Added search extension and integrated trivy to support image vulnerability scanning

pkg/api/config.go

@@ -1,6 +1,8 @@
 package api
 
 import (
+	"time"
+
 	"github.com/anuvu/zot/errors"
 	"github.com/anuvu/zot/pkg/log"
 	"github.com/getlantern/deepcopy"
@@ -10,6 +12,8 @@ import (
 // Commit ...
 var Commit string //nolint: gochecknoglobals
 
+const updateInterval = 24
+
 type StorageConfig struct {
 	RootDirectory string
 	GC            bool
@@ -68,21 +72,36 @@ type LogConfig struct {
 	Output string
 }
 
+type ExtensionConfig struct {
+	Search *SearchConfig
+}
+
+type SearchConfig struct {
+	// CVE search
+	CVE *CVEConfig
+}
+
+type CVEConfig struct {
+	UpdateInterval time.Duration // should be 2 hours or more, if not specified default be kept as 24 hours
+}
+
 type Config struct {
-	Version string
-	Commit  string
-	Storage StorageConfig
-	HTTP    HTTPConfig
-	Log     *LogConfig
+	Version    string
+	Commit     string
+	Storage    StorageConfig
+	HTTP       HTTPConfig
+	Log        *LogConfig
+	Extensions *ExtensionConfig
 }
 
 func NewConfig() *Config {
 	return &Config{
-		Version: dspec.Version,
-		Commit:  Commit,
-		Storage: StorageConfig{GC: true, Dedupe: true},
-		HTTP:    HTTPConfig{Address: "127.0.0.1", Port: "8080"},
-		Log:     &LogConfig{Level: "debug"},
+		Version:    dspec.Version,
+		Commit:     Commit,
+		Storage:    StorageConfig{GC: true, Dedupe: true},
+		HTTP:       HTTPConfig{Address: "127.0.0.1", Port: "8080"},
+		Log:        &LogConfig{Level: "debug"},
+		Extensions: &ExtensionConfig{&SearchConfig{CVE: &CVEConfig{UpdateInterval: updateInterval}}},
 	}
 }
 

pkg/extensions/search/cve/BUILD.bazel

@@ -0,0 +1,16 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "cve.go",
+        "models.go",
+    ],
+    importpath = "github.com/anuvu/zot/pkg/extensions/search/cve",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/log:go_default_library",
+        "@com_github_aquasecurity_trivy//integration:go_default_library",
+        "@com_github_aquasecurity_trivy//integration/config:go_default_library",
+    ],
+)

pkg/extensions/search/cve/cve.go

@@ -0,0 +1,24 @@
+package cveinfo
+
+import (
+	"github.com/anuvu/zot/pkg/log"
+	integration "github.com/aquasecurity/trivy/integration"
+	config "github.com/aquasecurity/trivy/integration/config"
+)
+
+// UpdateCVEDb ...
+func UpdateCVEDb(dbDir string, log log.Logger) error {
+	config, err := config.NewConfig(dbDir)
+	if err != nil {
+		log.Error().Err(err).Msg("Unable to get config")
+		return err
+	}
+
+	err = integration.RunTrivyDb(config.TrivyConfig)
+	if err != nil {
+		log.Error().Err(err).Msg("Unable to update DB ")
+		return err
+	}
+
+	return nil
+}

pkg/extensions/search/cve/models.go

@@ -0,0 +1,13 @@
+// Package cveinfo ...
+package cveinfo
+
+import (
+	"github.com/anuvu/zot/pkg/log"
+	config "github.com/aquasecurity/trivy/integration/config"
+)
+
+// CveInfo ...
+type CveInfo struct {
+	Log            log.Logger
+	CveTrivyConfig *config.Config
+}