mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
18b80e3781
* refactor(docker_conf): rename and remove unnecessary options * feat(rpc): define new API * fix(cli): change default timeout * fix(import): fix package names * refactor(vulnerability): remove old mock * refactor(utils): remove un-needed functions * feat(cache): implement cache communicating with a server * refactor(scan): separate scan function as local scanner * test(scanner): add tests for ScanImage * refactor(scan): remove unused options * test(vulnerability): generate mock * refactor(server): split a file * feat(server): implement new RPC server * feat(client): implement new RPC client * fix(cache): use new cache interface * fix(standalone): use new scanner * fix(client): use new scanner * fix(server): pass cache * test(integration): make sure an error is not nil before calling the method * fix(mod): update dependencies * test(integration): ensure the image load finishes * feat(docker): support DOCKER_HOST and DOCKER_CERT_PATH * chore(mod): update dependencies * refactor(rpc): remove old client * feat(server): support old API for backward compatibility * fix(server): check a schema version of JSON cache * fix(rpc): add a version to packages * feat(rpc): add PutImage * test: rename expectations * refactor(cache): rename LayerCache to ImageCache * refactor: rename ImageInfo to ImageReference * fix(applier): pass image_id to ApplyLayer * feat(cache): handle image cache * chore(mod): update dependencies * refactor(server): pass only config * feat(cli): add -removed-pkgs option * refactor(err): wrap errors
130 lines
3.3 KiB
Go
130 lines
3.3 KiB
Go
package standalone
|
|
|
|
import (
|
|
"context"
|
|
"io/ioutil"
|
|
l "log"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/aquasecurity/fanal/cache"
|
|
"github.com/aquasecurity/trivy-db/pkg/db"
|
|
"github.com/aquasecurity/trivy/internal/operation"
|
|
"github.com/aquasecurity/trivy/internal/standalone/config"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
"github.com/aquasecurity/trivy/pkg/report"
|
|
"github.com/aquasecurity/trivy/pkg/scanner"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
"github.com/aquasecurity/trivy/pkg/utils"
|
|
"github.com/urfave/cli"
|
|
"golang.org/x/xerrors"
|
|
)
|
|
|
|
func Run(cliCtx *cli.Context) error {
|
|
c, err := config.New(cliCtx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return run(c)
|
|
}
|
|
|
|
func run(c config.Config) (err error) {
|
|
if err = log.InitLogger(c.Debug, c.Quiet); err != nil {
|
|
l.Fatal(err)
|
|
}
|
|
|
|
// initialize config
|
|
if err = c.Init(); err != nil {
|
|
return xerrors.Errorf("failed to initialize options: %w", err)
|
|
}
|
|
|
|
// configure cache dir
|
|
utils.SetCacheDir(c.CacheDir)
|
|
cacheClient, err := cache.NewFSCache(c.CacheDir)
|
|
if err != nil {
|
|
return xerrors.Errorf("unable to initialize the cache: %w", err)
|
|
}
|
|
|
|
cacheOperation := operation.NewCache(cacheClient)
|
|
log.Logger.Debugf("cache dir: %s", utils.CacheDir())
|
|
|
|
if c.Reset {
|
|
return cacheOperation.Reset()
|
|
}
|
|
if c.ClearCache {
|
|
return cacheOperation.ClearImages()
|
|
}
|
|
|
|
if err = db.Init(c.CacheDir); err != nil {
|
|
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
|
|
}
|
|
|
|
// download the database file
|
|
noProgress := c.Quiet || c.NoProgress
|
|
if err = operation.DownloadDB(c.AppVersion, c.CacheDir, noProgress, c.Light, c.SkipUpdate); err != nil {
|
|
return err
|
|
}
|
|
|
|
if c.DownloadDBOnly {
|
|
return nil
|
|
}
|
|
|
|
var scanner scanner.Scanner
|
|
ctx := context.Background()
|
|
|
|
if c.Input != "" {
|
|
// scan tar file
|
|
scanner, err = initializeArchiveScanner(ctx, c.Input, cacheClient, cacheClient, c.Timeout)
|
|
if err != nil {
|
|
return xerrors.Errorf("unable to initialize the archive scanner: %w", err)
|
|
}
|
|
} else {
|
|
// scan an image in Docker Engine or Docker Registry
|
|
scanner, err = initializeDockerScanner(ctx, c.ImageName, cacheClient, cacheClient, c.Timeout)
|
|
if err != nil {
|
|
return xerrors.Errorf("unable to initialize the docker scanner: %w", err)
|
|
}
|
|
}
|
|
|
|
scanOptions := types.ScanOptions{
|
|
VulnType: c.VulnType,
|
|
ScanRemovedPackages: c.ScanRemovedPkgs,
|
|
}
|
|
log.Logger.Debugf("Vulnerability type: %s", scanOptions.VulnType)
|
|
|
|
results, err := scanner.ScanImage(scanOptions)
|
|
if err != nil {
|
|
return xerrors.Errorf("error in image scan: %w", err)
|
|
}
|
|
|
|
vulnClient := initializeVulnerabilityClient()
|
|
for i := range results {
|
|
vulnClient.FillInfo(results[i].Vulnerabilities, c.Light)
|
|
results[i].Vulnerabilities = vulnClient.Filter(results[i].Vulnerabilities,
|
|
c.Severities, c.IgnoreUnfixed, c.IgnoreFile)
|
|
}
|
|
|
|
template := c.Template
|
|
|
|
if strings.HasPrefix(c.Template, "@") {
|
|
buf, err := ioutil.ReadFile(strings.TrimPrefix(c.Template, "@"))
|
|
if err != nil {
|
|
return xerrors.Errorf("Error retrieving template from path: %w", err)
|
|
}
|
|
template = string(buf)
|
|
}
|
|
|
|
if err = report.WriteResults(c.Format, c.Output, results, template, c.Light); err != nil {
|
|
return xerrors.Errorf("unable to write results: %w", err)
|
|
}
|
|
|
|
if c.ExitCode != 0 {
|
|
for _, result := range results {
|
|
if len(result.Vulnerabilities) > 0 {
|
|
os.Exit(c.ExitCode)
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|