add Library Scan (with image scan) (#829)

* add static container image scan

* server has many staticContainers

* use go module

* for staticContainer

* fix typo

* fix setErrs error

* change name : StaticContainer -> Image

* add scan -images-only flag

* fix makefile

* fix makefile for go module

* use rpmcmd instead of rpm

* add scrutinizer.yml

* change scrutinizer.yml

* fix scrutinizer.yml

* fix scrutinizer.yml

* fix scrutinizer.yml

* fix scrutinizer.yml

* delete scrutinizer

* add report test

* add sourcePackages and Arch

* fix for sider

* fix staticContainer -> image

* init scan library

* add library scan for servers

* fix tui bug

* fix lint error

* divide WpPackageFixStats and LibraryPackageFixedIns

* fix error

* Delete libManager_test.go

* stop use alpine os if err occurred in container

* merge upstream/master

* Delete libManager.go

* update goval-dictionary

* fix go.mod

* update Readme

* add feature : auto detect lockfiles

models/library_test.go

@@ -0,0 +1,52 @@
+package models
+
+import (
+	"testing"
+
+	godeptypes "github.com/knqyf263/go-dep-parser/pkg/types"
+	"github.com/knqyf263/trivy/pkg/db"
+	"github.com/knqyf263/trivy/pkg/log"
+)
+
+func TestScan(t *testing.T) {
+	var tests = []struct {
+		path string
+		pkgs []godeptypes.Library
+	}{
+		{
+			path: "app/package-lock.json",
+			pkgs: []godeptypes.Library{
+				{
+					Name:    "jquery",
+					Version: "2.2.4",
+				},
+				{
+					Name:    "@babel/traverse",
+					Version: "7.4.4",
+				},
+			},
+		},
+	}
+
+	if err := log.InitLogger(false); err != nil {
+		t.Errorf("trivy logger failed")
+	}
+
+	if err := db.Init(); err != nil {
+		t.Errorf("trivy db.Init failed")
+	}
+	for _, v := range tests {
+		lib := LibraryScanner{
+			Path: v.path,
+			Libs: v.pkgs,
+		}
+		actual, err := lib.Scan()
+		if err != nil {
+			t.Errorf("error occurred")
+		}
+		if len(actual) == 0 {
+			t.Errorf("no vuln found : actual: %v\n", actual)
+		}
+	}
+	db.Close()
+}