initial commit

Signed-off-by: knqyf263 <knqyf263@gmail.com>

.github/workflows/release.yaml

@@ -0,0 +1,29 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
+      - name: GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          version: v1.22.1
+          args: release -f=goreleaser.yaml --rm-dist --timeout 60m
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Makefile

@@ -0,0 +1,10 @@
+.PHONY: clean build test
+
+clean:
+	rm -rf count
+
+build:
+	go build -o count .
+
+test:
+	go test -race -v ./...

README.md

@@ -1,21 +1,31 @@
-# trivy-plugin-template
-Template for Trivy plugins
-
-**NOTE: Replace <org_name>, <repository_name> and <plugin_name> in go.mod, goreleaser.yaml and plugin.yaml with the appropriate values.**
+# trivy-output-plugin-count
+Example of Trivy output plugin
 
 ## Installation
 ```shell
-trivy plugin install github.com/<org_name>/<repository_name>
+trivy plugin install github.com/aquasecurity/trivy-output-plugin-count
 ```
 
 ## Usage
 
 ```shell
-trivy image --format json --output plugin=<plugin_name> [--output-plugin-arg plugin_flags] <image_name>
+trivy image --format json --output plugin=count [--output-plugin-arg plugin_flags] <image_name>
 ```
 
 OR
 
 ```shell
-trivy image -f json <image_name> | trivy <plugin_name> [plugin_flags]
-```
+trivy image -f json <image_name> | trivy count [plugin_flags]
+```
+
+## Examples
+
+```shell
+trivy image -f json -o plugin=count --output-plugin-arg "--published-after=2023-11-01" debian:12
+```
+
+is equivalent to:
+
+```shell
+trivy image -f json debian:12 | trivy count --published-after=2023-11-01
+```

go.mod

@@ -1,3 +1,15 @@
-module github.com/aquasecurity/<repository_name>
+module github.com/aquasecurity/trivy-output-plugin-count
 
-go 1.21
+go 1.21.4
+
+require github.com/aquasecurity/trivy v0.47.0
+
+require (
+	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
+	github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d // indirect
+	github.com/google/go-containerregistry v0.16.1 // indirect
+	github.com/samber/lo v1.38.1 // indirect
+	github.com/spdx/tools-golang v0.5.0 // indirect
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+)

go.sum

@@ -0,0 +1,33 @@
+github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc=
+github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA=
+github.com/aquasecurity/trivy v0.47.0 h1:Nlo5x5vCoBvPTz6QkHXgpYS7jT3WoCU7n7FHQ+A8FOk=
+github.com/aquasecurity/trivy v0.47.0/go.mod h1:lG1JxqlNstRteHtxj/gZc8sTYoYNRLzZupPz32iSXIU=
+github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c=
+github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
+github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=
+github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
+github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
+github.com/spdx/tools-golang v0.5.0 h1:/fqihV2Jna7fmow65dHpgKNsilgLK7ICpd2tkCnPEyY=
+github.com/spdx/tools-golang v0.5.0/go.mod h1:kkGlrSXXfHwuSzHQZJRV3aKu9ZXCq/MSf2+xyiJH1lM=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

goreleaser.yaml

@@ -1,8 +1,8 @@
-project_name: <repository_name>
+project_name: trivy_output_plugin_count
 builds:
   -
     main: .
-    binary: <plugin_name>
+    binary: count
     ldflags:
       - -s -w
       - "-extldflags '-static'"
@@ -23,4 +23,4 @@ archives:
     files:
       - README.md
       - LICENSE
-      - plugin.yaml
+      - plugin.yaml

main.go

@@ -1,3 +1,60 @@
 package main
 
-func main() {}
+import (
+	"encoding/json"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"time"
+
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+func main() {
+	if err := run(); err != nil {
+		log.Fatal(err)
+	}
+}
+
+func run() error {
+	publishedBefore := flag.String("published-before", "", "take vulnerabilities published before the specified timestamp (ex. 2019-11-04)")
+	publishedAfter := flag.String("published-after", "", "take vulnerabilities published after the specified timestamp (ex. 2019-11-04)")
+	flag.Parse()
+
+	var before, after time.Time
+	var err error
+	if *publishedBefore != "" {
+		before, err = time.Parse("2006-01-02", *publishedBefore)
+		if err != nil {
+			return err
+		}
+	}
+	if *publishedAfter != "" {
+		after, err = time.Parse("2006-01-02", *publishedAfter)
+		if err != nil {
+			return err
+		}
+	}
+
+	var report types.Report
+	if err := json.NewDecoder(os.Stdin).Decode(&report); err != nil {
+		return err
+	}
+
+	var count int
+	for _, result := range report.Results {
+		for _, vuln := range result.Vulnerabilities {
+			if (!before.IsZero() || !after.IsZero()) && vuln.PublishedDate == nil {
+				continue
+			}
+			if (!before.IsZero() && vuln.PublishedDate.After(before)) ||
+				(!after.IsZero() && vuln.PublishedDate.Before(after)) {
+				continue
+			}
+			count += 1
+		}
+	}
+	fmt.Printf("Number of vulnerabilities: %d\n", count)
+	return nil
+}

plugin.yaml

@@ -1,27 +1,27 @@
-name: <plugin_name>
-repository: github.com/<org_name>/<repository_name>
+name: "count"
+repository: github.com/aquasecurity/trivy-output-plugin-count
 version: "0.1.0"
-usage: Template
+usage: Count vulnerabilities
 description: |-
-  A plugin template
+  An example output plugin
 platforms:
   - selector:
       os: darwin
       arch: amd64
-    uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_darwin-amd64.tar.gz
-    bin: ./<plugin_name>
+    uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_darwin-amd64.tar.gz
+    bin: ./count
   - selector:
       os: darwin
       arch: arm64
-    uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_darwin-arm64.tar.gz
-    bin: ./<plugin_name>
+    uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_darwin-arm64.tar.gz
+    bin: ./count
   - selector:
       os: linux
       arch: amd64
-    uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_linux-amd64.tar.gz
-    bin: ./<plugin_name>
+    uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_linux-amd64.tar.gz
+    bin: ./count
   - selector:
       os: linux
       arch: arm64
-    uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_linux-arm64.tar.gz
-    bin: ./<plugin_name>
+    uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_linux-arm64.tar.gz
+    bin: ./count