-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: define a new struct for scan targets #5397
Conversation
51a21a2
to
a564742
Compare
@chen-keinan I've refactored and exported |
@knqyf263 Thanks will review it |
I don't see problem with these changes, but i try to understand how you want to use We initialize all related Scanners using Something like that: ospkgScanner := ospkg.NewScanner()
langpkgScanner := langpkg.NewScanner()
config := db.Config{}
client := vulnerability.NewClient(config)
k8sScanner := local.NewScanner(nil, ospkgScanner, langpkgScanner, client)
so := types.ScanOptions{} // convert s.opts (flag options) to ScanOptions
target := types.ScanTarget{
Applications: []ftypes.Application{}, // convert found k8s components to Applications
}
k8sScanner.ScanTarget(ctx, target, so) |
Exactly. I'm surprised you quickly understand my idea 😄. But we can use wire to initialize the scanner. We can create We scan container images for vulnerabilities, misconfigurations and secrets here. trivy/pkg/k8s/scanner/scanner.go Lines 90 to 121 in cbbd1ce
However, the component information is not a container image. I was thinking of converting Another idea in my mind is we treat it as an artifact like a container image, filesystem, etc. We can extend the existing SBOM artifact. trivy/pkg/fanal/artifact/sbom/sbom.go Lines 22 to 29 in ba9b041
Neither idea is ideal. Do you guys have any other ideas? |
Some of my thoughts on this:
If it is easy to implement, I think that is better way. This solution is less confusing than new Artifact. |
I agree, the easy and right way will be to convert |
Description
This PR exports Scanner.ScanTarget().
Checklist