-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtrivy.go
68 lines (58 loc) · 1.2 KB
/
trivy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
// Copyright 2021-2024 Zenauth Ltd.
// SPDX-License-Identifier: Apache-2.0
package reimage
import (
"context"
"encoding/json"
"os/exec"
"github.com/google/go-containerregistry/pkg/name"
)
type trivyReport struct {
Results []struct {
Vulnerabilities []struct {
CVSS map[string]struct {
V3Score float32
V2Score float32
}
VulnerabilityID string
}
}
}
type TrivyVulnGetter struct {
Command []string
}
func (vc *TrivyVulnGetter) GetVulnerabilities(ctx context.Context, dig name.Digest) ([]ImageVulnerability, error) {
args := vc.Command[1:]
args = append(args, dig.String())
//nolint:gosec
cmd := exec.CommandContext(ctx, vc.Command[0], args...)
bs, err := cmd.Output()
if err != nil {
return nil, err
}
tr := trivyReport{}
err = json.Unmarshal(bs, &tr)
if err != nil {
return nil, err
}
var res []ImageVulnerability
for _, r := range tr.Results {
for _, v := range r.Vulnerabilities {
score := float32(0.0)
for _, cv := range v.CVSS {
s := cv.V2Score
if cv.V3Score != 0.0 {
s = cv.V3Score
}
if s > score {
score = s
}
}
res = append(res, ImageVulnerability{
ID: v.VulnerabilityID,
CVSS: score,
})
}
}
return res, nil
}