gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity
455 Commits 31 Branches 177 Tags
df669592edd0645abd5e130221013b0c37512e61
Go to file
Clone
Open with VS Code
Download ZIP Download TAR.GZ Download BUNDLE
Rafael Sene df669592ed Bump go-rpmdb (fanal#553) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2022-06-09 10:35:23 +03:00
.github
chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (fanal#541)
2022-06-01 19:35:08 +03:00
analyzer
Bump go-rpmdb (fanal#553)
2022-06-09 10:35:23 +03:00
applier
feat: add secret scanning (fanal#431)
2022-04-21 18:15:37 +03:00
artifact
feat: adding helm support (fanal#534)
2022-05-31 18:50:57 +01:00
cache
refactor: do not import defsec in types package (fanal#537)
2022-06-07 11:26:32 +03:00
cmd/fanal
feat: add post handler (fanal#460)
2022-05-09 22:43:39 +03:00
external
refactor: do not import defsec in types package (fanal#537)
2022-06-07 11:26:32 +03:00
handler
refactor: do not import defsec in types package (fanal#537)
2022-06-07 11:26:32 +03:00
image
chore(ci): enable gofmt linter (fanal#452)
2022-04-04 23:30:06 +03:00
log
feat: support config (fanal#166)
2021-05-19 08:05:14 +03:00
secret
fix(secrets): AsymmetricPrivateKeys use only base64 characters (fanal#539)
2022-05-31 13:19:52 +03:00
test
feat(npm): calculate indirect libraries (fanal#557)
2022-06-09 10:05:07 +03:00
types
refactor: do not import defsec in types package (fanal#537)
2022-06-07 11:26:32 +03:00
utils
fix(config): change selector type (fanal#189)
2021-06-28 14:52:57 +03:00
walker
feat(walker): export default skip variables (fanal#418)
2022-03-14 16:24:09 +02:00
.gitignore
feat: support config (fanal#166)
2021-05-19 08:05:14 +03:00
.golangci.yml
chore(ci): enable gofmt linter (fanal#452)
2022-04-04 23:30:06 +03:00
go.mod
Bump go-rpmdb (fanal#553)
2022-06-09 10:35:23 +03:00
go.sum
Bump go-rpmdb (fanal#553)
2022-06-09 10:35:23 +03:00
LICENSE
Change license to Apache 2.0 (fanal#92)
2020-03-13 10:22:25 +00:00
Makefile
test: use images in GHCR for integration tests (fanal#554)
2022-06-08 14:23:22 +03:00
NOTICE
Change license to Apache 2.0 (fanal#92)
2020-03-13 10:22:25 +00:00
README.md
feat(golang): support binary (fanal#165)
2021-04-29 17:21:35 +03:00

README.md

fanal

Static Analysis Library for Containers

GoDoc Test Go Report Card License: Apache-2.0

Feature

  • Detect OS
  • Extract OS packages
  • Extract libraries used by an application
    • Bundler, Composer, npm, Yarn, Pipenv, Poetry, Cargo, Go Binary, Java Archive (JAR/WAR/EAR), NuGet

Example

See cmd/fanal/

package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"

	"golang.org/x/xerrors"

	"github.com/aquasecurity/fanal/cache"

	"github.com/aquasecurity/fanal/analyzer"
	_ "github.com/aquasecurity/fanal/analyzer/library/bundler"
	_ "github.com/aquasecurity/fanal/analyzer/library/composer"
	_ "github.com/aquasecurity/fanal/analyzer/library/npm"
	_ "github.com/aquasecurity/fanal/analyzer/library/pipenv"
	_ "github.com/aquasecurity/fanal/analyzer/library/poetry"
	_ "github.com/aquasecurity/fanal/analyzer/library/yarn"
	_ "github.com/aquasecurity/fanal/analyzer/library/cargo"
	_ "github.com/aquasecurity/fanal/analyzer/os/alpine"
	_ "github.com/aquasecurity/fanal/analyzer/os/amazonlinux"
	_ "github.com/aquasecurity/fanal/analyzer/os/debianbase"
	_ "github.com/aquasecurity/fanal/analyzer/os/suse"
	_ "github.com/aquasecurity/fanal/analyzer/os/redhatbase"
	_ "github.com/aquasecurity/fanal/analyzer/pkg/apk"
	_ "github.com/aquasecurity/fanal/analyzer/pkg/dpkg"
	_ "github.com/aquasecurity/fanal/analyzer/pkg/rpm"
	"github.com/aquasecurity/fanal/extractor"
	"golang.org/x/crypto/ssh/terminal"
)

func main() {
	if err := run(); err != nil {
		log.Fatal(err)
	}
}

func run() (err error) {
	ctx := context.Background()
	tarPath := flag.String("f", "-", "layer.tar path")
	clearCache := flag.Bool("clear", false, "clear cache")
	flag.Parse()

	if *clearCache {
		if err = cache.Clear(); err != nil {
			return xerrors.Errorf("error in cache clear: %w", err)
		}
	}

	args := flag.Args()

	var files extractor.FileMap
	if len(args) > 0 {
		files, err = analyzer.Analyze(ctx, args[0])
		if err != nil {
			return err
		}
	} else {
		rc, err := openStream(*tarPath)
		if err != nil {
			return err
		}

		files, err = analyzer.AnalyzeFromFile(ctx, rc)
		if err != nil {
			return err
		}
	}

	os, err := analyzer.GetOS(files)
	if err != nil {
		return err
	}
	fmt.Printf("%+v\n", os)

	pkgs, err := analyzer.GetPackages(files)
	if err != nil {
		return err
	}
	fmt.Printf("Packages: %d\n", len(pkgs))

	libs, err := analyzer.GetLibraries(files)
	if err != nil {
		return err
	}
	for filepath, libList := range libs {
		fmt.Printf("%s: %d\n", filepath, len(libList))
	}
	return nil
}

func openStream(path string) (*os.File, error) {
	if path == "-" {
		if terminal.IsTerminal(0) {
			flag.Usage()
			os.Exit(64)
		} else {
			return os.Stdin, nil
		}
	}
	return os.Open(path)
}

Notes

When using latest tag, that image will be cached. After latest tag is updated, you need to clear cache.

Reference in New Issue View Git Blame Copy Permalink
Description
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
containersdevsecopsdockergogolanghacktoberfestiacinfrastructure-as-codekubernetesmisconfigurationsecuritysecurity-toolsvulnerabilityvulnerability-detectionvulnerability-scanners
Readme Apache-2.0 1.1 GiB
Languages
Go 98.7%
Smarty 1.1%
Shell 0.2%