* fix(standalone): add defer to close databases
* test(client/server): launch a server only once
* test(docker_engine): remove the duplicated case
* test(docker_engine): copy a database only once
* test(standalone): copy a database only once
* test(server): fix tests according to updated mock
* chore(mod): update
* chore(ci): add integration tests to GitHub Actions
* chore(ci): bump up Go to 1.14
* chore(ci): remove integration tests from CircleCI
* chore(ci): add name
* chore(ci): add new lines
* wip: Add a failing test to demo severity override
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan.go: Return osFound for use in determining vendor.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* pkg: Fix ScanImage return in case an OSFound
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Include a package-lock.json for happy path
Signed-off-by: Simarpreet Singh <simar@linux.com>
* wip: Add a test to include various reportResult types
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Makefile: Add a target to generate mocks.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Pass reportType as argument for FillInfo.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add other types of vulnerabilities.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Update golden files.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* ospkg: Fix FillInfo for ospkg/server
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Add os.Family type to Response.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability_test.go: Add case where no vendor severity exists.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Fallback to NVD if it exists.
Also add tests for other cases.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Fix a few sites with reportType info and tests.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Remove VendorSeverity from displayed results
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add vulnerability source information.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add VendorSeverity logic for lightDB as well.
This commit also makes FillInfo logic common to both light and full DBs.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* remove some crufty TODOs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability_test: Add a case for light db for documentation purposes
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: update trivy-db to point to master
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Remove cruft and bring back test cases
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Add pkg Type to mock return
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: reorder err check after err
Signed-off-by: Simarpreet Singh <simar@linux.com>
* client_test: Fix import ordering
Signed-off-by: Simarpreet Singh <simar@linux.com>
* convert.go: Use result.Type
Signed-off-by: Simarpreet Singh <simar@linux.com>
* convert: Use result.Type and simplify ConvertFromRpcResults signature
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Refactor calls to getVendorSeverity
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Remove centos-7-critical.json.golden
There's no critical vulnerability in CentOS 7 anymore.
In addition this test was not adding any value that is already
not covered by existing tests cases.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Include severity source in tests.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Update test db to include VendorSeverity.
Test DB is now a snapshot of full database from trivy-db.
Also update golden files to include SeveritySource.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Make centos7 use RHEL vendor severities
Signed-off-by: Simarpreet Singh <simar@linux.com>
* refactor: wrap errors
* feat(db): add the metadata file
* test(db): re-generate mocks
* fix(app): read metadata from the file in showVersion
* fix: open the database after downloading it
* fix(operation): use UpdateMetadata
* chore(mod): update dependency
* test(integration): fix tests
* fix(conf): rename TRIVY_NONSSL to TRIVY_NON_SSL
* app: Show just version if DB is missing
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Dont panic if cache-dir is bogus
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: DRY up logic for showVersion
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Expose Trivy and VulnDB version through --version
Signed-off-by: Simarpreet Singh <simar@linux.com>
* pkg: Use time.Time as value not reference.
Based on: 64db180151
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Use various formatted outputs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Take value of --cache-dir for cacheDir
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Refactor and test showVersion
Signed-off-by: Simarpreet Singh <simar@linux.com>
* library: lighten names by remove version suffix
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Show types and add parity of table and JSON
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Switch to show using UTC time
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: Update to latest trivy-db master.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Use c.App.Writer for os.Stdout
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Replace table output with docker version style output
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Fix output to show as "Version" for Trivy version.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Move VersionInfo struct out to app.go
Signed-off-by: Simarpreet Singh <simar@linux.com>
* refactor(docker_conf): rename and remove unnecessary options
* feat(rpc): define new API
* fix(cli): change default timeout
* fix(import): fix package names
* refactor(vulnerability): remove old mock
* refactor(utils): remove un-needed functions
* feat(cache): implement cache communicating with a server
* refactor(scan): separate scan function as local scanner
* test(scanner): add tests for ScanImage
* refactor(scan): remove unused options
* test(vulnerability): generate mock
* refactor(server): split a file
* feat(server): implement new RPC server
* feat(client): implement new RPC client
* fix(cache): use new cache interface
* fix(standalone): use new scanner
* fix(client): use new scanner
* fix(server): pass cache
* test(integration): make sure an error is not nil before calling the method
* fix(mod): update dependencies
* test(integration): ensure the image load finishes
* feat(docker): support DOCKER_HOST and DOCKER_CERT_PATH
* chore(mod): update dependencies
* refactor(rpc): remove old client
* feat(server): support old API for backward compatibility
* fix(server): check a schema version of JSON cache
* fix(rpc): add a version to packages
* feat(rpc): add PutImage
* test: rename expectations
* refactor(cache): rename LayerCache to ImageCache
* refactor: rename ImageInfo to ImageReference
* fix(applier): pass image_id to ApplyLayer
* feat(cache): handle image cache
* chore(mod): update dependencies
* refactor(server): pass only config
* feat(cli): add -removed-pkgs option
* refactor(err): wrap errors
* test: cli: append warning when --template option is ignored
to avoid --template is silently ignored when --format <table|json>
or no --format is passed.
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
* cli: append warning when --template option is ignored
to avoid --template is silently ignored when --format <table|json>
or no --format is passed.
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
* test: cli: append warning when --format template is ignored
when --template is not specified
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
* cli: append warning when --format template is ignored
when --template is not specified
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
* chore(mod): update dependencies
* fix(scanner): make scanner take a cache client as the argument
* refactor: sort imports
* refactor(cache): create a struct to clear cache
* fix(cache): use a struct to clear cache
* fix(wire): update constructor to take cache struct
* fix(cache): use the constructor generated by wire
* docs(cli): update the option description
* fix(cache): use the cache struct
* fix(cache): split Reset into ClearDB and ClearImages
* fix(github): return db size
* fix(github_mock): add size
* feat(indicator): add progress bar
* refactor(config): remove global Quiet
* fix(db): take progress bar as an argument
* fix(progress): inject progress bar
