1 "github.com/google/go-containerregistry/pkg/v1" // nolint: goimports
|
||||||
|
|
||||||
ftypes "github.com/aquasecurity/fanal/types"
|
ftypes "github.com/aquasecurity/fanal/types"
|
||||||
gdpTypes "github.com/aquasecurity/go-dep-parser/pkg/types"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Report represents a scan result
|
// Report represents a scan result
|
||||||
@@ -49,7 +48,6 @@ type Result struct {
|
|||||||
Class ResultClass `json:"Class,omitempty"`
|
Class ResultClass `json:"Class,omitempty"`
|
||||||
Type string `json:"Type,omitempty"`
|
Type string `json:"Type,omitempty"`
|
||||||
Packages []ftypes.Package `json:"Packages,omitempty"`
|
Packages []ftypes.Package `json:"Packages,omitempty"`
|
||||||
Dependencies []gdpTypes.Dependency `json:"Dependencies,omitempty"`
|
|
||||||
Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities,omitempty"`
|
Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities,omitempty"`
|
||||||
MisconfSummary *MisconfSummary `json:"MisconfSummary,omitempty"`
|
MisconfSummary *MisconfSummary `json:"MisconfSummary,omitempty"`
|
||||||
Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
|
Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
|
||||||
|
|||||||
Reference in New Issue
Block a user