update trivy, and unsupport image scanning feature (#971)

* update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * fix(uuid): change uuid lib to go-uuid #929 (#969) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * unique ref links in TUI * download trivy DB only when lock file is specified in config.toml Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>
2020-05-08 15:24:39 +09:00
parent 9dd025437b
commit ebe5f858c8
22 changed files with 475 additions and 677 deletions
--- a/config/config.go
+++ b/config/config.go
@@ -10,7 +10,6 @@ import (
 	"strings"

 	syslog "github.com/RackSec/srslog"
-	"github.com/aquasecurity/fanal/types"
 	valid "github.com/asaskevich/govalidator"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/xerrors"
@@ -90,6 +89,7 @@ type Config struct {
 	ResultsDir string `json:"resultsDir,omitempty"`
 	Pipe       bool   `json:"pipe,omitempty"`
 	Quiet      bool   `json:"quiet,omitempty"`
+	NoProgress bool   `json:"noProgress,omitempty"`

 	Default       ServerInfo            `json:"default,omitempty"`
 	Servers       map[string]ServerInfo `json:"servers,omitempty"`
@@ -103,15 +103,16 @@ type Config struct {
 	SSHConfig bool `json:"sshConfig,omitempty"`

 	ContainersOnly bool `json:"containersOnly,omitempty"`
-	ImagesOnly     bool `json:"imagesOnly,omitempty"`
 	LibsOnly       bool `json:"libsOnly,omitempty"`
 	WordPressOnly  bool `json:"wordpressOnly,omitempty"`

-	SkipBroken  bool   `json:"skipBroken,omitempty"`
-	CacheDBPath string `json:"cacheDBPath,omitempty"`
-	Vvv         bool   `json:"vvv,omitempty"`
-	UUID        bool   `json:"uuid,omitempty"`
-	DetectIPS   bool   `json:"detectIps,omitempty"`
+	CacheDBPath     string `json:"cacheDBPath,omitempty"`
+	TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
+
+	SkipBroken bool `json:"skipBroken,omitempty"`
+	Vvv        bool `json:"vvv,omitempty"`
+	UUID       bool `json:"uuid,omitempty"`
+	DetectIPS  bool `json:"detectIps,omitempty"`

 	CveDict  GoCveDictConf `json:"cveDict,omitempty"`
 	OvalDict GovalDictConf `json:"ovalDict,omitempty"`
@@ -1047,7 +1048,6 @@ type ServerInfo struct {
 	IgnoreCves             []string                    `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"`
 	IgnorePkgsRegexp       []string                    `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"`
 	GitHubRepos            map[string]GitHubConf       `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo
-	Images                 map[string]Image            `toml:"images" json:"images,omitempty"`
 	UUIDs                  map[string]string           `toml:"uuids,omitempty" json:"uuids,omitempty"`
 	Memo                   string                      `toml:"memo,omitempty" json:"memo,omitempty"`
 	Enablerepo             []string                    `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon
@@ -1065,7 +1065,6 @@ type ServerInfo struct {

 	LogMsgAnsiColor string    `toml:"-" json:"-"` // DebugLog Color
 	Container       Container `toml:"-" json:"-"`
-	Image           Image     `toml:"-" json:"-"`
 	Distro          Distro    `toml:"-" json:"-"`
 	Mode            ScanMode  `toml:"-" json:"-"`
 }
@@ -1087,26 +1086,6 @@ type WordPressConf struct {
 	IgnoreInactive bool   `json:"ignoreInactive,omitempty"`
 }

-// Image is a scan container image info
-type Image struct {
-	Name             string             `json:"name"`
-	Tag              string             `json:"tag"`
-	Digest           string             `json:"digest"`
-	DockerOption     types.DockerOption `json:"dockerOption,omitempty"`
-	Cpes             []string           `json:"cpes,omitempty"`
-	OwaspDCXMLPath   string             `json:"owaspDCXMLPath"`
-	IgnorePkgsRegexp []string           `json:"ignorePkgsRegexp,omitempty"`
-	IgnoreCves       []string           `json:"ignoreCves,omitempty"`
-}
-
-// GetFullName returns a full name of the image
-func (i *Image) GetFullName() string {
-	if i.Digest != "" {
-		return i.Name + "@" + i.Digest
-	}
-	return i.Name + ":" + i.Tag
-}
-
 // GitHubConf is used for GitHub integration
 type GitHubConf struct {
 	Token string `json:"-"`