The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Add gitlab codequality template
* add unit test for gitlab codequality template
* update line endings to msdos (\r\n) from unix
* update gitlab docs for codeclimate template
* Remove global flags from subcommands
If the global flags are added to the subcommand as well as being used
globally, their value will be overwritten when the arguments for the
subcommand are parsed. This leads to the value passed to the flag at the
global position being lost.
* Update readme
* Added test and support of ASFF template
* Improve test coverage
* Fixed/Improved tests
* Removed extra space
* Added NVD score/vectors, Added logic to trim description due to file size restriction
* Included quotations around AccountID
* fix(standalone): add defer to close databases
* test(client/server): launch a server only once
* test(docker_engine): remove the duplicated case
* test(docker_engine): copy a database only once
* test(standalone): copy a database only once
* test(server): fix tests according to updated mock
* chore(mod): update
* chore(ci): add integration tests to GitHub Actions
* chore(ci): bump up Go to 1.14
* chore(ci): remove integration tests from CircleCI
* chore(ci): add name
* chore(ci): add new lines
* wip: Add a failing test to demo severity override
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan.go: Return osFound for use in determining vendor.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* pkg: Fix ScanImage return in case an OSFound
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Include a package-lock.json for happy path
Signed-off-by: Simarpreet Singh <simar@linux.com>
* wip: Add a test to include various reportResult types
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Makefile: Add a target to generate mocks.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Pass reportType as argument for FillInfo.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add other types of vulnerabilities.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Update golden files.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* ospkg: Fix FillInfo for ospkg/server
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Add os.Family type to Response.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability_test.go: Add case where no vendor severity exists.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Fallback to NVD if it exists.
Also add tests for other cases.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Fix a few sites with reportType info and tests.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Remove VendorSeverity from displayed results
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add vulnerability source information.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add VendorSeverity logic for lightDB as well.
This commit also makes FillInfo logic common to both light and full DBs.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* remove some crufty TODOs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability_test: Add a case for light db for documentation purposes
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: update trivy-db to point to master
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Remove cruft and bring back test cases
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Add pkg Type to mock return
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: reorder err check after err
Signed-off-by: Simarpreet Singh <simar@linux.com>
* client_test: Fix import ordering
Signed-off-by: Simarpreet Singh <simar@linux.com>
* convert.go: Use result.Type
Signed-off-by: Simarpreet Singh <simar@linux.com>
* convert: Use result.Type and simplify ConvertFromRpcResults signature
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Refactor calls to getVendorSeverity
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Remove centos-7-critical.json.golden
There's no critical vulnerability in CentOS 7 anymore.
In addition this test was not adding any value that is already
not covered by existing tests cases.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Include severity source in tests.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Update test db to include VendorSeverity.
Test DB is now a snapshot of full database from trivy-db.
Also update golden files to include SeveritySource.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Make centos7 use RHEL vendor severities
Signed-off-by: Simarpreet Singh <simar@linux.com>
* refactor: wrap errors
* feat(db): add the metadata file
* test(db): re-generate mocks
* fix(app): read metadata from the file in showVersion
* fix: open the database after downloading it
* fix(operation): use UpdateMetadata
* chore(mod): update dependency
* test(integration): fix tests
* fix(conf): rename TRIVY_NONSSL to TRIVY_NON_SSL
