chore: add prefixes to log messages (#7625)

Signed-off-by: knqyf263 <[email protected]>
Co-authored-by: simar7 <[email protected]>

pkg/commands/artifact/run.go

@@ -470,7 +470,7 @@ func filterMisconfigAnalyzers(included, all []analyzer.Type) ([]analyzer.Type, e
 	return lo.Without(all, included...), nil
 }
 
-func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.ScanOptions, error) {
+func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (ScannerConfig, types.ScanOptions, error) {
 	target := opts.Target
 	if opts.Input != "" {
 		target = opts.Input
@@ -505,7 +505,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan
 	var configScannerOptions misconf.ScannerOption
 	if opts.Scanners.Enabled(types.MisconfigScanner) || opts.ImageConfigScanners.Enabled(types.MisconfigScanner) {
 		var err error
-		configScannerOptions, err = initMisconfScannerOption(opts)
+		configScannerOptions, err = initMisconfScannerOption(ctx, opts)
 		if err != nil {
 			return ScannerConfig{}, types.ScanOptions{}, err
 		}
@@ -600,7 +600,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan
 }
 
 func (r *runner) scan(ctx context.Context, opts flag.Options, initializeScanner InitializeScanner) (types.Report, error) {
-	scannerConfig, scanOptions, err := r.initScannerConfig(opts)
+	scannerConfig, scanOptions, err := r.initScannerConfig(ctx, opts)
 	if err != nil {
 		return types.Report{}, err
 	}
@@ -617,20 +617,20 @@ func (r *runner) scan(ctx context.Context, opts flag.Options, initializeScanner
 	return report, nil
 }
 
-func initMisconfScannerOption(opts flag.Options) (misconf.ScannerOption, error) {
-	logger := log.WithPrefix(log.PrefixMisconfiguration)
-	logger.Info("Misconfiguration scanning is enabled")
+func initMisconfScannerOption(ctx context.Context, opts flag.Options) (misconf.ScannerOption, error) {
+	ctx = log.WithContextPrefix(ctx, log.PrefixMisconfiguration)
+	log.InfoContext(ctx, "Misconfiguration scanning is enabled")
 
 	var downloadedPolicyPaths []string
 	var disableEmbedded bool
 
-	downloadedPolicyPaths, err := operation.InitBuiltinPolicies(context.Background(), opts.CacheDir, opts.Quiet, opts.SkipCheckUpdate, opts.MisconfOptions.ChecksBundleRepository, opts.RegistryOpts())
+	downloadedPolicyPaths, err := operation.InitBuiltinChecks(ctx, opts.CacheDir, opts.Quiet, opts.SkipCheckUpdate, opts.MisconfOptions.ChecksBundleRepository, opts.RegistryOpts())
 	if err != nil {
 		if !opts.SkipCheckUpdate {
-			logger.Error("Falling back to embedded checks", log.Err(err))
+			log.ErrorContext(ctx, "Falling back to embedded checks", log.Err(err))
 		}
 	} else {
-		logger.Debug("Checks successfully loaded from disk")
+		log.DebugContext(ctx, "Checks successfully loaded from disk")
 		disableEmbedded = true
 	}
 

pkg/commands/operation/operation.go

@@ -26,7 +26,7 @@ func DownloadDB(ctx context.Context, appVersion, cacheDir string, dbRepositories
 	mu.Lock()
 	defer mu.Unlock()
 
-	ctx = log.WithContextPrefix(ctx, "db")
+	ctx = log.WithContextPrefix(ctx, log.PrefixVulnerabilityDB)
 	dbDir := db.Dir(cacheDir)
 	client := db.NewClient(dbDir, quiet, db.WithDBRepository(dbRepositories))
 	needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate)
@@ -77,8 +77,8 @@ func DownloadVEXRepositories(ctx context.Context, opts flag.Options) error {
 
 }
 
-// InitBuiltinPolicies downloads the built-in policies and loads them
-func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate bool, checkBundleRepository string, registryOpts ftypes.RegistryOptions) ([]string, error) {
+// InitBuiltinChecks downloads the built-in policies and loads them
+func InitBuiltinChecks(ctx context.Context, cacheDir string, quiet, skipUpdate bool, checkBundleRepository string, registryOpts ftypes.RegistryOptions) ([]string, error) {
 	mu.Lock()
 	defer mu.Unlock()
 
@@ -96,14 +96,14 @@ func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate
 	}
 
 	if needsUpdate {
-		log.Info("Need to update the built-in policies")
-		log.Info("Downloading the built-in policies...")
-		if err = client.DownloadBuiltinPolicies(ctx, registryOpts); err != nil {
+		log.InfoContext(ctx, "Need to update the built-in checks")
+		log.InfoContext(ctx, "Downloading the built-in checks...")
+		if err = client.DownloadBuiltinChecks(ctx, registryOpts); err != nil {
 			return nil, xerrors.Errorf("failed to download built-in policies: %w", err)
 		}
 	}
 
-	policyPaths, err := client.LoadBuiltinPolicies()
+	policyPaths, err := client.LoadBuiltinChecks()
 	if err != nil {
 		if skipUpdate {
 			msg := "No downloadable policies were loaded as --skip-check-update is enabled"

pkg/db/db.go

@@ -93,30 +93,30 @@ func NewClient(dbDir string, quiet bool, opts ...Option) *Client {
 func (c *Client) NeedsUpdate(ctx context.Context, cliVersion string, skip bool) (bool, error) {
 	meta, err := c.metadata.Get()
 	if err != nil {
-		log.Debug("There is no valid metadata file", log.Err(err))
+		log.DebugContext(ctx, "There is no valid metadata file", log.Err(err))
 		if skip {
-			log.Error("The first run cannot skip downloading DB")
+			log.ErrorContext(ctx, "The first run cannot skip downloading DB")
 			return false, xerrors.New("--skip-update cannot be specified on the first run")
 		}
 		meta = metadata.Metadata{Version: db.SchemaVersion}
 	}
 
 	if db.SchemaVersion < meta.Version {
-		log.Error("The Trivy version is old. Update to the latest version.", log.String("version", cliVersion))
+		log.ErrorContext(ctx, "Trivy version is old. Update to the latest version.", log.String("version", cliVersion))
 		return false, xerrors.Errorf("the version of DB schema doesn't match. Local DB: %d, Expected: %d",
 			meta.Version, db.SchemaVersion)
 	}
 
 	if skip {
-		log.Debug("Skipping DB update...")
+		log.DebugContext(ctx, "Skipping DB update...")
 		if err = c.validate(meta); err != nil {
 			return false, xerrors.Errorf("validate error: %w", err)
 		}
 		return false, nil
 	}
 
 	if db.SchemaVersion != meta.Version {
-		log.Debug("The local DB schema version does not match with supported version schema.",
+		log.DebugContext(ctx, "The local DB schema version does not match with supported version schema.",
 			log.Int("local_version", meta.Version), log.Int("supported_version", db.SchemaVersion))
 		return true, nil
 	}
@@ -151,7 +151,7 @@ func (c *Client) isNewDB(ctx context.Context, meta metadata.Metadata) bool {
 func (c *Client) Download(ctx context.Context, dst string, opt types.RegistryOptions) error {
 	// Remove the metadata file under the cache directory before downloading DB
 	if err := c.metadata.Delete(); err != nil {
-		log.Debug("No metadata file")
+		log.DebugContext(ctx, "No metadata file")
 	}
 
 	if err := c.downloadDB(ctx, opt, dst); err != nil {
@@ -198,8 +198,11 @@ func (c *Client) initArtifacts(opt types.RegistryOptions) oci.Artifacts {
 }
 
 func (c *Client) downloadDB(ctx context.Context, opt types.RegistryOptions, dst string) error {
-	log.Info("Downloading vulnerability DB...")
-	downloadOpt := oci.DownloadOption{MediaType: dbMediaType, Quiet: c.quiet}
+	log.InfoContext(ctx, "Downloading vulnerability DB...")
+	downloadOpt := oci.DownloadOption{
+		MediaType: dbMediaType,
+		Quiet:     c.quiet,
+	}
 	if err := c.initArtifacts(opt).Download(ctx, dst, downloadOpt); err != nil {
 		return xerrors.Errorf("failed to download vulnerability DB: %w", err)
 	}

pkg/javadb/client.go

@@ -43,22 +43,23 @@ type Updater struct {
 }
 
 func (u *Updater) Update() error {
+	ctx := log.WithContextPrefix(context.Background(), log.PrefixJavaDB)
 	metac := db.NewMetadata(u.dbDir)
 
 	meta, err := metac.Get()
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
 			return xerrors.Errorf("Java DB metadata error: %w", err)
 		} else if u.skip {
-			log.Error("The first run cannot skip downloading Java DB")
+			log.ErrorContext(ctx, "The first run cannot skip downloading Java DB")
 			return xerrors.New("'--skip-java-db-update' cannot be specified on the first run")
 		}
 	}
 
-	if (meta.Version != SchemaVersion || !u.isNewDB(meta)) && !u.skip {
+	if (meta.Version != SchemaVersion || !u.isNewDB(ctx, meta)) && !u.skip {
 		// Download DB
 		// TODO: support remote options
-		if err := u.downloadDB(); err != nil {
+		if err := u.downloadDB(ctx); err != nil {
 			return xerrors.Errorf("OCI artifact error: %w", err)
 		}
 
@@ -73,33 +74,36 @@ func (u *Updater) Update() error {
 		if err = metac.Update(meta); err != nil {
 			return xerrors.Errorf("Java DB metadata update error: %w", err)
 		}
-		log.Info("The Java DB is cached for 3 days. If you want to update the database more frequently, " +
+		log.InfoContext(ctx, "Java DB is cached for 3 days. If you want to update the database more frequently, "+
 			`"trivy clean --java-db" command clears the DB cache.`)
 	}
 
 	return nil
 }
 
-func (u *Updater) isNewDB(meta db.Metadata) bool {
+func (u *Updater) isNewDB(ctx context.Context, meta db.Metadata) bool {
 	now := time.Now().UTC()
 	if now.Before(meta.NextUpdate) {
-		log.Debug("Java DB update was skipped because the local Java DB is the latest")
+		log.DebugContext(ctx, "Java DB update was skipped because the local Java DB is the latest")
 		return true
 	}
 
 	if now.Before(meta.DownloadedAt.Add(time.Hour * 24)) { // 1 day
-		log.Debug("Java DB update was skipped because the local Java DB was downloaded during the last day")
+		log.DebugContext(ctx, "Java DB update was skipped because the local Java DB was downloaded during the last day")
 		return true
 	}
 	return false
 }
 
-func (u *Updater) downloadDB() error {
-	log.Info("Downloading Java DB...")
+func (u *Updater) downloadDB(ctx context.Context) error {
+	log.InfoContext(ctx, "Downloading Java DB...")
 
 	artifacts := oci.NewArtifacts(u.repos, u.registryOption)
-	downloadOpt := oci.DownloadOption{MediaType: mediaType, Quiet: u.quiet}
-	if err := artifacts.Download(context.Background(), u.dbDir, downloadOpt); err != nil {
+	downloadOpt := oci.DownloadOption{
+		MediaType: mediaType,
+		Quiet:     u.quiet,
+	}
+	if err := artifacts.Download(ctx, u.dbDir, downloadOpt); err != nil {
 		return xerrors.Errorf("failed to download vulnerability DB: %w", err)
 	}
 

pkg/k8s/commands/cluster.go

@@ -37,7 +37,7 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
 			trivyk8s.WithExcludeOwned(opts.ExcludeOwned),
 		}
 		if opts.Scanners.AnyEnabled(types.MisconfigScanner) && !opts.DisableNodeCollector {
-			artifacts, err = trivyk8s.New(cluster, k8sOpts...).ListArtifactAndNodeInfo(ctx, nodeCollectorOptions(opts)...)
+			artifacts, err = trivyk8s.New(cluster, k8sOpts...).ListArtifactAndNodeInfo(ctx, nodeCollectorOptions(ctx, opts)...)
 			if err != nil {
 				return xerrors.Errorf("get k8s artifacts with node info error: %w", err)
 			}
@@ -59,20 +59,17 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
 	return runner.run(ctx, artifacts)
 }
 
-func nodeCollectorOptions(opts flag.Options) []trivyk8s.NodeCollectorOption {
+func nodeCollectorOptions(ctx context.Context, opts flag.Options) []trivyk8s.NodeCollectorOption {
 	nodeCollectorOptions := []trivyk8s.NodeCollectorOption{
 		trivyk8s.WithScanJobNamespace(opts.NodeCollectorNamespace),
 		trivyk8s.WithIgnoreLabels(opts.ExcludeNodes),
 		trivyk8s.WithScanJobImageRef(opts.NodeCollectorImageRef),
-		trivyk8s.WithTolerations(opts.Tolerations)}
-
-	contentPath, err := operation.InitBuiltinPolicies(context.Background(),
-		opts.CacheDir,
-		opts.Quiet,
-		opts.SkipCheckUpdate,
-		opts.MisconfOptions.ChecksBundleRepository,
-		opts.RegistryOpts())
+		trivyk8s.WithTolerations(opts.Tolerations),
+	}
 
+	ctx = log.WithContextPrefix(ctx, log.PrefixMisconfiguration)
+	contentPath, err := operation.InitBuiltinChecks(ctx, opts.CacheDir, opts.Quiet, opts.SkipCheckUpdate,
+		opts.MisconfOptions.ChecksBundleRepository, opts.RegistryOpts())
 	if err != nil {
 		log.Error("Falling back to embedded checks", log.Err(err))
 		nodeCollectorOptions = append(nodeCollectorOptions,

pkg/log/logger.go

@@ -23,6 +23,8 @@ const (
 	PrefixMisconfiguration = "misconfig"
 	PrefixSecret           = "secret"
 	PrefixLicense          = "license"
+	PrefixVulnerabilityDB  = "vulndb"
+	PrefixJavaDB           = "javadb"
 )
 
 // Logger is an alias of slog.Logger

pkg/oci/artifact.go

@@ -225,19 +225,19 @@ func NewArtifacts(repos []name.Reference, opt types.RegistryOptions, opts ...Opt
 // Attempts to download next artifact if the first one fails due to a temporary error.
 func (a Artifacts) Download(ctx context.Context, dst string, opt DownloadOption) error {
 	for i, art := range a {
-		log.Info("Downloading  artifact...", log.String("repo", art.repository))
+		log.InfoContext(ctx, "Downloading artifact...", log.String("repo", art.repository))
 		err := art.Download(ctx, dst, opt)
 		if err == nil {
-			log.Info("Artifact successfully downloaded", log.String("repo", art.repository))
+			log.InfoContext(ctx, "Artifact successfully downloaded", log.String("repo", art.repository))
 			return nil
 		}
 
 		if !shouldTryOtherRepo(err) {
 			return xerrors.Errorf("failed to download artifact from %s: %w", art.repository, err)
 		}
-		log.Error("Failed to download artifact", log.String("repo", art.repository), log.Err(err))
+		log.ErrorContext(ctx, "Failed to download artifact", log.String("repo", art.repository), log.Err(err))
 		if i < len(a)-1 {
-			log.Info("Trying to download artifact from other repository...")
+			log.InfoContext(ctx, "Trying to download artifact from other repository...")
 		}
 	}
 

pkg/policy/policy.go

@@ -89,20 +89,22 @@ func NewClient(cacheDir string, quiet bool, checkBundleRepo string, opts ...Opti
 	}, nil
 }
 
-func (c *Client) populateOCIArtifact(registryOpts types.RegistryOptions) {
+func (c *Client) populateOCIArtifact(ctx context.Context, registryOpts types.RegistryOptions) {
 	if c.artifact == nil {
-		log.Debug("Loading check bundle", log.String("repository", c.checkBundleRepo))
+		log.DebugContext(ctx, "Loading check bundle", log.String("repository", c.checkBundleRepo))
 		c.artifact = oci.NewArtifact(c.checkBundleRepo, registryOpts)
 	}
 }
 
-// DownloadBuiltinPolicies download default policies from GitHub Pages
-func (c *Client) DownloadBuiltinPolicies(ctx context.Context, registryOpts types.RegistryOptions) error {
-	c.populateOCIArtifact(registryOpts)
+// DownloadBuiltinChecks download default policies from GitHub Pages
+func (c *Client) DownloadBuiltinChecks(ctx context.Context, registryOpts types.RegistryOptions) error {
+	c.populateOCIArtifact(ctx, registryOpts)
 
 	dst := c.contentDir()
-	if err := c.artifact.Download(ctx, dst,
-		oci.DownloadOption{MediaType: policyMediaType, Quiet: c.quiet},
+	if err := c.artifact.Download(ctx, dst, oci.DownloadOption{
+		MediaType: policyMediaType,
+		Quiet:     c.quiet,
+	},
 	); err != nil {
 		return xerrors.Errorf("download error: %w", err)
 	}
@@ -111,7 +113,7 @@ func (c *Client) DownloadBuiltinPolicies(ctx context.Context, registryOpts types
 	if err != nil {
 		return xerrors.Errorf("digest error: %w", err)
 	}
-	log.Debug("Digest of the built-in policies", log.String("digest", digest))
+	log.DebugContext(ctx, "Digest of the built-in checks", log.String("digest", digest))
 
 	// Update metadata.json with the new digest and the current date
 	if err = c.updateMetadata(digest, c.clock.Now()); err != nil {
@@ -121,8 +123,8 @@ func (c *Client) DownloadBuiltinPolicies(ctx context.Context, registryOpts types
 	return nil
 }
 
-// LoadBuiltinPolicies loads default policies
-func (c *Client) LoadBuiltinPolicies() ([]string, error) {
+// LoadBuiltinChecks loads default policies
+func (c *Client) LoadBuiltinChecks() ([]string, error) {
 	f, err := os.Open(c.manifestPath())
 	if err != nil {
 		return nil, xerrors.Errorf("manifest file open error (%s): %w", c.manifestPath(), err)
@@ -150,7 +152,7 @@ func (c *Client) LoadBuiltinPolicies() ([]string, error) {
 
 // NeedsUpdate returns if the default check should be updated
 func (c *Client) NeedsUpdate(ctx context.Context, registryOpts types.RegistryOptions) (bool, error) {
-	meta, err := c.GetMetadata()
+	meta, err := c.GetMetadata(ctx)
 	if err != nil {
 		return true, nil
 	}
@@ -160,7 +162,7 @@ func (c *Client) NeedsUpdate(ctx context.Context, registryOpts types.RegistryOpt
 		return false, nil
 	}
 
-	c.populateOCIArtifact(registryOpts)
+	c.populateOCIArtifact(ctx, registryOpts)
 	digest, err := c.artifact.Digest(ctx)
 	if err != nil {
 		return false, xerrors.Errorf("digest error: %w", err)
@@ -211,17 +213,17 @@ func (c *Client) updateMetadata(digest string, now time.Time) error {
 	return nil
 }
 
-func (c *Client) GetMetadata() (*Metadata, error) {
+func (c *Client) GetMetadata(ctx context.Context) (*Metadata, error) {
 	f, err := os.Open(c.metadataPath())
 	if err != nil {
-		log.Debug("Failed to open the check metadata", log.Err(err))
+		log.DebugContext(ctx, "Failed to open the check metadata", log.Err(err))
 		return nil, err
 	}
 	defer f.Close()
 
 	var meta Metadata
 	if err = json.NewDecoder(f).Decode(&meta); err != nil {
-		log.Warn("Check metadata decode error", log.Err(err))
+		log.WarnContext(ctx, "Check metadata decode error", log.Err(err))
 		return nil, err
 	}
 

pkg/policy/policy_test.go

@@ -120,7 +120,7 @@ func TestClient_LoadBuiltinPolicies(t *testing.T) {
 			c, err := policy.NewClient(tt.cacheDir, true, "", policy.WithOCIArtifact(art))
 			require.NoError(t, err)
 
-			got, err := c.LoadBuiltinPolicies()
+			got, err := c.LoadBuiltinChecks()
 			if tt.wantErr != "" {
 				require.Error(t, err)
 				assert.Contains(t, err.Error(), tt.wantErr)
@@ -361,7 +361,7 @@ func TestClient_DownloadBuiltinPolicies(t *testing.T) {
 			c, err := policy.NewClient(tempDir, true, "", policy.WithClock(tt.clock), policy.WithOCIArtifact(art))
 			require.NoError(t, err)
 
-			err = c.DownloadBuiltinPolicies(context.Background(), ftypes.RegistryOptions{})
+			err = c.DownloadBuiltinChecks(context.Background(), ftypes.RegistryOptions{})
 			if tt.wantErr != "" {
 				require.Error(t, err)
 				assert.Contains(t, err.Error(), tt.wantErr)