From 2ca6a8536cf3499e35aad195b4fce3ecd3fbbe46 Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Tue, 14 May 2024 14:41:27 +0400
Subject: [PATCH 01/11] chore: remove unneeded fields

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/plugin/testdata/test_plugin/plugin.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/pkg/plugin/testdata/test_plugin/plugin.yaml b/pkg/plugin/testdata/test_plugin/plugin.yaml
index 272c8d5760a7..dde31a3d50b4 100644
--- a/pkg/plugin/testdata/test_plugin/plugin.yaml
+++ b/pkg/plugin/testdata/test_plugin/plugin.yaml
@@ -8,7 +8,4 @@ platforms:
       os: linux
       arch: amd64
     uri: ./test.sh
-    bin: ./test.sh
-# for testing
-_goos: linux
-_goarch: amd64
\ No newline at end of file
+    bin: ./test.sh
\ No newline at end of file

From 5b25bd3fc4b1de96cff8ffffbb36f0fd519020ce Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Tue, 14 May 2024 15:27:04 +0400
Subject: [PATCH 02/11] feat(plugin): specify version

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/plugin/manager.go | 44 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/pkg/plugin/manager.go b/pkg/plugin/manager.go
index 8f79d744bfb0..8f1cd28c80f9 100644
--- a/pkg/plugin/manager.go
+++ b/pkg/plugin/manager.go
@@ -13,6 +13,7 @@ import (
 	"golang.org/x/xerrors"
 	"gopkg.in/yaml.v3"
 
+	"github.com/aquasecurity/go-version/pkg/semver"
 	"github.com/aquasecurity/trivy/pkg/downloader"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/log"
@@ -88,17 +89,18 @@ func Update(ctx context.Context) error                  { return defaultManager(
 func Search(ctx context.Context, keyword string) error  { return defaultManager().Search(ctx, keyword) }
 
 // Install installs a plugin
-func (m *Manager) Install(ctx context.Context, name string, opts Options) (Plugin, error) {
-	src := m.tryIndex(ctx, name)
+func (m *Manager) Install(ctx context.Context, arg string, opts Options) (Plugin, error) {
+	input := m.parseArg(arg)
+	input.name = m.tryIndex(ctx, input.name)
 
 	// If the plugin is already installed, it skips installing the plugin.
-	if p, installed := m.isInstalled(ctx, src); installed {
+	if p, installed := m.isInstalled(ctx, input.name); installed {
 		m.logger.InfoContext(ctx, "The plugin is already installed", log.String("name", p.Name))
 		return p, nil
 	}
 
-	m.logger.InfoContext(ctx, "Installing the plugin...", log.String("src", src))
-	return m.install(ctx, src, opts)
+	m.logger.InfoContext(ctx, "Installing the plugin...", log.String("src", input.name))
+	return m.install(ctx, input.String(), opts)
 }
 
 func (m *Manager) install(ctx context.Context, src string, opts Options) (Plugin, error) {
@@ -129,7 +131,8 @@ func (m *Manager) install(ctx context.Context, src string, opts Options) (Plugin
 		return Plugin{}, xerrors.Errorf("yaml encode error: %w", err)
 	}
 
-	m.logger.InfoContext(ctx, "Plugin successfully installed", log.String("name", plugin.Name))
+	m.logger.InfoContext(ctx, "Plugin successfully installed",
+		log.String("name", plugin.Name), log.String("version", plugin.Version))
 
 	return plugin, nil
 }
@@ -353,3 +356,32 @@ func (m *Manager) isInstalled(ctx context.Context, url string) (Plugin, bool) {
 	}
 	return Plugin{}, false
 }
+
+// Input represents the user-specified Input.
+type Input struct {
+	name    string
+	version string
+}
+
+func (i *Input) String() string {
+	if i.version != "" {
+		// cf. https://github.com/hashicorp/go-getter/blob/268c11cae8cf0d9374783e06572679796abe9ce9/README.md#git-git
+		return i.name + "?ref=v" + i.version
+	}
+	return i.name
+}
+
+func (m *Manager) parseArg(arg string) Input {
+	before, after, found := strings.Cut(arg, "@v")
+	if !found {
+		return Input{name: arg}
+	} else if _, err := semver.Parse(after); err != nil {
+		m.logger.Debug("Unable to identify the plugin version", log.String("name", arg), log.Err(err))
+		return Input{name: arg}
+	}
+	// cf. https://github.com/hashicorp/go-getter/blob/268c11cae8cf0d9374783e06572679796abe9ce9/README.md#git-git
+	return Input{
+		name:    before,
+		version: after,
+	}
+}

From 718ed008da9383e204808854c6ae9a681282ed67 Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Tue, 14 May 2024 15:27:31 +0400
Subject: [PATCH 03/11] test(plugin): set up git repo

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/fanal/artifact/repo/git_test.go           |   2 +-
 pkg/plugin/manager_test.go                    |  40 +++-
 pkg/plugin/testdata/test_plugin.git/HEAD      |   1 +
 pkg/plugin/testdata/test_plugin.git/config    |   8 +
 .../testdata/test_plugin.git/description      |   1 +
 .../hooks/applypatch-msg.sample               |  15 ++
 .../test_plugin.git/hooks/commit-msg.sample   |  24 +++
 .../hooks/fsmonitor-watchman.sample           | 174 ++++++++++++++++++
 .../test_plugin.git/hooks/post-update.sample  |   8 +
 .../hooks/pre-applypatch.sample               |  14 ++
 .../test_plugin.git/hooks/pre-commit.sample   |  49 +++++
 .../hooks/pre-merge-commit.sample             |  13 ++
 .../test_plugin.git/hooks/pre-push.sample     |  53 ++++++
 .../test_plugin.git/hooks/pre-rebase.sample   | 169 +++++++++++++++++
 .../test_plugin.git/hooks/pre-receive.sample  |  24 +++
 .../hooks/prepare-commit-msg.sample           |  42 +++++
 .../hooks/push-to-checkout.sample             |  78 ++++++++
 .../test_plugin.git/hooks/update.sample       | 128 +++++++++++++
 .../testdata/test_plugin.git/info/exclude     |   6 +
 .../0a/0290c4e05757f323e8307974b40f0282d69985 | Bin 0 -> 345 bytes
 .../2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29 | Bin 0 -> 91 bytes
 .../2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4 | Bin 0 -> 91 bytes
 .../49/0535e047e795a5c95306ce281c9f08cdb35b7c | Bin 0 -> 37 bytes
 .../b0/219198cda98f46a2cef00561c00a251946e621 | Bin 0 -> 381 bytes
 .../b0/b5089c438d32daafa5a10acb7836280f31fd1b | Bin 0 -> 165 bytes
 .../dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09 | Bin 0 -> 165 bytes
 .../testdata/test_plugin.git/packed-refs      |   4 +
 pkg/plugin/testdata/test_plugin/plugin.yaml   |   4 +-
 28 files changed, 852 insertions(+), 5 deletions(-)
 create mode 100644 pkg/plugin/testdata/test_plugin.git/HEAD
 create mode 100644 pkg/plugin/testdata/test_plugin.git/config
 create mode 100644 pkg/plugin/testdata/test_plugin.git/description
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample
 create mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/update.sample
 create mode 100644 pkg/plugin/testdata/test_plugin.git/info/exclude
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/0a/0290c4e05757f323e8307974b40f0282d69985
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/49/0535e047e795a5c95306ce281c9f08cdb35b7c
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/b0/219198cda98f46a2cef00561c00a251946e621
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/b0/b5089c438d32daafa5a10acb7836280f31fd1b
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09
 create mode 100644 pkg/plugin/testdata/test_plugin.git/packed-refs

diff --git a/pkg/fanal/artifact/repo/git_test.go b/pkg/fanal/artifact/repo/git_test.go
index 0e7aadd411a9..87a899842e08 100644
--- a/pkg/fanal/artifact/repo/git_test.go
+++ b/pkg/fanal/artifact/repo/git_test.go
@@ -4,7 +4,6 @@ package repo
 
 import (
 	"context"
-	"github.com/aquasecurity/trivy/pkg/fanal/walker"
 	"net/http/httptest"
 	"testing"
 
@@ -16,6 +15,7 @@ import (
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/secret"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	"github.com/aquasecurity/trivy/pkg/fanal/cache"
+	"github.com/aquasecurity/trivy/pkg/fanal/walker"
 )
 
 func setupGitServer() (*httptest.Server, error) {
diff --git a/pkg/plugin/manager_test.go b/pkg/plugin/manager_test.go
index 958a320512d5..e42191f7fdac 100644
--- a/pkg/plugin/manager_test.go
+++ b/pkg/plugin/manager_test.go
@@ -8,6 +8,7 @@ import (
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/sosedoff/gitkit"
 	"log/slog"
 	"net/http"
 	"net/http/httptest"
@@ -24,11 +25,27 @@ import (
 	"github.com/aquasecurity/trivy/pkg/plugin"
 )
 
+func setupGitServer() (*httptest.Server, error) {
+	service := gitkit.New(gitkit.Config{
+		Dir:        "./testdata",
+		AutoCreate: false,
+	})
+
+	if err := service.Setup(); err != nil {
+		return nil, err
+	}
+
+	ts := httptest.NewServer(service)
+
+	return ts, nil
+}
+
 func TestManager_Run(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		// the test.sh script can't be run on windows so skipping
 		t.Skip("Test satisfied adequately by Linux tests")
 	}
+
 	type fields struct {
 		Name        string
 		Repository  string
@@ -188,10 +205,15 @@ func TestManager_Install(t *testing.T) {
 		// the test.sh script can't be run on windows so skipping
 		t.Skip("Test satisfied adequately by Linux tests")
 	}
+
+	ts, err := setupGitServer()
+	require.NoError(t, err)
+	defer ts.Close()
+
 	wantPlugin := plugin.Plugin{
 		Name:        "test_plugin",
 		Repository:  "github.com/aquasecurity/trivy-plugin-test",
-		Version:     "0.1.0",
+		Version:     "0.2.0",
 		Summary:     "test",
 		Description: "test",
 		Platforms: []plugin.Platform{
@@ -211,6 +233,8 @@ func TestManager_Install(t *testing.T) {
 			},
 		},
 	}
+	wantPluginWithVersion := wantPlugin
+	wantPluginWithVersion.Version = "0.1.0"
 
 	tests := []struct {
 		name       string
@@ -231,7 +255,19 @@ func TestManager_Install(t *testing.T) {
 			wantFile:   ".trivy/plugins/test_plugin/test.sh",
 		},
 		{
-			name:       "index",
+			name:       "git",
+			pluginName: "git::" + ts.URL + "/test_plugin.git",
+			want:       wantPlugin,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "with version",
+			pluginName: "git::" + ts.URL + "/test_plugin.git@v0.1.0",
+			want:       wantPluginWithVersion,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "via index",
 			pluginName: "test",
 			want:       wantPlugin,
 			wantFile:   ".trivy/plugins/test_plugin/test.sh",
diff --git a/pkg/plugin/testdata/test_plugin.git/HEAD b/pkg/plugin/testdata/test_plugin.git/HEAD
new file mode 100644
index 000000000000..b870d82622c1
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/main
diff --git a/pkg/plugin/testdata/test_plugin.git/config b/pkg/plugin/testdata/test_plugin.git/config
new file mode 100644
index 000000000000..9512a718938b
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/config
@@ -0,0 +1,8 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+	ignorecase = true
+	precomposeunicode = true
+[remote "origin"]
+	url = /Users/teppei/src/github.com/aquasecurity/trivy/pkg/plugin/testdata/test_plugin
diff --git a/pkg/plugin/testdata/test_plugin.git/description b/pkg/plugin/testdata/test_plugin.git/description
new file mode 100644
index 000000000000..498b267a8c78
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample b/pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample
new file mode 100755
index 000000000000..a5d7b84a6734
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message taken by
+# applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.  The hook is
+# allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "applypatch-msg".
+
+. git-sh-setup
+commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
+test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
+:
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample b/pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample
new file mode 100755
index 000000000000..b58d1184a9d4
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "commit-msg".
+
+# Uncomment the below to add a Signed-off-by line to the message.
+# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
+# hook is more suited to it.
+#
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample b/pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample
new file mode 100755
index 000000000000..23e856f5deeb
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample
@@ -0,0 +1,174 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use IPC::Open2;
+
+# An example hook script to integrate Watchman
+# (https://facebook.github.io/watchman/) with git to speed up detecting
+# new and modified files.
+#
+# The hook is passed a version (currently 2) and last update token
+# formatted as a string and outputs to stdout a new update token and
+# all files that have been modified since the update token. Paths must
+# be relative to the root of the working tree and separated by a single NUL.
+#
+# To enable this hook, rename this file to "query-watchman" and set
+# 'git config core.fsmonitor .git/hooks/query-watchman'
+#
+my ($version, $last_update_token) = @ARGV;
+
+# Uncomment for debugging
+# print STDERR "$0 $version $last_update_token\n";
+
+# Check the hook interface version
+if ($version ne 2) {
+	die "Unsupported query-fsmonitor hook version '$version'.\n" .
+	    "Falling back to scanning...\n";
+}
+
+my $git_work_tree = get_working_dir();
+
+my $retry = 1;
+
+my $json_pkg;
+eval {
+	require JSON::XS;
+	$json_pkg = "JSON::XS";
+	1;
+} or do {
+	require JSON::PP;
+	$json_pkg = "JSON::PP";
+};
+
+launch_watchman();
+
+sub launch_watchman {
+	my $o = watchman_query();
+	if (is_work_tree_watched($o)) {
+		output_result($o->{clock}, @{$o->{files}});
+	}
+}
+
+sub output_result {
+	my ($clockid, @files) = @_;
+
+	# Uncomment for debugging watchman output
+	# open (my $fh, ">", ".git/watchman-output.out");
+	# binmode $fh, ":utf8";
+	# print $fh "$clockid\n@files\n";
+	# close $fh;
+
+	binmode STDOUT, ":utf8";
+	print $clockid;
+	print "\0";
+	local $, = "\0";
+	print @files;
+}
+
+sub watchman_clock {
+	my $response = qx/watchman clock "$git_work_tree"/;
+	die "Failed to get clock id on '$git_work_tree'.\n" .
+		"Falling back to scanning...\n" if $? != 0;
+
+	return $json_pkg->new->utf8->decode($response);
+}
+
+sub watchman_query {
+	my $pid = open2(\*CHLD_OUT, \*CHLD_IN, 'watchman -j --no-pretty')
+	or die "open2() failed: $!\n" .
+	"Falling back to scanning...\n";
+
+	# In the query expression below we're asking for names of files that
+	# changed since $last_update_token but not from the .git folder.
+	#
+	# To accomplish this, we're using the "since" generator to use the
+	# recency index to select candidate nodes and "fields" to limit the
+	# output to file names only. Then we're using the "expression" term to
+	# further constrain the results.
+	my $last_update_line = "";
+	if (substr($last_update_token, 0, 1) eq "c") {
+		$last_update_token = "\"$last_update_token\"";
+		$last_update_line = qq[\n"since": $last_update_token,];
+	}
+	my $query = <<"	END";
+		["query", "$git_work_tree", {$last_update_line
+			"fields": ["name"],
+			"expression": ["not", ["dirname", ".git"]]
+		}]
+	END
+
+	# Uncomment for debugging the watchman query
+	# open (my $fh, ">", ".git/watchman-query.json");
+	# print $fh $query;
+	# close $fh;
+
+	print CHLD_IN $query;
+	close CHLD_IN;
+	my $response = do {local $/; <CHLD_OUT>};
+
+	# Uncomment for debugging the watch response
+	# open ($fh, ">", ".git/watchman-response.json");
+	# print $fh $response;
+	# close $fh;
+
+	die "Watchman: command returned no output.\n" .
+	"Falling back to scanning...\n" if $response eq "";
+	die "Watchman: command returned invalid output: $response\n" .
+	"Falling back to scanning...\n" unless $response =~ /^\{/;
+
+	return $json_pkg->new->utf8->decode($response);
+}
+
+sub is_work_tree_watched {
+	my ($output) = @_;
+	my $error = $output->{error};
+	if ($retry > 0 and $error and $error =~ m/unable to resolve root .* directory (.*) is not watched/) {
+		$retry--;
+		my $response = qx/watchman watch "$git_work_tree"/;
+		die "Failed to make watchman watch '$git_work_tree'.\n" .
+		    "Falling back to scanning...\n" if $? != 0;
+		$output = $json_pkg->new->utf8->decode($response);
+		$error = $output->{error};
+		die "Watchman: $error.\n" .
+		"Falling back to scanning...\n" if $error;
+
+		# Uncomment for debugging watchman output
+		# open (my $fh, ">", ".git/watchman-output.out");
+		# close $fh;
+
+		# Watchman will always return all files on the first query so
+		# return the fast "everything is dirty" flag to git and do the
+		# Watchman query just to get it over with now so we won't pay
+		# the cost in git to look up each individual file.
+		my $o = watchman_clock();
+		$error = $output->{error};
+
+		die "Watchman: $error.\n" .
+		"Falling back to scanning...\n" if $error;
+
+		output_result($o->{clock}, ("/"));
+		$last_update_token = $o->{clock};
+
+		eval { launch_watchman() };
+		return 0;
+	}
+
+	die "Watchman: $error.\n" .
+	"Falling back to scanning...\n" if $error;
+
+	return 1;
+}
+
+sub get_working_dir {
+	my $working_dir;
+	if ($^O =~ 'msys' || $^O =~ 'cygwin') {
+		$working_dir = Win32::GetCwd();
+		$working_dir =~ tr/\\/\//;
+	} else {
+		require Cwd;
+		$working_dir = Cwd::cwd();
+	}
+
+	return $working_dir;
+}
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample b/pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample
new file mode 100755
index 000000000000..ec17ec1939b7
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample
@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# An example hook script to prepare a packed repository for use over
+# dumb transports.
+#
+# To enable this hook, rename this file to "post-update".
+
+exec git update-server-info
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample
new file mode 100755
index 000000000000..4142082bcb93
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed
+# by applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-applypatch".
+
+. git-sh-setup
+precommit="$(git rev-parse --git-path hooks/pre-commit)"
+test -x "$precommit" && exec "$precommit" ${1+"$@"}
+:
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample
new file mode 100755
index 000000000000..e144712c85c0
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=$(git hash-object -t tree /dev/null)
+fi
+
+# If you want to allow non-ASCII filenames set this variable to true.
+allownonascii=$(git config --type=bool hooks.allownonascii)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# Cross platform projects tend to avoid non-ASCII filenames; prevent
+# them from being added to the repository. We exploit the fact that the
+# printable range starts at the space character and ends with tilde.
+if [ "$allownonascii" != "true" ] &&
+	# Note that the use of brackets around a tr range is ok here, (it's
+	# even required, for portability to Solaris 10's /usr/bin/tr), since
+	# the square bracket bytes happen to fall in the designated range.
+	test $(git diff --cached --name-only --diff-filter=A -z $against |
+	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
+then
+	cat <<\EOF
+Error: Attempt to add a non-ASCII file name.
+
+This can cause problems if you want to work with people on other platforms.
+
+To be portable it is advisable to rename the file.
+
+If you know what you are doing you can disable this check using:
+
+  git config hooks.allownonascii true
+EOF
+	exit 1
+fi
+
+# If there are whitespace errors, print the offending file names and fail.
+exec git diff-index --check --cached $against --
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample
new file mode 100755
index 000000000000..399eab1924e3
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git merge" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message to
+# stderr if it wants to stop the merge commit.
+#
+# To enable this hook, rename this file to "pre-merge-commit".
+
+. git-sh-setup
+test -x "$GIT_DIR/hooks/pre-commit" &&
+        exec "$GIT_DIR/hooks/pre-commit"
+:
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample
new file mode 100755
index 000000000000..4ce688d32b75
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# An example hook script to verify what is about to be pushed.  Called by "git
+# push" after it has checked the remote status, but before anything has been
+# pushed.  If this script exits with a non-zero status nothing will be pushed.
+#
+# This hook is called with the following parameters:
+#
+# $1 -- Name of the remote to which the push is being done
+# $2 -- URL to which the push is being done
+#
+# If pushing without using a named remote those arguments will be equal.
+#
+# Information about the commits which are being pushed is supplied as lines to
+# the standard input in the form:
+#
+#   <local ref> <local oid> <remote ref> <remote oid>
+#
+# This sample shows how to prevent push of commits where the log message starts
+# with "WIP" (work in progress).
+
+remote="$1"
+url="$2"
+
+zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
+
+while read local_ref local_oid remote_ref remote_oid
+do
+	if test "$local_oid" = "$zero"
+	then
+		# Handle delete
+		:
+	else
+		if test "$remote_oid" = "$zero"
+		then
+			# New branch, examine all commits
+			range="$local_oid"
+		else
+			# Update to existing branch, examine new commits
+			range="$remote_oid..$local_oid"
+		fi
+
+		# Check for WIP commit
+		commit=$(git rev-list -n 1 --grep '^WIP' "$range")
+		if test -n "$commit"
+		then
+			echo >&2 "Found WIP commit in $local_ref, not pushing"
+			exit 1
+		fi
+	fi
+done
+
+exit 0
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample
new file mode 100755
index 000000000000..6cbef5c370d8
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample
@@ -0,0 +1,169 @@
+#!/bin/sh
+#
+# Copyright (c) 2006, 2008 Junio C Hamano
+#
+# The "pre-rebase" hook is run just before "git rebase" starts doing
+# its job, and can prevent the command from running by exiting with
+# non-zero status.
+#
+# The hook is called with the following parameters:
+#
+# $1 -- the upstream the series was forked from.
+# $2 -- the branch being rebased (or empty when rebasing the current branch).
+#
+# This sample shows how to prevent topic branches that are already
+# merged to 'next' branch from getting rebased, because allowing it
+# would result in rebasing already published history.
+
+publish=next
+basebranch="$1"
+if test "$#" = 2
+then
+	topic="refs/heads/$2"
+else
+	topic=`git symbolic-ref HEAD` ||
+	exit 0 ;# we do not interrupt rebasing detached HEAD
+fi
+
+case "$topic" in
+refs/heads/??/*)
+	;;
+*)
+	exit 0 ;# we do not interrupt others.
+	;;
+esac
+
+# Now we are dealing with a topic branch being rebased
+# on top of master.  Is it OK to rebase it?
+
+# Does the topic really exist?
+git show-ref -q "$topic" || {
+	echo >&2 "No such branch $topic"
+	exit 1
+}
+
+# Is topic fully merged to master?
+not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
+if test -z "$not_in_master"
+then
+	echo >&2 "$topic is fully merged to master; better remove it."
+	exit 1 ;# we could allow it, but there is no point.
+fi
+
+# Is topic ever merged to next?  If so you should not be rebasing it.
+only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
+only_next_2=`git rev-list ^master           ${publish} | sort`
+if test "$only_next_1" = "$only_next_2"
+then
+	not_in_topic=`git rev-list "^$topic" master`
+	if test -z "$not_in_topic"
+	then
+		echo >&2 "$topic is already up to date with master"
+		exit 1 ;# we could allow it, but there is no point.
+	else
+		exit 0
+	fi
+else
+	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
+	/usr/bin/perl -e '
+		my $topic = $ARGV[0];
+		my $msg = "* $topic has commits already merged to public branch:\n";
+		my (%not_in_next) = map {
+			/^([0-9a-f]+) /;
+			($1 => 1);
+		} split(/\n/, $ARGV[1]);
+		for my $elem (map {
+				/^([0-9a-f]+) (.*)$/;
+				[$1 => $2];
+			} split(/\n/, $ARGV[2])) {
+			if (!exists $not_in_next{$elem->[0]}) {
+				if ($msg) {
+					print STDERR $msg;
+					undef $msg;
+				}
+				print STDERR " $elem->[1]\n";
+			}
+		}
+	' "$topic" "$not_in_next" "$not_in_master"
+	exit 1
+fi
+
+<<\DOC_END
+
+This sample hook safeguards topic branches that have been
+published from being rewound.
+
+The workflow assumed here is:
+
+ * Once a topic branch forks from "master", "master" is never
+   merged into it again (either directly or indirectly).
+
+ * Once a topic branch is fully cooked and merged into "master",
+   it is deleted.  If you need to build on top of it to correct
+   earlier mistakes, a new topic branch is created by forking at
+   the tip of the "master".  This is not strictly necessary, but
+   it makes it easier to keep your history simple.
+
+ * Whenever you need to test or publish your changes to topic
+   branches, merge them into "next" branch.
+
+The script, being an example, hardcodes the publish branch name
+to be "next", but it is trivial to make it configurable via
+$GIT_DIR/config mechanism.
+
+With this workflow, you would want to know:
+
+(1) ... if a topic branch has ever been merged to "next".  Young
+    topic branches can have stupid mistakes you would rather
+    clean up before publishing, and things that have not been
+    merged into other branches can be easily rebased without
+    affecting other people.  But once it is published, you would
+    not want to rewind it.
+
+(2) ... if a topic branch has been fully merged to "master".
+    Then you can delete it.  More importantly, you should not
+    build on top of it -- other people may already want to
+    change things related to the topic as patches against your
+    "master", so if you need further changes, it is better to
+    fork the topic (perhaps with the same name) afresh from the
+    tip of "master".
+
+Let's look at this example:
+
+		   o---o---o---o---o---o---o---o---o---o "next"
+		  /       /           /           /
+		 /   a---a---b A     /           /
+		/   /               /           /
+	       /   /   c---c---c---c B         /
+	      /   /   /             \         /
+	     /   /   /   b---b C     \       /
+	    /   /   /   /             \     /
+    ---o---o---o---o---o---o---o---o---o---o---o "master"
+
+
+A, B and C are topic branches.
+
+ * A has one fix since it was merged up to "next".
+
+ * B has finished.  It has been fully merged up to "master" and "next",
+   and is ready to be deleted.
+
+ * C has not merged to "next" at all.
+
+We would want to allow C to be rebased, refuse A, and encourage
+B to be deleted.
+
+To compute (1):
+
+	git rev-list ^master ^topic next
+	git rev-list ^master        next
+
+	if these match, topic has not merged in next at all.
+
+To compute (2):
+
+	git rev-list master..topic
+
+	if this is empty, it is fully merged to "master".
+
+DOC_END
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample
new file mode 100755
index 000000000000..a1fd29ec1482
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to make use of push options.
+# The example simply echoes all push options that start with 'echoback='
+# and rejects all pushes when the "reject" push option is used.
+#
+# To enable this hook, rename this file to "pre-receive".
+
+if test -n "$GIT_PUSH_OPTION_COUNT"
+then
+	i=0
+	while test "$i" -lt "$GIT_PUSH_OPTION_COUNT"
+	do
+		eval "value=\$GIT_PUSH_OPTION_$i"
+		case "$value" in
+		echoback=*)
+			echo "echo from the pre-receive-hook: ${value#*=}" >&2
+			;;
+		reject)
+			exit 1
+		esac
+		i=$((i + 1))
+	done
+fi
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample b/pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample
new file mode 100755
index 000000000000..10fa14c5ab01
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# An example hook script to prepare the commit log message.
+# Called by "git commit" with the name of the file that has the
+# commit message, followed by the description of the commit
+# message's source.  The hook's purpose is to edit the commit
+# message file.  If the hook fails with a non-zero status,
+# the commit is aborted.
+#
+# To enable this hook, rename this file to "prepare-commit-msg".
+
+# This hook includes three examples. The first one removes the
+# "# Please enter the commit message..." help message.
+#
+# The second includes the output of "git diff --name-status -r"
+# into the message, just before the "git status" output.  It is
+# commented because it doesn't cope with --amend or with squashed
+# commits.
+#
+# The third example adds a Signed-off-by line to the message, that can
+# still be edited.  This is rarely a good idea.
+
+COMMIT_MSG_FILE=$1
+COMMIT_SOURCE=$2
+SHA1=$3
+
+/usr/bin/perl -i.bak -ne 'print unless(m/^. Please enter the commit message/..m/^#$/)' "$COMMIT_MSG_FILE"
+
+# case "$COMMIT_SOURCE,$SHA1" in
+#  ,|template,)
+#    /usr/bin/perl -i.bak -pe '
+#       print "\n" . `git diff --cached --name-status -r`
+# 	 if /^#/ && $first++ == 0' "$COMMIT_MSG_FILE" ;;
+#  *) ;;
+# esac
+
+# SOB=$(git var GIT_COMMITTER_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# git interpret-trailers --in-place --trailer "$SOB" "$COMMIT_MSG_FILE"
+# if test -z "$COMMIT_SOURCE"
+# then
+#   /usr/bin/perl -i.bak -pe 'print "\n" if !$first_line++' "$COMMIT_MSG_FILE"
+# fi
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample b/pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample
new file mode 100755
index 000000000000..af5a0c0018b5
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+# An example hook script to update a checked-out tree on a git push.
+#
+# This hook is invoked by git-receive-pack(1) when it reacts to git
+# push and updates reference(s) in its repository, and when the push
+# tries to update the branch that is currently checked out and the
+# receive.denyCurrentBranch configuration variable is set to
+# updateInstead.
+#
+# By default, such a push is refused if the working tree and the index
+# of the remote repository has any difference from the currently
+# checked out commit; when both the working tree and the index match
+# the current commit, they are updated to match the newly pushed tip
+# of the branch. This hook is to be used to override the default
+# behaviour; however the code below reimplements the default behaviour
+# as a starting point for convenient modification.
+#
+# The hook receives the commit with which the tip of the current
+# branch is going to be updated:
+commit=$1
+
+# It can exit with a non-zero status to refuse the push (when it does
+# so, it must not modify the index or the working tree).
+die () {
+	echo >&2 "$*"
+	exit 1
+}
+
+# Or it can make any necessary changes to the working tree and to the
+# index to bring them to the desired state when the tip of the current
+# branch is updated to the new commit, and exit with a zero status.
+#
+# For example, the hook can simply run git read-tree -u -m HEAD "$1"
+# in order to emulate git fetch that is run in the reverse direction
+# with git push, as the two-tree form of git read-tree -u -m is
+# essentially the same as git switch or git checkout that switches
+# branches while keeping the local changes in the working tree that do
+# not interfere with the difference between the branches.
+
+# The below is a more-or-less exact translation to shell of the C code
+# for the default behaviour for git's push-to-checkout hook defined in
+# the push_to_deploy() function in builtin/receive-pack.c.
+#
+# Note that the hook will be executed from the repository directory,
+# not from the working tree, so if you want to perform operations on
+# the working tree, you will have to adapt your code accordingly, e.g.
+# by adding "cd .." or using relative paths.
+
+if ! git update-index -q --ignore-submodules --refresh
+then
+	die "Up-to-date check failed"
+fi
+
+if ! git diff-files --quiet --ignore-submodules --
+then
+	die "Working directory has unstaged changes"
+fi
+
+# This is a rough translation of:
+#
+#   head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX
+if git cat-file -e HEAD 2>/dev/null
+then
+	head=HEAD
+else
+	head=$(git hash-object -t tree --stdin </dev/null)
+fi
+
+if ! git diff-index --quiet --cached --ignore-submodules $head --
+then
+	die "Working directory has staged changes"
+fi
+
+if ! git read-tree -u -m "$commit"
+then
+	die "Could not update working tree to new HEAD"
+fi
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/update.sample b/pkg/plugin/testdata/test_plugin.git/hooks/update.sample
new file mode 100755
index 000000000000..c4d426bc6ee9
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/hooks/update.sample
@@ -0,0 +1,128 @@
+#!/bin/sh
+#
+# An example hook script to block unannotated tags from entering.
+# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
+#
+# To enable this hook, rename this file to "update".
+#
+# Config
+# ------
+# hooks.allowunannotated
+#   This boolean sets whether unannotated tags will be allowed into the
+#   repository.  By default they won't be.
+# hooks.allowdeletetag
+#   This boolean sets whether deleting tags will be allowed in the
+#   repository.  By default they won't be.
+# hooks.allowmodifytag
+#   This boolean sets whether a tag may be modified after creation. By default
+#   it won't be.
+# hooks.allowdeletebranch
+#   This boolean sets whether deleting branches will be allowed in the
+#   repository.  By default they won't be.
+# hooks.denycreatebranch
+#   This boolean sets whether remotely creating branches will be denied
+#   in the repository.  By default this is allowed.
+#
+
+# --- Command line
+refname="$1"
+oldrev="$2"
+newrev="$3"
+
+# --- Safety check
+if [ -z "$GIT_DIR" ]; then
+	echo "Don't run this script from the command line." >&2
+	echo " (if you want, you could supply GIT_DIR then run" >&2
+	echo "  $0 <ref> <oldrev> <newrev>)" >&2
+	exit 1
+fi
+
+if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
+	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
+	exit 1
+fi
+
+# --- Config
+allowunannotated=$(git config --type=bool hooks.allowunannotated)
+allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
+denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
+allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
+allowmodifytag=$(git config --type=bool hooks.allowmodifytag)
+
+# check for no description
+projectdesc=$(sed -e '1q' "$GIT_DIR/description")
+case "$projectdesc" in
+"Unnamed repository"* | "")
+	echo "*** Project description file hasn't been set" >&2
+	exit 1
+	;;
+esac
+
+# --- Check types
+# if $newrev is 0000...0000, it's a commit to delete a ref.
+zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
+if [ "$newrev" = "$zero" ]; then
+	newrev_type=delete
+else
+	newrev_type=$(git cat-file -t $newrev)
+fi
+
+case "$refname","$newrev_type" in
+	refs/tags/*,commit)
+		# un-annotated tag
+		short_refname=${refname##refs/tags/}
+		if [ "$allowunannotated" != "true" ]; then
+			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
+			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,delete)
+		# delete tag
+		if [ "$allowdeletetag" != "true" ]; then
+			echo "*** Deleting a tag is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,tag)
+		# annotated tag
+		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
+		then
+			echo "*** Tag '$refname' already exists." >&2
+			echo "*** Modifying a tag is not allowed in this repository." >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,commit)
+		# branch
+		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
+			echo "*** Creating a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,delete)
+		# delete branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/remotes/*,commit)
+		# tracking branch
+		;;
+	refs/remotes/*,delete)
+		# delete tracking branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	*)
+		# Anything else (is there anything else?)
+		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
+		exit 1
+		;;
+esac
+
+# --- Finished
+exit 0
diff --git a/pkg/plugin/testdata/test_plugin.git/info/exclude b/pkg/plugin/testdata/test_plugin.git/info/exclude
new file mode 100644
index 000000000000..a5196d1be8fb
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/pkg/plugin/testdata/test_plugin.git/objects/0a/0290c4e05757f323e8307974b40f0282d69985 b/pkg/plugin/testdata/test_plugin.git/objects/0a/0290c4e05757f323e8307974b40f0282d69985
new file mode 100644
index 0000000000000000000000000000000000000000..9245bbdf4797fe42e6b012167e68e9bfa385e753
GIT binary patch
literal 345
zcmV-f0jB<V0hN$jZ-PJ&h5Nj}V&6$ySZ<QEO_h5TA_BJZwk*2{a`A$;^6LwlzV)Ri
znas?WoSEd1wyui~N~-qI9VvwfW0WbGiqf$&nTU*K2&a6iO^8H^hL|Q(qyc>Hw(Sw_
zn!}YLMT9TE(|cayqIx22{RRb9kd=ufYZ~NuiRZyUhj$(Qw=v)6ry_@sqh_Y<`Y;R~
z7`nDUjpCJg;{e8j@5X%POh*Mn8QwT8i0HSAkM+(gW5J7dBg>ylZ_$f$qjd7GZF4F$
z7Lc4x3?~Qh_-P$H-%I3Z`HeZA+#E)NDt@%ymGsy)himSz&Z3d&qTgd(s1m~!{K%96
z9BH7Zp~G1xwkK#c?<^U0Yie!EXM5ADbXj|ulU*p|8dFZ!>72WkONB|a$_&Q4mlekl
rfFep0y*W#Wp7o%)EFAkV^<Kd}4%0XO3Ih~P(G|FY_sqc$bQqA_d||Eb

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29 b/pkg/plugin/testdata/test_plugin.git/objects/2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29
new file mode 100644
index 0000000000000000000000000000000000000000..7cdbe11da32360e22dcb8b46124073b76476fc20
GIT binary patch
literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;xcgYjHeieTT>qBGJ(vH9
x`gZvFZ~~Q?o0=+=q!yRx6=yJbvYI|{e?E2T$zZl~8Zz@a&Tfvb0RX3r9+GWoD^LIc

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4 b/pkg/plugin/testdata/test_plugin.git/objects/2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4
new file mode 100644
index 0000000000000000000000000000000000000000..49854ac328a7897c2f95617f3d3106c06323fe54
GIT binary patch
literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;*szsjj&rZkt@TS6a-FU)
x)8IG!D-Bd;ZfdGfl3HA%SDeA%$!hw*{rS|TCxh9}X~@jyIJ-Hz1^|ja9q?cnEi3>4

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/49/0535e047e795a5c95306ce281c9f08cdb35b7c b/pkg/plugin/testdata/test_plugin.git/objects/49/0535e047e795a5c95306ce281c9f08cdb35b7c
new file mode 100644
index 0000000000000000000000000000000000000000..964cbf82f49bbc0825b9a3b0ce88f1ab88927e94
GIT binary patch
literal 37
tcmb<m^geacKghr+B_QmI|EV*V_0K(c<mG$rM0kML>GR=C3>B9+OaM$w5k~+3

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/b0/219198cda98f46a2cef00561c00a251946e621 b/pkg/plugin/testdata/test_plugin.git/objects/b0/219198cda98f46a2cef00561c00a251946e621
new file mode 100644
index 0000000000000000000000000000000000000000..28d704514c7a0c09e14b7a1f40775f1619322b5e
GIT binary patch
literal 381
zcmV-@0fPQ`0hN$TZ=*mEgma!>F?TD@Jb27VyQ?^W0mmQ{!zSSdlK~9a*ciX~^$Uq|
z%VkSysrr+u)hf|!x0?>CnBR4+l#oav6GB*;F@}*sWU4D4G}Sm3s?d@&OG&0nsepab
z%3TLhf(S=Kkx125J)?w5Mv=~SB~?&{2qPaF=S&63sVkZmR=dM3BN~OjzTIQKO*ZvZ
zG}}KA>sZy8!ZZ#iNI?h;ba=0m{~gTt`EirO`%zDp?fP)NcHr8z{aF~jSf3og2>Wh?
zYG*bo7{>HQw-nTGmal&+uZ*x4RwK(FN^jZIXR~zjOR+naJPSmgG1JKbY~SVw&-Y?A
zTwRk15}ye(CN&zPUyA$0wuWo&us($&GpOGu2Cie%#eQh10FE?R^yhVVHmv#V!W}DU
z7uUF28Fq)QlibbiqHPMVcrRa9@28k$(dK4d$^K<BKVV5&*e?_SHF3I<m4^eftZH#P
bz8UHz_zk}5uzd5UGQb&4$rOQq1F4!pB!RTN

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/b0/b5089c438d32daafa5a10acb7836280f31fd1b b/pkg/plugin/testdata/test_plugin.git/objects/b0/b5089c438d32daafa5a10acb7836280f31fd1b
new file mode 100644
index 0000000000000000000000000000000000000000..ff074f718b4f923acd2a68e754fc9aea7f0f5f0c
GIT binary patch
literal 165
zcmV;W09yZe0Y#2W4#F@DL|Nw)R`*S-3bDv#P?`p6DL-PTqPHgrNO(8To*Az$uCOfg
zC1`II3~Y(-$(1LDL1ddEA;)|wcp~p*l_vU0zltVnN=7~>&Ul>T*D*G?IBX`2p@z+J
zk@Fy^c&}SVUvHL7#>D-kljJl%V)mp2zzAfWHMO*<HjxxK4CVdPI-6aA_S@~+N&Q2C
ToLZEmy`vRt{U3b*VsA=$jd4v5

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09 b/pkg/plugin/testdata/test_plugin.git/objects/dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09
new file mode 100644
index 0000000000000000000000000000000000000000..bf920dc6e5f74b4d81bffef054a0cc571b558a7d
GIT binary patch
literal 165
zcmV;W09yZe0X>e*4#FT1ggx^Vo8C)XV@%{_3{bS2@Fxq6eR~0odz)`}W>(pt;Jn;U
zUOFRS$cFMg+VVs{uw-H&%pn~Do|w0yxDIZTuOi9lk}w}rPPiZA*D*FX+f5=2zJ|?w
z;q$<#I44_1U$2IA!kGI>C(+9M2+5IP03(pGM%U7&+5{3{(U<p6%cM5}(yiA^C-n~j
Td}>jgwvH6m`ak*r9#~3tBvnrH

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/packed-refs b/pkg/plugin/testdata/test_plugin.git/packed-refs
new file mode 100644
index 000000000000..1690e340878c
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/packed-refs
@@ -0,0 +1,4 @@
+# pack-refs with: peeled fully-peeled sorted 
+b0219198cda98f46a2cef00561c00a251946e621 refs/heads/main
+0a0290c4e05757f323e8307974b40f0282d69985 refs/tags/v0.1.0
+b0219198cda98f46a2cef00561c00a251946e621 refs/tags/v0.2.0
diff --git a/pkg/plugin/testdata/test_plugin/plugin.yaml b/pkg/plugin/testdata/test_plugin/plugin.yaml
index dde31a3d50b4..b0b5089c438d 100644
--- a/pkg/plugin/testdata/test_plugin/plugin.yaml
+++ b/pkg/plugin/testdata/test_plugin/plugin.yaml
@@ -1,6 +1,6 @@
 name: "test_plugin"
 repository: github.com/aquasecurity/trivy-plugin-test
-version: "0.1.0"
+version: "0.2.0"
 summary: test
 description: test
 platforms:
@@ -8,4 +8,4 @@ platforms:
       os: linux
       arch: amd64
     uri: ./test.sh
-    bin: ./test.sh
\ No newline at end of file
+    bin: ./test.sh

From 89b51e5b1e15ea581e0f2a13e0d26ec14513193d Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Tue, 14 May 2024 15:33:41 +0400
Subject: [PATCH 04/11] docs: specify version

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 docs/docs/plugin/developer-guide.md | 10 ++++++++++
 docs/docs/plugin/user-guide.md      | 11 +++++++++++
 2 files changed, 21 insertions(+)

diff --git a/docs/docs/plugin/developer-guide.md b/docs/docs/plugin/developer-guide.md
index 5080bab9ede9..bf77edee00b0 100644
--- a/docs/docs/plugin/developer-guide.md
+++ b/docs/docs/plugin/developer-guide.md
@@ -130,6 +130,16 @@ The following rules will apply in deciding which platform to select:
 After determining platform, Trivy will download the execution file from `uri` and store it in the plugin cache.
 When the plugin is called via Trivy CLI, `bin` command will be executed.
 
+#### Tagging plugin repositories
+If you are hosting your plugin in a Git repository, it is strongly recommended to tag your releases with a version number.
+By tagging your releases, Trivy can install specific versions of your plugin.
+
+```bash
+$ trivy plugin install referrer@v0.3.0
+```
+
+When tagging versions, you must follow [the Semantic Versioning][semver] and prefix the tag with `v`, like `v1.2.3`.
+
 #### Plugin arguments/flags
 The plugin is responsible for handling flags and arguments.
 Any arguments are passed to the plugin from the `trivy` command.
diff --git a/docs/docs/plugin/user-guide.md b/docs/docs/plugin/user-guide.md
index b216f3d63c85..f26f741f7e6e 100644
--- a/docs/docs/plugin/user-guide.md
+++ b/docs/docs/plugin/user-guide.md
@@ -40,6 +40,8 @@ $ trivy plugin install referrer
 
 This command will download the plugin and install it in the plugin cache.
 
+
+
 Trivy adheres to the XDG specification, so the location depends on whether XDG_DATA_HOME is set.
 Trivy will now search XDG_DATA_HOME for the location of the Trivy plugins cache.
 The preference order is as follows:
@@ -56,6 +58,15 @@ $ trivy plugin install github.com/aquasecurity/trivy-plugin-kubectl
 $ trivy plugin install myplugin.tar.gz
 ```
 
+If the plugin's Git repository is [properly tagged](./developer-guide.md#tagging-plugin-repositories), you can specify the version to install like this:
+
+```bash
+$ trivy plugin install referrer@v0.3.0
+```
+
+!!! note
+    The leading `v` in the version is required. Also, the version must follow the [Semantic Versioning](https://semver.org/).
+
 Under the hood Trivy leverages [go-getter][go-getter] to download plugins.
 This means the following protocols are supported for downloading plugins:
 

From b7a2f0799899269c0c06dbc30b71199eda550f5b Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Tue, 14 May 2024 15:38:53 +0400
Subject: [PATCH 05/11] chore: remove unnecessary files in a testing repo

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 .../testdata/test_plugin.git/description      |   1 -
 .../hooks/applypatch-msg.sample               |  15 --
 .../test_plugin.git/hooks/commit-msg.sample   |  24 ---
 .../hooks/fsmonitor-watchman.sample           | 174 ------------------
 .../test_plugin.git/hooks/post-update.sample  |   8 -
 .../hooks/pre-applypatch.sample               |  14 --
 .../test_plugin.git/hooks/pre-commit.sample   |  49 -----
 .../hooks/pre-merge-commit.sample             |  13 --
 .../test_plugin.git/hooks/pre-push.sample     |  53 ------
 .../test_plugin.git/hooks/pre-rebase.sample   | 169 -----------------
 .../test_plugin.git/hooks/pre-receive.sample  |  24 ---
 .../hooks/prepare-commit-msg.sample           |  42 -----
 .../hooks/push-to-checkout.sample             |  78 --------
 .../test_plugin.git/hooks/update.sample       | 128 -------------
 .../testdata/test_plugin.git/info/exclude     |   6 -
 15 files changed, 798 deletions(-)
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/description
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample
 delete mode 100755 pkg/plugin/testdata/test_plugin.git/hooks/update.sample
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/info/exclude

diff --git a/pkg/plugin/testdata/test_plugin.git/description b/pkg/plugin/testdata/test_plugin.git/description
deleted file mode 100644
index 498b267a8c78..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/description
+++ /dev/null
@@ -1 +0,0 @@
-Unnamed repository; edit this file 'description' to name the repository.
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample b/pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample
deleted file mode 100755
index a5d7b84a6734..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/applypatch-msg.sample
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to check the commit log message taken by
-# applypatch from an e-mail message.
-#
-# The hook should exit with non-zero status after issuing an
-# appropriate message if it wants to stop the commit.  The hook is
-# allowed to edit the commit message file.
-#
-# To enable this hook, rename this file to "applypatch-msg".
-
-. git-sh-setup
-commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
-test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
-:
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample b/pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample
deleted file mode 100755
index b58d1184a9d4..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/commit-msg.sample
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to check the commit log message.
-# Called by "git commit" with one argument, the name of the file
-# that has the commit message.  The hook should exit with non-zero
-# status after issuing an appropriate message if it wants to stop the
-# commit.  The hook is allowed to edit the commit message file.
-#
-# To enable this hook, rename this file to "commit-msg".
-
-# Uncomment the below to add a Signed-off-by line to the message.
-# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
-# hook is more suited to it.
-#
-# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
-# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
-
-# This example catches duplicate Signed-off-by lines.
-
-test "" = "$(grep '^Signed-off-by: ' "$1" |
-	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
-	echo >&2 Duplicate Signed-off-by lines.
-	exit 1
-}
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample b/pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample
deleted file mode 100755
index 23e856f5deeb..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/fsmonitor-watchman.sample
+++ /dev/null
@@ -1,174 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use IPC::Open2;
-
-# An example hook script to integrate Watchman
-# (https://facebook.github.io/watchman/) with git to speed up detecting
-# new and modified files.
-#
-# The hook is passed a version (currently 2) and last update token
-# formatted as a string and outputs to stdout a new update token and
-# all files that have been modified since the update token. Paths must
-# be relative to the root of the working tree and separated by a single NUL.
-#
-# To enable this hook, rename this file to "query-watchman" and set
-# 'git config core.fsmonitor .git/hooks/query-watchman'
-#
-my ($version, $last_update_token) = @ARGV;
-
-# Uncomment for debugging
-# print STDERR "$0 $version $last_update_token\n";
-
-# Check the hook interface version
-if ($version ne 2) {
-	die "Unsupported query-fsmonitor hook version '$version'.\n" .
-	    "Falling back to scanning...\n";
-}
-
-my $git_work_tree = get_working_dir();
-
-my $retry = 1;
-
-my $json_pkg;
-eval {
-	require JSON::XS;
-	$json_pkg = "JSON::XS";
-	1;
-} or do {
-	require JSON::PP;
-	$json_pkg = "JSON::PP";
-};
-
-launch_watchman();
-
-sub launch_watchman {
-	my $o = watchman_query();
-	if (is_work_tree_watched($o)) {
-		output_result($o->{clock}, @{$o->{files}});
-	}
-}
-
-sub output_result {
-	my ($clockid, @files) = @_;
-
-	# Uncomment for debugging watchman output
-	# open (my $fh, ">", ".git/watchman-output.out");
-	# binmode $fh, ":utf8";
-	# print $fh "$clockid\n@files\n";
-	# close $fh;
-
-	binmode STDOUT, ":utf8";
-	print $clockid;
-	print "\0";
-	local $, = "\0";
-	print @files;
-}
-
-sub watchman_clock {
-	my $response = qx/watchman clock "$git_work_tree"/;
-	die "Failed to get clock id on '$git_work_tree'.\n" .
-		"Falling back to scanning...\n" if $? != 0;
-
-	return $json_pkg->new->utf8->decode($response);
-}
-
-sub watchman_query {
-	my $pid = open2(\*CHLD_OUT, \*CHLD_IN, 'watchman -j --no-pretty')
-	or die "open2() failed: $!\n" .
-	"Falling back to scanning...\n";
-
-	# In the query expression below we're asking for names of files that
-	# changed since $last_update_token but not from the .git folder.
-	#
-	# To accomplish this, we're using the "since" generator to use the
-	# recency index to select candidate nodes and "fields" to limit the
-	# output to file names only. Then we're using the "expression" term to
-	# further constrain the results.
-	my $last_update_line = "";
-	if (substr($last_update_token, 0, 1) eq "c") {
-		$last_update_token = "\"$last_update_token\"";
-		$last_update_line = qq[\n"since": $last_update_token,];
-	}
-	my $query = <<"	END";
-		["query", "$git_work_tree", {$last_update_line
-			"fields": ["name"],
-			"expression": ["not", ["dirname", ".git"]]
-		}]
-	END
-
-	# Uncomment for debugging the watchman query
-	# open (my $fh, ">", ".git/watchman-query.json");
-	# print $fh $query;
-	# close $fh;
-
-	print CHLD_IN $query;
-	close CHLD_IN;
-	my $response = do {local $/; <CHLD_OUT>};
-
-	# Uncomment for debugging the watch response
-	# open ($fh, ">", ".git/watchman-response.json");
-	# print $fh $response;
-	# close $fh;
-
-	die "Watchman: command returned no output.\n" .
-	"Falling back to scanning...\n" if $response eq "";
-	die "Watchman: command returned invalid output: $response\n" .
-	"Falling back to scanning...\n" unless $response =~ /^\{/;
-
-	return $json_pkg->new->utf8->decode($response);
-}
-
-sub is_work_tree_watched {
-	my ($output) = @_;
-	my $error = $output->{error};
-	if ($retry > 0 and $error and $error =~ m/unable to resolve root .* directory (.*) is not watched/) {
-		$retry--;
-		my $response = qx/watchman watch "$git_work_tree"/;
-		die "Failed to make watchman watch '$git_work_tree'.\n" .
-		    "Falling back to scanning...\n" if $? != 0;
-		$output = $json_pkg->new->utf8->decode($response);
-		$error = $output->{error};
-		die "Watchman: $error.\n" .
-		"Falling back to scanning...\n" if $error;
-
-		# Uncomment for debugging watchman output
-		# open (my $fh, ">", ".git/watchman-output.out");
-		# close $fh;
-
-		# Watchman will always return all files on the first query so
-		# return the fast "everything is dirty" flag to git and do the
-		# Watchman query just to get it over with now so we won't pay
-		# the cost in git to look up each individual file.
-		my $o = watchman_clock();
-		$error = $output->{error};
-
-		die "Watchman: $error.\n" .
-		"Falling back to scanning...\n" if $error;
-
-		output_result($o->{clock}, ("/"));
-		$last_update_token = $o->{clock};
-
-		eval { launch_watchman() };
-		return 0;
-	}
-
-	die "Watchman: $error.\n" .
-	"Falling back to scanning...\n" if $error;
-
-	return 1;
-}
-
-sub get_working_dir {
-	my $working_dir;
-	if ($^O =~ 'msys' || $^O =~ 'cygwin') {
-		$working_dir = Win32::GetCwd();
-		$working_dir =~ tr/\\/\//;
-	} else {
-		require Cwd;
-		$working_dir = Cwd::cwd();
-	}
-
-	return $working_dir;
-}
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample b/pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample
deleted file mode 100755
index ec17ec1939b7..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/post-update.sample
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to prepare a packed repository for use over
-# dumb transports.
-#
-# To enable this hook, rename this file to "post-update".
-
-exec git update-server-info
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample
deleted file mode 100755
index 4142082bcb93..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/pre-applypatch.sample
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed
-# by applypatch from an e-mail message.
-#
-# The hook should exit with non-zero status after issuing an
-# appropriate message if it wants to stop the commit.
-#
-# To enable this hook, rename this file to "pre-applypatch".
-
-. git-sh-setup
-precommit="$(git rev-parse --git-path hooks/pre-commit)"
-test -x "$precommit" && exec "$precommit" ${1+"$@"}
-:
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample
deleted file mode 100755
index e144712c85c0..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/pre-commit.sample
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed.
-# Called by "git commit" with no arguments.  The hook should
-# exit with non-zero status after issuing an appropriate message if
-# it wants to stop the commit.
-#
-# To enable this hook, rename this file to "pre-commit".
-
-if git rev-parse --verify HEAD >/dev/null 2>&1
-then
-	against=HEAD
-else
-	# Initial commit: diff against an empty tree object
-	against=$(git hash-object -t tree /dev/null)
-fi
-
-# If you want to allow non-ASCII filenames set this variable to true.
-allownonascii=$(git config --type=bool hooks.allownonascii)
-
-# Redirect output to stderr.
-exec 1>&2
-
-# Cross platform projects tend to avoid non-ASCII filenames; prevent
-# them from being added to the repository. We exploit the fact that the
-# printable range starts at the space character and ends with tilde.
-if [ "$allownonascii" != "true" ] &&
-	# Note that the use of brackets around a tr range is ok here, (it's
-	# even required, for portability to Solaris 10's /usr/bin/tr), since
-	# the square bracket bytes happen to fall in the designated range.
-	test $(git diff --cached --name-only --diff-filter=A -z $against |
-	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
-then
-	cat <<\EOF
-Error: Attempt to add a non-ASCII file name.
-
-This can cause problems if you want to work with people on other platforms.
-
-To be portable it is advisable to rename the file.
-
-If you know what you are doing you can disable this check using:
-
-  git config hooks.allownonascii true
-EOF
-	exit 1
-fi
-
-# If there are whitespace errors, print the offending file names and fail.
-exec git diff-index --check --cached $against --
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample
deleted file mode 100755
index 399eab1924e3..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/pre-merge-commit.sample
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to verify what is about to be committed.
-# Called by "git merge" with no arguments.  The hook should
-# exit with non-zero status after issuing an appropriate message to
-# stderr if it wants to stop the merge commit.
-#
-# To enable this hook, rename this file to "pre-merge-commit".
-
-. git-sh-setup
-test -x "$GIT_DIR/hooks/pre-commit" &&
-        exec "$GIT_DIR/hooks/pre-commit"
-:
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample
deleted file mode 100755
index 4ce688d32b75..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/pre-push.sample
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/sh
-
-# An example hook script to verify what is about to be pushed.  Called by "git
-# push" after it has checked the remote status, but before anything has been
-# pushed.  If this script exits with a non-zero status nothing will be pushed.
-#
-# This hook is called with the following parameters:
-#
-# $1 -- Name of the remote to which the push is being done
-# $2 -- URL to which the push is being done
-#
-# If pushing without using a named remote those arguments will be equal.
-#
-# Information about the commits which are being pushed is supplied as lines to
-# the standard input in the form:
-#
-#   <local ref> <local oid> <remote ref> <remote oid>
-#
-# This sample shows how to prevent push of commits where the log message starts
-# with "WIP" (work in progress).
-
-remote="$1"
-url="$2"
-
-zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
-
-while read local_ref local_oid remote_ref remote_oid
-do
-	if test "$local_oid" = "$zero"
-	then
-		# Handle delete
-		:
-	else
-		if test "$remote_oid" = "$zero"
-		then
-			# New branch, examine all commits
-			range="$local_oid"
-		else
-			# Update to existing branch, examine new commits
-			range="$remote_oid..$local_oid"
-		fi
-
-		# Check for WIP commit
-		commit=$(git rev-list -n 1 --grep '^WIP' "$range")
-		if test -n "$commit"
-		then
-			echo >&2 "Found WIP commit in $local_ref, not pushing"
-			exit 1
-		fi
-	fi
-done
-
-exit 0
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample
deleted file mode 100755
index 6cbef5c370d8..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/pre-rebase.sample
+++ /dev/null
@@ -1,169 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2006, 2008 Junio C Hamano
-#
-# The "pre-rebase" hook is run just before "git rebase" starts doing
-# its job, and can prevent the command from running by exiting with
-# non-zero status.
-#
-# The hook is called with the following parameters:
-#
-# $1 -- the upstream the series was forked from.
-# $2 -- the branch being rebased (or empty when rebasing the current branch).
-#
-# This sample shows how to prevent topic branches that are already
-# merged to 'next' branch from getting rebased, because allowing it
-# would result in rebasing already published history.
-
-publish=next
-basebranch="$1"
-if test "$#" = 2
-then
-	topic="refs/heads/$2"
-else
-	topic=`git symbolic-ref HEAD` ||
-	exit 0 ;# we do not interrupt rebasing detached HEAD
-fi
-
-case "$topic" in
-refs/heads/??/*)
-	;;
-*)
-	exit 0 ;# we do not interrupt others.
-	;;
-esac
-
-# Now we are dealing with a topic branch being rebased
-# on top of master.  Is it OK to rebase it?
-
-# Does the topic really exist?
-git show-ref -q "$topic" || {
-	echo >&2 "No such branch $topic"
-	exit 1
-}
-
-# Is topic fully merged to master?
-not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
-if test -z "$not_in_master"
-then
-	echo >&2 "$topic is fully merged to master; better remove it."
-	exit 1 ;# we could allow it, but there is no point.
-fi
-
-# Is topic ever merged to next?  If so you should not be rebasing it.
-only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
-only_next_2=`git rev-list ^master           ${publish} | sort`
-if test "$only_next_1" = "$only_next_2"
-then
-	not_in_topic=`git rev-list "^$topic" master`
-	if test -z "$not_in_topic"
-	then
-		echo >&2 "$topic is already up to date with master"
-		exit 1 ;# we could allow it, but there is no point.
-	else
-		exit 0
-	fi
-else
-	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
-	/usr/bin/perl -e '
-		my $topic = $ARGV[0];
-		my $msg = "* $topic has commits already merged to public branch:\n";
-		my (%not_in_next) = map {
-			/^([0-9a-f]+) /;
-			($1 => 1);
-		} split(/\n/, $ARGV[1]);
-		for my $elem (map {
-				/^([0-9a-f]+) (.*)$/;
-				[$1 => $2];
-			} split(/\n/, $ARGV[2])) {
-			if (!exists $not_in_next{$elem->[0]}) {
-				if ($msg) {
-					print STDERR $msg;
-					undef $msg;
-				}
-				print STDERR " $elem->[1]\n";
-			}
-		}
-	' "$topic" "$not_in_next" "$not_in_master"
-	exit 1
-fi
-
-<<\DOC_END
-
-This sample hook safeguards topic branches that have been
-published from being rewound.
-
-The workflow assumed here is:
-
- * Once a topic branch forks from "master", "master" is never
-   merged into it again (either directly or indirectly).
-
- * Once a topic branch is fully cooked and merged into "master",
-   it is deleted.  If you need to build on top of it to correct
-   earlier mistakes, a new topic branch is created by forking at
-   the tip of the "master".  This is not strictly necessary, but
-   it makes it easier to keep your history simple.
-
- * Whenever you need to test or publish your changes to topic
-   branches, merge them into "next" branch.
-
-The script, being an example, hardcodes the publish branch name
-to be "next", but it is trivial to make it configurable via
-$GIT_DIR/config mechanism.
-
-With this workflow, you would want to know:
-
-(1) ... if a topic branch has ever been merged to "next".  Young
-    topic branches can have stupid mistakes you would rather
-    clean up before publishing, and things that have not been
-    merged into other branches can be easily rebased without
-    affecting other people.  But once it is published, you would
-    not want to rewind it.
-
-(2) ... if a topic branch has been fully merged to "master".
-    Then you can delete it.  More importantly, you should not
-    build on top of it -- other people may already want to
-    change things related to the topic as patches against your
-    "master", so if you need further changes, it is better to
-    fork the topic (perhaps with the same name) afresh from the
-    tip of "master".
-
-Let's look at this example:
-
-		   o---o---o---o---o---o---o---o---o---o "next"
-		  /       /           /           /
-		 /   a---a---b A     /           /
-		/   /               /           /
-	       /   /   c---c---c---c B         /
-	      /   /   /             \         /
-	     /   /   /   b---b C     \       /
-	    /   /   /   /             \     /
-    ---o---o---o---o---o---o---o---o---o---o---o "master"
-
-
-A, B and C are topic branches.
-
- * A has one fix since it was merged up to "next".
-
- * B has finished.  It has been fully merged up to "master" and "next",
-   and is ready to be deleted.
-
- * C has not merged to "next" at all.
-
-We would want to allow C to be rebased, refuse A, and encourage
-B to be deleted.
-
-To compute (1):
-
-	git rev-list ^master ^topic next
-	git rev-list ^master        next
-
-	if these match, topic has not merged in next at all.
-
-To compute (2):
-
-	git rev-list master..topic
-
-	if this is empty, it is fully merged to "master".
-
-DOC_END
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample b/pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample
deleted file mode 100755
index a1fd29ec1482..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/pre-receive.sample
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to make use of push options.
-# The example simply echoes all push options that start with 'echoback='
-# and rejects all pushes when the "reject" push option is used.
-#
-# To enable this hook, rename this file to "pre-receive".
-
-if test -n "$GIT_PUSH_OPTION_COUNT"
-then
-	i=0
-	while test "$i" -lt "$GIT_PUSH_OPTION_COUNT"
-	do
-		eval "value=\$GIT_PUSH_OPTION_$i"
-		case "$value" in
-		echoback=*)
-			echo "echo from the pre-receive-hook: ${value#*=}" >&2
-			;;
-		reject)
-			exit 1
-		esac
-		i=$((i + 1))
-	done
-fi
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample b/pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample
deleted file mode 100755
index 10fa14c5ab01..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/prepare-commit-msg.sample
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to prepare the commit log message.
-# Called by "git commit" with the name of the file that has the
-# commit message, followed by the description of the commit
-# message's source.  The hook's purpose is to edit the commit
-# message file.  If the hook fails with a non-zero status,
-# the commit is aborted.
-#
-# To enable this hook, rename this file to "prepare-commit-msg".
-
-# This hook includes three examples. The first one removes the
-# "# Please enter the commit message..." help message.
-#
-# The second includes the output of "git diff --name-status -r"
-# into the message, just before the "git status" output.  It is
-# commented because it doesn't cope with --amend or with squashed
-# commits.
-#
-# The third example adds a Signed-off-by line to the message, that can
-# still be edited.  This is rarely a good idea.
-
-COMMIT_MSG_FILE=$1
-COMMIT_SOURCE=$2
-SHA1=$3
-
-/usr/bin/perl -i.bak -ne 'print unless(m/^. Please enter the commit message/..m/^#$/)' "$COMMIT_MSG_FILE"
-
-# case "$COMMIT_SOURCE,$SHA1" in
-#  ,|template,)
-#    /usr/bin/perl -i.bak -pe '
-#       print "\n" . `git diff --cached --name-status -r`
-# 	 if /^#/ && $first++ == 0' "$COMMIT_MSG_FILE" ;;
-#  *) ;;
-# esac
-
-# SOB=$(git var GIT_COMMITTER_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
-# git interpret-trailers --in-place --trailer "$SOB" "$COMMIT_MSG_FILE"
-# if test -z "$COMMIT_SOURCE"
-# then
-#   /usr/bin/perl -i.bak -pe 'print "\n" if !$first_line++' "$COMMIT_MSG_FILE"
-# fi
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample b/pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample
deleted file mode 100755
index af5a0c0018b5..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/push-to-checkout.sample
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-# An example hook script to update a checked-out tree on a git push.
-#
-# This hook is invoked by git-receive-pack(1) when it reacts to git
-# push and updates reference(s) in its repository, and when the push
-# tries to update the branch that is currently checked out and the
-# receive.denyCurrentBranch configuration variable is set to
-# updateInstead.
-#
-# By default, such a push is refused if the working tree and the index
-# of the remote repository has any difference from the currently
-# checked out commit; when both the working tree and the index match
-# the current commit, they are updated to match the newly pushed tip
-# of the branch. This hook is to be used to override the default
-# behaviour; however the code below reimplements the default behaviour
-# as a starting point for convenient modification.
-#
-# The hook receives the commit with which the tip of the current
-# branch is going to be updated:
-commit=$1
-
-# It can exit with a non-zero status to refuse the push (when it does
-# so, it must not modify the index or the working tree).
-die () {
-	echo >&2 "$*"
-	exit 1
-}
-
-# Or it can make any necessary changes to the working tree and to the
-# index to bring them to the desired state when the tip of the current
-# branch is updated to the new commit, and exit with a zero status.
-#
-# For example, the hook can simply run git read-tree -u -m HEAD "$1"
-# in order to emulate git fetch that is run in the reverse direction
-# with git push, as the two-tree form of git read-tree -u -m is
-# essentially the same as git switch or git checkout that switches
-# branches while keeping the local changes in the working tree that do
-# not interfere with the difference between the branches.
-
-# The below is a more-or-less exact translation to shell of the C code
-# for the default behaviour for git's push-to-checkout hook defined in
-# the push_to_deploy() function in builtin/receive-pack.c.
-#
-# Note that the hook will be executed from the repository directory,
-# not from the working tree, so if you want to perform operations on
-# the working tree, you will have to adapt your code accordingly, e.g.
-# by adding "cd .." or using relative paths.
-
-if ! git update-index -q --ignore-submodules --refresh
-then
-	die "Up-to-date check failed"
-fi
-
-if ! git diff-files --quiet --ignore-submodules --
-then
-	die "Working directory has unstaged changes"
-fi
-
-# This is a rough translation of:
-#
-#   head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX
-if git cat-file -e HEAD 2>/dev/null
-then
-	head=HEAD
-else
-	head=$(git hash-object -t tree --stdin </dev/null)
-fi
-
-if ! git diff-index --quiet --cached --ignore-submodules $head --
-then
-	die "Working directory has staged changes"
-fi
-
-if ! git read-tree -u -m "$commit"
-then
-	die "Could not update working tree to new HEAD"
-fi
diff --git a/pkg/plugin/testdata/test_plugin.git/hooks/update.sample b/pkg/plugin/testdata/test_plugin.git/hooks/update.sample
deleted file mode 100755
index c4d426bc6ee9..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/hooks/update.sample
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/sh
-#
-# An example hook script to block unannotated tags from entering.
-# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
-#
-# To enable this hook, rename this file to "update".
-#
-# Config
-# ------
-# hooks.allowunannotated
-#   This boolean sets whether unannotated tags will be allowed into the
-#   repository.  By default they won't be.
-# hooks.allowdeletetag
-#   This boolean sets whether deleting tags will be allowed in the
-#   repository.  By default they won't be.
-# hooks.allowmodifytag
-#   This boolean sets whether a tag may be modified after creation. By default
-#   it won't be.
-# hooks.allowdeletebranch
-#   This boolean sets whether deleting branches will be allowed in the
-#   repository.  By default they won't be.
-# hooks.denycreatebranch
-#   This boolean sets whether remotely creating branches will be denied
-#   in the repository.  By default this is allowed.
-#
-
-# --- Command line
-refname="$1"
-oldrev="$2"
-newrev="$3"
-
-# --- Safety check
-if [ -z "$GIT_DIR" ]; then
-	echo "Don't run this script from the command line." >&2
-	echo " (if you want, you could supply GIT_DIR then run" >&2
-	echo "  $0 <ref> <oldrev> <newrev>)" >&2
-	exit 1
-fi
-
-if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
-	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
-	exit 1
-fi
-
-# --- Config
-allowunannotated=$(git config --type=bool hooks.allowunannotated)
-allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
-denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
-allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
-allowmodifytag=$(git config --type=bool hooks.allowmodifytag)
-
-# check for no description
-projectdesc=$(sed -e '1q' "$GIT_DIR/description")
-case "$projectdesc" in
-"Unnamed repository"* | "")
-	echo "*** Project description file hasn't been set" >&2
-	exit 1
-	;;
-esac
-
-# --- Check types
-# if $newrev is 0000...0000, it's a commit to delete a ref.
-zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
-if [ "$newrev" = "$zero" ]; then
-	newrev_type=delete
-else
-	newrev_type=$(git cat-file -t $newrev)
-fi
-
-case "$refname","$newrev_type" in
-	refs/tags/*,commit)
-		# un-annotated tag
-		short_refname=${refname##refs/tags/}
-		if [ "$allowunannotated" != "true" ]; then
-			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
-			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
-			exit 1
-		fi
-		;;
-	refs/tags/*,delete)
-		# delete tag
-		if [ "$allowdeletetag" != "true" ]; then
-			echo "*** Deleting a tag is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	refs/tags/*,tag)
-		# annotated tag
-		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
-		then
-			echo "*** Tag '$refname' already exists." >&2
-			echo "*** Modifying a tag is not allowed in this repository." >&2
-			exit 1
-		fi
-		;;
-	refs/heads/*,commit)
-		# branch
-		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
-			echo "*** Creating a branch is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	refs/heads/*,delete)
-		# delete branch
-		if [ "$allowdeletebranch" != "true" ]; then
-			echo "*** Deleting a branch is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	refs/remotes/*,commit)
-		# tracking branch
-		;;
-	refs/remotes/*,delete)
-		# delete tracking branch
-		if [ "$allowdeletebranch" != "true" ]; then
-			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
-			exit 1
-		fi
-		;;
-	*)
-		# Anything else (is there anything else?)
-		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
-		exit 1
-		;;
-esac
-
-# --- Finished
-exit 0
diff --git a/pkg/plugin/testdata/test_plugin.git/info/exclude b/pkg/plugin/testdata/test_plugin.git/info/exclude
deleted file mode 100644
index a5196d1be8fb..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/info/exclude
+++ /dev/null
@@ -1,6 +0,0 @@
-# git ls-files --others --exclude-from=.git/info/exclude
-# Lines that start with '#' are comments.
-# For a project mostly in C, the following would be a good set of
-# exclude patterns (uncomment them if you want to use them):
-# *.[oa]
-# *~

From ac28cbd7b7109e974a7e0e098e858e3831fc57a4 Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Tue, 14 May 2024 16:10:50 +0400
Subject: [PATCH 06/11] test: run git server only on linux

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/plugin/manager_test.go                    | 145 +---------------
 pkg/plugin/manager_unix_test.go               | 155 ++++++++++++++++++
 .../testdata/test_plugin.git/description      |   1 +
 .../testdata/test_plugin.git/info/exclude     |   6 +
 .../0a/0290c4e05757f323e8307974b40f0282d69985 | Bin 345 -> 0 bytes
 .../2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29 | Bin 91 -> 0 bytes
 .../3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf | Bin 0 -> 343 bytes
 .../96/e190ae5bcaa3900e568608faf00f16c3ff2714 |   2 +
 .../b0/219198cda98f46a2cef00561c00a251946e621 | Bin 381 -> 0 bytes
 .../b8/fad1dc57e9b544da159fd2da39f82d4dcce34a | Bin 0 -> 165 bytes
 .../dd/c882ca64495a0498b3303be6a4ae58213f0485 | Bin 0 -> 91 bytes
 .../dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09 | Bin 165 -> 0 bytes
 .../testdata/test_plugin.git/packed-refs      |   6 +-
 13 files changed, 169 insertions(+), 146 deletions(-)
 create mode 100644 pkg/plugin/manager_unix_test.go
 create mode 100644 pkg/plugin/testdata/test_plugin.git/description
 create mode 100644 pkg/plugin/testdata/test_plugin.git/info/exclude
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/0a/0290c4e05757f323e8307974b40f0282d69985
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/b0/219198cda98f46a2cef00561c00a251946e621
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/b8/fad1dc57e9b544da159fd2da39f82d4dcce34a
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/dd/c882ca64495a0498b3303be6a4ae58213f0485
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09

diff --git a/pkg/plugin/manager_test.go b/pkg/plugin/manager_test.go
index e42191f7fdac..c831f77ed6f8 100644
--- a/pkg/plugin/manager_test.go
+++ b/pkg/plugin/manager_test.go
@@ -1,17 +1,14 @@
+//go:build unix
+
 package plugin_test
 
 import (
-	"archive/zip"
 	"bytes"
 	"context"
 	"github.com/aquasecurity/trivy/pkg/clock"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
-	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
-	"github.com/sosedoff/gitkit"
 	"log/slog"
-	"net/http"
-	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -25,21 +22,6 @@ import (
 	"github.com/aquasecurity/trivy/pkg/plugin"
 )
 
-func setupGitServer() (*httptest.Server, error) {
-	service := gitkit.New(gitkit.Config{
-		Dir:        "./testdata",
-		AutoCreate: false,
-	})
-
-	if err := service.Setup(); err != nil {
-		return nil, err
-	}
-
-	ts := httptest.NewServer(service)
-
-	return ts, nil
-}
-
 func TestManager_Run(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		// the test.sh script can't be run on windows so skipping
@@ -200,129 +182,6 @@ func TestManager_Run(t *testing.T) {
 	}
 }
 
-func TestManager_Install(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		// the test.sh script can't be run on windows so skipping
-		t.Skip("Test satisfied adequately by Linux tests")
-	}
-
-	ts, err := setupGitServer()
-	require.NoError(t, err)
-	defer ts.Close()
-
-	wantPlugin := plugin.Plugin{
-		Name:        "test_plugin",
-		Repository:  "github.com/aquasecurity/trivy-plugin-test",
-		Version:     "0.2.0",
-		Summary:     "test",
-		Description: "test",
-		Platforms: []plugin.Platform{
-			{
-				Selector: &plugin.Selector{
-					OS:   "linux",
-					Arch: "amd64",
-				},
-				URI: "./test.sh",
-				Bin: "./test.sh",
-			},
-		},
-		Installed: plugin.Installed{
-			Platform: plugin.Selector{
-				OS:   "linux",
-				Arch: "amd64",
-			},
-		},
-	}
-	wantPluginWithVersion := wantPlugin
-	wantPluginWithVersion.Version = "0.1.0"
-
-	tests := []struct {
-		name       string
-		pluginName string
-		want       plugin.Plugin
-		wantFile   string
-		wantErr    string
-	}{
-		{
-			name:     "http",
-			want:     wantPlugin,
-			wantFile: ".trivy/plugins/test_plugin/test.sh",
-		},
-		{
-			name:       "local path",
-			pluginName: "testdata/test_plugin",
-			want:       wantPlugin,
-			wantFile:   ".trivy/plugins/test_plugin/test.sh",
-		},
-		{
-			name:       "git",
-			pluginName: "git::" + ts.URL + "/test_plugin.git",
-			want:       wantPlugin,
-			wantFile:   ".trivy/plugins/test_plugin/test.sh",
-		},
-		{
-			name:       "with version",
-			pluginName: "git::" + ts.URL + "/test_plugin.git@v0.1.0",
-			want:       wantPluginWithVersion,
-			wantFile:   ".trivy/plugins/test_plugin/test.sh",
-		},
-		{
-			name:       "via index",
-			pluginName: "test",
-			want:       wantPlugin,
-			wantFile:   ".trivy/plugins/test_plugin/test.sh",
-		},
-		{
-			name:       "plugin not found",
-			pluginName: "testdata/not_found",
-			wantErr:    "no such file or directory",
-		},
-		{
-			name:       "no plugin.yaml",
-			pluginName: "testdata/no_yaml",
-			wantErr:    "file open error",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			// The test plugin will be installed here
-			dst := t.TempDir()
-			t.Setenv("XDG_DATA_HOME", dst)
-
-			// For plugin index
-			fsutils.SetCacheDir("testdata")
-
-			if tt.pluginName == "" {
-				ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-					zr := zip.NewWriter(w)
-					require.NoError(t, zr.AddFS(os.DirFS("testdata/test_plugin")))
-					require.NoError(t, zr.Close())
-				}))
-				t.Cleanup(ts.Close)
-				tt.pluginName = ts.URL + "/test_plugin.zip"
-			}
-
-			got, err := plugin.NewManager().Install(context.Background(), tt.pluginName, plugin.Options{
-				Platform: ftypes.Platform{
-					Platform: &v1.Platform{
-						Architecture: "amd64",
-						OS:           "linux",
-					},
-				},
-			})
-			if tt.wantErr != "" {
-				require.ErrorContains(t, err, tt.wantErr)
-				return
-			}
-			assert.NoError(t, err)
-
-			assert.EqualExportedValues(t, tt.want, got)
-			assert.FileExists(t, filepath.Join(dst, tt.wantFile))
-		})
-	}
-}
-
 func TestManager_Uninstall(t *testing.T) {
 	ctx := clock.With(context.Background(), time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 	pluginName := "test_plugin"
diff --git a/pkg/plugin/manager_unix_test.go b/pkg/plugin/manager_unix_test.go
new file mode 100644
index 000000000000..f9f8cfecd008
--- /dev/null
+++ b/pkg/plugin/manager_unix_test.go
@@ -0,0 +1,155 @@
+//go:build unix
+
+package plugin_test
+
+import (
+	"archive/zip"
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"testing"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/sosedoff/gitkit" // Not work on Windows
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/plugin"
+	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
+)
+
+func setupGitServer() (*httptest.Server, error) {
+	service := gitkit.New(gitkit.Config{
+		Dir:        "./testdata",
+		AutoCreate: false,
+	})
+
+	if err := service.Setup(); err != nil {
+		return nil, err
+	}
+
+	ts := httptest.NewServer(service)
+
+	return ts, nil
+}
+
+func TestManager_Install(t *testing.T) {
+	ts, err := setupGitServer()
+	require.NoError(t, err)
+	defer ts.Close()
+
+	wantPlugin := plugin.Plugin{
+		Name:        "test_plugin",
+		Repository:  "github.com/aquasecurity/trivy-plugin-test",
+		Version:     "0.2.0",
+		Summary:     "test",
+		Description: "test",
+		Platforms: []plugin.Platform{
+			{
+				Selector: &plugin.Selector{
+					OS:   "linux",
+					Arch: "amd64",
+				},
+				URI: "./test.sh",
+				Bin: "./test.sh",
+			},
+		},
+		Installed: plugin.Installed{
+			Platform: plugin.Selector{
+				OS:   "linux",
+				Arch: "amd64",
+			},
+		},
+	}
+	wantPluginWithVersion := wantPlugin
+	wantPluginWithVersion.Version = "0.1.0"
+
+	tests := []struct {
+		name       string
+		pluginName string
+		want       plugin.Plugin
+		wantFile   string
+		wantErr    string
+	}{
+		{
+			name:     "http",
+			want:     wantPlugin,
+			wantFile: ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "local path",
+			pluginName: "testdata/test_plugin",
+			want:       wantPlugin,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "git",
+			pluginName: "git::" + ts.URL + "/test_plugin.git",
+			want:       wantPlugin,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "with version",
+			pluginName: "git::" + ts.URL + "/test_plugin.git@v0.1.0",
+			want:       wantPluginWithVersion,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "via index",
+			pluginName: "test",
+			want:       wantPlugin,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+		},
+		{
+			name:       "plugin not found",
+			pluginName: "testdata/not_found",
+			wantErr:    "no such file or directory",
+		},
+		{
+			name:       "no plugin.yaml",
+			pluginName: "testdata/no_yaml",
+			wantErr:    "file open error",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// The test plugin will be installed here
+			dst := t.TempDir()
+			t.Setenv("XDG_DATA_HOME", dst)
+
+			// For plugin index
+			fsutils.SetCacheDir("testdata")
+
+			if tt.pluginName == "" {
+				ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					zr := zip.NewWriter(w)
+					require.NoError(t, zr.AddFS(os.DirFS("testdata/test_plugin")))
+					require.NoError(t, zr.Close())
+				}))
+				t.Cleanup(ts.Close)
+				tt.pluginName = ts.URL + "/test_plugin.zip"
+			}
+
+			got, err := plugin.NewManager().Install(context.Background(), tt.pluginName, plugin.Options{
+				Platform: ftypes.Platform{
+					Platform: &v1.Platform{
+						Architecture: "amd64",
+						OS:           "linux",
+					},
+				},
+			})
+			if tt.wantErr != "" {
+				require.ErrorContains(t, err, tt.wantErr)
+				return
+			}
+			assert.NoError(t, err)
+
+			assert.EqualExportedValues(t, tt.want, got)
+			assert.FileExists(t, filepath.Join(dst, tt.wantFile))
+		})
+	}
+}
diff --git a/pkg/plugin/testdata/test_plugin.git/description b/pkg/plugin/testdata/test_plugin.git/description
new file mode 100644
index 000000000000..498b267a8c78
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/pkg/plugin/testdata/test_plugin.git/info/exclude b/pkg/plugin/testdata/test_plugin.git/info/exclude
new file mode 100644
index 000000000000..a5196d1be8fb
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/pkg/plugin/testdata/test_plugin.git/objects/0a/0290c4e05757f323e8307974b40f0282d69985 b/pkg/plugin/testdata/test_plugin.git/objects/0a/0290c4e05757f323e8307974b40f0282d69985
deleted file mode 100644
index 9245bbdf4797fe42e6b012167e68e9bfa385e753..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 345
zcmV-f0jB<V0hN$jZ-PJ&h5Nj}V&6$ySZ<QEO_h5TA_BJZwk*2{a`A$;^6LwlzV)Ri
znas?WoSEd1wyui~N~-qI9VvwfW0WbGiqf$&nTU*K2&a6iO^8H^hL|Q(qyc>Hw(Sw_
zn!}YLMT9TE(|cayqIx22{RRb9kd=ufYZ~NuiRZyUhj$(Qw=v)6ry_@sqh_Y<`Y;R~
z7`nDUjpCJg;{e8j@5X%POh*Mn8QwT8i0HSAkM+(gW5J7dBg>ylZ_$f$qjd7GZF4F$
z7Lc4x3?~Qh_-P$H-%I3Z`HeZA+#E)NDt@%ymGsy)himSz&Z3d&qTgd(s1m~!{K%96
z9BH7Zp~G1xwkK#c?<^U0Yie!EXM5ADbXj|ulU*p|8dFZ!>72WkONB|a$_&Q4mlekl
rfFep0y*W#Wp7o%)EFAkV^<Kd}4%0XO3Ih~P(G|FY_sqc$bQqA_d||Eb

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29 b/pkg/plugin/testdata/test_plugin.git/objects/2a/a2d6d72ba2d6f5c3ffd2ab0b98c4ec92f95e29
deleted file mode 100644
index 7cdbe11da32360e22dcb8b46124073b76476fc20..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;xcgYjHeieTT>qBGJ(vH9
x`gZvFZ~~Q?o0=+=q!yRx6=yJbvYI|{e?E2T$zZl~8Zz@a&Tfvb0RX3r9+GWoD^LIc

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf b/pkg/plugin/testdata/test_plugin.git/objects/3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf
new file mode 100644
index 0000000000000000000000000000000000000000..90ef65cdcbb0f3ea5eb0221c0917783cada503ae
GIT binary patch
literal 343
zcmV-d0jU0X0hN$TZ-X!pgnRa{@I7j3V;~^4RUuHI1S=#EQf`g|&WlnAdH(uBqTYJx
zNGr{L((FpZ%c58}P#)lirp_|BTyjm5I8$X=R~V9YZ9xbki%exQ%M?w*BuBEQ0Cs3r
zWevAq)g_ly0-t}~n<&_N*XL#N3h@9d14TwUf;}W71X|j@YqEa_#kbh61$^ve+Kxxz
zbn3#X=TIYxC-#j47-Q<iXy+Q8!gj2nb0bb@IZ9^RU=!mY+ICDlZGzF2_}0c1r`6Yf
zqvs(Pxn{Wnz<T~(1vE&NXnbZp#BT{Jm3F9$-j!aNW4G75b~U4p4GF!nA>O5yhiPOh
z0CqGqFWXwNlGKe<S|lb3#|M(cj+h*i>TH;mN(%nzU}j#9Z0_@LJj-jpS2l}}Df4y7
psQ{$xIxeVt%;uJtJNka@oP_ZL?seGI`l}3ZM19;x;0LO$j3F)Mq{ILK

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714 b/pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714
new file mode 100644
index 000000000000..2bc33b30b6af
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714
@@ -0,0 +1,2 @@
+x
��Ko�@���_1{��<���V�@��@�
��nf<31�!Ї}!Qw��HW:����Ց��=���އ�S
+%'��u1���u�b�ai�%Z�(e�+�Թ�T`���֚k��.��Җ�.�pWzB>�ϗ��/�5YR���jZ~l���~����c[Q8CB`��{���ף�'��5��n�[g~Qn�7`�3V�&�'����I�K��xJ���ibfQ�ɍn�:6?�ϯ��si���n��fie��ɷDX�M�wU7���kl\W����x��*d8+"���,�D����}|����e�Iv����˅�6�-bV(�kPC����L�{Y�|�xm�mbz�y�i���-���ཎ(�U���d���B��
\ No newline at end of file
diff --git a/pkg/plugin/testdata/test_plugin.git/objects/b0/219198cda98f46a2cef00561c00a251946e621 b/pkg/plugin/testdata/test_plugin.git/objects/b0/219198cda98f46a2cef00561c00a251946e621
deleted file mode 100644
index 28d704514c7a0c09e14b7a1f40775f1619322b5e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 381
zcmV-@0fPQ`0hN$TZ=*mEgma!>F?TD@Jb27VyQ?^W0mmQ{!zSSdlK~9a*ciX~^$Uq|
z%VkSysrr+u)hf|!x0?>CnBR4+l#oav6GB*;F@}*sWU4D4G}Sm3s?d@&OG&0nsepab
z%3TLhf(S=Kkx125J)?w5Mv=~SB~?&{2qPaF=S&63sVkZmR=dM3BN~OjzTIQKO*ZvZ
zG}}KA>sZy8!ZZ#iNI?h;ba=0m{~gTt`EirO`%zDp?fP)NcHr8z{aF~jSf3og2>Wh?
zYG*bo7{>HQw-nTGmal&+uZ*x4RwK(FN^jZIXR~zjOR+naJPSmgG1JKbY~SVw&-Y?A
zTwRk15}ye(CN&zPUyA$0wuWo&us($&GpOGu2Cie%#eQh10FE?R^yhVVHmv#V!W}DU
z7uUF28Fq)QlibbiqHPMVcrRa9@28k$(dK4d$^K<BKVV5&*e?_SHF3I<m4^eftZH#P
bz8UHz_zk}5uzd5UGQb&4$rOQq1F4!pB!RTN

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/b8/fad1dc57e9b544da159fd2da39f82d4dcce34a b/pkg/plugin/testdata/test_plugin.git/objects/b8/fad1dc57e9b544da159fd2da39f82d4dcce34a
new file mode 100644
index 0000000000000000000000000000000000000000..643551faa0c5714a59efb1bed461a3cab32424c8
GIT binary patch
literal 165
zcmV;W09yZe0Y#2W4#OY}M7!n`R`wxjRCU2+Dj+nm#IG2l=Jo|zsou@AXU56~1<NvD
zymUsukPYQWv}Hp-uw-H&%psiuHq3ibTn9JFSCM3NNtn+mCp^ya>lmAx9VQV5U&Cg8
z<@3O(I44_1U$2IA!kGI>C(+9M49SsT03(pGM%U7&+5{3{(U<p6%cOS!(yjMfC-n~j
Td}>jg_Kp<R`ak*rVd+YEW4caN

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/dd/c882ca64495a0498b3303be6a4ae58213f0485 b/pkg/plugin/testdata/test_plugin.git/objects/dd/c882ca64495a0498b3303be6a4ae58213f0485
new file mode 100644
index 0000000000000000000000000000000000000000..12c485b8eebc9109746f60712543f49600b49890
GIT binary patch
literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;*zxP)o$!}iU2ciazjVv;
xhpz9L$6i2X=BB0!C8@<Fdc_$Go~))1+@DWfdNP>poQBMNj<cJiYXC2KA&IOnEW-c*

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09 b/pkg/plugin/testdata/test_plugin.git/objects/dd/e31a3d50b4279d4f84e38cd3fe154d884e4c09
deleted file mode 100644
index bf920dc6e5f74b4d81bffef054a0cc571b558a7d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 165
zcmV;W09yZe0X>e*4#FT1ggx^Vo8C)XV@%{_3{bS2@Fxq6eR~0odz)`}W>(pt;Jn;U
zUOFRS$cFMg+VVs{uw-H&%pn~Do|w0yxDIZTuOi9lk}w}rPPiZA*D*FX+f5=2zJ|?w
z;q$<#I44_1U$2IA!kGI>C(+9M2+5IP03(pGM%U7&+5{3{(U<p6%cM5}(yiA^C-n~j
Td}>jgwvH6m`ak*r9#~3tBvnrH

diff --git a/pkg/plugin/testdata/test_plugin.git/packed-refs b/pkg/plugin/testdata/test_plugin.git/packed-refs
index 1690e340878c..539634191094 100644
--- a/pkg/plugin/testdata/test_plugin.git/packed-refs
+++ b/pkg/plugin/testdata/test_plugin.git/packed-refs
@@ -1,4 +1,4 @@
 # pack-refs with: peeled fully-peeled sorted 
-b0219198cda98f46a2cef00561c00a251946e621 refs/heads/main
-0a0290c4e05757f323e8307974b40f0282d69985 refs/tags/v0.1.0
-b0219198cda98f46a2cef00561c00a251946e621 refs/tags/v0.2.0
+96e190ae5bcaa3900e568608faf00f16c3ff2714 refs/heads/main
+3b147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf refs/tags/v0.1.0
+96e190ae5bcaa3900e568608faf00f16c3ff2714 refs/tags/v0.2.0

From 7862d49b4c37b9fc0174526d873b788cf15b23f0 Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Wed, 15 May 2024 10:48:14 +0400
Subject: [PATCH 07/11] fix: add refs dir

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep | 0
 pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep  | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep
 create mode 100644 pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep

diff --git a/pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep b/pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep b/pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep
new file mode 100644
index 000000000000..e69de29bb2d1

From 0b1556d0a9bba57b57d7b254c7b83d56de6e535b Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Thu, 16 May 2024 08:24:20 +0400
Subject: [PATCH 08/11] feat: check if the same version installed

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/plugin/index.go                           |   1 +
 pkg/plugin/index_test.go                      |   2 +-
 pkg/plugin/manager.go                         |  26 ++++--
 pkg/plugin/manager_test.go                    |  61 +++++++-----
 pkg/plugin/manager_unix_test.go               |  88 ++++++++++++++----
 pkg/plugin/testdata/plugin/index.yaml         |   2 +-
 .../08/6aefb548a1150b765d1e163a5e542fc80bd660 | Bin 0 -> 147 bytes
 .../0a/e1413e3807e024dbc7de4129d12bdcae7dea61 |   3 +
 .../2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4 | Bin 91 -> 0 bytes
 .../3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf | Bin 343 -> 0 bytes
 .../92/9b4718db99b64a38b4e8c3ec8e673976821c08 | Bin 0 -> 344 bytes
 .../96/e190ae5bcaa3900e568608faf00f16c3ff2714 |   2 -
 .../a0/82cf7b16998b8f048e7d2bf8207d9525688a9f | Bin 0 -> 90 bytes
 .../b0/b5089c438d32daafa5a10acb7836280f31fd1b | Bin 165 -> 0 bytes
 .../b8/fad1dc57e9b544da159fd2da39f82d4dcce34a | Bin 165 -> 0 bytes
 .../d7/8abde66b1d35bdac65402f0e2cddf3a96cd377 | Bin 0 -> 380 bytes
 .../dc/135ebfc7f680300c981029184a492bbdfa6db3 | Bin 0 -> 91 bytes
 .../dd/c882ca64495a0498b3303be6a4ae58213f0485 | Bin 91 -> 0 bytes
 .../testdata/test_plugin.git/packed-refs      |   6 +-
 .../test_plugin.git/refs/heads/.gitkeep       |   0
 .../test_plugin.git/refs/tags/.gitkeep        |   0
 pkg/plugin/testdata/test_plugin/plugin.yaml   |   2 +-
 22 files changed, 132 insertions(+), 61 deletions(-)
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/08/6aefb548a1150b765d1e163a5e542fc80bd660
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/0a/e1413e3807e024dbc7de4129d12bdcae7dea61
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/92/9b4718db99b64a38b4e8c3ec8e673976821c08
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/a0/82cf7b16998b8f048e7d2bf8207d9525688a9f
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/b0/b5089c438d32daafa5a10acb7836280f31fd1b
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/b8/fad1dc57e9b544da159fd2da39f82d4dcce34a
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/d7/8abde66b1d35bdac65402f0e2cddf3a96cd377
 create mode 100644 pkg/plugin/testdata/test_plugin.git/objects/dc/135ebfc7f680300c981029184a492bbdfa6db3
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/objects/dd/c882ca64495a0498b3303be6a4ae58213f0485
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep
 delete mode 100644 pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep

diff --git a/pkg/plugin/index.go b/pkg/plugin/index.go
index c825c16e67af..980d4ef1e41f 100644
--- a/pkg/plugin/index.go
+++ b/pkg/plugin/index.go
@@ -24,6 +24,7 @@ type Index struct {
 	Version int `yaml:"version"`
 	Plugins []struct {
 		Name       string `yaml:"name"`
+		Version    string `yaml:"version"`
 		Maintainer string `yaml:"maintainer"`
 		Summary    string `yaml:"summary"`
 		Repository string `yaml:"repository"`
diff --git a/pkg/plugin/index_test.go b/pkg/plugin/index_test.go
index d918a9dac7ef..028c46a10ca4 100644
--- a/pkg/plugin/index_test.go
+++ b/pkg/plugin/index_test.go
@@ -51,7 +51,7 @@ func TestManager_Search(t *testing.T) {
 			want: `NAME                 DESCRIPTION                                                  MAINTAINER           OUTPUT
 foo                  A foo plugin                                                 aquasecurity           ✓
 bar                  A bar plugin                                                 aquasecurity         
-test                 A test plugin                                                aquasecurity         
+test_plugin          A test plugin                                                aquasecurity         
 `,
 		},
 		{
diff --git a/pkg/plugin/manager.go b/pkg/plugin/manager.go
index 8f1cd28c80f9..741d245d6b62 100644
--- a/pkg/plugin/manager.go
+++ b/pkg/plugin/manager.go
@@ -31,14 +31,20 @@ var (
 type ManagerOption func(indexer *Manager)
 
 func WithWriter(w io.Writer) ManagerOption {
-	return func(indexer *Manager) {
-		indexer.w = w
+	return func(manager *Manager) {
+		manager.w = w
+	}
+}
+
+func WithLogger(logger *log.Logger) ManagerOption {
+	return func(manager *Manager) {
+		manager.logger = logger
 	}
 }
 
 func WithIndexURL(indexURL string) ManagerOption {
-	return func(indexer *Manager) {
-		indexer.indexURL = indexURL
+	return func(manager *Manager) {
+		manager.indexURL = indexURL
 	}
 }
 
@@ -90,11 +96,11 @@ func Search(ctx context.Context, keyword string) error  { return defaultManager(
 
 // Install installs a plugin
 func (m *Manager) Install(ctx context.Context, arg string, opts Options) (Plugin, error) {
-	input := m.parseArg(arg)
+	input := m.parseArg(ctx, arg)
 	input.name = m.tryIndex(ctx, input.name)
 
 	// If the plugin is already installed, it skips installing the plugin.
-	if p, installed := m.isInstalled(ctx, input.name); installed {
+	if p, installed := m.isInstalled(ctx, input.name, input.version); installed {
 		m.logger.InfoContext(ctx, "The plugin is already installed", log.String("name", p.Name))
 		return p, nil
 	}
@@ -343,14 +349,14 @@ func (m *Manager) loadMetadata(dir string) (Plugin, error) {
 	return plugin, nil
 }
 
-func (m *Manager) isInstalled(ctx context.Context, url string) (Plugin, bool) {
+func (m *Manager) isInstalled(ctx context.Context, url, version string) (Plugin, bool) {
 	installedPlugins, err := m.LoadAll(ctx)
 	if err != nil {
 		return Plugin{}, false
 	}
 
 	for _, plugin := range installedPlugins {
-		if plugin.Repository == url {
+		if plugin.Repository == url && (version == "" || plugin.Version == version) {
 			return plugin, true
 		}
 	}
@@ -371,12 +377,12 @@ func (i *Input) String() string {
 	return i.name
 }
 
-func (m *Manager) parseArg(arg string) Input {
+func (m *Manager) parseArg(ctx context.Context, arg string) Input {
 	before, after, found := strings.Cut(arg, "@v")
 	if !found {
 		return Input{name: arg}
 	} else if _, err := semver.Parse(after); err != nil {
-		m.logger.Debug("Unable to identify the plugin version", log.String("name", arg), log.Err(err))
+		m.logger.DebugContext(ctx, "Unable to identify the plugin version", log.String("name", arg), log.Err(err))
 		return Input{name: arg}
 	}
 	// cf. https://github.com/hashicorp/go-getter/blob/268c11cae8cf0d9374783e06572679796abe9ce9/README.md#git-git
diff --git a/pkg/plugin/manager_test.go b/pkg/plugin/manager_test.go
index c831f77ed6f8..19b80ee01c0b 100644
--- a/pkg/plugin/manager_test.go
+++ b/pkg/plugin/manager_test.go
@@ -5,6 +5,7 @@ package plugin_test
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"github.com/aquasecurity/trivy/pkg/clock"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -22,6 +23,34 @@ import (
 	"github.com/aquasecurity/trivy/pkg/plugin"
 )
 
+func setupInstalledPlugin(t *testing.T, homeDir string, p plugin.Plugin) {
+	pluginDir := filepath.Join(homeDir, ".trivy", "plugins", p.Name)
+
+	// Create the test plugin directory
+	err := os.MkdirAll(pluginDir, os.ModePerm)
+	require.NoError(t, err)
+
+	// write the plugin name
+	pluginMetadata := fmt.Sprintf(`name: "%s"
+repository: "%s"
+version: "%s"
+usage: test
+description: test
+platforms:
+  - selector:
+      os: linux
+      arch: amd64
+    uri: ./test.sh
+    bin: ./test.sh  
+installed:
+  platform:
+    os: linux
+    arch: amd64`, p.Name, p.Repository, p.Version)
+
+	err = os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(pluginMetadata), os.ModePerm)
+	require.NoError(t, err)
+}
+
 func TestManager_Run(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		// the test.sh script can't be run on windows so skipping
@@ -318,42 +347,28 @@ func TestManager_Upgrade(t *testing.T) {
 		t.Skip("Test satisfied adequately by Linux tests")
 	}
 	pluginName := "test_plugin"
+	pluginVersion := "0.0.5"
 
 	tempDir := t.TempDir()
-	pluginDir := filepath.Join(tempDir, ".trivy", "plugins", pluginName)
-
 	t.Setenv("XDG_DATA_HOME", tempDir)
-
-	// Create the test plugin directory
-	err := os.MkdirAll(pluginDir, os.ModePerm)
-	require.NoError(t, err)
-
-	// write the plugin name
-	pluginMetadata := `name: "test_plugin"
-repository: testdata/test_plugin
-version: "0.0.5"
-usage: test
-description: A simple test plugin
-installed:
-	platform:
-		os: linux
-		arch: amd64`
-
-	err = os.WriteFile(filepath.Join(pluginDir, "plugin.yaml"), []byte(pluginMetadata), os.ModePerm)
-	require.NoError(t, err)
+	setupInstalledPlugin(t, tempDir, plugin.Plugin{
+		Name:       pluginName,
+		Version:    pluginVersion,
+		Repository: "testdata/test_plugin",
+	})
 
 	ctx := context.Background()
 	m := plugin.NewManager()
 
 	// verify initial version
-	verifyVersion(t, ctx, m, pluginName, "0.0.5")
+	verifyVersion(t, ctx, m, pluginName, pluginVersion)
 
 	// Upgrade the existing plugin
-	err = m.Upgrade(ctx, nil)
+	err := m.Upgrade(ctx, nil)
 	require.NoError(t, err)
 
 	// verify plugin updated
-	verifyVersion(t, ctx, m, pluginName, "0.1.0")
+	verifyVersion(t, ctx, m, pluginName, "0.2.0")
 }
 
 func verifyVersion(t *testing.T, ctx context.Context, m *plugin.Manager, pluginName, expectedVersion string) {
diff --git a/pkg/plugin/manager_unix_test.go b/pkg/plugin/manager_unix_test.go
index f9f8cfecd008..52f4b0d4e2c3 100644
--- a/pkg/plugin/manager_unix_test.go
+++ b/pkg/plugin/manager_unix_test.go
@@ -4,19 +4,24 @@ package plugin_test
 
 import (
 	"archive/zip"
+	"bytes"
 	"context"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 
-	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1"
 	"github.com/sosedoff/gitkit" // Not work on Windows
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/clock"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/plugin"
 	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
 )
@@ -37,13 +42,20 @@ func setupGitServer() (*httptest.Server, error) {
 }
 
 func TestManager_Install(t *testing.T) {
-	ts, err := setupGitServer()
+	gs, err := setupGitServer()
 	require.NoError(t, err)
-	defer ts.Close()
+	t.Cleanup(gs.Close)
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		zr := zip.NewWriter(w)
+		require.NoError(t, zr.AddFS(os.DirFS("testdata/test_plugin")))
+		require.NoError(t, zr.Close())
+	}))
+	t.Cleanup(ts.Close)
 
 	wantPlugin := plugin.Plugin{
 		Name:        "test_plugin",
-		Repository:  "github.com/aquasecurity/trivy-plugin-test",
+		Repository:  "testdata/test_plugin",
 		Version:     "0.2.0",
 		Summary:     "test",
 		Description: "test",
@@ -67,41 +79,75 @@ func TestManager_Install(t *testing.T) {
 	wantPluginWithVersion := wantPlugin
 	wantPluginWithVersion.Version = "0.1.0"
 
+	wantLogs := `2021-08-25T12:20:30Z	INFO	Installing the plugin...	src="%s"
+2021-08-25T12:20:30Z	INFO	Plugin successfully installed	name="test_plugin" version="%s"
+`
+
 	tests := []struct {
 		name       string
 		pluginName string
+		installed  *plugin.Plugin
 		want       plugin.Plugin
 		wantFile   string
+		wantLogs   string
 		wantErr    string
 	}{
 		{
-			name:     "http",
-			want:     wantPlugin,
-			wantFile: ".trivy/plugins/test_plugin/test.sh",
+			name:       "http",
+			pluginName: ts.URL + "/test_plugin.zip",
+			want:       wantPlugin,
+			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+			wantLogs:   fmt.Sprintf(wantLogs, ts.URL+"/test_plugin.zip", "0.2.0"),
 		},
 		{
 			name:       "local path",
 			pluginName: "testdata/test_plugin",
 			want:       wantPlugin,
 			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+			wantLogs:   fmt.Sprintf(wantLogs, "testdata/test_plugin", "0.2.0"),
 		},
 		{
 			name:       "git",
-			pluginName: "git::" + ts.URL + "/test_plugin.git",
+			pluginName: "git::" + gs.URL + "/test_plugin.git",
 			want:       wantPlugin,
 			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+			wantLogs:   fmt.Sprintf(wantLogs, "git::"+gs.URL+"/test_plugin.git", "0.2.0"),
 		},
 		{
 			name:       "with version",
-			pluginName: "git::" + ts.URL + "/test_plugin.git@v0.1.0",
+			pluginName: "git::" + gs.URL + "/test_plugin.git@v0.1.0",
 			want:       wantPluginWithVersion,
 			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+			wantLogs:   fmt.Sprintf(wantLogs, "git::"+gs.URL+"/test_plugin.git", "0.1.0"),
 		},
 		{
 			name:       "via index",
-			pluginName: "test",
+			pluginName: "test_plugin",
 			want:       wantPlugin,
 			wantFile:   ".trivy/plugins/test_plugin/test.sh",
+			wantLogs:   fmt.Sprintf(wantLogs, "testdata/test_plugin", "0.2.0"),
+		},
+		{
+			name:       "installed",
+			pluginName: "test_plugin",
+			installed: &plugin.Plugin{
+				Name:       "test_plugin",
+				Repository: "testdata/test_plugin",
+				Version:    "0.2.0",
+			},
+			want:     wantPlugin,
+			wantLogs: "2021-08-25T12:20:30Z	INFO	The plugin is already installed	name=\"test_plugin\"\n",
+		},
+		{
+			name:       "different version installed",
+			pluginName: "test_plugin@v0.2.0",
+			installed: &plugin.Plugin{
+				Name:       "test_plugin",
+				Repository: "testdata/test_plugin",
+				Version:    "0.1.0",
+			},
+			want:     wantPlugin,
+			wantLogs: fmt.Sprintf(wantLogs, "testdata/test_plugin", "0.2.0"),
 		},
 		{
 			name:       "plugin not found",
@@ -124,17 +170,16 @@ func TestManager_Install(t *testing.T) {
 			// For plugin index
 			fsutils.SetCacheDir("testdata")
 
-			if tt.pluginName == "" {
-				ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-					zr := zip.NewWriter(w)
-					require.NoError(t, zr.AddFS(os.DirFS("testdata/test_plugin")))
-					require.NoError(t, zr.Close())
-				}))
-				t.Cleanup(ts.Close)
-				tt.pluginName = ts.URL + "/test_plugin.zip"
+			if tt.installed != nil {
+				setupInstalledPlugin(t, dst, *tt.installed)
 			}
 
-			got, err := plugin.NewManager().Install(context.Background(), tt.pluginName, plugin.Options{
+			var gotLogs bytes.Buffer
+			logger := log.New(log.NewHandler(&gotLogs, nil))
+
+			ctx := clock.With(context.Background(), time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
+
+			got, err := plugin.NewManager(plugin.WithLogger(logger)).Install(ctx, tt.pluginName, plugin.Options{
 				Platform: ftypes.Platform{
 					Platform: &v1.Platform{
 						Architecture: "amd64",
@@ -149,7 +194,10 @@ func TestManager_Install(t *testing.T) {
 			assert.NoError(t, err)
 
 			assert.EqualExportedValues(t, tt.want, got)
-			assert.FileExists(t, filepath.Join(dst, tt.wantFile))
+			if tt.wantFile != "" {
+				assert.FileExists(t, filepath.Join(dst, tt.wantFile))
+			}
+			assert.Equal(t, tt.wantLogs, gotLogs.String())
 		})
 	}
 }
diff --git a/pkg/plugin/testdata/plugin/index.yaml b/pkg/plugin/testdata/plugin/index.yaml
index 17fbb1987939..b37b86e176a0 100644
--- a/pkg/plugin/testdata/plugin/index.yaml
+++ b/pkg/plugin/testdata/plugin/index.yaml
@@ -9,7 +9,7 @@ plugins:
     maintainer: aquasecurity
     summary: A bar plugin
     repository: github.com/aquasecurity/trivy-plugin-bar
-  - name: test
+  - name: test_plugin
     maintainer: aquasecurity
     summary: A test plugin
     repository: testdata/test_plugin
\ No newline at end of file
diff --git a/pkg/plugin/testdata/test_plugin.git/objects/08/6aefb548a1150b765d1e163a5e542fc80bd660 b/pkg/plugin/testdata/test_plugin.git/objects/08/6aefb548a1150b765d1e163a5e542fc80bd660
new file mode 100644
index 0000000000000000000000000000000000000000..e7d696256b86d9c3323ac0740015d918dae20479
GIT binary patch
literal 147
zcmV;E0Brww0Zooe4#F@DL|Nw)R`-O05K?m)<hF)d%1?2E;PxaD2)vu|8;@rjW;jmM
z&Z8p(Lng`BXv>}bpc2I(oI`pUXp0py9{vdRpd=i8&5in`$3aPP4!^isNtVPhcckT1
zw3u%pIWY=g4?>ofdcUbQK@3>-<@wQ=mdyaV^>Xe`No+v(7qo2Mnz`2htT&%uLTVfd
BMbrQQ

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/0a/e1413e3807e024dbc7de4129d12bdcae7dea61 b/pkg/plugin/testdata/test_plugin.git/objects/0a/e1413e3807e024dbc7de4129d12bdcae7dea61
new file mode 100644
index 000000000000..b16c882bc30f
--- /dev/null
+++ b/pkg/plugin/testdata/test_plugin.git/objects/0a/e1413e3807e024dbc7de4129d12bdcae7dea61
@@ -0,0 +1,3 @@
+x
M��
+�0���S��[7a}ɺ�
+�#iE�޵(��s�,>-0��!b C!)�����A1�$�$~h���� �����AI

��ZI,�\:�r*{,��A�8��'��o�M����hd���^�ݩ������[������Bi
\ No newline at end of file
diff --git a/pkg/plugin/testdata/test_plugin.git/objects/2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4 b/pkg/plugin/testdata/test_plugin.git/objects/2e/cea228bf881042eb74d3b691c5c6abfb2f7ee4
deleted file mode 100644
index 49854ac328a7897c2f95617f3d3106c06323fe54..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;*szsjj&rZkt@TS6a-FU)
x)8IG!D-Bd;ZfdGfl3HA%SDeA%$!hw*{rS|TCxh9}X~@jyIJ-Hz1^|ja9q?cnEi3>4

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf b/pkg/plugin/testdata/test_plugin.git/objects/3b/147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf
deleted file mode 100644
index 90ef65cdcbb0f3ea5eb0221c0917783cada503ae..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 343
zcmV-d0jU0X0hN$TZ-X!pgnRa{@I7j3V;~^4RUuHI1S=#EQf`g|&WlnAdH(uBqTYJx
zNGr{L((FpZ%c58}P#)lirp_|BTyjm5I8$X=R~V9YZ9xbki%exQ%M?w*BuBEQ0Cs3r
zWevAq)g_ly0-t}~n<&_N*XL#N3h@9d14TwUf;}W71X|j@YqEa_#kbh61$^ve+Kxxz
zbn3#X=TIYxC-#j47-Q<iXy+Q8!gj2nb0bb@IZ9^RU=!mY+ICDlZGzF2_}0c1r`6Yf
zqvs(Pxn{Wnz<T~(1vE&NXnbZp#BT{Jm3F9$-j!aNW4G75b~U4p4GF!nA>O5yhiPOh
z0CqGqFWXwNlGKe<S|lb3#|M(cj+h*i>TH;mN(%nzU}j#9Z0_@LJj-jpS2l}}Df4y7
psQ{$xIxeVt%;uJtJNka@oP_ZL?seGI`l}3ZM19;x;0LO$j3F)Mq{ILK

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/92/9b4718db99b64a38b4e8c3ec8e673976821c08 b/pkg/plugin/testdata/test_plugin.git/objects/92/9b4718db99b64a38b4e8c3ec8e673976821c08
new file mode 100644
index 0000000000000000000000000000000000000000..ba6cfbad6f8c1f126ac73ae05fca5053271761db
GIT binary patch
literal 344
zcmV-e0jK_W0hN$TZ-PJ+g}a_#F?&;;VL&ixo1#!4h4BFt!wyCm1r!nLgI{0Jbk|K!
za+7nv<lLJaR_^z^28uFzYEDT4Hw+UgiBl%0V+9d}*hIldm|#VW#EB5cn=~44VgjP?
zW?P<MeyDD#FedQj*S+(7v@3?J+`mCAV@V+d%K{uA5h2jg?p>4oJIIf`-f{TcYpNR-
zg|2Ht*D|Q;`78a-0rWAod{mffuVpuy(>t3HTH3)^?qoi8yu4?8lsR@wKDEr`m+hg>
zCh3y#RMAWh;A#C)In)UyZ*h$Vh}{!fC={rVJ`}c*p?BA;Zk>8Pn-SVZGhBq4g{h}Y
z0QPjLYn4r;g>g!Pfhs$*twD<0Jhs~?3#!%munJUDR7&Z1sa4fa$*pXH+%j(SIX#Ex
q^)&`?vz$+hQ8sE<Ru#C(kzG<=zk){{I@SIv1E3)uBJcwltBm(7exhdp

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714 b/pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714
deleted file mode 100644
index 2bc33b30b6af..000000000000
--- a/pkg/plugin/testdata/test_plugin.git/objects/96/e190ae5bcaa3900e568608faf00f16c3ff2714
+++ /dev/null
@@ -1,2 +0,0 @@
-x
��Ko�@���_1{��<���V�@��@�
��nf<31�!Ї}!Qw��HW:����Ց��=���އ�S
-%'��u1���u�b�ai�%Z�(e�+�Թ�T`���֚k��.��Җ�.�pWzB>�ϗ��/�5YR���jZ~l���~����c[Q8CB`��{���ף�'��5��n�[g~Qn�7`�3V�&�'����I�K��xJ���ibfQ�ɍn�:6?�ϯ��si���n��fie��ɷDX�M�wU7���kl\W����x��*d8+"���,�D����}|����e�Iv����˅�6�-bV(�kPC����L�{Y�|�xm�mbz�y�i���-���ཎ(�U���d���B��
\ No newline at end of file
diff --git a/pkg/plugin/testdata/test_plugin.git/objects/a0/82cf7b16998b8f048e7d2bf8207d9525688a9f b/pkg/plugin/testdata/test_plugin.git/objects/a0/82cf7b16998b8f048e7d2bf8207d9525688a9f
new file mode 100644
index 0000000000000000000000000000000000000000..981abada0a9bb47d7e259c251f028edc84038ebf
GIT binary patch
literal 90
zcmV-g0HyzU0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;;K+Kv)nlP3cUi2Qm{nYe
w{t51D2|#7$rltxdsl_FF#Tg8qtfmj#pHE$SGMMe0hRl49vzw!906R(?UD|Xgng9R*

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/b0/b5089c438d32daafa5a10acb7836280f31fd1b b/pkg/plugin/testdata/test_plugin.git/objects/b0/b5089c438d32daafa5a10acb7836280f31fd1b
deleted file mode 100644
index ff074f718b4f923acd2a68e754fc9aea7f0f5f0c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 165
zcmV;W09yZe0Y#2W4#F@DL|Nw)R`*S-3bDv#P?`p6DL-PTqPHgrNO(8To*Az$uCOfg
zC1`II3~Y(-$(1LDL1ddEA;)|wcp~p*l_vU0zltVnN=7~>&Ul>T*D*G?IBX`2p@z+J
zk@Fy^c&}SVUvHL7#>D-kljJl%V)mp2zzAfWHMO*<HjxxK4CVdPI-6aA_S@~+N&Q2C
ToLZEmy`vRt{U3b*VsA=$jd4v5

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/b8/fad1dc57e9b544da159fd2da39f82d4dcce34a b/pkg/plugin/testdata/test_plugin.git/objects/b8/fad1dc57e9b544da159fd2da39f82d4dcce34a
deleted file mode 100644
index 643551faa0c5714a59efb1bed461a3cab32424c8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 165
zcmV;W09yZe0Y#2W4#OY}M7!n`R`wxjRCU2+Dj+nm#IG2l=Jo|zsou@AXU56~1<NvD
zymUsukPYQWv}Hp-uw-H&%psiuHq3ibTn9JFSCM3NNtn+mCp^ya>lmAx9VQV5U&Cg8
z<@3O(I44_1U$2IA!kGI>C(+9M49SsT03(pGM%U7&+5{3{(U<p6%cOS!(yjMfC-n~j
Td}>jg_Kp<R`ak*rVd+YEW4caN

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/d7/8abde66b1d35bdac65402f0e2cddf3a96cd377 b/pkg/plugin/testdata/test_plugin.git/objects/d7/8abde66b1d35bdac65402f0e2cddf3a96cd377
new file mode 100644
index 0000000000000000000000000000000000000000..78b94e8996dd4a8bb2cdcb6c052a4c599e3a7813
GIT binary patch
literal 380
zcmV-?0fYW{0hN$TZ<|0Ag}a_#G5e_YJb27VZB=8aO>L&Nfi`6~49pk|h7h8}{`G-G
z-F4F=UFqCUI#*Xmb!}UX(8lb;IFu!nh!LgT96Ow|oM~jS(k)1?89{ErZDKo&Nv=UJ
zhw?H)PIzv)m=!taxnoJna;s#DmWq{*OS$VXf)!#wK8>etfalA@RTGE8Pk-H4)5@w@
zsIL72v5Rd+DP|PjAqyce(doUh{O_RY&0}TY$5~#m2?dPfEsVpBSS9H(c;f)3ScEBR
zwyRl(Y5Zt*dqqXJ|NZM6)hUjW^UTb$j`laY^Xsj7K3yJbt`Ev+=5Gyv!~M61NJN>P
z{CtsjNWCTej5KJDzAL-QO)y;xr`1blwx;4H*SN|25Q`+R0i5aKyC~wsJId24wf_`-
z!lWguq3HLPcR!APt$neJ<E5@6)(p$*x^kZFxTWf8=LOl1zFPrU9IF>&25DXS(c2h}
acGpAn8NAmK2>)MY0JI<r1YQB1dYKJ_hr)RP

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/dc/135ebfc7f680300c981029184a492bbdfa6db3 b/pkg/plugin/testdata/test_plugin.git/objects/dc/135ebfc7f680300c981029184a492bbdfa6db3
new file mode 100644
index 0000000000000000000000000000000000000000..4dbb20dc16b4c8470cb238588a7758da9a1a680d
GIT binary patch
literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;;Ckq2XTknJ<@WJ=j+z&>
x@2snRl?YU3ZfdGfl3HA%SDeA%$!hw*{rS|TCxh9}X~@jyIJ-Hz1^}iS9{935F311?

literal 0
HcmV?d00001

diff --git a/pkg/plugin/testdata/test_plugin.git/objects/dd/c882ca64495a0498b3303be6a4ae58213f0485 b/pkg/plugin/testdata/test_plugin.git/objects/dd/c882ca64495a0498b3303be6a4ae58213f0485
deleted file mode 100644
index 12c485b8eebc9109746f60712543f49600b49890..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 91
zcmV-h0HptT0V^p=O;s>AVK6i>Ff%bxD99;I&&<=SOw7$;*zxP)o$!}iU2ciazjVv;
xhpz9L$6i2X=BB0!C8@<Fdc_$Go~))1+@DWfdNP>poQBMNj<cJiYXC2KA&IOnEW-c*

diff --git a/pkg/plugin/testdata/test_plugin.git/packed-refs b/pkg/plugin/testdata/test_plugin.git/packed-refs
index 539634191094..00a4f957a23f 100644
--- a/pkg/plugin/testdata/test_plugin.git/packed-refs
+++ b/pkg/plugin/testdata/test_plugin.git/packed-refs
@@ -1,4 +1,4 @@
 # pack-refs with: peeled fully-peeled sorted 
-96e190ae5bcaa3900e568608faf00f16c3ff2714 refs/heads/main
-3b147ae5ffafba7c1d833b4f4bc8ac6a22a8c9bf refs/tags/v0.1.0
-96e190ae5bcaa3900e568608faf00f16c3ff2714 refs/tags/v0.2.0
+d78abde66b1d35bdac65402f0e2cddf3a96cd377 refs/heads/main
+929b4718db99b64a38b4e8c3ec8e673976821c08 refs/tags/v0.1.0
+d78abde66b1d35bdac65402f0e2cddf3a96cd377 refs/tags/v0.2.0
diff --git a/pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep b/pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep b/pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/pkg/plugin/testdata/test_plugin/plugin.yaml b/pkg/plugin/testdata/test_plugin/plugin.yaml
index b0b5089c438d..086aefb548a1 100644
--- a/pkg/plugin/testdata/test_plugin/plugin.yaml
+++ b/pkg/plugin/testdata/test_plugin/plugin.yaml
@@ -1,5 +1,5 @@
 name: "test_plugin"
-repository: github.com/aquasecurity/trivy-plugin-test
+repository: testdata/test_plugin
 version: "0.2.0"
 summary: test
 description: test

From 448bc4f85a5dfff8dead5cb728a5b8355c51de01 Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Thu, 16 May 2024 09:52:54 +0400
Subject: [PATCH 09/11] chore: add examples

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/commands/app.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pkg/commands/app.go b/pkg/commands/app.go
index 6ae687276f2a..cac211fa1484 100644
--- a/pkg/commands/app.go
+++ b/pkg/commands/app.go
@@ -724,9 +724,17 @@ func NewPluginCommand() *cobra.Command {
 	}
 	cmd.AddCommand(
 		&cobra.Command{
-			Use:                   "install NAME | URL | FILE_PATH",
-			Aliases:               []string{"i"},
-			Short:                 "Install a plugin",
+			Use:     "install NAME | URL | FILE_PATH",
+			Aliases: []string{"i"},
+			Short:   "Install a plugin",
+			Example: `  # Install a plugin from the plugin index
+  $ trivy plugin install referrer
+
+  # Specify the version of the plugin to install
+  $ trivy plugin install referrer@v0.3.0
+
+  # Install a plugin from a URL
+  $ trivy plugin install github.com/aquasecurity/trivy-plugin-referrer`,
 			SilenceErrors:         true,
 			SilenceUsage:          true,
 			DisableFlagsInUseLine: true,

From 310eb678f3429dac7b6db18a7eca7eb390e50e81 Mon Sep 17 00:00:00 2001
From: DmitriyLewen <dmitriy.lewen@smartforce.io>
Date: Thu, 16 May 2024 12:41:04 +0600
Subject: [PATCH 10/11] mage docs:generate

---
 .../configuration/cli/trivy_plugin_install.md       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docs/docs/references/configuration/cli/trivy_plugin_install.md b/docs/docs/references/configuration/cli/trivy_plugin_install.md
index dbd5f21797b8..ec3afd77a680 100644
--- a/docs/docs/references/configuration/cli/trivy_plugin_install.md
+++ b/docs/docs/references/configuration/cli/trivy_plugin_install.md
@@ -6,6 +6,19 @@ Install a plugin
 trivy plugin install NAME | URL | FILE_PATH
 ```
 
+### Examples
+
+```
+  # Install a plugin from the plugin index
+  $ trivy plugin install referrer
+
+  # Specify the version of the plugin to install
+  $ trivy plugin install referrer@v0.3.0
+
+  # Install a plugin from a URL
+  $ trivy plugin install github.com/aquasecurity/trivy-plugin-referrer
+```
+
 ### Options
 
 ```

From 64c3ab32d07723b3f9a9ab500ddbaf4c0ec58a9f Mon Sep 17 00:00:00 2001
From: knqyf263 <knqyf263@gmail.com>
Date: Fri, 17 May 2024 11:46:23 +0400
Subject: [PATCH 11/11] test: add refs dir

Signed-off-by: knqyf263 <knqyf263@gmail.com>
---
 pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep | 0
 pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep  | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep
 create mode 100644 pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep

diff --git a/pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep b/pkg/plugin/testdata/test_plugin.git/refs/heads/.gitkeep
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep b/pkg/plugin/testdata/test_plugin.git/refs/tags/.gitkeep
new file mode 100644
index 000000000000..e69de29bb2d1