feat: support scan remote repository

[penndev6]

Description

support scan remote repository through the deployed vulnerability database server. The detail see in #3121 .

Related issues

• Close Trivy can’t scan remote repository through the deployed vulnerability database server #3121 .

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[penndev6]

Before:

After:

[penndev6]

@knqyf263 Hi, please take a look this pr. This feature is very useful for me. Thank you! And I think this is both a bug or a new feature, and I'm not sure if this feature is something you forgot to implement or is on your future features.

[penndev6]

@afdesk hi, Can you take a look at the CI error report?

[afdesk]

hi @pikaqiu-go yes, sure. i'll take a look at this CI error

[penndev6]

@afdesk thank you！

[afdesk]

@pikaqiu-go thanks for your contribution! it's really useful feature.

I've tested and it works fine.

there are two additional moments:

1. we have to update the documentation: here and here
2. I'd add an integration test.

@pikaqiu-go do you have a little more energy and time for it? or I can try to do it

[penndev6]

Hi, @afdesk Thank you for reviewing the code for me. If it's not urgent, I can try to finish them.

[penndev6]

Should I finsh them in this pr, maybe I can finish them in the new pr. Do I need to create issue and associate pr?

[afdesk]

Hi, @afdesk Thank you for reviewing the code for me. If it's not urgent, I can try to finish them.

it'll be really cool! thanks a lot!

Should I finsh them in this pr, maybe I can finish them in the new pr. Do I need to create issue and associate pr?

Could you finish them in this PR?

I'm ready to help you in any time!

[penndev6]

Hi, @afdesk Thank you for reviewing the code for me. If it's not urgent, I can try to finish them.

it'll be really cool! thanks a lot!

Should I finsh them in this pr, maybe I can finish them in the new pr. Do I need to create issue and associate pr?

Could you finish them in this PR?

I'm ready to help you in any time!

OK~

[penndev6]

hi, @afdesk,please take a look~

[penndev6]

I'm not sure if integration test is right.

[afdesk]

hi, @afdesk,please take a look~

@pikaqiu-go thanks. I'm taking a look right now

[afdesk]

LGTM

[afdesk]

@pikaqiu-go I've updated the test data. I hope it's OK.
thanks for your efforts! it's really nice and useful

[afdesk]

@knqyf263 I was a bit confused that Trivy doesn't have an integration test for repo scan. is it right? or i miss something

[knqyf263]

Oh, yes, we don't have integration tests for repository scanning since it used to be almost the same as fs scanning.

[penndev6]

@knqyf263 Hi, this pr has been stagnant for a long time. I wonder if there are other problems?

[knqyf263]

@pikaqiu-go Thanks for your contribution🙏