feat(plugin): trivy-aws as a plugin for Trivy

[simar7]

Notes

1. The current aws subcommand will cause conflict if we name the plugin the same. So I've named it aws-scan for now.
2. We need to deprecate the current aws subcommand within trivy. This will still continue to work until we remove it however. Will done in a separate PR.

Install

$ trivy plugin install ./trivy-aws.tar.gz
2024-05-18T00:06:06-06:00       INFO    Installing the plugin...        url="./trivy-aws.tar.gz"
2024-05-18T00:06:08-06:00       INFO    Loading the plugin metadata...

Run

$ AWS_REGION=<region> AWS_ACCOUNT_ID=<id> trivy aws-scan
2024/05/18 00:06:23 INFO Need to update the built-in policies
2024/05/18 00:06:23 INFO Downloading the built-in policies...

<results>

[nikpivkin]

@simar7 Updated the docker version in the go-mock-aws package. aquasecurity/go-mock-aws#5

[knqyf263]

I think we want to add this plugin to the index so people can install this plugin by trivy plugin install aws.

[simar7]

I think we want to add this plugin to the index so people can install this plugin by trivy plugin install aws.

Yes I was going to do just that 👍🏼

@knqyf263 can you add the aquasecurity/trivy org as maintainers (or at least push access) to that repo? I could fork and submit a PR but it'd be nice to have the right access.

[knqyf263]

@simar7 Added!

[nikpivkin]

Some packages such as cache, commands and scanner are duplicated in pkg and pkg/cloud/aws.

❯ ls pkg/cloud/aws
cache    commands scanner
❯ ls pkg/
cache       cloud       commands    concurrency errs        progress    scanner     types

[nikpivkin]

Should we build the plugin for the same platforms as Trivy to maintain backwards compatibility?

[simar7]

I think we can add cross platform support later on if asked for. Feels like feature creep for this PR.