Merge pull request #1437 from snyk/feat/container-static-scanning

feat: container static scanning
snyk · Oct 9, 2020 · bf32c4c · bf32c4c
2 parents acce1b2 + cbe72f7
commit bf32c4c
Show file tree

Hide file tree

Showing 25 changed files with 1,895 additions and 1,239 deletions.
diff --git a/package.json b/package.json
@@ -77,7 +77,8 @@
     "semver": "^6.0.0",
     "snyk-config": "3.1.1",
     "snyk-cpp-plugin": "2.0.0",
-    "snyk-docker-plugin": "3.26.2",
+    "legacy-snyk-docker-plugin": "snyk/snyk-docker-plugin#v3.26.2",
+    "snyk-docker-plugin": "4.1.1",
     "snyk-go-plugin": "1.16.2",
     "snyk-gradle-plugin": "3.10.0",
     "snyk-module": "3.1.0",

diff --git a/src/cli/commands/monitor/index.ts b/src/cli/commands/monitor/index.ts
@@ -37,6 +37,8 @@ import { PluginMetadata } from '@snyk/cli-interface/legacy/plugin';
 import { getContributors } from '../../../lib/monitor/dev-count-analysis';
 import { FailedToRunTestError, MonitorError } from '../../../lib/errors';
 import { isMultiProjectScan } from '../../../lib/is-multi-project-scan';
+import { getEcosystem, monitorEcosystem } from '../../../lib/ecosystems';
+import { getFormattedMonitorOutput } from '../../../lib/ecosystems/monitor';
 
 const SEPARATOR = '\n-------------------------------------------------------\n';
 const debug = Debug('snyk');
@@ -95,6 +97,24 @@ async function monitor(...args0: MethodArgs): Promise<any> {
     }
   }
 
+  const ecosystem = getEcosystem(options);
+  if (ecosystem) {
+    const commandResult = await monitorEcosystem(
+      ecosystem,
+      args as string[],
+      options,
+    );
+
+    const [monitorResults, monitorErrors] = commandResult;
+
+    return await getFormattedMonitorOutput(
+      results,
+      monitorResults,
+      monitorErrors,
+      options,
+    );
+  }
+
   // Part 1: every argument is a scan target; process them sequentially
   for (const path of args as string[]) {
     debug(`Processing ${path}...`);

diff --git a/src/cli/commands/test/index.ts b/src/cli/commands/test/index.ts
@@ -49,7 +49,7 @@ import {
 } from './formatters';
 import * as utils from './utils';
 import { getIacDisplayedOutput, createSarifOutputForIac } from './iac-output';
-import { getEcosystem, testEcosystem } from '../../../lib/ecosystems';
+import { getEcosystemForTest, testEcosystem } from '../../../lib/ecosystems';
 import { TestLimitReachedError } from '../../../lib/errors';
 import { isMultiProjectScan } from '../../../lib/is-multi-project-scan';
 import { createSarifOutputForContainers } from './sarif-output';
@@ -115,7 +115,7 @@ async function test(...args: MethodArgs): Promise<TestCommandResult> {
     }
   }
 
-  const ecosystem = getEcosystem(options);
+  const ecosystem = getEcosystemForTest(options);
   if (ecosystem) {
     try {
       const commandResult = await testEcosystem(

diff --git a/src/lib/ecosystems.ts b/src/lib/ecosystems.ts
diff --git a/src/lib/ecosystems/index.ts b/src/lib/ecosystems/index.ts
@@ -0,0 +1,33 @@
+import { Options } from '../types';
+import { Ecosystem } from './types';
+
+export { testEcosystem } from './test';
+export { monitorEcosystem } from './monitor';
+export { getPlugin } from './plugins';
+
+/**
+ * Ecosystems are listed here if you opt in to the new plugin test flow.
+ * This is a breaking change to the old plugin formats, so only a select few
+ * plugins currently work with it.
+ *
+ * Currently container scanning is not yet ready to work with this flow,
+ * hence this is in a separate function from getEcosystem().
+ */
+export function getEcosystemForTest(options: Options): Ecosystem | null {
+  if (options.source) {
+    return 'cpp';
+  }
+  return null;
+}
+
+export function getEcosystem(options: Options): Ecosystem | null {
+  if (options.source) {
+    return 'cpp';
+  }
+
+  const isDockerDesktopIntegration = options['isDockerUser'];
+  if (options.docker && !isDockerDesktopIntegration) {
+    return 'docker';
+  }
+  return null;
+}