generated from aquasecurity/trivy-plugin-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: knqyf263 <knqyf263@gmail.com>
- Loading branch information
Showing
8 changed files
with
177 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
name: Release | ||
|
||
on: | ||
push: | ||
tags: | ||
- "v*" | ||
|
||
permissions: | ||
contents: write | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version-file: go.mod | ||
|
||
- name: GoReleaser | ||
uses: goreleaser/goreleaser-action@v5 | ||
with: | ||
version: v1.22.1 | ||
args: release -f=goreleaser.yaml --rm-dist --timeout 60m | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
.PHONY: clean build test | ||
|
||
clean: | ||
rm -rf count | ||
|
||
build: | ||
go build -o count . | ||
|
||
test: | ||
go test -race -v ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,31 @@ | ||
# trivy-plugin-template | ||
Template for Trivy plugins | ||
|
||
**NOTE: Replace <org_name>, <repository_name> and <plugin_name> in go.mod, goreleaser.yaml and plugin.yaml with the appropriate values.** | ||
# trivy-output-plugin-count | ||
Example of Trivy output plugin | ||
|
||
## Installation | ||
```shell | ||
trivy plugin install github.com/<org_name>/<repository_name> | ||
trivy plugin install github.com/aquasecurity/trivy-output-plugin-count | ||
``` | ||
|
||
## Usage | ||
|
||
```shell | ||
trivy image --format json --output plugin=<plugin_name> [--output-plugin-arg plugin_flags] <image_name> | ||
trivy image --format json --output plugin=count [--output-plugin-arg plugin_flags] <image_name> | ||
``` | ||
|
||
OR | ||
|
||
```shell | ||
trivy image -f json <image_name> | trivy <plugin_name> [plugin_flags] | ||
``` | ||
trivy image -f json <image_name> | trivy count [plugin_flags] | ||
``` | ||
|
||
## Examples | ||
|
||
```shell | ||
trivy image -f json -o plugin=count --output-plugin-arg "--published-after=2023-11-01" debian:12 | ||
``` | ||
|
||
is equivalent to: | ||
|
||
```shell | ||
trivy image -f json debian:12 | trivy count --published-after=2023-11-01 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,15 @@ | ||
module github.com/aquasecurity/<repository_name> | ||
module github.com/aquasecurity/trivy-output-plugin-count | ||
|
||
go 1.21 | ||
go 1.21.4 | ||
|
||
require github.com/aquasecurity/trivy v0.47.0 | ||
|
||
require ( | ||
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect | ||
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d // indirect | ||
github.com/google/go-containerregistry v0.16.1 // indirect | ||
github.com/samber/lo v1.38.1 // indirect | ||
github.com/spdx/tools-golang v0.5.0 // indirect | ||
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect | ||
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc= | ||
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= | ||
github.com/aquasecurity/trivy v0.47.0 h1:Nlo5x5vCoBvPTz6QkHXgpYS7jT3WoCU7n7FHQ+A8FOk= | ||
github.com/aquasecurity/trivy v0.47.0/go.mod h1:lG1JxqlNstRteHtxj/gZc8sTYoYNRLzZupPz32iSXIU= | ||
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c= | ||
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= | ||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | ||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | ||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= | ||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= | ||
github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ= | ||
github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= | ||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= | ||
github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= | ||
github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= | ||
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= | ||
github.com/spdx/tools-golang v0.5.0 h1:/fqihV2Jna7fmow65dHpgKNsilgLK7ICpd2tkCnPEyY= | ||
github.com/spdx/tools-golang v0.5.0/go.mod h1:kkGlrSXXfHwuSzHQZJRV3aKu9ZXCq/MSf2+xyiJH1lM= | ||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= | ||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= | ||
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= | ||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | ||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= | ||
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= | ||
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= | ||
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= | ||
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= | ||
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= | ||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= | ||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= | ||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | ||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | ||
sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,60 @@ | ||
package main | ||
|
||
func main() {} | ||
import ( | ||
"encoding/json" | ||
"flag" | ||
"fmt" | ||
"log" | ||
"os" | ||
"time" | ||
|
||
"github.com/aquasecurity/trivy/pkg/types" | ||
) | ||
|
||
func main() { | ||
if err := run(); err != nil { | ||
log.Fatal(err) | ||
} | ||
} | ||
|
||
func run() error { | ||
publishedBefore := flag.String("published-before", "", "take vulnerabilities published before the specified timestamp (ex. 2019-11-04)") | ||
publishedAfter := flag.String("published-after", "", "take vulnerabilities published after the specified timestamp (ex. 2019-11-04)") | ||
flag.Parse() | ||
|
||
var before, after time.Time | ||
var err error | ||
if *publishedBefore != "" { | ||
before, err = time.Parse("2006-01-02", *publishedBefore) | ||
if err != nil { | ||
return err | ||
} | ||
} | ||
if *publishedAfter != "" { | ||
after, err = time.Parse("2006-01-02", *publishedAfter) | ||
if err != nil { | ||
return err | ||
} | ||
} | ||
|
||
var report types.Report | ||
if err := json.NewDecoder(os.Stdin).Decode(&report); err != nil { | ||
return err | ||
} | ||
|
||
var count int | ||
for _, result := range report.Results { | ||
for _, vuln := range result.Vulnerabilities { | ||
if (!before.IsZero() || !after.IsZero()) && vuln.PublishedDate == nil { | ||
continue | ||
} | ||
if (!before.IsZero() && vuln.PublishedDate.After(before)) || | ||
(!after.IsZero() && vuln.PublishedDate.Before(after)) { | ||
continue | ||
} | ||
count += 1 | ||
} | ||
} | ||
fmt.Printf("Number of vulnerabilities: %d\n", count) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,27 +1,27 @@ | ||
name: <plugin_name> | ||
repository: github.com/<org_name>/<repository_name> | ||
name: "count" | ||
repository: github.com/aquasecurity/trivy-output-plugin-count | ||
version: "0.1.0" | ||
usage: Template | ||
usage: Count vulnerabilities | ||
description: |- | ||
A plugin template | ||
An example output plugin | ||
platforms: | ||
- selector: | ||
os: darwin | ||
arch: amd64 | ||
uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_darwin-amd64.tar.gz | ||
bin: ./<plugin_name> | ||
uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_darwin-amd64.tar.gz | ||
bin: ./count | ||
- selector: | ||
os: darwin | ||
arch: arm64 | ||
uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_darwin-arm64.tar.gz | ||
bin: ./<plugin_name> | ||
uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_darwin-arm64.tar.gz | ||
bin: ./count | ||
- selector: | ||
os: linux | ||
arch: amd64 | ||
uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_linux-amd64.tar.gz | ||
bin: ./<plugin_name> | ||
uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_linux-amd64.tar.gz | ||
bin: ./count | ||
- selector: | ||
os: linux | ||
arch: arm64 | ||
uri: https://github.com/<org_name>/<repository_name>/releases/download/v0.1.0/<repository_name>_0.1.0_linux-arm64.tar.gz | ||
bin: ./<plugin_name> | ||
uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_linux-arm64.tar.gz | ||
bin: ./count |