gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-08 13:50:49 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:v0.0.12
Branches Tags
gitea-mirror:main gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/common-56595ea561 gitea-mirror:dependabot/go_modules/docker-fd300ea992 gitea-mirror:release-please--branches--main gitea-mirror:gh-pages gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1
..
compare: gitea-mirror:v0.1.6
Branches Tags
gitea-mirror:dependabot/go_modules/aws-9d2ed512d3 gitea-mirror:dependabot/go_modules/common-56595ea561 gitea-mirror:dependabot/go_modules/docker-fd300ea992 gitea-mirror:main gitea-mirror:release-please--branches--main gitea-mirror:gh-pages gitea-mirror:release-please--branches--release/v0.68 gitea-mirror:release/v0.68 gitea-mirror:dependabot/docker/docker-b99cc7e132 gitea-mirror:dependabot/go_modules/github.com/quic-go/quic-go-0.54.1 gitea-mirror:release/v0.67 gitea-mirror:release/v0.66 gitea-mirror:release/v0.65 gitea-mirror:release/v0.64 gitea-mirror:feat/rootio-support gitea-mirror:release/v0.63 gitea-mirror:release/v0.62 gitea-mirror:release/v0.61 gitea-mirror:refactor/custom_flags gitea-mirror:release/v0.60 gitea-mirror:release/v0.59 gitea-mirror:release/v0.58 gitea-mirror:release/v0.57 gitea-mirror:release/v0.56 gitea-mirror:release/v0.55 gitea-mirror:release/v0.54 gitea-mirror:release/v0.53 gitea-mirror:release/v0.52 gitea-mirror:v0.51 gitea-mirror:v0.48 gitea-mirror:v0.43
gitea-mirror:v0.68.1 gitea-mirror:v0.68.0 gitea-mirror:v0.67.2 gitea-mirror:v0.67.1 gitea-mirror:v0.67.0 gitea-mirror:v0.66.0 gitea-mirror:v0.65.0 gitea-mirror:v0.64.1 gitea-mirror:v0.64.0 gitea-mirror:v0.63.0 gitea-mirror:v0.62.1 gitea-mirror:v0.62.0 gitea-mirror:v0.61.1 gitea-mirror:v0.61.0 gitea-mirror:v0.60.0 gitea-mirror:v0.59.1 gitea-mirror:v0.59.0 gitea-mirror:v0.58.2 gitea-mirror:v0.58.1 gitea-mirror:v0.58.0 gitea-mirror:v0.57.1 gitea-mirror:v0.57.0 gitea-mirror:v0.56.2 gitea-mirror:v0.56.1 gitea-mirror:v0.56.0 gitea-mirror:v0.55.2 gitea-mirror:v0.55.1 gitea-mirror:v0.55.0 gitea-mirror:v0.54.1 gitea-mirror:v0.54.0 gitea-mirror:v0.53.0 gitea-mirror:v0.52.2 gitea-mirror:v0.52.1 gitea-mirror:v0.52.0 gitea-mirror:v0.51.4 gitea-mirror:v0.51.2 gitea-mirror:v0.51.1 gitea-mirror:v0.51.0 gitea-mirror:v0.50.4 gitea-mirror:v0.50.2 gitea-mirror:v0.50.1 gitea-mirror:v0.50.0 gitea-mirror:v0.49.1 gitea-mirror:v0.49.0 gitea-mirror:v0.48.3 gitea-mirror:v0.48.2 gitea-mirror:v0.48.1 gitea-mirror:v0.48.0 gitea-mirror:v0.47.0 gitea-mirror:v0.46.1 gitea-mirror:v0.46.0 gitea-mirror:v0.45.1 gitea-mirror:v0.45.0 gitea-mirror:v0.44.1 gitea-mirror:v0.44.0 gitea-mirror:v0.43.1 gitea-mirror:v0.43.0 gitea-mirror:v0.42.1 gitea-mirror:v0.42.0 gitea-mirror:v0.41.0 gitea-mirror:v0.40.0 gitea-mirror:v0.39.1 gitea-mirror:v0.39.0 gitea-mirror:v0.38.3 gitea-mirror:v0.38.2 gitea-mirror:v0.38.1 gitea-mirror:v0.38.0 gitea-mirror:v0.37.3 gitea-mirror:v0.37.2 gitea-mirror:v0.37.1 gitea-mirror:v0.37.0 gitea-mirror:v0.36.1 gitea-mirror:v0.36.0 gitea-mirror:v0.35.0 gitea-mirror:v0.34.0 gitea-mirror:v0.33.0 gitea-mirror:v0.32.1 gitea-mirror:v0.32.0 gitea-mirror:v0.31.3 gitea-mirror:v0.31.2 gitea-mirror:v0.31.1 gitea-mirror:v0.31.0 gitea-mirror:v0.30.4 gitea-mirror:v0.30.3 gitea-mirror:v0.30.2 gitea-mirror:v0.30.1 gitea-mirror:v0.30.0 gitea-mirror:v0.29.2 gitea-mirror:v0.29.1 gitea-mirror:v0.29.0 gitea-mirror:v0.28.1 gitea-mirror:v0.28.0 gitea-mirror:v0.27.1 gitea-mirror:v0.27.0 gitea-mirror:v0.26.0 gitea-mirror:v0.25.4 gitea-mirror:v0.25.3 gitea-mirror:v0.25.2 gitea-mirror:v0.25.1 gitea-mirror:v0.25.0 gitea-mirror:v0.24.4 gitea-mirror:v0.24.3 gitea-mirror:v0.24.2 gitea-mirror:v0.24.1 gitea-mirror:v0.24.0 gitea-mirror:v0.23.0 gitea-mirror:v0.22.0 gitea-mirror:v0.21.3 gitea-mirror:v0.21.2 gitea-mirror:v0.21.1 gitea-mirror:v0.21.0 gitea-mirror:v0.20.2 gitea-mirror:v0.20.1 gitea-mirror:v0.20.0 gitea-mirror:v0.19.2 gitea-mirror:v0.19.1 gitea-mirror:v0.19.0 gitea-mirror:v0.18.3 gitea-mirror:v0.18.2 gitea-mirror:v0.18.1 gitea-mirror:v0.18.0 gitea-mirror:v0.17.2 gitea-mirror:v0.17.1 gitea-mirror:v0.17.0 gitea-mirror:v0.16.0 gitea-mirror:v0.15.0 gitea-mirror:v0.14.0 gitea-mirror:v0.13.0 gitea-mirror:v0.12.0 gitea-mirror:v0.11.0 gitea-mirror:v0.10.2 gitea-mirror:v0.10.1 gitea-mirror:v0.10.0 gitea-mirror:v0.9.2 gitea-mirror:v0.9.1 gitea-mirror:v0.9.0 gitea-mirror:v0.8.0 gitea-mirror:v0.7.0 gitea-mirror:v0.6.0 gitea-mirror:v0.5.4 gitea-mirror:v0.5.3 gitea-mirror:v0.5.2 gitea-mirror:v0.5.1 gitea-mirror:v0.5.0 gitea-mirror:v0.4.4 gitea-mirror:v0.4.3 gitea-mirror:v0.4.2 gitea-mirror:v0.4.1 gitea-mirror:v0.4.0 gitea-mirror:v0.3.1 gitea-mirror:v0.3.0 gitea-mirror:v0.2.1 gitea-mirror:v0.2.0 gitea-mirror:v0.1.7 gitea-mirror:v0.1.6 gitea-mirror:v0.1.5 gitea-mirror:v0.1.4 gitea-mirror:v0.1.3 gitea-mirror:v0.1.2 gitea-mirror:v0.1.1 gitea-mirror:v0.1.0 gitea-mirror:v0.0.16 gitea-mirror:v0.0.15 gitea-mirror:v0.0.14 gitea-mirror:v0.0.13 gitea-mirror:v0.0.12 gitea-mirror:v0.0.11 gitea-mirror:v0.0.10 gitea-mirror:v0.0.9 gitea-mirror:v0.0.8 gitea-mirror:v0.0.7 gitea-mirror:v0.0.6 gitea-mirror:v0.0.5 gitea-mirror:v0.0.4 gitea-mirror:v0.0.3 gitea-mirror:v0.0.2 gitea-mirror:v0.0.1

71 Commits
v0.0.12 ... v0.1.6

Author SHA1 Message Date
Masahiro Fujimura
ab8b73e8f8 Fix libraly cache directotry (#129) 2019-08-22 21:47:39 -10:00
Masato Yamazaki
a77984a381 Suppress log output when --quiet flag is on (#125) 
* Add --no-progress flag

* Disable log output when --quiet flag is enabled
 2019-08-21 17:19:14 -10:00
skanehira
31a1f5968b Fix cannot found docker image (#123) 2019-08-21 16:26:04 -10:00
Liz Rice
4ca73f0406 Merge pull request #120 from aquasecurity/readme_migration 
Add the migration section on README
 2019-08-19 12:33:27 +01:00
Liz Rice
0909f94c20 Clarify migration instructions 2019-08-19 12:29:56 +01:00
Liz Rice
d1c01c1ecc Small wording change 2019-08-19 12:12:52 +01:00
Liz Rice
f8cdd608e2 Slight wording change 2019-08-19 12:12:13 +01:00
knqyf263
2e4b83b710 Add migration section on README 2019-08-19 00:04:47 -10:00
Liz Rice
6fbcbb3286 Merge pull request #119 from aquasecurity/transfer 
Transfer repositoriy
 2019-08-19 09:30:49 +01:00
knqyf263
a843682f7c Transfer repositoriy 2019-08-18 22:22:54 -10:00
Teppei Fukuda
0611bf915b Display a warning for OS that has reached EOL (#118) 2019-08-18 21:34:46 -10:00
Teppei Fukuda
9a9cb016fa Add tests to utils (#116) 2019-08-16 15:31:41 -10:00
Teppei Fukuda
74a66fb68a Add data source (#117) 2019-08-14 17:24:06 -10:00
knqyf263
aedfd3bfb8 Fix README 2019-08-13 14:19:26 -10:00
Teppei Fukuda
a2e13bdeed Remove old results (#115) 2019-08-13 14:16:40 -10:00
Teppei Fukuda
a7d991f3cc Reimplement --cache-dir option (#114) 2019-08-12 22:04:45 -10:00
Teppei Fukuda
11bc00d629 Revert "Allow user specified cache directory (#12)" (#111) 
This reverts commit 2d512c5e47.
 2019-08-12 20:33:26 -10:00
Luis Perez
5005d7966d Adding instructions for Install in Arch Linux (#107) 2019-08-09 19:13:03 -10:00
Tomoya Amachi
c2a05c71c7 use multiple ISSUE_TEMPLATE (#98) 2019-07-26 09:04:33 +09:00
imlonghao
51bbc1dc95 [docker] Compress binary using upx (#97) 2019-07-25 16:15:43 +09:00
Kazuki Higashiguchi
7b5e3407d1 fix CircleCI link in README (#91) 
* fix inner link of README

* fix name CircleCI in README
 2019-07-11 11:56:10 +09:00
Artur Kerge
52ab4e9376 Add code snippet reminder on how to print distribution codename (#89) 2019-07-09 13:33:36 +09:00
Teppei Fukuda
9bfbff953b Embed trivy version in Docker (#88) 2019-07-07 16:20:47 +09:00
Teppei Fukuda
6af2d32e10 Support unusual YAML (#87) 2019-07-07 15:58:00 +09:00
Tomoya Amachi
75b944ff50 update go.mod (#86) 2019-07-07 14:24:01 +09:00
Nao YONASHIRO
bbb67198bb feat: improve nvd update (#81) 
* test: add update nvd benchmark

* feat: used json.Unmarshal to reduce memory usage
 2019-07-01 17:52:30 +09:00
knqyf263
6be2ebde9d Update manual installation 2019-06-27 14:20:43 +09:00
Kota Kanbe
a4f1f25cc4 remove nonsense struct tags (#76) 2019-06-20 13:31:31 +09:00
Teppei Fukuda
c29f6f51da Fix --skip-update (#70) 2019-06-08 00:07:58 +09:00
knqyf263
edb899b9ce Update README 2019-06-07 23:51:56 +09:00
knqyf263
a8f7ecefae Update dependencies 2019-06-07 23:46:55 +09:00
Maxime Sibellas
ec1afc2665 feat: add vulnerability type filter to get only os or packages vulnerabilities (#50) 
feat: add vulnerability type filter to get only os or packages vulnerabilities
 2019-06-07 23:34:24 +09:00
Masahiro
f12284ab2e Fix debug log (#65) 2019-05-31 17:34:25 +09:00
Tomoya Amachi
a9ff0b5243 add -debug to ISSUE_TEMPLATE (#57) 2019-05-25 09:17:37 +09:00
Kei Kamikawa
0a271a04cc Added alpine into dbnames (#55) 
* Fixed alpine

* Fixed to use vulnsrc
 2019-05-24 16:19:29 +09:00
Tomoya Amachi
6fa78df282 auth for private docker registry from ENV vars (#52) 
* auth for private docker registry from env vars

* fix typo

* delete GCP and AWS ENV vars

* update TOC

* fix typo
 2019-05-24 13:26:41 +09:00
Kei Kamikawa
b62536fcdc Added --only-update option (#43) 
* Added --only-update flag

* Added feature for --only-update flag

* Added README of --only-update

* Fixed README

* Use only Update function

* Added warning message
 2019-05-24 12:52:32 +09:00
Mark Phelps
9741d4ae94 Simpler Homebrew install instructions (#51) 
You don't need to tap a repo to install from it with Homebrew it seems. Homebrew will automatically tap it with `brew install`:

```
❯ brew install knqyf263/trivy/trivy
Updating Homebrew...
....
Cloning into '/usr/local/Homebrew/Library/Taps/knqyf263/homebrew-trivy'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (3/3), done.
Tapped 1 formula (27 files, 23.5KB).
==> Installing trivy from knqyf263/trivy
```
 2019-05-22 23:12:28 +09:00
Nao YONASHIRO
68f326d9e1 feat: add --depth option to git clone (#46) 2019-05-22 10:07:42 +09:00
Masahiro
76ee7291d6 Support Poetry (#49) 
* Support Poetry

* Fix conflict

* Tidy go.sum
 2019-05-22 08:40:10 +09:00
Tomoya Amachi
d31f09035e add ISSUE_TEMPLATE.md (#48) 2019-05-22 01:20:35 +09:00
Tomoya Amachi
8d7c2e6d2a Fix yarn parser (#47) 
* update go-dep-parser for yarn bugfix

* fixbug: yarn.lock parse error

* enhanced error messages : detect amazon linux and opensuse
 2019-05-22 00:50:53 +09:00
Tomoya Amachi
9269a305fb update readme (#42) 2019-05-21 19:16:09 +09:00
Teppei Fukuda
073b315737 No error on unsupported OS (#40) 2019-05-21 09:24:45 +09:00
Nicolas CARPi
47c46fbe17 Fix some typos in the README or improve phrasing (#38) 
also add .circleci to .dockerignore
 2019-05-21 08:59:16 +09:00
mitsuyoshi
39572968bb fixed cache bug (#36) 2019-05-21 01:03:33 +09:00
Nao YONASHIRO
4383764cae fix: unknown format case (#35) 2019-05-21 00:17:44 +09:00
Kirill Motkov
e0ef0563ce Some code improvements. (#34) 
* Rewrite some if-else chains as a switch statements. Based on Go style
guide: https://golang.org/doc/effective_go.html#switch
* Simplify some functions.
* Some comments formatting.
 2019-05-21 00:17:18 +09:00
Teppei Fukuda
d9cf2c487d Update JSON schema (#33) 
* Update JSON schema

* Add JSON example to README
 2019-05-20 22:43:28 +09:00
Tomoya Amachi
58bf4b21e7 Merge pull request #32 from tomoyamachi/fix_quiet_bug 
fix --quiet bug
 2019-05-20 07:22:08 +09:00
Tomoya AMACHI
e95c619eaa fix quiet bug 2019-05-20 06:51:31 +09:00
knqyf263
cd04c0bdb2 Update README 2019-05-20 03:55:40 +09:00
Masahiro
fd74926e76 Change README. Use latest trivy version CI example. (#31) 2019-05-20 03:27:47 +09:00
Masahiro
f82ff5a4fd Change log format (#30) 2019-05-20 02:54:41 +09:00
Masahiro
fa72bef8d4 Add auto-refresh option (#29) 
* Add auto-refresh option

* Fix review
 2019-05-20 02:00:35 +09:00
Masahiro
2f7f1f8e83 Change Dockerfile (#28) 
* Change Dockerfile CMD -> ENTRYPOINT

* Change README
 2019-05-19 09:54:18 +09:00
Teppei Fukuda
90d083489b Enable --clear-cache and --refresh without specifying an image name (#27) 2019-05-19 08:52:56 +09:00
Teppei Fukuda
295cd29aeb Suppress the warning message when specifying --clear-cache option (#25) 2019-05-19 00:17:44 +09:00
Tomoya Amachi
1c844aad64 show scanned os type if unsupported (#24) 2019-05-18 22:47:55 +09:00
Sandro Jäckel
e0cd18e264 [ImgBot] Optimize images (#22) 
*Total -- 1,372.59kb -> 661.35kb (51.82%)

/imgs/usage2.png -- 490.56kb -> 214.83kb (56.21%)
/imgs/usage1.png -- 652.71kb -> 314.83kb (51.77%)
/imgs/centos_include_unfixable.png -- 74.40kb -> 40.77kb (45.2%)
/imgs/alpine.png -- 67.03kb -> 37.37kb (44.26%)
/imgs/centos_only_fixable.png -- 73.59kb -> 43.73kb (40.58%)
/imgs/logo.png -- 14.29kb -> 9.83kb (31.24%)
 2019-05-18 22:38:55 +09:00
Sandro Jäckel
9f9faf2215 Suggest putting the apt source in its own file (#21) 2019-05-18 22:36:53 +09:00
knqyf263
3907a60b33 Update README 2019-05-17 19:03:28 +09:00
Naoki Harima
e85e961af6 Update fanal version (#15) 
* Update fanal version

* Update fanal version

* do go mod tidy
 2019-05-17 19:00:22 +09:00
0xflotus
61cbae2697 fixed provided (#14) 2019-05-17 17:57:27 +09:00
Ken Herner
2d512c5e47 Allow user specified cache directory (#12) 
* Added cache-dir flag

The flag cache-dir allows users to specify the cache directory the
database is stored in.

Signed-off-by: Ken Herner <kherner@navistone.com>

* Moved dbDir definition into functions

Need to move dbDir definition into the calling functions as the cache
directory may have been specified.  With dbDir defined at package level,
it would always be instantiated to the default value and would never be
updated to the user specifyed value.

Signed-off-by: Ken Herner <kherner@navistone.com>
 2019-05-17 07:13:43 +09:00
knqyf263
936297a6b2 Fix License badge 2019-05-17 07:12:15 +09:00
knqyf263
ad0f9e8cba Update README 2019-05-16 23:25:46 +09:00
Tomoya Amachi
4d20d3f543 check yarn.lock in node scanner (#7) 
* check yarn.lock in node scanner

* update README and go tidy
 2019-05-16 11:14:10 +09:00
knqyf263
c3e5227992 Update README 2019-05-16 02:38:57 +09:00
knqyf263
ff39445db2 Eliminate color when writing results to a file 2019-05-16 02:10:40 +09:00
knqyf263
77e9b0a6d1 Fix warning message 2019-05-16 01:35:24 +09:00
63 changed files with 2637 additions and 540 deletions
Expand all files Collapse all files

2
.circleci/config.yml
View File

@@ -21,7 +21,7 @@ jobs:
command: goreleaser --rm-dist
- run:
name: Clone trivy repository
command: git clone git@github.com:knqyf263/trivy-repo.git
command: git clone git@github.com:aquasecurity/trivy-repo.git
- run:
name: Setup git settings
command: |

1
.dockerignore
View File

@@ -1 +1,2 @@
.circleci
imgs

31
.github/ISSUE_TEMPLATE/BUG_REPORT.md vendored Normal file
View File

@@ -0,0 +1,31 @@
---
name: Bug Report
labels: bug
about: If something isn't working as expected.
---
**Description**
<!--
Briefly describe the problem you are having in a few paragraphs.
-->
**What did you expect to happen?**
**What happened instead?**
**Output of run with `-debug`:**
```
(paste your output here)
```
**Output of `trivy -v`:**
```
(paste your output here)
```
**Additional details (base image name, container registry info...):**

9
.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md vendored Normal file
View File

@@ -0,0 +1,9 @@
---
name: Feature Request
labels: enhancement
about: I have a suggestion (and might want to implement myself)!
---
<!--
If this is a FEATURE REQUEST, request format does not matter!
-->

10
.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md vendored Normal file
View File

@@ -0,0 +1,10 @@
---
name: Support Question
labels: question
about: If you have a question about Trivy.
---
<!--
If you have a trouble, feel free to ask.
Make sure you're not asking duplicate question by searching on the issues lists.
-->

7
Dockerfile
View File

@@ -1,14 +1,15 @@
FROM golang:1.12-alpine AS builder
ADD go.mod go.sum /app/
WORKDIR /app/
RUN apk --no-cache add git
RUN apk --no-cache add git upx
RUN go mod download
ADD . /app/
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o /trivy cmd/trivy/main.go
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-X main.version=$(git describe --tags --abbrev=0)" -a -o /trivy cmd/trivy/main.go
RUN upx --lzma --best /trivy
FROM alpine:3.9
RUN apk --no-cache add ca-certificates git
COPY --from=builder /trivy /usr/local/bin/trivy
RUN chmod +x /usr/local/bin/trivy
CMD ["trivy"]
ENTRYPOINT ["trivy"]

1258
README.md
View File

File diff suppressed because it is too large Load Diff

36
cmd/trivy/main.go
View File

@@ -5,12 +5,14 @@ import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/urfave/cli"
"github.com/knqyf263/trivy/pkg"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg"
"github.com/aquasecurity/trivy/pkg/log"
)
var (
@@ -69,6 +71,10 @@ OPTIONS:
Name: "skip-update",
Usage: "skip db update",
},
cli.StringFlag{
Name: "only-update",
Usage: "update db only specified distribution (comma separated)",
},
cli.BoolFlag{
Name: "reset",
Usage: "remove all caches and database",
@@ -79,6 +85,10 @@ OPTIONS:
},
cli.BoolFlag{
Name: "quiet, q",
Usage: "suppress progress bar and log output",
},
cli.BoolFlag{
Name: "no-progress",
Usage: "suppress progress bar",
},
cli.BoolFlag{
@@ -89,20 +99,32 @@ OPTIONS:
Name: "refresh",
Usage: "refresh DB (usually used after version update of trivy)",
},
cli.BoolFlag{
Name: "auto-refresh",
Usage: "refresh DB automatically when updating version of trivy",
},
cli.BoolFlag{
Name: "debug, d",
Usage: "debug mode",
},
cli.StringFlag{
Name: "vuln-type",
Value: "os,library",
Usage: "comma-separated list of vulnerability types (os,library)",
},
cli.StringFlag{
Name: "cache-dir",
Value: utils.DefaultCacheDir(),
Usage: "cache directory",
},
}
app.Action = func(c *cli.Context) error {
return pkg.Run(c)
}
app.Action = pkg.Run
err := app.Run(os.Args)
if err != nil {
if log.Logger != nil {
log.Logger.Fatal(err)
log.Fatal(err)
}
l.Fatal(err)
}

21
go.mod
View File

@@ -1,26 +1,25 @@
module github.com/knqyf263/trivy
module github.com/aquasecurity/trivy
go 1.12
require (
github.com/BurntSushi/toml v0.3.1
github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6
github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b
github.com/briandowns/spinner v0.0.0-20190319032542-ac46072a5a91
github.com/caarlos0/env/v6 v6.0.0
github.com/emirpasic/gods v1.12.0 // indirect
github.com/etcd-io/bbolt v1.3.2
github.com/fatih/color v1.7.0
github.com/genuinetools/reg v0.16.0
github.com/gliderlabs/ssh v0.1.3 // indirect
github.com/golang/protobuf v1.3.1 // indirect
github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a
github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
github.com/knqyf263/go-version v1.1.1
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348
github.com/mattn/go-colorable v0.1.1 // indirect
github.com/mattn/go-runewidth v0.0.4 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/olekukonko/tablewriter v0.0.1
github.com/stretchr/testify v1.3.0 // indirect
github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a
github.com/urfave/cli v1.20.0
github.com/xanzy/ssh-agent v0.2.1 // indirect
go.etcd.io/bbolt v1.3.2 // indirect
@@ -28,8 +27,6 @@ require (
go.uber.org/multierr v1.1.0 // indirect
go.uber.org/zap v1.9.1
golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 // indirect
golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67 // indirect
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373
gopkg.in/cheggaaa/pb.v1 v1.0.28
gopkg.in/src-d/go-billy.v4 v4.3.0 // indirect
@@ -38,6 +35,4 @@ require (
gopkg.in/yaml.v2 v2.2.2
)
replace github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.2-0.20190418055600-c6010b917a55
replace github.com/olekukonko/tablewriter => github.com/knqyf263/tablewriter v0.0.2
replace github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00

126
go.sum
View File

@@ -8,10 +8,11 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0 h1:wykTgKwhVr2t2qs+xI020s6W5dt614QqCHV+7W9dg64=
github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
github.com/Microsoft/go-winio v0.4.11 h1:zoIOcVf0xPN1tnMVbTtEdI+P8OofVk3NObnwOQ6nK2Q=
github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
github.com/Microsoft/go-winio v0.4.12 h1:xAfWHN1IrQ0NJ9TBC0KBZoqLjzDTr1ML+4MywiUOryc=
github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs=
@@ -21,39 +22,47 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6 h1:pkl+kEW4KeLDPLfDtzjXa+zHOcS4YWSQuSTZ2kWO2GE=
github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6/go.mod h1:enEz4FFetw4XAbkffaYgyCVq1556R9Ry+noqT4rq9BE=
github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b h1:55Ulc/gvfWm4ylhVaR7MxOwujRjA6et7KhmUbSgUFf4=
github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b/go.mod h1:BpNTD9vHfrejKsED9rx04ldM1WIbeyXGYxUrqTVwxVQ=
github.com/aws/aws-sdk-go v1.19.11 h1:tqaTGER6Byw3QvsjGW0p018U2UOqaJPeJuzoaF7jjoQ=
github.com/aws/aws-sdk-go v1.19.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/briandowns/spinner v0.0.0-20190319032542-ac46072a5a91 h1:GMmnK0dvr0Sf0gx3DvTbln0c8DE07B7sPVD9dgHOqo4=
github.com/briandowns/spinner v0.0.0-20190319032542-ac46072a5a91/go.mod h1:hw/JEQBIE+c/BLI4aKM8UU8v+ZqrD3h7HC27kKt8JQU=
github.com/caarlos0/env/v6 v6.0.0 h1:NZt6FAoB8ieKO5lEwRdwCzYxWFx7ZYF2R7UcoyaWtyc=
github.com/caarlos0/env/v6 v6.0.0/go.mod h1:+wdyOmtjoZIW2GJOc2OYa5NoOFuWD/bIpWqm30NgtRk=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb h1:qSMRxG547z/BgQmyVyADxaMADQXVAD9uleP2sQeClbo=
github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a h1:glxUtT0RlaVJU86kg78ygzfhwW6D+uj5H+aOK01QDgI=
github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a/go.mod h1:uXhHPWAoRqw0jJc2f8RrPCwRhIo9otQ8OEWUFtpCiwA=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/docker/cli v0.0.0-20180920165730-54c19e67f69c h1:QlAVcyoF7QQVN7zV+xYBjgwtRVlRU3WCTCpb2mcqQrM=
github.com/docker/cli v0.0.0-20180920165730-54c19e67f69c/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v0.0.0-20180920194744-16128bbac47f h1:hYf+mPizfvpH6VgIxdntnOmQHd1F1mQUc1oG+j3Ol2g=
github.com/docker/distribution v0.0.0-20180920194744-16128bbac47f/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.0.0-20180924202107-a9c061deec0f h1:W4fbqg0JUwy6lLesoJaV/rE0fwAmtdtinMa64X1CEh0=
github.com/docker/docker v0.0.0-20180924202107-a9c061deec0f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-ce v0.0.0-20180924210327-f53bd8bb8e43 h1:gZ4lWixV821UVbYtr+oz1ZPCHkbtE+ivfmHyZRgyl2Y=
github.com/docker/docker-ce v0.0.0-20180924210327-f53bd8bb8e43/go.mod h1:l1FUGRYBvbjnZ8MS6A2xOji4aZFlY/Qmgz7p4oXH7ac=
github.com/docker/docker-credential-helpers v0.6.1 h1:Dq4iIfcM7cNtddhLVWe9h4QDjsi4OER3Z8voPu/I52g=
github.com/docker/docker-credential-helpers v0.6.1/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
github.com/docker/docker-credential-helpers v0.6.2 h1:CrW9H1VMf3a4GrtyAi7IUJjkJVpwBBpX0+mvkvYJaus=
github.com/docker/docker-credential-helpers v0.6.2/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
github.com/docker/go-connections v0.0.0-20180821093606-97c2040d34df/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916 h1:yWHOI+vFjEsAakUTSrtqc/SAHrhSkmn48pqjidZX3QA=
github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk=
github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82 h1:X0fj836zx99zFu83v/M79DuBn84IL/Syx1SY6Y5ZEMA=
github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
@@ -66,23 +75,24 @@ github.com/etcd-io/bbolt v1.3.2 h1:RLRQ0TKLX7DlBRXAJHvbmXL17Q3KNnTBtZ9B6Qo+/Y0=
github.com/etcd-io/bbolt v1.3.2/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fernet/fernet-go v0.0.0-20180830025343-9eac43b88a5e/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/genuinetools/pkg v0.0.0-20180910213200-1c141f661797/go.mod h1:XTcrCYlXPxnxL2UpnwuRn7tcaTn9HAhxFoFJucootk8=
github.com/genuinetools/pkg v0.0.0-20181022210355-2fcf164d37cb/go.mod h1:XTcrCYlXPxnxL2UpnwuRn7tcaTn9HAhxFoFJucootk8=
github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/gliderlabs/ssh v0.1.3 h1:cBU46h1lYQk5f2Z+jZbewFKy+1zzE2aUX/ilcPDAm9M=
github.com/gliderlabs/ssh v0.1.3/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI=
github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -93,6 +103,8 @@ github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8l
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
@@ -100,7 +112,8 @@ github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
github.com/gorilla/mux v1.7.1 h1:Dw4jY2nghMMRsh1ol8dv1axHkDwMQK2DHerMNJsIpJU=
github.com/gorilla/mux v1.7.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
@@ -112,14 +125,11 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e h1:RgQk53JHp/Cjunrr1WlsXSZpqXn+uREuHvUVcK82CV8=
github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a h1:2zG9YY77/Nv+dMcAA3EzRwoUWP0cWmQIuAumhEYZtNQ=
github.com/knqyf263/fanal v0.0.0-20190514052804-ca40e6cb0e1a/go.mod h1:HTp1oNm2dPtIooJCspQHukx37GjPpj5DHuqlebTp4TI=
github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b h1:DiDMmSwuY27PJxA2Gs0+uI/bQ/ehKARaGXRdlp+wFis=
github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 h1:RPgPsbEsYj6LuOjZnKl2DvbfodNWRuWKZfWJkrD7l8s=
github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261/go.mod h1:gSiqSkOFPstUZu/qZ4wnNJS69PtQQnPl397vxKHJ5mQ=
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4Kn3JPupAwwWuo4AzYp16P0OyLO9d7OnMZc/c=
github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 h1:HDjRqotkViMNcGMGicb7cgxklx8OwnjtCBmyWEqrRvM=
github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936/go.mod h1:i4sF0l1fFnY1aiw08QQSwVAFxHEm311Me3WsU/X7nL0=
github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc/go.mod h1:MrSSvdMpTSymaQWk1yFr9sxFSyQmKMj6jkbvGrchBV8=
@@ -127,10 +137,10 @@ github.com/knqyf263/go-version v1.1.1 h1:+MpcBC9b7rk5ihag8Y/FLG8get1H2GjniwKQ+9D
github.com/knqyf263/go-version v1.1.1/go.mod h1:0tBvHvOBSf5TqGNcY+/ih9o8qo3R16iZCpB9rP0D3VM=
github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=
github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
github.com/knqyf263/tablewriter v0.0.2 h1:lGaBruL/oJt8FAlMVy9KU0oQ/6NXAJjvK7wBgZyc+Og=
github.com/knqyf263/tablewriter v0.0.2/go.mod h1:NDOJQAZxabBL3e13jQVktkvbr6bxXXPon8Lyh7fRPPc=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -152,9 +162,12 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a h1:0LD5FJGQpEyD78OdhX97W75RjYmMjfLPp1ePrk5URxs=
github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2 h1:QhPf3A2AZW3tTGvHPg0TA+CR3oHbVLlXUhlghqISp1I=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -173,27 +186,36 @@ github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_golang v0.0.0-20180924113449-f69c853d21c1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829 h1:D+CiwcpGTW6pL6bv6KI3KbyEyCKyS+1JWS2h8PNDnGA=
github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
github.com/prometheus/client_golang v0.9.3 h1:9iH4JKXLzFbOAdtqv/a+j8aewx2Y8lAjAydhbaScPF8=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f h1:BVwpUVJDADN2ufcGik7W992pyps0wZ888b/y9GXcLTU=
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.2.0 h1:kUZDBDTdBVBYBj5Tmh2NZLlF60mfjA27rM34b+cVwNU=
github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/procfs v0.0.0-20180920065004-418d78d0b9a7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/common v0.4.0 h1:7etb9YClo3a6HjLzfl6rIQaU+FDfi0VSX39io3aQ+DM=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1 h1:/K3IL0Z1quvmJ7X0A1AwNEK7CRkVK3YwfOU/QAL4WGg=
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084 h1:sofwID9zm4tzrgykg80hfFph1mryUeLRsUfoocVVmRY=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/shurcooL/httpfs v0.0.0-20181222201310-74dc9339e414/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -201,8 +223,8 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/tomoyamachi/reg v0.16.2-0.20190418055600-c6010b917a55 h1:O7Xl4zpk6zjYnwxUd7lubrx7xdzQ+PqfTgaxLE9nF+o=
github.com/tomoyamachi/reg v0.16.2-0.20190418055600-c6010b917a55/go.mod h1:12Fe9EIvK3dG/qWhNk5e9O96I8SGmCKLsJ8GsXUbk+Y=
github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00 h1:0e4vRd9YqnQBIAIAE39jLKDWffRfJWxloyWwcaMAQho=
github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00/go.mod h1:RQE7h2jyIxekQZ24/wad0c9RGP+KSq4XzHh7h83ALi8=
github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/xanzy/ssh-agent v0.2.0/go.mod h1:0NyE30eGUDliuLEHJgYte/zncp2zdTStcOnWhgSqHD8=
@@ -218,27 +240,25 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/
go.uber.org/zap v1.9.1 h1:XCJQEf3W6eZaVwhRBof6ImoYGJSITeKWsyeh3HFu/5o=
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5 h1:bselrhR0Or1vomJZC8ZIjWtbDmn9OYFLX5Ik9alpJpE=
golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180925072008-f04abc6bdfa7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c h1:uOCk1iQW6Vc18bnC13MfzScl+wdKBmM9Y9kU7Z83/lw=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421 h1:Wo7BWFiOk0QRFMLYMqJGFMd9CgUAcGx7V+qEg/h5IBI=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -246,29 +266,37 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180925112736-b09afc3d579e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67 h1:1Fzlr8kkDLQwqMP8GxrhptBLqZG/EDpiATneiZHY998=
golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e h1:bq5BY1tGuaK8HxuwN6pT6kWgTVLeJ5KwuyBpsl1CZL4=
golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2 h1:z99zHgr7hKfrUcX/KsoJk5FJfjTceCKIp96+biqP4To=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c h1:fqgJT0MGcGpPgpWU7VRdRjuArfcOvC4AoJmILihzhDg=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190503185657-3b6f9c0030f7/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373 h1:PPwnA7z1Pjf7XYaBP9GL1VAMZmcIWyFz7QCMSIIa3Bg=
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
@@ -276,15 +304,16 @@ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9Ywl
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20180924164928-221a8d4f7494/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107 h1:xtNn7qFlagY2mQNFHMSRPjT2RkOV4OXM7P5TVy9xATo=
google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/grpc v1.15.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 h1:nfPFGzJkUDX6uBmpN/pSw7MbOAWegH5QDQuoXFHedLg=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0 h1:cfg4PD8YEdSFnm7qLV4++93WcmhH2nIUhMjhdCvl3j8=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
@@ -292,7 +321,6 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/cheggaaa/pb.v1 v1.0.28 h1:n1tBJnnK2r7g9OW2btFH91V92STTUevLXYFb8gy9EMk=
gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
gopkg.in/src-d/go-billy.v4 v4.2.1/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
gopkg.in/src-d/go-billy.v4 v4.3.0 h1:KtlZ4c1OWbIs4jCv5ZXrTqG8EQocr0g/d4DjNg70aek=
gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
@@ -307,8 +335,8 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gotest.tools v2.1.0+incompatible h1:5USw7CrJBYKqjg9R7QlA6jzqZKEAtvW82aNmsxxGPxw=
gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

8
goreleaser.yml
View File

@@ -28,8 +28,8 @@ nfpm:
- rpm
dependencies:
- rpm
vendor: "knqyf263"
homepage: "https://github.com/knqyf263"
vendor: "aquasecurity"
homepage: "https://github.com/aquasecurity"
maintainer: "Teppei Fukuda <knqyf263@gmail.com>"
description: "A Fast Vulnerability Scanner for Containers"
license: "MIT"
@@ -71,11 +71,11 @@ archive:
brew:
github:
owner: knqyf263
owner: aquasecurity
name: homebrew-trivy
dependencies:
- rpm
homepage: "https://github.com/knqyf263/trivy"
homepage: "https://github.com/aquasecurity/trivy"
description: ""
test: |
system "#{bin}/program --version"

BIN
imgs/alpine_comparison.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

BIN
imgs/logo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 9.8 KiB

BIN
imgs/usage1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 315 KiB

BIN
imgs/usage2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 215 KiB

19
misc/eol/data/debian.csv Normal file
View File

@@ -0,0 +1,19 @@
1.1,Buzz,buzz,1993-08-16,1996-06-17,1997-06-05
1.2,Rex,rex,1996-06-17,1996-12-12,1998-06-05
1.3,Bo,bo,1996-12-12,1997-06-05,1999-03-09
2.0,Hamm,hamm,1997-06-05,1998-07-24,2000-03-09
2.1,Slink,slink,1998-07-24,1999-03-09,2000-10-30
2.2,Potato,potato,1999-03-09,2000-08-15,2003-07-30
3.0,Woody,woody,2000-08-15,2002-07-19,2006-06-30
3.1,Sarge,sarge,2002-07-19,2005-06-06,2008-03-30
4.0,Etch,etch,2005-06-06,2007-04-08,2010-02-15
5.0,Lenny,lenny,2007-04-08,2009-02-14,2012-02-06
6.0,Squeeze,squeeze,2009-02-14,2011-02-06,2014-05-31
7,Wheezy,wheezy,2011-02-06,2013-05-04,2016-04-26
8,Jessie,jessie,2013-05-04,2015-04-25,2018-06-06
9,Stretch,stretch,2015-04-25,2017-06-17
10,Buster,buster,2017-06-17
11,Bullseye,bullseye,2019-08-01
12,Bookworm,bookworm,2021-08-01
,Sid,sid,1993-08-16
,Experimental,experimental,1993-08-16
1 1.1 Buzz buzz 1993-08-16 1996-06-17 1997-06-05
2 1.2 Rex rex 1996-06-17 1996-12-12 1998-06-05
3 1.3 Bo bo 1996-12-12 1997-06-05 1999-03-09
4 2.0 Hamm hamm 1997-06-05 1998-07-24 2000-03-09
5 2.1 Slink slink 1998-07-24 1999-03-09 2000-10-30
6 2.2 Potato potato 1999-03-09 2000-08-15 2003-07-30
7 3.0 Woody woody 2000-08-15 2002-07-19 2006-06-30
8 3.1 Sarge sarge 2002-07-19 2005-06-06 2008-03-30
9 4.0 Etch etch 2005-06-06 2007-04-08 2010-02-15
10 5.0 Lenny lenny 2007-04-08 2009-02-14 2012-02-06
11 6.0 Squeeze squeeze 2009-02-14 2011-02-06 2014-05-31
12 7 Wheezy wheezy 2011-02-06 2013-05-04 2016-04-26
13 8 Jessie jessie 2013-05-04 2015-04-25 2018-06-06
14 9 Stretch stretch 2015-04-25 2017-06-17
15 10 Buster buster 2017-06-17
16 11 Bullseye bullseye 2019-08-01
17 12 Bookworm bookworm 2021-08-01
18 Sid sid 1993-08-16
19 Experimental experimental 1993-08-16

31
misc/eol/data/ubuntu.csv Normal file
View File

@@ -0,0 +1,31 @@
4.10,Warty Warthog,warty,2004-03-05,2004-10-20,2006-04-30
5.04,Hoary Hedgehog,hoary,2004-10-20,2005-04-08,2006-10-31
5.10,Breezy Badger,breezy,2005-04-08,2005-10-12,2007-04-13
6.06 LTS,Dapper Drake,dapper,2005-10-12,2006-06-01,2009-07-14,2011-06-01
6.10,Edgy Eft,edgy,2006-06-01,2006-10-26,2008-04-25
7.04,Feisty Fawn,feisty,2006-10-26,2007-04-19,2008-10-19
7.10,Gutsy Gibbon,gutsy,2007-04-19,2007-10-18,2009-04-18
8.04 LTS,Hardy Heron,hardy,2007-10-18,2008-04-24,2011-05-12,2013-05-09
8.10,Intrepid Ibex,intrepid,2008-04-24,2008-10-30,2010-04-30
9.04,Jaunty Jackalope,jaunty,2008-10-30,2009-04-23,2010-10-23
9.10,Karmic Koala,karmic,2009-04-23,2009-10-29,2011-04-29
10.04 LTS,Lucid Lynx,lucid,2009-10-29,2010-04-29,2013-05-09,2015-04-29
10.10,Maverick Meerkat,maverick,2010-04-29,2010-10-10,2012-04-10
11.04,Natty Narwhal,natty,2010-10-10,2011-04-28,2012-10-28
11.10,Oneiric Ocelot,oneiric,2011-04-28,2011-10-13,2013-05-09
12.04 LTS,Precise Pangolin,precise,2011-10-13,2012-04-26,2017-04-26,2017-04-26,2019-04-26
12.10,Quantal Quetzal,quantal,2012-04-26,2012-10-18,2014-05-16
13.04,Raring Ringtail,raring,2012-10-18,2013-04-25,2014-01-27
13.10,Saucy Salamander,saucy,2013-04-25,2013-10-17,2014-07-17
14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-25,2019-04-25,2022-04-25
14.10,Utopic Unicorn,utopic,2014-04-17,2014-10-23,2015-07-23
15.04,Vivid Vervet,vivid,2014-10-23,2015-04-23,2016-01-23
15.10,Wily Werewolf,wily,2015-04-23,2015-10-22,2016-07-22
16.04 LTS,Xenial Xerus,xenial,2015-10-22,2016-04-21,2021-04-21,2021-04-21,2024-04-21
16.10,Yakkety Yak,yakkety,2016-04-21,2016-10-13,2017-07-20
17.04,Zesty Zapus,zesty,2016-10-13,2017-04-13,2018-01-13
17.10,Artful Aardvark,artful,2017-04-13,2017-10-19,2018-07-19
18.04 LTS,Bionic Beaver,bionic,2017-10-19,2018-04-26,2023-04-26,2023-04-26,2028-04-26
18.10,Cosmic Cuttlefish,cosmic,2018-04-26,2018-10-18,2019-07-18
19.04,Disco Dingo,disco,2018-10-18,2019-04-18,2020-01-18
19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17
1 4.10,Warty Warthog,warty,2004-03-05,2004-10-20,2006-04-30
2 5.04,Hoary Hedgehog,hoary,2004-10-20,2005-04-08,2006-10-31
3 5.10,Breezy Badger,breezy,2005-04-08,2005-10-12,2007-04-13
4 6.06 LTS,Dapper Drake,dapper,2005-10-12,2006-06-01,2009-07-14,2011-06-01
5 6.10,Edgy Eft,edgy,2006-06-01,2006-10-26,2008-04-25
6 7.04,Feisty Fawn,feisty,2006-10-26,2007-04-19,2008-10-19
7 7.10,Gutsy Gibbon,gutsy,2007-04-19,2007-10-18,2009-04-18
8 8.04 LTS,Hardy Heron,hardy,2007-10-18,2008-04-24,2011-05-12,2013-05-09
9 8.10,Intrepid Ibex,intrepid,2008-04-24,2008-10-30,2010-04-30
10 9.04,Jaunty Jackalope,jaunty,2008-10-30,2009-04-23,2010-10-23
11 9.10,Karmic Koala,karmic,2009-04-23,2009-10-29,2011-04-29
12 10.04 LTS,Lucid Lynx,lucid,2009-10-29,2010-04-29,2013-05-09,2015-04-29
13 10.10,Maverick Meerkat,maverick,2010-04-29,2010-10-10,2012-04-10
14 11.04,Natty Narwhal,natty,2010-10-10,2011-04-28,2012-10-28
15 11.10,Oneiric Ocelot,oneiric,2011-04-28,2011-10-13,2013-05-09
16 12.04 LTS,Precise Pangolin,precise,2011-10-13,2012-04-26,2017-04-26,2017-04-26,2019-04-26
17 12.10,Quantal Quetzal,quantal,2012-04-26,2012-10-18,2014-05-16
18 13.04,Raring Ringtail,raring,2012-10-18,2013-04-25,2014-01-27
19 13.10,Saucy Salamander,saucy,2013-04-25,2013-10-17,2014-07-17
20 14.04 LTS,Trusty Tahr,trusty,2013-10-17,2014-04-17,2019-04-25,2019-04-25,2022-04-25
21 14.10,Utopic Unicorn,utopic,2014-04-17,2014-10-23,2015-07-23
22 15.04,Vivid Vervet,vivid,2014-10-23,2015-04-23,2016-01-23
23 15.10,Wily Werewolf,wily,2015-04-23,2015-10-22,2016-07-22
24 16.04 LTS,Xenial Xerus,xenial,2015-10-22,2016-04-21,2021-04-21,2021-04-21,2024-04-21
25 16.10,Yakkety Yak,yakkety,2016-04-21,2016-10-13,2017-07-20
26 17.04,Zesty Zapus,zesty,2016-10-13,2017-04-13,2018-01-13
27 17.10,Artful Aardvark,artful,2017-04-13,2017-10-19,2018-07-19
28 18.04 LTS,Bionic Beaver,bionic,2017-10-19,2018-04-26,2023-04-26,2023-04-26,2028-04-26
29 18.10,Cosmic Cuttlefish,cosmic,2018-04-26,2018-10-18,2019-07-18
30 19.04,Disco Dingo,disco,2018-10-18,2019-04-18,2020-01-18
31 19.10,Eoan Ermine,eoan,2019-04-18,2019-10-17,2020-07-17

56
misc/eol/main.go Normal file
View File

@@ -0,0 +1,56 @@
package main
import (
"bufio"
"fmt"
"os"
"strings"
"time"
)
// This script displays EOL dates
func main() {
fmt.Println("Debian")
debianEOL()
fmt.Println("\nUbuntu")
ubuntuEOL()
}
func debianEOL() {
f, err := os.Open("data/debian.csv")
if err != nil {
panic(err)
}
defer f.Close()
scanner := bufio.NewScanner(f)
for scanner.Scan() {
line := scanner.Text()
fields := strings.Split(line, ",")
if len(fields) < 6 && fields[0] != "" {
fmt.Printf("\"%s\": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),\n", fields[0])
} else if len(fields) == 6 {
eol, _ := time.Parse("2006-1-2", fields[5])
fmt.Printf("\"%s\": time.Date(%d, %d, %d, 23, 59, 59, 0, time.UTC),\n", fields[0], eol.Year(), eol.Month(), eol.Day())
}
}
}
func ubuntuEOL() {
f, err := os.Open("data/ubuntu.csv")
if err != nil {
panic(err)
}
defer f.Close()
scanner := bufio.NewScanner(f)
for scanner.Scan() {
line := scanner.Text()
fields := strings.Split(line, ",")
eol, _ := time.Parse("2006-1-2", fields[len(fields)-1])
fmt.Printf("\"%s\": time.Date(%d, %d, %d, 23, 59, 59, 0, time.UTC),\n", strings.Fields(fields[0])[0], eol.Year(), eol.Month(), eol.Day())
}
}

26
pkg/db/db.go
View File

@@ -5,21 +5,22 @@ import (
"os"
"path/filepath"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/utils"
bolt "github.com/etcd-io/bbolt"
)
var (
db *bolt.DB
dbDir = filepath.Join(utils.CacheDir(), "db")
dbDir string
)
func Init() (err error) {
dbDir = filepath.Join(utils.CacheDir(), "db")
if err = os.MkdirAll(dbDir, 0700); err != nil {
return xerrors.Errorf("failed to mkdir: %w", err)
}
@@ -33,10 +34,25 @@ func Init() (err error) {
return nil
}
func Close() error {
if err := db.Close(); err != nil {
return xerrors.Errorf("failed to close DB: %w", err)
}
return nil
}
func Reset() error {
if err := Close(); err != nil {
return xerrors.Errorf("failed to reset DB: %w", err)
}
if err := os.RemoveAll(dbDir); err != nil {
return xerrors.Errorf("failed to reset DB: %w", err)
}
if err := Init(); err != nil {
return xerrors.Errorf("failed to reset DB: %w", err)
}
return nil
}
@@ -89,9 +105,7 @@ func Put(root *bolt.Bucket, nestedBucket, key string, value interface{}) error {
return nested.Put([]byte(key), v)
}
func BatchUpdate(fn func(tx *bolt.Tx) error) error {
err := db.Batch(func(tx *bolt.Tx) error {
return fn(tx)
})
err := db.Batch(fn)
if err != nil {
return xerrors.Errorf("error in batch update: %w", err)
}

10
pkg/git/git.go
View File

@@ -5,10 +5,10 @@ import (
"path/filepath"
"strings"
"github.com/knqyf263/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/utils"
"golang.org/x/xerrors"
git "gopkg.in/src-d/go-git.v4"
"gopkg.in/src-d/go-git.v4/plumbing/object"
@@ -38,7 +38,7 @@ func CloneOrPull(url, repoPath string) (map[string]struct{}, error) {
}
log.Logger.Debug("remove an existed directory")
suffix := " The first time will take a while..."
suffix := " It will take a while for the first time..."
s := utils.NewSpinner(suffix)
s.Start()
defer s.Stop()
@@ -92,7 +92,7 @@ func clone(url, repoPath string) error {
}
func cloneByOSCommand(url, repoPath string) error {
commandAndArgs := []string{"clone", url, repoPath}
commandAndArgs := []string{"clone", "--depth=1", url, repoPath}
_, err := utils.Exec("git", commandAndArgs)
if err != nil {
return xerrors.Errorf("error in git clone: %w", err)

29
pkg/log/logger.go
View File

@@ -1,15 +1,21 @@
package log
import (
"os"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"golang.org/x/xerrors"
)
var Logger *zap.SugaredLogger
var (
Logger *zap.SugaredLogger
debugOption bool
)
func InitLogger(debug bool) (err error) {
Logger, err = newLogger(debug)
func InitLogger(debug, disable bool) (err error) {
debugOption = debug
Logger, err = newLogger(debug, disable)
if err != nil {
return xerrors.Errorf("error in new logger: %w", err)
}
@@ -17,7 +23,7 @@ func InitLogger(debug bool) (err error) {
}
func newLogger(debug bool) (*zap.SugaredLogger, error) {
func newLogger(debug, disable bool) (*zap.SugaredLogger, error) {
level := zap.NewAtomicLevel()
if debug {
level.SetLevel(zapcore.DebugLevel)
@@ -29,8 +35,8 @@ func newLogger(debug bool) (*zap.SugaredLogger, error) {
Level: level,
Encoding: "console",
Development: debug,
DisableStacktrace: !debug,
DisableCaller: !debug,
DisableStacktrace: true,
DisableCaller: true,
EncoderConfig: zapcore.EncoderConfig{
TimeKey: "Time",
LevelKey: "Level",
@@ -46,6 +52,10 @@ func newLogger(debug bool) (*zap.SugaredLogger, error) {
OutputPaths: []string{"stdout"},
ErrorOutputPaths: []string{"stderr"},
}
if disable {
myConfig.OutputPaths = []string{os.DevNull}
myConfig.ErrorOutputPaths = []string{os.DevNull}
}
logger, err := myConfig.Build()
if err != nil {
return nil, xerrors.Errorf("failed to build zap config: %w", err)
@@ -53,3 +63,10 @@ func newLogger(debug bool) (*zap.SugaredLogger, error) {
return logger.Sugar(), nil
}
func Fatal(err error) {
if debugOption {
Logger.Fatalf("%+v", err)
}
Logger.Fatal(err)
}

21
pkg/report/writer.go
View File

@@ -4,11 +4,12 @@ import (
"encoding/json"
"fmt"
"io"
"os"
"strings"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/olekukonko/tablewriter"
)
@@ -16,8 +17,8 @@ import (
type Results []Result
type Result struct {
FileName string `json:"file"`
Vulnerabilities []vulnerability.DetectedVulnerability
FileName string `json:"Target"`
Vulnerabilities []vulnerability.DetectedVulnerability `json:"Vulnerabilities"`
}
type Writer interface {
@@ -50,8 +51,12 @@ func (tw TableWriter) write(result Result) {
if len(splittedTitle) >= 12 {
title = strings.Join(splittedTitle[:12], " ") + "..."
}
table.Append([]string{v.PkgName, v.VulnerabilityID, vulnerability.ColorizeSeverity(v.Severity),
v.InstalledVersion, v.FixedVersion, title})
if tw.Output == os.Stdout {
table.Append([]string{v.PkgName, v.VulnerabilityID, vulnerability.ColorizeSeverity(v.Severity),
v.InstalledVersion, v.FixedVersion, title})
} else {
table.Append([]string{v.PkgName, v.VulnerabilityID, v.Severity, v.InstalledVersion, v.FixedVersion, title})
}
}
var results []string
@@ -79,11 +84,7 @@ type JsonWriter struct {
}
func (jw JsonWriter) Write(results Results) error {
out := map[string][]vulnerability.DetectedVulnerability{}
for _, result := range results {
out[result.FileName] = result.Vulnerabilities
}
output, err := json.MarshalIndent(out, "", " ")
output, err := json.MarshalIndent(results, "", " ")
if err != nil {
return xerrors.Errorf("failed to marshal json: %w", err)
}

152
pkg/run.go
View File

@@ -5,33 +5,36 @@ import (
"os"
"strings"
"github.com/knqyf263/fanal/cache"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/report"
"github.com/knqyf263/trivy/pkg/scanner"
"github.com/knqyf263/trivy/pkg/vulnsrc"
"github.com/aquasecurity/fanal/cache"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/report"
"github.com/aquasecurity/trivy/pkg/scanner"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/genuinetools/reg/registry"
"github.com/urfave/cli"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/log"
)
func Run(c *cli.Context) (err error) {
cliVersion := c.App.Version
if c.Bool("quiet") || c.Bool("no-progress") {
utils.Quiet = true
}
debug := c.Bool("debug")
if err = log.InitLogger(debug); err != nil {
if err = log.InitLogger(debug, c.Bool("quiet")); err != nil {
l.Fatal(err)
}
utils.SetCacheDir(c.String("cache-dir"))
log.Logger.Debugf("cache dir: %s", utils.CacheDir())
if c.Bool("reset") {
reset := c.Bool("reset")
if reset {
log.Logger.Info("Resetting...")
if err = cache.Clear(); err != nil {
return xerrors.New("failed to remove image layer cache")
@@ -42,21 +45,81 @@ func Run(c *cli.Context) (err error) {
return nil
}
if c.Bool("clear-cache") {
clearCache := c.Bool("clear-cache")
if clearCache {
log.Logger.Info("Removing image caches...")
if err = cache.Clear(); err != nil {
return xerrors.New("failed to remove image layer cache")
}
}
refresh := c.Bool("refresh")
args := c.Args()
var noTarget bool
filePath := c.String("input")
if filePath == "" && len(args) == 0 {
log.Logger.Info(`trivy" requires at least 1 argument or --input option.`)
cli.ShowAppHelpAndExit(c, 1)
noTarget = true
if !reset && !clearCache && !refresh {
log.Logger.Info(`trivy" requires at least 1 argument or --input option.`)
cli.ShowAppHelpAndExit(c, 1)
}
}
utils.Quiet = c.Bool("quiet")
autoRefresh := c.Bool("auto-refresh")
skipUpdate := c.Bool("skip-update")
onlyUpdate := c.String("only-update")
if refresh || autoRefresh {
if skipUpdate {
return xerrors.New("The --skip-update option can not be specified with the --refresh or --auto-refresh option")
}
if onlyUpdate != "" {
return xerrors.New("The --only-update option can not be specified with the --refresh or --auto-refresh option")
}
}
if skipUpdate && onlyUpdate != "" {
return xerrors.New("The --skip-update and --only-update option can not be specified both")
}
if err = db.Init(); err != nil {
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
}
needRefresh := false
dbVersion := db.GetVersion()
if dbVersion != "" && dbVersion != cliVersion {
if !refresh && !autoRefresh {
return xerrors.New("Detected version update of trivy. Please try again with --refresh or --auto-refresh option")
}
needRefresh = true
}
if refresh || needRefresh {
log.Logger.Info("Refreshing DB...")
if err = db.Reset(); err != nil {
return xerrors.Errorf("error in refresh DB: %w", err)
}
}
updateTargets := vulnsrc.UpdateList
if onlyUpdate != "" {
log.Logger.Warn("The --only-update option may cause the vulnerability details such as severity and title not to be displayed")
updateTargets = strings.Split(onlyUpdate, ",")
}
if !skipUpdate {
if err = vulnsrc.Update(updateTargets); err != nil {
return xerrors.Errorf("error in vulnerability DB update: %w", err)
}
}
if err = db.SetVersion(cliVersion); err != nil {
return xerrors.Errorf("unexpected error: %w", err)
}
// When specifying no image name and file name
if noTarget {
return nil
}
o := c.String("output")
output := os.Stdout
@@ -76,40 +139,33 @@ func Run(c *cli.Context) (err error) {
severities = append(severities, severity)
}
if c.Bool("refresh") {
log.Logger.Info("Resetting DB...")
if err = db.Reset(); err != nil {
return xerrors.Errorf("error in refresh DB: %w", err)
}
}
if err = db.Init(); err != nil {
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
}
dbVersion := db.GetVersion()
if dbVersion != "" && dbVersion != cliVersion {
log.Logger.Fatal("Detected version update of trivy. Please try again with --refresh option")
}
if !c.Bool("skip-update") {
if err = vulnsrc.Update(); err != nil {
return xerrors.Errorf("error in vulnerability DB update: %w", err)
}
}
ignoreUnfixed := c.Bool("ignore-unfixed")
var imageName string
if filePath == "" {
imageName = args[0]
}
vulns, err := scanner.ScanImage(imageName, filePath)
// Check whether 'latest' tag is used
if imageName != "" {
image, err := registry.ParseImage(imageName)
if err != nil {
return xerrors.Errorf("invalid image: %w", err)
}
if image.Tag == "latest" && !clearCache {
log.Logger.Warn("You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed")
}
}
scanOptions := types.ScanOptions{VulnType: strings.Split(c.String("vuln-type"), ",")}
log.Logger.Debugf("Vulnerability type: %s", scanOptions.VulnType)
vulns, err := scanner.ScanImage(imageName, filePath, scanOptions)
if err != nil {
return xerrors.Errorf("error in image scan: %w", err)
}
var results report.Results
ignoreUnfixed := c.Bool("ignore-unfixed")
for path, vuln := range vulns {
results = append(results, report.Result{
FileName: path,
@@ -118,23 +174,19 @@ func Run(c *cli.Context) (err error) {
}
var writer report.Writer
switch c.String("format") {
switch format := c.String("format"); format {
case "table":
writer = &report.TableWriter{Output: output}
case "json":
writer = &report.JsonWriter{Output: output}
default:
xerrors.New("unknown format")
return xerrors.Errorf("unknown format: %v", format)
}
if err = writer.Write(results); err != nil {
return xerrors.Errorf("failed to write results: %w", err)
}
if err = db.SetVersion(cliVersion); err != nil {
return xerrors.Errorf("unexpected error: %w", err)
}
exitCode := c.Int("exit-code")
if exitCode != 0 {
for _, result := range results {

17
pkg/scanner/library/bundler/advisory.go
View File

@@ -8,13 +8,13 @@ import (
"github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/git"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/utils"
"gopkg.in/yaml.v2"
)
@@ -23,7 +23,7 @@ const (
)
var (
repoPath = filepath.Join(utils.CacheDir(), "ruby-advisory-db")
repoPath string
)
type AdvisoryDB map[string][]Advisory
@@ -32,6 +32,7 @@ type Advisory struct {
Gem string
Cve string
Osvdb string
Ghsa string
Title string
Url string
Description string
@@ -48,6 +49,7 @@ type Related struct {
}
func (s *Scanner) UpdateDB() (err error) {
repoPath = filepath.Join(utils.CacheDir(), "ruby-advisory-db")
if _, err := git.CloneOrPull(dbURL, repoPath); err != nil {
return xerrors.Errorf("error in %s security DB update: %w", s.Type(), err)
}
@@ -88,7 +90,12 @@ func (s *Scanner) walk() (AdvisoryDB, error) {
vulnerabilityID = fmt.Sprintf("CVE-%s", advisory.Cve)
} else if advisory.Osvdb != "" {
vulnerabilityID = fmt.Sprintf("OSVDB-%s", advisory.Osvdb)
} else if advisory.Ghsa != "" {
vulnerabilityID = fmt.Sprintf("GHSA-%s", advisory.Ghsa)
} else {
return nil
}
vulns = append(vulns, vulnerability.Vulnerability{
ID: vulnerabilityID,
CvssScore: advisory.CvssV2,

8
pkg/scanner/library/bundler/scan.go
View File

@@ -5,12 +5,12 @@ import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/go-dep-parser/pkg/bundler"
ptypes "github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/aquasecurity/go-dep-parser/pkg/bundler"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"golang.org/x/xerrors"
)

11
pkg/scanner/library/cargo/advisory.go
View File

@@ -9,13 +9,13 @@ import (
"github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/git"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/utils"
)
const (
@@ -23,7 +23,7 @@ const (
)
var (
repoPath = filepath.Join(utils.CacheDir(), "rust-advisory-db")
repoPath string
)
type AdvisoryDB map[string][]Lockfile
@@ -45,6 +45,7 @@ type Advisory struct {
}
func (s *Scanner) UpdateDB() (err error) {
repoPath = filepath.Join(utils.CacheDir(), "rust-advisory-db")
if _, err := git.CloneOrPull(dbURL, repoPath); err != nil {
return xerrors.Errorf("error in %s security DB update: %w", s.Type(), err)
}

8
pkg/scanner/library/cargo/scan.go
View File

@@ -4,12 +4,12 @@ import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/go-dep-parser/pkg/cargo"
ptypes "github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/aquasecurity/go-dep-parser/pkg/cargo"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"golang.org/x/xerrors"
)

20
pkg/scanner/library/composer/advisory.go
View File

@@ -6,15 +6,14 @@ import (
"path/filepath"
"strings"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/git"
"gopkg.in/yaml.v2"
)
@@ -23,7 +22,7 @@ const (
)
var (
repoPath = filepath.Join(utils.CacheDir(), "php-security-advisories")
repoPath string
)
type AdvisoryDB map[string][]Advisory
@@ -41,6 +40,7 @@ type Branch struct {
}
func (s *Scanner) UpdateDB() (err error) {
repoPath = filepath.Join(utils.CacheDir(), "php-security-advisories")
if _, err := git.CloneOrPull(dbURL, repoPath); err != nil {
return err
}
@@ -73,9 +73,15 @@ func (s *Scanner) walk() (AdvisoryDB, error) {
}
advisoryDB[advisory.Reference] = append(advisories, advisory)
vulnerabilityID := advisory.Cve
if vulnerabilityID == "" {
// e.g. CVE-2019-12139.yaml => CVE-2019-12139
vulnerabilityID = strings.TrimSuffix(info.Name(), ".yaml")
}
// for displaying vulnerability detail
vulns = append(vulns, vulnerability.Vulnerability{
ID: advisory.Cve,
ID: vulnerabilityID,
References: []string{advisory.Link},
Title: advisory.Title,
})

8
pkg/scanner/library/composer/scan.go
View File

@@ -5,14 +5,14 @@ import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/go-dep-parser/pkg/composer"
ptypes "github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/aquasecurity/go-dep-parser/pkg/composer"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
)
const (

13
pkg/scanner/library/npm/advisory.go → pkg/scanner/library/node/advisory.go
View File

@@ -1,4 +1,4 @@
package npm
package node
import (
"encoding/json"
@@ -10,13 +10,13 @@ import (
"github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/db"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/git"
)
const (
@@ -24,7 +24,7 @@ const (
)
var (
repoPath = filepath.Join(utils.CacheDir(), "nodejs-security-wg")
repoPath string
)
type AdvisoryDB map[string][]Advisory
@@ -44,6 +44,7 @@ type Advisory struct {
}
func (s *Scanner) UpdateDB() (err error) {
repoPath = filepath.Join(utils.CacheDir(), "nodejs-security-wg")
if _, err := git.CloneOrPull(dbURL, repoPath); err != nil {
return err
}

43
pkg/scanner/library/npm/scan.go → pkg/scanner/library/node/scan.go
View File

@@ -1,30 +1,33 @@
package npm
package node
import (
"fmt"
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
version "github.com/knqyf263/go-version"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/go-dep-parser/pkg/npm"
ptypes "github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/go-dep-parser/pkg/npm"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/aquasecurity/go-dep-parser/pkg/yarn"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
)
const (
scannerType = "npm"
ScannerTypeNpm = "npm"
ScannerTypeYarn = "yarn"
)
type Scanner struct {
db AdvisoryDB
db AdvisoryDB
scannerType string
}
func NewScanner() *Scanner {
return &Scanner{}
func NewScanner(scannerType string) *Scanner {
return &Scanner{scannerType: scannerType}
}
func (s *Scanner) Detect(pkgName string, pkgVer *version.Version) ([]vulnerability.DetectedVulnerability, error) {
@@ -72,12 +75,28 @@ func (s *Scanner) Detect(pkgName string, pkgVer *version.Version) ([]vulnerabili
}
func (s *Scanner) ParseLockfile(f *os.File) ([]ptypes.Library, error) {
if s.Type() == ScannerTypeNpm {
return s.parseNpm(f)
}
return s.parseYarn(f)
}
func (s *Scanner) parseNpm(f *os.File) ([]ptypes.Library, error) {
libs, err := npm.Parse(f)
if err != nil {
return nil, xerrors.Errorf("invalid package-lock.json format: %w", err)
}
return libs, nil
}
func (s *Scanner) Type() string {
return scannerType
func (s *Scanner) parseYarn(f *os.File) ([]ptypes.Library, error) {
libs, err := yarn.Parse(f)
if err != nil {
return nil, xerrors.Errorf("invalid yarn.lock format: %w", err)
}
return libs, nil
}
func (s *Scanner) Type() string {
return s.scannerType
}

13
pkg/scanner/library/pipenv/advisory.go → pkg/scanner/library/python/advisory.go
View File

@@ -1,4 +1,4 @@
package pipenv
package python
import (
"encoding/json"
@@ -7,14 +7,14 @@ import (
"github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/db"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/git"
)
const (
@@ -22,7 +22,7 @@ const (
)
var (
repoPath = filepath.Join(utils.CacheDir(), "python-safety-db")
repoPath string
)
type AdvisoryDB map[string][]Advisory
@@ -36,6 +36,7 @@ type Advisory struct {
}
func (s *Scanner) UpdateDB() (err error) {
repoPath = filepath.Join(utils.CacheDir(), "python-safety-db")
if _, err := git.CloneOrPull(dbURL, repoPath); err != nil {
return err
}

41
pkg/scanner/library/pipenv/scan.go → pkg/scanner/library/python/scan.go
View File

@@ -1,29 +1,32 @@
package pipenv
package python
import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/go-dep-parser/pkg/pipenv"
ptypes "github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/aquasecurity/go-dep-parser/pkg/pipenv"
"github.com/aquasecurity/go-dep-parser/pkg/poetry"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
)
const (
scannerType = "pipenv"
ScannerTypePipenv = "pipenv"
ScannerTypePoetry = "poetry"
)
type Scanner struct {
db AdvisoryDB
db AdvisoryDB
scannerType string
}
func NewScanner() *Scanner {
return &Scanner{}
func NewScanner(scannerType string) *Scanner {
return &Scanner{scannerType: scannerType}
}
func (s *Scanner) Detect(pkgName string, pkgVer *version.Version) ([]vulnerability.DetectedVulnerability, error) {
@@ -63,12 +66,28 @@ func createFixedVersions(specs []string) string {
}
func (s *Scanner) ParseLockfile(f *os.File) ([]ptypes.Library, error) {
if s.Type() == ScannerTypePipenv {
return s.parsePipenv(f)
}
return s.parsePoetry(f)
}
func (s *Scanner) parsePipenv(f *os.File) ([]ptypes.Library, error) {
libs, err := pipenv.Parse(f)
if err != nil {
return nil, xerrors.Errorf("invalid Pipfile.lock format: %w", err)
}
return libs, nil
}
func (s *Scanner) Type() string {
return scannerType
func (s *Scanner) parsePoetry(f *os.File) ([]ptypes.Library, error) {
libs, err := poetry.Parse(f)
if err != nil {
return nil, xerrors.Errorf("invalid poetry.lock format: %w", err)
}
return libs, nil
}
func (s *Scanner) Type() string {
return s.scannerType
}

47
pkg/scanner/library/scan.go
View File

@@ -4,23 +4,26 @@ import (
"os"
"path/filepath"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/fanal/analyzer"
_ "github.com/knqyf263/fanal/analyzer/library/bundler"
_ "github.com/knqyf263/fanal/analyzer/library/cargo"
_ "github.com/knqyf263/fanal/analyzer/library/composer"
_ "github.com/knqyf263/fanal/analyzer/library/npm"
_ "github.com/knqyf263/fanal/analyzer/library/pipenv"
"github.com/knqyf263/fanal/extractor"
ptypes "github.com/knqyf263/go-dep-parser/pkg/types"
"github.com/aquasecurity/fanal/analyzer"
_ "github.com/aquasecurity/fanal/analyzer/library/bundler"
_ "github.com/aquasecurity/fanal/analyzer/library/cargo"
_ "github.com/aquasecurity/fanal/analyzer/library/composer"
_ "github.com/aquasecurity/fanal/analyzer/library/npm"
_ "github.com/aquasecurity/fanal/analyzer/library/pipenv"
_ "github.com/aquasecurity/fanal/analyzer/library/poetry"
_ "github.com/aquasecurity/fanal/analyzer/library/yarn"
"github.com/aquasecurity/fanal/extractor"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/scanner/library/bundler"
"github.com/knqyf263/trivy/pkg/scanner/library/cargo"
"github.com/knqyf263/trivy/pkg/scanner/library/composer"
"github.com/knqyf263/trivy/pkg/scanner/library/npm"
"github.com/knqyf263/trivy/pkg/scanner/library/pipenv"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/library/bundler"
"github.com/aquasecurity/trivy/pkg/scanner/library/cargo"
"github.com/aquasecurity/trivy/pkg/scanner/library/composer"
"github.com/aquasecurity/trivy/pkg/scanner/library/node"
"github.com/aquasecurity/trivy/pkg/scanner/library/python"
"github.com/aquasecurity/trivy/pkg/types"
"golang.org/x/xerrors"
)
@@ -41,16 +44,20 @@ func NewScanner(filename string) Scanner {
case "composer.lock":
scanner = composer.NewScanner()
case "package-lock.json":
scanner = npm.NewScanner()
scanner = node.NewScanner(node.ScannerTypeNpm)
case "yarn.lock":
scanner = node.NewScanner(node.ScannerTypeYarn)
case "Pipfile.lock":
scanner = pipenv.NewScanner()
scanner = python.NewScanner(python.ScannerTypePipenv)
case "poetry.lock":
scanner = python.NewScanner(python.ScannerTypePoetry)
default:
return nil
}
return scanner
}
func Scan(files extractor.FileMap) (map[string][]vulnerability.DetectedVulnerability, error) {
func Scan(files extractor.FileMap, scanOptions types.ScanOptions) (map[string][]vulnerability.DetectedVulnerability, error) {
results, err := analyzer.GetLibraries(files)
if err != nil {
return nil, xerrors.Errorf("failed to analyze libraries: %w", err)
@@ -69,9 +76,7 @@ func Scan(files extractor.FileMap) (map[string][]vulnerability.DetectedVulnerabi
return nil, xerrors.Errorf("failed to scan %s vulnerabilities: %w", scanner.Type(), err)
}
if len(vulns) != 0 {
vulnerabilities[string(path)] = vulns
}
vulnerabilities[string(path)] = vulns
}
return vulnerabilities, nil
}

57
pkg/scanner/ospkg/alpine/alpine.go
View File

@@ -2,18 +2,39 @@ package alpine
import (
"strings"
"time"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/aquasecurity/fanal/analyzer"
version "github.com/knqyf263/go-rpm-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/alpine"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
)
"github.com/knqyf263/trivy/pkg/vulnsrc/alpine"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/trivy/pkg/log"
var (
eolDates = map[string]time.Time{
"2.0": time.Date(2012, 4, 1, 23, 59, 59, 0, time.UTC),
"2.1": time.Date(2012, 11, 1, 23, 59, 59, 0, time.UTC),
"2.2": time.Date(2013, 5, 1, 23, 59, 59, 0, time.UTC),
"2.3": time.Date(2013, 11, 1, 23, 59, 59, 0, time.UTC),
"2.4": time.Date(2014, 5, 1, 23, 59, 59, 0, time.UTC),
"2.5": time.Date(2014, 11, 1, 23, 59, 59, 0, time.UTC),
"2.6": time.Date(2015, 5, 1, 23, 59, 59, 0, time.UTC),
"2.7": time.Date(2015, 11, 1, 23, 59, 59, 0, time.UTC),
"3.0": time.Date(2016, 5, 1, 23, 59, 59, 0, time.UTC),
"3.1": time.Date(2016, 11, 1, 23, 59, 59, 0, time.UTC),
"3.2": time.Date(2017, 5, 1, 23, 59, 59, 0, time.UTC),
"3.3": time.Date(2017, 11, 1, 23, 59, 59, 0, time.UTC),
"3.4": time.Date(2018, 5, 1, 23, 59, 59, 0, time.UTC),
"3.5": time.Date(2018, 11, 1, 23, 59, 59, 0, time.UTC),
"3.6": time.Date(2019, 5, 1, 23, 59, 59, 0, time.UTC),
"3.7": time.Date(2019, 11, 1, 23, 59, 59, 0, time.UTC),
"3.8": time.Date(2020, 5, 1, 23, 59, 59, 0, time.UTC),
"3.9": time.Date(2020, 11, 1, 23, 59, 59, 0, time.UTC),
"3.10": time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC),
}
)
type Scanner struct{}
@@ -55,3 +76,21 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
}
return vulns, nil
}
func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
now := time.Now()
return s.isSupportedVersion(now, osFamily, osVer)
}
func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool {
if strings.Count(osVer, ".") > 1 {
osVer = osVer[:strings.LastIndex(osVer, ".")]
}
eol, ok := eolDates[osVer]
if !ok {
log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
return false
}
return now.Before(eol)
}

64
pkg/scanner/ospkg/alpine/alpine_test.go Normal file
View File

@@ -0,0 +1,64 @@
package alpine
import (
"os"
"testing"
"time"
"github.com/aquasecurity/trivy/pkg/log"
)
func TestMain(m *testing.M) {
log.InitLogger(false, false)
os.Exit(m.Run())
}
func TestScanner_IsSupportedVersion(t *testing.T) {
vectors := map[string]struct {
now time.Time
osFamily string
osVersion string
expected bool
}{
"alpine3.6": {
now: time.Date(2019, 3, 2, 23, 59, 59, 0, time.UTC),
osFamily: "alpine",
osVersion: "3.6",
expected: true,
},
"alpine3.6 with EOL": {
now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC),
osFamily: "alpine",
osVersion: "3.6.5",
expected: false,
},
"alpine3.9": {
now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC),
osFamily: "alpine",
osVersion: "3.9.0",
expected: true,
},
"alpine3.10": {
now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC),
osFamily: "alpine",
osVersion: "3.10",
expected: true,
},
"unknown": {
now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC),
osFamily: "alpine",
osVersion: "unknown",
expected: false,
},
}
for testName, v := range vectors {
s := NewScanner()
t.Run(testName, func(t *testing.T) {
actual := s.isSupportedVersion(v.now, v.osFamily, v.osVersion)
if actual != v.expected {
t.Errorf("[%s] got %v, want %v", testName, actual, v.expected)
}
})
}
}

57
pkg/scanner/ospkg/debian/debian.go
View File

@@ -2,19 +2,40 @@ package debian
import (
"strings"
"time"
"github.com/aquasecurity/fanal/analyzer"
version "github.com/knqyf263/go-deb-version"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/debian"
debianoval "github.com/aquasecurity/trivy/pkg/vulnsrc/debian-oval"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
)
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/vulnsrc/debian"
debianoval "github.com/knqyf263/trivy/pkg/vulnsrc/debian-oval"
var (
eolDates = map[string]time.Time{
"1.1": time.Date(1997, 6, 5, 23, 59, 59, 0, time.UTC),
"1.2": time.Date(1998, 6, 5, 23, 59, 59, 0, time.UTC),
"1.3": time.Date(1999, 3, 9, 23, 59, 59, 0, time.UTC),
"2.0": time.Date(2000, 3, 9, 23, 59, 59, 0, time.UTC),
"2.1": time.Date(2000, 10, 30, 23, 59, 59, 0, time.UTC),
"2.2": time.Date(2003, 7, 30, 23, 59, 59, 0, time.UTC),
"3.0": time.Date(2006, 6, 30, 23, 59, 59, 0, time.UTC),
"3.1": time.Date(2008, 3, 30, 23, 59, 59, 0, time.UTC),
"4.0": time.Date(2010, 2, 15, 23, 59, 59, 0, time.UTC),
"5.0": time.Date(2012, 2, 6, 23, 59, 59, 0, time.UTC),
// LTS
"6.0": time.Date(2016, 2, 29, 23, 59, 59, 0, time.UTC),
"7": time.Date(2018, 5, 31, 23, 59, 59, 0, time.UTC),
"8": time.Date(2020, 6, 30, 23, 59, 59, 0, time.UTC),
"9": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"10": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"11": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"12": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
}
)
type Scanner struct{}
@@ -30,7 +51,7 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
osVer = osVer[:strings.Index(osVer, ".")]
}
log.Logger.Debugf("debian: os version: %s", osVer)
log.Logger.Debugf("debian: the number of packages: %s", len(pkgs))
log.Logger.Debugf("debian: the number of packages: %d", len(pkgs))
var vulns []vulnerability.DetectedVulnerability
for _, pkg := range pkgs {
@@ -78,3 +99,21 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
}
return vulns, nil
}
func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
now := time.Now()
return s.isSupportedVersion(now, osFamily, osVer)
}
func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool {
if strings.Count(osVer, ".") > 0 {
osVer = osVer[:strings.Index(osVer, ".")]
}
eol, ok := eolDates[osVer]
if !ok {
log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
return false
}
return now.Before(eol)
}

64
pkg/scanner/ospkg/debian/debian_test.go Normal file
View File

@@ -0,0 +1,64 @@
package debian
import (
"os"
"testing"
"time"
"github.com/aquasecurity/trivy/pkg/log"
)
func TestMain(m *testing.M) {
log.InitLogger(false, false)
os.Exit(m.Run())
}
func TestScanner_IsSupportedVersion(t *testing.T) {
vectors := map[string]struct {
now time.Time
osFamily string
osVersion string
expected bool
}{
"debian7": {
now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC),
osFamily: "debian",
osVersion: "7",
expected: false,
},
"debian8": {
now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC),
osFamily: "debian",
osVersion: "8.11",
expected: true,
},
"debian8 eol ends": {
now: time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC),
osFamily: "debian",
osVersion: "8.0",
expected: false,
},
"debian9": {
now: time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC),
osFamily: "debian",
osVersion: "9",
expected: true,
},
"unknown": {
now: time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC),
osFamily: "debian",
osVersion: "unknown",
expected: false,
},
}
for testName, v := range vectors {
s := NewScanner()
t.Run(testName, func(t *testing.T) {
actual := s.isSupportedVersion(v.now, v.osFamily, v.osVersion)
if actual != v.expected {
t.Errorf("[%s] got %v, want %v", testName, actual, v.expected)
}
})
}
}

58
pkg/scanner/ospkg/redhat/redhat.go
View File

@@ -2,16 +2,38 @@ package redhat
import (
"strings"
"time"
"github.com/knqyf263/fanal/analyzer"
"github.com/aquasecurity/fanal/analyzer"
"github.com/aquasecurity/fanal/analyzer/os"
version "github.com/knqyf263/go-rpm-version"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/redhat"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/redhat"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
)
var (
redhatEOLDates = map[string]time.Time{
"4": time.Date(2017, 5, 31, 23, 59, 59, 0, time.UTC),
"5": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
"6": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
// N/A
"7": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
"8": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
}
centosEOLDates = map[string]time.Time{
"3": time.Date(2010, 10, 31, 23, 59, 59, 0, time.UTC),
"4": time.Date(2012, 2, 29, 23, 59, 59, 0, time.UTC),
"5": time.Date(2017, 3, 31, 23, 59, 59, 0, time.UTC),
"6": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
"7": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
// N/A
"8": time.Date(3000, 6, 30, 23, 59, 59, 0, time.UTC),
}
)
type Scanner struct{}
func NewScanner() *Scanner {
@@ -24,7 +46,7 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
osVer = osVer[:strings.Index(osVer, ".")]
}
log.Logger.Debugf("redhat: os version: %s", osVer)
log.Logger.Debugf("redhat: the number of packages: %s", len(pkgs))
log.Logger.Debugf("redhat: the number of packages: %d", len(pkgs))
var vulns []vulnerability.DetectedVulnerability
for _, pkg := range pkgs {
@@ -53,3 +75,27 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
}
return vulns, nil
}
func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
now := time.Now()
return s.isSupportedVersion(now, osFamily, osVer)
}
func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool {
if strings.Count(osVer, ".") > 0 {
osVer = osVer[:strings.Index(osVer, ".")]
}
var eolDate time.Time
var ok bool
if osFamily == os.RedHat {
eolDate, ok = redhatEOLDates[osVer]
} else if osFamily == os.CentOS {
eolDate, ok = centosEOLDates[osVer]
}
if !ok {
log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
return false
}
return now.Before(eolDate)
}

113
pkg/scanner/ospkg/redhat/redhat_test.go Normal file
View File

@@ -0,0 +1,113 @@
package redhat
import (
"os"
"testing"
"time"
"github.com/aquasecurity/trivy/pkg/log"
)
func TestMain(m *testing.M) {
log.InitLogger(false, false)
os.Exit(m.Run())
}
func TestScanner_IsSupportedVersion(t *testing.T) {
vectors := map[string]struct {
now time.Time
osFamily string
osVersion string
expected bool
}{
"centos5": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "centos",
osVersion: "5.0",
expected: false,
},
"centos6": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "centos",
osVersion: "6.7",
expected: true,
},
"centos6 (eol ends)": {
now: time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC),
osFamily: "centos",
osVersion: "6.7",
expected: false,
},
"centos7": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "centos",
osVersion: "7.5",
expected: true,
},
"centos8": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "centos",
osVersion: "8.0",
expected: true,
},
"two dots": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "centos",
osVersion: "8.0.1",
expected: true,
},
"redhat5": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "redhat",
osVersion: "5.0",
expected: true,
},
"redhat6": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "redhat",
osVersion: "6.7",
expected: true,
},
"redhat6 (eol ends)": {
now: time.Date(2024, 7, 1, 0, 0, 0, 0, time.UTC),
osFamily: "redhat",
osVersion: "6.7",
expected: false,
},
"redhat7": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "redhat",
osVersion: "7.5",
expected: true,
},
"redhat8": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "redhat",
osVersion: "8.0",
expected: true,
},
"no dot": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "redhat",
osVersion: "8",
expected: true,
},
"debian": {
now: time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
osFamily: "debian",
osVersion: "8",
expected: false,
},
}
for testName, v := range vectors {
s := NewScanner()
t.Run(testName, func(t *testing.T) {
actual := s.isSupportedVersion(v.now, v.osFamily, v.osVersion)
if actual != v.expected {
t.Errorf("[%s] got %v, want %v", testName, actual, v.expected)
}
})
}
}

41
pkg/scanner/ospkg/scan.go
View File

@@ -1,26 +1,29 @@
package ospkg
import (
"github.com/knqyf263/fanal/analyzer"
_ "github.com/knqyf263/fanal/analyzer/command/apk"
fos "github.com/knqyf263/fanal/analyzer/os"
_ "github.com/knqyf263/fanal/analyzer/os/alpine"
_ "github.com/knqyf263/fanal/analyzer/os/debianbase"
_ "github.com/knqyf263/fanal/analyzer/os/redhatbase"
_ "github.com/knqyf263/fanal/analyzer/pkg/apk"
_ "github.com/knqyf263/fanal/analyzer/pkg/dpkg"
"github.com/knqyf263/fanal/extractor"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/scanner/ospkg/alpine"
"github.com/knqyf263/trivy/pkg/scanner/ospkg/debian"
"github.com/knqyf263/trivy/pkg/scanner/ospkg/redhat"
"github.com/knqyf263/trivy/pkg/scanner/ospkg/ubuntu"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/fanal/analyzer"
_ "github.com/aquasecurity/fanal/analyzer/command/apk"
fos "github.com/aquasecurity/fanal/analyzer/os"
_ "github.com/aquasecurity/fanal/analyzer/os/alpine"
_ "github.com/aquasecurity/fanal/analyzer/os/amazonlinux"
_ "github.com/aquasecurity/fanal/analyzer/os/debianbase"
_ "github.com/aquasecurity/fanal/analyzer/os/opensuse"
_ "github.com/aquasecurity/fanal/analyzer/os/redhatbase"
_ "github.com/aquasecurity/fanal/analyzer/pkg/apk"
_ "github.com/aquasecurity/fanal/analyzer/pkg/dpkg"
"github.com/aquasecurity/fanal/extractor"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/ospkg/alpine"
"github.com/aquasecurity/trivy/pkg/scanner/ospkg/debian"
"github.com/aquasecurity/trivy/pkg/scanner/ospkg/redhat"
"github.com/aquasecurity/trivy/pkg/scanner/ospkg/ubuntu"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
)
type Scanner interface {
Detect(string, []analyzer.Package) ([]vulnerability.DetectedVulnerability, error)
IsSupportedVersion(string, string) bool
}
func Scan(files extractor.FileMap) (string, string, []vulnerability.DetectedVulnerability, error) {
@@ -41,7 +44,8 @@ func Scan(files extractor.FileMap) (string, string, []vulnerability.DetectedVuln
case fos.RedHat, fos.CentOS:
s = redhat.NewScanner()
default:
return "", "", nil, xerrors.New("unsupported os")
log.Logger.Warnf("unsupported os : %s", os.Family)
return "", "", nil, nil
}
pkgs, err := analyzer.GetPackages(files)
if err != nil {
@@ -58,6 +62,11 @@ func Scan(files extractor.FileMap) (string, string, []vulnerability.DetectedVuln
pkgs = mergePkgs(pkgs, pkgsFromCommands)
log.Logger.Debugf("the number of packages: %d", len(pkgs))
if !s.IsSupportedVersion(os.Family, os.Name) {
log.Logger.Warnf("This OS version is no longer supported by the distribution: %s %s", os.Family, os.Name)
log.Logger.Warnf("The vulnerability detection may be insufficient because security updates are not provided")
}
vulns, err := s.Detect(os.Name, pkgs)
if err != nil {
return "", "", nil, xerrors.Errorf("failed to detect vulnerabilities: %w", err)

2
pkg/scanner/ospkg/scan_bsd.go
View File

@@ -3,5 +3,5 @@
package ospkg
import (
_ "github.com/knqyf263/fanal/analyzer/pkg/rpmcmd"
_ "github.com/aquasecurity/fanal/analyzer/pkg/rpmcmd"
)

4
pkg/scanner/ospkg/scan_unix.go
View File

@@ -3,7 +3,7 @@
package ospkg
import (
_ "github.com/knqyf263/fanal/analyzer/pkg/rpmcmd"
_ "github.com/aquasecurity/fanal/analyzer/pkg/rpmcmd"
// TODO: Eliminate the dependency on "rpm" command
// _ "github.com/knqyf263/fanal/analyzer/pkg/rpm"
// _ "github.com/aquasecurity/fanal/analyzer/pkg/rpm"
)

70
pkg/scanner/ospkg/ubuntu/ubnutu_test.go Normal file
View File

@@ -0,0 +1,70 @@
package ubuntu
import (
"os"
"testing"
"time"
"github.com/aquasecurity/trivy/pkg/log"
)
func TestMain(m *testing.M) {
log.InitLogger(false, false)
os.Exit(m.Run())
}
func TestScanner_IsSupportedVersion(t *testing.T) {
vectors := map[string]struct {
now time.Time
osFamily string
osVersion string
expected bool
}{
"ubuntu12.04 eol ends": {
now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC),
osFamily: "ubuntu",
osVersion: "12.04",
expected: true,
},
"ubuntu12.04": {
now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC),
osFamily: "ubuntu",
osVersion: "12.04",
expected: false,
},
"ubuntu12.10": {
now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC),
osFamily: "ubuntu",
osVersion: "12.10",
expected: false,
},
"ubuntu18.04": {
now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC),
osFamily: "ubuntu",
osVersion: "18.04",
expected: true,
},
"ubuntu19.04": {
now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC),
osFamily: "ubuntu",
osVersion: "19.04",
expected: true,
},
"unknown": {
now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC),
osFamily: "ubuntu",
osVersion: "unknown",
expected: false,
},
}
for testName, v := range vectors {
s := NewScanner()
t.Run(testName, func(t *testing.T) {
actual := s.isSupportedVersion(v.now, v.osFamily, v.osVersion)
if actual != v.expected {
t.Errorf("[%s] got %v, want %v", testName, actual, v.expected)
}
})
}
}

64
pkg/scanner/ospkg/ubuntu/ubuntu.go
View File

@@ -1,14 +1,52 @@
package ubuntu
import (
"time"
version "github.com/knqyf263/go-deb-version"
"github.com/knqyf263/trivy/pkg/scanner/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/vulnsrc/ubuntu"
"github.com/aquasecurity/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/vulnsrc/ubuntu"
)
var (
eolDates = map[string]time.Time{
"4.10": time.Date(2006, 4, 30, 23, 59, 59, 0, time.UTC),
"5.04": time.Date(2006, 10, 31, 23, 59, 59, 0, time.UTC),
"5.10": time.Date(2007, 4, 13, 23, 59, 59, 0, time.UTC),
"6.06": time.Date(2011, 6, 1, 23, 59, 59, 0, time.UTC),
"6.10": time.Date(2008, 4, 25, 23, 59, 59, 0, time.UTC),
"7.04": time.Date(2008, 10, 19, 23, 59, 59, 0, time.UTC),
"7.10": time.Date(2009, 4, 18, 23, 59, 59, 0, time.UTC),
"8.04": time.Date(2013, 5, 9, 23, 59, 59, 0, time.UTC),
"8.10": time.Date(2010, 4, 30, 23, 59, 59, 0, time.UTC),
"9.04": time.Date(2010, 10, 23, 23, 59, 59, 0, time.UTC),
"9.10": time.Date(2011, 4, 29, 23, 59, 59, 0, time.UTC),
"10.04": time.Date(2015, 4, 29, 23, 59, 59, 0, time.UTC),
"10.10": time.Date(2012, 4, 10, 23, 59, 59, 0, time.UTC),
"11.04": time.Date(2012, 10, 28, 23, 59, 59, 0, time.UTC),
"11.10": time.Date(2013, 5, 9, 23, 59, 59, 0, time.UTC),
"12.04": time.Date(2019, 4, 26, 23, 59, 59, 0, time.UTC),
"12.10": time.Date(2014, 5, 16, 23, 59, 59, 0, time.UTC),
"13.04": time.Date(2014, 1, 27, 23, 59, 59, 0, time.UTC),
"13.10": time.Date(2014, 7, 17, 23, 59, 59, 0, time.UTC),
"14.04": time.Date(2022, 4, 25, 23, 59, 59, 0, time.UTC),
"14.10": time.Date(2015, 7, 23, 23, 59, 59, 0, time.UTC),
"15.04": time.Date(2016, 1, 23, 23, 59, 59, 0, time.UTC),
"15.10": time.Date(2016, 7, 22, 23, 59, 59, 0, time.UTC),
"16.04": time.Date(2024, 4, 21, 23, 59, 59, 0, time.UTC),
"16.10": time.Date(2017, 7, 20, 23, 59, 59, 0, time.UTC),
"17.04": time.Date(2018, 1, 13, 23, 59, 59, 0, time.UTC),
"17.10": time.Date(2018, 7, 19, 23, 59, 59, 0, time.UTC),
"18.04": time.Date(2028, 4, 26, 23, 59, 59, 0, time.UTC),
"18.10": time.Date(2019, 7, 18, 23, 59, 59, 0, time.UTC),
"19.04": time.Date(2020, 1, 18, 23, 59, 59, 0, time.UTC),
"19.10": time.Date(2020, 7, 17, 23, 59, 59, 0, time.UTC),
}
)
type Scanner struct{}
@@ -20,7 +58,7 @@ func NewScanner() *Scanner {
func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability.DetectedVulnerability, error) {
log.Logger.Info("Detecting Ubuntu vulnerabilities...")
log.Logger.Debugf("ubuntu: os version: %s", osVer)
log.Logger.Debugf("ubuntu: the number of packages: %s", len(pkgs))
log.Logger.Debugf("ubuntu: the number of packages: %d", len(pkgs))
var vulns []vulnerability.DetectedVulnerability
for _, pkg := range pkgs {
@@ -62,3 +100,17 @@ func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability
}
return vulns, nil
}
func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
now := time.Now()
return s.isSupportedVersion(now, osFamily, osVer)
}
func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool {
eol, ok := eolDates[osVer]
if !ok {
log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
return false
}
return now.Before(eol)
}

67
pkg/scanner/scan.go
View File

@@ -6,42 +6,30 @@ import (
"fmt"
"os"
"github.com/aquasecurity/fanal/analyzer"
"github.com/aquasecurity/fanal/extractor"
"github.com/aquasecurity/trivy/pkg/scanner/library"
"github.com/aquasecurity/trivy/pkg/scanner/ospkg"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/crypto/ssh/terminal"
"github.com/genuinetools/reg/registry"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/scanner/library"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/scanner/ospkg"
"golang.org/x/xerrors"
"github.com/knqyf263/fanal/analyzer"
"github.com/knqyf263/fanal/extractor"
)
func ScanImage(imageName, filePath string) (map[string][]vulnerability.DetectedVulnerability, error) {
var err error
func ScanImage(imageName, filePath string, scanOptions types.ScanOptions) (map[string][]vulnerability.DetectedVulnerability, error) {
results := map[string][]vulnerability.DetectedVulnerability{}
ctx := context.Background()
image, err := registry.ParseImage(imageName)
if err != nil {
return nil, xerrors.Errorf("invalid image: %w", err)
}
if image.Tag == "latest" {
log.Logger.Warn("You should avoid using the :latest tag as it is cached. You need to specify '--clean' option when :latest image is changed")
}
var target string
var files extractor.FileMap
if imageName != "" {
target = imageName
files, err = analyzer.Analyze(ctx, imageName)
dockerOption, err := types.GetDockerOption()
if err != nil {
return nil, xerrors.Errorf("failed to get docker option: %w", err)
}
files, err = analyzer.Analyze(ctx, imageName, dockerOption)
if err != nil {
return nil, xerrors.Errorf("failed to analyze image: %w", err)
}
@@ -60,20 +48,25 @@ func ScanImage(imageName, filePath string) (map[string][]vulnerability.DetectedV
return nil, xerrors.New("image name or image file must be specified")
}
osFamily, osVersion, osVulns, err := ospkg.Scan(files)
if err != nil {
return nil, xerrors.Errorf("failed to scan image: %w", err)
if utils.StringInSlice("os", scanOptions.VulnType) {
osFamily, osVersion, osVulns, err := ospkg.Scan(files)
if err != nil {
return nil, xerrors.Errorf("failed to scan image: %w", err)
}
if osFamily != "" {
imageDetail := fmt.Sprintf("%s (%s %s)", target, osFamily, osVersion)
results[imageDetail] = osVulns
}
}
imageDetail := fmt.Sprintf("%s (%s %s)", target, osFamily, osVersion)
results[imageDetail] = osVulns
libVulns, err := library.Scan(files)
if err != nil {
return nil, xerrors.Errorf("failed to scan libraries: %w", err)
}
for path, vulns := range libVulns {
results[path] = vulns
if utils.StringInSlice("library", scanOptions.VulnType) {
libVulns, err := library.Scan(files, scanOptions)
if err != nil {
return nil, xerrors.Errorf("failed to scan libraries: %w", err)
}
for path, vulns := range libVulns {
results[path] = vulns
}
}
return results, nil

4
pkg/scanner/utils/utils.go
View File

@@ -4,10 +4,10 @@ import (
"fmt"
"strings"
"github.com/knqyf263/fanal/analyzer"
"github.com/aquasecurity/fanal/analyzer"
"github.com/knqyf263/go-version"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
)
var (

32
pkg/types/dockerConf.go Normal file
View File

@@ -0,0 +1,32 @@
package types
import (
"time"
"github.com/caarlos0/env/v6"
"github.com/aquasecurity/fanal/types"
)
type DockerConfig struct {
AuthURL string `env:"TRIVY_AUTH_URL"`
UserName string `env:"TRIVY_USERNAME"`
Password string `env:"TRIVY_PASSWORD"`
Timeout time.Duration `env:"TRIVY_TIMEOUT_SEC" envDefault:"60s"`
Insecure bool `env:"TRIVY_INSECURE" envDefault:"true"`
NonSSL bool `env:"TRIVY_NON_SSL" envDefault:"false"`
}
func GetDockerOption() (types.DockerOption, error) {
cfg := DockerConfig{}
if err := env.Parse(&cfg); err != nil {
return types.DockerOption{}, err
}
return types.DockerOption{
AuthURL: cfg.AuthURL,
UserName: cfg.UserName,
Password: cfg.Password,
Timeout: cfg.Timeout,
Insecure: cfg.Insecure,
NonSSL: cfg.NonSSL,
}, nil
}

4
pkg/types/library.go
View File

@@ -1,6 +1,6 @@
package types
type Library struct{
Name string
type Library struct {
Name string
Version string
}

5
pkg/types/scanoptions.go Normal file
View File

@@ -0,0 +1,5 @@
package types
type ScanOptions struct {
VulnType []string
}

24
pkg/utils/utils.go
View File

@@ -8,17 +8,26 @@ import (
"path/filepath"
"strings"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
"golang.org/x/xerrors"
)
func CacheDir() string {
cacheDir, err := os.UserCacheDir()
var cacheDir string
func DefaultCacheDir() string {
tmpDir, err := os.UserCacheDir()
if err != nil {
cacheDir = os.TempDir()
tmpDir = os.TempDir()
}
dir := filepath.Join(cacheDir, "trivy")
return dir
return filepath.Join(tmpDir, "trivy")
}
func CacheDir() string {
return cacheDir
}
func SetCacheDir(dir string) {
cacheDir = dir
}
func FileWalk(root string, targetFiles map[string]struct{}, walkFn func(r io.Reader, path string) error) error {
@@ -106,6 +115,9 @@ func FilterTargets(prefixPath string, targets map[string]struct{}) (map[string]s
if err != nil {
return nil, xerrors.Errorf("error in filepath rel: %w", err)
}
if strings.HasPrefix(rel, "../") {
continue
}
filtered[rel] = struct{}{}
}
}

144
pkg/utils/utils_test.go Normal file
View File

@@ -0,0 +1,144 @@
package utils
import (
"io"
"io/ioutil"
"os"
"path/filepath"
"reflect"
"strings"
"testing"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/kylelemons/godebug/pretty"
)
func touch(t *testing.T, name string) {
f, err := os.Create(name)
if err != nil {
t.Fatal(err)
}
if err := f.Close(); err != nil {
t.Fatal(err)
}
}
func write(t *testing.T, name string, content string) {
err := ioutil.WriteFile(name, []byte(content), 0666)
if err != nil {
t.Fatal(err)
}
}
func TestFileWalk(t *testing.T) {
if err := log.InitLogger(false, false); err != nil {
t.Fatal(err)
}
td, err := ioutil.TempDir("", "walktest")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(td)
if err := os.MkdirAll(filepath.Join(td, "dir"), 0755); err != nil {
t.Fatal(err)
}
touch(t, filepath.Join(td, "dir/foo1"))
touch(t, filepath.Join(td, "dir/foo2"))
write(t, filepath.Join(td, "dir/foo3"), "foo3")
write(t, filepath.Join(td, "dir/foo4"), "foo4")
sawDir := false
sawFoo1 := false
sawFoo2 := false
sawFoo4 := false
var contentFoo3 []byte
walker := func(r io.Reader, path string) error {
if strings.HasSuffix(path, "dir") {
sawDir = true
}
if strings.HasSuffix(path, "foo1") {
sawFoo1 = true
}
if strings.HasSuffix(path, "foo2") {
sawFoo2 = true
}
if strings.HasSuffix(path, "foo3") {
contentFoo3, err = ioutil.ReadAll(r)
if err != nil {
t.Fatal(err)
}
}
if strings.HasSuffix(path, "foo4") {
sawFoo4 = true
}
return nil
}
targetFiles := map[string]struct{}{
"dir/foo2": {},
"dir/foo3": {},
}
err = FileWalk(td, targetFiles, walker)
if err != nil {
t.Fatal(err)
}
if sawDir {
t.Error("directories must not be passed to walkFn")
}
if sawFoo1 || sawFoo4 {
t.Error("a file not included in targetFiles must not be passed to walkFn")
}
if sawFoo2 {
t.Error("an empty file must not be passed to walkFn")
}
if string(contentFoo3) != "foo3" {
t.Error("The file content is wrong")
}
}
func TestFilterTargets(t *testing.T) {
vectors := map[string]struct {
prefix string
targets map[string]struct{} // Target files
expected map[string]struct{}
err error // Expected error to occur
}{
"normal": {
prefix: "dir",
targets: map[string]struct{}{
"dir/file1": {},
"dir/file2": {},
"foo/bar": {},
},
expected: map[string]struct{}{
"file1": {},
"file2": {},
},
err: nil,
},
"other directory with the same prefix": {
prefix: "dir",
targets: map[string]struct{}{
"dir/file1": {},
"dir2/file2": {},
},
expected: map[string]struct{}{
"file1": {},
},
err: nil,
},
}
for testName, v := range vectors {
t.Run(testName, func(t *testing.T) {
actual, err := FilterTargets(v.prefix, v.targets)
if err != nil {
t.Errorf("err: got %v, want %v", v.err, err)
}
if !reflect.DeepEqual(actual, v.expected) {
t.Errorf("[%s]\n%s", testName, pretty.Compare(v.expected, actual))
}
})
}
}

8
pkg/vulnsrc/alpine/alpine.go
View File

@@ -6,15 +6,15 @@ import (
"io"
"path/filepath"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/log"
"golang.org/x/xerrors"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/utils"
)
const (

10
pkg/vulnsrc/debian-oval/debian-oval.go
View File

@@ -8,17 +8,17 @@ import (
"path/filepath"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/debian"
"github.com/aquasecurity/trivy/pkg/vulnsrc/debian"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/log"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/utils"
)
var (

8
pkg/vulnsrc/debian/debian.go
View File

@@ -8,10 +8,10 @@ import (
"strings"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
)

17
pkg/vulnsrc/nvd/nvd.go
View File

@@ -1,20 +1,22 @@
package nvd
import (
"bytes"
"encoding/json"
"io"
"path/filepath"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/utils"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/db"
)
const (
@@ -35,11 +37,16 @@ func Update(dir string, updatedFiles map[string]struct{}) error {
bar := utils.PbStartNew(len(targets))
defer bar.Finish()
var items []Item
buffer := &bytes.Buffer{}
err = utils.FileWalk(rootDir, targets, func(r io.Reader, _ string) error {
item := Item{}
if err := json.NewDecoder(r).Decode(&item); err != nil {
if _, err := buffer.ReadFrom(r); err != nil {
return xerrors.Errorf("failed to read file: %w", err)
}
if err := json.Unmarshal(buffer.Bytes(), &item); err != nil {
return xerrors.Errorf("failed to decode NVD JSON: %w", err)
}
buffer.Reset()
items = append(items, item)
bar.Increment()
return nil

8
pkg/vulnsrc/redhat/redhat.go
View File

@@ -9,13 +9,13 @@ import (
"strconv"
"strings"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/utils"
"golang.org/x/xerrors"
)

4
pkg/vulnsrc/redhat/types.go
View File

@@ -18,8 +18,8 @@ type RedhatCVE struct {
Name string `json:"name"`
DocumentDistribution string `json:"document_distribution"`
Details []string `json:"details" gorm:"-"`
References []string `json:"references" gorm:"-"`
Details []string `json:"details"`
References []string `json:"references"`
}
type RedhatCVEAffectedReleaseArray struct {

8
pkg/vulnsrc/ubuntu/ubuntu.go
View File

@@ -6,16 +6,16 @@ import (
"io"
"path/filepath"
"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/db"
"golang.org/x/xerrors"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/utils"
)
const (

2
pkg/vulnsrc/vulnerability/db.go
View File

@@ -4,7 +4,7 @@ import (
"encoding/json"
bolt "github.com/etcd-io/bbolt"
"github.com/knqyf263/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/db"
"golang.org/x/xerrors"
)

29
pkg/vulnsrc/vulnerability/vulnerability.go
View File

@@ -6,11 +6,11 @@ import (
"os"
"strings"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/utils"
"sort"
"github.com/knqyf263/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/log"
)
const (
@@ -89,17 +89,16 @@ func getDetail(vulnID string) (Severity, string, string, []string) {
func getSeverity(details map[string]Vulnerability) Severity {
for _, source := range sources {
d, ok := details[source]
if !ok {
switch d, ok := details[source]; {
case !ok:
continue
}
if d.CvssScore > 0 {
case d.CvssScore > 0:
return scoreToSeverity(d.CvssScore)
} else if d.CvssScoreV3 > 0 {
case d.CvssScoreV3 > 0:
return scoreToSeverity(d.CvssScoreV3)
} else if d.Severity != 0 {
case d.Severity != 0:
return d.Severity
} else if d.SeverityV3 != 0 {
case d.SeverityV3 != 0:
return d.SeverityV3
}
}
@@ -151,14 +150,16 @@ func getReferences(details map[string]Vulnerability) []string {
}
func scoreToSeverity(score float64) Severity {
if score >= 9.0 {
switch {
case score >= 9.0:
return SeverityCritical
} else if score >= 7.0 {
case score >= 7.0:
return SeverityHigh
} else if score >= 4.0 {
case score >= 4.0:
return SeverityMedium
} else if score > 0.0 {
case score > 0.0:
return SeverityLow
default:
return SeverityUnknown
}
return SeverityUnknown
}

89
pkg/vulnsrc/vulnsrc.go
View File

@@ -3,23 +3,46 @@ package vulnsrc
import (
"path/filepath"
"github.com/knqyf263/trivy/pkg/git"
"github.com/knqyf263/trivy/pkg/log"
"github.com/knqyf263/trivy/pkg/utils"
"github.com/knqyf263/trivy/pkg/vulnsrc/alpine"
"github.com/knqyf263/trivy/pkg/vulnsrc/debian"
debianoval "github.com/knqyf263/trivy/pkg/vulnsrc/debian-oval"
"github.com/knqyf263/trivy/pkg/vulnsrc/nvd"
"github.com/knqyf263/trivy/pkg/vulnsrc/redhat"
"github.com/knqyf263/trivy/pkg/vulnsrc/ubuntu"
"github.com/aquasecurity/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/alpine"
"github.com/aquasecurity/trivy/pkg/vulnsrc/debian"
debianoval "github.com/aquasecurity/trivy/pkg/vulnsrc/debian-oval"
"github.com/aquasecurity/trivy/pkg/vulnsrc/nvd"
"github.com/aquasecurity/trivy/pkg/vulnsrc/redhat"
"github.com/aquasecurity/trivy/pkg/vulnsrc/ubuntu"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"golang.org/x/xerrors"
)
const (
repoURL = "https://github.com/knqyf263/vuln-list.git"
repoURL = "https://github.com/aquasecurity/vuln-list.git"
)
func Update() (err error) {
type updateFunc func(dir string, updatedFiles map[string]struct{}) error
var (
// UpdateList has list of update distributions
UpdateList []string
updateMap = map[string]updateFunc{
vulnerability.Nvd: nvd.Update,
vulnerability.Alpine: alpine.Update,
vulnerability.RedHat: redhat.Update,
vulnerability.Debian: debian.Update,
vulnerability.DebianOVAL: debianoval.Update,
vulnerability.Ubuntu: ubuntu.Update,
}
)
func init() {
UpdateList = make([]string, 0, len(updateMap))
for distribution := range updateMap {
UpdateList = append(UpdateList, distribution)
}
}
func Update(names []string) error {
log.Logger.Info("Updating vulnerability database...")
// Clone vuln-list repository
@@ -35,41 +58,15 @@ func Update() (err error) {
return nil
}
// Update NVD
log.Logger.Info("Updating NVD data...")
if err = nvd.Update(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in NVD update: %w", err)
for _, distribution := range names {
updateFunc, ok := updateMap[distribution]
if !ok {
return xerrors.Errorf("%s does not supported yet", distribution)
}
log.Logger.Infof("Updating %s data...", distribution)
if err := updateFunc(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in %s update: %w", distribution, err)
}
}
// Update Alpine OVAL
log.Logger.Info("Updating Alpine data...")
if err = alpine.Update(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in Alpine OVAL update: %w", err)
}
//Update RedHat
log.Logger.Info("Updating RedHat data...")
if err = redhat.Update(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in RedHat update: %w", err)
}
// Update Debian
log.Logger.Info("Updating Debian data...")
if err = debian.Update(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in Debian update: %w", err)
}
// Update Debian OVAL
log.Logger.Info("Updating Debian OVAL data...")
if err = debianoval.Update(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in Debian OVAL update: %w", err)
}
//Update Ubuntu
log.Logger.Info("Updating Ubuntu data...")
if err = ubuntu.Update(dir, updatedFiles); err != nil {
return xerrors.Errorf("error in Ubuntu update: %w", err)
}
return nil
}

38
pkg/vulnsrc/vulnsrc_test.go Normal file
View File

@@ -0,0 +1,38 @@
package vulnsrc
import (
"path/filepath"
"testing"
"go.uber.org/zap"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/git"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
)
func BenchmarkUpdate(b *testing.B) {
log.Logger = zap.NewNop().Sugar()
utils.Quiet = true
if err := db.Init(); err != nil {
b.Fatal(err)
}
dir := filepath.Join(utils.CacheDir(), "vuln-list")
if _, err := git.CloneOrPull(repoURL, dir); err != nil {
b.Fatal(err)
}
b.ResetTimer()
b.Run("NVD", func(b *testing.B) {
for i := 0; i < b.N; i++ {
if err := db.SetVersion(""); err != nil {
b.Fatal(err)
}
if err := Update([]string{vulnerability.Nvd}); err != nil {
b.Fatal(err)
}
}
})
}