diff --git a/go.mod b/go.mod index 538ee180f860..b59e3181326d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aquasecurity/trivy -go 1.23 +go 1.24.0 require ( github.com/Azure/azure-sdk-for-go v68.0.0+incompatible @@ -35,8 +35,8 @@ require ( github.com/containerd/platforms v1.0.0-rc.1 github.com/distribution/reference v0.6.0 github.com/docker/cli v27.5.0+incompatible - github.com/docker/docker v27.5.0+incompatible - github.com/docker/go-connections v0.5.0 + github.com/docker/docker v27.5.0+incompatible // indirect + github.com/docker/go-connections v0.6.0 github.com/docker/go-units v0.5.0 github.com/fatih/color v1.18.0 github.com/go-git/go-git/v5 v5.13.2 @@ -72,7 +72,7 @@ require ( github.com/moby/buildkit v0.18.2 github.com/open-policy-agent/opa v0.70.0 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0 + github.com/opencontainers/image-spec v1.1.1 github.com/openvex/discovery v0.1.1-0.20240802171711-7c54efc57553 github.com/openvex/go-vex v0.2.5 github.com/owenrumney/go-sarif/v2 v2.3.3 @@ -119,7 +119,7 @@ require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect @@ -194,7 +194,7 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/certificate-transparency-go v1.1.8 // indirect - github.com/google/go-cmp v0.6.0 // indirect + github.com/google/go-cmp v0.7.0 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -216,7 +216,7 @@ require ( github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/docker-image-spec v1.3.1 github.com/moby/locker v1.0.1 // indirect github.com/moby/patternmatcher v0.6.0 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect @@ -224,7 +224,7 @@ require ( github.com/moby/sys/signal v0.7.1 // indirect github.com/moby/sys/user v0.3.0 // indirect github.com/moby/sys/userns v0.1.0 // indirect - github.com/moby/term v0.5.0 // indirect + github.com/moby/term v0.5.2 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncruces/go-strftime v0.1.9 // indirect @@ -286,16 +286,16 @@ require ( go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect - go.opentelemetry.io/otel v1.34.0 // indirect - go.opentelemetry.io/otel/metric v1.34.0 // indirect - go.opentelemetry.io/otel/sdk v1.34.0 // indirect - go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect + go.opentelemetry.io/otel v1.35.0 // indirect + go.opentelemetry.io/otel/metric v1.35.0 // indirect + go.opentelemetry.io/otel/sdk v1.35.0 // indirect + go.opentelemetry.io/otel/trace v1.35.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/oauth2 v0.25.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/time v0.9.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/time v0.11.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect google.golang.org/grpc v1.70.0 // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect @@ -322,9 +322,16 @@ require ( github.com/aws/aws-sdk-go-v2/service/sso v1.25.0 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.0 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.33.16 // indirect - github.com/creack/pty v1.1.23 // indirect github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect + github.com/moby/moby/api v1.53.0 + github.com/moby/moby/client v0.2.2 github.com/oklog/ulid/v2 v2.1.0 // indirect github.com/onsi/gomega v1.35.1 // indirect github.com/samber/oops v1.15.0 // indirect ) + +// github.com/docker/docker v27 has known security vulnerabilities. +// The 27.x branch of moby/moby contains fixes beyond v27.5.1. +// Redirect to the latest 27.x commit until transitive dependencies +// migrate to github.com/moby/moby sub-modules. +replace github.com/docker/docker => github.com/moby/moby v27.5.2-0.20250218170852-77446557b0f8+incompatible diff --git a/go.sum b/go.sum index 3592b8d2f2d3..d37b4c0f6cf6 100644 --- a/go.sum +++ b/go.sum @@ -43,8 +43,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7Um github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0/go.mod h1:Wjo+24QJVhhl/L7jy6w9yzFF2yDOf3cKECAa8ecf9vE= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= @@ -283,8 +283,8 @@ github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GK github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0= -github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= @@ -316,12 +316,10 @@ github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvD github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.5.0+incompatible h1:um++2NcQtGRTz5eEgO6aJimo6/JxrTXC941hd05JO6U= -github.com/docker/docker v27.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= -github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= -github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= +github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= +github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= @@ -487,8 +485,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI= github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= @@ -664,6 +663,12 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= +github.com/moby/moby v27.5.2-0.20250218170852-77446557b0f8+incompatible h1:0F9IFkucLqzWHDx9hCF/mdD4xSYojJsRmitbcGMYQwY= +github.com/moby/moby v27.5.2-0.20250218170852-77446557b0f8+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc= +github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w= +github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc= +github.com/moby/moby/client v0.2.2 h1:Pt4hRMCAIlyjL3cr8M5TrXCwKzguebPAc2do2ur7dEM= +github.com/moby/moby/client v0.2.2/go.mod h1:2EkIPVNCqR05CMIzL1mfA07t0HvVUUOl85pasRz/GmQ= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= @@ -676,8 +681,8 @@ github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= +github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= @@ -719,8 +724,8 @@ github.com/open-policy-agent/opa v0.70.0 h1:B3cqCN2iQAyKxK6+GI+N40uqkin+wzIrM7YA github.com/open-policy-agent/opa v0.70.0/go.mod h1:Y/nm5NY0BX0BqjBriKUiV81sCl8XOjjvqQG7dXrggtI= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= -github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= +github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -980,24 +985,24 @@ go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJyS go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= -go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= -go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= +go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= +go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 h1:K0XaT3DwHAcV4nKLzcQvwAgSyisUghWoY20I7huthMk= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 h1:FFeLy03iVTXP6ffeN2iXrxfGsZGCjVx0/4KlizjyBwU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0= -go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= -go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= -go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= -go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= -go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= -go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= -go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= -go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= +go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= +go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= +go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= +go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= +go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= +go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= +go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.step.sm/crypto v0.57.0 h1:YjoRQDaJYAxHLVwjst0Bl0xcnoKzVwuHCJtEo2VSHYU= @@ -1113,8 +1118,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -1135,8 +1140,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= -golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0= +golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1221,8 +1226,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= -gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= @@ -1261,6 +1266,8 @@ modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= +pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= +pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= diff --git a/integration/client_server_test.go b/integration/client_server_test.go index 7e80fd9f16ed..7c01afe15adb 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -13,7 +13,6 @@ import ( "github.com/aquasecurity/trivy/pkg/types" - dockercontainer "github.com/docker/docker/api/types/container" "github.com/docker/go-connections/nat" "github.com/stretchr/testify/require" "github.com/testcontainers/testcontainers-go" @@ -733,9 +732,7 @@ func setupRedis(t *testing.T, ctx context.Context) (testcontainers.Container, st Name: "redis", Image: imageName, ExposedPorts: []string{port}, - HostConfigModifier: func(hostConfig *dockercontainer.HostConfig) { - hostConfig.AutoRemove = true - }, + AutoRemove: true, } redis, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{ diff --git a/integration/registry_test.go b/integration/registry_test.go index 3f0469e2c396..711f1ddd7a74 100644 --- a/integration/registry_test.go +++ b/integration/registry_test.go @@ -19,7 +19,6 @@ import ( "github.com/aquasecurity/trivy/pkg/types" - dockercontainer "github.com/docker/docker/api/types/container" "github.com/docker/go-connections/nat" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/name" @@ -59,9 +58,7 @@ func setupRegistry(ctx context.Context, baseDir string, authURL *url.URL) (testc Mounts: testcontainers.Mounts( testcontainers.BindMount(filepath.Join(baseDir, "data", "certs"), "/certs"), ), - HostConfigModifier: func(hostConfig *dockercontainer.HostConfig) { - hostConfig.AutoRemove = true - }, + AutoRemove: true, WaitingFor: wait.ForHTTP("v2").WithTLS(true).WithAllowInsecure(true). WithStatusCodeMatcher(func(status int) bool { return status == http.StatusUnauthorized @@ -84,10 +81,8 @@ func setupAuthServer(ctx context.Context, baseDir string) (testcontainers.Contai testcontainers.BindMount(filepath.Join(baseDir, "data", "auth_config"), "/config"), testcontainers.BindMount(filepath.Join(baseDir, "data", "certs"), "/certs"), ), - HostConfigModifier: func(hostConfig *dockercontainer.HostConfig) { - hostConfig.AutoRemove = true - }, - Cmd: []string{"/config/config.yml"}, + AutoRemove: true, + Cmd: []string{"/config/config.yml"}, } authC, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{ diff --git a/internal/testutil/docker.go b/internal/testutil/docker.go index 60e1bb3ab668..a635f53923d2 100644 --- a/internal/testutil/docker.go +++ b/internal/testutil/docker.go @@ -7,8 +7,7 @@ import ( "strings" "testing" - "github.com/docker/docker/api/types/image" - "github.com/docker/docker/client" + "github.com/moby/moby/client" "github.com/stretchr/testify/require" ) @@ -17,7 +16,7 @@ type DockerClient struct { } func NewDockerClient(t *testing.T) *DockerClient { - cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + cli, err := client.New(client.FromEnv) require.NoError(t, err) return &DockerClient{Client: cli} } @@ -29,15 +28,15 @@ func (c *DockerClient) ImageLoad(t *testing.T, ctx context.Context, imageFile st defer testfile.Close() // Load image into docker engine - res, err := c.Client.ImageLoad(ctx, testfile, true) + res, err := c.Client.ImageLoad(ctx, testfile, client.ImageLoadWithQuiet(true)) require.NoError(t, err) - defer res.Body.Close() + defer res.Close() // Parse the response and extract the loaded image name var data struct { Stream string `json:"stream"` } - err = json.NewDecoder(res.Body).Decode(&data) + err = json.NewDecoder(res).Decode(&data) require.NoError(t, err) loadedImage := strings.TrimPrefix(data.Stream, "Loaded image: ") loadedImage = strings.TrimSpace(loadedImage) @@ -50,7 +49,7 @@ func (c *DockerClient) ImageLoad(t *testing.T, ctx context.Context, imageFile st func (c *DockerClient) ImageRemove(t *testing.T, ctx context.Context, imageID string) { t.Helper() - _, _ = c.Client.ImageRemove(ctx, imageID, image.RemoveOptions{ + _, _ = c.Client.ImageRemove(ctx, imageID, client.ImageRemoveOptions{ Force: true, PruneChildren: true, }) diff --git a/internal/testutil/localstack.go b/internal/testutil/localstack.go index 71eaf5a3fcf9..d21cd8d647f1 100644 --- a/internal/testutil/localstack.go +++ b/internal/testutil/localstack.go @@ -5,7 +5,6 @@ import ( "fmt" "os" - dockercontainer "github.com/docker/docker/api/types/container" "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/modules/localstack" ) @@ -19,10 +18,8 @@ func SetupLocalStack(ctx context.Context, version string) (*localstack.LocalStac container, err := localstack.RunContainer(ctx, testcontainers.CustomizeRequest( testcontainers.GenericContainerRequest{ ContainerRequest: testcontainers.ContainerRequest{ - Image: "localstack/localstack:" + version, - HostConfigModifier: func(hostConfig *dockercontainer.HostConfig) { - hostConfig.AutoRemove = true - }, + Image: "localstack/localstack:" + version, + AutoRemove: true, }, }, )) diff --git a/pkg/fanal/artifact/container/container.go b/pkg/fanal/artifact/container/container.go index 11f12fabac40..c3f434919ae3 100644 --- a/pkg/fanal/artifact/container/container.go +++ b/pkg/fanal/artifact/container/container.go @@ -4,6 +4,7 @@ package local import ( "context" + "errors" "os" "path" "path/filepath" @@ -12,7 +13,8 @@ import ( "sync" "github.com/containerd/continuity/devices" - "github.com/docker/docker/pkg/system" + "github.com/containerd/continuity/sysx" + "golang.org/x/sys/unix" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/wire" "github.com/samber/lo" @@ -317,8 +319,12 @@ func (a Artifact) inspectLayer(ctx context.Context, layerInfo LayerInfo, disable "trusted.overlay.opaque", } for _, xattr := range xattrs { - opaque, err := system.Lgetxattr(filePath, xattr) + opaque, err := sysx.LGetxattr(filePath, xattr) if err != nil { + // ENODATA means the xattr is not set — not an error. + if errors.Is(err, unix.ENODATA) { + continue + } return xerrors.Errorf("Lgetattr: %w", err) } if len(opaque) == 1 && opaque[0] == 'y' { diff --git a/pkg/fanal/image/daemon/containerd.go b/pkg/fanal/image/daemon/containerd.go index faa5c8d98c3f..d9dc6bc8bcac 100644 --- a/pkg/fanal/image/daemon/containerd.go +++ b/pkg/fanal/image/daemon/containerd.go @@ -16,10 +16,10 @@ import ( "github.com/containerd/containerd/v2/pkg/namespaces" "github.com/containerd/platforms" "github.com/distribution/reference" - api "github.com/docker/docker/api/types" - "github.com/docker/docker/api/types/container" - "github.com/docker/go-connections/nat" v1 "github.com/google/go-containerregistry/pkg/v1" + dockerspec "github.com/moby/docker-image-spec/specs-go/v1" + dockerimage "github.com/moby/moby/api/types/image" + dockerClient "github.com/moby/moby/client" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/samber/lo" @@ -53,7 +53,7 @@ func (n familiarNamed) String() string { } func imageWriter(c *client.Client, img client.Image, platform types.Platform) imageSave { - return func(ctx context.Context, ref []string) (io.ReadCloser, error) { + return func(ctx context.Context, ref []string, _ ...dockerClient.ImageSaveOption) (dockerClient.ImageSaveResult, error) { if len(ref) < 1 { return nil, xerrors.New("no image reference") } @@ -211,7 +211,7 @@ func readImageConfig(ctx context.Context, img client.Image) (ocispec.Image, ocis } // ported from https://github.com/containerd/nerdctl/blob/d110fea18018f13c3f798fa6565e482f3ff03591/pkg/inspecttypes/dockercompat/dockercompat.go#L279-L321 -func inspect(ctx context.Context, img client.Image, ref reference.Reference) (api.ImageInspect, []v1.History, reference.Reference, error) { +func inspect(ctx context.Context, img client.Image, ref reference.Reference) (dockerimage.InspectResponse, []v1.History, reference.Reference, error) { if _, ok := ref.(reference.Digested); ok { ref = familiarNamed(img.Name()) } @@ -228,7 +228,7 @@ func inspect(ctx context.Context, img client.Image, ref reference.Reference) (ap imgConfig, imgConfigDesc, err := readImageConfig(ctx, img) if err != nil { - return api.ImageInspect{}, nil, nil, err + return dockerimage.InspectResponse{}, nil, nil, err } var lastHistory ocispec.History @@ -247,37 +247,25 @@ func inspect(ctx context.Context, img client.Image, ref reference.Reference) (ap }) } - portSet := make(nat.PortSet) - for k := range imgConfig.Config.ExposedPorts { - portSet[nat.Port(k)] = struct{}{} - } - created := "" if lastHistory.Created != nil { created = lastHistory.Created.Format(time.RFC3339Nano) } - return api.ImageInspect{ + return dockerimage.InspectResponse{ ID: imgConfigDesc.Digest.String(), RepoTags: []string{fmt.Sprintf("%s:%s", repository, tag)}, RepoDigests: []string{fmt.Sprintf("%s@%s", repository, img.Target().Digest)}, Comment: lastHistory.Comment, Created: created, Author: lastHistory.Author, - Config: &container.Config{ - User: imgConfig.Config.User, - ExposedPorts: portSet, - Env: imgConfig.Config.Env, - Cmd: imgConfig.Config.Cmd, - Volumes: imgConfig.Config.Volumes, - WorkingDir: imgConfig.Config.WorkingDir, - Entrypoint: imgConfig.Config.Entrypoint, - Labels: imgConfig.Config.Labels, + Config: &dockerspec.DockerOCIImageConfig{ + ImageConfig: imgConfig.Config, }, Architecture: imgConfig.Architecture, Os: imgConfig.OS, - RootFS: api.RootFS{ - Type: imgConfig.RootFS.Type, + RootFS: dockerimage.RootFS{ + Type: imgConfig.RootFS.Type, Layers: lo.Map(imgConfig.RootFS.DiffIDs, func(d digest.Digest, _ int) string { return d.String() }), diff --git a/pkg/fanal/image/daemon/docker.go b/pkg/fanal/image/daemon/docker.go index 45581c99b3c8..14772f082e3a 100644 --- a/pkg/fanal/image/daemon/docker.go +++ b/pkg/fanal/image/daemon/docker.go @@ -4,8 +4,8 @@ import ( "context" "os" - "github.com/docker/docker/client" "github.com/google/go-containerregistry/pkg/name" + "github.com/moby/moby/client" "golang.org/x/xerrors" ) @@ -16,13 +16,12 @@ func DockerImage(ref name.Reference, host string) (Image, func(), error) { opts := []client.Opt{ client.FromEnv, - client.WithAPIVersionNegotiation(), } if host != "" { // adding host parameter to the last assuming it will pick up more preference opts = append(opts, client.WithHost(host)) } - c, err := client.NewClientWithOpts(opts...) + c, err := client.New(opts...) if err != nil { return nil, cleanup, xerrors.Errorf("failed to initialize a docker client: %w", err) @@ -37,10 +36,10 @@ func DockerImage(ref name.Reference, host string) (Image, func(), error) { // or // @ pattern like "alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300" imageID := ref.Name() - inspect, _, err := c.ImageInspectWithRaw(context.Background(), imageID) + inspect, err := c.ImageInspect(context.Background(), imageID) if err != nil { imageID = ref.String() // pattern like `5ac716b05a9c` - inspect, _, err = c.ImageInspectWithRaw(context.Background(), imageID) + inspect, err = c.ImageInspect(context.Background(), imageID) if err != nil { return nil, cleanup, xerrors.Errorf("unable to inspect the image (%s): %w", imageID, err) } @@ -64,7 +63,7 @@ func DockerImage(ref name.Reference, host string) (Image, func(), error) { return &image{ opener: imageOpener(context.Background(), imageID, f, c.ImageSave), - inspect: inspect, - history: configHistory(history), + inspect: inspect.InspectResponse, + history: configHistory(history.Items), }, cleanup, nil } diff --git a/pkg/fanal/image/daemon/docker_test.go b/pkg/fanal/image/daemon/docker_test.go index 3ae519bdf938..7bf52a946de4 100644 --- a/pkg/fanal/image/daemon/docker_test.go +++ b/pkg/fanal/image/daemon/docker_test.go @@ -3,7 +3,7 @@ package daemon import ( "testing" - "github.com/docker/docker/api/types" + dimage "github.com/moby/moby/api/types/image" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/stretchr/testify/assert" @@ -14,7 +14,7 @@ func TestDockerImage(t *testing.T) { type fields struct { Image v1.Image opener opener - inspect types.ImageInspect + inspect dimage.InspectResponse } tests := []struct { name string diff --git a/pkg/fanal/image/daemon/image.go b/pkg/fanal/image/daemon/image.go index d650851ad242..901f0e75a67b 100644 --- a/pkg/fanal/image/daemon/image.go +++ b/pkg/fanal/image/daemon/image.go @@ -8,11 +8,11 @@ import ( "sync" "time" - "github.com/docker/docker/api/types" - "github.com/docker/docker/api/types/container" - dimage "github.com/docker/docker/api/types/image" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/tarball" + dockerspec "github.com/moby/docker-image-spec/specs-go/v1" + dimage "github.com/moby/moby/api/types/image" + "github.com/moby/moby/client" "github.com/samber/lo" "golang.org/x/xerrors" @@ -29,7 +29,7 @@ var mu sync.Mutex type opener func() (v1.Image, error) -type imageSave func(context.Context, []string) (io.ReadCloser, error) +type imageSave func(context.Context, []string, ...client.ImageSaveOption) (client.ImageSaveResult, error) func imageOpener(ctx context.Context, ref string, f *os.File, imageSave imageSave) opener { return func() (v1.Image, error) { @@ -61,7 +61,7 @@ func imageOpener(ctx context.Context, ref string, f *os.File, imageSave imageSav type image struct { v1.Image opener opener - inspect types.ImageInspect + inspect dimage.InspectResponse history []v1.History } @@ -125,14 +125,12 @@ func (img *image) ConfigFile() (*v1.ConfigFile, error) { } return &v1.ConfigFile{ - Architecture: img.inspect.Architecture, - Author: img.inspect.Author, - Container: img.inspect.Container, - Created: created, - DockerVersion: img.inspect.DockerVersion, - Config: img.imageConfig(img.inspect.Config), - History: img.history, - OS: img.inspect.Os, + Architecture: img.inspect.Architecture, + Author: img.inspect.Author, + Created: created, + Config: img.imageConfig(lo.FromPtr(img.inspect.Config)), + History: img.history, + OS: img.inspect.Os, RootFS: v1.RootFS{ Type: img.inspect.RootFS.Type, DiffIDs: diffIDs, @@ -185,34 +183,33 @@ func (img *image) diffIDs() ([]v1.Hash, error) { return diffIDs, nil } -func (img *image) imageConfig(config *container.Config) v1.Config { - if config == nil { - return v1.Config{} +func (img *image) imageConfig(config dockerspec.DockerOCIImageConfig) v1.Config { + c := v1.Config{ + // OCI-compliant fields + User: config.User, + Cmd: config.Cmd, + Entrypoint: config.Entrypoint, + Env: config.Env, + Labels: config.Labels, + WorkingDir: config.WorkingDir, + StopSignal: config.StopSignal, + ArgsEscaped: config.ArgsEscaped, + OnBuild: config.OnBuild, + Shell: config.Shell, } - c := v1.Config{ - AttachStderr: config.AttachStderr, - AttachStdin: config.AttachStdin, - AttachStdout: config.AttachStdout, - Cmd: config.Cmd, - Domainname: config.Domainname, - Entrypoint: config.Entrypoint, - Env: config.Env, - Hostname: config.Hostname, - Image: config.Image, - Labels: config.Labels, - OnBuild: config.OnBuild, - OpenStdin: config.OpenStdin, - StdinOnce: config.StdinOnce, - Tty: config.Tty, - User: config.User, - Volumes: config.Volumes, - WorkingDir: config.WorkingDir, - ArgsEscaped: config.ArgsEscaped, - NetworkDisabled: config.NetworkDisabled, - MacAddress: config.MacAddress, - StopSignal: config.StopSignal, - Shell: config.Shell, + if len(config.ExposedPorts) > 0 { + c.ExposedPorts = make(map[string]struct{}) //nolint: gocritic + for port := range config.ExposedPorts { + c.ExposedPorts[port] = struct{}{} + } + } + + if len(config.Volumes) > 0 { + c.Volumes = make(map[string]struct{}) //nolint: gocritic + for volume := range config.Volumes { + c.Volumes[volume] = struct{}{} + } } if config.Healthcheck != nil { @@ -225,13 +222,6 @@ func (img *image) imageConfig(config *container.Config) v1.Config { } } - if len(config.ExposedPorts) > 0 { - c.ExposedPorts = make(map[string]struct{}) //nolint: gocritic - for port := range config.ExposedPorts { - c.ExposedPorts[port.Port()] = struct{}{} - } - } - return c } diff --git a/pkg/fanal/image/daemon/image_test.go b/pkg/fanal/image/daemon/image_test.go index 35ac8f278137..ea2385bdd7b1 100644 --- a/pkg/fanal/image/daemon/image_test.go +++ b/pkg/fanal/image/daemon/image_test.go @@ -8,7 +8,7 @@ import ( "testing" "time" - dimage "github.com/docker/docker/api/types/image" + dimage "github.com/moby/moby/api/types/image" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/stretchr/testify/assert" @@ -166,10 +166,9 @@ func Test_image_ConfigFile(t *testing.T) { name: "one diff_id", imageName: "alpine:3.11", want: &v1.ConfigFile{ - Architecture: "amd64", - OS: "linux", - Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)}, - DockerVersion: "18.09.7", + Architecture: "amd64", + OS: "linux", + Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)}, History: []v1.History{ { Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 0, time.UTC)}, @@ -194,7 +193,6 @@ func Test_image_ConfigFile(t *testing.T) { }, Config: v1.Config{ Cmd: []string{"/bin/sh"}, - Image: "sha256:74df73bb19fbfc7fb5ab9a8234b3d98ee2fb92df5b824496679802685205ab8c", Env: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}, ArgsEscaped: true, }, diff --git a/pkg/fanal/image/daemon/podman.go b/pkg/fanal/image/daemon/podman.go index 51766ae01822..467c784219bc 100644 --- a/pkg/fanal/image/daemon/podman.go +++ b/pkg/fanal/image/daemon/podman.go @@ -4,14 +4,13 @@ import ( "context" "encoding/json" "fmt" - "io" "net" "net/http" "os" "path/filepath" - api "github.com/docker/docker/api/types" - dimage "github.com/docker/docker/api/types/image" + dimage "github.com/moby/moby/api/types/image" + "github.com/moby/moby/client" "golang.org/x/xerrors" ) @@ -52,25 +51,25 @@ type errResponse struct { Message string } -func (p podmanClient) imageInspect(imageName string) (api.ImageInspect, error) { +func (p podmanClient) imageInspect(imageName string) (dimage.InspectResponse, error) { url := fmt.Sprintf(inspectURL, imageName) resp, err := p.c.Get(url) if err != nil { - return api.ImageInspect{}, xerrors.Errorf("http error: %w", err) + return dimage.InspectResponse{}, xerrors.Errorf("http error: %w", err) } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { var res errResponse if err = json.NewDecoder(resp.Body).Decode(&res); err != nil { - return api.ImageInspect{}, xerrors.Errorf("unknown status code from Podman: %d", resp.StatusCode) + return dimage.InspectResponse{}, xerrors.Errorf("unknown status code from Podman: %d", resp.StatusCode) } - return api.ImageInspect{}, xerrors.New(res.Message) + return dimage.InspectResponse{}, xerrors.New(res.Message) } - var inspect api.ImageInspect + var inspect dimage.InspectResponse if err = json.NewDecoder(resp.Body).Decode(&inspect); err != nil { - return api.ImageInspect{}, xerrors.Errorf("unable to decode JSON: %w", err) + return dimage.InspectResponse{}, xerrors.Errorf("unable to decode JSON: %w", err) } return inspect, nil } @@ -98,7 +97,7 @@ func (p podmanClient) imageHistoryInspect(imageName string) ([]dimage.HistoryRes return history, nil } -func (p podmanClient) imageSave(_ context.Context, imageNames []string) (io.ReadCloser, error) { +func (p podmanClient) imageSave(_ context.Context, imageNames []string, _ ...client.ImageSaveOption) (client.ImageSaveResult, error) { if len(imageNames) < 1 { return nil, xerrors.Errorf("no specified image") } diff --git a/pkg/fanal/image/daemon/podman_test.go b/pkg/fanal/image/daemon/podman_test.go index 106d821a0e32..8522f3141e2a 100644 --- a/pkg/fanal/image/daemon/podman_test.go +++ b/pkg/fanal/image/daemon/podman_test.go @@ -7,7 +7,7 @@ import ( "runtime" "testing" - "github.com/docker/docker/api/types" + dimage "github.com/moby/moby/api/types/image" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/stretchr/testify/assert" @@ -49,7 +49,7 @@ func TestPodmanImage(t *testing.T) { type fields struct { Image v1.Image opener opener - inspect types.ImageInspect + inspect dimage.InspectResponse } tests := []struct { name string diff --git a/pkg/fanal/image/image_test.go b/pkg/fanal/image/image_test.go index 555fe79cf509..67e3a91e33e5 100644 --- a/pkg/fanal/image/image_test.go +++ b/pkg/fanal/image/image_test.go @@ -73,10 +73,9 @@ func TestNewDockerImage(t *testing.T) { wantID: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72", wantRepoTags: []string{"alpine:3.11"}, wantConfigFile: &v1.ConfigFile{ - Architecture: "amd64", - OS: "linux", - Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)}, - DockerVersion: "18.09.7", + Architecture: "amd64", + OS: "linux", + Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)}, History: []v1.History{ { Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 0, time.UTC)}, @@ -116,10 +115,9 @@ func TestNewDockerImage(t *testing.T) { wantID: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72", wantRepoTags: []string{"alpine:3.11"}, wantConfigFile: &v1.ConfigFile{ - Architecture: "amd64", - OS: "linux", - Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)}, - DockerVersion: "18.09.7", + Architecture: "amd64", + OS: "linux", + Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)}, History: []v1.History{ { Created: v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 0, time.UTC)}, diff --git a/pkg/fanal/test/integration/containerd_test.go b/pkg/fanal/test/integration/containerd_test.go index 375c5cd77c62..b0df0c8355b9 100644 --- a/pkg/fanal/test/integration/containerd_test.go +++ b/pkg/fanal/test/integration/containerd_test.go @@ -18,7 +18,6 @@ import ( "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/images" "github.com/containerd/containerd/v2/pkg/namespaces" - dockercontainer "github.com/docker/docker/api/types/container" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/samber/lo" "github.com/stretchr/testify/assert" @@ -91,9 +90,7 @@ func startContainerd(t *testing.T, ctx context.Context, hostPath string) { Mounts: testcontainers.Mounts( testcontainers.BindMount(hostPath, "/run"), ), - HostConfigModifier: func(hostConfig *dockercontainer.HostConfig) { - hostConfig.AutoRemove = true - }, + AutoRemove: true, WaitingFor: wait.ForLog("containerd successfully booted"), } containerdC, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{ diff --git a/pkg/fanal/test/integration/docker/docker.go b/pkg/fanal/test/integration/docker/docker.go index 82a1671fb8d1..3a787b9cae18 100644 --- a/pkg/fanal/test/integration/docker/docker.go +++ b/pkg/fanal/test/integration/docker/docker.go @@ -10,9 +10,8 @@ import ( "os" "os/exec" - "github.com/docker/docker/api/types/image" - apiregistry "github.com/docker/docker/api/types/registry" - "github.com/docker/docker/client" + apiregistry "github.com/moby/moby/api/types/registry" + "github.com/moby/moby/client" ) type RegistryConfig struct { @@ -50,7 +49,7 @@ type Docker struct { } func New() (Docker, error) { - cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + cli, err := client.New(client.FromEnv) if err != nil { return Docker{}, err } @@ -72,7 +71,7 @@ func (d Docker) Logout(conf RegistryConfig) error { // ReplicateImage tags the given imagePath and pushes it to the given dest registry. func (d Docker) ReplicateImage(ctx context.Context, imageRef, imagePath string, dest RegistryConfig) error { // remove existing Image if any - _, _ = d.cli.ImageRemove(ctx, imageRef, image.RemoveOptions{ + _, _ = d.cli.ImageRemove(ctx, imageRef, client.ImageRemoveOptions{ Force: true, PruneChildren: true, }) @@ -84,26 +83,29 @@ func (d Docker) ReplicateImage(ctx context.Context, imageRef, imagePath string, defer testfile.Close() // load image into docker engine - resp, err := d.cli.ImageLoad(ctx, testfile, true) + resp, err := d.cli.ImageLoad(ctx, testfile) if err != nil { return err } - if _, err := io.Copy(io.Discard, resp.Body); err != nil { + if _, err := io.Copy(io.Discard, resp); err != nil { return err } - defer resp.Body.Close() + defer resp.Close() targetImageRef := fmt.Sprintf("%s/%s", dest.URL.Host, imageRef) - if err = d.cli.ImageTag(ctx, imageRef, targetImageRef); err != nil { + if _, err = d.cli.ImageTag(ctx, client.ImageTagOptions{ + Source: imageRef, + Target: targetImageRef, + }); err != nil { return err } defer func() { - _, _ = d.cli.ImageRemove(ctx, imageRef, image.RemoveOptions{ + _, _ = d.cli.ImageRemove(ctx, imageRef, client.ImageRemoveOptions{ Force: true, PruneChildren: true, }) - _, _ = d.cli.ImageRemove(ctx, targetImageRef, image.RemoveOptions{ + _, _ = d.cli.ImageRemove(ctx, targetImageRef, client.ImageRemoveOptions{ Force: true, PruneChildren: true, }) @@ -114,7 +116,7 @@ func (d Docker) ReplicateImage(ctx context.Context, imageRef, imagePath string, return err } - pushOut, err := d.cli.ImagePush(ctx, targetImageRef, image.PushOptions{ + pushOut, err := d.cli.ImagePush(ctx, targetImageRef, client.ImagePushOptions{ RegistryAuth: auth, }) if err != nil { diff --git a/pkg/fanal/test/integration/registry_test.go b/pkg/fanal/test/integration/registry_test.go index e6fc7445cc87..1cc7af9398dc 100644 --- a/pkg/fanal/test/integration/registry_test.go +++ b/pkg/fanal/test/integration/registry_test.go @@ -12,8 +12,6 @@ import ( "path/filepath" "testing" - dockercontainer "github.com/docker/docker/api/types/container" - "github.com/docker/docker/client" "github.com/docker/go-connections/nat" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -62,9 +60,7 @@ func TestTLSRegistry(t *testing.T) { testcontainers.BindMount(filepath.Join(baseDir, "data", "registry", "certs"), "/certs"), testcontainers.BindMount(filepath.Join(baseDir, "data", "registry", "auth"), "/auth"), ), - HostConfigModifier: func(hostConfig *dockercontainer.HostConfig) { - hostConfig.AutoRemove = true - }, + AutoRemove: true, WaitingFor: wait.ForLog("listening on [::]:5443"), } @@ -228,12 +224,6 @@ func analyze(ctx context.Context, imageRef string, opt types.ImageOptions) (*typ return nil, err } - cli, err := client.NewClientWithOpts(client.FromEnv) - if err != nil { - return nil, err - } - cli.NegotiateAPIVersion(ctx) - img, cleanup, err := image.NewContainerImage(ctx, imageRef, opt) if err != nil { return nil, err