feat: add workspaceRelationship (#7889)

aquasecurity · Nov 29, 2024 · d622ca2 · d622ca2
1 parent 0627992
commit d622ca2
Show file tree

Hide file tree

Showing 27 changed files with 614 additions and 136 deletions.
diff --git a/docs/docs/references/configuration/cli/trivy_filesystem.md b/docs/docs/references/configuration/cli/trivy_filesystem.md
@@ -69,7 +69,7 @@ trivy filesystem [flags] PATH
       --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
       --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
       --password-stdin                    password from stdin. Comma-separated passwords are not supported.
-      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings         list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings                 list of package types (os,library) (default [os,library])
       --redis-ca string                   redis ca file location, if using redis as cache backend
       --redis-cert string                 redis certificate file location, if using redis as cache backend

diff --git a/docs/docs/references/configuration/cli/trivy_image.md b/docs/docs/references/configuration/cli/trivy_image.md
@@ -87,7 +87,7 @@ trivy image [flags] IMAGE_NAME
       --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
       --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
       --password-stdin                    password from stdin. Comma-separated passwords are not supported.
-      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings         list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings                 list of package types (os,library) (default [os,library])
       --platform string                   set platform in the form os/arch if image is multi-platform capable
       --podman-host string                unix podman socket path to use for podman scanning

diff --git a/docs/docs/references/configuration/cli/trivy_kubernetes.md b/docs/docs/references/configuration/cli/trivy_kubernetes.md
@@ -84,7 +84,7 @@ trivy kubernetes [flags] [CONTEXT]
       --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
       --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
       --password-stdin                    password from stdin. Comma-separated passwords are not supported.
-      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings         list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings                 list of package types (os,library) (default [os,library])
       --qps float                         specify the maximum QPS to the master from this client (default 5)
       --redis-ca string                   redis ca file location, if using redis as cache backend

diff --git a/docs/docs/references/configuration/cli/trivy_repository.md b/docs/docs/references/configuration/cli/trivy_repository.md
@@ -69,7 +69,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
       --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
       --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
       --password-stdin                    password from stdin. Comma-separated passwords are not supported.
-      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings         list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings                 list of package types (os,library) (default [os,library])
       --redis-ca string                   redis ca file location, if using redis as cache backend
       --redis-cert string                 redis certificate file location, if using redis as cache backend

diff --git a/docs/docs/references/configuration/cli/trivy_rootfs.md b/docs/docs/references/configuration/cli/trivy_rootfs.md
@@ -71,7 +71,7 @@ trivy rootfs [flags] ROOTDIR
       --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
       --password strings                  password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
       --password-stdin                    password from stdin. Comma-separated passwords are not supported.
-      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings         list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings                 list of package types (os,library) (default [os,library])
       --redis-ca string                   redis ca file location, if using redis as cache backend
       --redis-cert string                 redis certificate file location, if using redis as cache backend

diff --git a/docs/docs/references/configuration/cli/trivy_sbom.md b/docs/docs/references/configuration/cli/trivy_sbom.md
@@ -49,7 +49,7 @@ trivy sbom [flags] SBOM_PATH
       --output-plugin-arg string     [EXPERIMENTAL] output plugin arguments
       --password strings             password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
       --password-stdin               password from stdin. Comma-separated passwords are not supported.
-      --pkg-relationships strings    list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings    list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings            list of package types (os,library) (default [os,library])
       --redis-ca string              redis ca file location, if using redis as cache backend
       --redis-cert string            redis certificate file location, if using redis as cache backend

diff --git a/docs/docs/references/configuration/cli/trivy_vm.md b/docs/docs/references/configuration/cli/trivy_vm.md
@@ -61,7 +61,7 @@ trivy vm [flags] VM_IMAGE
   -o, --output string                     output file name
       --output-plugin-arg string          [EXPERIMENTAL] output plugin arguments
       --parallel int                      number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
-      --pkg-relationships strings         list of package relationships (unknown,root,direct,indirect) (default [unknown,root,direct,indirect])
+      --pkg-relationships strings         list of package relationships (unknown,root,workspace,direct,indirect) (default [unknown,root,workspace,direct,indirect])
       --pkg-types strings                 list of package types (os,library) (default [os,library])
       --redis-ca string                   redis ca file location, if using redis as cache backend
       --redis-cert string                 redis certificate file location, if using redis as cache backend

diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md
@@ -447,6 +447,7 @@ pkg:
   relationships:
    - unknown
    - root
+   - workspace
    - direct
    - indirect
 

diff --git a/integration/testdata/composer.lock.json.golden b/integration/testdata/composer.lock.json.golden
diff --git a/integration/testdata/conan.json.golden b/integration/testdata/conan.json.golden
@@ -26,7 +26,7 @@
           "Name": "poco",
           "Identifier": {
             "PURL": "pkg:conan/poco@1.9.4",
-            "UID": "312753cebe80c0eb"
+            "UID": "1c5e3b385e0d9c68"
           },
           "Version": "1.9.4",
           "Relationship": "direct",
@@ -50,7 +50,7 @@
           "Name": "bzip2",
           "Identifier": {
             "PURL": "pkg:conan/bzip2@1.0.8",
-            "UID": "6e2ff993df2d9107"
+            "UID": "fcee910413ab7575"
           },
           "Version": "1.0.8",
           "Indirect": true,
@@ -68,7 +68,7 @@
           "Name": "expat",
           "Identifier": {
             "PURL": "pkg:conan/expat@2.4.8",
-            "UID": "71c2d92d60f7f21c"
+            "UID": "1a3fe92a43620875"
           },
           "Version": "2.4.8",
           "Indirect": true,
@@ -86,7 +86,7 @@
           "Name": "openssl",
           "Identifier": {
             "PURL": "pkg:conan/openssl@1.1.1q",
-            "UID": "13c605db6afa69dd"
+            "UID": "d009c32d2d560ed1"
           },
           "Version": "1.1.1q",
           "Indirect": true,
@@ -104,7 +104,7 @@
           "Name": "pcre",
           "Identifier": {
             "PURL": "pkg:conan/pcre@8.43",
-            "UID": "4e01c692a67e12e4"
+            "UID": "452827dd216c920e"
           },
           "Version": "8.43",
           "Indirect": true,
@@ -126,7 +126,7 @@
           "Name": "sqlite3",
           "Identifier": {
             "PURL": "pkg:conan/sqlite3@3.39.2",
-            "UID": "43bc9c58092c7c9e"
+            "UID": "8e926335e2fce900"
           },
           "Version": "3.39.2",
           "Indirect": true,
@@ -144,7 +144,7 @@
           "Name": "zlib",
           "Identifier": {
             "PURL": "pkg:conan/zlib@1.2.12",
-            "UID": "d6faf8d6dfd1985"
+            "UID": "dfef9b967a82df9f"
           },
           "Version": "1.2.12",
           "Indirect": true,
@@ -165,7 +165,7 @@
           "PkgName": "pcre",
           "PkgIdentifier": {
             "PURL": "pkg:conan/pcre@8.43",
-            "UID": "4e01c692a67e12e4"
+            "UID": "452827dd216c920e"
           },
           "InstalledVersion": "8.43",
           "FixedVersion": "8.45",

diff --git a/integration/testdata/gomod-skip.json.golden b/integration/testdata/gomod-skip.json.golden
@@ -27,7 +27,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "9d949a7b01249e68"
+            "UID": "782e16d5a74c9fa6"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",
@@ -54,7 +54,7 @@
           "PkgName": "github.com/open-policy-agent/opa",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0",
-            "UID": "e89e2b0d8977e2a"
+            "UID": "3e43f458a7c60c10"
           },
           "InstalledVersion": "v0.35.0",
           "FixedVersion": "0.37.0",
@@ -101,7 +101,7 @@
           "PkgName": "golang.org/x/text",
           "PkgIdentifier": {
             "PURL": "pkg:golang/golang.org/x/text@v0.3.6",
-            "UID": "3050088ce9eb2ce4"
+            "UID": "9c987ed7494d95be"
           },
           "InstalledVersion": "v0.3.6",
           "FixedVersion": "0.3.7",
@@ -134,7 +134,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "2f7f0fa81860b8f1"
+            "UID": "97673687db393443"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",

diff --git a/integration/testdata/gomod-vex.json.golden b/integration/testdata/gomod-vex.json.golden
@@ -27,7 +27,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "9d949a7b01249e68"
+            "UID": "782e16d5a74c9fa6"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",
@@ -54,7 +54,7 @@
           "PkgName": "golang.org/x/text",
           "PkgIdentifier": {
             "PURL": "pkg:golang/golang.org/x/text@v0.3.6",
-            "UID": "3050088ce9eb2ce4"
+            "UID": "9c987ed7494d95be"
           },
           "InstalledVersion": "v0.3.6",
           "FixedVersion": "0.3.7",
@@ -87,7 +87,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "2f7f0fa81860b8f1"
+            "UID": "97673687db393443"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",
@@ -121,7 +121,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "3ad40723ed2fce22"
+            "UID": "48e3a06649df4bd4"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",

diff --git a/integration/testdata/gomod.json.golden b/integration/testdata/gomod.json.golden
@@ -27,7 +27,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "9d949a7b01249e68"
+            "UID": "782e16d5a74c9fa6"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",
@@ -54,7 +54,7 @@
           "PkgName": "github.com/open-policy-agent/opa",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/open-policy-agent/opa@v0.35.0",
-            "UID": "e89e2b0d8977e2a"
+            "UID": "3e43f458a7c60c10"
           },
           "InstalledVersion": "v0.35.0",
           "FixedVersion": "0.37.0",
@@ -101,7 +101,7 @@
           "PkgName": "golang.org/x/text",
           "PkgIdentifier": {
             "PURL": "pkg:golang/golang.org/x/text@v0.3.6",
-            "UID": "3050088ce9eb2ce4"
+            "UID": "9c987ed7494d95be"
           },
           "InstalledVersion": "v0.3.6",
           "FixedVersion": "0.3.7",
@@ -134,7 +134,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "2f7f0fa81860b8f1"
+            "UID": "97673687db393443"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",
@@ -168,7 +168,7 @@
           "PkgName": "github.com/docker/distribution",
           "PkgIdentifier": {
             "PURL": "pkg:golang/github.com/docker/distribution@v2.7.1%2Bincompatible",
-            "UID": "3ad40723ed2fce22"
+            "UID": "48e3a06649df4bd4"
           },
           "InstalledVersion": "v2.7.1+incompatible",
           "FixedVersion": "v2.8.0",

diff --git a/integration/testdata/nuget.json.golden b/integration/testdata/nuget.json.golden
@@ -26,7 +26,7 @@
           "Name": "Newtonsoft.Json",
           "Identifier": {
             "PURL": "pkg:nuget/Newtonsoft.Json@12.0.3",
-            "UID": "d4249b2442e303e9"
+            "UID": "1cec16ca9d4718aa"
           },
           "Version": "12.0.3",
           "Relationship": "direct",
@@ -43,7 +43,7 @@
           "Name": "NuGet.Frameworks",
           "Identifier": {
             "PURL": "pkg:nuget/NuGet.Frameworks@5.7.0",
-            "UID": "6fa0c117039de82a"
+            "UID": "ed284c615e250d47"
           },
           "Version": "5.7.0",
           "Relationship": "direct",
@@ -66,7 +66,7 @@
           "PkgName": "Newtonsoft.Json",
           "PkgIdentifier": {
             "PURL": "pkg:nuget/Newtonsoft.Json@12.0.3",
-            "UID": "d4249b2442e303e9"
+            "UID": "1cec16ca9d4718aa"
           },
           "InstalledVersion": "12.0.3",
           "FixedVersion": "13.0.1",

diff --git a/integration/testdata/pnpm.json.golden b/integration/testdata/pnpm.json.golden
@@ -26,7 +26,7 @@
           "Name": "jquery",
           "Identifier": {
             "PURL": "pkg:npm/jquery@3.3.9",
-            "UID": "53ca18565a4b6a47"
+            "UID": "2a8ffed0b32cf950"
           },
           "Version": "3.3.9",
           "Licenses": [
@@ -40,7 +40,7 @@
           "Name": "lodash",
           "Identifier": {
             "PURL": "pkg:npm/lodash@4.17.4",
-            "UID": "31eadfcf58a6b128"
+            "UID": "29795971f23e7bf6"
           },
           "Version": "4.17.4",
           "Licenses": [
@@ -57,7 +57,7 @@
           "PkgName": "jquery",
           "PkgIdentifier": {
             "PURL": "pkg:npm/jquery@3.3.9",
-            "UID": "53ca18565a4b6a47"
+            "UID": "2a8ffed0b32cf950"
           },
           "InstalledVersion": "3.3.9",
           "FixedVersion": "3.4.0",
@@ -190,7 +190,7 @@
           "PkgName": "lodash",
           "PkgIdentifier": {
             "PURL": "pkg:npm/lodash@4.17.4",
-            "UID": "31eadfcf58a6b128"
+            "UID": "29795971f23e7bf6"
           },
           "InstalledVersion": "4.17.4",
           "FixedVersion": "4.17.12",

diff --git a/integration/testdata/poetry.json.golden b/integration/testdata/poetry.json.golden
@@ -26,7 +26,7 @@
           "Name": "click",
           "Identifier": {
             "PURL": "pkg:pypi/click@8.1.3",
-            "UID": "37edb5c90a97272e"
+            "UID": "d76da06fc75f0439"
           },
           "Version": "8.1.3",
           "Relationship": "direct",
@@ -40,7 +40,7 @@
           "Name": "werkzeug",
           "Identifier": {
             "PURL": "pkg:pypi/werkzeug@0.14",
-            "UID": "4176be111ad01070"
+            "UID": "d14d05cca13c7a6b"
           },
           "Version": "0.14",
           "Relationship": "direct",
@@ -51,7 +51,7 @@
           "Name": "colorama",
           "Identifier": {
             "PURL": "pkg:pypi/colorama@0.4.6",
-            "UID": "895013c17f373da3"
+            "UID": "c7ed705c1cc43242"
           },
           "Version": "0.4.6",
           "Indirect": true,
@@ -66,7 +66,7 @@
           "PkgName": "werkzeug",
           "PkgIdentifier": {
             "PURL": "pkg:pypi/werkzeug@0.14",
-            "UID": "4176be111ad01070"
+            "UID": "d14d05cca13c7a6b"
           },
           "InstalledVersion": "0.14",
           "FixedVersion": "0.15.3",
-Original file line number
+Diff line change
@@ Expand Up / @@ -447,6 +447,7 @@ pkg: @@
       relationships:
        - unknown
        - root
+       - workspace
        - direct
        - indirect
@@ Expand Down @@