Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(PackageURL):add package URL for library scan result (#1862)

Browse Source 
* add: package url in model.Library

* feat(trivy-to-vuls): add purl for library scan result

* feat(scanner/library): add purl for lockfile scan result

* fix: model.Library test

* fix: trivy-to-vuls test data

* fix: panic case to generate purl

* fix: add blank line

* fix: trivy-to-vuls for using Trivy version 0.49.0 or earlier

* fix: remove comment

* fix: remove print

* fix: testcase for Package.Identifier does not exist version

* fix: add blank line

* fix: expected libs

* fix: PackageURL -> PURL

* fix: blank line
This commit is contained in:
tk007
2024-03-06 23:21:15 -08:00
committed by GitHub
parent bf14b5f61f
commit be7b9114cc
5 changed files with 67 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
scanner/library.go
View File

@@ -1,18 +1,23 @@
package scanner
import (
"github.com/aquasecurity/trivy/pkg/fanal/types"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/purl"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/future-architect/vuls/logging"
"github.com/future-architect/vuls/models"
)
func convertLibWithScanner(apps []types.Application) ([]models.LibraryScanner, error) {
scanners := []models.LibraryScanner{}
func convertLibWithScanner(apps []ftypes.Application) ([]models.LibraryScanner, error) {
scanners := make([]models.LibraryScanner, 0, len(apps))
for _, app := range apps {
libs := []models.Library{}
libs := make([]models.Library, 0, len(app.Libraries))
for _, lib := range app.Libraries {
libs = append(libs, models.Library{
Name: lib.Name,
Version: lib.Version,
PURL: newPURL(app.Type, types.Metadata{}, lib),
FilePath: lib.FilePath,
Digest: string(lib.Digest),
})
@@ -25,3 +30,15 @@ func convertLibWithScanner(apps []types.Application) ([]models.LibraryScanner, e
}
return scanners, nil
}
func newPURL(pkgType ftypes.TargetType, metadata types.Metadata, pkg ftypes.Package) string {
p, err := purl.New(pkgType, metadata, pkg)
if err != nil {
logging.Log.Errorf("Failed to create PackageURL: %+v", err)
return ""
}
if p == nil {
return ""
}
return p.Unwrap().ToString()
}