Skip to content

Commit

Permalink
feat: support OCI Image Format (#475)
Browse files Browse the repository at this point in the history
* chore(wire): specify package names

* fix(extractor): remove types.GetDockerOption

* chore(README): mention OCI support

* chore(mod): update dependencies

* test(integration): fix an error message

* test(integration): revert the error message

* chore(mod): tidy

Co-authored-by: Simarpreet Singh <simar@linux.com>
  • Loading branch information
knqyf263 and simar7 authored May 3, 2020
1 parent 35b038e commit 415b99d
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ $(GOBIN)/wire:

.PHONY: wire
wire: $(GOBIN)/wire
wire gen ./...
wire gen ./pkg/... ./internal/...

.PHONY: mock
mock: $(GOBIN)/mockery
Expand Down
23 changes: 23 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
- [Standalone](#standalone)
- [Scan an image](#scan-an-image)
- [Scan an image file](#scan-an-image-file)
- [Scan an OCI image](#scan-an-oci-image)
- [Save the results as JSON](#save-the-results-as-json)
- [Save the results using a template](#save-the-results-using-a-template)
- [Filter the vulnerabilities by severities](#filter-the-vulnerabilities-by-severities)
Expand Down Expand Up @@ -95,6 +96,11 @@ See [here](#continuous-integration-ci) for details.
- DevSecOps
- **Suitable for CI** such as Travis CI, CircleCI, Jenkins, etc.
- See [CI Example](#continuous-integration-ci)
- Support multiple formats
- A local image in Docker Engine which is running as a daemon
- A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
- A tar archive stored in the `docker save` formatted file
- An image directory compliant with [OCI Image Format](https://github.com/opencontainers/image-spec)

Please see [LICENSE](https://github.com/aquasecurity/trivy/blob/master/LICENSE) for Trivy licensing information. Note that Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.

Expand Down Expand Up @@ -530,6 +536,23 @@ Total: 7447 (UNKNOWN: 5, LOW: 326, MEDIUM: 5695, HIGH: 1316, CRITICAL: 105)
...
```

### Scan an OCI image
An image directory compliant with "Open Container Image Layout Specification".

Buildah:

```
$ buildah push docker.io/library/alpine:3.11 oci:/path/to/alpine
$ trivy --input /path/to/alpine
```

Skopeo:

```
$ skopeo copy docker-daemon:alpine:3.11 oci:/path/to/alpine
$ trivy --input /path/to/alpine
```

</details>

### Save the results as JSON
Expand Down
1 change: 0 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -425,7 +425,6 @@ github.com/vdemeester/k8s-pkg-credentialprovider v1.17.4/go.mod h1:inCTmtUdr5KJb
github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.4 h1:hi1bXHMVrlQh6WwxAy+qZCV/SYIlqo+Ushwdpa4tAKg=
go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
Expand Down
2 changes: 1 addition & 1 deletion integration/docker_engine_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ func TestRun_WithDockerEngine(t *testing.T) {
name: "sad path, invalid image",
invalidImage: true,
testfile: "badimage:latest",
expectedError: "unable to inspect the image (index.docker.io/library/badimage:latest): Error: No such image: index.docker.io/library/badimage:latest",
expectedError: "unable to inspect the image (index.docker.io/library/badimage:latest)",
},
}

Expand Down
2 changes: 0 additions & 2 deletions pkg/scanner/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ var StandaloneDockerSet = wire.NewSet(
)

var StandaloneArchiveSet = wire.NewSet(
types.GetDockerOption,
docker.NewArchiveImageExtractor,
wire.Bind(new(extractor.Extractor), new(docker.Extractor)),
StandaloneSuperSet,
Expand All @@ -57,7 +56,6 @@ var RemoteDockerSet = wire.NewSet(
)

var RemoteArchiveSet = wire.NewSet(
types.GetDockerOption,
docker.NewArchiveImageExtractor,
wire.Bind(new(extractor.Extractor), new(docker.Extractor)),
RemoteSuperSet,
Expand Down

0 comments on commit 415b99d

Please sign in to comment.