mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 23:26:39 -08:00
415b99dab3
* chore(wire): specify package names * fix(extractor): remove types.GetDockerOption * chore(README): mention OCI support * chore(mod): update dependencies * test(integration): fix an error message * test(integration): revert the error message * chore(mod): tidy Co-authored-by: Simarpreet Singh <simar@linux.com>
102 lines
2.8 KiB
Go
102 lines
2.8 KiB
Go
package scanner
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/google/wire"
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/aquasecurity/fanal/analyzer"
|
|
"github.com/aquasecurity/fanal/extractor"
|
|
"github.com/aquasecurity/fanal/extractor/docker"
|
|
ftypes "github.com/aquasecurity/fanal/types"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
"github.com/aquasecurity/trivy/pkg/report"
|
|
"github.com/aquasecurity/trivy/pkg/rpc/client"
|
|
"github.com/aquasecurity/trivy/pkg/scanner/local"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
)
|
|
|
|
// StandaloneSuperSet is used in the standalone mode
|
|
var StandaloneSuperSet = wire.NewSet(
|
|
analyzer.New,
|
|
wire.Bind(new(Analyzer), new(analyzer.Config)),
|
|
local.SuperSet,
|
|
wire.Bind(new(Driver), new(local.Scanner)),
|
|
NewScanner,
|
|
)
|
|
|
|
var StandaloneDockerSet = wire.NewSet(
|
|
types.GetDockerOption,
|
|
docker.NewDockerExtractor,
|
|
wire.Bind(new(extractor.Extractor), new(docker.Extractor)),
|
|
StandaloneSuperSet,
|
|
)
|
|
|
|
var StandaloneArchiveSet = wire.NewSet(
|
|
docker.NewArchiveImageExtractor,
|
|
wire.Bind(new(extractor.Extractor), new(docker.Extractor)),
|
|
StandaloneSuperSet,
|
|
)
|
|
|
|
// RemoteSuperSet is used in the client mode
|
|
var RemoteSuperSet = wire.NewSet(
|
|
analyzer.New,
|
|
wire.Bind(new(Analyzer), new(analyzer.Config)),
|
|
client.SuperSet,
|
|
wire.Bind(new(Driver), new(client.Scanner)),
|
|
NewScanner,
|
|
)
|
|
|
|
var RemoteDockerSet = wire.NewSet(
|
|
types.GetDockerOption,
|
|
docker.NewDockerExtractor,
|
|
wire.Bind(new(extractor.Extractor), new(docker.Extractor)),
|
|
RemoteSuperSet,
|
|
)
|
|
|
|
var RemoteArchiveSet = wire.NewSet(
|
|
docker.NewArchiveImageExtractor,
|
|
wire.Bind(new(extractor.Extractor), new(docker.Extractor)),
|
|
RemoteSuperSet,
|
|
)
|
|
|
|
type Scanner struct {
|
|
driver Driver
|
|
analyzer Analyzer
|
|
}
|
|
|
|
type Driver interface {
|
|
Scan(target string, imageID string, layerIDs []string, options types.ScanOptions) (results report.Results, osFound *ftypes.OS, eols bool, err error)
|
|
}
|
|
|
|
type Analyzer interface {
|
|
Analyze(ctx context.Context) (info ftypes.ImageReference, err error)
|
|
}
|
|
|
|
func NewScanner(driver Driver, ac Analyzer) Scanner {
|
|
return Scanner{driver: driver, analyzer: ac}
|
|
}
|
|
|
|
func (s Scanner) ScanImage(options types.ScanOptions) (report.Results, error) {
|
|
ctx := context.Background()
|
|
imageInfo, err := s.analyzer.Analyze(ctx)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("failed analysis: %w", err)
|
|
}
|
|
|
|
log.Logger.Debugf("Image ID: %s", imageInfo.ID)
|
|
log.Logger.Debugf("Layer IDs: %v", imageInfo.LayerIDs)
|
|
|
|
results, osFound, eosl, err := s.driver.Scan(imageInfo.Name, imageInfo.ID, imageInfo.LayerIDs, options)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("scan failed: %w", err)
|
|
}
|
|
if eosl {
|
|
log.Logger.Warnf("This OS version is no longer supported by the distribution: %s %s", osFound.Family, osFound.Name)
|
|
log.Logger.Warnf("The vulnerability detection may be insufficient because security updates are not provided")
|
|
}
|
|
|
|
return results, nil
|
|
}
|