Support --exit-code

cmd/trivy/main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	l "log"
 	"os"
 	"strings"
 
@@ -59,6 +60,11 @@ OPTIONS:
 			Name:  "output, o",
 			Usage: "output file name",
 		},
+		cli.IntFlag{
+			Name:  "exit-code",
+			Usage: "Exit code when vulnerabilities were found",
+			Value: 0,
+		},
 		cli.BoolFlag{
 			Name:  "skip-update",
 			Usage: "skip db update",
@@ -79,6 +85,9 @@ OPTIONS:
 
 	err := app.Run(os.Args)
 	if err != nil {
-		log.Logger.Fatal(err)
+		if log.Logger != nil {
+			log.Logger.Fatal(err)
+		}
+		l.Fatal(err)
 	}
 }

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/fatih/color v1.7.0
 	github.com/gliderlabs/ssh v0.1.3 // indirect
 	github.com/golang/protobuf v1.3.1 // indirect
-	github.com/knqyf263/fanal v0.0.0-20190506110705-2b5cb3000ff6
+	github.com/knqyf263/fanal v0.0.0-20190507123206-ceab60083e70
 	github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b
 	github.com/knqyf263/go-dep-parser v0.0.0-20190429154931-c377a5391790
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936

go.sum

@@ -117,6 +117,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
 github.com/knqyf263/fanal v0.0.0-20190506110705-2b5cb3000ff6 h1:iSztZNfwEPMN2CvUX1SxNEclRZn+rwRMdsnAegxRJk4=
 github.com/knqyf263/fanal v0.0.0-20190506110705-2b5cb3000ff6/go.mod h1:OiuWIClssf5WzbMcR8lfspdBVaP+vRQndY4kHeFgrDw=
+github.com/knqyf263/fanal v0.0.0-20190507123206-ceab60083e70 h1:L27WBZxk7N70WilG91kgvs0EnV+JVCoOTsNQa8tMBJs=
+github.com/knqyf263/fanal v0.0.0-20190507123206-ceab60083e70/go.mod h1:OiuWIClssf5WzbMcR8lfspdBVaP+vRQndY4kHeFgrDw=
 github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b h1:DiDMmSwuY27PJxA2Gs0+uI/bQ/ehKARaGXRdlp+wFis=
 github.com/knqyf263/go-deb-version v0.0.0-20170509080151-9865fe14d09b/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
 github.com/knqyf263/go-dep-parser v0.0.0-20190429154931-c377a5391790 h1:c02gG0yRNr25lcLOH+678SuuxxMUq36i48PQnmAweWk=

pkg/git/git.go

@@ -33,6 +33,9 @@ func CloneOrPull(url, repoPath string) (map[string]struct{}, error) {
 			updatedFiles[strings.TrimSpace(filename)] = struct{}{}
 		}
 	} else {
+		if !utils.IsCommandAvailable("git") {
+			log.Logger.Warn("Recommend installing git (if not, DB update is very slow)")
+		}
 		log.Logger.Debug("remove an existed directory")
 
 		s := spinner.New(spinner.CharSets[36], 100*time.Millisecond)
@@ -74,7 +77,6 @@ func clone(url, repoPath string) error {
 	if utils.IsCommandAvailable("git") {
 		return cloneByOSCommand(url, repoPath)
 	}
-	log.Logger.Warn("Recommend installing git (if not, DB update is very slow)")
 
 	_, err := git.PlainClone(repoPath, false, &git.CloneOptions{
 		URL: url,

pkg/run.go

@@ -5,6 +5,8 @@ import (
 	"os"
 	"strings"
 
+	"github.com/knqyf263/fanal/cache"
+
 	"github.com/knqyf263/trivy/pkg/utils"
 
 	"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
@@ -37,6 +39,9 @@ func Run(c *cli.Context) (err error) {
 	clean := c.Bool("clean")
 	if clean {
 		log.Logger.Info("Cleaning caches...")
+		if err = cache.Clear(); err != nil {
+			return xerrors.New("failed to remove image layer cache")
+		}
 		if err = os.RemoveAll(utils.CacheDir()); err != nil {
 			return xerrors.New("failed to remove cache")
 		}
@@ -53,7 +58,8 @@ func Run(c *cli.Context) (err error) {
 	for _, s := range strings.Split(c.String("severity"), ",") {
 		severity, err := vulnerability.NewSeverity(s)
 		if err != nil {
-			return xerrors.Errorf("error in severity option: %w", err)
+			log.Logger.Infof("error in severity option: %s", err)
+			cli.ShowAppHelpAndExit(c, 1)
 		}
 		severities = append(severities, severity)
 	}
@@ -88,7 +94,13 @@ func Run(c *cli.Context) (err error) {
 	}
 
 	if err = writer.Write(results); err != nil {
-		return err
+		return xerrors.Errorf("failed to write results: %w", err)
+	}
+
+	for _, result := range results {
+		if len(result.Vulnerabilities) > 0 {
+			os.Exit(c.Int("exit-code"))
+		}
 	}
 
 	return nil