diff --git a/go.mod b/go.mod index bac4af7b..9c8709de 100644 --- a/go.mod +++ b/go.mod @@ -14,11 +14,11 @@ require ( github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect github.com/BurntSushi/toml v0.3.1 github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91 - github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6 + github.com/aquasecurity/fanal v0.0.0-20200124194549-91468b8e0460 github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b github.com/aquasecurity/trivy v0.1.6 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a - github.com/aws/aws-sdk-go v1.24.0 + github.com/aws/aws-sdk-go v1.25.31 github.com/boltdb/bolt v1.3.1 github.com/cenkalti/backoff v2.2.1+incompatible github.com/dnaeon/go-vcr v1.0.1 // indirect diff --git a/go.sum b/go.sum index 712f7bd6..101ee1a7 100644 --- a/go.sum +++ b/go.sum @@ -46,6 +46,8 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYU github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6 h1:pkl+kEW4KeLDPLfDtzjXa+zHOcS4YWSQuSTZ2kWO2GE= github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6/go.mod h1:enEz4FFetw4XAbkffaYgyCVq1556R9Ry+noqT4rq9BE= +github.com/aquasecurity/fanal v0.0.0-20200124194549-91468b8e0460 h1:8Dsyp9pt2I7MTSTbUlf/lLBK7IsIrcPTfXrl7Bx3NrA= +github.com/aquasecurity/fanal v0.0.0-20200124194549-91468b8e0460/go.mod h1:S2D937GMywJzh6KiLQEyt/0yqmfAngUFvuQ9UmkIZSw= github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b h1:55Ulc/gvfWm4ylhVaR7MxOwujRjA6et7KhmUbSgUFf4= github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b/go.mod h1:BpNTD9vHfrejKsED9rx04ldM1WIbeyXGYxUrqTVwxVQ= github.com/aquasecurity/trivy v0.1.6 h1:bATT+9swX+tKw1QibOHQbofMUflRRpPF9wmiMTcZQgI= @@ -54,8 +56,8 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.24.0 h1:TtQCY3HaFXeo1yg2JAdfSbpN/Nsd9V5SCfDksEf2nSE= -github.com/aws/aws-sdk-go v1.24.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.25.31 h1:14mdh3HsTgRekePPkYcCbAaEXJknc3mN7f4XfsiMMDA= +github.com/aws/aws-sdk-go v1.25.31/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -466,6 +468,8 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190909003024-a7b16738d86b h1:XfVGCX+0T4WOStkaOsJRllbsiImhB2jgVBGc9L0lPGc= golang.org/x/net v0.0.0-20190909003024-a7b16738d86b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191108221443-4ba9e2ef068c h1:SRpq/kuj/xNci/RdvEs+RSvpfxqvLAzTKuKGlzoGdZQ= +golang.org/x/net v0.0.0-20191108221443-4ba9e2ef068c/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= @@ -495,6 +499,8 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190909082730-f460065e899a h1:mIzbOulag9/gXacgxKlFVwpCOWSfBT3/pDyyCwGA9as= golang.org/x/sys v0.0.0-20190909082730-f460065e899a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191105231009-c1f44814a5cd h1:3x5uuvBgE6oaXJjCOvpCC1IpgJogqQ+PqGGU3ZxAgII= +golang.org/x/sys v0.0.0-20191105231009-c1f44814a5cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= diff --git a/scan/container.go b/scan/container.go index 5c7d667d..3539e4ff 100644 --- a/scan/container.go +++ b/scan/container.go @@ -7,6 +7,9 @@ import ( "time" "github.com/aquasecurity/fanal/analyzer" + "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/extractor/docker" + "github.com/aquasecurity/fanal/utils" "golang.org/x/xerrors" fanalos "github.com/aquasecurity/fanal/analyzer/os" @@ -28,8 +31,8 @@ import ( _ "github.com/aquasecurity/fanal/analyzer/os/alpine" _ "github.com/aquasecurity/fanal/analyzer/os/amazonlinux" _ "github.com/aquasecurity/fanal/analyzer/os/debianbase" - _ "github.com/aquasecurity/fanal/analyzer/os/opensuse" _ "github.com/aquasecurity/fanal/analyzer/os/redhatbase" + _ "github.com/aquasecurity/fanal/analyzer/os/suse" // Register package analyzers _ "github.com/aquasecurity/fanal/analyzer/pkg/apk" @@ -105,12 +108,18 @@ func scanImage(c config.ServerInfo) (os *analyzer.OS, pkgs []analyzer.Package, l domain := c.Image.Name + ":" + c.Image.Tag util.Log.Info("Start fetch container... ", domain) + fanalCache := cache.Initialize(utils.CacheDir()) // Configure dockerOption dockerOption := c.Image.DockerOption if dockerOption.Timeout == 0 { dockerOption.Timeout = 60 * time.Second } - files, err := analyzer.Analyze(ctx, domain, dockerOption) + ext, err := docker.NewDockerExtractor(dockerOption, fanalCache) + if err != nil { + return nil, nil, nil, xerrors.Errorf("Failed initialize docker extractor%w", err) + } + ac := analyzer.Config{Extractor: ext} + files, err := ac.Analyze(ctx, domain, dockerOption) if err != nil { return nil, nil, nil, xerrors.Errorf("Failed scan files %q, %w", domain, err)