mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 23:26:39 -08:00
2f2d1a908b
* refactor: embed config * refactor: replace image and layer with artifact and blob * feat(config): add ArtifactConfig * fix(scanner): use Artifact * test(scanner): update mocks * feat: add repo and fs subcommands * chore(mod): update * refactor: fix warn message * feat(cli): add --no-progress to repo and fs * mod: Update fanal dependency Signed-off-by: Simarpreet Singh <simar@linux.com> Co-authored-by: Simarpreet Singh <simar@linux.com>
104 lines
2.6 KiB
Go
104 lines
2.6 KiB
Go
package scanner
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/google/wire"
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/aquasecurity/fanal/artifact"
|
|
aimage "github.com/aquasecurity/fanal/artifact/image"
|
|
flocal "github.com/aquasecurity/fanal/artifact/local"
|
|
"github.com/aquasecurity/fanal/artifact/remote"
|
|
"github.com/aquasecurity/fanal/image"
|
|
ftypes "github.com/aquasecurity/fanal/types"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
"github.com/aquasecurity/trivy/pkg/report"
|
|
"github.com/aquasecurity/trivy/pkg/rpc/client"
|
|
"github.com/aquasecurity/trivy/pkg/scanner/local"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
)
|
|
|
|
// StandaloneSuperSet is used in the standalone mode
|
|
var StandaloneSuperSet = wire.NewSet(
|
|
local.SuperSet,
|
|
wire.Bind(new(Driver), new(local.Scanner)),
|
|
NewScanner,
|
|
)
|
|
|
|
var StandaloneDockerSet = wire.NewSet(
|
|
types.GetDockerOption,
|
|
image.NewDockerImage,
|
|
aimage.NewArtifact,
|
|
StandaloneSuperSet,
|
|
)
|
|
|
|
var StandaloneArchiveSet = wire.NewSet(
|
|
image.NewArchiveImage,
|
|
aimage.NewArtifact,
|
|
StandaloneSuperSet,
|
|
)
|
|
|
|
var StandaloneFilesystemSet = wire.NewSet(
|
|
flocal.NewArtifact,
|
|
StandaloneSuperSet,
|
|
)
|
|
|
|
var StandaloneRepositorySet = wire.NewSet(
|
|
remote.NewArtifact,
|
|
StandaloneSuperSet,
|
|
)
|
|
|
|
// RemoteSuperSet is used in the client mode
|
|
var RemoteSuperSet = wire.NewSet(
|
|
aimage.NewArtifact,
|
|
client.SuperSet,
|
|
wire.Bind(new(Driver), new(client.Scanner)),
|
|
NewScanner,
|
|
)
|
|
|
|
var RemoteDockerSet = wire.NewSet(
|
|
types.GetDockerOption,
|
|
image.NewDockerImage,
|
|
RemoteSuperSet,
|
|
)
|
|
|
|
var RemoteArchiveSet = wire.NewSet(
|
|
image.NewArchiveImage,
|
|
RemoteSuperSet,
|
|
)
|
|
|
|
type Scanner struct {
|
|
driver Driver
|
|
artifact artifact.Artifact
|
|
}
|
|
|
|
type Driver interface {
|
|
Scan(target string, imageID string, layerIDs []string, options types.ScanOptions) (results report.Results, osFound *ftypes.OS, eols bool, err error)
|
|
}
|
|
|
|
func NewScanner(driver Driver, ar artifact.Artifact) Scanner {
|
|
return Scanner{driver: driver, artifact: ar}
|
|
}
|
|
|
|
func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (report.Results, error) {
|
|
artifactInfo, err := s.artifact.Inspect(ctx)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("failed analysis: %w", err)
|
|
}
|
|
|
|
log.Logger.Debugf("Artifact ID: %s", artifactInfo.ID)
|
|
log.Logger.Debugf("Blob IDs: %v", artifactInfo.BlobIDs)
|
|
|
|
results, osFound, eosl, err := s.driver.Scan(artifactInfo.Name, artifactInfo.ID, artifactInfo.BlobIDs, options)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("scan failed: %w", err)
|
|
}
|
|
if eosl {
|
|
log.Logger.Warnf("This OS version is no longer supported by the distribution: %s %s", osFound.Family, osFound.Name)
|
|
log.Logger.Warnf("The vulnerability detection may be insufficient because security updates are not provided")
|
|
}
|
|
|
|
return results, nil
|
|
}
|