From f5141642bafcac7f597e6d32ee6658a3a017151a Mon Sep 17 00:00:00 2001 From: knqyf263 Date: Tue, 28 Nov 2023 12:33:08 +0900 Subject: [PATCH] initial commit Signed-off-by: knqyf263 --- .github/workflows/release.yaml | 29 +++++++++++++++++ Makefile | 10 ++++++ README.md | 26 ++++++++++----- go.mod | 16 +++++++-- go.sum | 33 +++++++++++++++++++ goreleaser.yaml | 6 ++-- main.go | 59 +++++++++++++++++++++++++++++++++- plugin.yaml | 24 +++++++------- 8 files changed, 177 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/release.yaml create mode 100644 Makefile create mode 100644 go.sum diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..f835771 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,29 @@ +name: Release + +on: + push: + tags: + - "v*" + +permissions: + contents: write + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version-file: go.mod + + - name: GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + version: v1.22.1 + args: release -f=goreleaser.yaml --rm-dist --timeout 60m + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8caeacd --- /dev/null +++ b/Makefile @@ -0,0 +1,10 @@ +.PHONY: clean build test + +clean: + rm -rf count + +build: + go build -o count . + +test: + go test -race -v ./... \ No newline at end of file diff --git a/README.md b/README.md index 43f88d2..58f6438 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,31 @@ -# trivy-plugin-template -Template for Trivy plugins - -**NOTE: Replace , and in go.mod, goreleaser.yaml and plugin.yaml with the appropriate values.** +# trivy-output-plugin-count +Example of Trivy output plugin ## Installation ```shell -trivy plugin install github.com// +trivy plugin install github.com/aquasecurity/trivy-output-plugin-count ``` ## Usage ```shell -trivy image --format json --output plugin= [--output-plugin-arg plugin_flags] +trivy image --format json --output plugin=count [--output-plugin-arg plugin_flags] ``` OR ```shell -trivy image -f json | trivy [plugin_flags] -``` \ No newline at end of file +trivy image -f json | trivy count [plugin_flags] +``` + +## Examples + +```shell +trivy image -f json -o plugin=count --output-plugin-arg "--published-after=2023-11-01" debian:12 +``` + +is equivalent to: + +```shell +trivy image -f json debian:12 | trivy count --published-after=2023-11-01 +``` diff --git a/go.mod b/go.mod index 61e3849..f036dc7 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,15 @@ -module github.com/aquasecurity/ +module github.com/aquasecurity/trivy-output-plugin-count -go 1.21 +go 1.21.4 + +require github.com/aquasecurity/trivy v0.47.0 + +require ( + github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect + github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d // indirect + github.com/google/go-containerregistry v0.16.1 // indirect + github.com/samber/lo v1.38.1 // indirect + github.com/spdx/tools-golang v0.5.0 // indirect + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect + golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..558fc36 --- /dev/null +++ b/go.sum @@ -0,0 +1,33 @@ +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc= +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= +github.com/aquasecurity/trivy v0.47.0 h1:Nlo5x5vCoBvPTz6QkHXgpYS7jT3WoCU7n7FHQ+A8FOk= +github.com/aquasecurity/trivy v0.47.0/go.mod h1:lG1JxqlNstRteHtxj/gZc8sTYoYNRLzZupPz32iSXIU= +github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c= +github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ= +github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= +github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= +github.com/spdx/tools-golang v0.5.0 h1:/fqihV2Jna7fmow65dHpgKNsilgLK7ICpd2tkCnPEyY= +github.com/spdx/tools-golang v0.5.0/go.mod h1:kkGlrSXXfHwuSzHQZJRV3aKu9ZXCq/MSf2+xyiJH1lM= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/goreleaser.yaml b/goreleaser.yaml index af7b75f..cc8a0b4 100644 --- a/goreleaser.yaml +++ b/goreleaser.yaml @@ -1,8 +1,8 @@ -project_name: +project_name: trivy_output_plugin_count builds: - main: . - binary: + binary: count ldflags: - -s -w - "-extldflags '-static'" @@ -23,4 +23,4 @@ archives: files: - README.md - LICENSE - - plugin.yaml \ No newline at end of file + - plugin.yaml diff --git a/main.go b/main.go index 38dd16d..bf95ade 100644 --- a/main.go +++ b/main.go @@ -1,3 +1,60 @@ package main -func main() {} +import ( + "encoding/json" + "flag" + "fmt" + "log" + "os" + "time" + + "github.com/aquasecurity/trivy/pkg/types" +) + +func main() { + if err := run(); err != nil { + log.Fatal(err) + } +} + +func run() error { + publishedBefore := flag.String("published-before", "", "take vulnerabilities published before the specified timestamp (ex. 2019-11-04)") + publishedAfter := flag.String("published-after", "", "take vulnerabilities published after the specified timestamp (ex. 2019-11-04)") + flag.Parse() + + var before, after time.Time + var err error + if *publishedBefore != "" { + before, err = time.Parse("2006-01-02", *publishedBefore) + if err != nil { + return err + } + } + if *publishedAfter != "" { + after, err = time.Parse("2006-01-02", *publishedAfter) + if err != nil { + return err + } + } + + var report types.Report + if err := json.NewDecoder(os.Stdin).Decode(&report); err != nil { + return err + } + + var count int + for _, result := range report.Results { + for _, vuln := range result.Vulnerabilities { + if (!before.IsZero() || !after.IsZero()) && vuln.PublishedDate == nil { + continue + } + if (!before.IsZero() && vuln.PublishedDate.After(before)) || + (!after.IsZero() && vuln.PublishedDate.Before(after)) { + continue + } + count += 1 + } + } + fmt.Printf("Number of vulnerabilities: %d\n", count) + return nil +} diff --git a/plugin.yaml b/plugin.yaml index 12aa2bd..9f4c374 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,27 +1,27 @@ -name: -repository: github.com// +name: "count" +repository: github.com/aquasecurity/trivy-output-plugin-count version: "0.1.0" -usage: Template +usage: Count vulnerabilities description: |- - A plugin template + An example output plugin platforms: - selector: os: darwin arch: amd64 - uri: https://github.com///releases/download/v0.1.0/_0.1.0_darwin-amd64.tar.gz - bin: ./ + uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_darwin-amd64.tar.gz + bin: ./count - selector: os: darwin arch: arm64 - uri: https://github.com///releases/download/v0.1.0/_0.1.0_darwin-arm64.tar.gz - bin: ./ + uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_darwin-arm64.tar.gz + bin: ./count - selector: os: linux arch: amd64 - uri: https://github.com///releases/download/v0.1.0/_0.1.0_linux-amd64.tar.gz - bin: ./ + uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_linux-amd64.tar.gz + bin: ./count - selector: os: linux arch: arm64 - uri: https://github.com///releases/download/v0.1.0/_0.1.0_linux-arm64.tar.gz - bin: ./ + uri: https://github.com/aquasecurity/trivy-output-plugin-count/releases/download/v0.1.0/trivy_output_plugin_count_0.1.0_linux-arm64.tar.gz + bin: ./count