* wip: Add a failing test to demo severity override
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan.go: Return osFound for use in determining vendor.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* pkg: Fix ScanImage return in case an OSFound
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Include a package-lock.json for happy path
Signed-off-by: Simarpreet Singh <simar@linux.com>
* wip: Add a test to include various reportResult types
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Makefile: Add a target to generate mocks.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Pass reportType as argument for FillInfo.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add other types of vulnerabilities.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Update golden files.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* ospkg: Fix FillInfo for ospkg/server
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Add os.Family type to Response.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability_test.go: Add case where no vendor severity exists.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Fallback to NVD if it exists.
Also add tests for other cases.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Fix a few sites with reportType info and tests.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Remove VendorSeverity from displayed results
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add vulnerability source information.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add VendorSeverity logic for lightDB as well.
This commit also makes FillInfo logic common to both light and full DBs.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* remove some crufty TODOs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability_test: Add a case for light db for documentation purposes
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: update trivy-db to point to master
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Remove cruft and bring back test cases
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan_test: Add pkg Type to mock return
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: reorder err check after err
Signed-off-by: Simarpreet Singh <simar@linux.com>
* client_test: Fix import ordering
Signed-off-by: Simarpreet Singh <simar@linux.com>
* convert.go: Use result.Type
Signed-off-by: Simarpreet Singh <simar@linux.com>
* convert: Use result.Type and simplify ConvertFromRpcResults signature
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Refactor calls to getVendorSeverity
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Remove centos-7-critical.json.golden
There's no critical vulnerability in CentOS 7 anymore.
In addition this test was not adding any value that is already
not covered by existing tests cases.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* rpc: Include severity source in tests.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* integration: Update test db to include VendorSeverity.
Test DB is now a snapshot of full database from trivy-db.
Also update golden files to include SeveritySource.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Make centos7 use RHEL vendor severities
Signed-off-by: Simarpreet Singh <simar@linux.com>
* refactor: wrap errors
* feat(db): add the metadata file
* test(db): re-generate mocks
* fix(app): read metadata from the file in showVersion
* fix: open the database after downloading it
* fix(operation): use UpdateMetadata
* chore(mod): update dependency
* test(integration): fix tests
* fix(conf): rename TRIVY_NONSSL to TRIVY_NON_SSL
* app: Expose Trivy and VulnDB version through --version
Signed-off-by: Simarpreet Singh <simar@linux.com>
* pkg: Use time.Time as value not reference.
Based on: 64db180151
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Use various formatted outputs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Take value of --cache-dir for cacheDir
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Refactor and test showVersion
Signed-off-by: Simarpreet Singh <simar@linux.com>
* library: lighten names by remove version suffix
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Show types and add parity of table and JSON
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Switch to show using UTC time
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: Update to latest trivy-db master.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Use c.App.Writer for os.Stdout
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Replace table output with docker version style output
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Fix output to show as "Version" for Trivy version.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* app: Move VersionInfo struct out to app.go
Signed-off-by: Simarpreet Singh <simar@linux.com>
* refactor(docker_conf): rename and remove unnecessary options
* feat(rpc): define new API
* fix(cli): change default timeout
* fix(import): fix package names
* refactor(vulnerability): remove old mock
* refactor(utils): remove un-needed functions
* feat(cache): implement cache communicating with a server
* refactor(scan): separate scan function as local scanner
* test(scanner): add tests for ScanImage
* refactor(scan): remove unused options
* test(vulnerability): generate mock
* refactor(server): split a file
* feat(server): implement new RPC server
* feat(client): implement new RPC client
* fix(cache): use new cache interface
* fix(standalone): use new scanner
* fix(client): use new scanner
* fix(server): pass cache
* test(integration): make sure an error is not nil before calling the method
* fix(mod): update dependencies
* test(integration): ensure the image load finishes
* feat(docker): support DOCKER_HOST and DOCKER_CERT_PATH
* chore(mod): update dependencies
* refactor(rpc): remove old client
* feat(server): support old API for backward compatibility
* fix(server): check a schema version of JSON cache
* fix(rpc): add a version to packages
* feat(rpc): add PutImage
* test: rename expectations
* refactor(cache): rename LayerCache to ImageCache
* refactor: rename ImageInfo to ImageReference
* fix(applier): pass image_id to ApplyLayer
* feat(cache): handle image cache
* chore(mod): update dependencies
* refactor(server): pass only config
* feat(cli): add -removed-pkgs option
* refactor(err): wrap errors
* feat(client): retry HTTP request when getting an unavailable error
* fix(integration-test): use a snapshot database for Docker mode (#352)
* fix(integration): add a binary name
The first argument is used for the program name. --skip-update was
ignored.
* fix(integration): use a snapshot database
After a new vulnerability is found, this test fails
* chore(integration): add t.Run
* refactor(client): functionalize common processes
* refactor(client): remove unused const
* chore(mod): update dependencies
* fix(scanner): make scanner take a cache client as the argument
* refactor: sort imports
* refactor(cache): create a struct to clear cache
* fix(cache): use a struct to clear cache
* fix(wire): update constructor to take cache struct
* fix(cache): use the constructor generated by wire
* docs(cli): update the option description
* fix(cache): use the cache struct
* fix(cache): split Reset into ClearDB and ClearImages
* fix(github): return db size
* fix(github_mock): add size
* feat(indicator): add progress bar
* refactor(config): remove global Quiet
* fix(db): take progress bar as an argument
* fix(progress): inject progress bar
Instead of using tomoyamachi's fork we can now use the vanilla upstream
package genuinetools/reg. This package gets better maintenance and is
the same as aquasecurity/fanal uses.
Signed-off-by: Jakub Bielecki <jakub.bielecki@codilime.com>
* Support Amazon Linux
* amazon: Add tests for Scanner Detect functionality
* amazon: Add more test cases for unhappy paths.
This commit also asserts the logged output via observer.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Add a test case for invalid fixed pkg version
Signed-off-by: Simarpreet Singh <simar@linux.com>
* mod: go mod tidy
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Inject dependency seams for exposed db interface and logger.
This commit also exposes an interface for doing db operations.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Use injected logger for scanner.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon_test: Add a sample testdata dir
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Add tests for for Get() for amazon vulns.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnsrc_test: Fix invocation call to SetVersion()
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon_test: Add a test for severirtyFromPriority
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon_test: Add tests for constructVersion()
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Refactor walkFunc outside for testability purposes
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Refactor walkFn and add tests for it.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* amazon: Refactor commitFunc closure and add tests
This commit also introduces an interface for the
vulnerability package to be used as a seam.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Revert "amazon: Use injected logger for scanner."
This reverts commit 5a81e4d824a95f4de4aae2e2b903eedd0f7e241f.
* test(amazon): fix failed tests
* fix(vulnerability): trim references
* test(amazon): add integration test
* divide into NewApp function
* sort scan results for idempotency
* chore(integration): add integration tests
* tar_input_test: strengthen assertions
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer_test: Add a happy path for TestReportWriter
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer_test: switch to table test cases
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer_test: Add more scenarios for TestReportWriter_Table
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer: Change back to []Results and add happy path for JSON writer
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer_test: Switch to a table driven format
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer_test: cleanup
Signed-off-by: Simarpreet Singh <simar@linux.com>
* scan: Go back to report.Result by value
Signed-off-by: Simarpreet Singh <simar@linux.com>
* Revert "scan: Go back to report.Result by value"
This reverts commit 03b6f7abd7d0d22d87c825d0ef3759cca200b9fc.
* switch back to by value for results
Signed-off-by: Simarpreet Singh <simar@linux.com>
* writer_test: document a behavior with template inputs
Signed-off-by: Simarpreet Singh <simar@linux.com>
* vulnerability: Add a failing test to show unexpected sorting behavior.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* report: Simplify []*Result to []Result.
Signed-off-by: Simarpreet Singh <simar@linux.com>
* test(template): add happy path
* test(vulnerability): fix expected values
* tar_input_test: Move gunzipDB
Signed-off-by: Simarpreet Singh <simar@linux.com>
