feat(outputs): allow to set multiple outputs (#648) (#1346)

* feat(outputs): allow to set multiple outputs (#648) Signed-off-by: Olivier Boudet <o.boudet@gmail.com> Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * feat(outputs): allow to set multiple outputs (#648) review Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * use syft format writter pattern and de-emphasize presenter package Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Olivier Boudet <o.boudet@gmail.com> Signed-off-by: Olivier Boudet <olivier.boudet@cooperl.com> Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
anchore · Jul 11, 2023 · 9050883 · 9050883
1 parent 6834e21
commit 9050883
Show file tree

Hide file tree

Showing 46 changed files with 752 additions and 436 deletions.
diff --git a/cmd/db_diff.go b/cmd/db_diff.go
@@ -5,11 +5,9 @@ import (
 	"os"
 
 	"github.com/spf13/cobra"
-	"github.com/wagoodman/go-partybus"
 
 	"github.com/anchore/grype/grype/db"
 	"github.com/anchore/grype/grype/differ"
-	"github.com/anchore/grype/grype/event"
 	"github.com/anchore/grype/internal/bus"
 	"github.com/anchore/grype/internal/log"
 	"github.com/anchore/grype/internal/ui"
@@ -38,6 +36,7 @@ func startDBDiffCmd(base string, target string, deleteDatabases bool) <-chan err
 	errs := make(chan error)
 	go func() {
 		defer close(errs)
+		defer bus.Exit()
 		d, err := differ.NewDiffer(appConfig.DB.ToCuratorConfig())
 		if err != nil {
 			errs <- err
@@ -72,11 +71,6 @@ func startDBDiffCmd(base string, target string, deleteDatabases bool) <-chan err
 		if deleteDatabases {
 			errs <- d.DeleteDatabases()
 		}
-
-		bus.Publish(partybus.Event{
-			Type:  event.NonRootCommandFinished,
-			Value: "",
-		})
 	}()
 	return errs
 }

diff --git a/cmd/db_update.go b/cmd/db_update.go
@@ -4,10 +4,8 @@ import (
 	"fmt"
 
 	"github.com/spf13/cobra"
-	"github.com/wagoodman/go-partybus"
 
 	"github.com/anchore/grype/grype/db"
-	"github.com/anchore/grype/grype/event"
 	"github.com/anchore/grype/internal/bus"
 	"github.com/anchore/grype/internal/log"
 	"github.com/anchore/grype/internal/ui"
@@ -29,6 +27,8 @@ func startDBUpdateCmd() <-chan error {
 	errs := make(chan error)
 	go func() {
 		defer close(errs)
+		defer bus.Exit()
+
 		dbCurator, err := db.NewCurator(appConfig.DB.ToCuratorConfig())
 		if err != nil {
 			errs <- err
@@ -44,10 +44,7 @@ func startDBUpdateCmd() <-chan error {
 			result = "Vulnerability database updated to latest version!\n"
 		}
 
-		bus.Publish(partybus.Event{
-			Type:  event.NonRootCommandFinished,
-			Value: result,
-		})
+		bus.Report(result)
 	}()
 	return errs
 }

diff --git a/cmd/event_loop_test.go b/cmd/event_loop_test.go
@@ -51,7 +51,7 @@ func Test_eventLoop_gracefulExit(t *testing.T) {
 		t.Cleanup(testBus.Close)
 
 		finalEvent := partybus.Event{
-			Type: event.VulnerabilityScanningFinished,
+			Type: event.CLIExit,
 		}
 
 		worker := func() <-chan error {
@@ -183,7 +183,7 @@ func Test_eventLoop_unsubscribeError(t *testing.T) {
 		t.Cleanup(testBus.Close)
 
 		finalEvent := partybus.Event{
-			Type: event.VulnerabilityScanningFinished,
+			Type: event.CLIExit,
 		}
 
 		worker := func() <-chan error {
@@ -252,7 +252,7 @@ func Test_eventLoop_handlerError(t *testing.T) {
 		t.Cleanup(testBus.Close)
 
 		finalEvent := partybus.Event{
-			Type:  event.VulnerabilityScanningFinished,
+			Type:  event.CLIExit,
 			Error: fmt.Errorf("unable to create presenter"),
 		}
 
@@ -377,7 +377,7 @@ func Test_eventLoop_uiTeardownError(t *testing.T) {
 		t.Cleanup(testBus.Close)
 
 		finalEvent := partybus.Event{
-			Type: event.VulnerabilityScanningFinished,
+			Type: event.CLIExit,
 		}
 
 		worker := func() <-chan error {

diff --git a/cmd/root.go b/cmd/root.go
@@ -28,7 +28,6 @@ import (
 	"github.com/anchore/grype/grype/matcher/ruby"
 	"github.com/anchore/grype/grype/matcher/stock"
 	"github.com/anchore/grype/grype/pkg"
-	"github.com/anchore/grype/grype/presenter"
 	"github.com/anchore/grype/grype/presenter/models"
 	"github.com/anchore/grype/grype/store"
 	"github.com/anchore/grype/grype/vulnerability"
@@ -37,6 +36,7 @@ import (
 	"github.com/anchore/grype/internal/config"
 	"github.com/anchore/grype/internal/format"
 	"github.com/anchore/grype/internal/log"
+	"github.com/anchore/grype/internal/stringutil"
 	"github.com/anchore/grype/internal/ui"
 	"github.com/anchore/grype/internal/version"
 	"github.com/anchore/stereoscope"
@@ -62,7 +62,7 @@ var (
 	rootCmd = &cobra.Command{
 		Use:   fmt.Sprintf("%s [IMAGE]", internal.ApplicationName),
 		Short: "A vulnerability scanner for container images, filesystems, and SBOMs",
-		Long: format.Tprintf(`A vulnerability scanner for container images, filesystems, and SBOMs.
+		Long: stringutil.Tprintf(`A vulnerability scanner for container images, filesystems, and SBOMs.
 
 Supports the following image sources:
     {{.appName}} yourrepo/yourimage:tag             defaults to using images from a Docker daemon
@@ -130,14 +130,14 @@ func setRootFlags(flags *pflag.FlagSet) {
 		fmt.Sprintf("selection of layers to analyze, options=%v", source.AllScopes),
 	)
 
-	flags.StringP(
-		"output", "o", "",
-		fmt.Sprintf("report output formatter, formats=%v, deprecated formats=%v", presenter.AvailableFormats, presenter.DeprecatedFormats),
+	flags.StringArrayP(
+		"output", "o", nil,
+		fmt.Sprintf("report output formatter, formats=%v, deprecated formats=%v", format.AvailableFormats, format.DeprecatedFormats),
 	)
 
 	flags.StringP(
 		"file", "", "",
-		"file to write the report output to (default is STDOUT)",
+		"file to write the default report output to (default is STDOUT)",
 	)
 
 	flags.StringP(
@@ -298,8 +298,13 @@ func startWorker(userInput string, failOnSeverity *vulnerability.Severity) <-cha
 	errs := make(chan error)
 	go func() {
 		defer close(errs)
+		defer bus.Exit()
 
-		presenterConfig, err := presenter.ValidatedConfig(appConfig.Output, appConfig.OutputTemplateFile, appConfig.ShowSuppressed)
+		// TODO: appConfig.File
+		writer, err := format.MakeScanResultWriter(appConfig.Outputs, appConfig.OutputTemplateFile, format.PresentationConfig{
+			TemplateFilePath: appConfig.OutputTemplateFile,
+			ShowSuppressed:   appConfig.ShowSuppressed,
+		})
 		if err != nil {
 			errs <- err
 			return
@@ -332,7 +337,7 @@ func startWorker(userInput string, failOnSeverity *vulnerability.Severity) <-cha
 		go func() {
 			defer wg.Done()
 			log.Debugf("gathering packages")
-			// packages are grype.Pacakge, not syft.Package
+			// packages are grype.Package, not syft.Package
 			// the SBOM is returned for downstream formatting concerns
 			// grype uses the SBOM in combination with syft formatters to produce cycloneDX
 			// with vulnerability information appended
@@ -379,7 +384,7 @@ func startWorker(userInput string, failOnSeverity *vulnerability.Severity) <-cha
 			}
 		}
 
-		pb := models.PresenterConfig{
+		if err := writer.Write(models.PresenterConfig{
 			Matches:          *remainingMatches,
 			IgnoredMatches:   ignoredMatches,
 			Packages:         packages,
@@ -388,12 +393,9 @@ func startWorker(userInput string, failOnSeverity *vulnerability.Severity) <-cha
 			SBOM:             sbom,
 			AppConfig:        appConfig,
 			DBStatus:         status,
+		}); err != nil {
+			errs <- err
 		}
-
-		bus.Publish(partybus.Event{
-			Type:  event.VulnerabilityScanningFinished,
-			Value: presenter.GetPresenter(presenterConfig, pb),
-		})
 	}()
 	return errs
 }
@@ -447,7 +449,7 @@ func checkForAppUpdate() {
 		log.Infof("new version of %s is available: %s (currently running: %s)", internal.ApplicationName, newVersion, version.FromBuild().Version)
 
 		bus.Publish(partybus.Event{
-			Type:  event.AppUpdateAvailable,
+			Type:  event.CLIAppUpdateAvailable,
 			Value: newVersion,
 		})
 	} else {

diff --git a/go.mod b/go.mod
@@ -56,6 +56,7 @@ require (
 	github.com/anchore/syft v0.84.2-0.20230705174713-cfbb9f703bd7
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b
 	github.com/mitchellh/mapstructure v1.5.0
+	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -842,6 +842,8 @@ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5 h1:phTLPgMRDYTizrBSKsNSOa2zthoC2KsJsaY/8sg3rD8=
 github.com/wagoodman/go-partybus v0.0.0-20210627031916-db1f5573bbc5/go.mod h1:JPirS5jde/CF5qIjcK4WX+eQmKXdPc6vcZkJ/P0hfPw=
+github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b h1:uWNQ0khA6RdFzODOMwKo9XXu7fuewnnkHykUtuKru8s=
+github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b/go.mod h1:ewlIKbKV8l+jCj8rkdXIs361ocR5x3qGyoCSca47Gx8=
 github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5 h1:lwgTsTy18nYqASnH58qyfRW/ldj7Gt2zzBvgYPzdA4s=
 github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
 github.com/wagoodman/jotframe v0.0.0-20211129225309-56b0d0a4aebb h1:Yz6VVOcLuWLAHYlJzTw7JKnWxdV/WXpug2X0quEzRnY=

diff --git a/grype/db/curator_test.go b/grype/db/curator_test.go
@@ -21,22 +21,22 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/wagoodman/go-progress"
 
-	"github.com/anchore/grype/internal"
 	"github.com/anchore/grype/internal/file"
+	"github.com/anchore/grype/internal/stringutil"
 )
 
 type testGetter struct {
 	file  map[string]string
 	dir   map[string]string
-	calls internal.StringSet
+	calls stringutil.StringSet
 	fs    afero.Fs
 }
 
 func newTestGetter(fs afero.Fs, f, d map[string]string) *testGetter {
 	return &testGetter{
 		file:  f,
 		dir:   d,
-		calls: internal.NewStringSet(),
+		calls: stringutil.NewStringSet(),
 		fs:    fs,
 	}
 }

diff --git a/grype/db/v1/store/store.go b/grype/db/v1/store/store.go
@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/grype/grype/db/internal/gormadapter"
 	v1 "github.com/anchore/grype/grype/db/v1"
 	"github.com/anchore/grype/grype/db/v1/store/model"
-	"github.com/anchore/grype/internal"
+	"github.com/anchore/grype/internal/stringutil"
 	_ "github.com/anchore/sqlite" // provide the sqlite dialect to gorm via import
 )
 
@@ -172,7 +172,7 @@ func (s *store) AddVulnerabilityMetadata(metadata ...v1.VulnerabilityMetadata) e
 				existing.CvssV3 = m.CvssV3
 			}
 
-			links := internal.NewStringSetFromSlice(existing.Links)
+			links := stringutil.NewStringSetFromSlice(existing.Links)
 			for _, l := range m.Links {
 				links.Add(l)
 			}

diff --git a/grype/db/v2/store/store.go b/grype/db/v2/store/store.go
@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/grype/grype/db/internal/gormadapter"
 	v2 "github.com/anchore/grype/grype/db/v2"
 	"github.com/anchore/grype/grype/db/v2/store/model"
-	"github.com/anchore/grype/internal"
+	"github.com/anchore/grype/internal/stringutil"
 	_ "github.com/anchore/sqlite" // provide the sqlite dialect to gorm via import
 )
 
@@ -171,7 +171,7 @@ func (s *store) AddVulnerabilityMetadata(metadata ...v2.VulnerabilityMetadata) e
 				existing.CvssV3 = m.CvssV3
 			}
 
-			links := internal.NewStringSetFromSlice(existing.Links)
+			links := stringutil.NewStringSetFromSlice(existing.Links)
 			for _, l := range m.Links {
 				links.Add(l)
 			}

diff --git a/grype/db/v3/namespace.go b/grype/db/v3/namespace.go
@@ -6,8 +6,8 @@ import (
 
 	"github.com/anchore/grype/grype/distro"
 	"github.com/anchore/grype/grype/pkg"
-	"github.com/anchore/grype/internal"
 	"github.com/anchore/grype/internal/log"
+	"github.com/anchore/grype/internal/stringutil"
 	packageurl "github.com/anchore/packageurl-go"
 	syftPkg "github.com/anchore/syft/syft/pkg"
 )
@@ -110,7 +110,7 @@ func defaultPackageNamer(p pkg.Package) []string {
 }
 
 func githubJavaPackageNamer(p pkg.Package) []string {
-	names := internal.NewStringSet()
+	names := stringutil.NewStringSet()
 
 	// all github advisories are stored by "<group-name>:<artifact-name>"
 	if metadata, ok := p.Metadata.(pkg.JavaMetadata); ok {

diff --git a/grype/db/v3/store/store.go b/grype/db/v3/store/store.go
@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/grype/grype/db/internal/gormadapter"
 	v3 "github.com/anchore/grype/grype/db/v3"
 	"github.com/anchore/grype/grype/db/v3/store/model"
-	"github.com/anchore/grype/internal"
+	"github.com/anchore/grype/internal/stringutil"
 	_ "github.com/anchore/sqlite" // provide the sqlite dialect to gorm via import
 )
 
@@ -179,7 +179,7 @@ func (s *store) AddVulnerabilityMetadata(metadata ...v3.VulnerabilityMetadata) e
 				existing.Cvss = append(existing.Cvss, incomingCvss)
 			}
 
-			links := internal.NewStringSetFromSlice(existing.URLs)
+			links := stringutil.NewStringSetFromSlice(existing.URLs)
 			for _, l := range m.URLs {
 				links.Add(l)
 			}

diff --git a/grype/db/v4/pkg/resolver/java/resolver.go b/grype/db/v4/pkg/resolver/java/resolver.go
@@ -5,8 +5,8 @@ import (
 	"strings"
 
 	grypePkg "github.com/anchore/grype/grype/pkg"
-	"github.com/anchore/grype/internal"
 	"github.com/anchore/grype/internal/log"
+	"github.com/anchore/grype/internal/stringutil"
 	"github.com/anchore/packageurl-go"
 )
 
@@ -18,7 +18,7 @@ func (r *Resolver) Normalize(name string) string {
 }
 
 func (r *Resolver) Resolve(p grypePkg.Package) []string {
-	names := internal.NewStringSet()
+	names := stringutil.NewStringSet()
 
 	// The current default for the Java ecosystem is to use a Maven-like identifier of the form
 	// "<group-name>:<artifact-name>"

diff --git a/grype/db/v4/store/store.go b/grype/db/v4/store/store.go
@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/grype/grype/db/internal/gormadapter"
 	v4 "github.com/anchore/grype/grype/db/v4"
 	"github.com/anchore/grype/grype/db/v4/store/model"
-	"github.com/anchore/grype/internal"
+	"github.com/anchore/grype/internal/stringutil"
 	_ "github.com/anchore/sqlite" // provide the sqlite dialect to gorm via import
 )
 
@@ -189,7 +189,7 @@ func (s *store) AddVulnerabilityMetadata(metadata ...v4.VulnerabilityMetadata) e
 				existing.Cvss = append(existing.Cvss, incomingCvss)
 			}
 
-			links := internal.NewStringSetFromSlice(existing.URLs)
+			links := stringutil.NewStringSetFromSlice(existing.URLs)
 			for _, l := range m.URLs {
 				links.Add(l)
 			}

diff --git a/grype/db/v5/pkg/resolver/java/resolver.go b/grype/db/v5/pkg/resolver/java/resolver.go
@@ -5,8 +5,8 @@ import (
 	"strings"
 
 	grypePkg "github.com/anchore/grype/grype/pkg"
-	"github.com/anchore/grype/internal"
 	"github.com/anchore/grype/internal/log"
+	"github.com/anchore/grype/internal/stringutil"
 	"github.com/anchore/packageurl-go"
 )
 
@@ -18,7 +18,7 @@ func (r *Resolver) Normalize(name string) string {
 }
 
 func (r *Resolver) Resolve(p grypePkg.Package) []string {
-	names := internal.NewStringSet()
+	names := stringutil.NewStringSet()
 
 	// The current default for the Java ecosystem is to use a Maven-like identifier of the form
 	// "<group-name>:<artifact-name>"

diff --git a/grype/db/v5/store/store.go b/grype/db/v5/store/store.go
@@ -10,7 +10,7 @@ import (
 	"github.com/anchore/grype/grype/db/internal/gormadapter"
 	v5 "github.com/anchore/grype/grype/db/v5"
 	"github.com/anchore/grype/grype/db/v5/store/model"
-	"github.com/anchore/grype/internal"
+	"github.com/anchore/grype/internal/stringutil"
 	_ "github.com/anchore/sqlite" // provide the sqlite dialect to gorm via import
 )
 
@@ -207,7 +207,7 @@ func (s *store) AddVulnerabilityMetadata(metadata ...v5.VulnerabilityMetadata) e
 				existing.Cvss = append(existing.Cvss, incomingCvss)
 			}
 
-			links := internal.NewStringSetFromSlice(existing.URLs)
+			links := stringutil.NewStringSetFromSlice(existing.URLs)
 			for _, l := range m.URLs {
 				links.Add(l)
 			}