feat: enable experimental docker-archive scanning

Upgrade the snyk-docker-plugin to allow this new feature under the --experimental flag.

package.json

@@ -80,7 +80,7 @@
     "proxy-from-env": "^1.0.0",
     "semver": "^6.0.0",
     "snyk-config": "^2.2.1",
-    "snyk-docker-plugin": "2.6.1",
+    "snyk-docker-plugin": "2.10.0",
     "snyk-go-plugin": "1.13.0",
     "snyk-gradle-plugin": "3.2.5",
     "snyk-module": "1.9.1",

src/lib/types.ts

@@ -55,6 +55,8 @@ export interface Options {
   allProjects?: boolean;
   detectionDepth?: number;
   exclude?: string;
+  // Used with the Docker plugin only. Allows requesting some experimental/unofficial features.
+  experimental?: boolean;
 }
 
 // TODO(kyegupov): catch accessing ['undefined-properties'] via noImplicitAny
@@ -72,6 +74,8 @@ export interface MonitorOptions {
   allProjects?: boolean;
   // An experimental flag to allow monitoring of bigtrees (with degraded deps info and remediation advice).
   'prune-repeated-subdependencies'?: boolean;
+  // Used with the Docker plugin only. Allows requesting some experimental/unofficial features.
+  experimental?: boolean;
 }
 
 export interface MonitorMeta {

test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts

@@ -1427,6 +1427,58 @@ test('`monitor foo:latest --docker` with custom policy path', async (t) => {
   t.deepEqual(policyString, expected, 'sends correct policy');
 });
 
+test('`monitor docker-archive:foo.tar --docker --experimental`', async (t) => {
+  const dockerImageId =
+    'sha256:' +
+    '578c3e61a98cb5720e7c8fc152017be1dff373ebd72a32bbe6e328234efc8d1a';
+  const spyPlugin = stubDockerPluginResponse(
+    {
+      plugin: {
+        packageManager: 'rpm',
+        dockerImageId,
+      },
+      package: {},
+    },
+    t,
+  );
+
+  await cli.monitor('docker-archive:foo.tar', {
+    docker: true,
+    org: 'experimental-org',
+    experimental: true,
+  });
+  const req = server.popRequest();
+  t.equal(req.method, 'PUT', 'makes PUT request');
+  t.equal(
+    req.headers['x-snyk-cli-version'],
+    versionNumber,
+    'sends version number',
+  );
+  t.match(
+    req.url,
+    '/monitor/rpm',
+    'puts at correct url (uses package manager from plugin response)',
+  );
+  t.equal(req.body.meta.dockerImageId, dockerImageId, 'sends dockerImageId');
+  t.same(
+    spyPlugin.getCall(0).args,
+    [
+      'docker-archive:foo.tar',
+      null,
+      {
+        args: null,
+        docker: true,
+        file: null,
+        org: 'experimental-org',
+        packageManager: null,
+        path: 'docker-archive:foo.tar',
+        experimental: true,
+      },
+    ],
+    'calls docker plugin with expected arguments',
+  );
+});
+
 test('monitor --json multiple folders', async (t) => {
   chdirWorkspaces('fail-on');
 

test/acceptance/cli-test/cli-test.docker.spec.ts

@@ -52,6 +52,55 @@ export const DockerTests: AcceptanceTests = {
       );
     },
 
+    '`test docker-archive:foo.tar --docker --experimental`': (params) => async (
+      t,
+    ) => {
+      const spyPlugin = stubDockerPluginResponse(
+        params.plugins,
+        {
+          plugin: {
+            packageManager: 'deb',
+          },
+          package: {},
+        },
+        t,
+      );
+
+      await params.cli.test('docker-archive:foo.tar', {
+        docker: true,
+        org: 'experimental-org',
+        experimental: true,
+      });
+      const req = params.server.popRequest();
+      t.equal(req.method, 'POST', 'makes POST request');
+      t.equal(
+        req.headers['x-snyk-cli-version'],
+        params.versionNumber,
+        'sends version number',
+      );
+      t.match(req.url, '/test-dep-graph', 'posts to correct url');
+      t.equal(req.body.depGraph.pkgManager.name, 'deb');
+      t.same(
+        spyPlugin.getCall(0).args,
+        [
+          'docker-archive:foo.tar',
+          null,
+          {
+            args: null,
+            file: null,
+            docker: true,
+            org: 'experimental-org',
+            projectName: null,
+            packageManager: null,
+            path: 'docker-archive:foo.tar',
+            showVulnPaths: 'some',
+            experimental: true,
+          },
+        ],
+        'calls docker plugin with expected arguments',
+      );
+    },
+
     '`test foo:latest --docker vulnerable paths`': (params) => async (t) => {
       stubDockerPluginResponse(
         params.plugins,