github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/commands/artifact/scanner.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/commands/artifact/scanner.go (about)

     1  package artifact
     2  
     3  import (
     4  	"context"
     5  
     6  	"golang.org/x/xerrors"
     7  
     8  	"github.com/devseccon/trivy/pkg/fanal/walker"
     9  	"github.com/devseccon/trivy/pkg/scanner"
    10  )
    11  
    12  // imageStandaloneScanner initializes a container image scanner in standalone mode
    13  // $ trivy image alpine:3.15
    14  func imageStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    15  	s, cleanup, err := initializeImageScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
    16  		conf.ArtifactOption.ImageOption, conf.ArtifactOption)
    17  	if err != nil {
    18  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize an image scanner: %w", err)
    19  	}
    20  	return s, cleanup, nil
    21  }
    22  
    23  // archiveStandaloneScanner initializes an image archive scanner in standalone mode
    24  // $ trivy image --input alpine.tar
    25  func archiveStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    26  	s, err := initializeArchiveScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
    27  	if err != nil {
    28  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize the archive scanner: %w", err)
    29  	}
    30  	return s, func() {}, nil
    31  }
    32  
    33  // imageRemoteScanner initializes a container image scanner in client/server mode
    34  // $ trivy image --server localhost:4954 alpine:3.15
    35  func imageRemoteScanner(ctx context.Context, conf ScannerConfig) (
    36  	scanner.Scanner, func(), error) {
    37  	s, cleanup, err := initializeRemoteImageScanner(ctx, conf.Target, conf.ArtifactCache, conf.ServerOption,
    38  		conf.ArtifactOption.ImageOption, conf.ArtifactOption)
    39  	if err != nil {
    40  		return scanner.Scanner{}, nil, xerrors.Errorf("unable to initialize a remote image scanner: %w", err)
    41  	}
    42  	return s, cleanup, nil
    43  }
    44  
    45  // archiveRemoteScanner initializes an image archive scanner in client/server mode
    46  // $ trivy image --server localhost:4954 --input alpine.tar
    47  func archiveRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    48  	// Scan tar file
    49  	s, err := initializeRemoteArchiveScanner(ctx, conf.Target, conf.ArtifactCache, conf.ServerOption, conf.ArtifactOption)
    50  	if err != nil {
    51  		return scanner.Scanner{}, nil, xerrors.Errorf("unable to initialize the remote archive scanner: %w", err)
    52  	}
    53  	return s, func() {}, nil
    54  }
    55  
    56  // filesystemStandaloneScanner initializes a filesystem scanner in standalone mode
    57  func filesystemStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    58  	s, cleanup, err := initializeFilesystemScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
    59  	if err != nil {
    60  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a filesystem scanner: %w", err)
    61  	}
    62  	return s, cleanup, nil
    63  }
    64  
    65  // filesystemRemoteScanner initializes a filesystem scanner in client/server mode
    66  func filesystemRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    67  	s, cleanup, err := initializeRemoteFilesystemScanner(ctx, conf.Target, conf.ArtifactCache, conf.ServerOption, conf.ArtifactOption)
    68  	if err != nil {
    69  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a remote filesystem scanner: %w", err)
    70  	}
    71  	return s, cleanup, nil
    72  }
    73  
    74  // repositoryStandaloneScanner initializes a repository scanner in standalone mode
    75  func repositoryStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    76  	s, cleanup, err := initializeRepositoryScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
    77  	if err != nil {
    78  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a repository scanner: %w", err)
    79  	}
    80  	return s, cleanup, nil
    81  }
    82  
    83  // repositoryRemoteScanner initializes a repository scanner in client/server mode
    84  func repositoryRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    85  	s, cleanup, err := initializeRemoteRepositoryScanner(ctx, conf.Target, conf.ArtifactCache, conf.ServerOption,
    86  		conf.ArtifactOption)
    87  	if err != nil {
    88  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a remote repository scanner: %w", err)
    89  	}
    90  	return s, cleanup, nil
    91  }
    92  
    93  // sbomStandaloneScanner initializes a SBOM scanner in standalone mode
    94  func sbomStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
    95  	s, cleanup, err := initializeSBOMScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
    96  	if err != nil {
    97  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a cycloneDX scanner: %w", err)
    98  	}
    99  	return s, cleanup, nil
   100  }
   101  
   102  // sbomRemoteScanner initializes a SBOM scanner in client/server mode
   103  func sbomRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
   104  	s, cleanup, err := initializeRemoteSBOMScanner(ctx, conf.Target, conf.ArtifactCache, conf.ServerOption, conf.ArtifactOption)
   105  	if err != nil {
   106  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a remote cycloneDX scanner: %w", err)
   107  	}
   108  	return s, cleanup, nil
   109  }
   110  
   111  // vmStandaloneScanner initializes a VM scanner in standalone mode
   112  func vmStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
   113  	// TODO: The walker should be initialized in initializeVMScanner after https://github.com/devseccon/trivy/pull/5180
   114  	w := walker.NewVM(conf.ArtifactOption.SkipFiles, conf.ArtifactOption.SkipDirs)
   115  	s, cleanup, err := initializeVMScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
   116  		w, conf.ArtifactOption)
   117  	if err != nil {
   118  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a vm scanner: %w", err)
   119  	}
   120  	return s, cleanup, nil
   121  }
   122  
   123  // vmRemoteScanner initializes a VM scanner in client/server mode
   124  func vmRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
   125  	// TODO: The walker should be initialized in initializeVMScanner after https://github.com/devseccon/trivy/pull/5180
   126  	w := walker.NewVM(conf.ArtifactOption.SkipFiles, conf.ArtifactOption.SkipDirs)
   127  	s, cleanup, err := initializeRemoteVMScanner(ctx, conf.Target, conf.ArtifactCache, w, conf.ServerOption, conf.ArtifactOption)
   128  	if err != nil {
   129  		return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a remote vm scanner: %w", err)
   130  	}
   131  	return s, cleanup, nil
   132  }