fix: update grype

Signed-off-by: Christian Kotzbauer <[email protected]>
ckotzbauer · Jul 10, 2022 · cf5da1c · cf5da1c
1 parent 287cb4e
commit cf5da1c
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 26 deletions.
diff --git a/go.sum b/go.sum
@@ -245,20 +245,14 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 h1:VzprUTpc0v
 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK64g27Qi1qGQZ67gFmBFvEHScy0/C8qhQhNe5B5pQ=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE+o2gozGEBoUMpX27lsku+xrMwlmBZJtbg=
 github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype v0.40.1 h1:LsNyNXJm8H7wfHEOs95Ruv/korFsqN4Aus5PRt2HaI0=
-github.com/anchore/grype v0.40.1/go.mod h1:32aRs3+q+pw09lvrvLQS1zgjrKt7WnXv7eGFv62cyYE=
 github.com/anchore/grype v0.41.0 h1:u+sX0x2Defk9P7xyhLnb/e03Wv29sIcZuvoto7lSEJQ=
 github.com/anchore/grype v0.41.0/go.mod h1:lrJcXYB6JA09T8whILPLBOQ7EcdF7grWVZvEJnhzqkw=
 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7 h1:kDrYkTSM9uIxaX/P9s0F4nKYNM+hnSgLJdLpqvsaQ/g=
 github.com/anchore/packageurl-go v0.1.1-0.20220428202044-a072fa3cb6d7/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
 github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963 h1:vrf2PYH77vqVJoNR15ZuFJ63qwBMqrmGIt/7VsBhLF8=
 github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963/go.mod h1:AVRyXOUP0hTz9Cb8OlD1XnwA8t4lBPfTuwPHmEUuiLc=
-github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06 h1:TSRA7gtuia3eyleTO3t7iPU+9xHbdSaufoUFNQUwUXo=
-github.com/anchore/stereoscope v0.0.0-20220616165231-b0fd10fdee06/go.mod h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI=
 github.com/anchore/stereoscope v0.0.0-20220628191509-5bd627c0f9ce h1:KNB0d342QvE6V7iwqyf4NoyxRp6LVYoGjU1htgf0at8=
 github.com/anchore/stereoscope v0.0.0-20220628191509-5bd627c0f9ce/go.mod h1:sai2ZjAtT/y1GRQBDRbynhdhnQcGWBvVcv8CN3hTWmI=
-github.com/anchore/syft v0.49.0 h1:C+ol3K5K1UDgzRAAdHt+dWglex9lAV+JQMotM10HR0s=
-github.com/anchore/syft v0.49.0/go.mod h1:bo4IP6CDEnITW3WDy0Sefyg0GpvRPPcmkzB4cLGkcqs=
 github.com/anchore/syft v0.50.0 h1:gCLnnpQGX06ATVtaRNnA5M9Cn6hodq7YfOkpFwTElEk=
 github.com/anchore/syft v0.50.0/go.mod h1:suElXOFuhOBa76Xd+EVZQw2RZvnHvp+yIyg6IdTCzvs=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=

diff --git a/internal/vuln/grype/grype.go b/internal/vuln/grype/grype.go
@@ -6,10 +6,11 @@ import (
 
 	"github.com/anchore/grype/grype"
 	"github.com/anchore/grype/grype/db"
-	v3 "github.com/anchore/grype/grype/db/v3"
+	v4 "github.com/anchore/grype/grype/db/v4"
 	"github.com/anchore/grype/grype/match"
 	"github.com/anchore/grype/grype/matcher"
 	"github.com/anchore/grype/grype/pkg"
+	"github.com/anchore/grype/grype/store"
 	"github.com/anchore/grype/grype/vulnerability"
 	"github.com/anchore/syft/syft/pkg/cataloger"
 	"github.com/ckotzbauer/libk8soci/pkg/oci"
@@ -20,13 +21,12 @@ import (
 )
 
 type Grype struct {
-	provider         vulnerability.Provider
-	metadataProvider vulnerability.MetadataProvider
-	kubeClient       *kubernetes.KubeClient
-	config           grypeConfig
-	relatedEntries   map[string]string
-	onlyFixed        bool
-	minSeverity      string
+	store          *store.Store
+	kubeClient     *kubernetes.KubeClient
+	config         grypeConfig
+	relatedEntries map[string]string
+	onlyFixed      bool
+	minSeverity    string
 }
 
 type grypeConfig struct {
@@ -65,7 +65,7 @@ func New(grypeConfigFile, minSeverity string, onlyFixed, withoutK8s bool) (Grype
 	}
 
 	logrus.Debug("Load vulnerability database")
-	provider, metadataProvider, dbStatus, err := grype.LoadVulnerabilityDB(config, true)
+	store, dbStatus, err := grype.LoadVulnerabilityDB(config, true)
 	if err = validateDBLoad(err, dbStatus); err != nil {
 		logrus.Error(err)
 		return Grype{}, err
@@ -78,13 +78,12 @@ func New(grypeConfigFile, minSeverity string, onlyFixed, withoutK8s bool) (Grype
 	}
 
 	return Grype{
-		provider:         provider,
-		metadataProvider: metadataProvider,
-		kubeClient:       client,
-		config:           grypeCfg,
-		minSeverity:      minSeverity,
-		onlyFixed:        onlyFixed,
-		relatedEntries:   map[string]string{},
+		store:          store,
+		kubeClient:     client,
+		config:         grypeCfg,
+		minSeverity:    minSeverity,
+		onlyFixed:      onlyFixed,
+		relatedEntries: map[string]string{},
 	}, nil
 }
 
@@ -112,7 +111,7 @@ func (s *Grype) ScanItem(item source.ScanItem) ([]Vulnerability, error) {
 
 	matchers := matcher.NewDefaultMatchers(matcher.Config{})
 
-	allMatches := grype.FindVulnerabilitiesForPackage(s.provider, context.Distro, matchers, packages)
+	allMatches := grype.FindVulnerabilitiesForPackage(*s.store, context.Distro, matchers, packages)
 	remainingMatches, _ := match.ApplyIgnoreRules(allMatches, s.config.Ignore)
 	vulns := s.buildVulnerabilities(remainingMatches, item.ImageId())
 	return s.filterVulnerabilities(vulns), nil
@@ -162,13 +161,13 @@ func (s *Grype) buildVulnerabilities(matches match.Matches, imageID string) []Vu
 	vulnerabilities := make([]Vulnerability, 0)
 
 	for m := range matches.Enumerate() {
-		metadata, err := s.metadataProvider.GetMetadata(m.Vulnerability.ID, m.Vulnerability.Namespace)
+		metadata, err := s.store.GetMetadata(m.Vulnerability.ID, m.Vulnerability.Namespace)
 		if err != nil {
 			continue
 		}
 
 		fixedIn := []string{}
-		if m.Vulnerability.Fix.State == v3.FixedState {
+		if m.Vulnerability.Fix.State == v4.FixedState {
 			fixedIn = m.Vulnerability.Fix.Versions
 		}
 
@@ -217,7 +216,7 @@ func (s *Grype) filterVulnerabilities(allVulns []Vulnerability) []Vulnerability
 		sev := vulnerability.ParseSeverity(v.Severity)
 		if sev >= minSeverity && v.Installed != "" {
 			if s.onlyFixed {
-				if v.FixState == string(v3.FixedState) {
+				if v.FixState == string(v4.FixedState) {
 					vulns = append(vulns, v)
 				}
 			} else {