use opencontainers

.circleci/config.yml

@@ -1,31 +1,29 @@
+version: 2.1
+
 defaults: &defaults
   working_directory: /go/src/github.com/goodwithtech/dockle
   docker:
     - image: circleci/golang:1.13
       environment:
-        GO111MODULE: "on"
-  steps:
-    - restore_cache:
-      name: Restore go modules cache
-      keys:
-        - go-mod-v1-{{ checksum "go.sum" }}
-    - save_cache:
-      key: go-mod-v1-{{ checksum "go.sum" }}
-      paths:
-        - "/go/pkg/mod"
+  environment:
+    GO111MODULE: "on"
+    CGO_ENABLED: "0"
 
-version: 2
 jobs:
   test:
     <<: *defaults
     steps:
-    - checkout
-    - run: go test ./...
+      - checkout
+      - run:
+          name: testing
+          command: |
+            go test ./...
+
   release:
     <<: *defaults
     steps:
-    - checkout
-    - run: sudo apt-get install -y rpm && curl -sL https://git.io/goreleaser | bash
+      - checkout
+      - run: sudo apt-get install -y rpm && curl -sL https://git.io/goreleaser | bash
 
 
 workflows:

go.mod

@@ -1,23 +1,21 @@
 module github.com/goodwithtech/dockle
 
-go 1.12
+go 1.13
 
 require (
+	github.com/containers/image/v5 v5.1.0
 	github.com/d4l3k/messagediff v1.2.2-0.20180726183240-b9e99b2f9263
 	github.com/docker/go-connections v0.4.0
 	github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f // indirect
 	github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f // indirect
-	github.com/genuinetools/reg v0.16.0
-	github.com/goodwithtech/deckoder v0.0.0-20191216134544-6ad7a2013cee
+	github.com/goodwithtech/deckoder v0.0.0-20200308110342-e44aa2bd81b3
 	github.com/google/go-cmp v0.3.0
 	github.com/moul/http2curl v1.0.0 // indirect
 	github.com/parnurzeal/gorequest v0.2.15
 	github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect
-	github.com/urfave/cli v1.20.0
+	github.com/urfave/cli v1.22.1
 	go.uber.org/atomic v1.4.0 // indirect
 	go.uber.org/multierr v1.1.0 // indirect
 	go.uber.org/zap v1.10.0
-	golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5
+	golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708
 )
-
-replace github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00

pkg/assessor/assessor.go

@@ -3,6 +3,8 @@ package assessor
 import (
 	"os"
 
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/assessor/cache"
 	"github.com/goodwithtech/dockle/pkg/assessor/privilege"
 
@@ -15,15 +17,14 @@ import (
 	"github.com/goodwithtech/dockle/pkg/assessor/passwd"
 	"github.com/goodwithtech/dockle/pkg/assessor/user"
 
-	"github.com/goodwithtech/deckoder/extractor"
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
 
 var assessors []Assessor
 
 type Assessor interface {
-	Assess(extractor.FileMap) ([]*types.Assessment, error)
+	Assess(deckodertypes.FileMap) ([]*types.Assessment, error)
 	RequiredFiles() []string
 	RequiredPermissions() []os.FileMode
 }
@@ -40,7 +41,7 @@ func init() {
 	RegisterAssessor(cache.CacheAssessor{})
 }
 
-func GetAssessments(files extractor.FileMap) (assessments []*types.Assessment) {
+func GetAssessments(files deckodertypes.FileMap) (assessments []*types.Assessment) {
 	for _, assessor := range assessors {
 		results, err := assessor.Assess(files)
 		if err != nil {

pkg/assessor/cache/cache.go

@@ -6,9 +6,9 @@ import (
 	"path/filepath"
 	"strings"
 
+	deckodertypes "github.com/goodwithtech/deckoder/types"
 	"github.com/goodwithtech/deckoder/utils"
 
-	"github.com/goodwithtech/deckoder/extractor"
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
@@ -23,7 +23,7 @@ var (
 
 type CacheAssessor struct{}
 
-func (a CacheAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a CacheAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Start scan : cache files")
 	assesses := []*types.Assessment{}
 	for filename := range fileMap {

pkg/assessor/contentTrust/contentTrust.go

@@ -3,7 +3,8 @@ package contentTrust
 import (
 	"os"
 
-	"github.com/goodwithtech/deckoder/extractor"
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
@@ -12,7 +13,7 @@ var HostEnvironmentFileName = "ENVIRONMENT variable on HOST OS"
 
 type ContentTrustAssessor struct{}
 
-func (a ContentTrustAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a ContentTrustAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Scan start : DOCKER_CONTENT_TRUST")
 
 	if os.Getenv("DOCKER_CONTENT_TRUST") != "1" {

pkg/assessor/credential/credential.go

@@ -5,15 +5,16 @@ import (
 	"os"
 	"path/filepath"
 
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 
-	"github.com/goodwithtech/deckoder/extractor"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
 
 type CredentialAssessor struct{}
 
-func (a CredentialAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a CredentialAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Start scan : credential files")
 	assesses := []*types.Assessment{}
 	reqFiles := a.RequiredFiles()

pkg/assessor/group/group.go

@@ -7,16 +7,16 @@ import (
 	"os"
 	"strings"
 
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 
 	"github.com/goodwithtech/dockle/pkg/types"
-
-	"github.com/goodwithtech/deckoder/extractor"
 )
 
 type GroupAssessor struct{}
 
-func (a GroupAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a GroupAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Start scan : /etc/group")
 
 	var existFile bool

pkg/assessor/hosts/hosts.go

@@ -3,14 +3,15 @@ package hosts
 import (
 	"os"
 
-	"github.com/goodwithtech/deckoder/extractor"
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
 
 type HostsAssessor struct{}
 
-func (a HostsAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a HostsAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Start scan : /etc/hosts")
 
 	assesses := []*types.Assessment{}

pkg/assessor/manifest/manifest.go

@@ -8,9 +8,10 @@ import (
 	"strings"
 	"time"
 
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 
-	"github.com/goodwithtech/deckoder/extractor"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
 
@@ -23,7 +24,7 @@ var (
 	acceptanceEnvKey = map[string]struct{}{"GPG_KEY": {}, "GPG_KEYS": {}}
 )
 
-func (a ManifestAssessor) Assess(fileMap extractor.FileMap) (assesses []*types.Assessment, err error) {
+func (a ManifestAssessor) Assess(fileMap deckodertypes.FileMap) (assesses []*types.Assessment, err error) {
 	log.Logger.Debug("Scan start : config file")
 	file, ok := fileMap["/config"]
 	if !ok {

pkg/assessor/passwd/passwd.go

@@ -7,16 +7,16 @@ import (
 	"os"
 	"strings"
 
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 
 	"github.com/goodwithtech/dockle/pkg/types"
-
-	"github.com/goodwithtech/deckoder/extractor"
 )
 
 type PasswdAssessor struct{}
 
-func (a PasswdAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a PasswdAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Start scan : password files")
 
 	var existFile bool

pkg/assessor/privilege/suid.go

@@ -4,13 +4,14 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/goodwithtech/deckoder/extractor"
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/types"
 )
 
 type PrivilegeAssessor struct{}
 
-func (a PrivilegeAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a PrivilegeAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	var assesses []*types.Assessment
 
 	for filename, filedata := range fileMap {

pkg/assessor/user/user.go

@@ -7,14 +7,15 @@ import (
 	"os"
 	"strings"
 
-	"github.com/goodwithtech/deckoder/extractor"
+	deckodertypes "github.com/goodwithtech/deckoder/types"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
 )
 
 type UserAssessor struct{}
 
-func (a UserAssessor) Assess(fileMap extractor.FileMap) ([]*types.Assessment, error) {
+func (a UserAssessor) Assess(fileMap deckodertypes.FileMap) ([]*types.Assessment, error) {
 	log.Logger.Debug("Start scan : /etc/passwd")
 
 	var existFile bool

pkg/run.go

@@ -2,25 +2,25 @@ package pkg
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	l "log"
 	"os"
+	"strings"
 
+	"github.com/containers/image/v5/transports/alltransports"
 	deckodertypes "github.com/goodwithtech/deckoder/types"
 
 	"github.com/goodwithtech/dockle/config"
 	"github.com/goodwithtech/dockle/pkg/utils"
 
 	"github.com/goodwithtech/dockle/pkg/report"
 
-	"github.com/genuinetools/reg/registry"
-	"github.com/goodwithtech/deckoder/cache"
 	"github.com/goodwithtech/dockle/pkg/scanner"
 
+	"github.com/urfave/cli"
+
 	"github.com/goodwithtech/dockle/pkg/log"
 	"github.com/goodwithtech/dockle/pkg/types"
-	"github.com/urfave/cli"
 )
 
 func Run(c *cli.Context) (err error) {
@@ -40,18 +40,20 @@ func Run(c *cli.Context) (err error) {
 		log.Logger.Warnf("A new version %s is now available! You have %s.", latestVersion, cliVersion)
 	}
 
-	// delete image cache each time
-	if err = cache.Clear(); err != nil {
-		return errors.New("failed to remove image layer cache")
-	}
 	args := c.Args()
 	filePath := c.String("input")
 	if filePath == "" && len(args) == 0 {
 		log.Logger.Info(`"dockle" requires at least 1 argument or --input option.`)
 		cli.ShowAppHelpAndExit(c, 1)
 		return
 	}
-
+	// set docker option
+	dockerOption := deckodertypes.DockerOption{
+		Timeout:  c.Duration("timeout"),
+		UserName: c.String("username"),
+		Password: c.String("password"),
+		SkipPing: true,
+	}
 	var imageName string
 	if filePath == "" {
 		imageName = args[0]
@@ -60,23 +62,9 @@ func Run(c *cli.Context) (err error) {
 	var useLatestTag bool
 	// Check whether 'latest' tag is used
 	if imageName != "" {
-		image, err := registry.ParseImage(imageName)
-		if err != nil {
+		if useLatestTag, err = useLatest(imageName); err != nil {
 			return fmt.Errorf("invalid image: %w", err)
 		}
-		if image.Tag == "latest" {
-			useLatestTag = true
-		}
-	}
-
-	// set docker option
-	dockerOption := deckodertypes.DockerOption{
-		Timeout:  c.Duration("timeout"),
-		AuthURL:  c.String("authurl"),
-		UserName: c.String("username"),
-		Password: c.String("password"),
-		Insecure: c.BoolT("insecure"),
-		NonSSL:   c.BoolT("nonssl"),
 	}
 	log.Logger.Debug("Start assessments...")
 
@@ -123,3 +111,12 @@ func Run(c *cli.Context) (err error) {
 
 	return nil
 }
+
+func useLatest(imageName string) (bool, error) {
+	ref, err := alltransports.ParseImageName("docker://" + imageName)
+	if err != nil {
+		return false, err
+
+	}
+	return strings.HasSuffix(ref.DockerReference().String(), ":latest"), nil
+}