github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/flag/image_flags.go (about) 1 package flag 2 3 import ( 4 v1 "github.com/google/go-containerregistry/pkg/v1" 5 "golang.org/x/xerrors" 6 7 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 8 "github.com/devseccon/trivy/pkg/types" 9 xstrings "github.com/devseccon/trivy/pkg/x/strings" 10 ) 11 12 // e.g. config yaml 13 // image: 14 // removed-pkgs: true 15 // input: "/path/to/alpine" 16 17 var ( 18 ImageConfigScannersFlag = Flag{ 19 Name: "image-config-scanners", 20 ConfigName: "image.image-config-scanners", 21 Default: []string{}, 22 Values: xstrings.ToStringSlice(types.Scanners{ 23 types.MisconfigScanner, 24 types.SecretScanner, 25 }), 26 Usage: "comma-separated list of what security issues to detect on container image configurations", 27 } 28 ScanRemovedPkgsFlag = Flag{ 29 Name: "removed-pkgs", 30 ConfigName: "image.removed-pkgs", 31 Default: false, 32 Usage: "detect vulnerabilities of removed packages (only for Alpine)", 33 } 34 InputFlag = Flag{ 35 Name: "input", 36 ConfigName: "image.input", 37 Default: "", 38 Usage: "input file path instead of image name", 39 } 40 PlatformFlag = Flag{ 41 Name: "platform", 42 ConfigName: "image.platform", 43 Default: "", 44 Usage: "set platform in the form os/arch if image is multi-platform capable", 45 } 46 DockerHostFlag = Flag{ 47 Name: "docker-host", 48 ConfigName: "image.docker.host", 49 Default: "", 50 Usage: "unix domain socket path to use for docker scanning", 51 } 52 SourceFlag = Flag{ 53 Name: "image-src", 54 ConfigName: "image.source", 55 Default: xstrings.ToStringSlice(ftypes.AllImageSources), 56 Values: xstrings.ToStringSlice(ftypes.AllImageSources), 57 Usage: "image source(s) to use, in priority order", 58 } 59 ) 60 61 type ImageFlagGroup struct { 62 Input *Flag // local image archive 63 ImageConfigScanners *Flag 64 ScanRemovedPkgs *Flag 65 Platform *Flag 66 DockerHost *Flag 67 ImageSources *Flag 68 } 69 70 type ImageOptions struct { 71 Input string 72 ImageConfigScanners types.Scanners 73 ScanRemovedPkgs bool 74 Platform ftypes.Platform 75 DockerHost string 76 ImageSources ftypes.ImageSources 77 } 78 79 func NewImageFlagGroup() *ImageFlagGroup { 80 return &ImageFlagGroup{ 81 Input: &InputFlag, 82 ImageConfigScanners: &ImageConfigScannersFlag, 83 ScanRemovedPkgs: &ScanRemovedPkgsFlag, 84 Platform: &PlatformFlag, 85 DockerHost: &DockerHostFlag, 86 ImageSources: &SourceFlag, 87 } 88 } 89 90 func (f *ImageFlagGroup) Name() string { 91 return "Image" 92 } 93 94 func (f *ImageFlagGroup) Flags() []*Flag { 95 return []*Flag{ 96 f.Input, 97 f.ImageConfigScanners, 98 f.ScanRemovedPkgs, 99 f.Platform, 100 f.DockerHost, 101 f.ImageSources, 102 } 103 } 104 105 func (f *ImageFlagGroup) ToOptions() (ImageOptions, error) { 106 var platform ftypes.Platform 107 if p := getString(f.Platform); p != "" { 108 pl, err := v1.ParsePlatform(p) 109 if err != nil { 110 return ImageOptions{}, xerrors.Errorf("unable to parse platform: %w", err) 111 } 112 if pl.OS == "*" { 113 pl.OS = "" // Empty OS means any OS 114 } 115 platform = ftypes.Platform{Platform: pl} 116 } 117 118 return ImageOptions{ 119 Input: getString(f.Input), 120 ImageConfigScanners: getUnderlyingStringSlice[types.Scanner](f.ImageConfigScanners), 121 ScanRemovedPkgs: getBool(f.ScanRemovedPkgs), 122 Platform: platform, 123 DockerHost: getString(f.DockerHost), 124 ImageSources: getUnderlyingStringSlice[ftypes.ImageSource](f.ImageSources), 125 }, nil 126 }