Initial commit (aquasecurity#1)

* initial

.circleci/config.yml

@@ -0,0 +1,42 @@
+defaults: &defaults
+  docker :
+    - image: knqyf263/ci-trivy:latest
+  environment:
+    CGO_ENABLED: "1"
+
+jobs:
+  release:
+    <<: *defaults
+    steps:
+      - checkout
+      - run:
+          name: Release
+          command: goreleaser --rm-dist
+      - run:
+          name: Clone trivy repository
+          command: git clone git@github.com:knqyf263/trivy-repo.git
+      - run:
+          name: Setup git settings
+          command: |
+            git config --global user.email "knqyf263@gmail.com"
+            git config --global user.name "Teppei Fukuda"
+      - run:
+          name: Create rpm repository
+          command: ci/deploy-rpm.sh
+      - run:
+          name: Import GPG key
+          command: echo -e "$GPG_KEY" | gpg --import
+      - run:
+          name: Create deb repository
+          command: ci/deploy-deb.sh
+
+workflows:
+  version: 2
+  release:
+    jobs:  
+      - release:
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /.*/

.gitignore

@@ -10,3 +10,5 @@
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
+
+.idea

README.md

@@ -1 +1,136 @@
-# trivy
+# trivy
+
+[![GitHub release](https://img.shields.io/github/release/knqyf263/trivy.svg)](https://github.com/knqyf263/trivy/releases/latest)
+[![Build Status](https://travis-ci.org/knqyf263/trivy.svg?branch=master)](https://travis-ci.org/knqyf263/trivy)
+[![Go Report Card](https://goreportcard.com/badge/github.com/knqyf263/trivy)](https://goreportcard.com/report/github.com/knqyf263/trivy)
+[![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](https://github.com/knqyf263/trivy/blob/master/LICENSE)
+
+# Abstract
+Scan containers
+
+# Features
+
+# Installation
+
+## RHEL/CentOS
+
+Add repository setting to `/etc/yum.repos.d`.
+
+```
+$ sudo vim /etc/yum.repos.d/trivy.repo
+[trivy]
+name=Trivy repository
+baseurl=https://knqyf263.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
+gpgcheck=0
+enabled=1
+$ sudo yum -y update
+$ sudo yum -y install trivy
+```
+
+## Debian/Ubuntu
+
+Replace `[CODE_NAME]` with your code name
+
+CODE_NAME: wheezy, jessie, stretch, buster, trusty, xenial, bionic
+
+```
+$ sudo apt-get install apt-transport-https gnupg
+$ wget -qO - https://knqyf263.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+$ echo deb https://knqyf263.github.io/trivy-repo/deb [CODE_NAME] main | sudo tee -a /etc/apt/sources.list
+$ sudo apt-get update
+$ sudo apt-get install trivy
+```
+
+## Mac OS X / Homebrew
+You can use homebrew on OS X.
+```
+$ brew tap knqyf263/trivy
+$ brew install knqyf263/trivy/trivy
+```
+
+## Binary (Including Windows)
+Go to [the releases page](https://github.com/knqyf263/trivy/releases), find the version you want, and download the zip file. Unpack the zip file, and put the binary to somewhere you want (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on. 
+
+## From source
+
+```sh
+$ go get -u github.com/knqyf263/trivy
+```
+
+# Examples
+
+# Usage
+
+```
+$ trivy -h
+NAME:
+  trivy - A simple and comprehensive vulnerability scanner for containers
+USAGE:
+  main [options] image_name
+VERSION:
+  0.0.1
+OPTIONS:
+  --format value, -f value    format (table, json) (default: "table")
+  --input value, -i value     input file path instead of image name
+  --severity value, -s value  severities of vulnerabilities to be displayed (comma separated) (default: "CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN")
+  --output value, -o value    output file name
+  --skip-update               skip db update
+  --clean, -c                 clean all cache
+  --debug, -d                 debug mode
+  --help, -h                  show help
+  --version, -v               print the version
+```
+
+# Q&A
+## Homebrew
+### Error: Your macOS keychain GitHub credentials do not have sufficient scope!
+
+```
+$ brew tap knqyf263/trivy
+Error: Your macOS keychain GitHub credentials do not have sufficient scope!
+Scopes they need: none
+Scopes they have:
+Create a personal access token:
+  https://github.com/settings/tokens/new?scopes=gist,public_repo&description=Homebrew
+echo 'export HOMEBREW_GITHUB_API_TOKEN=your_token_here' >> ~/.zshrc
+```
+
+Try:
+```
+$ printf "protocol=https\nhost=github.com\n" | git credential-osxkeychain erase 
+```
+
+### Error: knqyf263/trivy/trivy 64 already installed
+
+```
+$ brew upgrade
+...
+Error: knqyf263/trivy/trivy 64 already installed
+```
+
+Try:
+
+```
+$ brew unlink trivy && brew uninstall trivy
+($ rm -rf /usr/local/Cellar/trivy/64)
+$ brew install knqyf263/trivy/trivy
+```
+
+# Contribute
+
+1. fork a repository: github.com/knqyf263/trivy to github.com/you/repo
+2. get original code: `go get github.com/knqyf263/trivy`
+3. work on original code
+4. add remote to your repo: git remote add myfork https://github.com/you/repo.git
+5. push your changes: git push myfork
+6. create a new Pull Request
+
+- see [GitHub and Go: forking, pull requests, and go-getting](http://blog.campoy.cat/2014/03/github-and-go-forking-pull-requests-and.html)
+
+----
+
+# License
+MIT
+
+# Author
+Teppei Fukuda (knqyf263)

ci/Dockerfile

@@ -0,0 +1,20 @@
+FROM bepsays/ci-goreleaser:1.12-2
+
+RUN apt-get -y update \
+    && apt-get -y install vim rpm reprepro createrepo \
+    && wget https://dl.bintray.com/homebrew/mirror/berkeley-db-18.1.32.tar.gz \
+
+    # Berkeley DB
+    && tar zxvf berkeley-db-18.1.32.tar.gz \
+    && cd db-18.1.32/build_unix \
+
+    # Linux
+    && ../dist/configure --prefix=/usr/local --host=x86_64-linux \
+    && make \
+    && make install \
+
+    # Darwin
+    && make clean \
+    && ../dist/configure --prefix=/usr/local --host=x86_64-apple-darwin15 \
+    && make \
+    && make install

ci/deploy-deb.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+RELEASES=(wheezy jessie stretch buster trusty xenial bionic)
+
+cd trivy-repo/deb
+
+for release in ${RELEASES[@]}; do
+  echo "Adding deb package to $release"
+  reprepro -A i386 remove $release trivy
+  reprepro -A amd64 remove $release trivy
+  reprepro includedeb $release ../../dist/*Linux-64bit.deb
+  reprepro includedeb $release ../../dist/*Linux-32bit.deb
+done
+
+git add .
+git commit -m "Update deb packages"
+git push origin master

ci/deploy-rpm.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+RPM_EL6=$(find dist/ -type f -name "*64bit.rpm" -printf "%f\n" | head -n1 | sed -e 's/_/-/g' -e 's/-Linux/.el6/' -e 's/-64bit/.x86_64/')
+RPM_EL7=$(find dist/ -type f -name "*64bit.rpm" -printf "%f\n" | head -n1 | sed -e 's/_/-/g' -e 's/-Linux/.el7/' -e 's/-64bit/.x86_64/')
+
+cd trivy-repo
+mkdir -p rpm/releases/6/x86_64
+mkdir -p rpm/releases/7/x86_64
+
+cd rpm
+cp ../../dist/*64bit.rpm releases/6/x86_64/${RPM_EL6}
+cp ../../dist/*64bit.rpm releases/7/x86_64/${RPM_EL7}
+
+createrepo --update releases/6/x86_64/
+createrepo --update releases/7/x86_64/
+
+git add .
+git commit -m "Update rpm packages"
+git push origin master
+

cmd/remic/main.go

@@ -0,0 +1,67 @@
+package main
+
+import (
+	"os"
+	"strings"
+
+	"github.com/knqyf263/trivy/pkg/vulnsrc/vulnerability"
+
+	"github.com/knqyf263/trivy/pkg/remic"
+	"github.com/urfave/cli"
+
+	"github.com/knqyf263/trivy/pkg/log"
+)
+
+func main() {
+	cli.AppHelpTemplate = `NAME:
+  {{.Name}}{{if .Usage}} - {{.Usage}}{{end}}
+USAGE:
+  {{if .UsageText}}{{.UsageText}}{{else}}{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}{{end}}{{if .Version}}{{if not .HideVersion}}
+VERSION:
+  {{.Version}}{{end}}{{end}}{{if .Description}}
+DESCRIPTION:
+  {{.Description}}{{end}}{{if len .Authors}}
+AUTHOR{{with $length := len .Authors}}{{if ne 1 $length}}S{{end}}{{end}}:
+  {{range $index, $author := .Authors}}{{if $index}}
+  {{end}}{{$author}}{{end}}{{end}}{{if .VisibleCommands}}
+OPTIONS:
+  {{range $index, $option := .VisibleFlags}}{{if $index}}
+  {{end}}{{$option}}{{end}}{{end}}
+`
+	app := cli.NewApp()
+	app.Name = "remic"
+	app.Version = "0.0.1"
+	app.ArgsUsage = "file"
+
+	app.Usage = "A simple and fast tool for detecting vulnerabilities in application dependencies"
+
+	app.Flags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "format, f",
+			Value: "table",
+			Usage: "format (table, json)",
+		},
+		cli.StringFlag{
+			Name:  "severity, s",
+			Value: strings.Join(vulnerability.SeverityNames, ","),
+			Usage: "severity of vulnerabilities to be displayed",
+		},
+		cli.StringFlag{
+			Name:  "output, o",
+			Usage: "output file name",
+		},
+		cli.BoolFlag{
+			Name:  "debug, d",
+			Usage: "debug mode",
+		},
+	}
+
+	app.Action = func(c *cli.Context) error {
+		return remic.Run(c)
+	}
+
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Logger.Fatal(err)
+	}
+}