go mod and v3

clair/api.go

@@ -10,9 +10,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/coreos/clair/api/v3/clairpb"
-	"github.com/optiopay/klar/docker"
-	"github.com/optiopay/klar/utils"
+	"github.com/optiopay/klar/v3/docker"
+	"github.com/optiopay/klar/v3/utils"
+	"github.com/quay/clair/v3/api/v3/clairpb"
 	"google.golang.org/grpc"
 )
 
@@ -170,26 +170,26 @@ func newLayerV3(image *docker.Image, index int) *clairpb.PostAncestryRequest_Pos
 
 func (a *apiV3) Analyze(image *docker.Image) ([]*Vulnerability, error) {
 	req := &clairpb.GetAncestryRequest{
-		AncestryName:        image.Name,
-		WithFeatures:        true,
-		WithVulnerabilities: true,
+		AncestryName: image.Name,
 	}
 
 	resp, err := a.client.GetAncestry(context.Background(), req)
 	if err != nil {
 		return nil, err
 	}
 	var vs []*Vulnerability
-	for _, f := range resp.Ancestry.Features {
-		for _, v := range f.Vulnerabilities {
-			cv := convertVulnerability(v)
-			cv.FeatureName = f.Name
-			cv.FeatureVersion = f.Version
-			//the for loop uses the same variable for "cv", reloading with new values
-			//since we are appending a pointer to the variable to the slice, we need to create a copy of the struct
-			//otherwise the slice winds up with multiple pointers to the same struct
-			vulnerability := cv
-			vs = append(vs, vulnerability)
+	for _, l := range resp.Ancestry.Layers {
+		for _, f := range l.DetectedFeatures {
+			for _, v := range f.Vulnerabilities {
+				cv := convertVulnerability(v)
+				cv.FeatureName = f.Name
+				cv.FeatureVersion = f.Version
+				//the for loop uses the same variable for "cv", reloading with new values
+				//since we are appending a pointer to the variable to the slice, we need to create a copy of the struct
+				//otherwise the slice winds up with multiple pointers to the same struct
+				vulnerability := cv
+				vs = append(vs, vulnerability)
+			}
 		}
 	}
 	return vs, nil

clair/clair.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/optiopay/klar/docker"
+	"github.com/optiopay/klar/v3/docker"
 )
 
 const EMPTY_LAYER_BLOB_SUM = "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"

clair/clair_test.go

@@ -13,8 +13,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/coreos/clair/api/v3/clairpb"
-	"github.com/optiopay/klar/docker"
+	"github.com/optiopay/klar/v3/docker"
+	"github.com/quay/clair/v3/api/v3/clairpb"
 	"google.golang.org/grpc"
 )
 

docker/docker.go

@@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/optiopay/klar/utils"
+	"github.com/optiopay/klar/v3/utils"
 )
 
 const (

format.go

@@ -6,7 +6,7 @@ import (
 	"os"
 
 	"github.com/olekukonko/tablewriter"
-	"github.com/optiopay/klar/clair"
+	"github.com/optiopay/klar/v3/clair"
 )
 
 var SeverityStyle = map[string]string{
@@ -67,7 +67,10 @@ func jsonFormat(conf *config, output jsonOutput) int {
 		output.Vulnerabilities[sev] = store[sev]
 	})
 	enc := json.NewEncoder(os.Stdout)
-	enc.Encode(output)
+	err := enc.Encode(output)
+	if err != nil {
+		panic(err)
+	}
 
 	return vsNumber
 }

go.mod

@@ -0,0 +1,13 @@
+module github.com/optiopay/klar/v3
+
+go 1.13
+
+require (
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
+	github.com/olekukonko/tablewriter v0.0.3
+	github.com/quay/clair/v3 v3.0.0-pre1
+	golang.org/x/text v0.1.1-0.20171130091538-75cc3cad82b5 // indirect
+	google.golang.org/genproto v0.0.0-20171123000638-7f0da29060c6 // indirect
+	google.golang.org/grpc v1.2.1-0.20171128224143-a62701e4aa1d
+	gopkg.in/yaml.v2 v2.2.7
+)

go.sum

@@ -0,0 +1,62 @@
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/cockroachdb/cmux v0.0.0-20170110192607-30d10be49292/go.mod h1:qRiX68mZX1lGBkTWyp3CLcenw9I94W2dLeRvMzcn9N4=
+github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
+github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
+github.com/fernet/fernet-go v0.0.0-20151007213151-1b2437bc582b h1:QqmfGmPkAbYcqM0YdHOS8JxqRJqEx+0rxjYZ1OiP6aw=
+github.com/fernet/fernet-go v0.0.0-20151007213151-1b2437bc582b/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/uuid v1.1.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grpc-ecosystem/go-grpc-prometheus v0.0.0-20170330212424-2500245aa611/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.2.3-0.20170531022852-2a40dd79571b h1:Lwn5jbvdJ021rEQHL4XuLGMOlwTYL/1Zf5NSBcrnyZA=
+github.com/grpc-ecosystem/grpc-gateway v1.2.3-0.20170531022852-2a40dd79571b/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/guregu/null v3.4.0+incompatible/go.mod h1:ePGpQaN9cw0tj45IR5E5ehMvsFlLlQZAkkOXZurJ3NM=
+github.com/hashicorp/golang-lru v0.0.0-20160813221303-0a025b7e63ad/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/lib/pq v0.0.0-20170603225454-8837942c3e09/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/mattn/go-runewidth v0.0.6 h1:V2iyH+aX9C5fsYCpK60U8BYIvmhqxuOL3JZcqc1NB7k=
+github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/olekukonko/tablewriter v0.0.3 h1:i0LBnzgiChAWHJYTQAZJDOgf8MNxAVYZJ2m63SIDimI=
+github.com/olekukonko/tablewriter v0.0.3/go.mod h1:YZeBtGzYYEsCHp2LST/u/0NDwGkRoBtmn1cIWCJiS6M=
+github.com/pborman/uuid v0.0.0-20180906182336-adf5a7427709/go.mod h1:VyrYX9gd7irzKovcSS6BIIEwPRkP2Wm2m9ufcdFSJ34=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/quay/clair/v3 v3.0.0-pre1 h1:4Hr0dAiiV658SRwCXzxribND1Pk8dqfkqFJUCmTBu2A=
+github.com/quay/clair/v3 v3.0.0-pre1/go.mod h1:mxm1fUnEQzOCxH0qVgK9H53qcYrjREdTRa0e9s8bXjU=
+github.com/remind101/migrate v0.0.0-20160423010909-d22d647232c2/go.mod h1:rhSvwcijY9wfmrBYrfCvapX8/xOTV46NAUjBRgUyJqc=
+github.com/sirupsen/logrus v0.11.5 h1:X30KsLZ9eg2X2fViSIWKcjKTdyYnmFZHlfxEdvW34Gc=
+github.com/sirupsen/logrus v0.11.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
+github.com/stretchr/testify v1.1.4 h1:ToftOQTytwshuOSj6bDSolVUa3GINfJP/fg3OkkOzQQ=
+github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc h1:a3CU5tJYVj92DY2LaA1kUkrsqD5/3mLDhx2NcNqyW+0=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20170529185110-b90f89a1e7a9 h1:wFe/9vW2TmDagagfMeC56pEcmhyMWEqvuwE9CDAePNo=
+golang.org/x/sys v0.0.0-20170529185110-b90f89a1e7a9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.0.0-20170603003618-ccbd3f782212/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.1.1-0.20171130091538-75cc3cad82b5 h1:aEepUAP0UJrc79WFgCvScx6LTWl0a0GkFsaDJFenpSI=
+golang.org/x/text v0.1.1-0.20171130091538-75cc3cad82b5/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+google.golang.org/genproto v0.0.0-20170531203552-aa2eb687b4d3/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20171123000638-7f0da29060c6 h1:XeDyj3T04lzu7D0EITpYMEKgsJiArG/gOU8v7bom7ys=
+google.golang.org/genproto v0.0.0-20171123000638-7f0da29060c6/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/grpc v1.2.1-0.20170605172541-8de2dff78c3b/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.2.1-0.20171128224143-a62701e4aa1d h1:DgGXnDUQ9RTfx/rUByVZ/FgCv+UcyzPWsrMDmtzMYd4=
+google.golang.org/grpc v1.2.1-0.20171128224143-a62701e4aa1d/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

klar.go

@@ -8,20 +8,20 @@ import (
 	"strings"
 	"time"
 
-	"github.com/optiopay/klar/clair"
-	"github.com/optiopay/klar/docker"
-	"github.com/optiopay/klar/utils"
+	"github.com/optiopay/klar/v3/clair"
+	"github.com/optiopay/klar/v3/docker"
+	"github.com/optiopay/klar/v3/utils"
 
 	"gopkg.in/yaml.v2"
 )
 
-//Used to represent the structure of the whitelist YAML file
+// Used to represent the structure of the whitelist YAML file
 type vulnerabilitiesWhitelistYAML struct {
 	General []string
 	Images  map[string][]string
 }
 
-//Map structure used for ease of searching for whitelisted vulnerabilites
+// Map structure used for ease of searching for whitelisted vulnerabilities
 type vulnerabilitiesWhitelist struct {
 	General map[string]bool            //key: CVE and value: true
 	Images  map[string]map[string]bool //key: image name and value: [key: CVE and value: true]
@@ -98,9 +98,9 @@ func parseFormatTypes() (string, error) {
 	if formatOutputEnv != "" {
 		output := strings.ToLower(formatOutputEnv)
 		correct := false
-		for _, stlye := range formatTypes {
-			if stlye == output {
-				formatStyle = stlye
+		for _, style := range formatTypes {
+			if style == output {
+				formatStyle = style
 				correct = true
 				break
 			}

main.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/optiopay/klar/clair"
-	"github.com/optiopay/klar/docker"
+	"github.com/optiopay/klar/v3/clair"
+	"github.com/optiopay/klar/v3/docker"
 )
 
 var store = make(map[string][]*clair.Vulnerability)
@@ -129,7 +129,7 @@ func vulnsBy(sev string, store map[string][]*clair.Vulnerability) []*clair.Vulne
 	return items
 }
 
-//Filter out whitelisted vulnerabilites
+// Filter out whitelisted vulnerabilities
 func filterWhitelist(whitelist *vulnerabilitiesWhitelist, vs []*clair.Vulnerability, imageName string) []*clair.Vulnerability {
 	generalWhitelist := whitelist.General
 	imageWhitelist := whitelist.Images

main_test.go

@@ -5,7 +5,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/optiopay/klar/clair"
+	"github.com/optiopay/klar/v3/clair"
 )
 
 func TestFilterWhitelist(t *testing.T) {
@@ -27,10 +27,10 @@ func TestFilterWhitelist(t *testing.T) {
 
 	filtered := filterWhitelist(whitelist, vs, image)
 	if !reflect.DeepEqual(filtered, expected) {
-		t.Fatalf("Actual filtered vulnerabilities %s did not match expected ones %s.", filtered, expected)
+		t.Fatalf("Actual filtered vulnerabilities %v did not match expected ones %v.", filtered, expected)
 	}
-
 }
+
 func mockVulnerability(name string) *clair.Vulnerability {
-	return &clair.Vulnerability{name, "", "", "", "", nil, "", nil, "", ""}
+	return new(clair.Vulnerability)
 }