diff --git a/.circleci/config.yml b/.circleci/config.yml index a4deb9bc7a8..8d6902b16ef 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -93,15 +93,15 @@ jobs: - restore_cache: keys: - - integration-test-tar-cache-{{ checksum "test/integration/test-fixtures/tar-cache.fingerprint" }} + - integration-test-cache-{{ checksum "test/integration/test-fixtures/cache.fingerprint" }} - run: name: run integration tests command: make integration - save_cache: - key: integration-test-tar-cache-{{ checksum "test/integration/test-fixtures/tar-cache.fingerprint" }} + key: integration-test-cache-{{ checksum "test/integration/test-fixtures/cache.fingerprint" }} paths: - - "test/integration/test-fixtures/tar-cache" + - "test/integration/test-fixtures/cache" workflows: "Static Analysis + Unit + Integration": diff --git a/Makefile b/Makefile index db48c96d179..87134b939d3 100644 --- a/Makefile +++ b/Makefile @@ -128,11 +128,11 @@ integration: ## Run integration tests # note: this is used by CI to determine if the integration test fixture cache (docker image tars) should be busted .PHONY: integration-fingerprint integration-fingerprint: - find test/integration/test-fixtures/image-* -type f -exec md5sum {} + | awk '{print $1}' | sort | md5sum | tee test/integration/test-fixtures/tar-cache.fingerprint + find test/integration/test-fixtures/image-* -type f -exec md5sum {} + | awk '{print $1}' | sort | md5sum | tee test/integration/test-fixtures/cache.fingerprint .PHONY: clear-test-cache clear-test-cache: ## Delete all test cache (built docker image tars) - find . -type f -wholename "**/test-fixtures/tar-cache/*.tar" -delete + find . -type f -wholename "**/test-fixtures/cache/*.tar" -delete .PHONY: check-pipeline check-pipeline: ## Run local CircleCI pipeline locally (sanity check) diff --git a/README.md b/README.md index 14a20cc76f0..e4a09555158 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ A vulnerability scanner for container images and filesystems. [Easily install th - JavaScript (NPM/Yarn) - Python (Egg/Wheel) - Python pip/requirements.txt/setup.py listings +- Supports Docker and OCI image formats > :warning: **This is pre-release software** and it may not work as expected. If you encounter an issue, please [let us know using the issue tracker](https://github.com/anchore/grype/issues). @@ -45,19 +46,23 @@ grype --scope all-layers Grype can scan a variety of sources beyond those found in Docker. ``` -# scan a docker image tar (from the result of "docker image save ... -o image.tar" command) -grype docker-archive://path/to/image.tar +# scan a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands) +grype path/to/image.tar # scan a directory -grype dir://path/to/dir +grype path/to/dir ``` -By default Grype shows a summary table, however, a more detailed `json` format is also available. - +The output format for Grype is configurable as well: ``` -grype -o json +grype -o ``` +Where the `format`s available are: +- `json`: Use this to get as much information out of Grype as possible! +- `cyclonedx`: A XML report conforming to the [CycloneDX 1.2](https://cyclonedx.org/) specification. +- `table`: A columnar summary (default). + Grype pulls a database of vulnerabilities derived from the publicly available [Anchore Feed Service](https://ancho.re/v1/service/feeds). This database is updated at the beginning of each scan, but an update can also be triggered manually. ``` diff --git a/cmd/root.go b/cmd/root.go index 70b83b432f4..b24b4c0e157 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -35,11 +35,17 @@ import ( var rootCmd = &cobra.Command{ Use: fmt.Sprintf("%s [IMAGE]", internal.ApplicationName), Short: "A vulnerability scanner for container images and filesystems", // TODO: add copy, add path-based scans - Long: format.Tprintf(`Supports the following image sources: - {{.appName}} yourrepo/yourimage:tag defaults to using images from a docker daemon - {{.appName}} dir://path/to/yourrepo do a directory scan - {{.appName}} docker://yourrepo/yourimage:tag explicitly use a docker daemon - {{.appName}} tar://path/to/yourimage.tar use a tarball from disk + Long: format.Tprintf(` +Supports the following image sources: + {{.appName}} yourrepo/yourimage:tag defaults to using images from a Docker daemon + {{.appName}} path/to/yourproject a Docker tar, OCI tar, OCI directory, or generic filesystem directory + +You can also explicitly specify the scheme to use: + {{.appName}} docker:yourrepo/yourimage:tag explicitly use the Docker daemon + {{.appName}} docker-archive:path/to/yourimage.tar use a tarball from disk for archives created from "docker save" + {{.appName}} oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Podman or otherwise) + {{.appName}} oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise) + {{.appName}} dir:path/to/yourproject read directly from a path on disk (any directory) `, map[string]interface{}{ "appName": internal.ApplicationName, }), diff --git a/go.mod b/go.mod index cdebf9293c1..d99afdd512f 100644 --- a/go.mod +++ b/go.mod @@ -4,17 +4,19 @@ go 1.14 require ( github.com/adrg/xdg v0.2.1 - github.com/anchore/go-testutils v0.0.0-20200923124913-cc3783363628 + github.com/anchore/go-testutils v0.0.0-20200924130829-c7fdedf242b7 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f - github.com/anchore/stereoscope v0.0.0-20200922191919-df2d5de22d9d - github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a + github.com/anchore/stereoscope v0.0.0-20200925141829-d086a3427f85 + github.com/anchore/syft v0.1.0-beta.4.0.20200925180738-49800b6747b3 github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible github.com/dustin/go-humanize v1.0.0 github.com/facebookincubator/nvdtools v0.1.4-0.20200622182922-aed862a62ae6 github.com/go-test/deep v1.0.7 + github.com/google/go-containerregistry v0.1.1 // indirect github.com/google/uuid v1.1.1 github.com/gookit/color v1.2.7 + github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 // indirect github.com/hashicorp/go-getter v1.4.1 github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d @@ -31,5 +33,10 @@ require ( github.com/wagoodman/jotframe v0.0.0-20200730190914-3517092dd163 github.com/x-cray/logrus-prefixed-formatter v0.5.2 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/net v0.0.0-20200625001655-4c5254603344 // indirect + golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 // indirect + golang.org/x/sys v0.0.0-20200610111108-226ff32320da // indirect + google.golang.org/genproto v0.0.0-20200615140333-fd031eab31e7 // indirect + gopkg.in/ini.v1 v1.57.0 // indirect gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index fef1f3cccad..e23ffc4337e 100644 --- a/go.sum +++ b/go.sum @@ -93,8 +93,12 @@ github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= +github.com/Microsoft/go-winio v0.4.15-0.20200908182639-5b44b70ab3ab h1:9pygWVFqbY9lPxM0peffumuVDyMuIMzNLyO9uFjJuQo= +github.com/Microsoft/go-winio v0.4.15-0.20200908182639-5b44b70ab3ab/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk= github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= +github.com/Microsoft/hcsshim v0.8.10 h1:k5wTrpnVU2/xv8ZuzGkbXVd3js5zJ8RnumPo5RxiIxU= +github.com/Microsoft/hcsshim v0.8.10/go.mod h1:g5uw8EV2mAlzqe94tfNBNdr89fnbD/n3HV0OhsddkmM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= @@ -117,8 +121,8 @@ github.com/anchore/go-rpmdb v0.0.0-20200811175839-cbc751c28e8e h1:kty6r0R2JeaNPe github.com/anchore/go-rpmdb v0.0.0-20200811175839-cbc751c28e8e/go.mod h1:iYuIG0Nai8dR0ri3LhZQKUyO1loxUWAGvoWhXDmjy1A= github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db h1:LWKezJnFTFxNkZ4MzajVf+YWvJS0+7hwFr59u6SS7cw= github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db/go.mod h1:D3rc2L/q4Hcp9eeX6AIJH4Q+kPjOtJCFhG9za90j+nU= -github.com/anchore/go-testutils v0.0.0-20200923124913-cc3783363628 h1:caf7eF19+hdk94vtFrBnDmefWWEGY5706gcZdWrnVvQ= -github.com/anchore/go-testutils v0.0.0-20200923124913-cc3783363628/go.mod h1:utpHUF0ws0l8seM+Dae3moM6S14xH8nqTZVLHAFYBuw= +github.com/anchore/go-testutils v0.0.0-20200924130829-c7fdedf242b7 h1:rhAjS1Hi17C/zyn5maZSDh3Y67szKKJaYk+4xdqLTrU= +github.com/anchore/go-testutils v0.0.0-20200924130829-c7fdedf242b7/go.mod h1:utpHUF0ws0l8seM+Dae3moM6S14xH8nqTZVLHAFYBuw= github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods= github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca h1:rLyc7Rih769rYABQe4nBPt3jHJd/snBuVvKKGoy5HEc= @@ -127,12 +131,15 @@ github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f h1:/6h4PkxPn0VQ3E github.com/anchore/grype-db v0.0.0-20200909132108-9474dd8f080f/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA= github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ= github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e/go.mod h1:bkyLl5VITnrmgErv4S1vDfVz/TGAZ5il6161IQo7w2g= -github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3 h1:pl+txuYlhK8Mmio4d+4zQI/1xg8X6BtNErTASrx23Wk= -github.com/anchore/stereoscope v0.0.0-20200813152757-548b22c8a0b3/go.mod h1:WntReQTI/I27FOQ87UgLVVzWgku6+ZsqfOTLxpIZFCs= github.com/anchore/stereoscope v0.0.0-20200922191919-df2d5de22d9d h1:5SCC6HUKKXEBADHnpBaraweYVbmQNdY2fIklETxmkmo= github.com/anchore/stereoscope v0.0.0-20200922191919-df2d5de22d9d/go.mod h1:W89qUNQ/8ntF5+LY/dynjcvVjWy9ae4TDo48tNK+Cdw= -github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a h1:iuq3OFYmGlkG7/zaNNLD25vnScCe4jLjeSSTFRZYiyA= -github.com/anchore/syft v0.1.0-beta.4.0.20200918175440-45b5cab49a8a/go.mod h1:Ne9mXL2d8LPldZxB1IQ6zM+VzG53tzwrInw1UMKVKbU= +github.com/anchore/stereoscope v0.0.0-20200922191919-df2d5de22d9d/go.mod h1:W89qUNQ/8ntF5+LY/dynjcvVjWy9ae4TDo48tNK+Cdw= +github.com/anchore/stereoscope v0.0.0-20200925141829-d086a3427f85 h1:w+p0ZFSxV9JhoX5RzjcszH2t/jRRQcQdpGXzbQBIvS0= +github.com/anchore/stereoscope v0.0.0-20200925141829-d086a3427f85 h1:w+p0ZFSxV9JhoX5RzjcszH2t/jRRQcQdpGXzbQBIvS0= +github.com/anchore/stereoscope v0.0.0-20200925141829-d086a3427f85/go.mod h1:8RbPl4TvV0Gn15+WIVX6L7Y2io4m9fMHYBQEuNak61E= +github.com/anchore/stereoscope v0.0.0-20200925141829-d086a3427f85/go.mod h1:8RbPl4TvV0Gn15+WIVX6L7Y2io4m9fMHYBQEuNak61E= +github.com/anchore/syft v0.1.0-beta.4.0.20200925180738-49800b6747b3 h1:ScuiCJZ8OShTCDoIWdDWjWfdDAsPo7KgCjcwJ2b1uWY= +github.com/anchore/syft v0.1.0-beta.4.0.20200925180738-49800b6747b3/go.mod h1:jXdJzchKtKdnqPwwimuNvT20MkQsPrjZ0ov8M1KjkkA= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= @@ -181,12 +188,15 @@ github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXH github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= +github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.4 h1:3o0smo5SKY7H6AJCmJhsnCjR2/V2T8VmiHt7seN2/kI= github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= @@ -208,10 +218,12 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -316,6 +328,7 @@ github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= +github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= @@ -655,6 +668,7 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I= github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -805,6 +819,7 @@ github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lP github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= @@ -1001,6 +1016,7 @@ golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1008,6 +1024,7 @@ golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1020,6 +1037,7 @@ golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 h1:OjiUf46hAmXblsZdnoSXsEUSKU8r1UEzcL5RVZ4gO9Y= golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1167,6 +1185,7 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200519141106-08726f379972 h1:6ydLqG65DIMNJf6p97WudGsmd1w3Ickm/LiZnBrREPI= google.golang.org/genproto v0.0.0-20200519141106-08726f379972/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece h1:1YM0uhfumvoDu9sx8+RyWwTI63zoCQvI23IYFRlvte0= google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200604104852-0b0486081ffb h1:ek2py5bOqzR7MR/6obzk0rXUgYCLmjyLnaO9ssT+l6w= google.golang.org/genproto v0.0.0-20200604104852-0b0486081ffb/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= @@ -1214,6 +1233,7 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.56.0 h1:DPMeDvGTM54DXbPkVIZsp19fp/I2K7zwA/itHYHKo8Y= gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww= gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= diff --git a/grype/presenter/cyclonedx/presenter_test.go b/grype/presenter/cyclonedx/presenter_test.go index 9710ed64399..6af20e84c3e 100644 --- a/grype/presenter/cyclonedx/presenter_test.go +++ b/grype/presenter/cyclonedx/presenter_test.go @@ -9,6 +9,7 @@ import ( "github.com/anchore/go-testutils" "github.com/anchore/grype/grype/match" "github.com/anchore/grype/grype/vulnerability" + "github.com/anchore/stereoscope/pkg/imagetest" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/scope" "github.com/sergi/go-diff/diffmatchpatch" @@ -141,7 +142,7 @@ func TestCycloneDxPresenter(t *testing.T) { matches := match.NewMatches() matches.Add(&pkg1, match1, match2) - img, cleanup := testutils.GetFixtureImage(t, "docker-archive", "image-simple") + img, cleanup := imagetest.GetFixtureImage(t, "docker-archive", "image-simple") defer cleanup() s, err := scope.NewScopeFromImage(img, scope.AllLayersScope) pres := NewPresenter(matches, catalog, s, newMetadataMock()) diff --git a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Directory_Presenter.golden b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Directory_Presenter.golden index 1a3db8ff620..4dd1f6f154d 100644 --- a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Directory_Presenter.golden +++ b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Directory_Presenter.golden @@ -1,11 +1,11 @@ - + package-1 1.0.1 - + CVE-1999-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001 @@ -25,7 +25,7 @@ 1999-01 description - + CVE-1999-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002 @@ -61,7 +61,7 @@ - 2020-09-21T15:34:33-04:00 + 2020-09-24T08:43:43-04:00 anchore grype diff --git a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Image_Presenter.golden b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Image_Presenter.golden index f7ca7f8eca4..259c8a1a942 100644 --- a/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Image_Presenter.golden +++ b/grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenter_CycloneDX_Image_Presenter.golden @@ -1,11 +1,11 @@ - + package-1 1.0.1 - + CVE-1999-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001 @@ -25,7 +25,7 @@ 1999-01 description - + CVE-1999-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002 @@ -61,7 +61,7 @@ - 2020-09-21T15:34:33-04:00 + 2020-09-24T08:43:43-04:00 anchore grype @@ -73,13 +73,13 @@ - + package-1 1.0.1 - + CVE-1999-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0001 @@ -99,7 +99,7 @@ 1999-01 description - + CVE-1999-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0002 @@ -135,14 +135,14 @@ - 2020-09-21T15:34:33-04:00 + 2020-09-24T08:43:43-04:00 anchore grype [not provided] - index.docker.io/library/anchore-fixture-image-simple + index.docker.io/library/stereoscope-fixture-image-simple 04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7 diff --git a/grype/presenter/json/presenter_test.go b/grype/presenter/json/presenter_test.go index 053ea2567dd..f3e138f1ec2 100644 --- a/grype/presenter/json/presenter_test.go +++ b/grype/presenter/json/presenter_test.go @@ -5,13 +5,13 @@ import ( "flag" "testing" - "github.com/anchore/stereoscope/pkg/file" - "github.com/anchore/syft/syft/scope" - "github.com/anchore/go-testutils" "github.com/anchore/grype/grype/match" "github.com/anchore/grype/grype/vulnerability" + "github.com/anchore/stereoscope/pkg/file" + "github.com/anchore/stereoscope/pkg/imagetest" "github.com/anchore/syft/syft/pkg" + "github.com/anchore/syft/syft/scope" "github.com/sergi/go-diff/diffmatchpatch" ) @@ -63,10 +63,10 @@ func TestJsonImgsPresenter(t *testing.T) { var testImage = "image-simple" if *update { - testutils.UpdateGoldenFixtureImage(t, testImage) + imagetest.UpdateGoldenFixtureImage(t, testImage) } - img := testutils.GetGoldenFixtureImage(t, testImage) + img := imagetest.GetGoldenFixtureImage(t, testImage) var pkg1 = pkg.Package{ Name: "package-1", @@ -297,10 +297,10 @@ func TestEmptyJsonPresenter(t *testing.T) { var testImage = "image-simple" if *update { - testutils.UpdateGoldenFixtureImage(t, testImage) + imagetest.UpdateGoldenFixtureImage(t, testImage) } - img := testutils.GetGoldenFixtureImage(t, testImage) + img := imagetest.GetGoldenFixtureImage(t, testImage) matches := match.NewMatches() diff --git a/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden b/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden index aaf5931e3fe..a354d9e4223 100644 --- a/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden +++ b/grype/presenter/json/test-fixtures/snapshot/TestEmptyJsonPresenter.golden @@ -22,7 +22,7 @@ "digest": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ - "anchore-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" + "stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" ] } } diff --git a/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden b/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden index 270b9067a7f..dc1eb1441fd 100644 --- a/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden +++ b/grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden @@ -125,7 +125,7 @@ "digest": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ - "anchore-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" + "stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7" ] } } diff --git a/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden b/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden new file mode 100644 index 00000000000..4e7ce36e080 Binary files /dev/null and b/grype/presenter/json/test-fixtures/snapshot/stereoscope-fixture-image-simple.golden differ diff --git a/test/integration/corner_cases_test.go b/test/integration/corner_cases_test.go index d0faa134fe8..da963125dba 100644 --- a/test/integration/corner_cases_test.go +++ b/test/integration/corner_cases_test.go @@ -49,7 +49,7 @@ func TestApkMatch(t *testing.T) { results, _, _, err := grype.FindVulnerabilities( vulnerability.NewProviderFromStore(&store), - "dir://test-fixtures/corner-cases/apk/vnc", + "dir:test-fixtures/corner-cases/apk/vnc", scope.AllLayersScope, ) if err != nil { diff --git a/test/integration/match_coverage_test.go b/test/integration/match_coverage_test.go index 3cb2e98e758..3388a8297f6 100644 --- a/test/integration/match_coverage_test.go +++ b/test/integration/match_coverage_test.go @@ -5,11 +5,11 @@ package integration import ( "testing" - "github.com/anchore/go-testutils" "github.com/anchore/grype/grype" "github.com/anchore/grype/grype/match" "github.com/anchore/grype/grype/vulnerability" "github.com/anchore/grype/internal" + "github.com/anchore/stereoscope/pkg/imagetest" "github.com/anchore/syft/syft/pkg" "github.com/anchore/syft/syft/scope" "github.com/sergi/go-diff/diffmatchpatch" @@ -284,13 +284,13 @@ func TestPkgCoverageImage(t *testing.T) { t.Run(test.fixtureImage, func(t *testing.T) { theStore := NewMockDbStore() - _, cleanup := testutils.GetFixtureImage(t, "docker-archive", test.fixtureImage) - tarPath := testutils.GetFixtureImageTarPath(t, test.fixtureImage) + _, cleanup := imagetest.GetFixtureImage(t, "docker-archive", test.fixtureImage) + tarPath := imagetest.GetFixtureImageTarPath(t, test.fixtureImage) defer cleanup() actualResults, catalog, theScope, err := grype.FindVulnerabilities( vulnerability.NewProviderFromStore(theStore), - "docker-archive://"+tarPath, + "docker-archive:"+tarPath, scope.AllLayersScope, ) if err != nil {