chore(issue labels): added new labels (#1839)

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>

.github/dependabot.yml

@@ -1,10 +1,15 @@
 version: 2
 updates:
-- package-ecosystem: github-actions
-  directory: /
-  schedule:
-    interval: daily
-- package-ecosystem: docker
-  directory: /
-  schedule:
-    interval: daily
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: monthly
+  - package-ecosystem: gomod
+    open-pull-requests-limit: 10
+    directory: /
+    schedule:
+      interval: monthly

.github/workflows/mkdocs-dev.yaml

@@ -16,7 +16,7 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: true
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v3
         with:
           python-version: 3.x
       - name: Install dependencies

.github/workflows/mkdocs-latest.yaml

@@ -18,7 +18,7 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: true
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v3
         with:
           python-version: 3.x
       - name: Install dependencies

.github/workflows/publish-chart.yaml

@@ -31,7 +31,7 @@ jobs:
         with:
           version: v3.5.0
       - name: Set up python
-        uses: actions/setup-python@0066b88440aa9562be742e2c60ee750fc57d8849 #v2.3.0
+        uses: actions/setup-python@v3
         with:
           python-version: 3.7
       - name: Setup Chart Linting
@@ -46,7 +46,7 @@ jobs:
         run: ct lint-and-install --validate-maintainers=false --charts helm/trivy
       - name: Run chart-testing (Ingress enabled)
         run: |
-          sed -i -e '97s,false,'true',g' ./helm/trivy/values.yaml
+          sed -i -e '117s,false,'true',g' ./helm/trivy/values.yaml
           ct lint-and-install --validate-maintainers=false --charts helm/trivy
 
   publish-chart:

.github/workflows/release.yaml

@@ -12,11 +12,16 @@ jobs:
     runs-on: ubuntu-18.04 # 20.04 doesn't provide createrepo for now
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
+    permissions:
+      id-token: write # For cosign
+      packages: write # For GHCR
+      contents: read  # Not required for public repositories, but for clarity
     steps:
       - name: Install dependencies
         run: |
           sudo apt-get -y update
           sudo apt-get -y install rpm reprepro createrepo distro-info
+      - uses: sigstore/cosign-installer@51f8e5c6fce54e46006ae97d73b2b6315f518752 # pin@v2.0.0
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
       - name: Set up Docker Buildx
@@ -64,7 +69,7 @@ jobs:
       - name: Release
         uses: goreleaser/goreleaser-action@v2
         with:
-          version: v0.183.0
+          version: v1.4.1
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}

.github/workflows/scan.yaml

@@ -1,25 +1,23 @@
-name: Scan
-on: [push, pull_request]
+name: Scan vulnerabilities
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
 jobs:
   build:
     name: Scan Go vulnerabilities
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      - name: Run Trivy vulnerability scanner to scan for Critical Vulnerabilities
-        uses: aquasecurity/trivy-action@master
+      - name: Run Trivy vulnerability scanner and create GitHub issues
+        uses: knqyf263/trivy-issue-action@v0.0.3
         with:
-          scan-type: 'fs'
-          exit-code: '1'
-          severity: 'CRITICAL'
-          skip-dirs: integration
-
-      - name: Run Trivy vulnerability scanner to scan for Medium and High Vulnerabilities
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'fs'
-          exit-code: '0'
-          severity: 'HIGH,MEDIUM'
-          skip-dirs: integration
+          assignee: knqyf263
+          severity: CRITICAL
+          skip-dirs: integration,examples
+          label: vulnerability
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yaml

@@ -24,7 +24,7 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3.1.0
         with:
           version: v1.41
           args: --deadline=30m
@@ -75,7 +75,7 @@ jobs:
     - name: Run GoReleaser
       uses: goreleaser/goreleaser-action@v2
       with:
-        version: v0.183.0
+        version: v1.4.1
         args: release --snapshot --rm-dist --skip-publish
 
   build-documents:
@@ -87,7 +87,7 @@ jobs:
       with:
         fetch-depth: 0
         persist-credentials: true
-    - uses: actions/setup-python@v2
+    - uses: actions/setup-python@v3
       with:
         python-version: 3.x
     - name: Install dependencies

.gitignore

@@ -4,7 +4,7 @@
 *.dll
 *.so
 *.dylib
-trivy
+/trivy
 
 ## chart release
 .cr-release-packages

.golangci.yaml

@@ -9,7 +9,7 @@ linters-settings:
   revive:
     ignore-generated-header: true
   gocyclo:
-    min-complexity: 10
+    min-complexity: 20
   dupl:
     threshold: 100
   goconst:
@@ -19,6 +19,10 @@ linters-settings:
     locale: US
   goimports:
     local-prefixes: github.com/aquasecurity
+  gosec:
+    excludes:
+      - G204
+      - G402
 
 linters:
   disable-all: true
@@ -53,9 +57,6 @@ issues:
     - linters:
         - gosec
       text: "Deferring unsafe method"
-    - linters:
-        - gosec
-      text: "G204: Subprocess launched with variable"
     - linters:
         - errcheck
       text: "Close` is not checked"

Dockerfile.protoc

@@ -0,0 +1,12 @@
+FROM golang:1.17
+
+# Install protoc (cf. http://google.github.io/proto-lens/installing-protoc.html)
+ENV PROTOC_ZIP=protoc-3.19.4-linux-x86_64.zip
+RUN apt-get update && apt-get install -y unzip
+RUN curl --retry 5 -OL https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/$PROTOC_ZIP \
+    && unzip -o $PROTOC_ZIP -d /usr/local bin/protoc \
+    && unzip -o $PROTOC_ZIP -d /usr/local 'include/*' \ 
+    && rm -f $PROTOC_ZIP
+
+RUN go install github.com/twitchtv/twirp/protoc-gen-twirp@v8.1.0
+RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1

Makefile

@@ -54,7 +54,13 @@ build:
 
 .PHONY: protoc
 protoc:
-	find ./rpc/ -name "*.proto" -type f -exec protoc --proto_path=$(GOSRC):. --twirp_out=. --twirp_opt=paths=source_relative --go_out=. --go_opt=paths=source_relative {} \;
+	docker build -t trivy-protoc - < Dockerfile.protoc
+	docker run --rm -it -v ${PWD}:/app -w /app trivy-protoc make _$@
+
+_protoc:
+	for path in `find ./rpc/ -name "*.proto" -type f`; do \
+		protoc --twirp_out=. --twirp_opt=paths=source_relative --go_out=. --go_opt=paths=source_relative $${path} || exit; \
+	done
 
 .PHONY: install
 install:

README.md

@@ -185,6 +185,8 @@ Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
   - **Suitable for CI** such as GitHub Actions, Jenkins, GitLab CI, etc.
 - Support multiple targets
   - container image, local filesystem and remote git repository
+- Supply chain security (SBOM support)
+  - Support CycloneDX
 
 # Integrations
 - [GitHub Actions][action]

contrib/asff.tpl

@@ -1,66 +1,68 @@
-[
-{{- $t_first := true -}}
-{{- range . -}}
-{{- $target := .Target -}}
-{{- range .Vulnerabilities -}}
-{{- if $t_first -}}
-  {{- $t_first = false -}}
-{{- else -}}
-  ,
-{{- end -}}
-{{- $severity := .Severity -}}
-{{- if eq $severity "UNKNOWN" -}}
-{{- $severity = "INFORMATIONAL" -}}
-{{- end -}}
-{{- $description := .Description -}}
-{{- if gt (len $description ) 1021 -}}
-    {{- $description = (substr 0 1021 $description) | printf "%v .." -}}
-{{- end}}
-    {
-        "SchemaVersion": "2018-10-08",
-        "Id": "{{ $target }}/{{ .VulnerabilityID }}",
-        "ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
-        "GeneratorId": "Trivy",
-        "AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
-        "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-        "CreatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
-        "UpdatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
-        "Severity": {
-            "Label": "{{ $severity }}"
-        },
-        "Title": "Trivy found a vulnerability to {{ .VulnerabilityID }} in container {{ $target }}",
-        "Description": {{ escapeString $description | printf "%q" }},
-        "Remediation": {
-            "Recommendation": {
-                "Text": "More information on this vulnerability is provided in the hyperlink",
-                "Url": "{{ .PrimaryURL }}"
-            }
-        },
-        "ProductFields": { "Product Name": "Trivy" },
-        "Resources": [
-            {
-                "Type": "Container",
-                "Id": "{{ $target }}",
-                "Partition": "aws",
-                "Region": "{{ env "AWS_REGION" }}",
-                "Details": {
-                    "Container": { "ImageName": "{{ $target }}" },
-                    "Other": {
-                        "CVE ID": "{{ .VulnerabilityID }}",
-                        "CVE Title": {{ .Title | printf "%q" }},
-                        "PkgName": "{{ .PkgName }}",
-                        "Installed Package": "{{ .InstalledVersion }}",
-                        "Patched Package": "{{ .FixedVersion }}",
-                        "NvdCvssScoreV3": "{{ (index .CVSS (sourceID "nvd")).V3Score }}",
-                        "NvdCvssVectorV3": "{{ (index .CVSS (sourceID "nvd")).V3Vector }}",
-                        "NvdCvssScoreV2": "{{ (index .CVSS (sourceID "nvd")).V2Score }}",
-                        "NvdCvssVectorV2": "{{ (index .CVSS (sourceID "nvd")).V2Vector }}"
+{
+    "Findings": [
+    {{- $t_first := true -}}
+    {{- range . -}}
+    {{- $target := .Target -}}
+    {{- range .Vulnerabilities -}}
+    {{- if $t_first -}}
+      {{- $t_first = false -}}
+    {{- else -}}
+      ,
+    {{- end -}}
+    {{- $severity := .Severity -}}
+    {{- if eq $severity "UNKNOWN" -}}
+    {{- $severity = "INFORMATIONAL" -}}
+    {{- end -}}
+    {{- $description := .Description -}}
+    {{- if gt (len $description ) 1021 -}}
+        {{- $description = (substr 0 1021 $description) | printf "%v .." -}}
+    {{- end}}
+        {
+            "SchemaVersion": "2018-10-08",
+            "Id": "{{ $target }}/{{ .VulnerabilityID }}",
+            "ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity",
+            "GeneratorId": "Trivy",
+            "AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}",
+            "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
+            "CreatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
+            "UpdatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}",
+            "Severity": {
+                "Label": "{{ $severity }}"
+            },
+            "Title": "Trivy found a vulnerability to {{ .VulnerabilityID }} in container {{ $target }}",
+            "Description": {{ escapeString $description | printf "%q" }},
+            "Remediation": {
+                "Recommendation": {
+                    "Text": "More information on this vulnerability is provided in the hyperlink",
+                    "Url": "{{ .PrimaryURL }}"
+                }
+            },
+            "ProductFields": { "Product Name": "Trivy" },
+            "Resources": [
+                {
+                    "Type": "Container",
+                    "Id": "{{ $target }}",
+                    "Partition": "aws",
+                    "Region": "{{ env "AWS_REGION" }}",
+                    "Details": {
+                        "Container": { "ImageName": "{{ $target }}" },
+                        "Other": {
+                            "CVE ID": "{{ .VulnerabilityID }}",
+                            "CVE Title": {{ .Title | printf "%q" }},
+                            "PkgName": "{{ .PkgName }}",
+                            "Installed Package": "{{ .InstalledVersion }}",
+                            "Patched Package": "{{ .FixedVersion }}",
+                            "NvdCvssScoreV3": "{{ (index .CVSS (sourceID "nvd")).V3Score }}",
+                            "NvdCvssVectorV3": "{{ (index .CVSS (sourceID "nvd")).V3Vector }}",
+                            "NvdCvssScoreV2": "{{ (index .CVSS (sourceID "nvd")).V2Score }}",
+                            "NvdCvssVectorV2": "{{ (index .CVSS (sourceID "nvd")).V2Vector }}"
+                        }
                     }
                 }
-            }
-        ],
-        "RecordState": "ACTIVE"
-    }
-   {{- end -}}
-  {{- end }}
-]
+            ],
+            "RecordState": "ACTIVE"
+        }
+       {{- end -}}
+      {{- end }}
+    ]
+}

contrib/gitlab-codequality.tpl

@@ -13,7 +13,7 @@
       "type": "issue",
       "check_name": "container_scanning",
       "categories": [ "Security" ],
-      "description": "{{ .VulnerabilityID }}: {{ .Title }}",
+      "description": {{ list .VulnerabilityID .Title | join ": " | printf "%q" }},
       "fingerprint": "{{ .VulnerabilityID | sha1sum }}",
       "content": {{ .Description | printf "%q" }},
       "severity": {{ if eq .Severity "LOW" -}}

contrib/junit.tpl

@@ -14,5 +14,18 @@
         </testcase>
     {{- end }}
     </testsuite>
+{{- $failures := len .Misconfigurations }}
+    <testsuite tests="{{ $failures }}" failures="{{ $failures }}" name="{{  .Target }}" errors="0" skipped="0" time="">
+    {{- if not (eq .Type "") }}
+        <properties>
+            <property name="type" value="{{ .Type }}"></property>
+        </properties>
+        {{- end -}}
+        {{ range .Misconfigurations }}
+        <testcase classname="{{ .Type }}" name="[{{ .Severity }}] {{ .ID }}" time="">
+            <failure message="{{ escapeXML .Title }}" type="description">{{ escapeXML .Description }}</failure>
+        </testcase>
+    {{- end }}
+    </testsuite>
 {{- end }}
 </testsuites>

docs/advanced/integrations/gitlab-ci.md

@@ -77,7 +77,7 @@ container_scanning:
     # cache cleanup is needed when scanning images with the same tags, it does not remove the database
     - time trivy image --clear-cache
     # update vulnerabilities db
-    - time trivy --download-db-only --no-progress --cache-dir .trivycache/
+    - time trivy --cache-dir .trivycache/ image --download-db-only --no-progress
     # Builds report and puts it in the default workdir $CI_PROJECT_DIR, so `artifacts:` can take it from there
     - time trivy --cache-dir .trivycache/ image --exit-code 0 --no-progress --format template --template "@/contrib/gitlab.tpl"
         --output "$CI_PROJECT_DIR/gl-container-scanning-report.json" "$FULL_IMAGE_NAME"

docs/advanced/sbom/cyclonedx.md

@@ -0,0 +1,175 @@
+# CycloneDX
+Trivy generates JSON reports in the [CycloneDX][cyclonedx] format.
+Note that XML format is not supported at the moment.
+
+
+You can specify `cyclonedx` with the `--format` option.
+
+```
+$ trivy image --format cyclonedx --output result.json alpine:3.15
+```
+
+<details>
+<summary>Result</summary>
+
+```
+$ cat result.json | jq .
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.3",
+  "serialNumber": "urn:uuid:2be5773d-7cd3-4b4b-90a5-e165474ddace",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2022-02-22T15:11:40.270597Z",
+    "tools": [
+      {
+        "vendor": "aquasecurity",
+        "name": "trivy",
+        "version": "dev"
+      }
+    ],
+    "component": {
+      "bom-ref": "pkg:oci/alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300?repository_url=index.docker.io%2Flibrary%2Falpine&arch=amd64",
+      "type": "container",
+      "name": "alpine:3.15",
+      "version": "",
+      "purl": "pkg:oci/alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300?repository_url=index.docker.io%2Flibrary%2Falpine&arch=amd64",
+      "properties": [
+        {
+          "name": "aquasecurity:trivy:SchemaVersion",
+          "value": "2"
+        },
+        {
+          "name": "aquasecurity:trivy:ImageID",
+          "value": "sha256:c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18"
+        },
+        {
+          "name": "aquasecurity:trivy:RepoDigest",
+          "value": "alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300"
+        },
+        {
+          "name": "aquasecurity:trivy:DiffID",
+          "value": "sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759"
+        },
+        {
+          "name": "aquasecurity:trivy:RepoTag",
+          "value": "alpine:3.15"
+        }
+      ]
+    }
+  },
+  "components": [
+    {
+      "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.2.0-r18?distro=3.15.0",
+      "type": "library",
+      "name": "alpine-baselayout",
+      "version": "3.2.0-r18",
+      "licenses": [
+        {
+          "expression": "GPL-2.0-only"
+        }
+      ],
+      "purl": "pkg:apk/alpine/alpine-baselayout@3.2.0-r18?distro=3.15.0",
+      "properties": [
+        {
+          "name": "aquasecurity:trivy:SrcName",
+          "value": "alpine-baselayout"
+        },
+        {
+          "name": "aquasecurity:trivy:SrcVersion",
+          "value": "3.2.0-r18"
+        },
+        {
+          "name": "aquasecurity:trivy:LayerDigest",
+          "value": "sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3"
+        },
+        {
+          "name": "aquasecurity:trivy:LayerDiffID",
+          "value": "sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759"
+        }
+      ]
+    },
+    ...(snip)...
+    {
+      "bom-ref": "pkg:apk/alpine/zlib@1.2.11-r3?distro=3.15.0",
+      "type": "library",
+      "name": "zlib",
+      "version": "1.2.11-r3",
+      "licenses": [
+        {
+          "expression": "Zlib"
+        }
+      ],
+      "purl": "pkg:apk/alpine/zlib@1.2.11-r3?distro=3.15.0",
+      "properties": [
+        {
+          "name": "aquasecurity:trivy:SrcName",
+          "value": "zlib"
+        },
+        {
+          "name": "aquasecurity:trivy:SrcVersion",
+          "value": "1.2.11-r3"
+        },
+        {
+          "name": "aquasecurity:trivy:LayerDigest",
+          "value": "sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3"
+        },
+        {
+          "name": "aquasecurity:trivy:LayerDiffID",
+          "value": "sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759"
+        }
+      ]
+    },
+    {
+      "bom-ref": "3da6a469-964d-4b4e-b67d-e94ec7c88d37",
+      "type": "operating-system",
+      "name": "alpine",
+      "version": "3.15.0",
+      "properties": [
+        {
+          "name": "aquasecurity:trivy:Type",
+          "value": "alpine"
+        },
+        {
+          "name": "aquasecurity:trivy:Class",
+          "value": "os-pkgs"
+        }
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "3da6a469-964d-4b4e-b67d-e94ec7c88d37",
+      "dependsOn": [
+        "pkg:apk/alpine/alpine-baselayout@3.2.0-r18?distro=3.15.0",
+        "pkg:apk/alpine/alpine-keys@2.4-r1?distro=3.15.0",
+        "pkg:apk/alpine/apk-tools@2.12.7-r3?distro=3.15.0",
+        "pkg:apk/alpine/busybox@1.34.1-r3?distro=3.15.0",
+        "pkg:apk/alpine/ca-certificates-bundle@20191127-r7?distro=3.15.0",
+        "pkg:apk/alpine/libc-utils@0.7.2-r3?distro=3.15.0",
+        "pkg:apk/alpine/libcrypto1.1@1.1.1l-r7?distro=3.15.0",
+        "pkg:apk/alpine/libretls@3.3.4-r2?distro=3.15.0",
+        "pkg:apk/alpine/libssl1.1@1.1.1l-r7?distro=3.15.0",
+        "pkg:apk/alpine/musl@1.2.2-r7?distro=3.15.0",
+        "pkg:apk/alpine/musl-utils@1.2.2-r7?distro=3.15.0",
+        "pkg:apk/alpine/scanelf@1.3.3-r0?distro=3.15.0",
+        "pkg:apk/alpine/ssl_client@1.34.1-r3?distro=3.15.0",
+        "pkg:apk/alpine/zlib@1.2.11-r3?distro=3.15.0"
+      ]
+    },
+    {
+      "ref": "pkg:oci/alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300?repository_url=index.docker.io%2Flibrary%2Falpine&arch=amd64",
+      "dependsOn": [
+        "3da6a469-964d-4b4e-b67d-e94ec7c88d37"
+      ]
+    }
+  ]
+}
+
+```
+</details>
+
+!!! caution
+    It doesn't support vulnerabilities yet, but installed packages.
+
+[cyclonedx]: https://cyclonedx.org/

docs/getting-started/cli/repo.md

@@ -23,6 +23,7 @@ OPTIONS:
    --cache-backend value       cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
    --timeout value             timeout (default: 5m0s) [$TRIVY_TIMEOUT]
    --no-progress               suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
+   --quiet, -q                      suppress progress bar and log output (default: false) [$TRIVY_QUIET]
    --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
    --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
    --offline-scan              do not issue API requests to identify dependencies (default: false) [$TRIVY_OFFLINE_SCAN]

docs/getting-started/installation.md

@@ -118,14 +118,13 @@ Example:
 === "Linux"
 
     ``` bash
-    docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} [YOUR_IMAGE_NAME]
+    docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} image [YOUR_IMAGE_NAME]
     ```
 
 === "macOS"
 
     ``` bash
-    yay -Sy trivy-bin
-    docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} python:3.4-alpine
+    docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} image [YOUR_IMAGE_NAME
     ```
 
 If you would like to scan the image on your host machine, you need to mount `docker.sock`.

docs/getting-started/overview.md

@@ -55,6 +55,8 @@ See [Integrations][integrations] for details.
         - An image directory compliant with [OCI Image Format][oci]
     - local filesystem and rootfs
     - remote git repository
+- SBOM (Software Bill of Materials) support
+    - CycloneDX 
 
 Please see [LICENSE][license] for Trivy licensing information.
 

docs/misconfiguration/iac.md

@@ -111,7 +111,7 @@ Failures: 9 (HIGH: 6, CRITICAL: 1)
 +                                          +            +                                          +          +--------------------------------------------------------+
 |                                          |            |                                          |          | Resource                                               |
 |                                          |            |                                          |          | 'aws_api_gateway_domain_name.missing_security_policy'  |
-|                                          |            |                                          |          | should include security_policy (defauls to outdated    |
+|                                          |            |                                          |          | should include security_policy (defaults to outdated   |
 |                                          |            |                                          |          | SSL/TLS policy). -->tfsec.dev/docs/aws/AWS025/         |
 +                                          +            +                                          +          +--------------------------------------------------------+
 |                                          |            |                                          |          | Resource                                               |

docs/misconfiguration/options/filter.md

@@ -72,7 +72,7 @@ Failures: 8 (HIGH: 6, CRITICAL: 1)
 +                                          +            +                                          +          +--------------------------------------------------------+
 |                                          |            |                                          |          | Resource                                               |
 |                                          |            |                                          |          | 'aws_api_gateway_domain_name.missing_security_policy'  |
-|                                          |            |                                          |          | should include security_policy (defauls to outdated    |
+|                                          |            |                                          |          | should include security_policy (defaults to outdated   |
 |                                          |            |                                          |          | SSL/TLS policy). -->tfsec.dev/docs/aws/AWS025/         |
 +                                          +            +                                          +          +--------------------------------------------------------+
 |                                          |            |                                          |          | Resource                                               |

docs/vulnerability/detection/language.md

@@ -16,6 +16,7 @@
 |          | yarn.lock                | -         | -          |       ✅        |       ✅        | included        |
 |          | package.json             | ✅        | ✅         |       -        |       -        | excluded        |
 | .NET     | packages.lock.json       | ✅        | ✅         |       ✅        |       ✅        | included        |
+|          | packages.config          | ✅        | ✅         |       ✅        |       ✅        | excluded        |
 | Java     | JAR/WAR/PAR/EAR[^3][^4]  | ✅        | ✅         |       -        |       -        | included        |
 |          | pom.xml[^5]              | -         | -          |       ✅        |       ✅        | excluded        |
 | Go       | Binaries built by Go[^6] | ✅        | ✅         |       -        |       -        | excluded        |

docs/vulnerability/examples/report.md

@@ -219,6 +219,6 @@ $ trivy image --format template --template "@/usr/local/share/trivy/templates/ht
 
 [new-json]: https://github.com/aquasecurity/trivy/discussions/1050
 [action]: https://github.com/aquasecurity/trivy-action
-[asff]: https://github.com/aquasecurity/trivy/blob/main/docs/integrations/aws-security-hub.md
+[asff]: https://github.com/aquasecurity/trivy/blob/main/docs/advanced/integrations/aws-security-hub.md
 [sarif]: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-results-from-code-scanning
 [sprig]: http://masterminds.github.io/sprig/

docs/vulnerability/scanning/image.md

@@ -38,49 +38,52 @@ Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
 ## Tar Files
 
 ```
-$ docker save ruby:2.3.0-alpine3.9 -o ruby-2.3.0.tar
-$ trivy image --input ruby-2.3.0.tar
+$ docker pull ruby:3.1-alpine3.15
+$ docker save ruby:3.1-alpine3.15 -o ruby-3.1.tar
+$ trivy image --input ruby-3.1.tar
 ```
 
 <details>
 <summary>Result</summary>
 
 ```
-2019-05-16T12:45:57.332+0900    INFO    Updating vulnerability database...
-2019-05-16T12:45:59.119+0900    INFO    Detecting Debian vulnerabilities...
+2022-02-03T10:08:19.127Z        INFO    Detected OS: alpine
+2022-02-03T10:08:19.127Z        WARN    This OS version is not on the EOL list: alpine 3.15
+2022-02-03T10:08:19.127Z        INFO    Detecting Alpine vulnerabilities...
+2022-02-03T10:08:19.127Z        INFO    Number of language-specific files: 2
+2022-02-03T10:08:19.127Z        INFO    Detecting gemspec vulnerabilities...
+2022-02-03T10:08:19.128Z        INFO    Detecting node-pkg vulnerabilities...
+2022-02-03T10:08:19.128Z        WARN    This OS version is no longer supported by the distribution: alpine 3.15.0
+2022-02-03T10:08:19.128Z        WARN    The vulnerability detection may be insufficient because security updates are not provided
 
-ruby-2.3.0.tar (debian 8.4)
-===========================
-Total: 7447 (UNKNOWN: 5, LOW: 326, MEDIUM: 5695, HIGH: 1316, CRITICAL: 105)
+ruby-3.1.tar (alpine 3.15.0)
+============================
+Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 3, CRITICAL: 0)
 
-+------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
-|           LIBRARY            |  VULNERABILITY ID   | SEVERITY |     INSTALLED VERSION      |          FIXED VERSION           |                        TITLE                        |
-+------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
-| apt                          | CVE-2019-3462       | CRITICAL | 1.0.9.8.3                  | 1.0.9.8.5                        | Incorrect sanitation of the                         |
-|                              |                     |          |                            |                                  | 302 redirect field in HTTP                          |
-|                              |                     |          |                            |                                  | transport method of...                              |
-+                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
-|                              | CVE-2016-1252       | MEDIUM   |                            | 1.0.9.8.4                        | The apt package in Debian                           |
-|                              |                     |          |                            |                                  | jessie before 1.0.9.8.4, in                         |
-|                              |                     |          |                            |                                  | Debian unstable before...                           |
-+                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
-|                              | CVE-2011-3374       | LOW      |                            |                                  |                                                     |
-+------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+
-| bash                         | CVE-2016-7543       | HIGH     | 4.3-11                     | 4.3-11+deb8u1                    | bash: Specially crafted                             |
-|                              |                     |          |                            |                                  | SHELLOPTS+PS4 variables allows                      |
-|                              |                     |          |                            |                                  | command substitution                                |
-+                              +---------------------+          +                            +----------------------------------+-----------------------------------------------------+
-|                              | CVE-2019-9924       |          |                            | 4.3-11+deb8u2                    | bash: BASH_CMD is writable in                       |
-|                              |                     |          |                            |                                  | restricted bash shells                              |
-+                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
-|                              | CVE-2016-0634       | MEDIUM   |                            | 4.3-11+deb8u1                    | bash: Arbitrary code execution                      |
-|                              |                     |          |                            |                                  | via malicious hostname                              |
-+                              +---------------------+----------+                            +----------------------------------+-----------------------------------------------------+
-|                              | CVE-2016-9401       | LOW      |                            | 4.3-11+deb8u2                    | bash: popd controlled free                          |
-+                              +---------------------+          +                            +----------------------------------+-----------------------------------------------------+
-|                              | TEMP-0841856-B18BAF |          |                            |                                  |                                                     |
-+------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------
-...
++----------+------------------+----------+-------------------+---------------+---------------------------------------+
+| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
++----------+------------------+----------+-------------------+---------------+---------------------------------------+
+| gmp      | CVE-2021-43618   | HIGH     | 6.2.1-r0          | 6.2.1-r1      | gmp: Integer overflow and resultant   |
+|          |                  |          |                   |               | buffer overflow via crafted input     |
+|          |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-43618 |
++----------+                  +          +                   +               +                                       +
+| gmp-dev  |                  |          |                   |               |                                       |
+|          |                  |          |                   |               |                                       |
+|          |                  |          |                   |               |                                       |
++----------+                  +          +                   +               +                                       +
+| libgmpxx |                  |          |                   |               |                                       |
+|          |                  |          |                   |               |                                       |
+|          |                  |          |                   |               |                                       |
++----------+------------------+----------+-------------------+---------------+---------------------------------------+
+
+Node.js (node-pkg)
+==================
+Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
+
+
+Ruby (gemspec)
+==============
+Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
 ```
 
 </details>

examples/misconf/mixed/README.md

@@ -67,7 +67,7 @@ Failures: 8 (HIGH: 6, CRITICAL: 1)
 +                                          +            +                                          +          +--------------------------------------------------------+
 |                                          |            |                                          |          | Resource                                               |
 |                                          |            |                                          |          | 'aws_api_gateway_domain_name.missing_security_policy'  |
-|                                          |            |                                          |          | should include security_policy (defauls to outdated    |
+|                                          |            |                                          |          | should include security_policy (defaults to outdated   |
 |                                          |            |                                          |          | SSL/TLS policy). -->tfsec.dev/docs/aws/AWS025/         |
 +                                          +            +                                          +          +--------------------------------------------------------+
 |                                          |            |                                          |          | Resource                                               |

go.mod

@@ -1,50 +1,200 @@
 module github.com/aquasecurity/trivy
 
-go 1.16
+go 1.17
 
 require (
-	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/sprig v2.22.0+incompatible
+	github.com/CycloneDX/cyclonedx-go v0.5.0
+	github.com/Masterminds/sprig/v3 v3.2.2
 	github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20220129174924-b9e05fcccc57
-	github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff
+	github.com/aquasecurity/fanal v0.0.0-20220309115321-0183e4870f89
+	github.com/aquasecurity/go-dep-parser v0.0.0-20220302151315-ff6d77c26988
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492
 	github.com/aquasecurity/trivy-db v0.0.0-20220130223604-df65ebde46f4
-	github.com/caarlos0/env/v6 v6.0.0
+	github.com/caarlos0/env/v6 v6.9.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
-	github.com/cheggaaa/pb/v3 v3.0.3
+	github.com/cheggaaa/pb/v3 v3.0.8
 	github.com/docker/docker v20.10.12+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/fatih/color v1.13.0
 	github.com/go-redis/redis/v8 v8.11.4
-	github.com/goccy/go-yaml v1.8.2 // indirect
 	github.com/golang/protobuf v1.5.2
 	github.com/google/go-containerregistry v0.7.1-0.20211214010025-a65b7844a475
-	github.com/google/wire v0.4.0
-	github.com/hashicorp/go-getter v1.5.2
-	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/google/uuid v1.3.0
+	github.com/google/wire v0.5.0
+	github.com/hashicorp/go-getter v1.5.11
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08
-	github.com/mitchellh/copystructure v1.1.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/open-policy-agent/opa v0.36.1
-	github.com/owenrumney/go-sarif/v2 v2.0.17
-	github.com/spf13/afero v1.6.0
-	github.com/stretchr/objx v0.3.0 // indirect
+	github.com/open-policy-agent/opa v0.37.2
+	github.com/owenrumney/go-sarif/v2 v2.1.1
+	github.com/package-url/packageurl-go v0.1.1-0.20220203205134-d70459300c8a
+	github.com/spf13/afero v1.8.1
 	github.com/stretchr/testify v1.7.0
-	github.com/testcontainers/testcontainers-go v0.11.1
-	github.com/twitchtv/twirp v8.1.0+incompatible
+	github.com/testcontainers/testcontainers-go v0.12.0
+	github.com/twitchtv/twirp v8.1.1+incompatible
 	github.com/urfave/cli/v2 v2.3.0
-	go.uber.org/zap v1.20.0
+	go.uber.org/zap v1.21.0
+	golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	google.golang.org/protobuf v1.27.1
-	gopkg.in/go-playground/validator.v9 v9.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	k8s.io/utils v0.0.0-20201110183641-67b214c5f920
 )
+
+require (
+	cloud.google.com/go v0.99.0 // indirect
+	cloud.google.com/go/storage v1.14.0 // indirect
+	github.com/Azure/azure-sdk-for-go v61.4.0+incompatible // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.24 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/BurntSushi/toml v1.0.0 // indirect
+	github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	github.com/Microsoft/go-winio v0.5.1 // indirect
+	github.com/Microsoft/hcsshim v0.9.2 // indirect
+	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
+	github.com/VividCortex/ewma v1.1.1 // indirect
+	github.com/acomagu/bufpipe v1.0.3 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/apparentlymart/go-cidr v1.1.0 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/aquasecurity/defsec v0.17.1 // indirect
+	github.com/aquasecurity/tfsec v1.8.0 // indirect
+	github.com/aws/aws-sdk-go v1.43.8 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/bmatcuk/doublestar v1.3.4 // indirect
+	github.com/briandowns/spinner v1.12.0 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/containerd/cgroups v1.0.3 // indirect
+	github.com/containerd/containerd v1.5.9 // indirect
+	github.com/containerd/continuity v0.2.2 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect
+	github.com/containerd/typeurl v1.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/dimchansky/utfbom v1.1.1 // indirect
+	github.com/docker/cli v20.10.11+incompatible // indirect
+	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.6.4 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/emirpasic/gods v1.12.0 // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.3.1 // indirect
+	github.com/go-git/go-git/v5 v5.4.2 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/goccy/go-yaml v1.8.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/googleapis/gax-go/v2 v2.1.1 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/go-uuid v1.0.2 // indirect
+	github.com/hashicorp/go-version v1.4.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.11.1 // indirect
+	github.com/huandu/xstrings v1.3.1 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
+	github.com/klauspost/compress v1.14.2 // indirect
+	github.com/knqyf263/go-rpmdb v0.0.0-20220209103220-0f7a6d951a6d // indirect
+	github.com/knqyf263/nested v0.0.1 // indirect
+	github.com/liamg/iamgo v0.0.6 // indirect
+	github.com/liamg/jfather v0.0.7 // indirect
+	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.12 // indirect
+	github.com/mitchellh/copystructure v1.0.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.4.3 // indirect
+	github.com/mitchellh/reflectwalk v1.0.0 // indirect
+	github.com/moby/buildkit v0.9.3 // indirect
+	github.com/moby/sys/mount v0.2.0 // indirect
+	github.com/moby/sys/mountinfo v0.6.0 // indirect
+	github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
+	github.com/opencontainers/runc v1.1.0 // indirect
+	github.com/owenrumney/squealer v0.3.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/saracen/walker v0.0.0-20191201085201-324a081bae7e // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/shopspring/decimal v1.2.0 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/spf13/cast v1.4.1 // indirect
+	github.com/stretchr/objx v0.3.0 // indirect
+	github.com/tmccombs/hcl2json v0.3.4 // indirect
+	github.com/ulikunitz/xz v0.5.8 // indirect
+	github.com/vbatts/tar-split v0.11.2 // indirect
+	github.com/xanzy/ssh-agent v0.3.0 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect
+	github.com/zclconf/go-cty v1.10.0 // indirect
+	github.com/zclconf/go-cty-yaml v1.0.2 // indirect
+	go.etcd.io/bbolt v1.3.6 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/crypto v0.0.0-20220208233918-bba287dce954 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.8 // indirect
+	google.golang.org/api v0.62.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20220204002441-d6cc3cc0770e // indirect
+	google.golang.org/grpc v1.44.0 // indirect
+	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
+	gopkg.in/go-playground/validator.v9 v9.31.0 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	lukechampine.com/uint128 v1.1.1 // indirect
+	modernc.org/cc/v3 v3.35.22 // indirect
+	modernc.org/ccgo/v3 v3.15.1 // indirect
+	modernc.org/libc v1.14.1 // indirect
+	modernc.org/mathutil v1.4.1 // indirect
+	modernc.org/memory v1.0.5 // indirect
+	modernc.org/opt v0.1.1 // indirect
+	modernc.org/sqlite v1.14.5 // indirect
+	modernc.org/strutil v1.1.1 // indirect
+	modernc.org/token v1.0.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
+
+// To resolve CVE-2021-3538. Note that it is used only for testing.
+replace github.com/satori/go.uuid v1.2.0 => github.com/satori/go.uuid v1.2.1-0.20181016170032-d91630c85102

go.sum

@@ -1,5 +1,6 @@
 bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
 bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
+bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM=
 cloud.google.com/go v0.25.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@@ -23,6 +24,7 @@ cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOY
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
@@ -56,8 +58,9 @@ cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiy
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+cloud.google.com/go/storage v1.14.0 h1:6RRlFMv1omScs6iq2hfE3IvgE+l6RfJPampq8UZc5TU=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 code.gitea.io/sdk/gitea v0.12.0/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA=
 contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0=
@@ -69,6 +72,7 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 git.apache.org/thrift.git v0.12.0/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/AkihiroSuda/containerd-fuse-overlayfs v1.0.0/go.mod h1:0mMDvQFeLbbn1Wy8P2j3hwFhqBq+FKn8OZPno8WLmp8=
+github.com/AlecAivazis/survey/v2 v2.3.2/go.mod h1:TH2kPCDU3Kqq7pLbnCWwZXDBjnhZtmsCle5EiYDJ2fg=
 github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
 github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
 github.com/Azure/azure-pipeline-go v0.2.2/go.mod h1:4rQ/NZncSvGqNkkOsNpOU1tgoNuIlp9AfUH5G1tvCHc=
@@ -79,8 +83,8 @@ github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo
 github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v42.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v61.2.0+incompatible h1:sSormXkfW0ov1vh6ihTBRQxdfg73fPqkccl50GbR9iM=
-github.com/Azure/azure-sdk-for-go v61.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v61.4.0+incompatible h1:BF2Pm3aQWIa6q9KmxyF1JYKYXtVw67vtvu2Wd54NGuY=
+github.com/Azure/azure-sdk-for-go v61.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0=
 github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
@@ -96,7 +100,6 @@ github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8
 github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
 github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
 github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
-github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
 github.com/Azure/go-autorest/autorest v0.11.24 h1:1fIGgHKqVm54KIPT+q8Zmd1QlVsmHqeUGso5qm2BqqE=
 github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
@@ -105,16 +108,15 @@ github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMl
 github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.2 h1:R1pgoZkhXuv4+0ky9r3e5pcnRXWcXGIuPXpC/xkc7uI=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
 github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.1 h1:jwcD1wURu0+hKceV04MubZmKLzwEYOCz6q4aOtVZ+Ng=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
@@ -141,9 +143,13 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
 github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/CycloneDX/cyclonedx-go v0.5.0 h1:RWCnu2OrWUTF5C9DA3L0qVziUD2HlxSUWcL2OXlxfqE=
+github.com/CycloneDX/cyclonedx-go v0.5.0/go.mod h1:nQXAzrejxO39b14JFz2SvsUElegYfwBDowIzqjdUMk4=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/Djarvur/go-err113 v0.1.0/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
+github.com/Flaque/filet v0.0.0-20201012163910-45f684403088 h1:PnnQln5IGbhLeJOi6hVs+lCeF+B1dRfFKPGXUAez0Ww=
+github.com/Flaque/filet v0.0.0-20201012163910-45f684403088/go.mod h1:TK+jB3mBs+8ZMWhU5BqZKnZWJ1MrLo8etNVg51ueTBo=
 github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo=
 github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0 h1:wykTgKwhVr2t2qs+xI020s6W5dt614QqCHV+7W9dg64=
 github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
@@ -155,8 +161,10 @@ github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3Q
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
-github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
+github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -178,13 +186,16 @@ github.com/Microsoft/hcsshim v0.8.10/go.mod h1:g5uw8EV2mAlzqe94tfNBNdr89fnbD/n3H
 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
 github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.23 h1:47MSwtKGXet80aIn+7h4YI6fwPmwIghAnsx2aOUrG2M=
+github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
 github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
+github.com/Microsoft/hcsshim v0.9.2 h1:wB06W5aYFfUB3IvootYAY2WnOmIdgPGfqSI6tufQNnY=
+github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
 github.com/Microsoft/hcsshim/test v0.0.0-20200826032352-301c83a30e7c/go.mod h1:30A5igQ91GEmhYJF8TaRP79pMBOYynRsyOByfVV0dU4=
 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46 h1:lsxEuwrXEAokXB9qhlbKWPpo3KMLZQ5WB5WLQRW1uq0=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/Netflix/go-expect v0.0.0-20180615182759-c93bf25de8e8/go.mod h1:oX5x61PbNXchhh0oikYAH+4Pcfw5LKv21+Jnpr6r6Pc=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
@@ -218,8 +229,8 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk=
 github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
-github.com/alicebob/miniredis/v2 v2.17.0 h1:EwLdrIS50uczw71Jc7iVSxZluTKj5nfSP8n7ARRnJy0=
-github.com/alicebob/miniredis/v2 v2.17.0/go.mod h1:gquAfGbzn92jvtrSC69+6zZnwSODVXVpYDRaGhWaL6I=
+github.com/alicebob/miniredis/v2 v2.18.0 h1:EPUGD69ou4Uw4c81t9NLh0+dSou46k4tFEvf498FJ0g=
+github.com/alicebob/miniredis/v2 v2.18.0/go.mod h1:gquAfGbzn92jvtrSC69+6zZnwSODVXVpYDRaGhWaL6I=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -239,14 +250,12 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
-github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz1no=
-github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
-github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
-github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
-github.com/aquasecurity/fanal v0.0.0-20220129174924-b9e05fcccc57 h1:/xe+XRO1uQXebv6y1XIM9424XQXVnVZ1dr+V4clegHA=
-github.com/aquasecurity/fanal v0.0.0-20220129174924-b9e05fcccc57/go.mod h1:aU+dKT2D+DLsTEmy/axt19XEIXayz0V9giXCwiypCgQ=
-github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4=
-github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk=
+github.com/aquasecurity/defsec v0.17.1 h1:gen/DInkQZ+BnV2X/UCI4Kb7SgJzPKiSb91duNhOWcg=
+github.com/aquasecurity/defsec v0.17.1/go.mod h1:fmymhKkorY0+cTGAML6LQI+BpCEP1zURaI8smST5rV0=
+github.com/aquasecurity/fanal v0.0.0-20220309115321-0183e4870f89 h1:owYWGe2dTRhXuBW3OUekU9+yWec8pNTZthGvTFMq9oY=
+github.com/aquasecurity/fanal v0.0.0-20220309115321-0183e4870f89/go.mod h1:PL2i7JtbuPnLlJVG5HVPAVLMmAUdpA9J/iV7b7E5Gbg=
+github.com/aquasecurity/go-dep-parser v0.0.0-20220302151315-ff6d77c26988 h1:Hd6q0/VF/bC/MT1K/63W2u5ChRIy6cPSQk0YbJ3Vcb8=
+github.com/aquasecurity/go-dep-parser v0.0.0-20220302151315-ff6d77c26988/go.mod h1:XxIz2s4UymZBcg9WwAc2km77lFt9rVE/LmKJe2YVOtY=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
 github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc=
@@ -258,8 +267,8 @@ github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 h1:rcEG5HI
 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
-github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64=
-github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc=
+github.com/aquasecurity/tfsec v1.8.0 h1:8U4JU/iJaWq6pcY48+R9kD6vDz58Ud1daUsw2l7hAsE=
+github.com/aquasecurity/tfsec v1.8.0/go.mod h1:Tnj1ozVkv45QdTi1wiVm8Efw3D7ztjQctztG+yU+JwY=
 github.com/aquasecurity/trivy-db v0.0.0-20220130223604-df65ebde46f4 h1:w/cU+uNDHHzMKLNpiohoHvPTtd1mi6Dyih4pqV6FLxQ=
 github.com/aquasecurity/trivy-db v0.0.0-20220130223604-df65ebde46f4/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
@@ -285,8 +294,8 @@ github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.42.30 h1:GvzWHwAdE5ZQ9UOcq0lX+PTzVJ4+sm1DjYrk6nUSTgA=
-github.com/aws/aws-sdk-go v1.42.30/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
+github.com/aws/aws-sdk-go v1.43.8 h1:8a/M9C4l5CxFNM6IuNx4F1p+ITJEX12VxWxUQo61cbc=
+github.com/aws/aws-sdk-go v1.43.8/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@@ -314,6 +323,8 @@ github.com/bombsimon/wsl/v2 v2.2.0/go.mod h1:Azh8c3XGEJl9LyX0/sFC+CKMc7Ssgua0g+6
 github.com/bombsimon/wsl/v3 v3.0.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
 github.com/bombsimon/wsl/v3 v3.1.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
+github.com/bradleyjkemp/cupaloy/v2 v2.7.0 h1:AT0vOjO68RcLyenLCHOGZzSNiuto7ziqzq6Q1/3xzMQ=
+github.com/bradleyjkemp/cupaloy/v2 v2.7.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/briandowns/spinner v1.12.0 h1:72O0PzqGJb6G3KgrcIOtL/JAGGZ5ptOMCn9cUHmqsmw=
 github.com/briandowns/spinner v1.12.0/go.mod h1:QOuQk7x+EaDASo80FEXwlwiA+j/PPIcX3FScO+3/ZPQ=
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
@@ -321,11 +332,11 @@ github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/bytecodealliance/wasmtime-go v0.32.0 h1:/GsrnJz2bfULAIZygN4vUElLYliQrx/o/1opP9X7Gck=
-github.com/bytecodealliance/wasmtime-go v0.32.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI=
+github.com/bytecodealliance/wasmtime-go v0.33.1 h1:TFep11LiqCy1B6QUIAtqH3KZTbZcKasm89/AF9sqLnA=
+github.com/bytecodealliance/wasmtime-go v0.33.1/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI=
 github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw=
-github.com/caarlos0/env/v6 v6.0.0 h1:NZt6FAoB8ieKO5lEwRdwCzYxWFx7ZYF2R7UcoyaWtyc=
-github.com/caarlos0/env/v6 v6.0.0/go.mod h1:+wdyOmtjoZIW2GJOc2OYa5NoOFuWD/bIpWqm30NgtRk=
+github.com/caarlos0/env/v6 v6.9.1 h1:zOkkjM0F6ltnQ5eBX6IPI41UP/KDGEK7rRPwGCNos8k=
+github.com/caarlos0/env/v6 v6.9.1/go.mod h1:hvp/ryKXKipEkcuYjs9mI4bBCg+UI0Yhgm5Zu0ddvwc=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A=
@@ -343,10 +354,11 @@ github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cb
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
 github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
+github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/cheggaaa/pb v1.0.27 h1:wIkZHkNfC7R6GI5w7l/PdAdzXzlrbcI3p8OAlnkTsnc=
 github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
-github.com/cheggaaa/pb/v3 v3.0.3 h1:8WApbyUmgMOz7WIxJVNK0IRDcRfAmTxcEdi0TuxjdP4=
-github.com/cheggaaa/pb/v3 v3.0.3/go.mod h1:Pp35CDuiEpHa/ZLGCtBbM6CBwMstv1bJlG884V+73Yc=
+github.com/cheggaaa/pb/v3 v3.0.8 h1:bC8oemdChbke2FHIIGy9mn4DPJ2caZYQnfbRqwmdCoA=
+github.com/cheggaaa/pb/v3 v3.0.8/go.mod h1:UICbiLec/XO6Hw6k+BHEtHeQFzzBH4i2/qk/ow1EJTA=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -355,6 +367,7 @@ github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLI
 github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
+github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
@@ -385,14 +398,16 @@ github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1
 github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
 github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
 github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1 h1:iJnMvco9XGvKUvNQkv88bE4uJXxRQH18efbKo9w5vHQ=
 github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
+github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
+github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
 github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
 github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
 github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
+github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
@@ -408,17 +423,21 @@ github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7
 github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
 github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
 github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
+github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
 github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.8 h1:NmkCC1/QxyZFBny8JogwLpOy2f+VEbO/f6bV2Mqtwuw=
+github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
 github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
+github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4=
+github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
 github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
 github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8=
 github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
+github.com/containerd/continuity v0.2.2 h1:QSqfxcn8c+12slxwu00AtzXrsami0MJb/MQs9lOLHLA=
+github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
 github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
@@ -443,6 +462,7 @@ github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3
 github.com/containerd/stargz-snapshotter v0.0.0-20201027054423-3a04e4c2c116/go.mod h1:o59b3PCKVAf9jjiKtCc/9hLAd+5p/rfhBfm6aBcTEr4=
 github.com/containerd/stargz-snapshotter v0.6.4 h1:mox1Ozl/LicA5j0O5Xk9Q8z+nOQQLnClarhxokyw9hI=
 github.com/containerd/stargz-snapshotter v0.6.4/go.mod h1:1t0SF1gAHJhCSftWKDLVitvfF3c2qhL5hymG7C50wto=
+github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
 github.com/containerd/stargz-snapshotter/estargz v0.6.4/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw=
 github.com/containerd/stargz-snapshotter/estargz v0.7.0/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw=
 github.com/containerd/stargz-snapshotter/estargz v0.10.1 h1:hd1EoVjI2Ax8Cr64tdYqnJ4i4pZU49FkEf5kU8KxQng=
@@ -501,6 +521,7 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
+github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
@@ -639,7 +660,7 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
-github.com/go-ini/ini v1.66.2/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-ini/ini v1.66.3/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
@@ -675,8 +696,6 @@ github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGK
 github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis/v8 v8.11.4 h1:kHoYkfZP6+pe04aFTnhDH6GDROa5yJdHJVNxV3F46Tg=
 github.com/go-redis/redis/v8 v8.11.4/go.mod h1:2Z2wHZXdQpCDXEGzqMockDpNyYvi2l4Pxt6RJr792+w=
-github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1 h1:LoN2wx/aN8JPGebG+2DaUyk4M+xRcqJXfuIbs8AWHdE=
-github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@@ -712,6 +731,7 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/flock v0.7.3/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
@@ -815,10 +835,12 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-containerregistry v0.0.0-20191010200024-a3d713f9b7f8/go.mod h1:KyKXa9ciM8+lgMXwOVsXi7UxGrsf9mM61Mzs+xKUrKE=
 github.com/google/go-containerregistry v0.1.2/go.mod h1:GPivBPgdAyd2SU+vf6EpsgOtWDuPqjW0hJZt4rNdTZ4=
+github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
 github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw=
 github.com/google/go-containerregistry v0.7.1-0.20211214010025-a65b7844a475 h1:da8EHPcyjqM4dHLhPqtY48YUj9ATT1ugRyi4g+MdITM=
 github.com/google/go-containerregistry v0.7.1-0.20211214010025-a65b7844a475/go.mod h1:IwJblnDNiCs8sxubbfPNniYsUqr8m+nt7YbPzecsGuE=
@@ -848,6 +870,7 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
@@ -865,8 +888,9 @@ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s=
-github.com/google/wire v0.4.0 h1:kXcsA/rIGzJImVqPdhfnr6q0xsS9gU0515q1EPpJ9fE=
 github.com/google/wire v0.4.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
+github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8=
+github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww=
 github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
@@ -878,6 +902,7 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gookit/color v1.2.4/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg=
 github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -928,8 +953,8 @@ github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-getter v1.5.2 h1:XDo8LiAcDisiqZdv0TKgz+HtX3WN7zA2JD1R1tjsabE=
-github.com/hashicorp/go-getter v1.5.2/go.mod h1:orNH3BTYLu/fIxGIdLjLoAJHWMDQ/UKQr5O4m3iBuoo=
+github.com/hashicorp/go-getter v1.5.11 h1:wioTuNmaBU3IE9vdFtFMcmZWj0QzLc6DYaP6sNe5onY=
+github.com/hashicorp/go-getter v1.5.11/go.mod h1:9i48BP6wpWweI/0/+FBjqLrp9S8XtwUGjiu0QkWHEaY=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.0.0 h1:bkKf0BeBXcSYa7f5Fyi9gMuQ8gNsxeiNpZjR6VxNZeo=
@@ -960,8 +985,8 @@ github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
 github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.3.0 h1:McDWVJIU/y+u1BRV06dPaLfLCaT7fUTJLp5r04x7iNw=
-github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
+github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -969,7 +994,6 @@ github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uG
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
 github.com/hashicorp/hcl/v2 v2.11.1 h1:yTyWcXcm9XB0TEkyU/JCRU6rYy4K+mgLtzn2wlrJbcc=
 github.com/hashicorp/hcl/v2 v2.11.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
@@ -983,9 +1007,10 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
 github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09UnyJyqyW+bFuq864eh+wC7dj65aXmXLRe5to0=
+github.com/hinshun/vt10x v0.0.0-20180616224451-1954e6464174/go.mod h1:DqJ97dSdRW1W22yXSB90986pcOyQ7r45iio1KN2ez1A=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
-github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs=
+github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -1041,6 +1066,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
@@ -1055,8 +1082,9 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY
 github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.14.2 h1:S0OHlFk/Gbon/yauFJ4FfJJF5V0fc5HbBTJazi28pRw=
+github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg=
@@ -1065,8 +1093,8 @@ github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4
 github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
 github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 h1:HDjRqotkViMNcGMGicb7cgxklx8OwnjtCBmyWEqrRvM=
 github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936/go.mod h1:i4sF0l1fFnY1aiw08QQSwVAFxHEm311Me3WsU/X7nL0=
-github.com/knqyf263/go-rpmdb v0.0.0-20211216113947-1369b2ee40b7 h1:xVowqxH8FU6XAG1YIIjeWiUlbDh9ZQZWpk5pz6IcxEU=
-github.com/knqyf263/go-rpmdb v0.0.0-20211216113947-1369b2ee40b7/go.mod h1:RDPNeIkU5NWXtt0OMEoILyxwUC/DyXeRtK295wpqSi0=
+github.com/knqyf263/go-rpmdb v0.0.0-20220209103220-0f7a6d951a6d h1:A7UU+2GvpKGRLvBeGKGlC0Rvk2JkUUrQszBpwXFw9qQ=
+github.com/knqyf263/go-rpmdb v0.0.0-20220209103220-0f7a6d951a6d/go.mod h1:+xTGvSNlJMTry9A8zQrc3Vl7S+DrTL9Wzr1/Eri3PZU=
 github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=
 github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1080,6 +1108,7 @@ github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.4/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -1092,21 +1121,25 @@ github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/liamg/clinch v1.5.6/go.mod h1:IXM+nLBuZ5sOQAYYf9+G51nkaA0WY9cszxE5nPXexhE=
 github.com/liamg/gifwrap v0.0.6/go.mod h1:oW1r2vIWLYyxW+U0io7YbpPSDIJ79FTlZ+hPnXFLW6E=
-github.com/liamg/jfather v0.0.2 h1:OXKKl9ZAAu9VqIs0D9kgiBTr6lXqlmvc72o/e/VPnHk=
-github.com/liamg/jfather v0.0.2/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM=
+github.com/liamg/iamgo v0.0.6 h1:VUzOnf39c7QYQfXzOr9upTmIqikmipqu1AvSIoX36PQ=
+github.com/liamg/iamgo v0.0.6/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ=
+github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k=
+github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM=
 github.com/liamg/tml v0.3.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
-github.com/liamg/tml v0.4.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
+github.com/liamg/tml v0.6.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
+github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
 github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/lucasb-eyer/go-colorful v1.0.3/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@@ -1143,14 +1176,16 @@ github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow=
 github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
+github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.10 h1:MLn+5bFRlWMGoSRmJour3CL1w/qL96mvipqpwQW/Sfk=
+github.com/mattn/go-sqlite3 v1.14.10/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -1167,8 +1202,8 @@ github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
-github.com/mitchellh/copystructure v1.1.1 h1:Bp6x9R1Wn16SIz3OfeDr0b7RnCG2OB66Y7PQyC/cvq4=
-github.com/mitchellh/copystructure v1.1.1/go.mod h1:EBArHfARyrSWO/+Wyr9zwEkc6XMFB9XyNgFNmRkZZU4=
+github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -1189,8 +1224,8 @@ github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE=
-github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/buildkit v0.8.1/go.mod h1:/kyU1hKy/aYCuP39GZA9MaKioovHku57N6cqlKZIaiQ=
 github.com/moby/buildkit v0.9.3 h1:0JmMLY45KIKFogJXv4LyWo+KmIMuvhit5TDrwBlxDp0=
 github.com/moby/buildkit v0.9.3/go.mod h1:5dZQUHg9STw/Fhl4zZiusDJKn8uje/0x952Nce4a8cg=
@@ -1202,8 +1237,10 @@ github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7s
 github.com/moby/sys/mountinfo v0.1.0/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o=
 github.com/moby/sys/mountinfo v0.1.3/go.mod h1:w2t2Avltqx8vE7gX5l+QiBKxODu2TX0+Syr3h52Tw4o=
 github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1 h1:1O+1cHA1aujwEwwVMa2Xm2l+gIpUHyd3+D+d7LZh1kM=
 github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
+github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
+github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo=
+github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
 github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
 github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
 github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2/go.mod h1:TjQg8pa4iejrUrjiz0MCtMV38jdMNW4doKSiBrEvCQQ=
@@ -1273,8 +1310,8 @@ github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDs
 github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/open-policy-agent/opa v0.36.1 h1:FkopbI3Rlor1nAvu78hgbdOLZyRd4vPepeMY4Tcm1Hc=
-github.com/open-policy-agent/opa v0.36.1/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM=
+github.com/open-policy-agent/opa v0.37.2 h1:pR9i4xlsnlq7b5Zgw6oj7PcFaJ9HX+sY4yfuzLI2WrA=
+github.com/open-policy-agent/opa v0.37.2/go.mod h1:9YlKCh5WIk1Pu0bpIPozaJKQWpUDTVCMVpe55FVUfik=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -1283,8 +1320,9 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 h1:q37d91F6BO4Jp1UqWiun0dUFYaqv6WsKTLTCaWv+8LY=
 github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
+github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc10/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@@ -1292,8 +1330,9 @@ github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h
 github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc92/go.mod h1:X1zlU4p7wOlX4+WRCz+hvlRv8phdL7UqbYD+vQwNMmE=
 github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2 h1:opHZMaswlyxz1OuGpBE53Dwe4/xF7EZTY0A2L/FpCOg=
 github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
+github.com/opencontainers/runc v1.1.0 h1:O9+X96OcDjkmmZyfaG996kV7yq8HsoU2h1XRRQcefG8=
+github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
@@ -1305,6 +1344,7 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
+github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NHziSmy2W5GbdQZFUHADCBU=
 github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
@@ -1317,14 +1357,15 @@ github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTm
 github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
 github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/owenrumney/go-sarif v1.0.10/go.mod h1:sgJM0ZaZ28jT8t8Iq3/mUCFBW9cX09EobIBXYOhiYBc=
-github.com/owenrumney/go-sarif v1.0.12/go.mod h1:Jk5smXU9QuCqTdh4N3PehnG+azzrf0XcQ267ZwAG8Ho=
+github.com/owenrumney/go-sarif v1.0.14/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U=
 github.com/owenrumney/go-sarif v1.1.1 h1:QNObu6YX1igyFKhdzd7vgzmw7XsWN3/6NMGuDzBgXmE=
 github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U=
-github.com/owenrumney/go-sarif/v2 v2.0.17 h1:F3V0IQYMjOqBtfnQQWC+yv5dTISkcZuG/9YBv0mIEBE=
-github.com/owenrumney/go-sarif/v2 v2.0.17/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=
-github.com/owenrumney/squealer v0.2.28 h1:LYsqUHal+5QlANjbZ+h44SN5kIZSfHCWKUzBAS1KwB0=
-github.com/owenrumney/squealer v0.2.28/go.mod h1:wwVPzhjiUBILIdDtnzGSEcapXczIj/tONP+ZJ49IhPY=
+github.com/owenrumney/go-sarif/v2 v2.1.1 h1:JVUO0cEhG8bvEWIxsRmURY4u7wBZUTgdh4zikkkiPM8=
+github.com/owenrumney/go-sarif/v2 v2.1.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=
+github.com/owenrumney/squealer v0.3.1 h1:iBo817khHVpcP65om+iXuSYg+G6iaVvjsY0amcy1UAA=
+github.com/owenrumney/squealer v0.3.1/go.mod h1:mRMvbRyrnE2mYghLpn4M2jATJhIddp4XOAKKY60X7nY=
+github.com/package-url/packageurl-go v0.1.1-0.20220203205134-d70459300c8a h1:tkTSd1nhioPqi5Whu3CQ79UjPtaGOytqyNnSCVOqzHM=
+github.com/package-url/packageurl-go v0.1.1-0.20220203205134-d70459300c8a/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c=
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -1350,6 +1391,7 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
 github.com/pkg/profile v1.5.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pkg/term v0.0.0-20190109203006-aa71e9d9e942/go.mod h1:eCbImbZ95eXtAUIbLAuAVnBnwf83mjf6QIVH8SHYwqQ=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -1368,6 +1410,7 @@ github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeD
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.0/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -1386,7 +1429,7 @@ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt2
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@@ -1400,6 +1443,7 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
 github.com/quasilyte/go-ruleguard v0.1.2-0.20200318202121-b00d7a75d3d8/go.mod h1:CGFX09Ci3pq9QZdj86B+VGIdNj4VyCo2iPOGS9esB/k=
@@ -1407,6 +1451,8 @@ github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqn
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ=
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
+github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -1433,10 +1479,11 @@ github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0
 github.com/saracen/walker v0.0.0-20191201085201-324a081bae7e h1:NO86zOn5ScSKW8wRbMaSIcjDZUFpWdCQQnexRqZ9h9A=
 github.com/saracen/walker v0.0.0-20191201085201-324a081bae7e/go.mod h1:G0Z6yVPru183i2MuRJx1DcR4dgIZtLcTdaaE/pC1BJU=
 github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/satori/go.uuid v1.2.1-0.20181016170032-d91630c85102/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
+github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83/go.mod h1:vvbZ2Ae7AzSq3/kywjUDxSNq2SJ27RxCz2un0H3ePqE=
 github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989/go.mod h1:i9l/TNj+yDFh9SZXUTvspXTjbFXgZGP/UvhU1S65A4A=
 github.com/securego/gosec/v2 v2.3.0/go.mod h1:UzeVyUXbxukhLeHKV3VVqo7HdoQR9MrRfFmZYotn8ME=
@@ -1446,6 +1493,8 @@ github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX
 github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002/go.mod h1:/yeG0My1xr/u+HZrFQ1tOQQQQrOawfyMUH13ai5brBc=
 github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc=
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
+github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
@@ -1475,10 +1524,12 @@ github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
-github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
+github.com/spf13/afero v1.8.1 h1:izYHOT71f9iZ7iq37Uqjael60/vYC6vMtzedudZ0zEk=
+github.com/spf13/afero v1.8.1/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
 github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
@@ -1513,6 +1564,7 @@ github.com/stretchr/objx v0.3.0 h1:NGXK3lHquSN08v5vWalVI/L8XU9hdzE/G6xsrze47As=
 github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1528,8 +1580,9 @@ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cb
 github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
 github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
 github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
-github.com/testcontainers/testcontainers-go v0.11.1 h1:FiYsB83LSGbiawoV8TpAZGfcCUbtaeeg1SXqEKUxh08=
 github.com/testcontainers/testcontainers-go v0.11.1/go.mod h1:/V0UVq+1e7NWYoqTPog179clf0Qp9TOyp4EcXaEFQz8=
+github.com/testcontainers/testcontainers-go v0.12.0 h1:SK0NryGHIx7aifF6YqReORL18aGAA4bsDPtikDVCEyg=
+github.com/testcontainers/testcontainers-go v0.12.0/go.mod h1:SIndOQXZng0IW8iWU1Js0ynrfZ8xcxrTtDfF6rD2pxs=
 github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
 github.com/tetafro/godot v0.4.2/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
 github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
@@ -1540,8 +1593,8 @@ github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPf
 github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ=
-github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w=
+github.com/tmccombs/hcl2json v0.3.4 h1:pYzRaHVTJu6TfFumACORClRtsK431eeuv7WjNNLjT90=
+github.com/tmccombs/hcl2json v0.3.4/go.mod h1:l3Aq9eUyhC+0v26BH08BZHeyWEtOYcFtbu2i5Ryywig=
 github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
 github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
 github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85/go.mod h1:a7cilN64dG941IOXfhJhlH0qB92hxJ9A1ewrdUmJ6xo=
@@ -1550,8 +1603,9 @@ github.com/tonistiigi/go-actions-cache v0.0.0-20211002214948-4d48f2ff622a/go.mod
 github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea/go.mod h1:WPnis/6cRcDZSUvVmezrxJPkiO87ThFYsoUiMwWNDJk=
 github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f/go.mod h1:ulncasL3N9uLrVann0m+CDlJKWsIAP34MPcOJF6VRvc=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/twitchtv/twirp v8.1.0+incompatible h1:KGXanpa9LXdVE/V5P/tA27rkKFmXRGCtSNT7zdeeVOY=
-github.com/twitchtv/twirp v8.1.0+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
+github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
+github.com/twitchtv/twirp v8.1.1+incompatible h1:s5WnVKMhC4Xz1jOfNAqTg85iguOWAvsrCJoPiezlLFA=
+github.com/twitchtv/twirp v8.1.1+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
 github.com/uber/jaeger-client-go v2.25.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
@@ -1621,9 +1675,6 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go
 github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
 github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
 github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
-github.com/zclconf/go-cty v1.8.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
-github.com/zclconf/go-cty v1.8.3/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
-github.com/zclconf/go-cty v1.9.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
 github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
@@ -1709,8 +1760,9 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc=
 go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
+go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
+go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
 golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4=
@@ -1726,6 +1778,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -1735,6 +1788,7 @@ golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -1744,9 +1798,10 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI=
-golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220208233918-bba287dce954 h1:BkypuErRT9A9I/iljuaG3/zdMjd/J6m8tKKJQtGfSdA=
+golang.org/x/crypto v0.0.0-20220208233918-bba287dce954/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1859,13 +1914,15 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211108170745-6635138e15ea/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
 golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1952,7 +2009,6 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1992,6 +2048,7 @@ golang.org/x/sys v0.0.0-20201013081832-0aaa2718063a/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1999,6 +2056,7 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210313202042-bd2e13477e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2022,21 +2080,29 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210902050250-f475640dd07b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211109184856-51b60fd695b3/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a h1:ppl5mZgokTT8uPkmYOyEUmPTr3ypaKkg5eFOGrAmxxE=
+golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M=
 golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2129,20 +2195,25 @@ golang.org/x/tools v0.0.0-20200422022333-3d57cf2e726e/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
@@ -2151,6 +2222,7 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/vuln v0.0.0-20211215213114-5e054cb3e47e/go.mod h1:9qJmykHjqtHdZkMBTPU2esbdS/2fuYYj9Lsb5BLHlPE=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2263,7 +2335,9 @@ google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -2291,8 +2365,9 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa h1:I0YcKz0I7OAhddo7ya8kMnvprhcWM045PmkBdMO9zN0=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220204002441-d6cc3cc0770e h1:hXl9hnyOkeznztYpYxVPAVZfPzcbO6Q0C+nLXodza8k=
+google.golang.org/genproto v0.0.0-20220204002441-d6cc3cc0770e/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
@@ -2329,8 +2404,8 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM=
-google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
+google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -2438,6 +2513,7 @@ k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
 k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
 k8s.io/cloud-provider v0.17.4/go.mod h1:XEjKDzfD+b9MTLXQFlDGkk6Ho8SGMpaU8Uugx/KNK9U=
 k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
+k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
 k8s.io/component-base v0.17.4/go.mod h1:5BRqHMbbQPm2kKu35v3G+CpVq4K0RJKC7TRioF0I9lE=
 k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
 k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
@@ -2450,6 +2526,8 @@ k8s.io/csi-translation-lib v0.17.4/go.mod h1:CsxmjwxEI0tTNMzffIAcgR9lX4wOh6AKHdx
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
@@ -2467,11 +2545,139 @@ k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl
 k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+lukechampine.com/uint128 v1.1.1 h1:pnxCASz787iMf+02ssImqk6OLt+Z5QHMoZyUXR4z6JU=
+lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
+modernc.org/cc v1.0.0 h1:nPibNuDEx6tvYrUAtvDTTw98rx5juGsa5zuDnKwEEQQ=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
+modernc.org/cc/v3 v3.33.6/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.33.9/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.33.11/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.34.0/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.0/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.4/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.5/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.7/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.8/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.10/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.15/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.16/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.17/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.18/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.20/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/cc/v3 v3.35.22 h1:BzShpwCAP7TWzFppM4k2t03RhXhgYqaibROWkrWq7lE=
+modernc.org/cc/v3 v3.35.22/go.mod h1:iPJg1pkwXqAV16SNgFBVYmggfMg6xhs+2oiO0vclK3g=
+modernc.org/ccgo/v3 v3.9.5/go.mod h1:umuo2EP2oDSBnD3ckjaVUXMrmeAw8C8OSICVa0iFf60=
+modernc.org/ccgo/v3 v3.10.0/go.mod h1:c0yBmkRFi7uW4J7fwx/JiijwOjeAeR2NoSaRVFPmjMw=
+modernc.org/ccgo/v3 v3.11.0/go.mod h1:dGNposbDp9TOZ/1KBxghxtUp/bzErD0/0QW4hhSaBMI=
+modernc.org/ccgo/v3 v3.11.1/go.mod h1:lWHxfsn13L3f7hgGsGlU28D9eUOf6y3ZYHKoPaKU0ag=
+modernc.org/ccgo/v3 v3.11.3/go.mod h1:0oHunRBMBiXOKdaglfMlRPBALQqsfrCKXgw9okQ3GEw=
+modernc.org/ccgo/v3 v3.12.4/go.mod h1:Bk+m6m2tsooJchP/Yk5ji56cClmN6R1cqc9o/YtbgBQ=
+modernc.org/ccgo/v3 v3.12.6/go.mod h1:0Ji3ruvpFPpz+yu+1m0wk68pdr/LENABhTrDkMDWH6c=
+modernc.org/ccgo/v3 v3.12.8/go.mod h1:Hq9keM4ZfjCDuDXxaHptpv9N24JhgBZmUG5q60iLgUo=
+modernc.org/ccgo/v3 v3.12.11/go.mod h1:0jVcmyDwDKDGWbcrzQ+xwJjbhZruHtouiBEvDfoIsdg=
+modernc.org/ccgo/v3 v3.12.14/go.mod h1:GhTu1k0YCpJSuWwtRAEHAol5W7g1/RRfS4/9hc9vF5I=
+modernc.org/ccgo/v3 v3.12.18/go.mod h1:jvg/xVdWWmZACSgOiAhpWpwHWylbJaSzayCqNOJKIhs=
+modernc.org/ccgo/v3 v3.12.20/go.mod h1:aKEdssiu7gVgSy/jjMastnv/q6wWGRbszbheXgWRHc8=
+modernc.org/ccgo/v3 v3.12.21/go.mod h1:ydgg2tEprnyMn159ZO/N4pLBqpL7NOkJ88GT5zNU2dE=
+modernc.org/ccgo/v3 v3.12.22/go.mod h1:nyDVFMmMWhMsgQw+5JH6B6o4MnZ+UQNw1pp52XYFPRk=
+modernc.org/ccgo/v3 v3.12.25/go.mod h1:UaLyWI26TwyIT4+ZFNjkyTbsPsY3plAEB6E7L/vZV3w=
+modernc.org/ccgo/v3 v3.12.29/go.mod h1:FXVjG7YLf9FetsS2OOYcwNhcdOLGt8S9bQ48+OP75cE=
+modernc.org/ccgo/v3 v3.12.36/go.mod h1:uP3/Fiezp/Ga8onfvMLpREq+KUjUmYMxXPO8tETHtA8=
+modernc.org/ccgo/v3 v3.12.38/go.mod h1:93O0G7baRST1vNj4wnZ49b1kLxt0xCW5Hsa2qRaZPqc=
+modernc.org/ccgo/v3 v3.12.43/go.mod h1:k+DqGXd3o7W+inNujK15S5ZYuPoWYLpF5PYougCmthU=
+modernc.org/ccgo/v3 v3.12.46/go.mod h1:UZe6EvMSqOxaJ4sznY7b23/k13R8XNlyWsO5bAmSgOE=
+modernc.org/ccgo/v3 v3.12.47/go.mod h1:m8d6p0zNps187fhBwzY/ii6gxfjob1VxWb919Nk1HUk=
+modernc.org/ccgo/v3 v3.12.50/go.mod h1:bu9YIwtg+HXQxBhsRDE+cJjQRuINuT9PUK4orOco/JI=
+modernc.org/ccgo/v3 v3.12.51/go.mod h1:gaIIlx4YpmGO2bLye04/yeblmvWEmE4BBBls4aJXFiE=
+modernc.org/ccgo/v3 v3.12.53/go.mod h1:8xWGGTFkdFEWBEsUmi+DBjwu/WLy3SSOrqEmKUjMeEg=
+modernc.org/ccgo/v3 v3.12.54/go.mod h1:yANKFTm9llTFVX1FqNKHE0aMcQb1fuPJx6p8AcUx+74=
+modernc.org/ccgo/v3 v3.12.55/go.mod h1:rsXiIyJi9psOwiBkplOaHye5L4MOOaCjHg1Fxkj7IeU=
+modernc.org/ccgo/v3 v3.12.56/go.mod h1:ljeFks3faDseCkr60JMpeDb2GSO3TKAmrzm7q9YOcMU=
+modernc.org/ccgo/v3 v3.12.57/go.mod h1:hNSF4DNVgBl8wYHpMvPqQWDQx8luqxDnNGCMM4NFNMc=
+modernc.org/ccgo/v3 v3.12.60/go.mod h1:k/Nn0zdO1xHVWjPYVshDeWKqbRWIfif5dtsIOCUVMqM=
+modernc.org/ccgo/v3 v3.12.66/go.mod h1:jUuxlCFZTUZLMV08s7B1ekHX5+LIAurKTTaugUr/EhQ=
+modernc.org/ccgo/v3 v3.12.67/go.mod h1:Bll3KwKvGROizP2Xj17GEGOTrlvB1XcVaBrC90ORO84=
+modernc.org/ccgo/v3 v3.12.73/go.mod h1:hngkB+nUUqzOf3iqsM48Gf1FZhY599qzVg1iX+BT3cQ=
+modernc.org/ccgo/v3 v3.12.81/go.mod h1:p2A1duHoBBg1mFtYvnhAnQyI6vL0uw5PGYLSIgF6rYY=
+modernc.org/ccgo/v3 v3.12.84/go.mod h1:ApbflUfa5BKadjHynCficldU1ghjen84tuM5jRynB7w=
+modernc.org/ccgo/v3 v3.12.86/go.mod h1:dN7S26DLTgVSni1PVA3KxxHTcykyDurf3OgUzNqTSrU=
+modernc.org/ccgo/v3 v3.12.90/go.mod h1:obhSc3CdivCRpYZmrvO88TXlW0NvoSVvdh/ccRjJYko=
+modernc.org/ccgo/v3 v3.12.92/go.mod h1:5yDdN7ti9KWPi5bRVWPl8UNhpEAtCjuEE7ayQnzzqHA=
+modernc.org/ccgo/v3 v3.13.1/go.mod h1:aBYVOUfIlcSnrsRVU8VRS35y2DIfpgkmVkYZ0tpIXi4=
+modernc.org/ccgo/v3 v3.14.0/go.mod h1:hBrkiBlUwvr5vV/ZH9YzXIp982jKE8Ek8tR1ytoAL6Q=
+modernc.org/ccgo/v3 v3.15.1 h1:bagyhO7uFlYWedkh6mfIYf8LZGYnVGPYh2FqXisaOV4=
+modernc.org/ccgo/v3 v3.15.1/go.mod h1:md59wBwDT2LznX/OTCPoVS6KIsdRgY8xqQwBV+hkTH0=
+modernc.org/ccorpus v1.11.1 h1:K0qPfpVG1MJh5BYazccnmhywH4zHuOgJXgbjzyp6dWA=
+modernc.org/ccorpus v1.11.1/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
+modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
+modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
+modernc.org/libc v1.9.8/go.mod h1:U1eq8YWr/Kc1RWCMFUWEdkTg8OTcfLw2kY8EDwl039w=
+modernc.org/libc v1.9.11/go.mod h1:NyF3tsA5ArIjJ83XB0JlqhjTabTCHm9aX4XMPHyQn0Q=
+modernc.org/libc v1.11.0/go.mod h1:2lOfPmj7cz+g1MrPNmX65QCzVxgNq2C5o0jdLY2gAYg=
+modernc.org/libc v1.11.2/go.mod h1:ioIyrl3ETkugDO3SGZ+6EOKvlP3zSOycUETe4XM4n8M=
+modernc.org/libc v1.11.5/go.mod h1:k3HDCP95A6U111Q5TmG3nAyUcp3kR5YFZTeDS9v8vSU=
+modernc.org/libc v1.11.6/go.mod h1:ddqmzR6p5i4jIGK1d/EiSw97LBcE3dK24QEwCFvgNgE=
+modernc.org/libc v1.11.11/go.mod h1:lXEp9QOOk4qAYOtL3BmMve99S5Owz7Qyowzvg6LiZso=
+modernc.org/libc v1.11.13/go.mod h1:ZYawJWlXIzXy2Pzghaf7YfM8OKacP3eZQI81PDLFdY8=
+modernc.org/libc v1.11.16/go.mod h1:+DJquzYi+DMRUtWI1YNxrlQO6TcA5+dRRiq8HWBWRC8=
+modernc.org/libc v1.11.19/go.mod h1:e0dgEame6mkydy19KKaVPBeEnyJB4LGNb0bBH1EtQ3I=
+modernc.org/libc v1.11.24/go.mod h1:FOSzE0UwookyT1TtCJrRkvsOrX2k38HoInhw+cSCUGk=
+modernc.org/libc v1.11.26/go.mod h1:SFjnYi9OSd2W7f4ct622o/PAYqk7KHv6GS8NZULIjKY=
+modernc.org/libc v1.11.27/go.mod h1:zmWm6kcFXt/jpzeCgfvUNswM0qke8qVwxqZrnddlDiE=
+modernc.org/libc v1.11.28/go.mod h1:Ii4V0fTFcbq3qrv3CNn+OGHAvzqMBvC7dBNyC4vHZlg=
+modernc.org/libc v1.11.31/go.mod h1:FpBncUkEAtopRNJj8aRo29qUiyx5AvAlAxzlx9GNaVM=
+modernc.org/libc v1.11.34/go.mod h1:+Tzc4hnb1iaX/SKAutJmfzES6awxfU1BPvrrJO0pYLg=
+modernc.org/libc v1.11.37/go.mod h1:dCQebOwoO1046yTrfUE5nX1f3YpGZQKNcITUYWlrAWo=
+modernc.org/libc v1.11.39/go.mod h1:mV8lJMo2S5A31uD0k1cMu7vrJbSA3J3waQJxpV4iqx8=
+modernc.org/libc v1.11.42/go.mod h1:yzrLDU+sSjLE+D4bIhS7q1L5UwXDOw99PLSX0BlZvSQ=
+modernc.org/libc v1.11.44/go.mod h1:KFq33jsma7F5WXiYelU8quMJasCCTnHK0mkri4yPHgA=
+modernc.org/libc v1.11.45/go.mod h1:Y192orvfVQQYFzCNsn+Xt0Hxt4DiO4USpLNXBlXg/tM=
+modernc.org/libc v1.11.47/go.mod h1:tPkE4PzCTW27E6AIKIR5IwHAQKCAtudEIeAV1/SiyBg=
+modernc.org/libc v1.11.49/go.mod h1:9JrJuK5WTtoTWIFQ7QjX2Mb/bagYdZdscI3xrvHbXjE=
+modernc.org/libc v1.11.51/go.mod h1:R9I8u9TS+meaWLdbfQhq2kFknTW0O3aw3kEMqDDxMaM=
+modernc.org/libc v1.11.53/go.mod h1:5ip5vWYPAoMulkQ5XlSJTy12Sz5U6blOQiYasilVPsU=
+modernc.org/libc v1.11.54/go.mod h1:S/FVnskbzVUrjfBqlGFIPA5m7UwB3n9fojHhCNfSsnw=
+modernc.org/libc v1.11.55/go.mod h1:j2A5YBRm6HjNkoSs/fzZrSxCuwWqcMYTDPLNx0URn3M=
+modernc.org/libc v1.11.56/go.mod h1:pakHkg5JdMLt2OgRadpPOTnyRXm/uzu+Yyg/LSLdi18=
+modernc.org/libc v1.11.58/go.mod h1:ns94Rxv0OWyoQrDqMFfWwka2BcaF6/61CqJRK9LP7S8=
+modernc.org/libc v1.11.71/go.mod h1:DUOmMYe+IvKi9n6Mycyx3DbjfzSKrdr/0Vgt3j7P5gw=
+modernc.org/libc v1.11.75/go.mod h1:dGRVugT6edz361wmD9gk6ax1AbDSe0x5vji0dGJiPT0=
+modernc.org/libc v1.11.82/go.mod h1:NF+Ek1BOl2jeC7lw3a7Jj5PWyHPwWD4aq3wVKxqV1fI=
+modernc.org/libc v1.11.86/go.mod h1:ePuYgoQLmvxdNT06RpGnaDKJmDNEkV7ZPKI2jnsvZoE=
+modernc.org/libc v1.11.87/go.mod h1:Qvd5iXTeLhI5PS0XSyqMY99282y+3euapQFxM7jYnpY=
+modernc.org/libc v1.11.88/go.mod h1:h3oIVe8dxmTcchcFuCcJ4nAWaoiwzKCdv82MM0oiIdQ=
+modernc.org/libc v1.11.98/go.mod h1:ynK5sbjsU77AP+nn61+k+wxUGRx9rOFcIqWYYMaDZ4c=
+modernc.org/libc v1.11.101/go.mod h1:wLLYgEiY2D17NbBOEp+mIJJJBGSiy7fLL4ZrGGZ+8jI=
+modernc.org/libc v1.12.0/go.mod h1:2MH3DaF/gCU8i/UBiVE1VFRos4o523M7zipmwH8SIgQ=
+modernc.org/libc v1.13.1/go.mod h1:npFeGWjmZTjFeWALQLrvklVmAxv4m80jnG3+xI8FdJk=
+modernc.org/libc v1.13.2/go.mod h1:npFeGWjmZTjFeWALQLrvklVmAxv4m80jnG3+xI8FdJk=
+modernc.org/libc v1.14.1 h1:rwx9uVJU/fEmsmV5ECGRwdAiXgUm6k6tsFA+L8kQb6E=
+modernc.org/libc v1.14.1/go.mod h1:npFeGWjmZTjFeWALQLrvklVmAxv4m80jnG3+xI8FdJk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
+modernc.org/mathutil v1.1.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.4.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/mathutil v1.4.1 h1:ij3fYGe8zBF4Vu+g0oT7mB06r8sqGWKuJu1yXeR4by8=
+modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
+modernc.org/memory v1.0.4/go.mod h1:nV2OApxradM3/OVbs2/0OsP6nPfakXpi50C7dcoHXlc=
+modernc.org/memory v1.0.5 h1:XRch8trV7GgvTec2i7jc33YlUI0RKVDBvZ5eZ5m8y14=
+modernc.org/memory v1.0.5/go.mod h1:B7OYswTRnfGg+4tDH1t1OeUNnsy2viGTdME4tzd+IjM=
+modernc.org/opt v0.1.1 h1:/0RX92k9vwVeDXj+Xn23DKp2VJubL7k8qNffND6qn3A=
+modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sqlite v1.14.5 h1:bYrrjwH9Y7QUGk1MbchZDhRfmpGuEAs/D45sVjNbfvs=
+modernc.org/sqlite v1.14.5/go.mod h1:YyX5Rx0WbXokitdWl2GJIDy4BrPxBP0PwwhpXOHCDLE=
 modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
+modernc.org/strutil v1.1.1 h1:xv+J1BXY3Opl2ALrBwyfEikFAj8pmqcpnfmuwUwcozs=
+modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw=
+modernc.org/tcl v1.10.0 h1:vux2MNFhSXYqD8Kq4Uc9RjWcgv2c7Atx3da3VpLPPEw=
+modernc.org/tcl v1.10.0/go.mod h1:WzWapmP/7dHVhFoyPpEaNSVTL8xtewhouN/cqSJ5A2s=
+modernc.org/token v1.0.0 h1:a0jaWiNMDhDUtqOj09wvjWWAqd3q7WpBulmL9H2egsk=
+modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
+modernc.org/z v1.2.21/go.mod h1:uXrObx4pGqXWIMliC5MiKuwAyMrltzwpteOFUP1PWCc=
+modernc.org/z v1.3.0 h1:4RWULo1Nvaq5ZBhbLe74u8p6tV4Mmm0ZrPBXYPm/xjM=
+modernc.org/z v1.3.0/go.mod h1:+mvgLH814oDjtATDdT3rs84JnUIpkvAF5B8AVkNlE2g=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
 mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw=

goreleaser.yml

@@ -13,19 +13,22 @@ builds:
       - darwin
       - linux
       - freebsd
-      - openbsd
     goarch:
       - amd64
       - 386
       - arm
       - arm64
-      - ppc64le
       - s390x
     goarm:
       - 7
     ignore:
       - goos: darwin
         goarch: 386
+      # modernc.org/sqlite doesn't support the following pairs
+      - goos: freebsd
+        goarch: arm
+      - goos: freebsd
+        goarch: arm64
 
 release:
     extra_files:
@@ -105,14 +108,15 @@ dockers:
     ids:
       - trivy
     build_flag_templates:
-      - "--label=org.label-schema.schema-version=1.0"
-      - "--label=org.label-schema.name={{ .ProjectName }}"
-      - "--label=org.label-schema.description=A Fast Vulnerability Scanner for Containers"
-      - "--label=org.label-schema.vendor=Aqua Security"
-      - "--label=org.label-schema.version={{ .Version }}"
-      - "--label=org.label-schema.build-date={{ .Date }}"
-      - "--label=org.label-schema.vcs=https://github.com/aquasecurity/trivy"
-      - "--label=org.label-schema.vcs-ref={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
+      - "--label=org.opencontainers.image.vendor=Aqua Security"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
+      - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
       - "--platform=linux/amd64"
     extra_files:
     - contrib/
@@ -129,40 +133,82 @@ dockers:
     ids:
       - trivy
     build_flag_templates:
-      - "--label=org.label-schema.schema-version=1.0"
-      - "--label=org.label-schema.name={{ .ProjectName }}"
-      - "--label=org.label-schema.description=A Fast Vulnerability Scanner for Containers"
-      - "--label=org.label-schema.vendor=Aqua Security"
-      - "--label=org.label-schema.version={{ .Version }}"
-      - "--label=org.label-schema.build-date={{ .Date }}"
-      - "--label=org.label-schema.vcs=https://github.com/aquasecurity/trivy"
-      - "--label=org.label-schema.vcs-ref={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
+      - "--label=org.opencontainers.image.vendor=Aqua Security"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
+      - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
       - "--platform=linux/arm64"
     extra_files:
     - contrib/
+  - image_templates:
+      - "docker.io/aquasec/trivy:{{ .Version }}-s390x"
+      - "docker.io/aquasec/trivy:latest-s390x"
+      - "ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x"
+      - "ghcr.io/aquasecurity/trivy:latest-s390x"
+      - "public.ecr.aws/aquasecurity/trivy:latest-s390x"
+      - "public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x"
+    use: buildx
+    goos: linux
+    goarch: s390x
+    ids:
+      - trivy
+    build_flag_templates:
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.description=A Fast Vulnerability Scanner for Containers"
+      - "--label=org.opencontainers.image.vendor=Aqua Security"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.source=https://github.com/aquasecurity/trivy"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.url=https://www.aquasec.com/products/trivy/"
+      - "--label=org.opencontainers.image.documentation=https://aquasecurity.github.io/trivy/v{{ .Version }}/"
+      - "--platform=linux/s390x"
+    extra_files:
+    - contrib/
 
 docker_manifests:
   - name_template: 'aquasec/trivy:{{ .Version }}'
     image_templates:
     - 'aquasec/trivy:{{ .Version }}-amd64'
     - 'aquasec/trivy:{{ .Version }}-arm64'
+    - 'aquasec/trivy:{{ .Version }}-s390x'
   - name_template: 'ghcr.io/aquasecurity/trivy:{{ .Version }}'
     image_templates:
     - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64'
     - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64'
+    - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x'
   - name_template: 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}'
     image_templates:
     - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64'
     - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64'
+    - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x'
   - name_template: 'aquasec/trivy:latest'
     image_templates:
     - 'aquasec/trivy:{{ .Version }}-amd64'
     - 'aquasec/trivy:{{ .Version }}-arm64'
+    - 'aquasec/trivy:{{ .Version }}-s390x'
   - name_template: 'ghcr.io/aquasecurity/trivy:latest'
     image_templates:
     - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-amd64'
     - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-arm64'
+    - 'ghcr.io/aquasecurity/trivy:{{ .Version }}-s390x'
   - name_template: 'public.ecr.aws/aquasecurity/trivy:latest'
-    image_templates: 
+    image_templates:
     - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-amd64'
     - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-arm64'
+    - 'public.ecr.aws/aquasecurity/trivy:{{ .Version }}-s390x'
+
+docker_signs:
+- cmd: cosign
+  env:
+  - COSIGN_EXPERIMENTAL=1
+  artifacts: manifests
+  output: true
+  args:
+  - 'sign'
+  - '${artifact}'

helm/trivy/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trivy
-version: 0.4.9
-appVersion: 0.22.0
+version: 0.4.12
+appVersion: 0.24.0
 description: Trivy helm chart
 keywords:
   - scanner

helm/trivy/README.md

@@ -62,22 +62,25 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `image.pullPolicy`                    | Image pull policy                                                       | `IfNotPresent` |
 | `image.pullSecret`                    | The name of an imagePullSecret used to pull trivy image from e.g. Docker Hub or a private registry  | |
 | `replicaCount`                        | Number of Trivy Pods to run                                   | `1`            |
-| `trivy.debugMode`             | The flag to enable or disable Trivy debug mode                          | `false` |
-| `trivy.gitHubToken`           | The GitHub access token to download Trivy DB. More info: https://github.com/aquasecurity/trivy#github-rate-limiting                          |      |
+| `trivy.debugMode`                     | The flag to enable or disable Trivy debug mode                          | `false` |
+| `trivy.gitHubToken`                   | The GitHub access token to download Trivy DB. More info: https://github.com/aquasecurity/trivy#github-rate-limiting                          |      |
 | `trivy.registryUsername`              | The username used to log in at dockerhub. More info: https://aquasecurity.github.io/trivy/dev/advanced/private-registries/docker-hub/ |      |
 | `trivy.registryPassword`              | The password used to log in at dockerhub. More info: https://aquasecurity.github.io/trivy/dev/advanced/private-registries/docker-hub/ |      |
 | `trivy.registryCredentialsExistingSecret` | Name of Secret containing dockerhub credentials. Alternative to the 2 parameters above, has precedence if set.                    |      |
-| `trivy.skipUpdate`            | The flag to enable or disable Trivy DB downloads from GitHub            | `false`        |
+| `trivy.serviceAccount.annotations`        | Additional annotations to add to the Kubernetes service account resource |     |
+| `trivy.skipUpdate`                    | The flag to enable or disable Trivy DB downloads from GitHub            | `false`        |
 | `trivy.cache.redis.enabled`           | Enable Redis as caching backend                                         | `false` |
 | `trivy.cache.redis.url`               | Specify redis connection url, e.g. redis://redis.redis.svc:6379         | `` |
+| `trivy.serverToken`                   | The token to authenticate Trivy client with Trivy server                | `` |
+| `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
 | `service.port`                        | Kubernetes service port                                                 | `4954`      |
 | `httpProxy`                           | The URL of the HTTP proxy server                                        |     |
 | `httpsProxy`                          | The URL of the HTTPS proxy server                                       |     |
 | `noProxy`                             | The URLs that the proxy settings do not apply to                        |     |
 | `nodeSelector`                        | Node labels for pod assignment                                              |     |
-| `affinity`                        | Affinity settings for pod assignment                                              |     |
-| `tolerations`                        | Tolerations for pod assignment                                              |     |
+| `affinity`                            | Affinity settings for pod assignment                                              |     |
+| `tolerations`                         | Tolerations for pod assignment                                              |     |
 
 The above parameters map to the env variables defined in [trivy](https://github.com/aquasecurity/trivy#configuration).
 

helm/trivy/templates/podsecuritypolicy.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.rbac.pspEnabled }}
+  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -35,4 +36,5 @@ spec:
   readOnlyRootFilesystem: true
   requiredDropCapabilities:
     - ALL
-{{- end }}
+  {{- end }}
+{{- end }}

helm/trivy/templates/role.yaml

@@ -7,10 +7,12 @@ metadata:
 {{ include "trivy.labels" . | indent 4 }}
   namespace: {{ .Release.Namespace }}
 {{- if .Values.rbac.pspEnabled }}
+  {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
 rules:
 - apiGroups:      ['policy']
   resources:      ['podsecuritypolicies']
   verbs:          ['use']
   resourceNames:  [{{ include "trivy.fullname" . }}]
+  {{- end }}
+{{- end }}
 {{- end }}
-{{- end }}

helm/trivy/templates/secret.yaml

@@ -7,6 +7,7 @@ metadata:
 type: Opaque
 data:
   GITHUB_TOKEN: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }}
+  TRIVY_TOKEN: {{ .Values.trivy.serverToken | default "" | b64enc | quote }}
 {{- if not .Values.trivy.registryCredentialsExistingSecret }}
   TRIVY_USERNAME: {{ .Values.trivy.registryUsername | default "" | b64enc | quote }}
   TRIVY_PASSWORD: {{ .Values.trivy.registryPassword | default "" | b64enc | quote }}

helm/trivy/templates/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "trivy.fullname" . }}
+  name: {{ .Values.service.name | default (include "trivy.fullname" .) }}
   labels:
 {{ include "trivy.labels" . | indent 4 }}
 spec:

helm/trivy/templates/serviceaccount.yaml

@@ -4,4 +4,8 @@ metadata:
   name: {{ include "trivy.fullname" . }}
   labels:
 {{ include "trivy.labels" . | indent 4 }}
+{{- if (.Values.trivy.serviceAccount).annotations }}
+  annotations:
+{{ toYaml .Values.trivy.serviceAccount.annotations | indent 4 }}
+{{- end }}
   namespace: {{ .Release.Namespace }}

helm/trivy/templates/statefulset.yaml

@@ -4,6 +4,9 @@ metadata:
   name: {{ include "trivy.fullname" . }}
   labels:
 {{ include "trivy.labels" . | indent 4 }}
+    {{- with .Values.trivy.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   podManagementPolicy: "Parallel"
   serviceName: {{ include "trivy.fullname" . }}
@@ -29,6 +32,9 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "trivy.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- with .Values.trivy.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       serviceAccountName: {{ include "trivy.fullname" . }}
       automountServiceAccountToken: false

helm/trivy/values.yaml

@@ -106,8 +106,17 @@ trivy:
     redis:
       enabled: false
       url: ""  # e.g. redis://redis.redis.svc:6379
+  serviceAccount:
+    annotations: {}
+      # eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME
+  # If you want to add custom labels to your statefulset and podTemplate
+  labels: {}
+  # serverToken is the token to authenticate Trivy client with Trivy server.
+  serverToken: ""
 
 service:
+  # If specified, the name used for the Trivy service.
+  name:
   # type Kubernetes service type
   type: ClusterIP
   # port Kubernetes service port

integration/client_server_test.go

@@ -5,6 +5,7 @@ package integration
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io"
 	"os"
@@ -13,6 +14,7 @@ import (
 	"testing"
 	"time"
 
+	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/docker/go-connections/nat"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -32,6 +34,7 @@ type csArgs struct {
 	Input             string
 	ClientToken       string
 	ClientTokenHeader string
+	ListAllPackages   bool
 }
 
 func TestClientServer(t *testing.T) {
@@ -322,6 +325,55 @@ func TestClientServerWithTemplate(t *testing.T) {
 	}
 }
 
+func TestClientServerWithCycloneDX(t *testing.T) {
+	tests := []struct {
+		name                  string
+		args                  csArgs
+		wantComponentsCount   int
+		wantDependenciesCount int
+		wantDependsOnCount    []int
+	}{
+		{
+			name: "fluentd with RubyGems with CycloneDX format",
+			args: csArgs{
+				Format: "cyclonedx",
+				Input:  "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz",
+			},
+			wantComponentsCount:   161,
+			wantDependenciesCount: 2,
+			wantDependsOnCount: []int{
+				105,
+				56,
+			},
+		},
+	}
+
+	app, addr, cacheDir := setup(t, setupOptions{})
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, "")
+
+			// Run Trivy client
+			err := app.Run(osArgs)
+			require.NoError(t, err)
+
+			f, err := os.Open(outputFile)
+			require.NoError(t, err)
+			defer f.Close()
+
+			var got cdx.BOM
+			err = json.NewDecoder(f).Decode(&got)
+			require.NoError(t, err)
+
+			assert.EqualValues(t, tt.wantComponentsCount, len(*got.Components))
+			assert.EqualValues(t, tt.wantDependenciesCount, len(*got.Dependencies))
+			for i, dep := range *got.Dependencies {
+				assert.EqualValues(t, tt.wantDependsOnCount[i], len(*dep.Dependencies))
+			}
+		})
+	}
+}
+
 func TestClientServerWithToken(t *testing.T) {
 	cases := []struct {
 		name    string

integration/docker_engine_test.go

@@ -192,7 +192,7 @@ func TestDockerEngine(t *testing.T) {
 			name:         "sad path, invalid image",
 			invalidImage: true,
 			input:        "badimage:latest",
-			wantErr:      "unable to inspect the image (index.docker.io/library/badimage:latest)",
+			wantErr:      "unable to inspect the image (badimage:latest)",
 		},
 	}
 

integration/fs_test.go

@@ -22,6 +22,7 @@ func TestFilesystem(t *testing.T) {
 		ignoreIDs      []string
 		policyPaths    []string
 		namespaces     []string
+		listAllPkgs    bool
 		input          string
 	}
 	tests := []struct {
@@ -41,6 +42,7 @@ func TestFilesystem(t *testing.T) {
 			name: "pip",
 			args: args{
 				securityChecks: "vuln",
+				listAllPkgs:    true,
 				input:          "testdata/fixtures/fs/pip",
 			},
 			golden: "testdata/pip.json.golden",
@@ -129,6 +131,10 @@ func TestFilesystem(t *testing.T) {
 				outputFile = tt.golden
 			}
 
+			if tt.args.listAllPkgs {
+				osArgs = append(osArgs, "--list-all-pkgs")
+			}
+
 			osArgs = append(osArgs, "--output", outputFile)
 			osArgs = append(osArgs, tt.args.input)
 

integration/integration_test.go

@@ -19,7 +19,7 @@ import (
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy-db/pkg/metadata"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
-	"github.com/aquasecurity/trivy/pkg/report"
+	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 var update = flag.Bool("update", false, "update golden files")
@@ -85,14 +85,14 @@ func waitPort(ctx context.Context, addr string) error {
 	}
 }
 
-func readReport(t *testing.T, filePath string) report.Report {
+func readReport(t *testing.T, filePath string) types.Report {
 	t.Helper()
 
 	f, err := os.Open(filePath)
 	require.NoError(t, err, filePath)
 	defer f.Close()
 
-	var res report.Report
+	var res types.Report
 	err = json.NewDecoder(f).Decode(&res)
 	require.NoError(t, err, filePath)
 

integration/registry_test.go

@@ -58,7 +58,7 @@ func setupRegistry(ctx context.Context, baseDir string, authURL *url.URL) (testc
 			"REGISTRY_AUTH_TOKEN_AUTOREDIRECT":   "false",
 		},
 		BindMounts: map[string]string{
-			filepath.Join(baseDir, "data", "certs"): "/certs",
+			"/certs": filepath.Join(baseDir, "data", "certs"),
 		},
 		SkipReaper: true,
 		AutoRemove: true,
@@ -78,8 +78,8 @@ func setupAuthServer(ctx context.Context, baseDir string) (testcontainers.Contai
 		Image:        authImage,
 		ExposedPorts: []string{authPort},
 		BindMounts: map[string]string{
-			filepath.Join(baseDir, "data", "auth_config"): "/config",
-			filepath.Join(baseDir, "data", "certs"):       "/certs",
+			"/config": filepath.Join(baseDir, "data", "auth_config"),
+			"/certs":  filepath.Join(baseDir, "data", "certs"),
 		},
 		SkipReaper: true,
 		AutoRemove: true,

integration/testdata/alpine-310.asff.golden

@@ -1,182 +1,184 @@
-[
-    {
-        "SchemaVersion": "2018-10-08",
-        "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1549",
-        "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
-        "GeneratorId": "Trivy",
-        "AwsAccountId": "123456789012",
-        "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-        "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-        "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
-        "Severity": {
-            "Label": "MEDIUM"
-        },
-        "Title": "Trivy found a vulnerability to CVE-2019-1549 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
-        "Remediation": {
-            "Recommendation": {
-                "Text": "More information on this vulnerability is provided in the hyperlink",
-                "Url": "https://avd.aquasec.com/nvd/cve-2019-1549"
-            }
-        },
-        "ProductFields": { "Product Name": "Trivy" },
-        "Resources": [
-            {
-                "Type": "Container",
-                "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-                "Partition": "aws",
-                "Region": "test-region",
-                "Details": {
-                    "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
-                    "Other": {
-                        "CVE ID": "CVE-2019-1549",
-                        "CVE Title": "openssl: information disclosure in fork()",
-                        "PkgName": "libcrypto1.1",
-                        "Installed Package": "1.1.1c-r0",
-                        "Patched Package": "1.1.1d-r0",
-                        "NvdCvssScoreV3": "5.3",
-                        "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
-                        "NvdCvssScoreV2": "5",
-                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+{
+    "Findings": [
+        {
+            "SchemaVersion": "2018-10-08",
+            "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1549",
+            "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
+            "GeneratorId": "Trivy",
+            "AwsAccountId": "123456789012",
+            "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
+            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "Severity": {
+                "Label": "MEDIUM"
+            },
+            "Title": "Trivy found a vulnerability to CVE-2019-1549 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+            "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
+            "Remediation": {
+                "Recommendation": {
+                    "Text": "More information on this vulnerability is provided in the hyperlink",
+                    "Url": "https://avd.aquasec.com/nvd/cve-2019-1549"
+                }
+            },
+            "ProductFields": { "Product Name": "Trivy" },
+            "Resources": [
+                {
+                    "Type": "Container",
+                    "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+                    "Partition": "aws",
+                    "Region": "test-region",
+                    "Details": {
+                        "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
+                        "Other": {
+                            "CVE ID": "CVE-2019-1549",
+                            "CVE Title": "openssl: information disclosure in fork()",
+                            "PkgName": "libcrypto1.1",
+                            "Installed Package": "1.1.1c-r0",
+                            "Patched Package": "1.1.1d-r0",
+                            "NvdCvssScoreV3": "5.3",
+                            "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                            "NvdCvssScoreV2": "5",
+                            "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+                        }
                     }
                 }
-            }
-        ],
-        "RecordState": "ACTIVE"
-    },
-    {
-        "SchemaVersion": "2018-10-08",
-        "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1551",
-        "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
-        "GeneratorId": "Trivy",
-        "AwsAccountId": "123456789012",
-        "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-        "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-        "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
-        "Severity": {
-            "Label": "MEDIUM"
+            ],
+            "RecordState": "ACTIVE"
         },
-        "Title": "Trivy found a vulnerability to CVE-2019-1551 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
-        "Remediation": {
-            "Recommendation": {
-                "Text": "More information on this vulnerability is provided in the hyperlink",
-                "Url": "https://avd.aquasec.com/nvd/cve-2019-1551"
-            }
-        },
-        "ProductFields": { "Product Name": "Trivy" },
-        "Resources": [
-            {
-                "Type": "Container",
-                "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-                "Partition": "aws",
-                "Region": "test-region",
-                "Details": {
-                    "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
-                    "Other": {
-                        "CVE ID": "CVE-2019-1551",
-                        "CVE Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-                        "PkgName": "libcrypto1.1",
-                        "Installed Package": "1.1.1c-r0",
-                        "Patched Package": "1.1.1d-r2",
-                        "NvdCvssScoreV3": "5.3",
-                        "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
-                        "NvdCvssScoreV2": "5",
-                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+        {
+            "SchemaVersion": "2018-10-08",
+            "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1551",
+            "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
+            "GeneratorId": "Trivy",
+            "AwsAccountId": "123456789012",
+            "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
+            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "Severity": {
+                "Label": "MEDIUM"
+            },
+            "Title": "Trivy found a vulnerability to CVE-2019-1551 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+            "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+            "Remediation": {
+                "Recommendation": {
+                    "Text": "More information on this vulnerability is provided in the hyperlink",
+                    "Url": "https://avd.aquasec.com/nvd/cve-2019-1551"
+                }
+            },
+            "ProductFields": { "Product Name": "Trivy" },
+            "Resources": [
+                {
+                    "Type": "Container",
+                    "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+                    "Partition": "aws",
+                    "Region": "test-region",
+                    "Details": {
+                        "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
+                        "Other": {
+                            "CVE ID": "CVE-2019-1551",
+                            "CVE Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
+                            "PkgName": "libcrypto1.1",
+                            "Installed Package": "1.1.1c-r0",
+                            "Patched Package": "1.1.1d-r2",
+                            "NvdCvssScoreV3": "5.3",
+                            "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                            "NvdCvssScoreV2": "5",
+                            "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+                        }
                     }
                 }
-            }
-        ],
-        "RecordState": "ACTIVE"
-    },
-    {
-        "SchemaVersion": "2018-10-08",
-        "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1549",
-        "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
-        "GeneratorId": "Trivy",
-        "AwsAccountId": "123456789012",
-        "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-        "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-        "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
-        "Severity": {
-            "Label": "MEDIUM"
+            ],
+            "RecordState": "ACTIVE"
         },
-        "Title": "Trivy found a vulnerability to CVE-2019-1549 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
-        "Remediation": {
-            "Recommendation": {
-                "Text": "More information on this vulnerability is provided in the hyperlink",
-                "Url": "https://avd.aquasec.com/nvd/cve-2019-1549"
-            }
-        },
-        "ProductFields": { "Product Name": "Trivy" },
-        "Resources": [
-            {
-                "Type": "Container",
-                "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-                "Partition": "aws",
-                "Region": "test-region",
-                "Details": {
-                    "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
-                    "Other": {
-                        "CVE ID": "CVE-2019-1549",
-                        "CVE Title": "openssl: information disclosure in fork()",
-                        "PkgName": "libssl1.1",
-                        "Installed Package": "1.1.1c-r0",
-                        "Patched Package": "1.1.1d-r0",
-                        "NvdCvssScoreV3": "5.3",
-                        "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
-                        "NvdCvssScoreV2": "5",
-                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+        {
+            "SchemaVersion": "2018-10-08",
+            "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1549",
+            "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
+            "GeneratorId": "Trivy",
+            "AwsAccountId": "123456789012",
+            "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
+            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "Severity": {
+                "Label": "MEDIUM"
+            },
+            "Title": "Trivy found a vulnerability to CVE-2019-1549 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+            "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
+            "Remediation": {
+                "Recommendation": {
+                    "Text": "More information on this vulnerability is provided in the hyperlink",
+                    "Url": "https://avd.aquasec.com/nvd/cve-2019-1549"
+                }
+            },
+            "ProductFields": { "Product Name": "Trivy" },
+            "Resources": [
+                {
+                    "Type": "Container",
+                    "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+                    "Partition": "aws",
+                    "Region": "test-region",
+                    "Details": {
+                        "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
+                        "Other": {
+                            "CVE ID": "CVE-2019-1549",
+                            "CVE Title": "openssl: information disclosure in fork()",
+                            "PkgName": "libssl1.1",
+                            "Installed Package": "1.1.1c-r0",
+                            "Patched Package": "1.1.1d-r0",
+                            "NvdCvssScoreV3": "5.3",
+                            "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                            "NvdCvssScoreV2": "5",
+                            "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+                        }
                     }
                 }
-            }
-        ],
-        "RecordState": "ACTIVE"
-    },
-    {
-        "SchemaVersion": "2018-10-08",
-        "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1551",
-        "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
-        "GeneratorId": "Trivy",
-        "AwsAccountId": "123456789012",
-        "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
-        "CreatedAt": "2020-08-10T07:28:17.000958601Z",
-        "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
-        "Severity": {
-            "Label": "MEDIUM"
+            ],
+            "RecordState": "ACTIVE"
         },
-        "Title": "Trivy found a vulnerability to CVE-2019-1551 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
-        "Remediation": {
-            "Recommendation": {
-                "Text": "More information on this vulnerability is provided in the hyperlink",
-                "Url": "https://avd.aquasec.com/nvd/cve-2019-1551"
-            }
-        },
-        "ProductFields": { "Product Name": "Trivy" },
-        "Resources": [
-            {
-                "Type": "Container",
-                "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
-                "Partition": "aws",
-                "Region": "test-region",
-                "Details": {
-                    "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
-                    "Other": {
-                        "CVE ID": "CVE-2019-1551",
-                        "CVE Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-                        "PkgName": "libssl1.1",
-                        "Installed Package": "1.1.1c-r0",
-                        "Patched Package": "1.1.1d-r2",
-                        "NvdCvssScoreV3": "5.3",
-                        "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
-                        "NvdCvssScoreV2": "5",
-                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+        {
+            "SchemaVersion": "2018-10-08",
+            "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)/CVE-2019-1551",
+            "ProductArn": "arn:aws:securityhub:test-region::product/aquasecurity/aquasecurity",
+            "GeneratorId": "Trivy",
+            "AwsAccountId": "123456789012",
+            "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ],
+            "CreatedAt": "2020-08-10T07:28:17.000958601Z",
+            "UpdatedAt": "2020-08-10T07:28:17.000958601Z",
+            "Severity": {
+                "Label": "MEDIUM"
+            },
+            "Title": "Trivy found a vulnerability to CVE-2019-1551 in container testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+            "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+            "Remediation": {
+                "Recommendation": {
+                    "Text": "More information on this vulnerability is provided in the hyperlink",
+                    "Url": "https://avd.aquasec.com/nvd/cve-2019-1551"
+                }
+            },
+            "ProductFields": { "Product Name": "Trivy" },
+            "Resources": [
+                {
+                    "Type": "Container",
+                    "Id": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
+                    "Partition": "aws",
+                    "Region": "test-region",
+                    "Details": {
+                        "Container": { "ImageName": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)" },
+                        "Other": {
+                            "CVE ID": "CVE-2019-1551",
+                            "CVE Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
+                            "PkgName": "libssl1.1",
+                            "Installed Package": "1.1.1c-r0",
+                            "Patched Package": "1.1.1d-r2",
+                            "NvdCvssScoreV3": "5.3",
+                            "NvdCvssVectorV3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                            "NvdCvssScoreV2": "5",
+                            "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+                        }
                     }
                 }
-            }
-        ],
-        "RecordState": "ACTIVE"
-    }
-]
+            ],
+            "RecordState": "ACTIVE"
+        }
+    ]
+}

integration/testdata/fixtures/fs/pip/requirements.txt

@@ -4,3 +4,5 @@ itsdangerous==2.0.0
 Jinja2==3.0.0
 MarkupSafe>2.0.0
 Werkzeug==0.11
+oauth2-client==4.0.0
+python-gitlab==2.0.0

integration/testdata/pip.json.golden

@@ -19,6 +19,43 @@
       "Target": "requirements.txt",
       "Class": "lang-pkgs",
       "Type": "pip",
+      "Packages": [
+        {
+          "Name": "Flask",
+          "Version": "2.0.0",
+          "Layer": {}
+        },
+        {
+          "Name": "Jinja2",
+          "Version": "3.0.0",
+          "Layer": {}
+        },
+        {
+          "Name": "Werkzeug",
+          "Version": "0.11",
+          "Layer": {}
+        },
+        {
+          "Name": "click",
+          "Version": "8.0.0",
+          "Layer": {}
+        },
+        {
+          "Name": "itsdangerous",
+          "Version": "2.0.0",
+          "Layer": {}
+        },
+        {
+          "Name": "oauth2-client",
+          "Version": "4.0.0",
+          "Layer": {}
+        },
+        {
+          "Name": "python-gitlab",
+          "Version": "2.0.0",
+          "Layer": {}
+        }
+      ],
       "Vulnerabilities": [
         {
           "VulnerabilityID": "CVE-2019-14806",

misc/triage/labels.yaml

@@ -132,6 +132,19 @@ labels:
 - name: co/poetry
   color: d9ead3
   description: Issues relating to Poetry
+- name: co/terraform
+  color: d9ead3
+  description: Issues relating to Terraform
+- name: co/cloudformation
+  color: d9ead3
+  description: Issues relating to CloudFormation
+- name: co/dockerfile
+  color: d9ead3
+  description: Issues relating to Dockerfile
+- name: co/kubernetes
+  color: d9ead3
+  description: Issues relating to Kubernetes
+
 
 # others
 - name: good first issue
@@ -140,3 +153,6 @@ labels:
 - name: help wanted
   color: 006b75
   description: Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
+- name: vulnerability
+  color: e11d21
+  description: Categorizes issue or PR as related to Trivy's own vulnerabilities.

mkdocs.yml

@@ -71,6 +71,8 @@ nav:
       - Overview: advanced/index.md
       - Plugins: advanced/plugins.md
       - Air-Gapped Environment: advanced/air-gap.md
+      - SBOM:
+          - CycloneDX: advanced/sbom/cyclonedx.md
       - Integrations:
           - Overview: advanced/integrations/index.md
           - GitHub Actions: advanced/integrations/github-actions.md

pkg/cache/remote.go

@@ -2,6 +2,7 @@ package cache
 
 import (
 	"context"
+	"crypto/tls"
 	"net/http"
 
 	"golang.org/x/xerrors"
@@ -19,13 +20,19 @@ type RemoteCache struct {
 	client rpcCache.Cache
 }
 
-// RemoteURL to hold remote host
-type RemoteURL string
-
 // NewRemoteCache is the factory method for RemoteCache
-func NewRemoteCache(url RemoteURL, customHeaders http.Header) cache.ArtifactCache {
+func NewRemoteCache(url string, customHeaders http.Header, insecure bool) cache.ArtifactCache {
 	ctx := client.WithCustomHeaders(context.Background(), customHeaders)
-	c := rpcCache.NewCacheProtobufClient(string(url), &http.Client{})
+
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: insecure,
+			},
+		},
+	}
+
+	c := rpcCache.NewCacheProtobufClient(url, httpClient)
 	return &RemoteCache{ctx: ctx, client: c}
 }
 

pkg/cache/remote_test.go

@@ -135,7 +135,7 @@ func TestRemoteCache_PutArtifact(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := cache.NewRemoteCache(cache.RemoteURL(ts.URL), tt.args.customHeaders)
+			c := cache.NewRemoteCache(ts.URL, tt.args.customHeaders, false)
 			err := c.PutArtifact(tt.args.imageID, tt.args.imageInfo)
 			if tt.wantErr != "" {
 				require.NotNil(t, err, tt.name)
@@ -196,7 +196,7 @@ func TestRemoteCache_PutBlob(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := cache.NewRemoteCache(cache.RemoteURL(ts.URL), tt.args.customHeaders)
+			c := cache.NewRemoteCache(ts.URL, tt.args.customHeaders, false)
 			err := c.PutBlob(tt.args.diffID, tt.args.layerInfo)
 			if tt.wantErr != "" {
 				require.NotNil(t, err, tt.name)
@@ -274,7 +274,7 @@ func TestRemoteCache_MissingBlobs(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := cache.NewRemoteCache(cache.RemoteURL(ts.URL), tt.args.customHeaders)
+			c := cache.NewRemoteCache(ts.URL, tt.args.customHeaders, false)
 			gotMissingImage, gotMissingLayerIDs, err := c.MissingBlobs(tt.args.imageID, tt.args.layerIDs)
 			if tt.wantErr != "" {
 				require.NotNil(t, err, tt.name)
@@ -289,3 +289,49 @@ func TestRemoteCache_MissingBlobs(t *testing.T) {
 		})
 	}
 }
+
+func TestRemoteCache_PutArtifactInsecure(t *testing.T) {
+	ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
+	defer ts.Close()
+
+	type args struct {
+		imageID   string
+		imageInfo types.ArtifactInfo
+		insecure  bool
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr string
+	}{
+		{
+			name: "happy path",
+			args: args{
+				imageID:   "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
+				imageInfo: types.ArtifactInfo{},
+				insecure:  true,
+			},
+		},
+		{
+			name: "sad path",
+			args: args{
+				imageID:   "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
+				imageInfo: types.ArtifactInfo{},
+				insecure:  false,
+			},
+			wantErr: "certificate signed by unknown authority",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := cache.NewRemoteCache(ts.URL, nil, tt.args.insecure)
+			err := c.PutArtifact(tt.args.imageID, tt.args.imageInfo)
+			if tt.wantErr != "" {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tt.wantErr)
+				return
+			}
+			assert.NoError(t, err, tt.name)
+		})
+	}
+}

pkg/commands/app.go

@@ -309,6 +309,7 @@ var (
 	insecureFlag = cli.BoolFlag{
 		Name:    "insecure",
 		Usage:   "allow insecure server connections when using SSL",
+		Value:   false,
 		EnvVars: []string{"TRIVY_INSECURE"},
 	}
 
@@ -545,6 +546,7 @@ func NewRepositoryCommand() *cli.Command {
 			&redisBackendKey,
 			&timeoutFlag,
 			&noProgressFlag,
+			&quietFlag,
 			&ignorePolicy,
 			&listAllPackages,
 			&offlineScan,
@@ -584,6 +586,7 @@ func NewClientCommand() *cli.Command {
 			stringSliceFlag(configPolicy),
 			&listAllPackages,
 			&offlineScan,
+			&insecureFlag,
 
 			// original flags
 			&token,

pkg/commands/artifact/option.go

@@ -60,7 +60,7 @@ func (c *Option) Init() error {
 }
 
 func (c *Option) initPreScanOptions() error {
-	if err := c.ReportOption.Init(c.Logger); err != nil {
+	if err := c.ReportOption.Init(c.Context.App.Writer, c.Logger); err != nil {
 		return err
 	}
 	if err := c.DBOption.Init(); err != nil {

pkg/commands/artifact/option_test.go

@@ -97,7 +97,7 @@ func TestOption_Init(t *testing.T) {
 			name: "invalid option combination: --template enabled without --format",
 			args: []string{"--template", "@contrib/gitlab.tpl", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--template is ignored because --format template is not specified. Use --template option with --format template option.",
+				"'--template' is ignored because '--format template' is not specified. Use '--template' option with '--format template' option.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{
@@ -116,7 +116,7 @@ func TestOption_Init(t *testing.T) {
 			name: "invalid option combination: --template and --format json",
 			args: []string{"--format", "json", "--template", "@contrib/gitlab.tpl", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--template is ignored because --format json is specified. Use --template option with --format template option.",
+				"'--template' is ignored because '--format json' is specified. Use '--template' option with '--format template' option.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{
@@ -136,7 +136,7 @@ func TestOption_Init(t *testing.T) {
 			name: "invalid option combination: --format template without --template",
 			args: []string{"--format", "template", "--severity", "MEDIUM", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--format template is ignored because --template not is specified. Specify --template option when you use --format template.",
+				"'--format template' is ignored because '--template' is not specified. Specify '--template' option when you use '--format template'.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{

pkg/commands/artifact/run.go

@@ -167,7 +167,7 @@ func disabledAnalyzers(opt Option) []analyzer.Type {
 }
 
 func scan(ctx context.Context, opt Option, initializeScanner InitializeScanner, cacheClient cache.Cache) (
-	pkgReport.Report, error) {
+	types.Report, error) {
 	target := opt.Target
 	if opt.Input != "" {
 		target = opt.Input
@@ -187,7 +187,7 @@ func scan(ctx context.Context, opt Option, initializeScanner InitializeScanner,
 		noProgress := opt.Quiet || opt.NoProgress
 		builtinPolicyPaths, err := operation.InitBuiltinPolicies(ctx, opt.CacheDir, noProgress, opt.SkipPolicyUpdate)
 		if err != nil {
-			return pkgReport.Report{}, xerrors.Errorf("failed to initialize built-in policies: %w", err)
+			return types.Report{}, xerrors.Errorf("failed to initialize built-in policies: %w", err)
 		}
 
 		configScannerOptions = config.ScannerOption{
@@ -205,23 +205,23 @@ func scan(ctx context.Context, opt Option, initializeScanner InitializeScanner,
 		SkipDirs:          opt.SkipDirs,
 		InsecureSkipTLS:   opt.Insecure,
 		Offline:           opt.OfflineScan,
-		Quiet:             opt.Quiet,
+		NoProgress:        opt.NoProgress || opt.Quiet,
 	}
 
 	s, cleanup, err := initializeScanner(ctx, target, cacheClient, cacheClient, opt.Insecure, artifactOpt, configScannerOptions)
 	if err != nil {
-		return pkgReport.Report{}, xerrors.Errorf("unable to initialize a scanner: %w", err)
+		return types.Report{}, xerrors.Errorf("unable to initialize a scanner: %w", err)
 	}
 	defer cleanup()
 
 	report, err := s.ScanArtifact(ctx, scanOptions)
 	if err != nil {
-		return pkgReport.Report{}, xerrors.Errorf("image scan failed: %w", err)
+		return types.Report{}, xerrors.Errorf("image scan failed: %w", err)
 	}
 	return report, nil
 }
 
-func filter(ctx context.Context, opt Option, report pkgReport.Report) (pkgReport.Report, error) {
+func filter(ctx context.Context, opt Option, report types.Report) (types.Report, error) {
 	resultClient := initializeResultClient()
 	results := report.Results
 	for i := range results {
@@ -229,7 +229,7 @@ func filter(ctx context.Context, opt Option, report pkgReport.Report) (pkgReport
 		vulns, misconfSummary, misconfs, err := resultClient.Filter(ctx, results[i].Vulnerabilities, results[i].Misconfigurations,
 			opt.Severities, opt.IgnoreUnfixed, opt.IncludeNonFailures, opt.IgnoreFile, opt.IgnorePolicy)
 		if err != nil {
-			return pkgReport.Report{}, xerrors.Errorf("unable to filter vulnerabilities: %w", err)
+			return types.Report{}, xerrors.Errorf("unable to filter vulnerabilities: %w", err)
 		}
 		results[i].Vulnerabilities = vulns
 		results[i].Misconfigurations = misconfs
@@ -238,7 +238,7 @@ func filter(ctx context.Context, opt Option, report pkgReport.Report) (pkgReport
 	return report, nil
 }
 
-func exit(c Option, results pkgReport.Results) {
+func exit(c Option, results types.Results) {
 	if c.ExitCode != 0 && results.Failed() {
 		os.Exit(c.ExitCode)
 	}

pkg/commands/client/inject.go

@@ -18,14 +18,14 @@ import (
 )
 
 func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders,
-	url client.RemoteURL, dockerOpt types.DockerOption, artifactOption artifact.Option, configScannerOption config.ScannerOption) (
+	url client.RemoteURL, insecure client.Insecure, dockerOpt types.DockerOption, artifactOption artifact.Option, configScannerOption config.ScannerOption) (
 	scanner.Scanner, func(), error) {
 	wire.Build(scanner.RemoteDockerSet)
 	return scanner.Scanner{}, nil, nil
 }
 
 func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
-	customHeaders client.CustomHeaders, url client.RemoteURL, artifactOption artifact.Option,
+	customHeaders client.CustomHeaders, url client.RemoteURL, insecure client.Insecure, artifactOption artifact.Option,
 	configScannerOption config.ScannerOption) (scanner.Scanner, error) {
 	wire.Build(scanner.RemoteArchiveSet)
 	return scanner.Scanner{}, nil

pkg/commands/client/option.go

@@ -69,7 +69,7 @@ func (c *Option) Init() (err error) {
 		c.CustomHeaders.Set(c.tokenHeader, c.token)
 	}
 
-	if err = c.ReportOption.Init(c.Logger); err != nil {
+	if err = c.ReportOption.Init(c.Context.App.Writer, c.Logger); err != nil {
 		return err
 	}
 

pkg/commands/client/option_test.go

@@ -142,7 +142,7 @@ func TestConfig_Init(t *testing.T) {
 			name: "invalid option combination: --template enabled without --format",
 			args: []string{"--template", "@contrib/gitlab.tpl", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--template is ignored because --format template is not specified. Use --template option with --format template option.",
+				"'--template' is ignored because '--format template' is not specified. Use '--template' option with '--format template' option.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{
@@ -162,7 +162,7 @@ func TestConfig_Init(t *testing.T) {
 			name: "invalid option combination: --template and --format json",
 			args: []string{"--format", "json", "--template", "@contrib/gitlab.tpl", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--template is ignored because --format json is specified. Use --template option with --format template option.",
+				"'--template' is ignored because '--format json' is specified. Use '--template' option with '--format template' option.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{
@@ -183,7 +183,7 @@ func TestConfig_Init(t *testing.T) {
 			name: "invalid option combination: --format template without --template",
 			args: []string{"--format", "template", "--severity", "MEDIUM", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--format template is ignored because --template not is specified. Specify --template option when you use --format template.",
+				"'--format template' is ignored because '--template' is not specified. Specify '--template' option when you use '--format template'.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{
@@ -203,7 +203,7 @@ func TestConfig_Init(t *testing.T) {
 			name: "invalid option combination: --format template without --template",
 			args: []string{"--format", "template", "--severity", "MEDIUM", "gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--format template is ignored because --template not is specified. Specify --template option when you use --format template.",
+				"'--format template' is ignored because '--template' is not specified. Specify '--template' option when you use '--format template'.",
 			},
 			want: Option{
 				ReportOption: option.ReportOption{

pkg/commands/client/run.go

@@ -138,7 +138,7 @@ func disabledAnalyzers(opt Option) []analyzer.Type {
 }
 
 func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func(), error) {
-	remoteCache := cache.NewRemoteCache(cache.RemoteURL(opt.RemoteAddr), opt.CustomHeaders)
+	remoteCache := cache.NewRemoteCache(opt.RemoteAddr, opt.CustomHeaders, opt.Insecure)
 
 	// ScannerOptions is filled only when config scanning is enabled.
 	var configScannerOptions config.ScannerOption
@@ -168,7 +168,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func()
 	if opt.Input != "" {
 		// Scan tar file
 		s, err := initializeArchiveScanner(ctx, opt.Input, remoteCache, client.CustomHeaders(opt.CustomHeaders),
-			client.RemoteURL(opt.RemoteAddr), artifactOpt, configScannerOptions)
+			client.RemoteURL(opt.RemoteAddr), client.Insecure(opt.Insecure), artifactOpt, configScannerOptions)
 		if err != nil {
 			return scanner.Scanner{}, nil, xerrors.Errorf("unable to initialize the archive scanner: %w", err)
 		}
@@ -182,7 +182,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func()
 	}
 
 	s, cleanup, err := initializeDockerScanner(ctx, opt.Target, remoteCache, client.CustomHeaders(opt.CustomHeaders),
-		client.RemoteURL(opt.RemoteAddr), dockerOpt, artifactOpt, configScannerOptions)
+		client.RemoteURL(opt.RemoteAddr), client.Insecure(opt.Insecure), dockerOpt, artifactOpt, configScannerOptions)
 	if err != nil {
 		return scanner.Scanner{}, nil, xerrors.Errorf("unable to initialize the docker scanner: %w", err)
 	}
@@ -190,7 +190,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func()
 	return s, cleanup, nil
 }
 
-func exit(c Option, results pkgReport.Results) {
+func exit(c Option, results types.Results) {
 	if c.ExitCode != 0 {
 		for _, result := range results {
 			if len(result.Vulnerabilities) > 0 {

pkg/commands/client/wire_gen.go

@@ -1,6 +1,6 @@
 // Code generated by Wire. DO NOT EDIT.
 
-//go:generate go run github.com/google/wire/cmd/wire
+//go:generate wire
 //go:build !wireinject
 // +build !wireinject
 
@@ -22,8 +22,8 @@ import (
 
 // Injectors from inject.go:
 
-func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, dockerOpt types.DockerOption, artifactOption artifact.Option, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) {
-	scannerScanner := client.NewProtobufClient(url)
+func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, insecure client.Insecure, dockerOpt types.DockerOption, artifactOption artifact.Option, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) {
+	scannerScanner := client.NewProtobufClient(url, insecure)
 	clientScanner := client.NewScanner(customHeaders, scannerScanner)
 	typesImage, cleanup, err := image.NewDockerImage(ctx, imageName, dockerOpt)
 	if err != nil {
@@ -40,8 +40,8 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach
 	}, nil
 }
 
-func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, artifactOption artifact.Option, configScannerOption config.ScannerOption) (scanner.Scanner, error) {
-	scannerScanner := client.NewProtobufClient(url)
+func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, insecure client.Insecure, artifactOption artifact.Option, configScannerOption config.ScannerOption) (scanner.Scanner, error) {
+	scannerScanner := client.NewProtobufClient(url, insecure)
 	clientScanner := client.NewScanner(customHeaders, scannerScanner)
 	typesImage, err := image.NewArchiveImage(filePath)
 	if err != nil {

pkg/commands/option/image.go

@@ -7,13 +7,11 @@ import (
 // ImageOption holds the options for scanning images
 type ImageOption struct {
 	ScanRemovedPkgs bool
-	ListAllPkgs     bool
 }
 
 // NewImageOption is the factory method to return ImageOption
 func NewImageOption(c *cli.Context) ImageOption {
 	return ImageOption{
 		ScanRemovedPkgs: c.Bool("removed-pkgs"),
-		ListAllPkgs:     c.Bool("list-all-pkgs"),
 	}
 }

pkg/commands/option/report.go

@@ -1,6 +1,7 @@
 package option
 
 import (
+	"io"
 	"os"
 	"strings"
 
@@ -32,8 +33,9 @@ type ReportOption struct {
 	// these variables are populated by Init()
 	VulnType       []string
 	SecurityChecks []string
-	Output         *os.File
+	Output         io.Writer
 	Severities     []dbTypes.Severity
+	ListAllPkgs    bool
 }
 
 // NewReportOption is the factory method to return ReportOption
@@ -50,31 +52,41 @@ func NewReportOption(c *cli.Context) ReportOption {
 		IgnoreFile:     c.String("ignorefile"),
 		IgnoreUnfixed:  c.Bool("ignore-unfixed"),
 		ExitCode:       c.Int("exit-code"),
+		ListAllPkgs:    c.Bool("list-all-pkgs"),
 	}
 }
 
 // Init initializes the ReportOption
-func (c *ReportOption) Init(logger *zap.SugaredLogger) error {
-	var err error
-
+func (c *ReportOption) Init(output io.Writer, logger *zap.SugaredLogger) error {
 	if c.Template != "" {
 		if c.Format == "" {
-			logger.Warn("--template is ignored because --format template is not specified. Use --template option with --format template option.")
+			logger.Warn("'--template' is ignored because '--format template' is not specified. Use '--template' option with '--format template' option.")
 		} else if c.Format != "template" {
-			logger.Warnf("--template is ignored because --format %s is specified. Use --template option with --format template option.", c.Format)
+			logger.Warnf("'--template' is ignored because '--format %s' is specified. Use '--template' option with '--format template' option.", c.Format)
+		}
+	} else {
+		if c.Format == "template" {
+			logger.Warn("'--format template' is ignored because '--template' is not specified. Specify '--template' option when you use '--format template'.")
 		}
 	}
-	if c.Format == "template" && c.Template == "" {
-		logger.Warn("--format template is ignored because --template not is specified. Specify --template option when you use --format template.")
+
+	// "--list-all-pkgs" option is unavailable with "--format table".
+	// If user specifies "--list-all-pkgs" with "--format table", we should warn it.
+	if c.ListAllPkgs && c.Format == "table" {
+		logger.Warn(`"--list-all-pkgs" cannot be used with "--format table". Try "--format json" or other formats.`)
+	}
+
+	if c.forceListAllPkgs(logger) {
+		c.ListAllPkgs = true
 	}
 
 	c.Severities = splitSeverity(logger, c.severities)
 
-	if err = c.populateVulnTypes(); err != nil {
+	if err := c.populateVulnTypes(); err != nil {
 		return xerrors.Errorf("vuln type: %w", err)
 	}
 
-	if err = c.populateSecurityChecks(); err != nil {
+	if err := c.populateSecurityChecks(); err != nil {
 		return xerrors.Errorf("security checks: %w", err)
 	}
 
@@ -83,13 +95,16 @@ func (c *ReportOption) Init(logger *zap.SugaredLogger) error {
 	c.vulnType = ""
 	c.securityChecks = ""
 
-	c.Output = os.Stdout
+	// The output is os.Stdout by default
 	if c.output != "" {
-		if c.Output, err = os.Create(c.output); err != nil {
+		var err error
+		if output, err = os.Create(c.output); err != nil {
 			return xerrors.Errorf("failed to create an output file: %w", err)
 		}
 	}
 
+	c.Output = output
+
 	return nil
 }
 
@@ -121,6 +136,14 @@ func (c *ReportOption) populateSecurityChecks() error {
 	return nil
 }
 
+func (c *ReportOption) forceListAllPkgs(logger *zap.SugaredLogger) bool {
+	if c.Format == "cyclonedx" && !c.ListAllPkgs {
+		logger.Debugf("'--format cyclonedx' automatically enables '--list-all-pkgs'.")
+		return true
+	}
+	return false
+}
+
 func splitSeverity(logger *zap.SugaredLogger, severity string) []dbTypes.Severity {
 	logger.Debugf("Severities: %s", severity)
 	var severities []dbTypes.Severity

pkg/commands/option/report_test.go

@@ -24,10 +24,12 @@ func TestReportReportConfig_Init(t *testing.T) {
 		severities     string
 		IgnoreFile     string
 		IgnoreUnfixed  bool
+		listAllPksgs   bool
 		ExitCode       int
 		VulnType       []string
 		Output         *os.File
 		Severities     []dbTypes.Severity
+		debug          bool
 	}
 	tests := []struct {
 		name    string
@@ -70,6 +72,49 @@ func TestReportReportConfig_Init(t *testing.T) {
 				Output:         os.Stdout,
 			},
 		},
+		{
+			name: "happy path with an cyclonedx",
+			fields: fields{
+				severities:     "CRITICAL",
+				vulnType:       "os,library",
+				securityChecks: "vuln",
+				Format:         "cyclonedx",
+				listAllPksgs:   true,
+			},
+			args: []string{"centos:7"},
+			want: ReportOption{
+				Severities:     []dbTypes.Severity{dbTypes.SeverityCritical},
+				VulnType:       []string{types.VulnTypeOS, types.VulnTypeLibrary},
+				SecurityChecks: []string{types.SecurityCheckVulnerability},
+				Format:         "cyclonedx",
+				Output:         os.Stdout,
+				ListAllPkgs:    true,
+			},
+		},
+		{
+			name: "happy path with an cyclonedx option list-all-pkgs is false",
+			fields: fields{
+				severities:     "CRITICAL",
+				vulnType:       "os,library",
+				securityChecks: "vuln",
+				Format:         "cyclonedx",
+				listAllPksgs:   false,
+				debug:          true,
+			},
+			args: []string{"centos:7"},
+			logs: []string{
+				"'--format cyclonedx' automatically enables '--list-all-pkgs'.",
+				"Severities: CRITICAL",
+			},
+			want: ReportOption{
+				Severities:     []dbTypes.Severity{dbTypes.SeverityCritical},
+				VulnType:       []string{types.VulnTypeOS, types.VulnTypeLibrary},
+				SecurityChecks: []string{types.SecurityCheckVulnerability},
+				Format:         "cyclonedx",
+				Output:         os.Stdout,
+				ListAllPkgs:    true,
+			},
+		},
 		{
 			name: "invalid option combination: --template enabled without --format",
 			fields: fields{
@@ -80,7 +125,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 			},
 			args: []string{"gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--template is ignored because --format template is not specified. Use --template option with --format template option.",
+				"'--template' is ignored because '--format template' is not specified. Use '--template' option with '--format template' option.",
 			},
 			want: ReportOption{
 				Output:         os.Stdout,
@@ -101,7 +146,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 			},
 			args: []string{"gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--template is ignored because --format json is specified. Use --template option with --format template option.",
+				"'--template' is ignored because '--format json' is specified. Use '--template' option with '--format template' option.",
 			},
 			want: ReportOption{
 				Format:         "json",
@@ -122,7 +167,7 @@ func TestReportReportConfig_Init(t *testing.T) {
 			},
 			args: []string{"gitlab/gitlab-ce:12.7.2-ce.0"},
 			logs: []string{
-				"--format template is ignored because --template not is specified. Specify --template option when you use --format template.",
+				"'--format template' is ignored because '--template' is not specified. Specify '--template' option when you use '--format template'.",
 			},
 			want: ReportOption{
 				Format:         "template",
@@ -132,10 +177,37 @@ func TestReportReportConfig_Init(t *testing.T) {
 				SecurityChecks: []string{types.SecurityCheckVulnerability},
 			},
 		},
+		{
+			name: "invalid option combination: --list-all-pkgs with --format table",
+			fields: fields{
+				Format:         "table",
+				severities:     "LOW",
+				vulnType:       "os",
+				securityChecks: "vuln",
+				listAllPksgs:   true,
+			},
+			args: []string{"centos:7"},
+			logs: []string{
+				`"--list-all-pkgs" cannot be used with "--format table". Try "--format json" or other formats.`,
+			},
+			want: ReportOption{
+				Format:         "table",
+				Output:         os.Stdout,
+				Severities:     []dbTypes.Severity{dbTypes.SeverityLow},
+				VulnType:       []string{types.VulnTypeOS},
+				SecurityChecks: []string{types.SecurityCheckVulnerability},
+				ListAllPkgs:    true,
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			core, obs := observer.New(zap.InfoLevel)
+			level := zap.InfoLevel
+			if tt.fields.debug {
+				level = zap.DebugLevel
+			}
+
+			core, obs := observer.New(level)
 			logger := zap.New(core)
 
 			set := flag.NewFlagSet("test", 0)
@@ -151,10 +223,10 @@ func TestReportReportConfig_Init(t *testing.T) {
 				IgnoreFile:     tt.fields.IgnoreFile,
 				IgnoreUnfixed:  tt.fields.IgnoreUnfixed,
 				ExitCode:       tt.fields.ExitCode,
+				ListAllPkgs:    tt.fields.listAllPksgs,
 				Output:         tt.fields.Output,
 			}
-
-			err := c.Init(logger.Sugar())
+			err := c.Init(os.Stdout, logger.Sugar())
 
 			// tests log messages
 			var gotMessages []string

pkg/db/db.go

@@ -94,6 +94,7 @@ func (c *Client) NeedsUpdate(cliVersion string, skip bool) (bool, error) {
 	}
 
 	if skip {
+		log.Logger.Debug("Skipping DB update...")
 		if err = c.validate(meta); err != nil {
 			return false, xerrors.Errorf("validate error: %w", err)
 		}
@@ -101,6 +102,7 @@ func (c *Client) NeedsUpdate(cliVersion string, skip bool) (bool, error) {
 	}
 
 	if db.SchemaVersion != meta.Version {
+		log.Logger.Debugf("The local DB schema version (%d) does not match with supported version schema (%d).", meta.Version, db.SchemaVersion)
 		return true, nil
 	}
 
@@ -109,8 +111,9 @@ func (c *Client) NeedsUpdate(cliVersion string, skip bool) (bool, error) {
 
 func (c *Client) validate(meta metadata.Metadata) error {
 	if db.SchemaVersion != meta.Version {
-		log.Logger.Error("The local DB has an old schema version which is not supported by the current version of Trivy CLI. It needs to be updated.")
-		return xerrors.New("--skip-update cannot be specified with the old DB schema")
+		log.Logger.Error("The local DB has an old schema version which is not supported by the current version of Trivy CLI. DB needs to be updated.")
+		return xerrors.Errorf("--skip-update cannot be specified with the old DB schema. Local DB: %d, Expected: %d",
+			meta.Version, db.SchemaVersion)
 	}
 	return nil
 }

pkg/db/db_test.go

@@ -117,8 +117,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
 				Version:    0,
 				NextUpdate: timeNextUpdateDay1,
 			},
-			skip:    true,
-			wantErr: "--skip-update cannot be specified with the old DB",
+			skip: true,
+			wantErr: fmt.Sprintf("--skip-update cannot be specified with the old DB schema. Local DB: %d, Expected: %d",
+				0, tdb.SchemaVersion),
 		},
 		{
 			name:  "happy with old DownloadedAt",

pkg/purl/purl.go

@@ -0,0 +1,244 @@
+package purl
+
+import (
+	"fmt"
+	"strings"
+
+	cn "github.com/google/go-containerregistry/pkg/name"
+	"github.com/package-url/packageurl-go"
+	"golang.org/x/xerrors"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/analyzer/os"
+	ftypes "github.com/aquasecurity/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/scanner/utils"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+const (
+	TypeOCI = "oci"
+)
+
+type PackageURL struct {
+	packageurl.PackageURL
+	FilePath string
+}
+
+func (purl PackageURL) BOMRef() string {
+	// 'bom-ref' must be unique within BOM, but PURLs may conflict
+	// when the same packages are installed in an artifact.
+	// In that case, we prefer to make PURLs unique by adding file paths,
+	// rather than using UUIDs, even if it is not PURL technically.
+	// ref. https://cyclonedx.org/use-cases/#dependency-graph
+	if purl.FilePath != "" {
+		purl.Qualifiers = append(purl.Qualifiers,
+			packageurl.Qualifier{
+				Key:   "file_path",
+				Value: purl.FilePath,
+			},
+		)
+	}
+	return purl.PackageURL.String()
+}
+
+// nolint: gocyclo
+func NewPackageURL(t string, metadata types.Metadata, pkg ftypes.Package) (PackageURL, error) {
+	var qualifiers packageurl.Qualifiers
+	if metadata.OS != nil {
+		qualifiers = parseQualifier(pkg)
+	}
+
+	ptype := purlType(t)
+	name := pkg.Name
+	version := utils.FormatVersion(pkg)
+	namespace := ""
+
+	switch ptype {
+	case packageurl.TypeRPM:
+		ns, qs := parseRPM(metadata.OS, pkg.Modularitylabel)
+		namespace = ns
+		qualifiers = append(qualifiers, qs...)
+	case packageurl.TypeDebian:
+		qualifiers = append(qualifiers, parseDeb(metadata.OS)...)
+		namespace = metadata.OS.Family
+	case string(analyzer.TypeApk): // TODO: replace with packageurl.TypeApk once they add it.
+		qualifiers = append(qualifiers, parseApk(metadata.OS)...)
+		namespace = metadata.OS.Family
+	case packageurl.TypeMaven:
+		namespace, name = parseMaven(name)
+	case packageurl.TypePyPi:
+		name = parsePyPI(name)
+	case packageurl.TypeComposer:
+		namespace, name = parseComposer(name)
+	case packageurl.TypeGolang:
+		namespace, name = parseGolang(name)
+	case packageurl.TypeNPM:
+		namespace, name = parseNpm(name)
+	case packageurl.TypeOCI:
+		purl, err := parseOCI(metadata)
+		if err != nil {
+			return PackageURL{}, err
+		}
+		return PackageURL{PackageURL: purl}, nil
+	}
+
+	return PackageURL{
+		PackageURL: *packageurl.NewPackageURL(ptype, namespace, name, version, qualifiers, ""),
+		FilePath:   pkg.FilePath,
+	}, nil
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#oci
+func parseOCI(metadata types.Metadata) (packageurl.PackageURL, error) {
+	if len(metadata.RepoDigests) == 0 {
+		return *packageurl.NewPackageURL("", "", "", "", nil, ""), nil
+	}
+
+	digest, err := cn.NewDigest(metadata.RepoDigests[0])
+	if err != nil {
+		return packageurl.PackageURL{}, xerrors.Errorf("failed to parse digest: %w", err)
+	}
+
+	name := strings.ToLower(digest.RepositoryStr())
+	index := strings.LastIndex(name, "/")
+	if index != -1 {
+		name = name[index+1:]
+	}
+	qualifiers := packageurl.Qualifiers{
+		packageurl.Qualifier{
+			Key:   "repository_url",
+			Value: digest.Repository.Name(),
+		},
+		packageurl.Qualifier{
+			Key:   "arch",
+			Value: metadata.ImageConfig.Architecture,
+		},
+	}
+
+	return *packageurl.NewPackageURL(packageurl.TypeOCI, "", name, digest.DigestStr(), qualifiers, ""), nil
+}
+
+func parseApk(fos *ftypes.OS) packageurl.Qualifiers {
+	return packageurl.Qualifiers{
+		{
+			Key:   "distro",
+			Value: fos.Name,
+		},
+	}
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#deb
+func parseDeb(fos *ftypes.OS) packageurl.Qualifiers {
+	distro := fmt.Sprintf("%s-%s", fos.Family, fos.Name)
+	return packageurl.Qualifiers{
+		{
+			Key:   "distro",
+			Value: distro,
+		},
+	}
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#rpm
+func parseRPM(fos *ftypes.OS, modularityLabel string) (string, packageurl.Qualifiers) {
+	// SLES string has whitespace
+	family := fos.Family
+	if fos.Family == os.SLES {
+		family = "sles"
+	}
+
+	distro := fmt.Sprintf("%s-%s", family, fos.Name)
+	qualifiers := packageurl.Qualifiers{
+		{
+			Key:   "distro",
+			Value: distro,
+		},
+	}
+
+	if modularityLabel != "" {
+		qualifiers = append(qualifiers, packageurl.Qualifier{
+			Key:   "modularitylabel",
+			Value: modularityLabel,
+		})
+	}
+	return family, qualifiers
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#maven
+func parseMaven(pkgName string) (string, string) {
+	// The group id is the "namespace" and the artifact id is the "name".
+	name := strings.ReplaceAll(pkgName, ":", "/")
+	return parsePkgName(name)
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#golang
+func parseGolang(pkgName string) (string, string) {
+	name := strings.ToLower(pkgName)
+	return parsePkgName(name)
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#pypi
+func parsePyPI(pkgName string) string {
+	// PyPi treats - and _ as the same character and is not case-sensitive.
+	// Therefore a Pypi package name must be lowercased and underscore "_" replaced with a dash "-".
+	return strings.ToLower(strings.ReplaceAll(pkgName, "_", "-"))
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#composer
+func parseComposer(pkgName string) (string, string) {
+	return parsePkgName(pkgName)
+}
+
+// ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#npm
+func parseNpm(pkgName string) (string, string) {
+	// the name must be lowercased
+	name := strings.ToLower(pkgName)
+	return parsePkgName(name)
+}
+
+func purlType(t string) string {
+	switch t {
+	case string(analyzer.TypeJar), string(analyzer.TypePom):
+		return packageurl.TypeMaven
+	case string(analyzer.TypeBundler), string(analyzer.TypeGemSpec):
+		return packageurl.TypeGem
+	case string(analyzer.TypePythonPkg), string(analyzer.TypePip), string(analyzer.TypePipenv), string(analyzer.TypePoetry):
+		return packageurl.TypePyPi
+	case string(analyzer.TypeGoBinary), string(analyzer.TypeGoMod):
+		return packageurl.TypeGolang
+	case string(analyzer.TypeNpmPkgLock), string(analyzer.TypeNodePkg), string(analyzer.TypeYarn):
+		return packageurl.TypeNPM
+	case os.Alpine:
+		return string(analyzer.TypeApk)
+	case os.Debian, os.Ubuntu:
+		return packageurl.TypeDebian
+	case os.RedHat, os.CentOS, os.Rocky, os.Alma,
+		os.Amazon, os.Fedora, os.Oracle, os.OpenSUSE,
+		os.OpenSUSELeap, os.OpenSUSETumbleweed, os.SLES, os.Photon:
+		return packageurl.TypeRPM
+	case TypeOCI:
+		return packageurl.TypeOCI
+	}
+	return t
+}
+
+func parseQualifier(pkg ftypes.Package) packageurl.Qualifiers {
+	qualifiers := packageurl.Qualifiers{}
+	if pkg.Arch != "" {
+		qualifiers = append(qualifiers, packageurl.Qualifier{
+			Key:   "arch",
+			Value: pkg.Arch,
+		})
+	}
+	return qualifiers
+}
+
+func parsePkgName(name string) (string, string) {
+	var namespace string
+	index := strings.LastIndex(name, "/")
+	if index != -1 {
+		namespace = name[:index]
+		name = name[index+1:]
+	}
+	return namespace, name
+
+}

pkg/purl/purl_test.go

@@ -0,0 +1,279 @@
+package purl_test
+
+import (
+	"testing"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/package-url/packageurl-go"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/analyzer/os"
+	ftypes "github.com/aquasecurity/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/purl"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+func TestNewPackageURL(t *testing.T) {
+
+	testCases := []struct {
+		name     string
+		typ      string
+		pkg      ftypes.Package
+		metadata types.Metadata
+		want     purl.PackageURL
+		wantErr  string
+	}{
+		{
+			name: "maven package",
+			typ:  string(analyzer.TypeJar),
+			pkg: ftypes.Package{
+				Name:    "org.springframework:spring-core",
+				Version: "5.3.14",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeMaven,
+					Namespace: "org.springframework",
+					Name:      "spring-core",
+					Version:   "5.3.14",
+				},
+			},
+		},
+		{
+			name: "yarn package",
+			typ:  string(analyzer.TypeYarn),
+			pkg: ftypes.Package{
+				Name:    "@xtuc/ieee754",
+				Version: "1.2.0",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeNPM,
+					Namespace: "@xtuc",
+					Name:      "ieee754",
+					Version:   "1.2.0",
+				},
+			},
+		},
+		{
+			name: "yarn package with non-namespace",
+			typ:  string(analyzer.TypeYarn),
+			pkg: ftypes.Package{
+				Name:    "lodash",
+				Version: "4.17.21",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:    packageurl.TypeNPM,
+					Name:    "lodash",
+					Version: "4.17.21",
+				},
+			},
+		},
+		{
+			name: "pypi package",
+			typ:  string(analyzer.TypePip),
+			pkg: ftypes.Package{
+				Name:    "Django_test",
+				Version: "1.2.0",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:    packageurl.TypePyPi,
+					Name:    "django-test",
+					Version: "1.2.0",
+				},
+			},
+		},
+		{
+			name: "composer package",
+			typ:  string(analyzer.TypeComposer),
+			pkg: ftypes.Package{
+				Name:    "symfony/contracts",
+				Version: "v1.0.2",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeComposer,
+					Namespace: "symfony",
+					Name:      "contracts",
+					Version:   "v1.0.2",
+				},
+			},
+		},
+		{
+			name: "golang package",
+			typ:  string(analyzer.TypeGoMod),
+			pkg: ftypes.Package{
+				Name:    "github.com/go-sql-driver/Mysql",
+				Version: "v1.5.0",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeGolang,
+					Namespace: "github.com/go-sql-driver",
+					Name:      "mysql",
+					Version:   "v1.5.0",
+				},
+			},
+		},
+		{
+			name: "os package",
+			typ:  os.RedHat,
+			pkg: ftypes.Package{
+				Name:            "acl",
+				Version:         "2.2.53",
+				Release:         "1.el8",
+				Epoch:           0,
+				Arch:            "aarch64",
+				SrcName:         "acl",
+				SrcVersion:      "2.2.53",
+				SrcRelease:      "1.el8",
+				SrcEpoch:        0,
+				Modularitylabel: "",
+			},
+
+			metadata: types.Metadata{
+				OS: &ftypes.OS{
+					Family: os.RedHat,
+					Name:   "8",
+				},
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeRPM,
+					Namespace: "redhat",
+					Name:      "acl",
+					Version:   "2.2.53-1.el8",
+					Qualifiers: packageurl.Qualifiers{
+						{
+							Key:   "arch",
+							Value: "aarch64",
+						},
+						{
+							Key:   "distro",
+							Value: "redhat-8",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "container",
+			typ:  purl.TypeOCI,
+			metadata: types.Metadata{
+				RepoTags: []string{
+					"cblmariner2preview.azurecr.io/base/core:2.0.20220124-amd64",
+				},
+				RepoDigests: []string{
+					"cblmariner2preview.azurecr.io/base/core@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+					"cblmariner2preview.azurecr.io/base/core@sha256:016bb1f5735e43b2738cd3fd1979b62608fe1727132b2506c17ba0e1f6a6ed8a",
+				},
+				ImageConfig: v1.ConfigFile{
+					Architecture: "amd64",
+				},
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeOCI,
+					Namespace: "",
+					Name:      "core",
+					Version:   "sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+					Qualifiers: packageurl.Qualifiers{
+						{
+							Key:   "repository_url",
+							Value: "cblmariner2preview.azurecr.io/base/core",
+						},
+						{
+							Key:   "arch",
+							Value: "amd64",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "container local",
+			typ:  purl.TypeOCI,
+			metadata: types.Metadata{
+				RepoTags:    []string{},
+				RepoDigests: []string{},
+				ImageConfig: v1.ConfigFile{
+					Architecture: "amd64",
+				},
+				ImageID: "sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      "",
+					Namespace: "",
+					Name:      "",
+					Version:   "",
+				},
+			},
+		},
+		{
+			name: "container with implicit registry",
+			typ:  purl.TypeOCI,
+			metadata: types.Metadata{
+				RepoTags: []string{
+					"alpine:3.14",
+					"alpine:latest",
+				},
+				RepoDigests: []string{
+					"alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+					"alpine:latest@sha256:016bb1f5735e43b2738cd3fd1979b62608fe1727132b2506c17ba0e1f6a6ed8a",
+				},
+				ImageConfig: v1.ConfigFile{
+					Architecture: "amd64",
+				},
+			},
+			want: purl.PackageURL{
+				PackageURL: packageurl.PackageURL{
+					Type:      packageurl.TypeOCI,
+					Namespace: "",
+					Name:      "alpine",
+					Version:   "sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+					Qualifiers: packageurl.Qualifiers{
+						{
+							Key:   "repository_url",
+							Value: "index.docker.io/library/alpine",
+						},
+						{
+							Key:   "arch",
+							Value: "amd64",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "sad path",
+			typ:  purl.TypeOCI,
+			metadata: types.Metadata{
+				RepoTags: []string{
+					"cblmariner2preview.azurecr.io/base/core:2.0.20220124-amd64",
+				},
+				RepoDigests: []string{
+					"sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260",
+				},
+			},
+			wantErr: "failed to parse digest",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			packageURL, err := purl.NewPackageURL(tc.typ, tc.metadata, tc.pkg)
+			if tc.wantErr != "" {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tc.wantErr)
+				return
+			}
+			assert.NoError(t, err)
+			assert.Equal(t, tc.want, packageURL, tc.name)
+		})
+	}
+}

pkg/report/cyclonedx/cyclonedx.go

@@ -0,0 +1,365 @@
+package cyclonedx
+
+import (
+	"io"
+	"strconv"
+	"time"
+
+	cdx "github.com/CycloneDX/cyclonedx-go"
+	"github.com/google/uuid"
+	"golang.org/x/xerrors"
+	"k8s.io/utils/clock"
+
+	ftypes "github.com/aquasecurity/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/purl"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+const (
+	Namespace = "aquasecurity:trivy:"
+
+	PropertySchemaVersion = "SchemaVersion"
+	PropertyType          = "Type"
+	PropertyClass         = "Class"
+
+	// Image properties
+	PropertySize       = "Size"
+	PropertyImageID    = "ImageID"
+	PropertyRepoDigest = "RepoDigest"
+	PropertyDiffID     = "DiffID"
+	PropertyRepoTag    = "RepoTag"
+
+	// Package properties
+	PropertySrcName         = "SrcName"
+	PropertySrcVersion      = "SrcVersion"
+	PropertySrcRelease      = "SrcRelease"
+	PropertySrcEpoch        = "SrcEpoch"
+	PropertyModularitylabel = "Modularitylabel"
+	PropertyFilePath        = "FilePath"
+	PropertyLayerDigest     = "LayerDigest"
+	PropertyLayerDiffID     = "LayerDiffID"
+)
+
+// Writer implements types.Writer
+type Writer struct {
+	output  io.Writer
+	version string
+	*options
+}
+
+type newUUID func() uuid.UUID
+
+type options struct {
+	format  cdx.BOMFileFormat
+	clock   clock.Clock
+	newUUID newUUID
+}
+
+type option func(*options)
+
+func WithFormat(format cdx.BOMFileFormat) option {
+	return func(opts *options) {
+		opts.format = format
+	}
+}
+
+func WithClock(clock clock.Clock) option {
+	return func(opts *options) {
+		opts.clock = clock
+	}
+}
+
+func WithNewUUID(newUUID newUUID) option {
+	return func(opts *options) {
+		opts.newUUID = newUUID
+	}
+}
+
+func NewWriter(output io.Writer, version string, opts ...option) Writer {
+	o := &options{
+		format:  cdx.BOMFileFormatJSON,
+		clock:   clock.RealClock{},
+		newUUID: uuid.New,
+	}
+
+	for _, opt := range opts {
+		opt(o)
+	}
+
+	return Writer{
+		output:  output,
+		version: version,
+		options: o,
+	}
+}
+
+// Write writes the results in CycloneDX format
+func (cw Writer) Write(report types.Report) error {
+	bom, err := cw.convertToBom(report, cw.version)
+	if err != nil {
+		return xerrors.Errorf("failed to convert bom: %w", err)
+	}
+
+	if err = cdx.NewBOMEncoder(cw.output, cw.format).Encode(bom); err != nil {
+		return xerrors.Errorf("failed to encode bom: %w", err)
+	}
+
+	return nil
+}
+
+func (cw *Writer) convertToBom(r types.Report, version string) (*cdx.BOM, error) {
+	bom := cdx.NewBOM()
+	bom.SerialNumber = cw.options.newUUID().URN()
+	metadataComponent, err := cw.reportToComponent(r)
+	if err != nil {
+		return nil, xerrors.Errorf("failed to parse metadata component: %w", err)
+	}
+
+	bom.Metadata = &cdx.Metadata{
+		Timestamp: cw.clock.Now().UTC().Format(time.RFC3339Nano),
+		Tools: &[]cdx.Tool{
+			{
+				Vendor:  "aquasecurity",
+				Name:    "trivy",
+				Version: version,
+			},
+		},
+		Component: metadataComponent,
+	}
+
+	bom.Components, bom.Dependencies, err = cw.parseComponents(r, bom.Metadata.Component.BOMRef)
+	if err != nil {
+		return nil, xerrors.Errorf("failed to parse components: %w", err)
+	}
+
+	return bom, nil
+}
+
+func (cw *Writer) parseComponents(r types.Report, bomRef string) (*[]cdx.Component, *[]cdx.Dependency, error) {
+	var components []cdx.Component
+	var dependencies []cdx.Dependency
+	var metadataDependencies []cdx.Dependency
+	libraryUniqMap := map[string]struct{}{}
+	for _, result := range r.Results {
+		var componentDependencies []cdx.Dependency
+		for _, pkg := range result.Packages {
+			pkgComponent, err := cw.pkgToComponent(result.Type, r.Metadata, pkg)
+			if err != nil {
+				return nil, nil, xerrors.Errorf("failed to parse pkg: %w", err)
+			}
+
+			// When multiple lock files have the same dependency with the same name and version,
+			// "bom-ref" (PURL technically) of Library components may conflict.
+			// In that case, only one Library component will be added and
+			// some Application components will refer to the same component.
+			// e.g.
+			//    Application component (/app1/package-lock.json)
+			//    |
+			//    |    Application component (/app2/package-lock.json)
+			//    |    |
+			//    └----┴----> Library component (npm package, express-4.17.3)
+			//
+			if _, ok := libraryUniqMap[pkgComponent.BOMRef]; !ok {
+				libraryUniqMap[pkgComponent.BOMRef] = struct{}{}
+
+				// For components
+				// ref. https://cyclonedx.org/use-cases/#inventory
+				//
+				// TODO: All packages are flattened at the moment. We should construct dependency tree.
+				components = append(components, pkgComponent)
+			}
+
+			componentDependencies = append(componentDependencies, cdx.Dependency{Ref: pkgComponent.BOMRef})
+		}
+
+		if result.Type == ftypes.NodePkg || result.Type == ftypes.PythonPkg || result.Type == ftypes.GoBinary ||
+			result.Type == ftypes.GemSpec || result.Type == ftypes.Jar {
+			// If a package is language-specific package that isn't associated with a lock file,
+			// it will be a dependency of a component under "metadata".
+			// e.g.
+			//   Container component (alpine:3.15) ----------------------- #1
+			//     -> Library component (npm package, express-4.17.3) ---- #2
+			//     -> Library component (python package, django-4.0.2) --- #2
+			//     -> etc.
+			// ref. https://cyclonedx.org/use-cases/#inventory
+
+			// Dependency graph from #1 to #2
+			metadataDependencies = append(metadataDependencies, componentDependencies...)
+		} else {
+			// If a package is OS package, it will be a dependency of "Operating System" component.
+			// e.g.
+			//   Container component (alpine:3.15) --------------------- #1
+			//     -> Operating System Component (Alpine Linux 3.15) --- #2
+			//       -> Library component (bash-4.12) ------------------ #3
+			//       -> Library component (vim-8.2)   ------------------ #3
+			//       -> etc.
+			//
+			// Else if a package is language-specific package associated with a lock file,
+			// it will be a dependency of "Application" component.
+			// e.g.
+			//   Container component (alpine:3.15) ------------------------ #1
+			//     -> Application component (/app/package-lock.json) ------ #2
+			//       -> Library component (npm package, express-4.17.3) --- #3
+			//       -> Library component (npm package, lodash-4.17.21) --- #3
+			//       -> etc.
+
+			resultComponent := cw.resultToComponent(result, r.Metadata.OS)
+			components = append(components, resultComponent)
+
+			// Dependency graph from #2 to #3
+			dependencies = append(dependencies,
+				cdx.Dependency{Ref: resultComponent.BOMRef, Dependencies: &componentDependencies},
+			)
+
+			// Dependency graph from #1 to #2
+			metadataDependencies = append(metadataDependencies, cdx.Dependency{Ref: resultComponent.BOMRef})
+		}
+	}
+
+	dependencies = append(dependencies,
+		cdx.Dependency{Ref: bomRef, Dependencies: &metadataDependencies},
+	)
+	return &components, &dependencies, nil
+}
+
+func (cw *Writer) pkgToComponent(t string, meta types.Metadata, pkg ftypes.Package) (cdx.Component, error) {
+	pu, err := purl.NewPackageURL(t, meta, pkg)
+	if err != nil {
+		return cdx.Component{}, xerrors.Errorf("failed to new package purl: %w", err)
+	}
+	properties := parseProperties(pkg)
+	component := cdx.Component{
+		Type:       cdx.ComponentTypeLibrary,
+		Name:       pkg.Name,
+		Version:    pu.Version,
+		BOMRef:     pu.BOMRef(),
+		PackageURL: pu.ToString(),
+		Properties: &properties,
+	}
+
+	if pkg.License != "" {
+		component.Licenses = &cdx.Licenses{
+			cdx.LicenseChoice{Expression: pkg.License},
+		}
+	}
+
+	return component, nil
+}
+
+func (cw *Writer) reportToComponent(r types.Report) (*cdx.Component, error) {
+	component := &cdx.Component{
+		Name: r.ArtifactName,
+	}
+
+	properties := []cdx.Property{
+		property(PropertySchemaVersion, strconv.Itoa(r.SchemaVersion)),
+	}
+
+	if r.Metadata.Size != 0 {
+		properties = appendProperties(properties, PropertySize, strconv.FormatInt(r.Metadata.Size, 10))
+	}
+
+	switch r.ArtifactType {
+	case ftypes.ArtifactContainerImage:
+		component.Type = cdx.ComponentTypeContainer
+		p, err := purl.NewPackageURL(purl.TypeOCI, r.Metadata, ftypes.Package{})
+		if err != nil {
+			return nil, xerrors.Errorf("failed to new package url for oci: %w", err)
+		}
+		properties = appendProperties(properties, PropertyImageID, r.Metadata.ImageID)
+
+		if p.Type == "" {
+			component.BOMRef = cw.newUUID().String()
+		} else {
+			component.BOMRef = p.ToString()
+			component.PackageURL = p.ToString()
+		}
+	case ftypes.ArtifactFilesystem, ftypes.ArtifactRemoteRepository:
+		component.Type = cdx.ComponentTypeApplication
+		component.BOMRef = cw.newUUID().String()
+	}
+
+	for _, d := range r.Metadata.RepoDigests {
+		properties = appendProperties(properties, PropertyRepoDigest, d)
+	}
+	for _, d := range r.Metadata.DiffIDs {
+		properties = appendProperties(properties, PropertyDiffID, d)
+	}
+	for _, t := range r.Metadata.RepoTags {
+		properties = appendProperties(properties, PropertyRepoTag, t)
+	}
+
+	component.Properties = &properties
+
+	return component, nil
+}
+
+func (cw Writer) resultToComponent(r types.Result, osFound *ftypes.OS) cdx.Component {
+	component := cdx.Component{
+		Name: r.Target,
+		Properties: &[]cdx.Property{
+			property(PropertyType, r.Type),
+			property(PropertyClass, string(r.Class)),
+		},
+	}
+
+	switch r.Class {
+	case types.ClassOSPkg:
+		// UUID needs to be generated since Operating System Component cannot generate PURL.
+		// https://cyclonedx.org/use-cases/#known-vulnerabilities
+		component.BOMRef = cw.newUUID().String()
+		if osFound != nil {
+			component.Name = osFound.Family
+			component.Version = osFound.Name
+		}
+		component.Type = cdx.ComponentTypeOS
+	case types.ClassLangPkg:
+		// UUID needs to be generated since Application Component cannot generate PURL.
+		// https://cyclonedx.org/use-cases/#known-vulnerabilities
+		component.BOMRef = cw.newUUID().String()
+		component.Type = cdx.ComponentTypeApplication
+	case types.ClassConfig:
+		// TODO: Config support
+		component.BOMRef = cw.newUUID().String()
+		component.Type = cdx.ComponentTypeFile
+	}
+
+	return component
+}
+
+func parseProperties(pkg ftypes.Package) []cdx.Property {
+	props := []struct {
+		name  string
+		value string
+	}{
+		{PropertyFilePath, pkg.FilePath},
+		{PropertySrcName, pkg.SrcName},
+		{PropertySrcVersion, pkg.SrcVersion},
+		{PropertySrcRelease, pkg.SrcRelease},
+		{PropertySrcEpoch, strconv.Itoa(pkg.SrcEpoch)},
+		{PropertyModularitylabel, pkg.Modularitylabel},
+		{PropertyLayerDigest, pkg.Layer.Digest},
+		{PropertyLayerDiffID, pkg.Layer.DiffID},
+	}
+
+	var properties []cdx.Property
+	for _, prop := range props {
+		properties = appendProperties(properties, prop.name, prop.value)
+	}
+
+	return properties
+}
+
+func appendProperties(properties []cdx.Property, key, value string) []cdx.Property {
+	if value == "" || (key == PropertySrcEpoch && value == "0") {
+		return properties
+	}
+	return append(properties, property(key, value))
+}
+
+func property(key, value string) cdx.Property {
+	return cdx.Property{
+		Name:  Namespace + key,
+		Value: value,
+	}
+}

pkg/report/cyclonedx/cyclonedx_test.go

@@ -0,0 +1,672 @@
+package cyclonedx_test
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"testing"
+	"time"
+
+	cdx "github.com/CycloneDX/cyclonedx-go"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	fake "k8s.io/utils/clock/testing"
+
+	fos "github.com/aquasecurity/fanal/analyzer/os"
+	ftypes "github.com/aquasecurity/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/report"
+	"github.com/aquasecurity/trivy/pkg/report/cyclonedx"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+func TestWriter_Write(t *testing.T) {
+	testCases := []struct {
+		name        string
+		inputReport types.Report
+		wantSBOM    *cdx.BOM
+	}{
+		{
+			name: "happy path for container scan",
+			inputReport: types.Report{
+				SchemaVersion: report.SchemaVersion,
+				ArtifactName:  "rails:latest",
+				ArtifactType:  ftypes.ArtifactContainerImage,
+				Metadata: types.Metadata{
+					Size: 1024,
+					OS: &ftypes.OS{
+						Family: fos.CentOS,
+						Name:   "8.3.2011",
+						Eosl:   true,
+					},
+					ImageID:     "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6",
+					RepoTags:    []string{"rails:latest"},
+					DiffIDs:     []string{"sha256:d871dadfb37b53ef1ca45be04fc527562b91989991a8f545345ae3be0b93f92a"},
+					RepoDigests: []string{"rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177"},
+					ImageConfig: v1.ConfigFile{
+						Architecture: "arm64",
+					},
+				},
+				Results: types.Results{
+					{
+						Target: "rails:latest (centos 8.3.2011)",
+						Class:  types.ClassOSPkg,
+						Type:   fos.CentOS,
+						Packages: []ftypes.Package{
+							{
+								Name:            "acl",
+								Version:         "2.2.53",
+								Release:         "1.el8",
+								Epoch:           0,
+								Arch:            "aarch64",
+								SrcName:         "acl",
+								SrcVersion:      "2.2.53",
+								SrcRelease:      "1.el8",
+								SrcEpoch:        0,
+								Modularitylabel: "",
+								License:         "GPLv2+",
+							},
+						},
+					},
+					{
+						Target: "app/subproject/Gemfile.lock",
+						Class:  types.ClassLangPkg,
+						Type:   "bundler",
+						Packages: []ftypes.Package{
+							{
+								Name:    "actioncable",
+								Version: "7.0.0",
+							},
+							{
+								Name:    "actioncontroller",
+								Version: "7.0.0",
+							},
+						},
+					},
+					{
+						Target: "app/Gemfile.lock",
+						Class:  types.ClassLangPkg,
+						Type:   ftypes.Bundler,
+						Packages: []ftypes.Package{
+							{
+								Name:    "actioncable",
+								Version: "7.0.0",
+							},
+						},
+					},
+				},
+			},
+			wantSBOM: &cdx.BOM{
+				BOMFormat:    "CycloneDX",
+				SpecVersion:  "1.4",
+				SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
+				Version:      1,
+				Metadata: &cdx.Metadata{
+					Timestamp: "2021-08-25T12:20:30.000000005Z",
+					Tools: &[]cdx.Tool{
+						{
+							Name:    "trivy",
+							Vendor:  "aquasecurity",
+							Version: "dev",
+						},
+					},
+					Component: &cdx.Component{
+						Type:       cdx.ComponentTypeContainer,
+						BOMRef:     "pkg:oci/rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177?repository_url=index.docker.io%2Flibrary%2Frails&arch=arm64",
+						PackageURL: "pkg:oci/rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177?repository_url=index.docker.io%2Flibrary%2Frails&arch=arm64",
+						Name:       "rails:latest",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SchemaVersion",
+								Value: "2",
+							},
+							{
+								Name:  "aquasecurity:trivy:Size",
+								Value: "1024",
+							},
+							{
+								Name:  "aquasecurity:trivy:ImageID",
+								Value: "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6",
+							},
+							{
+								Name:  "aquasecurity:trivy:RepoDigest",
+								Value: "rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177",
+							},
+							{
+								Name:  "aquasecurity:trivy:DiffID",
+								Value: "sha256:d871dadfb37b53ef1ca45be04fc527562b91989991a8f545345ae3be0b93f92a",
+							},
+							{
+								Name:  "aquasecurity:trivy:RepoTag",
+								Value: "rails:latest",
+							},
+						},
+					},
+				},
+				Components: &[]cdx.Component{
+					{
+						BOMRef:  "pkg:rpm/centos/acl@2.2.53-1.el8?arch=aarch64&distro=centos-8.3.2011",
+						Type:    cdx.ComponentTypeLibrary,
+						Name:    "acl",
+						Version: "2.2.53-1.el8",
+						Licenses: &cdx.Licenses{
+							cdx.LicenseChoice{Expression: "GPLv2+"},
+						},
+						PackageURL: "pkg:rpm/centos/acl@2.2.53-1.el8?arch=aarch64&distro=centos-8.3.2011",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SrcName",
+								Value: "acl",
+							},
+							{
+								Name:  "aquasecurity:trivy:SrcVersion",
+								Value: "2.2.53",
+							},
+							{
+								Name:  "aquasecurity:trivy:SrcRelease",
+								Value: "1.el8",
+							},
+						},
+					},
+					{
+						BOMRef:  "3ff14136-e09f-4df9-80ea-000000000002",
+						Type:    cdx.ComponentTypeOS,
+						Name:    "centos",
+						Version: "8.3.2011",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:Type",
+								Value: "centos",
+							},
+							{
+								Name:  "aquasecurity:trivy:Class",
+								Value: "os-pkgs",
+							},
+						},
+					},
+					{
+						BOMRef:     "pkg:gem/actioncable@7.0.0",
+						Type:       cdx.ComponentTypeLibrary,
+						Name:       "actioncable",
+						Version:    "7.0.0",
+						PackageURL: "pkg:gem/actioncable@7.0.0",
+					},
+					{
+						BOMRef:     "pkg:gem/actioncontroller@7.0.0",
+						Type:       cdx.ComponentTypeLibrary,
+						Name:       "actioncontroller",
+						Version:    "7.0.0",
+						PackageURL: "pkg:gem/actioncontroller@7.0.0",
+					},
+					{
+						BOMRef:  "3ff14136-e09f-4df9-80ea-000000000003",
+						Type:    cdx.ComponentTypeApplication,
+						Name:    "app/subproject/Gemfile.lock",
+						Version: "",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:Type",
+								Value: "bundler",
+							},
+							{
+								Name:  "aquasecurity:trivy:Class",
+								Value: "lang-pkgs",
+							},
+						},
+					},
+					{
+						BOMRef:  "3ff14136-e09f-4df9-80ea-000000000004",
+						Type:    cdx.ComponentTypeApplication,
+						Name:    "app/Gemfile.lock",
+						Version: "",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:Type",
+								Value: "bundler",
+							},
+							{
+								Name:  "aquasecurity:trivy:Class",
+								Value: "lang-pkgs",
+							},
+						},
+					},
+				},
+				Dependencies: &[]cdx.Dependency{
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000002",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "pkg:rpm/centos/acl@2.2.53-1.el8?arch=aarch64&distro=centos-8.3.2011",
+							},
+						},
+					},
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000003",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "pkg:gem/actioncable@7.0.0",
+							},
+							{
+								Ref: "pkg:gem/actioncontroller@7.0.0",
+							},
+						},
+					},
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000004",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "pkg:gem/actioncable@7.0.0",
+							},
+						},
+					},
+					{
+						Ref: "pkg:oci/rails@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177?repository_url=index.docker.io%2Flibrary%2Frails&arch=arm64",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "3ff14136-e09f-4df9-80ea-000000000002",
+							},
+							{
+								Ref: "3ff14136-e09f-4df9-80ea-000000000003",
+							},
+							{
+								Ref: "3ff14136-e09f-4df9-80ea-000000000004",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "happy path for local container scan",
+			inputReport: types.Report{
+				SchemaVersion: report.SchemaVersion,
+				ArtifactName:  "centos:latest",
+				ArtifactType:  ftypes.ArtifactContainerImage,
+				Metadata: types.Metadata{
+					Size: 1024,
+					OS: &ftypes.OS{
+						Family: "centos",
+						Name:   "8.3.2011",
+						Eosl:   true,
+					},
+					ImageID:     "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6",
+					RepoTags:    []string{"centos:latest"},
+					RepoDigests: []string{},
+					ImageConfig: v1.ConfigFile{
+						Architecture: "arm64",
+					},
+				},
+				Results: types.Results{
+					{
+						Target: "centos:latest (centos 8.3.2011)",
+						Class:  types.ClassOSPkg,
+						Type:   fos.CentOS,
+						Packages: []ftypes.Package{
+							{
+								Name:            "acl",
+								Version:         "2.2.53",
+								Release:         "1.el8",
+								Epoch:           1,
+								Arch:            "aarch64",
+								SrcName:         "acl",
+								SrcVersion:      "2.2.53",
+								SrcRelease:      "1.el8",
+								SrcEpoch:        1,
+								Modularitylabel: "",
+								License:         "GPLv2+",
+							},
+						},
+					},
+				},
+			},
+			wantSBOM: &cdx.BOM{
+				BOMFormat:    "CycloneDX",
+				SpecVersion:  "1.4",
+				SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
+				Version:      1,
+				Metadata: &cdx.Metadata{
+					Timestamp: "2021-08-25T12:20:30.000000005Z",
+					Tools: &[]cdx.Tool{
+						{
+							Name:    "trivy",
+							Vendor:  "aquasecurity",
+							Version: "dev",
+						},
+					},
+					Component: &cdx.Component{
+						Type:       cdx.ComponentTypeContainer,
+						BOMRef:     "3ff14136-e09f-4df9-80ea-000000000002",
+						PackageURL: "",
+						Name:       "centos:latest",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SchemaVersion",
+								Value: "2",
+							},
+							{
+								Name:  "aquasecurity:trivy:Size",
+								Value: "1024",
+							},
+							{
+								Name:  "aquasecurity:trivy:ImageID",
+								Value: "sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6",
+							},
+							{
+								Name:  "aquasecurity:trivy:RepoTag",
+								Value: "centos:latest",
+							},
+						},
+					},
+				},
+				Components: &[]cdx.Component{
+					{
+						BOMRef:  "pkg:rpm/centos/acl@1:2.2.53-1.el8?arch=aarch64&distro=centos-8.3.2011",
+						Type:    cdx.ComponentTypeLibrary,
+						Name:    "acl",
+						Version: "1:2.2.53-1.el8",
+						Licenses: &cdx.Licenses{
+							cdx.LicenseChoice{Expression: "GPLv2+"},
+						},
+						PackageURL: "pkg:rpm/centos/acl@1:2.2.53-1.el8?arch=aarch64&distro=centos-8.3.2011",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SrcName",
+								Value: "acl",
+							},
+							{
+								Name:  "aquasecurity:trivy:SrcVersion",
+								Value: "2.2.53",
+							},
+							{
+								Name:  "aquasecurity:trivy:SrcRelease",
+								Value: "1.el8",
+							},
+							{
+								Name:  "aquasecurity:trivy:SrcEpoch",
+								Value: "1",
+							},
+						},
+					},
+					{
+						BOMRef:  "3ff14136-e09f-4df9-80ea-000000000003",
+						Type:    cdx.ComponentTypeOS,
+						Name:    "centos",
+						Version: "8.3.2011",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:Type",
+								Value: "centos",
+							},
+							{
+								Name:  "aquasecurity:trivy:Class",
+								Value: "os-pkgs",
+							},
+						},
+					},
+				},
+				Dependencies: &[]cdx.Dependency{
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000003",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "pkg:rpm/centos/acl@1:2.2.53-1.el8?arch=aarch64&distro=centos-8.3.2011",
+							},
+						},
+					},
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000002",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "3ff14136-e09f-4df9-80ea-000000000003",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "happy path for fs scan",
+			inputReport: types.Report{
+				SchemaVersion: report.SchemaVersion,
+				ArtifactName:  "masahiro331/CVE-2021-41098",
+				ArtifactType:  ftypes.ArtifactFilesystem,
+				Results: types.Results{
+					{
+						Target: "Gemfile.lock",
+						Class:  types.ClassLangPkg,
+						Type:   ftypes.Bundler,
+						Packages: []ftypes.Package{
+							{
+								Name:    "actioncable",
+								Version: "6.1.4.1",
+							},
+						},
+					},
+				},
+			},
+			wantSBOM: &cdx.BOM{
+				BOMFormat:    "CycloneDX",
+				SpecVersion:  "1.4",
+				SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
+				Version:      1,
+				Metadata: &cdx.Metadata{
+					Timestamp: "2021-08-25T12:20:30.000000005Z",
+					Tools: &[]cdx.Tool{
+						{
+							Name:    "trivy",
+							Vendor:  "aquasecurity",
+							Version: "dev",
+						},
+					},
+					Component: &cdx.Component{
+						BOMRef: "3ff14136-e09f-4df9-80ea-000000000002",
+						Type:   cdx.ComponentTypeApplication,
+						Name:   "masahiro331/CVE-2021-41098",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SchemaVersion",
+								Value: "2",
+							},
+						},
+					},
+				},
+				Components: &[]cdx.Component{
+					{
+						BOMRef:     "pkg:gem/actioncable@6.1.4.1",
+						Type:       "library",
+						Name:       "actioncable",
+						Version:    "6.1.4.1",
+						PackageURL: "pkg:gem/actioncable@6.1.4.1",
+					},
+					{
+						BOMRef: "3ff14136-e09f-4df9-80ea-000000000003",
+						Type:   cdx.ComponentTypeApplication,
+						Name:   "Gemfile.lock",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:Type",
+								Value: "bundler",
+							},
+							{
+								Name:  "aquasecurity:trivy:Class",
+								Value: "lang-pkgs",
+							},
+						},
+					},
+				},
+				Dependencies: &[]cdx.Dependency{
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000003",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "pkg:gem/actioncable@6.1.4.1",
+							},
+						},
+					},
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000002",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "3ff14136-e09f-4df9-80ea-000000000003",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "happy path aggregate results",
+			inputReport: types.Report{
+				SchemaVersion: report.SchemaVersion,
+				ArtifactName:  "test-aggregate",
+				ArtifactType:  ftypes.ArtifactRemoteRepository,
+				Results: types.Results{
+					{
+						Target: "Node.js",
+						Class:  types.ClassLangPkg,
+						Type:   ftypes.NodePkg,
+						Packages: []ftypes.Package{
+							{
+								Name:    "ruby-typeprof",
+								Version: "0.20.1",
+								License: "MIT",
+								Layer: ftypes.Layer{
+									DiffID: "sha256:661c3fd3cc16b34c070f3620ca6b03b6adac150f9a7e5d0e3c707a159990f88e",
+								},
+								FilePath: "usr/local/lib/ruby/gems/3.1.0/gems/typeprof-0.21.1/vscode/package.json",
+							},
+						},
+					},
+				},
+			},
+			wantSBOM: &cdx.BOM{
+				BOMFormat:    "CycloneDX",
+				SpecVersion:  "1.4",
+				SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
+				Version:      1,
+				Metadata: &cdx.Metadata{
+					Timestamp: "2021-08-25T12:20:30.000000005Z",
+					Tools: &[]cdx.Tool{
+						{
+							Name:    "trivy",
+							Vendor:  "aquasecurity",
+							Version: "dev",
+						},
+					},
+					Component: &cdx.Component{
+						Type:   cdx.ComponentTypeApplication,
+						Name:   "test-aggregate",
+						BOMRef: "3ff14136-e09f-4df9-80ea-000000000002",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SchemaVersion",
+								Value: "2",
+							},
+						},
+					},
+				},
+				Components: &[]cdx.Component{
+					{
+						BOMRef:     "pkg:npm/ruby-typeprof@0.20.1?file_path=usr%2Flocal%2Flib%2Fruby%2Fgems%2F3.1.0%2Fgems%2Ftypeprof-0.21.1%2Fvscode%2Fpackage.json",
+						Type:       "library",
+						Name:       "ruby-typeprof",
+						Version:    "0.20.1",
+						PackageURL: "pkg:npm/ruby-typeprof@0.20.1",
+						Licenses: &cdx.Licenses{
+							cdx.LicenseChoice{Expression: "MIT"},
+						},
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:FilePath",
+								Value: "usr/local/lib/ruby/gems/3.1.0/gems/typeprof-0.21.1/vscode/package.json",
+							},
+							{
+								Name:  "aquasecurity:trivy:LayerDiffID",
+								Value: "sha256:661c3fd3cc16b34c070f3620ca6b03b6adac150f9a7e5d0e3c707a159990f88e",
+							},
+						},
+					},
+				},
+				Dependencies: &[]cdx.Dependency{
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000002",
+						Dependencies: &[]cdx.Dependency{
+							{
+								Ref: "pkg:npm/ruby-typeprof@0.20.1?file_path=usr%2Flocal%2Flib%2Fruby%2Fgems%2F3.1.0%2Fgems%2Ftypeprof-0.21.1%2Fvscode%2Fpackage.json",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "happy path empty",
+			inputReport: types.Report{
+				SchemaVersion: report.SchemaVersion,
+				ArtifactName:  "empty/path",
+				ArtifactType:  ftypes.ArtifactFilesystem,
+				Results:       types.Results{},
+			},
+
+			wantSBOM: &cdx.BOM{
+				BOMFormat:    "CycloneDX",
+				SpecVersion:  "1.4",
+				SerialNumber: "urn:uuid:3ff14136-e09f-4df9-80ea-000000000001",
+				Version:      1,
+				Metadata: &cdx.Metadata{
+					Timestamp: "2021-08-25T12:20:30.000000005Z",
+					Tools: &[]cdx.Tool{
+						{
+							Name:    "trivy",
+							Vendor:  "aquasecurity",
+							Version: "dev",
+						},
+					},
+					Component: &cdx.Component{
+						Type:   cdx.ComponentTypeApplication,
+						Name:   "empty/path",
+						BOMRef: "3ff14136-e09f-4df9-80ea-000000000002",
+						Properties: &[]cdx.Property{
+							{
+								Name:  "aquasecurity:trivy:SchemaVersion",
+								Value: "2",
+							},
+						},
+					},
+				},
+				Dependencies: &[]cdx.Dependency{
+					{
+						Ref: "3ff14136-e09f-4df9-80ea-000000000002",
+					},
+				},
+			},
+		},
+	}
+
+	clock := fake.NewFakeClock(time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			var count int
+			newUUID := func() uuid.UUID {
+
+				count++
+
+				return uuid.Must(uuid.Parse(fmt.Sprintf("3ff14136-e09f-4df9-80ea-%012d", count)))
+			}
+
+			output := bytes.NewBuffer(nil)
+			writer := cyclonedx.NewWriter(output, "dev", cyclonedx.WithClock(clock), cyclonedx.WithNewUUID(newUUID))
+
+			err := writer.Write(tc.inputReport)
+			require.NoError(t, err)
+
+			var got cdx.BOM
+			err = json.NewDecoder(output).Decode(&got)
+			require.NoError(t, err)
+
+			assert.Equal(t, *tc.wantSBOM, got)
+		})
+	}
+}

pkg/report/json.go

@@ -6,6 +6,8 @@ import (
 	"io"
 
 	"golang.org/x/xerrors"
+
+	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 // JSONWriter implements result Writer
@@ -14,13 +16,13 @@ type JSONWriter struct {
 }
 
 // Write writes the results in JSON format
-func (jw JSONWriter) Write(report Report) error {
+func (jw JSONWriter) Write(report types.Report) error {
 	output, err := json.MarshalIndent(report, "", "  ")
 	if err != nil {
 		return xerrors.Errorf("failed to marshal json: %w", err)
 	}
 
-	if _, err = fmt.Fprint(jw.Output, string(output)); err != nil {
+	if _, err = fmt.Fprintln(jw.Output, string(output)); err != nil {
 		return xerrors.Errorf("failed to write json: %w", err)
 	}
 	return nil

pkg/report/json_test.go

@@ -16,7 +16,7 @@ func TestReportWriter_JSON(t *testing.T) {
 	testCases := []struct {
 		name          string
 		detectedVulns []types.DetectedVulnerability
-		want          report.Report
+		want          types.Report
 	}{
 		{
 			name: "happy path",
@@ -34,11 +34,11 @@ func TestReportWriter_JSON(t *testing.T) {
 					},
 				},
 			},
-			want: report.Report{
+			want: types.Report{
 				SchemaVersion: 2,
 				ArtifactName:  "alpine:3.14",
-				Results: report.Results{
-					report.Result{
+				Results: types.Results{
+					types.Result{
 						Target: "foojson",
 						Vulnerabilities: []types.DetectedVulnerability{
 							{
@@ -66,10 +66,10 @@ func TestReportWriter_JSON(t *testing.T) {
 			jsonWritten := bytes.Buffer{}
 			jw.Output = &jsonWritten
 
-			inputResults := report.Report{
+			inputResults := types.Report{
 				SchemaVersion: 2,
 				ArtifactName:  "alpine:3.14",
-				Results: report.Results{
+				Results: types.Results{
 					{
 						Target:          "foojson",
 						Vulnerabilities: tc.detectedVulns,
@@ -83,7 +83,7 @@ func TestReportWriter_JSON(t *testing.T) {
 			})
 			assert.NoError(t, err)
 
-			var got report.Report
+			var got types.Report
 			err = json.Unmarshal(jsonWritten.Bytes(), &got)
 			assert.NoError(t, err, "invalid json written")
 

pkg/report/sarif.go

@@ -106,7 +106,7 @@ func getRuleIndex(id string, indexes map[string]int) int {
 	}
 }
 
-func (sw SarifWriter) Write(report Report) error {
+func (sw SarifWriter) Write(report types.Report) error {
 	sarifReport, err := sarif.New(sarif.Version210)
 	if err != nil {
 		return xerrors.Errorf("error creating a new sarif template: %w", err)
@@ -174,11 +174,11 @@ func (sw SarifWriter) Write(report Report) error {
 
 func toSarifRuleName(class string) string {
 	switch class {
-	case ClassOSPkg:
+	case types.ClassOSPkg:
 		return sarifOsPackageVulnerability
-	case ClassLangPkg:
+	case types.ClassLangPkg:
 		return sarifLanguageSpecificVulnerability
-	case ClassConfig:
+	case types.ClassConfig:
 		return sarifConfigFiles
 	default:
 		return sarifUnknownIssue

pkg/report/sarif_test.go

@@ -26,16 +26,16 @@ func getIntPointer(i int) *int {
 func TestReportWriter_Sarif(t *testing.T) {
 	tests := []struct {
 		name        string
-		input       report.Results
+		input       types.Results
 		wantRules   []*sarif.ReportingDescriptor
 		wantResults []*sarif.Result
 	}{
 		{
 			name: "report with vulnerabilities",
-			input: report.Results{
+			input: types.Results{
 				{
 					Target: "test",
-					Class:  report.ClassOSPkg,
+					Class:  types.ClassOSPkg,
 					Vulnerabilities: []types.DetectedVulnerability{
 						{
 							VulnerabilityID:  "CVE-2020-0001",
@@ -110,10 +110,10 @@ func TestReportWriter_Sarif(t *testing.T) {
 		},
 		{
 			name: "report with misconfigurations",
-			input: report.Results{
+			input: types.Results{
 				{
 					Target: "test",
-					Class:  report.ClassConfig,
+					Class:  types.ClassConfig,
 					Misconfigurations: []types.DetectedMisconfiguration{
 						{
 							Type:       "Kubernetes Security Check",
@@ -231,7 +231,7 @@ func TestReportWriter_Sarif(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			sarifWritten := bytes.Buffer{}
-			err := report.Write(report.Report{Results: tt.input}, report.Option{
+			err := report.Write(types.Report{Results: tt.input}, report.Option{
 				Format: "sarif",
 				Output: &sarifWritten,
 			})

pkg/report/table.go

@@ -25,14 +25,14 @@ type TableWriter struct {
 }
 
 // Write writes the result on standard output
-func (tw TableWriter) Write(report Report) error {
+func (tw TableWriter) Write(report types.Report) error {
 	for _, result := range report.Results {
 		tw.write(result)
 	}
 	return nil
 }
 
-func (tw TableWriter) write(result Result) {
+func (tw TableWriter) write(result types.Result) {
 	table := tablewriter.NewWriter(tw.Output)
 
 	var severityCount map[string]int
@@ -45,7 +45,7 @@ func (tw TableWriter) write(result Result) {
 	total, summaries := tw.summary(severityCount)
 
 	target := result.Target
-	if result.Class != ClassOSPkg {
+	if result.Class != types.ClassOSPkg {
 		target += fmt.Sprintf(" (%s)", result.Type)
 	}
 
@@ -198,7 +198,7 @@ func (tw TableWriter) setMisconfRows(table *tablewriter.Table, misconfs []types.
 	return severityCount
 }
 
-func (tw TableWriter) outputTrace(result Result) {
+func (tw TableWriter) outputTrace(result types.Result) {
 	blue := color.New(color.FgBlue).SprintFunc()
 	green := color.New(color.FgGreen).SprintfFunc()
 	red := color.New(color.FgRed).SprintfFunc()

pkg/report/table_test.go

@@ -14,13 +14,13 @@ import (
 func TestReportWriter_Table(t *testing.T) {
 	testCases := []struct {
 		name               string
-		results            report.Results
+		results            types.Results
 		expectedOutput     string
 		includeNonFailures bool
 	}{
 		{
 			name: "happy path full",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -49,7 +49,7 @@ func TestReportWriter_Table(t *testing.T) {
 		},
 		{
 			name: "no title for vuln and missing primary link",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -75,7 +75,7 @@ func TestReportWriter_Table(t *testing.T) {
 		},
 		{
 			name: "long title for vuln",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -104,7 +104,7 @@ func TestReportWriter_Table(t *testing.T) {
 		},
 		{
 			name: "happy path misconfigurations",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Misconfigurations: []types.DetectedMisconfiguration{
@@ -143,7 +143,7 @@ func TestReportWriter_Table(t *testing.T) {
 		{
 			name:               "happy path misconfigurations with successes",
 			includeNonFailures: true,
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Misconfigurations: []types.DetectedMisconfiguration{
@@ -187,7 +187,7 @@ func TestReportWriter_Table(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			tableWritten := bytes.Buffer{}
-			err := report.Write(report.Report{Results: tc.results}, report.Option{
+			err := report.Write(types.Report{Results: tc.results}, report.Option{
 				Format:             "table",
 				Output:             &tableWritten,
 				IncludeNonFailures: tc.includeNonFailures,

pkg/report/template.go

@@ -9,11 +9,12 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/Masterminds/sprig"
+	"github.com/Masterminds/sprig/v3"
 	"golang.org/x/xerrors"
 
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 // CustomTemplateFuncMap is used to overwrite existing functions for testing.
@@ -70,7 +71,7 @@ func NewTemplateWriter(output io.Writer, outputTemplate string) (*TemplateWriter
 }
 
 // Write writes result
-func (tw TemplateWriter) Write(report Report) error {
+func (tw TemplateWriter) Write(report types.Report) error {
 	err := tw.Template.Execute(tw.Output, report.Results)
 	if err != nil {
 		return xerrors.Errorf("failed to write with template: %w", err)

pkg/report/template_test.go

@@ -165,8 +165,8 @@ func TestReportWriter_Template(t *testing.T) {
 			}
 			os.Setenv("AWS_ACCOUNT_ID", "123456789012")
 			got := bytes.Buffer{}
-			inputReport := report.Report{
-				Results: report.Results{
+			inputReport := types.Report{
+				Results: types.Results{
 					{
 						Target:          "foojunit",
 						Type:            "test",
@@ -203,8 +203,8 @@ func TestReportWriter_Template_SARIF(t *testing.T) {
 			template, err := os.ReadFile(templateFile)
 			require.NoError(t, err, tc.name)
 
-			inputReport := report.Report{
-				Results: report.Results{
+			inputReport := types.Report{
+				Results: types.Results{
 					{
 						Target:          tc.target,
 						Type:            "footype",

pkg/report/writer.go

@@ -6,12 +6,11 @@ import (
 	"strings"
 	"time"
 
-	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"golang.org/x/xerrors"
 
-	ftypes "github.com/aquasecurity/fanal/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/report/cyclonedx"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -22,75 +21,6 @@ const (
 // Now returns the current time
 var Now = time.Now
 
-// Report represents a scan result
-type Report struct {
-	SchemaVersion int                 `json:",omitempty"`
-	ArtifactName  string              `json:",omitempty"`
-	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
-	Metadata      Metadata            `json:",omitempty"`
-	Results       Results             `json:",omitempty"`
-}
-
-// Metadata represents a metadata of artifact
-type Metadata struct {
-	Size int64      `json:",omitempty"`
-	OS   *ftypes.OS `json:",omitempty"`
-
-	// Container image
-	ImageID     string        `json:",omitempty"`
-	DiffIDs     []string      `json:",omitempty"`
-	RepoTags    []string      `json:",omitempty"`
-	RepoDigests []string      `json:",omitempty"`
-	ImageConfig v1.ConfigFile `json:",omitempty"`
-}
-
-// Results to hold list of Result
-type Results []Result
-
-type ResultClass string
-
-const (
-	ClassOSPkg   = "os-pkgs"
-	ClassLangPkg = "lang-pkgs"
-	ClassConfig  = "config"
-)
-
-// Result holds a target and detected vulnerabilities
-type Result struct {
-	Target            string                           `json:"Target"`
-	Class             ResultClass                      `json:"Class,omitempty"`
-	Type              string                           `json:"Type,omitempty"`
-	Packages          []ftypes.Package                 `json:"Packages,omitempty"`
-	Vulnerabilities   []types.DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
-	MisconfSummary    *MisconfSummary                  `json:"MisconfSummary,omitempty"`
-	Misconfigurations []types.DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
-}
-
-type MisconfSummary struct {
-	Successes  int
-	Failures   int
-	Exceptions int
-}
-
-func (s MisconfSummary) Empty() bool {
-	return s.Successes == 0 && s.Failures == 0 && s.Exceptions == 0
-}
-
-// Failed returns whether the result includes any vulnerabilities or misconfigurations
-func (results Results) Failed() bool {
-	for _, r := range results {
-		if len(r.Vulnerabilities) > 0 {
-			return true
-		}
-		for _, m := range r.Misconfigurations {
-			if m.Status == types.StatusFailure {
-				return true
-			}
-		}
-	}
-	return false
-}
-
 type Option struct {
 	Format         string
 	Output         io.Writer
@@ -104,7 +34,7 @@ type Option struct {
 }
 
 // Write writes the result to output, format as passed in argument
-func Write(report Report, option Option) error {
+func Write(report types.Report, option Option) error {
 	var writer Writer
 	switch option.Format {
 	case "table":
@@ -116,6 +46,9 @@ func Write(report Report, option Option) error {
 		}
 	case "json":
 		writer = &JSONWriter{Output: option.Output}
+	case "cyclonedx":
+		// TODO: support xml format option with cyclonedx writer
+		writer = cyclonedx.NewWriter(option.Output, option.AppVersion)
 	case "template":
 		// We keep `sarif.tpl` template working for backward compatibility for a while.
 		if strings.HasPrefix(option.OutputTemplate, "@") && filepath.Base(option.OutputTemplate) == "sarif.tpl" {
@@ -141,5 +74,5 @@ func Write(report Report, option Option) error {
 
 // Writer defines the result write operation
 type Writer interface {
-	Write(Report) error
+	Write(types.Report) error
 }

pkg/report/writer_test.go

@@ -5,19 +5,18 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 func TestResults_Failed(t *testing.T) {
 	tests := []struct {
 		name    string
-		results report.Results
+		results types.Results
 		want    bool
 	}{
 		{
 			name: "no vulnerabilities and misconfigurations",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Type:   "test",
@@ -27,7 +26,7 @@ func TestResults_Failed(t *testing.T) {
 		},
 		{
 			name: "vulnerabilities found",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Type:   "test",
@@ -43,7 +42,7 @@ func TestResults_Failed(t *testing.T) {
 		},
 		{
 			name: "failed misconfigurations",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Type:   "test",
@@ -60,7 +59,7 @@ func TestResults_Failed(t *testing.T) {
 		},
 		{
 			name: "passed misconfigurations",
-			results: report.Results{
+			results: types.Results{
 				{
 					Target: "test",
 					Type:   "test",

pkg/result/result.go

@@ -16,7 +16,6 @@ import (
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 	"github.com/aquasecurity/trivy/pkg/log"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/utils"
 )
@@ -134,7 +133,7 @@ func (c Client) getPrimaryURL(vulnID string, refs []string, source dbTypes.Sourc
 // Filter filter out the vulnerabilities
 func (c Client) Filter(ctx context.Context, vulns []types.DetectedVulnerability, misconfs []types.DetectedMisconfiguration,
 	severities []dbTypes.Severity, ignoreUnfixed, includeNonFailures bool, ignoreFile, policyFile string) (
-	[]types.DetectedVulnerability, *report.MisconfSummary, []types.DetectedMisconfiguration, error) {
+	[]types.DetectedVulnerability, *types.MisconfSummary, []types.DetectedMisconfiguration, error) {
 	ignoredIDs := getIgnoredIDs(ignoreFile)
 
 	filteredVulns := filterVulnerabilities(vulns, severities, ignoreUnfixed, ignoredIDs)
@@ -185,9 +184,9 @@ func filterVulnerabilities(vulns []types.DetectedVulnerability, severities []dbT
 }
 
 func filterMisconfigurations(misconfs []types.DetectedMisconfiguration, severities []dbTypes.Severity,
-	includeNonFailures bool, ignoredIDs []string) (*report.MisconfSummary, []types.DetectedMisconfiguration) {
+	includeNonFailures bool, ignoredIDs []string) (*types.MisconfSummary, []types.DetectedMisconfiguration) {
 	var filtered []types.DetectedMisconfiguration
-	summary := new(report.MisconfSummary)
+	summary := new(types.MisconfSummary)
 
 	for _, misconf := range misconfs {
 		// Filter misconfigurations by severity
@@ -216,7 +215,7 @@ func filterMisconfigurations(misconfs []types.DetectedMisconfiguration, severiti
 	return summary, filtered
 }
 
-func summarize(status types.MisconfStatus, summary *report.MisconfSummary) {
+func summarize(status types.MisconfStatus, summary *types.MisconfSummary) {
 	switch status {
 	case types.StatusFailure:
 		summary.Failures++

pkg/result/result_test.go

@@ -14,7 +14,6 @@ import (
 	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -364,7 +363,7 @@ func TestClient_Filter(t *testing.T) {
 		name               string
 		args               args
 		wantVulns          []types.DetectedVulnerability
-		wantMisconfSummary *report.MisconfSummary
+		wantMisconfSummary *types.MisconfSummary
 		wantMisconfs       []types.DetectedMisconfiguration
 	}{
 		{
@@ -476,7 +475,7 @@ func TestClient_Filter(t *testing.T) {
 					},
 				},
 			},
-			wantMisconfSummary: &report.MisconfSummary{
+			wantMisconfSummary: &types.MisconfSummary{
 				Successes:  0,
 				Failures:   1,
 				Exceptions: 0,

pkg/rpc/client/client.go

@@ -2,16 +2,15 @@ package client
 
 import (
 	"context"
+	"crypto/tls"
 	"net/http"
 
-	ftypes "github.com/aquasecurity/fanal/types"
-
 	"github.com/aquasecurity/trivy/pkg/types"
 
 	"github.com/google/wire"
 	"golang.org/x/xerrors"
 
-	"github.com/aquasecurity/trivy/pkg/report"
+	ftypes "github.com/aquasecurity/fanal/types"
 	r "github.com/aquasecurity/trivy/pkg/rpc"
 	rpc "github.com/aquasecurity/trivy/rpc/scanner"
 )
@@ -25,9 +24,20 @@ var SuperSet = wire.NewSet(
 // RemoteURL for RPC remote host
 type RemoteURL string
 
+// Insecure for RPC remote host
+type Insecure bool
+
 // NewProtobufClient is the factory method to return RPC scanner
-func NewProtobufClient(remoteURL RemoteURL) rpc.Scanner {
-	return rpc.NewScannerProtobufClient(string(remoteURL), &http.Client{})
+func NewProtobufClient(remoteURL RemoteURL, insecure Insecure) rpc.Scanner {
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: bool(insecure),
+			},
+		},
+	}
+
+	return rpc.NewScannerProtobufClient(string(remoteURL), httpClient)
 }
 
 // CustomHeaders for holding HTTP headers
@@ -45,7 +55,7 @@ func NewScanner(customHeaders CustomHeaders, s rpc.Scanner) Scanner {
 }
 
 // Scan scans the image
-func (s Scanner) Scan(target, artifactKey string, blobKeys []string, options types.ScanOptions) (report.Results, *ftypes.OS, error) {
+func (s Scanner) Scan(target, artifactKey string, blobKeys []string, options types.ScanOptions) (types.Results, *ftypes.OS, error) {
 	ctx := WithCustomHeaders(context.Background(), http.Header(s.customHeaders))
 
 	var res *rpc.ScanResponse

pkg/rpc/client/client_test.go

@@ -3,6 +3,8 @@ package client
 import (
 	"context"
 	"errors"
+	"net/http"
+	"net/http/httptest"
 	"testing"
 
 	"github.com/golang/protobuf/ptypes/timestamp"
@@ -13,7 +15,6 @@ import (
 	ftypes "github.com/aquasecurity/fanal/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/utils"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/rpc/common"
 	"github.com/aquasecurity/trivy/rpc/scanner"
@@ -99,7 +100,7 @@ func TestScanner_Scan(t *testing.T) {
 		fields          fields
 		args            args
 		scanExpectation scanExpectation
-		wantResults     report.Results
+		wantResults     types.Results
 		wantOS          *ftypes.OS
 		wantEosl        bool
 		wantErr         string
@@ -183,7 +184,7 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "alpine:3.11",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -284,3 +285,48 @@ func TestScanner_Scan(t *testing.T) {
 		})
 	}
 }
+
+func TestScanner_ScanServerInsecure(t *testing.T) {
+	ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
+	defer ts.Close()
+
+	type args struct {
+		request  *scanner.ScanRequest
+		insecure bool
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr string
+	}{
+		{
+			name: "happy path",
+			args: args{
+				request:  &scanner.ScanRequest{},
+				insecure: true,
+			},
+		},
+		{
+			name: "sad path",
+			args: args{
+				request:  &scanner.ScanRequest{},
+				insecure: false,
+			},
+			wantErr: "certificate signed by unknown authority",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			s := NewProtobufClient(RemoteURL(ts.URL), Insecure(tt.args.insecure))
+			_, err := s.Scan(context.Background(), tt.args.request)
+
+			if tt.wantErr != "" {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tt.wantErr)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}

pkg/rpc/convert.go

@@ -11,7 +11,6 @@ import (
 	deptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/log"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/rpc/cache"
 	"github.com/aquasecurity/trivy/rpc/common"
@@ -193,22 +192,40 @@ func ConvertToRPCDataSource(ds *dbTypes.DataSource) *common.DataSource {
 	}
 }
 
-// ConvertFromRPCResults converts scanner.Result to report.Result
-func ConvertFromRPCResults(rpcResults []*scanner.Result) []report.Result {
-	var results []report.Result
+// ConvertFromRPCResults converts scanner.Result to types.Result
+func ConvertFromRPCResults(rpcResults []*scanner.Result) []types.Result {
+	var results []types.Result
 	for _, result := range rpcResults {
-		results = append(results, report.Result{
+		results = append(results, types.Result{
 			Target:            result.Target,
 			Vulnerabilities:   ConvertFromRPCVulns(result.Vulnerabilities),
 			Misconfigurations: ConvertFromRPCMisconfs(result.Misconfigurations),
-			Class:             report.ResultClass(result.Class),
+			Class:             types.ResultClass(result.Class),
 			Type:              result.Type,
 			Packages:          ConvertFromRPCPkgs(result.Packages),
+			CustomResources:   ConvertFromRPCCustomResources(result.CustomResources),
 		})
 	}
 	return results
 }
 
+// ConvertFromRPCCustomResources converts array of cache.CustomResource to fanal.CustomResource
+func ConvertFromRPCCustomResources(rpcCustomResources []*common.CustomResource) []ftypes.CustomResource {
+	var resources []ftypes.CustomResource
+	for _, res := range rpcCustomResources {
+		resources = append(resources, ftypes.CustomResource{
+			Type:     res.Type,
+			FilePath: res.FilePath,
+			Layer: ftypes.Layer{
+				Digest: res.Layer.Digest,
+				DiffID: res.Layer.DiffId,
+			},
+			Data: res.Data,
+		})
+	}
+	return resources
+}
+
 // ConvertFromRPCVulns converts []*common.Vulnerability to []types.DetectedVulnerability
 func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulnerability {
 	var vulns []types.DetectedVulnerability
@@ -403,6 +420,7 @@ func ConvertFromRPCPutBlobRequest(req *cache.PutBlobRequest) ftypes.BlobInfo {
 		Misconfigurations: ConvertFromRPCMisconfigurations(req.BlobInfo.Misconfigurations),
 		OpaqueDirs:        req.BlobInfo.OpaqueDirs,
 		WhiteoutFiles:     req.BlobInfo.WhiteoutFiles,
+		CustomResources:   ConvertFromRPCCustomResources(req.BlobInfo.CustomResources),
 	}
 }
 
@@ -478,6 +496,24 @@ func ConvertToRPCBlobInfo(diffID string, blobInfo ftypes.BlobInfo) *cache.PutBlo
 
 	}
 
+	var customResources []*common.CustomResource
+	for _, res := range blobInfo.CustomResources {
+		data, err := structpb.NewValue(res.Data)
+		if err != nil {
+
+		} else {
+			customResources = append(customResources, &common.CustomResource{
+				Type:     res.Type,
+				FilePath: res.FilePath,
+				Layer: &common.Layer{
+					Digest: res.Layer.Digest,
+					DiffId: res.Layer.DiffID,
+				},
+				Data: data,
+			})
+		}
+	}
+
 	return &cache.PutBlobRequest{
 		DiffId: diffID,
 		BlobInfo: &cache.BlobInfo{
@@ -490,6 +526,7 @@ func ConvertToRPCBlobInfo(diffID string, blobInfo ftypes.BlobInfo) *cache.PutBlo
 			Misconfigurations: misconfigurations,
 			OpaqueDirs:        blobInfo.OpaqueDirs,
 			WhiteoutFiles:     blobInfo.WhiteoutFiles,
+			CustomResources:   customResources,
 		},
 	}
 }
@@ -518,8 +555,8 @@ func ConvertToMissingBlobsRequest(imageID string, layerIDs []string) *cache.Miss
 	}
 }
 
-// ConvertToRPCScanResponse converts report.Result to ScanResponse
-func ConvertToRPCScanResponse(results report.Results, fos *ftypes.OS) *scanner.ScanResponse {
+// ConvertToRPCScanResponse converts types.Result to ScanResponse
+func ConvertToRPCScanResponse(results types.Results, fos *ftypes.OS) *scanner.ScanResponse {
 	var rpcResults []*scanner.Result
 	for _, result := range results {
 		rpcResults = append(rpcResults, &scanner.Result{

pkg/rpc/convert_test.go

@@ -12,7 +12,6 @@ import (
 	ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/rpc/common"
 	"github.com/aquasecurity/trivy/rpc/scanner"
@@ -345,7 +344,7 @@ func TestConvertFromRPCResults(t *testing.T) {
 	tests := []struct {
 		name string
 		args args
-		want []report.Result
+		want []types.Result
 	}{
 		{
 			name: "happy path",
@@ -388,7 +387,7 @@ func TestConvertFromRPCResults(t *testing.T) {
 					},
 				}},
 			},
-			want: []report.Result{
+			want: []types.Result{
 				{
 					Target: "alpine:3.10",
 					Type:   fos.Alpine,
@@ -468,7 +467,7 @@ func TestConvertFromRPCResults(t *testing.T) {
 					},
 				}},
 			},
-			want: []report.Result{
+			want: []types.Result{
 				{
 					Target: "alpine:3.10",
 					Type:   fos.Alpine,

pkg/rpc/server/server_test.go

@@ -19,7 +19,6 @@ import (
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/result"
 	"github.com/aquasecurity/trivy/pkg/scanner"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -63,7 +62,7 @@ func TestScanServer_Scan(t *testing.T) {
 					LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
 				},
 				Returns: scanner.DriverScanReturns{
-					Results: report.Results{
+					Results: types.Results{
 						{
 							Target: "alpine:3.11 (alpine 3.11)",
 							Vulnerabilities: []types.DetectedVulnerability{

pkg/scanner/local/scan.go

@@ -17,7 +17,6 @@ import (
 	"github.com/aquasecurity/trivy/pkg/detector/library"
 	ospkgDetector "github.com/aquasecurity/trivy/pkg/detector/ospkg"
 	"github.com/aquasecurity/trivy/pkg/log"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/utils"
 
@@ -65,7 +64,7 @@ func NewScanner(applier Applier, ospkgDetector OspkgDetector) Scanner {
 }
 
 // Scan scans the artifact and return results.
-func (s Scanner) Scan(target string, artifactKey string, blobKeys []string, options types.ScanOptions) (report.Results, *ftypes.OS, error) {
+func (s Scanner) Scan(target string, artifactKey string, blobKeys []string, options types.ScanOptions) (types.Results, *ftypes.OS, error) {
 	artifactDetail, err := s.applier.ApplyLayers(artifactKey, blobKeys)
 	switch {
 	case errors.Is(err, analyzer.ErrUnknownOS):
@@ -78,11 +77,11 @@ func (s Scanner) Scan(target string, artifactKey string, blobKeys []string, opti
 	}
 
 	var eosl bool
-	var results report.Results
+	var results types.Results
 
 	// Scan OS packages and language-specific dependencies
 	if utils.StringInSlice(types.SecurityCheckVulnerability, options.SecurityChecks) {
-		var vulnResults report.Results
+		var vulnResults types.Results
 		vulnResults, eosl, err = s.checkVulnerabilities(target, artifactDetail, options)
 		if err != nil {
 			return nil, nil, xerrors.Errorf("failed to detect vulnerabilities: %w", err)
@@ -103,9 +102,9 @@ func (s Scanner) Scan(target string, artifactKey string, blobKeys []string, opti
 }
 
 func (s Scanner) checkVulnerabilities(target string, detail ftypes.ArtifactDetail, options types.ScanOptions) (
-	report.Results, bool, error) {
+	types.Results, bool, error) {
 	var eosl bool
-	var results report.Results
+	var results types.Results
 
 	if utils.StringInSlice(types.VulnTypeOS, options.VulnType) {
 		result, detectedEosl, err := s.scanOSPkgs(target, detail, options)
@@ -129,7 +128,7 @@ func (s Scanner) checkVulnerabilities(target string, detail ftypes.ArtifactDetai
 }
 
 func (s Scanner) scanOSPkgs(target string, detail ftypes.ArtifactDetail, options types.ScanOptions) (
-	*report.Result, bool, error) {
+	*types.Result, bool, error) {
 	if detail.OS == nil {
 		log.Logger.Debug("Detected OS: unknown")
 		return nil, false, nil
@@ -158,7 +157,7 @@ func (s Scanner) scanOSPkgs(target string, detail ftypes.ArtifactDetail, options
 	return result, eosl, nil
 }
 
-func (s Scanner) detectVulnsInOSPkgs(target, osFamily, osName string, pkgs []ftypes.Package) (*report.Result, bool, error) {
+func (s Scanner) detectVulnsInOSPkgs(target, osFamily, osName string, pkgs []ftypes.Package) (*types.Result, bool, error) {
 	if osFamily == "" {
 		return nil, false, nil
 	}
@@ -170,22 +169,22 @@ func (s Scanner) detectVulnsInOSPkgs(target, osFamily, osName string, pkgs []fty
 	}
 
 	artifactDetail := fmt.Sprintf("%s (%s %s)", target, osFamily, osName)
-	result := &report.Result{
+	result := &types.Result{
 		Target:          artifactDetail,
 		Vulnerabilities: vulns,
-		Class:           report.ClassOSPkg,
+		Class:           types.ClassOSPkg,
 		Type:            osFamily,
 	}
 	return result, eosl, nil
 }
 
-func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOptions) (report.Results, error) {
+func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOptions) (types.Results, error) {
 	log.Logger.Infof("Number of language-specific files: %d", len(apps))
 	if len(apps) == 0 {
 		return nil, nil
 	}
 
-	var results report.Results
+	var results types.Results
 	printedTypes := map[string]struct{}{}
 	for _, app := range apps {
 		if len(app.Libraries) == 0 {
@@ -210,10 +209,10 @@ func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOption
 			target = t
 		}
 
-		libReport := report.Result{
+		libReport := types.Result{
 			Target:          target,
 			Vulnerabilities: vulns,
-			Class:           report.ClassLangPkg,
+			Class:           types.ClassLangPkg,
 			Type:            app.Type,
 		}
 		if options.ListAllPackages {
@@ -227,9 +226,9 @@ func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOption
 	return results, nil
 }
 
-func (s Scanner) misconfsToResults(misconfs []ftypes.Misconfiguration, options types.ScanOptions) report.Results {
+func (s Scanner) misconfsToResults(misconfs []ftypes.Misconfiguration, options types.ScanOptions) types.Results {
 	log.Logger.Infof("Detected config files: %d", len(misconfs))
-	var results report.Results
+	var results types.Results
 	for _, misconf := range misconfs {
 		log.Logger.Debugf("Scanned config file: %s", misconf.FilePath)
 
@@ -248,9 +247,9 @@ func (s Scanner) misconfsToResults(misconfs []ftypes.Misconfiguration, options t
 			detected = append(detected, toDetectedMisconfiguration(w, dbTypes.SeverityUnknown, types.StatusException, misconf.Layer))
 		}
 
-		results = append(results, report.Result{
+		results = append(results, types.Result{
 			Target:            misconf.FilePath,
-			Class:             report.ClassConfig,
+			Class:             types.ClassConfig,
 			Type:              misconf.FileType,
 			Misconfigurations: detected,
 		})

pkg/scanner/local/scan_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
 	ospkgDetector "github.com/aquasecurity/trivy/pkg/detector/ospkg"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -29,7 +28,7 @@ func TestScanner_Scan(t *testing.T) {
 		fixtures                []string
 		applyLayersExpectation  ApplierApplyLayersExpectation
 		ospkgDetectExpectations []OspkgDetectorDetectExpectation
-		wantResults             report.Results
+		wantResults             types.Results
 		wantOS                  *ftypes.OS
 		wantErr                 string
 	}{
@@ -112,7 +111,7 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "alpine:latest (alpine 3.11)",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -126,7 +125,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassOSPkg,
+					Class: types.ClassOSPkg,
 					Type:  fos.Alpine,
 				},
 				{
@@ -142,7 +141,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  ftypes.Bundler,
 				},
 			},
@@ -246,7 +245,7 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "alpine:latest (alpine 3.11)",
 					Packages: []ftypes.Package{
@@ -276,7 +275,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassOSPkg,
+					Class: types.ClassOSPkg,
 					Type:  fos.Alpine,
 				},
 				{
@@ -301,7 +300,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  ftypes.Bundler,
 				},
 			},
@@ -346,7 +345,7 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "/app/Gemfile.lock",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -360,7 +359,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  "bundler",
 				},
 			},
@@ -417,10 +416,10 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "alpine:latest (alpine 3.11)",
-					Class:  report.ClassOSPkg,
+					Class:  types.ClassOSPkg,
 					Type:   fos.Alpine,
 				},
 				{
@@ -436,7 +435,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  "bundler",
 				},
 			},
@@ -495,7 +494,7 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "/app/Gemfile.lock",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -509,7 +508,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  ftypes.Bundler,
 				},
 			},
@@ -598,7 +597,7 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "/app/Gemfile.lock",
 					Vulnerabilities: []types.DetectedVulnerability{
@@ -612,7 +611,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  ftypes.Bundler,
 				},
 				{
@@ -628,7 +627,7 @@ func TestScanner_Scan(t *testing.T) {
 							},
 						},
 					},
-					Class: report.ClassLangPkg,
+					Class: types.ClassLangPkg,
 					Type:  ftypes.Composer,
 				},
 			},
@@ -717,10 +716,10 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: report.Results{
+			wantResults: types.Results{
 				{
 					Target: "/app/configs/deployment.yaml",
-					Class:  report.ClassConfig,
+					Class:  types.ClassConfig,
 					Type:   ftypes.Kubernetes,
 					Misconfigurations: []types.DetectedMisconfiguration{
 						{
@@ -755,7 +754,7 @@ func TestScanner_Scan(t *testing.T) {
 				},
 				{
 					Target: "/app/configs/pod.yaml",
-					Class:  report.ClassConfig,
+					Class:  types.ClassConfig,
 					Type:   ftypes.Kubernetes,
 					Misconfigurations: []types.DetectedMisconfiguration{
 						{

pkg/scanner/mock_driver.go

@@ -6,8 +6,6 @@ import (
 	fanaltypes "github.com/aquasecurity/fanal/types"
 	mock "github.com/stretchr/testify/mock"
 
-	report "github.com/aquasecurity/trivy/pkg/report"
-
 	types "github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -28,7 +26,7 @@ type DriverScanArgs struct {
 }
 
 type DriverScanReturns struct {
-	Results report.Results
+	Results types.Results
 	OsFound *fanaltypes.OS
 	Err     error
 }
@@ -70,15 +68,15 @@ func (_m *MockDriver) ApplyScanExpectations(expectations []DriverScanExpectation
 }
 
 // Scan provides a mock function with given fields: target, imageID, layerIDs, options
-func (_m *MockDriver) Scan(target string, artifactKey string, blobKeys []string, options types.ScanOptions) (report.Results, *fanaltypes.OS, error) {
+func (_m *MockDriver) Scan(target string, artifactKey string, blobKeys []string, options types.ScanOptions) (types.Results, *fanaltypes.OS, error) {
 	ret := _m.Called(target, artifactKey, blobKeys, options)
 
-	var r0 report.Results
-	if rf, ok := ret.Get(0).(func(string, string, []string, types.ScanOptions) report.Results); ok {
+	var r0 types.Results
+	if rf, ok := ret.Get(0).(func(string, string, []string, types.ScanOptions) types.Results); ok {
 		r0 = rf(target, artifactKey, blobKeys, options)
 	} else {
 		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(report.Results)
+			r0 = ret.Get(0).(types.Results)
 		}
 	}
 

pkg/scanner/scan.go

@@ -81,7 +81,7 @@ type Scanner struct {
 // Driver defines operations of scanner
 type Driver interface {
 	Scan(target string, artifactKey string, blobKeys []string, options types.ScanOptions) (
-		results report.Results, osFound *ftypes.OS, err error)
+		results types.Results, osFound *ftypes.OS, err error)
 }
 
 // NewScanner is the factory method of Scanner
@@ -90,15 +90,15 @@ func NewScanner(driver Driver, ar artifact.Artifact) Scanner {
 }
 
 // ScanArtifact scans the artifacts and returns results
-func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (report.Report, error) {
+func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (types.Report, error) {
 	artifactInfo, err := s.artifact.Inspect(ctx)
 	if err != nil {
-		return report.Report{}, xerrors.Errorf("failed analysis: %w", err)
+		return types.Report{}, xerrors.Errorf("failed analysis: %w", err)
 	}
 
 	results, osFound, err := s.driver.Scan(artifactInfo.Name, artifactInfo.ID, artifactInfo.BlobIDs, options)
 	if err != nil {
-		return report.Report{}, xerrors.Errorf("scan failed: %w", err)
+		return types.Report{}, xerrors.Errorf("scan failed: %w", err)
 	}
 
 	if osFound != nil && osFound.Eosl {
@@ -111,11 +111,11 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (r
 		removeLayer(results)
 	}
 
-	return report.Report{
+	return types.Report{
 		SchemaVersion: report.SchemaVersion,
 		ArtifactName:  artifactInfo.Name,
 		ArtifactType:  artifactInfo.Type,
-		Metadata: report.Metadata{
+		Metadata: types.Metadata{
 			OS:          osFound,
 			ImageID:     artifactInfo.ImageMetadata.ID,
 			DiffIDs:     artifactInfo.ImageMetadata.DiffIDs,
@@ -127,7 +127,7 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (r
 	}, nil
 }
 
-func removeLayer(results report.Results) {
+func removeLayer(results types.Results) {
 	for i := range results {
 		result := results[i]
 

pkg/scanner/scan_test.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/aquasecurity/fanal/artifact"
 	ftypes "github.com/aquasecurity/fanal/types"
-	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -23,7 +22,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 		args               args
 		inspectExpectation artifact.ArtifactInspectExpectation
 		scanExpectation    DriverScanExpectation
-		want               report.Report
+		want               types.Report
 		wantErr            string
 	}{
 		{
@@ -58,7 +57,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 					Options:  types.ScanOptions{VulnType: []string{"os"}},
 				},
 				Returns: DriverScanReturns{
-					Results: report.Results{
+					Results: types.Results{
 						{
 							Target: "alpine:3.11",
 							Vulnerabilities: []types.DetectedVulnerability{
@@ -94,11 +93,11 @@ func TestScanner_ScanArtifact(t *testing.T) {
 					},
 				},
 			},
-			want: report.Report{
+			want: types.Report{
 				SchemaVersion: 2,
 				ArtifactName:  "alpine:3.11",
 				ArtifactType:  ftypes.ArtifactContainerImage,
-				Metadata: report.Metadata{
+				Metadata: types.Metadata{
 					OS: &ftypes.OS{
 						Family: "alpine",
 						Name:   "3.10",
@@ -109,7 +108,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
 					RepoTags:    []string{"alpine:3.11"},
 					RepoDigests: []string{"alpine@sha256:0bd0e9e03a022c3b0226667621da84fc9bf562a9056130424b5bfbd8bcb0397f"},
 				},
-				Results: report.Results{
+				Results: types.Results{
 					{
 						Target: "alpine:3.11",
 						Vulnerabilities: []types.DetectedVulnerability{

pkg/types/report.go

@@ -0,0 +1,77 @@
+package types
+
+import (
+	v1 "github.com/google/go-containerregistry/pkg/v1" // nolint: goimports
+
+	ftypes "github.com/aquasecurity/fanal/types"
+)
+
+// Report represents a scan result
+type Report struct {
+	SchemaVersion int                 `json:",omitempty"`
+	ArtifactName  string              `json:",omitempty"`
+	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
+	Metadata      Metadata            `json:",omitempty"`
+	Results       Results             `json:",omitempty"`
+}
+
+// Metadata represents a metadata of artifact
+type Metadata struct {
+	Size int64      `json:",omitempty"`
+	OS   *ftypes.OS `json:",omitempty"`
+
+	// Container image
+	ImageID     string        `json:",omitempty"`
+	DiffIDs     []string      `json:",omitempty"`
+	RepoTags    []string      `json:",omitempty"`
+	RepoDigests []string      `json:",omitempty"`
+	ImageConfig v1.ConfigFile `json:",omitempty"`
+}
+
+// Results to hold list of Result
+type Results []Result
+
+type ResultClass string
+
+const (
+	ClassOSPkg   = "os-pkgs"
+	ClassLangPkg = "lang-pkgs"
+	ClassConfig  = "config"
+)
+
+// Result holds a target and detected vulnerabilities
+type Result struct {
+	Target            string                     `json:"Target"`
+	Class             ResultClass                `json:"Class,omitempty"`
+	Type              string                     `json:"Type,omitempty"`
+	Packages          []ftypes.Package           `json:"Packages,omitempty"`
+	Vulnerabilities   []DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
+	MisconfSummary    *MisconfSummary            `json:"MisconfSummary,omitempty"`
+	Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
+	CustomResources   []ftypes.CustomResource    `json:"CustomResources,omitempty"`
+}
+
+type MisconfSummary struct {
+	Successes  int
+	Failures   int
+	Exceptions int
+}
+
+func (s MisconfSummary) Empty() bool {
+	return s.Successes == 0 && s.Failures == 0 && s.Exceptions == 0
+}
+
+// Failed returns whether the result includes any vulnerabilities or misconfigurations
+func (results Results) Failed() bool {
+	for _, r := range results {
+		if len(r.Vulnerabilities) > 0 {
+			return true
+		}
+		for _, m := range r.Misconfigurations {
+			if m.Status == StatusFailure {
+				return true
+			}
+		}
+	}
+	return false
+}

rpc/cache/service.pb.go

@@ -179,6 +179,7 @@ type BlobInfo struct {
 	WhiteoutFiles     []string                   `protobuf:"bytes,6,rep,name=whiteout_files,json=whiteoutFiles,proto3" json:"whiteout_files,omitempty"`
 	Digest            string                     `protobuf:"bytes,7,opt,name=digest,proto3" json:"digest,omitempty"`
 	DiffId            string                     `protobuf:"bytes,8,opt,name=diff_id,json=diffId,proto3" json:"diff_id,omitempty"`
+	CustomResources   []*common.CustomResource   `protobuf:"bytes,10,rep,name=custom_resources,json=customResources,proto3" json:"custom_resources,omitempty"`
 }
 
 func (x *BlobInfo) Reset() {
@@ -276,6 +277,13 @@ func (x *BlobInfo) GetDiffId() string {
 	return ""
 }
 
+func (x *BlobInfo) GetCustomResources() []*common.CustomResource {
+	if x != nil {
+		return x.CustomResources
+	}
+	return nil
+}
+
 type PutBlobRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -503,104 +511,106 @@ var file_rpc_cache_service_proto_rawDesc = []byte{
 	0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x74, 0x72, 0x69, 0x76, 0x79,
 	0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
 	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x36, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, 0x72,
-	0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22,
-	0x88, 0x02, 0x0a, 0x0c, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49, 0x6e, 0x66, 0x6f,
-	0x12, 0x25, 0x0a, 0x0e, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69,
-	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61,
-	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x61, 0x72, 0x63, 0x68, 0x69,
-	0x74, 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61,
-	0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x12, 0x34, 0x0a, 0x07, 0x63,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x6f, 0x63, 0x6b, 0x65,
-	0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x6f, 0x73, 0x18, 0x05,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x40, 0x0a, 0x10, 0x68, 0x69, 0x73, 0x74,
-	0x6f, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x52, 0x0f, 0x68, 0x69, 0x73, 0x74, 0x6f,
-	0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x22, 0x78, 0x0a, 0x12, 0x50, 0x75,
-	0x74, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49,
-	0x64, 0x12, 0x41, 0x0a, 0x0d, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69, 0x6e,
-	0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79,
-	0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61,
-	0x63, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74,
-	0x49, 0x6e, 0x66, 0x6f, 0x22, 0x99, 0x03, 0x0a, 0x08, 0x42, 0x6c, 0x6f, 0x62, 0x49, 0x6e, 0x66,
-	0x6f, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x76, 0x65, 0x72, 0x73,
-	0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x73, 0x63, 0x68, 0x65, 0x6d,
-	0x61, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x02, 0x6f, 0x73, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x4f, 0x53, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x3e, 0x0a, 0x0d, 0x70, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x19, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x70, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x73, 0x12, 0x3d, 0x0a, 0x0c, 0x61, 0x70,
-	0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x19, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x61, 0x70, 0x70,
-	0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4c, 0x0a, 0x11, 0x6d, 0x69, 0x73,
-	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x6d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x70, 0x61, 0x71, 0x75,
-	0x65, 0x5f, 0x64, 0x69, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x70,
-	0x61, 0x71, 0x75, 0x65, 0x44, 0x69, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x77, 0x68, 0x69, 0x74,
-	0x65, 0x6f, 0x75, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x0d, 0x77, 0x68, 0x69, 0x74, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12,
-	0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x69, 0x66, 0x66, 0x5f,
-	0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x66, 0x66, 0x49, 0x64,
-	0x22, 0x60, 0x0a, 0x0e, 0x50, 0x75, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x69, 0x66, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x66, 0x66, 0x49, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x62,
-	0x6c, 0x6f, 0x62, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18,
-	0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e,
-	0x42, 0x6c, 0x6f, 0x62, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x08, 0x62, 0x6c, 0x6f, 0x62, 0x49, 0x6e,
-	0x66, 0x6f, 0x22, 0x43, 0x0a, 0x0b, 0x50, 0x75, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x20, 0x0a, 0x02, 0x6f, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e,
-	0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4f, 0x53, 0x52,
-	0x02, 0x6f, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x6f, 0x73, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x04, 0x65, 0x6f, 0x73, 0x6c, 0x22, 0x51, 0x0a, 0x13, 0x4d, 0x69, 0x73, 0x73, 0x69,
-	0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f,
-	0x0a, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49, 0x64, 0x12,
-	0x19, 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
-	0x09, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x62, 0x49, 0x64, 0x73, 0x22, 0x6b, 0x0a, 0x14, 0x4d, 0x69,
-	0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x61, 0x72,
-	0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6d, 0x69,
-	0x73, 0x73, 0x69, 0x6e, 0x67, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x28, 0x0a,
-	0x10, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x62, 0x6c, 0x6f, 0x62, 0x5f, 0x69, 0x64,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67,
-	0x42, 0x6c, 0x6f, 0x62, 0x49, 0x64, 0x73, 0x32, 0xf0, 0x01, 0x0a, 0x05, 0x43, 0x61, 0x63, 0x68,
-	0x65, 0x12, 0x49, 0x0a, 0x0b, 0x50, 0x75, 0x74, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74,
-	0x12, 0x22, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76,
-	0x31, 0x2e, 0x50, 0x75, 0x74, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x41, 0x0a, 0x07,
-	0x50, 0x75, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x1e, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e,
-	0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x74, 0x42, 0x6c, 0x6f, 0x62,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12,
-	0x59, 0x0a, 0x0c, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x12,
-	0x23, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63,
-	0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f,
-	0x62, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x2f, 0x5a, 0x2d, 0x67, 0x69,
-	0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63,
-	0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f,
-	0x63, 0x61, 0x63, 0x68, 0x65, 0x3b, 0x63, 0x61, 0x63, 0x68, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x18, 0x72, 0x70, 0x63, 0x2f,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x22, 0x88, 0x02, 0x0a, 0x0c, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49, 0x6e,
+	0x66, 0x6f, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x76, 0x65, 0x72,
+	0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x73, 0x63, 0x68, 0x65,
+	0x6d, 0x61, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x61, 0x72, 0x63,
+	0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x12, 0x34, 0x0a,
+	0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x64, 0x6f, 0x63, 0x6b, 0x65, 0x72, 0x5f, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x6f, 0x63,
+	0x6b, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x6f, 0x73,
+	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x40, 0x0a, 0x10, 0x68, 0x69,
+	0x73, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18, 0x06,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x52, 0x0f, 0x68, 0x69, 0x73,
+	0x74, 0x6f, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x22, 0x78, 0x0a, 0x12,
+	0x50, 0x75, 0x74, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63,
+	0x74, 0x49, 0x64, 0x12, 0x41, 0x0a, 0x0d, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f,
+	0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74, 0x72, 0x69,
+	0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69,
+	0x66, 0x61, 0x63, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61,
+	0x63, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0xe2, 0x03, 0x0a, 0x08, 0x42, 0x6c, 0x6f, 0x62, 0x49,
+	0x6e, 0x66, 0x6f, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x76, 0x65,
+	0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x73, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x02, 0x6f, 0x73,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4f, 0x53, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x3e, 0x0a, 0x0d,
+	0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c,
+	0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x73, 0x12, 0x3d, 0x0a, 0x0c,
+	0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x61,
+	0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4c, 0x0a, 0x11, 0x6d,
+	0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x6d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x70, 0x61,
+	0x71, 0x75, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a,
+	0x6f, 0x70, 0x61, 0x71, 0x75, 0x65, 0x44, 0x69, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x77, 0x68,
+	0x69, 0x74, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x0d, 0x77, 0x68, 0x69, 0x74, 0x65, 0x6f, 0x75, 0x74, 0x46, 0x69, 0x6c, 0x65,
+	0x73, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x69, 0x66,
+	0x66, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x66, 0x66,
+	0x49, 0x64, 0x12, 0x47, 0x0a, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x72, 0x65, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74,
+	0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x43, 0x75, 0x73, 0x74,
+	0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0f, 0x63, 0x75, 0x73, 0x74,
+	0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x22, 0x60, 0x0a, 0x0e, 0x50,
+	0x75, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x17, 0x0a,
+	0x07, 0x64, 0x69, 0x66, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x64, 0x69, 0x66, 0x66, 0x49, 0x64, 0x12, 0x35, 0x0a, 0x09, 0x62, 0x6c, 0x6f, 0x62, 0x5f, 0x69,
+	0x6e, 0x66, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x72, 0x69, 0x76,
+	0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6f, 0x62, 0x49,
+	0x6e, 0x66, 0x6f, 0x52, 0x08, 0x62, 0x6c, 0x6f, 0x62, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0x43, 0x0a,
+	0x0b, 0x50, 0x75, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x20, 0x0a, 0x02,
+	0x6f, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79,
+	0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4f, 0x53, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x12,
+	0x0a, 0x04, 0x65, 0x6f, 0x73, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x65, 0x6f,
+	0x73, 0x6c, 0x22, 0x51, 0x0a, 0x13, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f,
+	0x62, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x72, 0x74,
+	0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a,
+	0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x6c,
+	0x6f, 0x62, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x62, 0x6c,
+	0x6f, 0x62, 0x49, 0x64, 0x73, 0x22, 0x6b, 0x0a, 0x14, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67,
+	0x42, 0x6c, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x29, 0x0a,
+	0x10, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63,
+	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67,
+	0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x6d, 0x69, 0x73, 0x73,
+	0x69, 0x6e, 0x67, 0x5f, 0x62, 0x6c, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x0e, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x49,
+	0x64, 0x73, 0x32, 0xf0, 0x01, 0x0a, 0x05, 0x43, 0x61, 0x63, 0x68, 0x65, 0x12, 0x49, 0x0a, 0x0b,
+	0x50, 0x75, 0x74, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x22, 0x2e, 0x74, 0x72,
+	0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x74,
+	0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x41, 0x0a, 0x07, 0x50, 0x75, 0x74, 0x42, 0x6c,
+	0x6f, 0x62, 0x12, 0x1e, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65,
+	0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x59, 0x0a, 0x0c, 0x4d, 0x69,
+	0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x12, 0x23, 0x2e, 0x74, 0x72, 0x69,
+	0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x69, 0x73, 0x73,
+	0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x24, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x61, 0x63, 0x68, 0x65, 0x2e, 0x76, 0x31,
+	0x2e, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x42, 0x6c, 0x6f, 0x62, 0x73, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x2f, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+	0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x61, 0x63, 0x68, 0x65,
+	0x3b, 0x63, 0x61, 0x63, 0x68, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -630,7 +640,8 @@ var file_rpc_cache_service_proto_goTypes = []interface{}{
 	(*common.PackageInfo)(nil),      // 10: trivy.common.PackageInfo
 	(*common.Application)(nil),      // 11: trivy.common.Application
 	(*common.Misconfiguration)(nil), // 12: trivy.common.Misconfiguration
-	(*emptypb.Empty)(nil),           // 13: google.protobuf.Empty
+	(*common.CustomResource)(nil),   // 13: trivy.common.CustomResource
+	(*emptypb.Empty)(nil),           // 14: google.protobuf.Empty
 }
 var file_rpc_cache_service_proto_depIdxs = []int32{
 	7,  // 0: trivy.cache.v1.ArtifactInfo.created:type_name -> google.protobuf.Timestamp
@@ -640,19 +651,20 @@ var file_rpc_cache_service_proto_depIdxs = []int32{
 	10, // 4: trivy.cache.v1.BlobInfo.package_infos:type_name -> trivy.common.PackageInfo
 	11, // 5: trivy.cache.v1.BlobInfo.applications:type_name -> trivy.common.Application
 	12, // 6: trivy.cache.v1.BlobInfo.misconfigurations:type_name -> trivy.common.Misconfiguration
-	2,  // 7: trivy.cache.v1.PutBlobRequest.blob_info:type_name -> trivy.cache.v1.BlobInfo
-	9,  // 8: trivy.cache.v1.PutResponse.os:type_name -> trivy.common.OS
-	1,  // 9: trivy.cache.v1.Cache.PutArtifact:input_type -> trivy.cache.v1.PutArtifactRequest
-	3,  // 10: trivy.cache.v1.Cache.PutBlob:input_type -> trivy.cache.v1.PutBlobRequest
-	5,  // 11: trivy.cache.v1.Cache.MissingBlobs:input_type -> trivy.cache.v1.MissingBlobsRequest
-	13, // 12: trivy.cache.v1.Cache.PutArtifact:output_type -> google.protobuf.Empty
-	13, // 13: trivy.cache.v1.Cache.PutBlob:output_type -> google.protobuf.Empty
-	6,  // 14: trivy.cache.v1.Cache.MissingBlobs:output_type -> trivy.cache.v1.MissingBlobsResponse
-	12, // [12:15] is the sub-list for method output_type
-	9,  // [9:12] is the sub-list for method input_type
-	9,  // [9:9] is the sub-list for extension type_name
-	9,  // [9:9] is the sub-list for extension extendee
-	0,  // [0:9] is the sub-list for field type_name
+	13, // 7: trivy.cache.v1.BlobInfo.custom_resources:type_name -> trivy.common.CustomResource
+	2,  // 8: trivy.cache.v1.PutBlobRequest.blob_info:type_name -> trivy.cache.v1.BlobInfo
+	9,  // 9: trivy.cache.v1.PutResponse.os:type_name -> trivy.common.OS
+	1,  // 10: trivy.cache.v1.Cache.PutArtifact:input_type -> trivy.cache.v1.PutArtifactRequest
+	3,  // 11: trivy.cache.v1.Cache.PutBlob:input_type -> trivy.cache.v1.PutBlobRequest
+	5,  // 12: trivy.cache.v1.Cache.MissingBlobs:input_type -> trivy.cache.v1.MissingBlobsRequest
+	14, // 13: trivy.cache.v1.Cache.PutArtifact:output_type -> google.protobuf.Empty
+	14, // 14: trivy.cache.v1.Cache.PutBlob:output_type -> google.protobuf.Empty
+	6,  // 15: trivy.cache.v1.Cache.MissingBlobs:output_type -> trivy.cache.v1.MissingBlobsResponse
+	13, // [13:16] is the sub-list for method output_type
+	10, // [10:13] is the sub-list for method input_type
+	10, // [10:10] is the sub-list for extension type_name
+	10, // [10:10] is the sub-list for extension extendee
+	0,  // [0:10] is the sub-list for field type_name
 }
 
 func init() { file_rpc_cache_service_proto_init() }

rpc/cache/service.proto

@@ -4,7 +4,7 @@ package trivy.cache.v1;
 option  go_package = "github.com/aquasecurity/trivy/rpc/cache;cache";
 
 import "google/protobuf/timestamp.proto";
-import "github.com/aquasecurity/trivy/rpc/common/service.proto";
+import "rpc/common/service.proto";
 import "google/protobuf/empty.proto";
 
 service Cache {
@@ -37,6 +37,7 @@ message BlobInfo {
   repeated string                  whiteout_files    = 6;
   string                           digest            = 7;
   string                           diff_id           = 8;
+  repeated common.CustomResource custom_resources    = 10;
 }
 
 message PutBlobRequest {

rpc/cache/service.twirp.go

@@ -1651,50 +1651,52 @@ func callClientError(ctx context.Context, h *twirp.ClientHooks, err twirp.Error)
 }
 
 var twirpFileDescriptor0 = []byte{
-	// 717 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xed, 0x6e, 0xd3, 0x3c,
-	0x18, 0x55, 0xdb, 0x6d, 0x6d, 0x9f, 0x7e, 0x6c, 0xaf, 0xdf, 0xf7, 0xdd, 0xb2, 0x82, 0xb6, 0x2a,
-	0x80, 0x54, 0x7e, 0x90, 0x88, 0xf2, 0xf1, 0x07, 0x81, 0xe8, 0x06, 0x48, 0x95, 0x98, 0x28, 0x01,
-	0x21, 0xc1, 0x9f, 0x92, 0x3a, 0x4e, 0x6b, 0xad, 0x89, 0x33, 0xdb, 0x29, 0xf4, 0x0e, 0xb8, 0x05,
-	0xee, 0x92, 0x4b, 0x40, 0xb6, 0x93, 0xf5, 0x63, 0x65, 0x1a, 0x7f, 0xaa, 0xf8, 0x3c, 0x8f, 0x8f,
-	0x8f, 0xcf, 0x79, 0x6a, 0x38, 0xe0, 0x09, 0x76, 0xb1, 0x8f, 0x27, 0xc4, 0x15, 0x84, 0xcf, 0x28,
-	0x26, 0x4e, 0xc2, 0x99, 0x64, 0xa8, 0x29, 0x39, 0x9d, 0xcd, 0x1d, 0x5d, 0x72, 0x66, 0x0f, 0x5b,
-	0xc7, 0x63, 0xc6, 0xc6, 0x53, 0xe2, 0xea, 0xea, 0x28, 0x0d, 0x5d, 0x49, 0x23, 0x22, 0xa4, 0x1f,
-	0x25, 0x66, 0x43, 0xeb, 0xe9, 0x98, 0xca, 0x49, 0x3a, 0x72, 0x30, 0x8b, 0x5c, 0xff, 0x22, 0xf5,
-	0x05, 0xc1, 0x29, 0xa7, 0x72, 0xee, 0x6a, 0x22, 0x57, 0x9f, 0xc3, 0xa2, 0x88, 0xc5, 0xab, 0x07,
-	0xb5, 0x6e, 0xad, 0x13, 0x93, 0x28, 0x91, 0x73, 0x53, 0xb4, 0x7f, 0x14, 0xa1, 0xde, 0xe3, 0x92,
-	0x86, 0x3e, 0x96, 0xfd, 0x38, 0x64, 0xe8, 0x1e, 0x34, 0x05, 0x9e, 0x90, 0xc8, 0x1f, 0xce, 0x08,
-	0x17, 0x94, 0xc5, 0x56, 0xa1, 0x5d, 0xe8, 0x6c, 0x7b, 0x0d, 0x83, 0x7e, 0x32, 0x20, 0xb2, 0xa1,
-	0xee, 0x73, 0x3c, 0xa1, 0x92, 0x60, 0x99, 0x72, 0x62, 0x15, 0xdb, 0x85, 0x4e, 0xd5, 0x5b, 0xc1,
-	0xd0, 0x63, 0x28, 0x63, 0x4e, 0x7c, 0x49, 0x02, 0xab, 0xd4, 0x2e, 0x74, 0x6a, 0xdd, 0x96, 0x63,
-	0xa4, 0x38, 0xb9, 0x14, 0xe7, 0x63, 0x7e, 0x47, 0x2f, 0x6f, 0x55, 0x02, 0x02, 0x86, 0xcf, 0x09,
-	0xbf, 0x14, 0xb0, 0xa5, 0xb9, 0x1b, 0x06, 0xcd, 0x05, 0x34, 0xa1, 0xc8, 0x84, 0xb5, 0xad, 0x4b,
-	0x45, 0x26, 0xd0, 0x4b, 0xd8, 0x9b, 0x50, 0x21, 0x19, 0x9f, 0x0f, 0x13, 0x1f, 0x9f, 0xfb, 0x63,
-	0x22, 0xac, 0x9d, 0x76, 0xa9, 0x53, 0xeb, 0xfe, 0xef, 0x64, 0x4e, 0x6b, 0x73, 0x9c, 0x81, 0xa9,
-	0x7a, 0xbb, 0x59, 0x7b, 0xb6, 0x16, 0xf6, 0x77, 0x40, 0x83, 0x54, 0xe6, 0x66, 0x78, 0xe4, 0x22,
-	0x25, 0x42, 0xa2, 0x63, 0xa8, 0xf9, 0x19, 0x34, 0xa4, 0x81, 0x36, 0xa3, 0xea, 0x41, 0x0e, 0xf5,
-	0x03, 0xd4, 0x83, 0xc6, 0xa2, 0x21, 0x0e, 0x99, 0xb6, 0xa2, 0xd6, 0xbd, 0xed, 0xac, 0xe6, 0xeb,
-	0x2c, 0xbb, 0xac, 0x8c, 0x5a, 0xac, 0xec, 0x9f, 0x25, 0xa8, 0x9c, 0x4c, 0xd9, 0xe8, 0x6f, 0x02,
-	0x68, 0xeb, 0xfb, 0x9b, 0xb3, 0xf6, 0x56, 0x6f, 0xf8, 0xee, 0x83, 0x76, 0xe4, 0x05, 0x34, 0x32,
-	0x27, 0xb4, 0x2e, 0x61, 0x95, 0xb4, 0x1d, 0x87, 0x1b, 0xed, 0x30, 0xaa, 0x92, 0xc5, 0x42, 0xa0,
-	0xe7, 0x50, 0xf7, 0x93, 0x64, 0x4a, 0xb1, 0x2f, 0x29, 0x8b, 0x85, 0xb5, 0xb5, 0x69, 0x7b, 0x6f,
-	0xd1, 0xe1, 0xad, 0xb4, 0xa3, 0xb7, 0xf0, 0x4f, 0x44, 0x05, 0x66, 0x71, 0x48, 0xc7, 0x29, 0xcf,
-	0x38, 0xaa, 0x9a, 0xe3, 0x68, 0x95, 0xe3, 0x6c, 0xad, 0xcd, 0xbb, 0xba, 0x51, 0xc5, 0xc0, 0x12,
-	0xff, 0x22, 0x25, 0xc3, 0x80, 0x72, 0x95, 0x7b, 0x49, 0xc5, 0x60, 0xa0, 0x57, 0x94, 0x0b, 0x65,
-	0xdb, 0x37, 0x35, 0x7a, 0x2c, 0x95, 0xc3, 0x90, 0x4e, 0xb3, 0xf4, 0xab, 0x5e, 0x23, 0x47, 0xdf,
-	0x28, 0x10, 0xed, 0xc3, 0x4e, 0x40, 0xc7, 0x44, 0x48, 0xab, 0xac, 0x93, 0xcc, 0x56, 0xe8, 0x00,
-	0xca, 0x01, 0x0d, 0x43, 0x15, 0x71, 0x25, 0x2f, 0x84, 0x61, 0x3f, 0xb0, 0xbf, 0x42, 0x73, 0x90,
-	0x4a, 0x95, 0x4e, 0x3e, 0x11, 0x4b, 0xad, 0x85, 0xe5, 0x56, 0xf4, 0x04, 0xaa, 0xa3, 0x29, 0x1b,
-	0x99, 0x29, 0x30, 0x13, 0x6f, 0xad, 0x4f, 0x41, 0x1e, 0xb3, 0x57, 0x19, 0x65, 0x5f, 0xf6, 0x29,
-	0xd4, 0x06, 0xa9, 0xf4, 0x88, 0x48, 0x58, 0x2c, 0x48, 0x16, 0x6c, 0xe1, 0x9a, 0x60, 0x11, 0x6c,
-	0x11, 0x26, 0xa6, 0x3a, 0xfc, 0x8a, 0xa7, 0xbf, 0xed, 0xf7, 0xf0, 0xef, 0x19, 0x15, 0x82, 0xc6,
-	0x63, 0x75, 0x82, 0xb8, 0xf1, 0xf4, 0x1e, 0x42, 0xc5, 0x68, 0x0e, 0xd4, 0x30, 0x29, 0xc3, 0xca,
-	0x5a, 0x58, 0x20, 0xec, 0x73, 0xf8, 0x6f, 0x95, 0x32, 0x13, 0x78, 0x1f, 0xf6, 0x22, 0x83, 0x0f,
-	0x73, 0x22, 0x4d, 0x5c, 0xf1, 0x76, 0x33, 0x3c, 0x1f, 0x75, 0xd4, 0x59, 0xb4, 0xae, 0x9d, 0xd2,
-	0x8c, 0x16, 0xd4, 0xfd, 0x40, 0x74, 0x7f, 0x15, 0x60, 0xfb, 0x54, 0x99, 0x84, 0xfa, 0xda, 0x8e,
-	0x4b, 0x0a, 0x7b, 0xdd, 0xc1, 0xab, 0xff, 0xd1, 0xd6, 0xfe, 0x95, 0x77, 0xe5, 0xb5, 0x7a, 0xe2,
-	0x50, 0x0f, 0xca, 0x59, 0x76, 0xe8, 0x68, 0x03, 0xcd, 0x52, 0xa8, 0x7f, 0xa4, 0xf8, 0x0c, 0xf5,
-	0x65, 0x13, 0xd0, 0x9d, 0x75, 0x9e, 0x0d, 0xae, 0xb7, 0xee, 0x5e, 0xdf, 0x64, 0x7c, 0x3c, 0x71,
-	0xbf, 0x3c, 0xb8, 0xc1, 0x8b, 0xae, 0x28, 0x9e, 0xe9, 0xdf, 0xd1, 0x8e, 0xd6, 0xf6, 0xe8, 0x77,
-	0x00, 0x00, 0x00, 0xff, 0xff, 0x8f, 0x9b, 0xe9, 0xe1, 0x53, 0x06, 0x00, 0x00,
+	// 743 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0xdd, 0x6e, 0xd3, 0x30,
+	0x18, 0x55, 0xdb, 0x6d, 0x6d, 0xbf, 0xfe, 0xac, 0x18, 0xd8, 0xb2, 0x32, 0x6d, 0x55, 0x00, 0xa9,
+	0x5c, 0x90, 0x88, 0x02, 0x57, 0x08, 0x44, 0x37, 0x7e, 0x54, 0x89, 0x89, 0x12, 0x10, 0x12, 0xdc,
+	0x94, 0xd4, 0x71, 0x5a, 0x6b, 0x4d, 0x9c, 0xd9, 0x4e, 0xa1, 0x6f, 0xc0, 0x73, 0xf2, 0x04, 0x3c,
+	0x02, 0xb2, 0x93, 0xac, 0x4d, 0x57, 0x26, 0xb8, 0x99, 0xea, 0xf3, 0x7d, 0x3e, 0x3e, 0x3e, 0xe7,
+	0x73, 0x06, 0xfb, 0x3c, 0xc2, 0x36, 0x76, 0xf1, 0x94, 0xd8, 0x82, 0xf0, 0x39, 0xc5, 0xc4, 0x8a,
+	0x38, 0x93, 0x0c, 0x35, 0x25, 0xa7, 0xf3, 0x85, 0xa5, 0x4b, 0xd6, 0xfc, 0x51, 0xfb, 0x78, 0xc2,
+	0xd8, 0x64, 0x46, 0x6c, 0x5d, 0x1d, 0xc7, 0xbe, 0x2d, 0x69, 0x40, 0x84, 0x74, 0x83, 0x28, 0xd9,
+	0xd0, 0x36, 0x34, 0x13, 0x0b, 0x02, 0x16, 0xe6, 0xa9, 0xda, 0x77, 0xd6, 0xb7, 0x92, 0x20, 0x92,
+	0x8b, 0xa4, 0x68, 0xfe, 0x2c, 0x42, 0xbd, 0xcf, 0x25, 0xf5, 0x5d, 0x2c, 0x07, 0xa1, 0xcf, 0xd0,
+	0x7d, 0x68, 0x0a, 0x3c, 0x25, 0x81, 0x3b, 0x9a, 0x13, 0x2e, 0x28, 0x0b, 0x8d, 0x42, 0xa7, 0xd0,
+	0xdd, 0x76, 0x1a, 0x09, 0xfa, 0x39, 0x01, 0x91, 0x09, 0x75, 0x97, 0xe3, 0x29, 0x95, 0x04, 0xcb,
+	0x98, 0x13, 0xa3, 0xd8, 0x29, 0x74, 0xab, 0x4e, 0x0e, 0x43, 0x4f, 0xa0, 0x8c, 0x39, 0x71, 0x25,
+	0xf1, 0x8c, 0x52, 0xa7, 0xd0, 0xad, 0xf5, 0xda, 0x56, 0x22, 0xc5, 0xca, 0xa4, 0x58, 0x9f, 0xb2,
+	0x5b, 0x38, 0x59, 0xab, 0x12, 0xe0, 0x31, 0x7c, 0x4e, 0xf8, 0xa5, 0x80, 0x2d, 0xcd, 0xdd, 0x48,
+	0xd0, 0x4c, 0x40, 0x13, 0x8a, 0x4c, 0x18, 0xdb, 0xba, 0x54, 0x64, 0x02, 0xbd, 0x84, 0xd6, 0x94,
+	0x0a, 0xc9, 0xf8, 0x62, 0x14, 0xb9, 0xf8, 0xdc, 0x9d, 0x10, 0x61, 0xec, 0x74, 0x4a, 0xdd, 0x5a,
+	0xef, 0xb6, 0x95, 0x7a, 0xa9, 0xcd, 0xb1, 0x86, 0x49, 0xd5, 0xd9, 0x4d, 0xdb, 0xd3, 0xb5, 0x30,
+	0x7f, 0x00, 0x1a, 0xc6, 0x32, 0x33, 0xc3, 0x21, 0x17, 0x31, 0x11, 0x12, 0x1d, 0x43, 0xcd, 0x4d,
+	0xa1, 0x11, 0xf5, 0xb4, 0x19, 0x55, 0x07, 0x32, 0x68, 0xe0, 0xa1, 0x3e, 0x34, 0x96, 0x0d, 0xa1,
+	0xcf, 0xb4, 0x15, 0xb5, 0xde, 0xa1, 0x95, 0x4f, 0xd0, 0x5a, 0x75, 0x59, 0x19, 0xb5, 0x5c, 0x99,
+	0xbf, 0x4a, 0x50, 0x39, 0x99, 0xb1, 0xf1, 0xff, 0x04, 0xd0, 0xd1, 0xf7, 0x4f, 0xce, 0x6a, 0xe5,
+	0x6f, 0xf8, 0xfe, 0xa3, 0x76, 0xe4, 0x05, 0x34, 0x52, 0x27, 0xb4, 0x2e, 0x61, 0x94, 0xb4, 0x1d,
+	0x07, 0x1b, 0xed, 0x48, 0x54, 0x45, 0xcb, 0x85, 0x40, 0xcf, 0xa1, 0xee, 0x46, 0xd1, 0x8c, 0x62,
+	0x57, 0x52, 0x16, 0x0a, 0x63, 0x6b, 0xd3, 0xf6, 0xfe, 0xb2, 0xc3, 0xc9, 0xb5, 0xa3, 0x77, 0x70,
+	0x23, 0xa0, 0x02, 0xb3, 0xd0, 0xa7, 0x93, 0x98, 0xa7, 0x1c, 0x55, 0xcd, 0x71, 0x94, 0xe7, 0x38,
+	0x5b, 0x6b, 0x73, 0xae, 0x6e, 0x54, 0x31, 0xb0, 0xc8, 0xbd, 0x88, 0xc9, 0xc8, 0xa3, 0x5c, 0xe5,
+	0x5e, 0x52, 0x31, 0x24, 0xd0, 0x2b, 0xca, 0x85, 0xb2, 0xed, 0xbb, 0x1a, 0x3d, 0x16, 0xcb, 0x91,
+	0x4f, 0x67, 0x69, 0xfa, 0x55, 0xa7, 0x91, 0xa1, 0x6f, 0x14, 0x88, 0xf6, 0x60, 0xc7, 0xa3, 0x13,
+	0x22, 0xa4, 0x51, 0xd6, 0x49, 0xa6, 0x2b, 0xb4, 0x0f, 0x65, 0x8f, 0xfa, 0xbe, 0x8a, 0xb8, 0x92,
+	0x15, 0x7c, 0x7f, 0xe0, 0xa1, 0xb7, 0xd0, 0xc2, 0xb1, 0x90, 0x2c, 0x18, 0x71, 0x22, 0x58, 0xcc,
+	0x31, 0x11, 0x06, 0xe8, 0x5b, 0x1c, 0xe6, 0x6f, 0x71, 0xaa, 0xbb, 0x9c, 0xb4, 0xc9, 0xd9, 0xc5,
+	0xb9, 0xb5, 0x30, 0xbf, 0x41, 0x73, 0x18, 0x4b, 0x15, 0x73, 0x36, 0x5a, 0x2b, 0x67, 0x16, 0x72,
+	0x67, 0x3e, 0x85, 0xea, 0x78, 0xc6, 0xc6, 0xc9, 0x38, 0x25, 0x4f, 0xc7, 0x58, 0x1f, 0xa7, 0x6c,
+	0x5e, 0x9c, 0xca, 0x38, 0xfd, 0x65, 0x9e, 0x42, 0x6d, 0x18, 0x4b, 0x87, 0x88, 0x88, 0x85, 0x82,
+	0xa4, 0x13, 0x52, 0xb8, 0x66, 0x42, 0x10, 0x6c, 0x11, 0x26, 0x66, 0x7a, 0x8a, 0x2a, 0x8e, 0xfe,
+	0x6d, 0x7e, 0x80, 0x9b, 0x67, 0x54, 0x08, 0x1a, 0x4e, 0xd4, 0x09, 0xe2, 0x9f, 0x9f, 0xc1, 0x01,
+	0x54, 0x12, 0xcd, 0x9e, 0x9a, 0x4a, 0xe5, 0x7c, 0x59, 0x0b, 0xf3, 0x84, 0x79, 0x0e, 0xb7, 0xf2,
+	0x94, 0xa9, 0xc0, 0x07, 0xd0, 0x0a, 0x12, 0x7c, 0x94, 0x11, 0x69, 0xe2, 0x8a, 0xb3, 0x9b, 0xe2,
+	0xd9, 0x9b, 0x41, 0xdd, 0x65, 0xeb, 0xda, 0x29, 0xcd, 0x60, 0x49, 0x3d, 0xf0, 0x44, 0xef, 0x77,
+	0x01, 0xb6, 0x4f, 0x95, 0x49, 0x68, 0xa0, 0xed, 0xb8, 0xa4, 0x30, 0xd7, 0x1d, 0xbc, 0xfa, 0xd8,
+	0xdb, 0x7b, 0x57, 0x3e, 0x50, 0xaf, 0xd5, 0xb7, 0x12, 0xf5, 0xa1, 0x9c, 0x66, 0x87, 0x8e, 0x36,
+	0xd0, 0xac, 0x84, 0xfa, 0x57, 0x8a, 0x2f, 0x50, 0x5f, 0x35, 0x01, 0xdd, 0x5d, 0xe7, 0xd9, 0xe0,
+	0x7a, 0xfb, 0xde, 0xf5, 0x4d, 0x89, 0x8f, 0x27, 0xf6, 0xd7, 0x87, 0x13, 0x2a, 0xa7, 0xf1, 0x58,
+	0xc5, 0x6b, 0xbb, 0x17, 0xb1, 0x2b, 0x08, 0x8e, 0x39, 0x95, 0x0b, 0x5b, 0x6f, 0xb7, 0x2f, 0xff,
+	0xc9, 0x3c, 0xd3, 0x7f, 0xc7, 0x3b, 0x5a, 0xdb, 0xe3, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x67,
+	0x38, 0x22, 0xa3, 0x7e, 0x06, 0x00, 0x00,
 }

rpc/common/service.pb.go

@@ -1141,6 +1141,77 @@ func (x *CVSS) GetV3Score() float64 {
 	return 0
 }
 
+type CustomResource struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type     string          `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	FilePath string          `protobuf:"bytes,2,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"`
+	Layer    *Layer          `protobuf:"bytes,3,opt,name=layer,proto3" json:"layer,omitempty"`
+	Data     *structpb.Value `protobuf:"bytes,4,opt,name=data,proto3" json:"data,omitempty"`
+}
+
+func (x *CustomResource) Reset() {
+	*x = CustomResource{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_rpc_common_service_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CustomResource) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CustomResource) ProtoMessage() {}
+
+func (x *CustomResource) ProtoReflect() protoreflect.Message {
+	mi := &file_rpc_common_service_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CustomResource.ProtoReflect.Descriptor instead.
+func (*CustomResource) Descriptor() ([]byte, []int) {
+	return file_rpc_common_service_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *CustomResource) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *CustomResource) GetFilePath() string {
+	if x != nil {
+		return x.FilePath
+	}
+	return ""
+}
+
+func (x *CustomResource) GetLayer() *Layer {
+	if x != nil {
+		return x.Layer
+	}
+	return nil
+}
+
+func (x *CustomResource) GetData() *structpb.Value {
+	if x != nil {
+		return x.Data
+	}
+	return nil
+}
+
 var File_rpc_common_service_proto protoreflect.FileDescriptor
 
 var file_rpc_common_service_proto_rawDesc = []byte{
@@ -1322,15 +1393,25 @@ var file_rpc_common_service_proto_rawDesc = []byte{
 	0x6f, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x32, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x03,
 	0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x76, 0x32, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x12, 0x19, 0x0a,
 	0x08, 0x76, 0x33, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52,
-	0x07, 0x76, 0x33, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x2a, 0x44, 0x0a, 0x08, 0x53, 0x65, 0x76, 0x65,
-	0x72, 0x69, 0x74, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10,
-	0x00, 0x12, 0x07, 0x0a, 0x03, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x45,
-	0x44, 0x49, 0x55, 0x4d, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x49, 0x47, 0x48, 0x10, 0x03,
-	0x12, 0x0c, 0x0a, 0x08, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x04, 0x42, 0x31,
-	0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75,
-	0x61, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f,
-	0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
-	0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x07, 0x76, 0x33, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x22, 0x98, 0x01, 0x0a, 0x0e, 0x43, 0x75, 0x73,
+	0x74, 0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12,
+	0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x29, 0x0a, 0x05,
+	0x6c, 0x61, 0x79, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72,
+	0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72,
+	0x52, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x04, 0x64,
+	0x61, 0x74, 0x61, 0x2a, 0x44, 0x0a, 0x08, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12,
+	0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03,
+	0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x45, 0x44, 0x49, 0x55, 0x4d, 0x10,
+	0x02, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x49, 0x47, 0x48, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x43,
+	0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x04, 0x42, 0x31, 0x5a, 0x2f, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75,
+	0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -1346,7 +1427,7 @@ func file_rpc_common_service_proto_rawDescGZIP() []byte {
 }
 
 var file_rpc_common_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_rpc_common_service_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
+var file_rpc_common_service_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
 var file_rpc_common_service_proto_goTypes = []interface{}{
 	(Severity)(0),                    // 0: trivy.common.Severity
 	(*OS)(nil),                       // 1: trivy.common.OS
@@ -1361,9 +1442,10 @@ var file_rpc_common_service_proto_goTypes = []interface{}{
 	(*DataSource)(nil),               // 10: trivy.common.DataSource
 	(*Layer)(nil),                    // 11: trivy.common.Layer
 	(*CVSS)(nil),                     // 12: trivy.common.CVSS
-	nil,                              // 13: trivy.common.Vulnerability.CvssEntry
-	(*timestamppb.Timestamp)(nil),    // 14: google.protobuf.Timestamp
-	(*structpb.Value)(nil),           // 15: google.protobuf.Value
+	(*CustomResource)(nil),           // 13: trivy.common.CustomResource
+	nil,                              // 14: trivy.common.Vulnerability.CvssEntry
+	(*timestamppb.Timestamp)(nil),    // 15: google.protobuf.Timestamp
+	(*structpb.Value)(nil),           // 16: google.protobuf.Value
 }
 var file_rpc_common_service_proto_depIdxs = []int32{
 	4,  // 0: trivy.common.PackageInfo.packages:type_name -> trivy.common.Package
@@ -1377,18 +1459,20 @@ var file_rpc_common_service_proto_depIdxs = []int32{
 	11, // 8: trivy.common.DetectedMisconfiguration.layer:type_name -> trivy.common.Layer
 	0,  // 9: trivy.common.Vulnerability.severity:type_name -> trivy.common.Severity
 	11, // 10: trivy.common.Vulnerability.layer:type_name -> trivy.common.Layer
-	13, // 11: trivy.common.Vulnerability.cvss:type_name -> trivy.common.Vulnerability.CvssEntry
-	14, // 12: trivy.common.Vulnerability.published_date:type_name -> google.protobuf.Timestamp
-	14, // 13: trivy.common.Vulnerability.last_modified_date:type_name -> google.protobuf.Timestamp
-	15, // 14: trivy.common.Vulnerability.custom_advisory_data:type_name -> google.protobuf.Value
-	15, // 15: trivy.common.Vulnerability.custom_vuln_data:type_name -> google.protobuf.Value
+	14, // 11: trivy.common.Vulnerability.cvss:type_name -> trivy.common.Vulnerability.CvssEntry
+	15, // 12: trivy.common.Vulnerability.published_date:type_name -> google.protobuf.Timestamp
+	15, // 13: trivy.common.Vulnerability.last_modified_date:type_name -> google.protobuf.Timestamp
+	16, // 14: trivy.common.Vulnerability.custom_advisory_data:type_name -> google.protobuf.Value
+	16, // 15: trivy.common.Vulnerability.custom_vuln_data:type_name -> google.protobuf.Value
 	10, // 16: trivy.common.Vulnerability.data_source:type_name -> trivy.common.DataSource
-	12, // 17: trivy.common.Vulnerability.CvssEntry.value:type_name -> trivy.common.CVSS
-	18, // [18:18] is the sub-list for method output_type
-	18, // [18:18] is the sub-list for method input_type
-	18, // [18:18] is the sub-list for extension type_name
-	18, // [18:18] is the sub-list for extension extendee
-	0,  // [0:18] is the sub-list for field type_name
+	11, // 17: trivy.common.CustomResource.layer:type_name -> trivy.common.Layer
+	16, // 18: trivy.common.CustomResource.data:type_name -> google.protobuf.Value
+	12, // 19: trivy.common.Vulnerability.CvssEntry.value:type_name -> trivy.common.CVSS
+	20, // [20:20] is the sub-list for method output_type
+	20, // [20:20] is the sub-list for method input_type
+	20, // [20:20] is the sub-list for extension type_name
+	20, // [20:20] is the sub-list for extension extendee
+	0,  // [0:20] is the sub-list for field type_name
 }
 
 func init() { file_rpc_common_service_proto_init() }
@@ -1541,6 +1625,18 @@ func file_rpc_common_service_proto_init() {
 				return nil
 			}
 		}
+		file_rpc_common_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CustomResource); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -1548,7 +1644,7 @@ func file_rpc_common_service_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_rpc_common_service_proto_rawDesc,
 			NumEnums:      1,
-			NumMessages:   13,
+			NumMessages:   14,
 			NumExtensions: 0,
 			NumServices:   0,
 		},

rpc/common/service.proto

@@ -128,3 +128,10 @@ message CVSS {
   double v2_score  = 3;
   double v3_score  = 4;
 }
+
+message CustomResource {
+  string                type      = 1;
+  string                file_path = 2;
+  Layer                 layer     = 3;
+  google.protobuf.Value data      = 4;
+}

rpc/scanner/service.pb.go

@@ -222,6 +222,7 @@ type Result struct {
 	Class             string                             `protobuf:"bytes,6,opt,name=class,proto3" json:"class,omitempty"`
 	Type              string                             `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"`
 	Packages          []*common.Package                  `protobuf:"bytes,5,rep,name=packages,proto3" json:"packages,omitempty"`
+	CustomResources   []*common.CustomResource           `protobuf:"bytes,7,rep,name=custom_resources,json=customResources,proto3" json:"custom_resources,omitempty"`
 }
 
 func (x *Result) Reset() {
@@ -298,67 +299,76 @@ func (x *Result) GetPackages() []*common.Package {
 	return nil
 }
 
+func (x *Result) GetCustomResources() []*common.CustomResource {
+	if x != nil {
+		return x.CustomResources
+	}
+	return nil
+}
+
 var File_rpc_scanner_service_proto protoreflect.FileDescriptor
 
 var file_rpc_scanner_service_proto_rawDesc = []byte{
 	0x0a, 0x19, 0x72, 0x70, 0x63, 0x2f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2f, 0x73, 0x65,
 	0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x74, 0x72, 0x69,
-	0x76, 0x79, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x1a, 0x36, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65,
-	0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63,
-	0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a, 0x01, 0x0a, 0x0b, 0x53, 0x63, 0x61, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x1f, 0x0a,
-	0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x0a, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49, 0x64, 0x12, 0x19,
-	0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09,
-	0x52, 0x07, 0x62, 0x6c, 0x6f, 0x62, 0x49, 0x64, 0x73, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74, 0x72, 0x69,
-	0x76, 0x79, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63,
-	0x61, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x22, 0x7f, 0x0a, 0x0b, 0x53, 0x63, 0x61, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x76, 0x75, 0x6c, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x27,
-	0x0a, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74,
-	0x79, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6c, 0x69, 0x73, 0x74, 0x5f,
-	0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x08, 0x52, 0x0f, 0x6c, 0x69, 0x73, 0x74, 0x41, 0x6c, 0x6c, 0x50, 0x61, 0x63, 0x6b, 0x61,
-	0x67, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x0c, 0x53, 0x63, 0x61, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x12, 0x20, 0x0a, 0x02, 0x6f, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x10, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4f,
-	0x53, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73,
-	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x73,
-	0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74,
-	0x52, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x22, 0x9a, 0x02, 0x0a, 0x06, 0x52, 0x65,
-	0x73, 0x75, 0x6c, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x45, 0x0a, 0x0f,
-	0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x56, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69,
-	0x74, 0x79, 0x52, 0x0f, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74,
-	0x69, 0x65, 0x73, 0x12, 0x54, 0x0a, 0x11, 0x6d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26,
-	0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x65,
-	0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x6d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6c, 0x61,
-	0x73, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x12,
-	0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74,
-	0x79, 0x70, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18,
-	0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x52, 0x08, 0x70, 0x61,
-	0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x32, 0x50, 0x0a, 0x07, 0x53, 0x63, 0x61, 0x6e, 0x6e, 0x65,
-	0x72, 0x12, 0x45, 0x0a, 0x04, 0x53, 0x63, 0x61, 0x6e, 0x12, 0x1d, 0x2e, 0x74, 0x72, 0x69, 0x76,
-	0x79, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x61,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79,
-	0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x61, 0x6e,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, 0x72,
-	0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x73, 0x63,
-	0x61, 0x6e, 0x6e, 0x65, 0x72, 0x3b, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x76, 0x79, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x1a, 0x18, 0x72,
+	0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a, 0x01, 0x0a, 0x0b, 0x53, 0x63, 0x61, 0x6e,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65,
+	0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12,
+	0x1f, 0x0a, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x49, 0x64,
+	0x12, 0x19, 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x62, 0x49, 0x64, 0x73, 0x12, 0x37, 0x0a, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74,
+	0x72, 0x69, 0x76, 0x79, 0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e,
+	0x53, 0x63, 0x61, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x7f, 0x0a, 0x0b, 0x53, 0x63, 0x61, 0x6e, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x76, 0x75, 0x6c, 0x6e, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x63, 0x68, 0x65,
+	0x63, 0x6b, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6c, 0x69, 0x73,
+	0x74, 0x5f, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6c, 0x69, 0x73, 0x74, 0x41, 0x6c, 0x6c, 0x50, 0x61, 0x63,
+	0x6b, 0x61, 0x67, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x0c, 0x53, 0x63, 0x61, 0x6e, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x20, 0x0a, 0x02, 0x6f, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x10, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x4f, 0x53, 0x52, 0x02, 0x6f, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c,
+	0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79,
+	0x2e, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x75,
+	0x6c, 0x74, 0x52, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x22, 0xe3, 0x02, 0x0a, 0x06,
+	0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x45,
+	0x0a, 0x0f, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65,
+	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x56, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69,
+	0x6c, 0x69, 0x74, 0x79, 0x52, 0x0f, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c,
+	0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x54, 0x0a, 0x11, 0x6d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x26, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x6d, 0x69, 0x73, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63,
+	0x6c, 0x61, 0x73, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x6c, 0x61, 0x73,
+	0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65,
+	0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e,
+	0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x52, 0x08,
+	0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x12, 0x47, 0x0a, 0x10, 0x63, 0x75, 0x73, 0x74,
+	0x6f, 0x6d, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x52, 0x0f, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x73, 0x32, 0x50, 0x0a, 0x07, 0x53, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x12, 0x45, 0x0a, 0x04,
+	0x53, 0x63, 0x61, 0x6e, 0x12, 0x1d, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x73, 0x63, 0x61,
+	0x6e, 0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x73, 0x63, 0x61, 0x6e,
+	0x6e, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x63, 0x61, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x42, 0x33, 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74,
+	0x72, 0x69, 0x76, 0x79, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72,
+	0x3b, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -383,6 +393,7 @@ var file_rpc_scanner_service_proto_goTypes = []interface{}{
 	(*common.Vulnerability)(nil),            // 5: trivy.common.Vulnerability
 	(*common.DetectedMisconfiguration)(nil), // 6: trivy.common.DetectedMisconfiguration
 	(*common.Package)(nil),                  // 7: trivy.common.Package
+	(*common.CustomResource)(nil),           // 8: trivy.common.CustomResource
 }
 var file_rpc_scanner_service_proto_depIdxs = []int32{
 	1, // 0: trivy.scanner.v1.ScanRequest.options:type_name -> trivy.scanner.v1.ScanOptions
@@ -391,13 +402,14 @@ var file_rpc_scanner_service_proto_depIdxs = []int32{
 	5, // 3: trivy.scanner.v1.Result.vulnerabilities:type_name -> trivy.common.Vulnerability
 	6, // 4: trivy.scanner.v1.Result.misconfigurations:type_name -> trivy.common.DetectedMisconfiguration
 	7, // 5: trivy.scanner.v1.Result.packages:type_name -> trivy.common.Package
-	0, // 6: trivy.scanner.v1.Scanner.Scan:input_type -> trivy.scanner.v1.ScanRequest
-	2, // 7: trivy.scanner.v1.Scanner.Scan:output_type -> trivy.scanner.v1.ScanResponse
-	7, // [7:8] is the sub-list for method output_type
-	6, // [6:7] is the sub-list for method input_type
-	6, // [6:6] is the sub-list for extension type_name
-	6, // [6:6] is the sub-list for extension extendee
-	0, // [0:6] is the sub-list for field type_name
+	8, // 6: trivy.scanner.v1.Result.custom_resources:type_name -> trivy.common.CustomResource
+	0, // 7: trivy.scanner.v1.Scanner.Scan:input_type -> trivy.scanner.v1.ScanRequest
+	2, // 8: trivy.scanner.v1.Scanner.Scan:output_type -> trivy.scanner.v1.ScanResponse
+	8, // [8:9] is the sub-list for method output_type
+	7, // [7:8] is the sub-list for method input_type
+	7, // [7:7] is the sub-list for extension type_name
+	7, // [7:7] is the sub-list for extension extendee
+	0, // [0:7] is the sub-list for field type_name
 }
 
 func init() { file_rpc_scanner_service_proto_init() }

rpc/scanner/service.proto

@@ -3,7 +3,7 @@ syntax = "proto3";
 package trivy.scanner.v1;
 option  go_package = "github.com/aquasecurity/trivy/rpc/scanner;scanner";
 
-import "github.com/aquasecurity/trivy/rpc/common/service.proto";
+import "rpc/common/service.proto";
 
 service Scanner {
   rpc Scan(ScanRequest) returns (ScanResponse);
@@ -35,4 +35,5 @@ message Result {
   string class                                               = 6;
   string   type                                              = 3;
   repeated common.Package packages                           = 5;
+  repeated common.CustomResource custom_resources            = 7;
 }

rpc/scanner/service.twirp.go

@@ -1091,36 +1091,38 @@ func callClientError(ctx context.Context, h *twirp.ClientHooks, err twirp.Error)
 }
 
 var twirpFileDescriptor0 = []byte{
-	// 486 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x53, 0x3d, 0x6f, 0xdb, 0x30,
-	0x10, 0x85, 0x64, 0xc7, 0x1f, 0xa7, 0xa2, 0x4e, 0x88, 0xb6, 0x50, 0x12, 0xb4, 0x35, 0x3c, 0xb4,
-	0x46, 0x07, 0x09, 0x56, 0x80, 0x76, 0xe8, 0xd4, 0x8f, 0x0c, 0x19, 0x8a, 0x04, 0x74, 0xd0, 0xa1,
-	0x8b, 0x40, 0x51, 0x8c, 0x43, 0x84, 0x16, 0x15, 0x92, 0x32, 0xa0, 0xa9, 0xff, 0x23, 0xbf, 0xb6,
-	0x10, 0x29, 0x05, 0xb5, 0x03, 0x23, 0x93, 0x74, 0xef, 0x1e, 0xef, 0xde, 0xbd, 0x23, 0xe1, 0x58,
-	0x95, 0x34, 0xd6, 0x94, 0x14, 0x05, 0x53, 0xb1, 0x66, 0x6a, 0xc3, 0x29, 0x8b, 0x4a, 0x25, 0x8d,
-	0x44, 0x87, 0x46, 0xf1, 0x4d, 0x1d, 0xb5, 0xc9, 0x68, 0xb3, 0x38, 0xf9, 0xbc, 0xe2, 0xe6, 0xb6,
-	0xca, 0x22, 0x2a, 0xd7, 0x31, 0xb9, 0xaf, 0x88, 0x66, 0xb4, 0x52, 0xdc, 0xd4, 0xb1, 0x65, 0xc6,
-	0x4d, 0x29, 0x2a, 0xd7, 0x6b, 0x59, 0x6c, 0x57, 0x9a, 0x3d, 0x78, 0x10, 0x2c, 0x29, 0x29, 0x30,
-	0xbb, 0xaf, 0x98, 0x36, 0xe8, 0x0d, 0x0c, 0x0c, 0x51, 0x2b, 0x66, 0x42, 0x6f, 0xea, 0xcd, 0xc7,
-	0xb8, 0x8d, 0xd0, 0x7b, 0x08, 0x88, 0x32, 0xfc, 0x86, 0x50, 0x93, 0xf2, 0x3c, 0xf4, 0x6d, 0x12,
-	0x3a, 0xe8, 0x22, 0x47, 0xc7, 0x30, 0xca, 0x84, 0xcc, 0x52, 0x9e, 0xeb, 0xb0, 0x37, 0xed, 0xcd,
-	0xc7, 0x78, 0xd8, 0xc4, 0x17, 0xb9, 0x46, 0x5f, 0x60, 0x28, 0x4b, 0xc3, 0x65, 0xa1, 0xc3, 0xfe,
-	0xd4, 0x9b, 0x07, 0xc9, 0xdb, 0x68, 0x57, 0x7f, 0xd4, 0x68, 0xb8, 0x74, 0x24, 0xdc, 0xb1, 0x67,
-	0x7f, 0x9d, 0xb6, 0x16, 0x47, 0xa7, 0x30, 0xde, 0x54, 0xa2, 0x48, 0x4d, 0x5d, 0xb2, 0xd0, 0xb3,
-	0x3d, 0x46, 0x0d, 0x70, 0x5d, 0x97, 0x0c, 0x7d, 0x84, 0x49, 0x37, 0x73, 0x4a, 0x6f, 0x19, 0xbd,
-	0xd3, 0xa1, 0x6f, 0x29, 0x2f, 0x3b, 0xf8, 0x87, 0x45, 0xd1, 0x27, 0x38, 0x12, 0x5c, 0x9b, 0x94,
-	0x08, 0x91, 0x96, 0x84, 0xde, 0x91, 0x15, 0x6b, 0x14, 0x7b, 0xf3, 0x11, 0x9e, 0x34, 0x89, 0x6f,
-	0x42, 0x5c, 0xb5, 0xf0, 0x2c, 0x87, 0x17, 0xce, 0x1c, 0x5d, 0xca, 0x42, 0x33, 0x34, 0x05, 0x5f,
-	0x6a, 0xeb, 0x4c, 0x90, 0x1c, 0xb6, 0x43, 0x38, 0x5b, 0xa3, 0xcb, 0x25, 0xf6, 0xa5, 0x46, 0x09,
-	0x0c, 0x15, 0xd3, 0x95, 0x30, 0xce, 0x85, 0x20, 0x09, 0x9f, 0xce, 0x8a, 0x2d, 0x01, 0x77, 0xc4,
-	0xd9, 0x83, 0x0f, 0x03, 0x87, 0xed, 0xb5, 0xff, 0x1c, 0x26, 0xcd, 0xa4, 0x4c, 0x91, 0x8c, 0x0b,
-	0x6e, 0x38, 0x73, 0xd3, 0x05, 0xc9, 0xe9, 0xb6, 0x8a, 0xdf, 0xff, 0x91, 0x6a, 0xbc, 0x7b, 0x06,
-	0x5d, 0xc3, 0xd1, 0x9a, 0x6b, 0x2a, 0x8b, 0x1b, 0xbe, 0xaa, 0x14, 0xe9, 0x76, 0xd2, 0x14, 0xfa,
-	0xb0, 0x5d, 0xe8, 0x27, 0x33, 0x8c, 0x1a, 0x96, 0xff, 0xda, 0xa1, 0xe3, 0xa7, 0x05, 0xd0, 0x2b,
-	0x38, 0xa0, 0x82, 0x68, 0x1d, 0x0e, 0xac, 0x66, 0x17, 0x20, 0x04, 0x7d, 0xbb, 0xa8, 0x9e, 0x05,
-	0xed, 0x3f, 0x5a, 0xc0, 0xe8, 0xd1, 0xf2, 0x03, 0xdb, 0xf6, 0xf5, 0x76, 0xdb, 0xd6, 0x79, 0xfc,
-	0x48, 0x4b, 0xae, 0x60, 0xb8, 0x74, 0xd6, 0xa1, 0x73, 0xe8, 0x37, 0xbf, 0x68, 0xcf, 0xf5, 0x69,
-	0xaf, 0xf0, 0xc9, 0xbb, 0x7d, 0x69, 0xb7, 0xc4, 0xef, 0x67, 0x7f, 0x16, 0xcf, 0x3f, 0x96, 0xf6,
-	0xf0, 0xd7, 0xf6, 0x9b, 0x0d, 0xec, 0x73, 0x39, 0xfb, 0x17, 0x00, 0x00, 0xff, 0xff, 0xf1, 0x14,
-	0x4b, 0x5a, 0x95, 0x03, 0x00, 0x00,
+	// 514 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x3d, 0x6f, 0xdb, 0x30,
+	0x10, 0x85, 0x6c, 0xc7, 0x1f, 0xa7, 0xa2, 0x76, 0x88, 0xb6, 0x50, 0x92, 0x7e, 0x18, 0x1e, 0x5a,
+	0xa3, 0x83, 0x0c, 0x2b, 0x43, 0x87, 0x4e, 0x6d, 0x1a, 0x14, 0x19, 0x8a, 0x04, 0x74, 0xd0, 0xa1,
+	0x8b, 0x40, 0x53, 0x8c, 0x43, 0x44, 0x16, 0x15, 0x1e, 0x65, 0xc0, 0x53, 0xff, 0x47, 0xff, 0x5e,
+	0xff, 0x48, 0x20, 0x52, 0x0a, 0x22, 0x07, 0x9e, 0xa4, 0x7b, 0xf7, 0x8e, 0x7c, 0xf7, 0x78, 0x07,
+	0x47, 0x3a, 0xe7, 0x33, 0xe4, 0x2c, 0xcb, 0x84, 0x9e, 0xa1, 0xd0, 0x1b, 0xc9, 0x45, 0x98, 0x6b,
+	0x65, 0x14, 0x19, 0x19, 0x2d, 0x37, 0xdb, 0xb0, 0x4a, 0x86, 0x9b, 0xf9, 0x71, 0x50, 0x92, 0xb9,
+	0x5a, 0xaf, 0x55, 0xd6, 0xe4, 0x4e, 0xfe, 0x79, 0xe0, 0x2f, 0x38, 0xcb, 0xa8, 0xb8, 0x2f, 0x04,
+	0x1a, 0xf2, 0x06, 0xba, 0x86, 0xe9, 0x95, 0x30, 0x81, 0x37, 0xf6, 0xa6, 0x03, 0x5a, 0x45, 0xe4,
+	0x03, 0xf8, 0x4c, 0x1b, 0x79, 0xc3, 0xb8, 0x89, 0x65, 0x12, 0xb4, 0x6c, 0x12, 0x6a, 0xe8, 0x22,
+	0x21, 0x47, 0xd0, 0x5f, 0xa6, 0x6a, 0x19, 0xcb, 0x04, 0x83, 0xf6, 0xb8, 0x3d, 0x1d, 0xd0, 0x5e,
+	0x19, 0x5f, 0x24, 0x48, 0xbe, 0x40, 0x4f, 0xe5, 0x46, 0xaa, 0x0c, 0x83, 0xce, 0xd8, 0x9b, 0xfa,
+	0xd1, 0xbb, 0x70, 0x57, 0x61, 0x58, 0x6a, 0xb8, 0x74, 0x24, 0x5a, 0xb3, 0x27, 0x7f, 0x9d, 0xb6,
+	0x0a, 0x27, 0x27, 0x30, 0xd8, 0x14, 0x69, 0x16, 0x9b, 0x6d, 0x2e, 0x02, 0xcf, 0xde, 0xd1, 0x2f,
+	0x81, 0xeb, 0x6d, 0x2e, 0xc8, 0x27, 0x18, 0xa2, 0xe0, 0x85, 0x96, 0x66, 0x1b, 0xf3, 0x5b, 0xc1,
+	0xef, 0x30, 0x68, 0x59, 0xca, 0xcb, 0x1a, 0x3e, 0xb3, 0x28, 0xf9, 0x0c, 0x87, 0xa9, 0x44, 0x13,
+	0xb3, 0x34, 0x8d, 0x73, 0xc6, 0xef, 0xd8, 0x4a, 0x94, 0x8a, 0xbd, 0x69, 0x9f, 0x0e, 0xcb, 0xc4,
+	0xb7, 0x34, 0xbd, 0xaa, 0xe0, 0x49, 0x02, 0x2f, 0x9c, 0x39, 0x98, 0xab, 0x0c, 0x05, 0x19, 0x43,
+	0x4b, 0xa1, 0x75, 0xc6, 0x8f, 0x46, 0x55, 0x13, 0xce, 0xd6, 0xf0, 0x72, 0x41, 0x5b, 0x0a, 0x49,
+	0x04, 0x3d, 0x2d, 0xb0, 0x48, 0x8d, 0x73, 0xc1, 0x8f, 0x82, 0xe7, 0xbd, 0x52, 0x4b, 0xa0, 0x35,
+	0x71, 0xf2, 0xbf, 0x05, 0x5d, 0x87, 0xed, 0xb5, 0xff, 0x1c, 0x86, 0x65, 0xa7, 0x42, 0xb3, 0xa5,
+	0x4c, 0xa5, 0x91, 0xc2, 0x75, 0xe7, 0x47, 0x27, 0x4d, 0x15, 0xbf, 0x9f, 0x90, 0xb6, 0x74, 0xb7,
+	0x86, 0x5c, 0xc3, 0xe1, 0x5a, 0x22, 0x57, 0xd9, 0x8d, 0x5c, 0x15, 0x9a, 0xd5, 0x6f, 0x52, 0x1e,
+	0xf4, 0xb1, 0x79, 0xd0, 0x0f, 0x61, 0x04, 0x37, 0x22, 0xf9, 0xb5, 0x43, 0xa7, 0xcf, 0x0f, 0x20,
+	0xaf, 0xe0, 0x80, 0xa7, 0x0c, 0x31, 0xe8, 0x5a, 0xcd, 0x2e, 0x20, 0x04, 0x3a, 0xf6, 0xa1, 0xda,
+	0x16, 0xb4, 0xff, 0x64, 0x0e, 0xfd, 0x47, 0xcb, 0x0f, 0xec, 0xb5, 0xaf, 0x9b, 0xd7, 0x56, 0xce,
+	0xd3, 0x47, 0x1a, 0xf9, 0x09, 0x23, 0x5e, 0xa0, 0x51, 0xeb, 0x58, 0x0b, 0x54, 0x85, 0xe6, 0x02,
+	0x83, 0x9e, 0x2d, 0x7d, 0xdb, 0x2c, 0x3d, 0xb3, 0x2c, 0x5a, 0x91, 0xe8, 0x90, 0x37, 0x62, 0x8c,
+	0xae, 0xa0, 0xb7, 0x70, 0x6f, 0x40, 0xce, 0xa1, 0x53, 0xfe, 0x92, 0x3d, 0x73, 0x58, 0xed, 0xc2,
+	0xf1, 0xfb, 0x7d, 0x69, 0x37, 0x0d, 0xdf, 0x4f, 0xff, 0xcc, 0x57, 0xd2, 0xdc, 0x16, 0xcb, 0x52,
+	0xc2, 0x8c, 0xdd, 0x17, 0xac, 0x1e, 0xb5, 0x99, 0x2d, 0x9c, 0x3d, 0x59, 0xd1, 0xaf, 0xd5, 0x77,
+	0xd9, 0xb5, 0x7b, 0x77, 0xfa, 0x10, 0x00, 0x00, 0xff, 0xff, 0xb0, 0x5b, 0x27, 0x32, 0xc0, 0x03,
+	0x00, 0x00,
 }