gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-06 04:41:18 -08:00
Code Issues Packages Projects Releases Wiki Activity
353 Commits 31 Branches 177 Tags
4d625c21e67bbec9a1aeec2a1a6a8984cbf47582
Go to file
Clone
Open with VS Code
Download ZIP Download TAR.GZ Download BUNDLE
DmitriyLewen 4d625c21e6 feat(docker): add support for scanning docker image with ImageID (fanal#405) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2022-03-03 18:23:45 +02:00
.github
chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (fanal#408)
2022-03-03 10:09:10 +02:00
analyzer
feat(rpm): detect RPM databases in SQLite3 format (fanal#381)
2022-02-09 13:16:51 +02:00
applier
fix(applier): modify apply layer to merge custom resources as well (fanal#369)
2022-02-08 12:49:02 +02:00
artifact
fix(applier): modify apply layer to merge custom resources as well (fanal#369)
2022-02-08 12:49:02 +02:00
cache
refactor(types): merge LibraryInfo into Package (fanal#302)
2021-10-05 20:20:59 +03:00
cmd/fanal
feat(analyzer): introduce analyzer group (fanal#340)
2022-01-10 16:32:07 +02:00
config
chore: update the defsec and tfsec versions
2022-02-21 09:56:02 +00:00
external
feat: skip files and dirs (fanal#284)
2021-10-01 19:59:56 +03:00
hook
fix(hook): fix skip of language-specific files when scanning rootfs directory (fanal#380)
2022-02-21 15:35:08 +02:00
image
feat(docker): add support for scanning docker image with ImageID (fanal#405)
2022-03-03 18:23:45 +02:00
log
feat: support config (fanal#166)
2021-05-19 08:05:14 +03:00
policy
feat(policy): add query and traces (fanal#207)
2021-07-11 12:01:15 +03:00
test
feat(rpm): detect RPM databases in SQLite3 format (fanal#381)
2022-02-09 13:16:51 +02:00
types
feat(analyzer): support Red Hat build info (fanal#151)
2022-01-28 15:31:14 +02:00
utils
fix(config): change selector type (fanal#189)
2021-06-28 14:52:57 +03:00
walker
Allow to scan a single file (fanal#356)
2022-01-11 18:25:55 +02:00
.gitignore
feat: support config (fanal#166)
2021-05-19 08:05:14 +03:00
.golangci.yml
ci(lint) : setup golangci-lint-action (fanal#256)
2021-11-29 09:36:55 +02:00
go.mod
fix(hcl2json): fix panic in hcl2json (fanal#417)
2022-03-03 15:11:10 +02:00
go.sum
feat(docker): add support for scanning docker image with ImageID (fanal#405)
2022-03-03 18:23:45 +02:00
LICENSE
Change license to Apache 2.0 (fanal#92)
2020-03-13 10:22:25 +00:00
Makefile
feat: support local filesystem and remote git repository (fanal#107)
2020-05-28 23:29:07 +03:00
NOTICE
Change license to Apache 2.0 (fanal#92)
2020-03-13 10:22:25 +00:00
README.md
feat(golang): support binary (fanal#165)
2021-04-29 17:21:35 +03:00

README.md

fanal

Static Analysis Library for Containers

GoDoc Test Go Report Card License: Apache-2.0

Feature

  • Detect OS
  • Extract OS packages
  • Extract libraries used by an application
    • Bundler, Composer, npm, Yarn, Pipenv, Poetry, Cargo, Go Binary, Java Archive (JAR/WAR/EAR), NuGet

Example

See cmd/fanal/

package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"

	"golang.org/x/xerrors"

	"github.com/aquasecurity/fanal/cache"

	"github.com/aquasecurity/fanal/analyzer"
	_ "github.com/aquasecurity/fanal/analyzer/library/bundler"
	_ "github.com/aquasecurity/fanal/analyzer/library/composer"
	_ "github.com/aquasecurity/fanal/analyzer/library/npm"
	_ "github.com/aquasecurity/fanal/analyzer/library/pipenv"
	_ "github.com/aquasecurity/fanal/analyzer/library/poetry"
	_ "github.com/aquasecurity/fanal/analyzer/library/yarn"
	_ "github.com/aquasecurity/fanal/analyzer/library/cargo"
	_ "github.com/aquasecurity/fanal/analyzer/os/alpine"
	_ "github.com/aquasecurity/fanal/analyzer/os/amazonlinux"
	_ "github.com/aquasecurity/fanal/analyzer/os/debianbase"
	_ "github.com/aquasecurity/fanal/analyzer/os/suse"
	_ "github.com/aquasecurity/fanal/analyzer/os/redhatbase"
	_ "github.com/aquasecurity/fanal/analyzer/pkg/apk"
	_ "github.com/aquasecurity/fanal/analyzer/pkg/dpkg"
	_ "github.com/aquasecurity/fanal/analyzer/pkg/rpm"
	"github.com/aquasecurity/fanal/extractor"
	"golang.org/x/crypto/ssh/terminal"
)

func main() {
	if err := run(); err != nil {
		log.Fatal(err)
	}
}

func run() (err error) {
	ctx := context.Background()
	tarPath := flag.String("f", "-", "layer.tar path")
	clearCache := flag.Bool("clear", false, "clear cache")
	flag.Parse()

	if *clearCache {
		if err = cache.Clear(); err != nil {
			return xerrors.Errorf("error in cache clear: %w", err)
		}
	}

	args := flag.Args()

	var files extractor.FileMap
	if len(args) > 0 {
		files, err = analyzer.Analyze(ctx, args[0])
		if err != nil {
			return err
		}
	} else {
		rc, err := openStream(*tarPath)
		if err != nil {
			return err
		}

		files, err = analyzer.AnalyzeFromFile(ctx, rc)
		if err != nil {
			return err
		}
	}

	os, err := analyzer.GetOS(files)
	if err != nil {
		return err
	}
	fmt.Printf("%+v\n", os)

	pkgs, err := analyzer.GetPackages(files)
	if err != nil {
		return err
	}
	fmt.Printf("Packages: %d\n", len(pkgs))

	libs, err := analyzer.GetLibraries(files)
	if err != nil {
		return err
	}
	for filepath, libList := range libs {
		fmt.Printf("%s: %d\n", filepath, len(libList))
	}
	return nil
}

func openStream(path string) (*os.File, error) {
	if path == "-" {
		if terminal.IsTerminal(0) {
			flag.Usage()
			os.Exit(64)
		} else {
			return os.Stdin, nil
		}
	}
	return os.Open(path)
}

Notes

When using latest tag, that image will be cached. After latest tag is updated, you need to clear cache.

Reference in New Issue View Git Blame Copy Permalink
Description
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
containersdevsecopsdockergogolanghacktoberfestiacinfrastructure-as-codekubernetesmisconfigurationsecuritysecurity-toolsvulnerabilityvulnerability-detectionvulnerability-scanners
Readme Apache-2.0 1.1 GiB
Languages
Go 98.7%
Smarty 1.1%
Shell 0.2%