diff --git a/Taskfile.yaml b/Taskfile.yaml index 2cfc9deeccc..b4221933ab4 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -57,7 +57,8 @@ tasks: - task: check-licenses - task: lint - task: validate-cyclonedx-schema - - task: validate-grype-db-schema +# TODO: while developing v6, we need to disable this check (since v5 and v6 are imported in the same codebase) +# - task: validate-grype-db-schema test: desc: Run all levels of test diff --git a/cmd/grype/cli/commands/db_import.go b/cmd/grype/cli/commands/db_import.go index 43e15cdc886..762b2b1575b 100644 --- a/cmd/grype/cli/commands/db_import.go +++ b/cmd/grype/cli/commands/db_import.go @@ -2,8 +2,6 @@ package commands import ( "fmt" - "github.com/anchore/grype/grype/db/v6/distribution" - "github.com/anchore/grype/grype/db/v6/installation" "path/filepath" "strings" @@ -12,6 +10,8 @@ import ( "github.com/anchore/clio" "github.com/anchore/grype/cmd/grype/cli/options" legacyDistribution "github.com/anchore/grype/grype/db/legacy/distribution" + "github.com/anchore/grype/grype/db/v6/distribution" + "github.com/anchore/grype/grype/db/v6/installation" "github.com/anchore/grype/internal" ) diff --git a/cmd/grype/cli/options/database.go b/cmd/grype/cli/options/database.go index 525868e40e4..df6b10c436e 100644 --- a/cmd/grype/cli/options/database.go +++ b/cmd/grype/cli/options/database.go @@ -1,8 +1,6 @@ package options import ( - "github.com/anchore/grype/grype/db/v6/distribution" - "github.com/anchore/grype/grype/db/v6/installation" "path" "time" @@ -10,6 +8,8 @@ import ( "github.com/anchore/clio" legacyDistribution "github.com/anchore/grype/grype/db/legacy/distribution" + "github.com/anchore/grype/grype/db/v6/distribution" + "github.com/anchore/grype/grype/db/v6/installation" "github.com/anchore/grype/internal" ) @@ -61,7 +61,7 @@ func (cfg Database) ToClientConfig() distribution.Config { LatestURL: cfg.UpdateURL, CACert: cfg.CACert, RequireUpdateCheck: cfg.RequireUpdateCheck, - CheckTimeout: cfg.UpdateAvailableTimeout, // TODO: is this right? + CheckTimeout: cfg.UpdateAvailableTimeout, UpdateTimeout: cfg.UpdateDownloadTimeout, } } diff --git a/grype/db/v6/description_test.go b/grype/db/v6/description_test.go index 2987eadee8c..6fca037ed3e 100644 --- a/grype/db/v6/description_test.go +++ b/grype/db/v6/description_test.go @@ -2,8 +2,6 @@ package v6 import ( "encoding/json" - "fmt" - "io" "os" "path" "path/filepath" @@ -11,17 +9,15 @@ import ( "testing" "time" - "github.com/OneOfOne/xxhash" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/anchore/grype/grype/db/internal/schemaver" ) -func TestNewDatabaseDescriptionFromDir(t *testing.T) { +func TestReadDescription(t *testing.T) { tempDir := t.TempDir() - // make a test DB s, err := NewWriter(Config{DBDirPath: tempDir}) require.NoError(t, err) require.NoError(t, s.SetDBMetadata()) @@ -29,26 +25,15 @@ func TestNewDatabaseDescriptionFromDir(t *testing.T) { require.NoError(t, err) require.NoError(t, s.Close()) - // get the xxhash of the db file - hasher := xxhash.New64() dbFilePath := path.Join(tempDir, VulnerabilityDBFileName) - f, err := os.Open(dbFilePath) - require.NoError(t, err) - _, err = io.Copy(hasher, f) - require.NoError(t, err) - require.NoError(t, f.Close()) - expectedHash := fmt.Sprintf("xxh64:%x", hasher.Sum(nil)) - // run the test subject - description, err := CalculateDescription(dbFilePath) + description, err := ReadDescription(dbFilePath) require.NoError(t, err) require.NotNil(t, description) - // did it work? assert.Equal(t, Description{ SchemaVersion: schemaver.New(expected.Model, expected.Revision, expected.Addition), Built: Time{*expected.BuildTimestamp}, - Checksum: expectedHash, }, *description) } @@ -131,30 +116,23 @@ func TestTime_JSONUnmarshalling(t *testing.T) { func TestWriteChecksums(t *testing.T) { cases := []struct { - name string - description Description - expected string - wantErr require.ErrorAssertionFunc + name string + digest string + expected string + wantErr require.ErrorAssertionFunc }{ { - name: "go case", - description: Description{ - SchemaVersion: "1.0.0", - Built: Time{Time: time.Date(2023, 9, 26, 12, 2, 3, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", - }, + name: "go case", + digest: "xxh64:dummychecksum", expected: "xxh64:dummychecksum", }, { - name: "empty checksum", - description: Description{}, - wantErr: require.Error, + name: "empty checksum", + wantErr: require.Error, }, { - name: "missing prefix", - description: Description{ - Checksum: "dummychecksum", - }, + name: "missing prefix", + digest: "dummychecksum", wantErr: require.Error, }, } @@ -165,7 +143,7 @@ func TestWriteChecksums(t *testing.T) { tc.wantErr = require.NoError } sb := strings.Builder{} - err := WriteChecksums(&sb, tc.description) + err := WriteChecksums(&sb, tc.digest) tc.wantErr(t, err) if err == nil { assert.Equal(t, tc.expected, sb.String()) @@ -174,74 +152,6 @@ func TestWriteChecksums(t *testing.T) { } } -func TestReadDescriptionAndCalculateDescription(t *testing.T) { - tests := []struct { - name string - setupFiles func(t testing.TB, dir string) error - expectedErr string - }{ - { - name: "database file missing", - setupFiles: func(t testing.TB, dir string) error { - return nil - }, - expectedErr: "database does not exist", - }, - { - name: "checksum file missing", - setupFiles: func(t testing.TB, dir string) error { - s := setupTestStore(t, dir) - require.NoError(t, s.SetDBMetadata()) - // since we don't close, there is no checksums - return nil - }, - expectedErr: "failed to read checksums file", - }, - { - name: "checksum file empty", - setupFiles: func(t testing.TB, dir string) error { - s := setupTestStore(t, dir) - require.NoError(t, s.SetDBMetadata()) - require.NoError(t, s.Close()) - // truncate the checksums file - require.NoError(t, os.Truncate(filepath.Join(dir, ChecksumFileName), 0)) - return nil - }, - expectedErr: "checksums file is empty", - }, - { - name: "valid database", - setupFiles: func(t testing.TB, dir string) error { - s := setupTestStore(t, dir) - require.NoError(t, s.SetDBMetadata()) - require.NoError(t, s.Close()) - return nil - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - dir := t.TempDir() - err := tt.setupFiles(t, dir) - require.NoError(t, err) - - desc, err := ReadDescription(dir) - - if tt.expectedErr != "" { - require.ErrorContains(t, err, tt.expectedErr) - require.Nil(t, desc) - } else { - require.NoError(t, err) - require.NotNil(t, desc) - calcDesc, err := CalculateDescription(filepath.Join(dir, VulnerabilityDBFileName)) - require.NoError(t, err) - assert.Equal(t, calcDesc, desc) - } - }) - } -} - func TestReadDBChecksum(t *testing.T) { tests := []struct { name string diff --git a/grype/db/v6/distribution/client_test.go b/grype/db/v6/distribution/client_test.go index f79a8cbc1c6..d96fb44d81b 100644 --- a/grype/db/v6/distribution/client_test.go +++ b/grype/db/v6/distribution/client_test.go @@ -27,13 +27,11 @@ func TestClient_LatestFromURL(t *testing.T) { name: "go case", setupServer: func() *httptest.Server { doc := LatestDocument{ - SchemaVersion: "1.0.0", - Status: "active", + Status: "active", Archive: Archive{ Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 26, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive", Checksum: "checksum123", @@ -49,13 +47,11 @@ func TestClient_LatestFromURL(t *testing.T) { })) }, expectedDoc: &LatestDocument{ - SchemaVersion: "1.0.0", - Status: "active", + Status: "active", Archive: Archive{ Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 26, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive", Checksum: "checksum123", @@ -193,13 +189,11 @@ func TestClient_IsUpdateAvailable(t *testing.T) { { name: "update available", candidate: &LatestDocument{ - SchemaVersion: "1.0.0", - Status: StatusActive, + Status: StatusActive, Archive: Archive{ Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 27, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", @@ -209,7 +203,6 @@ func TestClient_IsUpdateAvailable(t *testing.T) { Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 27, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", @@ -218,13 +211,11 @@ func TestClient_IsUpdateAvailable(t *testing.T) { { name: "no update available", candidate: &LatestDocument{ - SchemaVersion: "1.0.0", - Status: "active", + Status: "active", Archive: Archive{ Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 26, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", @@ -240,13 +231,11 @@ func TestClient_IsUpdateAvailable(t *testing.T) { { name: "candidate deprecated", candidate: &LatestDocument{ - SchemaVersion: "1.0.0", - Status: StatusDeprecated, + Status: StatusDeprecated, Archive: Archive{ Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 27, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", @@ -256,7 +245,6 @@ func TestClient_IsUpdateAvailable(t *testing.T) { Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 27, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", @@ -266,13 +254,11 @@ func TestClient_IsUpdateAvailable(t *testing.T) { { name: "candidate end of life", candidate: &LatestDocument{ - SchemaVersion: "1.0.0", - Status: StatusEndOfLife, + Status: StatusEndOfLife, Archive: Archive{ Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 27, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", @@ -282,7 +268,6 @@ func TestClient_IsUpdateAvailable(t *testing.T) { Description: db.Description{ SchemaVersion: "1.0.0", Built: db.Time{Time: time.Date(2023, 9, 27, 12, 0, 0, 0, time.UTC)}, - Checksum: "xxh64:dummychecksum", }, Path: "path/to/archive.tar.gz", Checksum: "checksum123", diff --git a/grype/db/v6/distribution/latest.go b/grype/db/v6/distribution/latest.go index e0b4b545349..b8e432913e2 100644 --- a/grype/db/v6/distribution/latest.go +++ b/grype/db/v6/distribution/latest.go @@ -3,12 +3,13 @@ package distribution import ( "encoding/json" "fmt" - "github.com/mholt/archiver/v3" "io" "os" "path/filepath" "sort" + "github.com/mholt/archiver/v3" + db "github.com/anchore/grype/grype/db/v6" ) @@ -35,17 +36,24 @@ type Archive struct { } func NewLatestDocument(entries ...Archive) *LatestDocument { - if len(entries) == 0 { + var validEntries []Archive + for _, entry := range entries { + if modelPart, ok := entry.SchemaVersion.ModelPart(); ok && modelPart == db.ModelVersion { + validEntries = append(validEntries, entry) + } + } + + if len(validEntries) == 0 { return nil } // sort from most recent to the least recent - sort.SliceStable(entries, func(i, j int) bool { - return entries[i].Description.Built.After(entries[j].Description.Built.Time) + sort.SliceStable(validEntries, func(i, j int) bool { + return validEntries[i].Description.Built.After(entries[j].Description.Built.Time) }) return &LatestDocument{ - Archive: entries[0], + Archive: validEntries[0], Status: LifecycleStatus, } } diff --git a/grype/db/v6/distribution/latest_test.go b/grype/db/v6/distribution/latest_test.go index b13210e48c6..e4d7e1c56ef 100644 --- a/grype/db/v6/distribution/latest_test.go +++ b/grype/db/v6/distribution/latest_test.go @@ -17,12 +17,14 @@ func TestNewLatestDocument(t *testing.T) { t.Run("valid entries", func(t *testing.T) { archive1 := Archive{ Description: db.Description{ - Built: db.Time{Time: time.Now()}, + SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), + Built: db.Time{Time: time.Now()}, }, } archive2 := Archive{ Description: db.Description{ - Built: db.Time{Time: time.Now().Add(-1 * time.Hour)}, + SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), + Built: db.Time{Time: time.Now().Add(-1 * time.Hour)}, }, } @@ -34,6 +36,28 @@ func TestNewLatestDocument(t *testing.T) { require.Equal(t, actual, db.ModelVersion) }) + t.Run("filter entries", func(t *testing.T) { + archive1 := Archive{ + Description: db.Description{ + SchemaVersion: schemaver.New(5, db.Revision, db.Addition), // old! + Built: db.Time{Time: time.Now()}, + }, + } + archive2 := Archive{ + Description: db.Description{ + SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), + Built: db.Time{Time: time.Now().Add(-1 * time.Hour)}, + }, + } + + latestDoc := NewLatestDocument(archive1, archive2) + require.NotNil(t, latestDoc) + require.Equal(t, latestDoc.Archive, archive2) // most recent archive with valid version + actual, ok := latestDoc.SchemaVersion.ModelPart() + require.True(t, ok) + require.Equal(t, actual, db.ModelVersion) + }) + t.Run("no entries", func(t *testing.T) { latestDoc := NewLatestDocument() require.Nil(t, latestDoc) @@ -43,7 +67,6 @@ func TestNewLatestDocument(t *testing.T) { func TestNewLatestFromReader(t *testing.T) { t.Run("valid JSON", func(t *testing.T) { latestDoc := LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Archive: Archive{ Description: db.Description{ Built: db.Time{Time: time.Now().Truncate(time.Second).UTC()}, @@ -87,15 +110,13 @@ func TestLatestDocument_Write(t *testing.T) { { name: "valid document", latestDoc: LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Archive: Archive{ Description: db.Description{ Built: now, - Checksum: "xxh64:validchecksum", SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), }, Path: "valid/path/to/archive", - Checksum: "xxh64:validchecksum", + Checksum: "sha256:validchecksum", }, // note: status not supplied, should assume to be active }, @@ -104,11 +125,9 @@ func TestLatestDocument_Write(t *testing.T) { { name: "explicit status", latestDoc: LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Archive: Archive{ Description: db.Description{ Built: now, - Checksum: "xxh64:validchecksum", SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), }, Path: "valid/path/to/archive", @@ -123,9 +142,7 @@ func TestLatestDocument_Write(t *testing.T) { latestDoc: LatestDocument{ Archive: Archive{ Description: db.Description{ - Built: now, - Checksum: "xxh64:validchecksum", - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), + Built: now, }, Path: "valid/path/to/archive", Checksum: "xxh64:validchecksum", @@ -137,11 +154,9 @@ func TestLatestDocument_Write(t *testing.T) { { name: "missing archive path", latestDoc: LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Archive: Archive{ Description: db.Description{ Built: now, - Checksum: "xxh64:validchecksum", SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), }, Path: "", // this! @@ -154,11 +169,9 @@ func TestLatestDocument_Write(t *testing.T) { { name: "missing archive checksum", latestDoc: LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Archive: Archive{ Description: db.Description{ Built: now, - Checksum: "xxh64:validchecksum", SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), }, Path: "valid/path/to/archive", @@ -171,11 +184,9 @@ func TestLatestDocument_Write(t *testing.T) { { name: "missing built time", latestDoc: LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Archive: Archive{ Description: db.Description{ Built: db.Time{}, // this! - Checksum: "xxh64:validchecksum", SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), }, Path: "valid/path/to/archive", @@ -185,23 +196,6 @@ func TestLatestDocument_Write(t *testing.T) { }, expectedError: errContains("missing built time"), }, - { - name: "missing database checksum", - latestDoc: LatestDocument{ - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), - Archive: Archive{ - Description: db.Description{ - Built: now, - Checksum: "", // this! - SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), - }, - Path: "valid/path/to/archive", - Checksum: "xxh64:validchecksum", - }, - Status: "active", - }, - expectedError: errContains("missing database checksum"), - }, } for _, tt := range tests { @@ -219,10 +213,8 @@ func TestLatestDocument_Write(t *testing.T) { var result LatestDocument assert.NoError(t, json.Unmarshal(buf.Bytes(), &result)) assert.Equal(t, tt.latestDoc.SchemaVersion, result.SchemaVersion, "schema version mismatch") - assert.Empty(t, result.Archive.Description.SchemaVersion, "nested schema version should be empty") assert.Equal(t, tt.latestDoc.Archive.Checksum, result.Archive.Checksum, "archive checksum mismatch") assert.Equal(t, tt.latestDoc.Archive.Description.Built.Time, result.Archive.Description.Built.Time, "built time mismatch") - assert.Equal(t, tt.latestDoc.Archive.Description.Checksum, result.Archive.Description.Checksum, "database checksum mismatch") assert.Equal(t, tt.latestDoc.Archive.Path, result.Archive.Path, "path mismatch") if tt.latestDoc.Status == "" { assert.Equal(t, StatusActive, result.Status, "status mismatch") diff --git a/grype/db/v6/installation/curator.go b/grype/db/v6/installation/curator.go index a329e9d46f3..05b66210d84 100644 --- a/grype/db/v6/installation/curator.go +++ b/grype/db/v6/installation/curator.go @@ -2,7 +2,6 @@ package installation import ( "fmt" - "github.com/hashicorp/go-multierror" "os" "path" "path/filepath" @@ -11,6 +10,7 @@ import ( "github.com/adrg/xdg" "github.com/hako/durafmt" + "github.com/hashicorp/go-multierror" "github.com/mholt/archiver/v3" "github.com/spf13/afero" "github.com/wagoodman/go-partybus" @@ -105,11 +105,12 @@ func (c curator) Status() db.Status { var persistentErr error digest, persistentErr := db.CalculateDBDigest(c.config.DBFilePath()) - if valiadateErr := c.validate(); valiadateErr != nil { + if validateErr := c.validate(); validateErr != nil { if persistentErr != nil { - persistentErr = multierror.Append(persistentErr, valiadateErr) + persistentErr = multierror.Append(persistentErr, validateErr) + } else { + persistentErr = validateErr } - persistentErr = valiadateErr } return db.Status{ @@ -348,7 +349,7 @@ func (c curator) validateIntegrity(dbFilePath string) (*db.Description, error) { return nil, fmt.Errorf("database not found: %s", dbFilePath) } - digest, err := db.CalculateDBDigest(c.config.DBFilePath()) + digest, err := db.ReadDBChecksum(filepath.Dir(dbFilePath)) if err != nil { return nil, err } diff --git a/grype/db/v6/installation/curator_test.go b/grype/db/v6/installation/curator_test.go index 55d77fee568..549e2455107 100644 --- a/grype/db/v6/installation/curator_test.go +++ b/grype/db/v6/installation/curator_test.go @@ -81,12 +81,13 @@ func setupCuratorForUpdate(t *testing.T, opts ...setupOption) curator { oldDescription := db.Description{ SchemaVersion: schemaver.New(db.ModelVersion, db.Revision, db.Addition), Built: db.Time{Time: time.Now().Add(-48 * time.Hour)}, - Checksum: writeTestDB(t, c.fs, dbDir), } + writeTestDB(t, c.fs, dbDir) newDescription := oldDescription newDescription.Built = db.Time{Time: time.Now()} - newDescription.Checksum = writeTestDB(t, c.fs, stageDir) + + writeTestDB(t, c.fs, stageDir) writeTestDescriptionToDB(t, dbDir, oldDescription) writeTestDescriptionToDB(t, stageDir, newDescription) @@ -487,9 +488,8 @@ func TestCurator_ValidateIntegrity(t *testing.T) { t.Run("valid metadata with correct checksum", func(t *testing.T) { c := newCurator(t) - dbDir := c.config.DBDirectoryPath() - result, err := c.validateIntegrity(dbDir) + result, err := c.validateIntegrity(c.config.DBFilePath()) require.NoError(t, err) require.NotNil(t, result) }) @@ -505,7 +505,7 @@ func TestCurator_ValidateIntegrity(t *testing.T) { c := newCurator(t) dbDir := c.config.DBDirectoryPath() require.NoError(t, os.Remove(filepath.Join(dbDir, db.ChecksumFileName))) - _, err := c.validateIntegrity(dbDir) + _, err := c.validateIntegrity(c.config.DBFilePath()) require.ErrorContains(t, err, "no such file or directory") }) @@ -515,13 +515,12 @@ func TestCurator_ValidateIntegrity(t *testing.T) { writeTestChecksumsFile(t, c.fs, dbDir, "xxh64:invalidchecksum") - _, err := c.validateIntegrity(dbDir) + _, err := c.validateIntegrity(c.config.DBFilePath()) require.ErrorContains(t, err, "bad db checksum") }) t.Run("unsupported database version", func(t *testing.T) { c := newCurator(t) - dbDir := c.config.DBDirectoryPath() oldDescription := db.Description{ SchemaVersion: schemaver.New(db.ModelVersion-1, 0, 0), @@ -530,7 +529,7 @@ func TestCurator_ValidateIntegrity(t *testing.T) { writeTestDescriptionToDB(t, c.config.DBDirectoryPath(), oldDescription) - _, err := c.validateIntegrity(dbDir) + _, err := c.validateIntegrity(c.config.DBFilePath()) require.ErrorContains(t, err, "unsupported database version") }) } diff --git a/grype/db/v6/internal/db.go b/grype/db/v6/internal/db.go index c58b816a846..8f288d37ff1 100644 --- a/grype/db/v6/internal/db.go +++ b/grype/db/v6/internal/db.go @@ -14,7 +14,7 @@ func NewDB(dbFilePath string, models []any, truncate bool) (*gorm.DB, error) { return nil, err } - if len(models) > 0 { + if len(models) > 0 && truncate { if err := db.AutoMigrate(models...); err != nil { return nil, fmt.Errorf("unable to create tables: %w", err) }