Add linter check support

.github/workflows/test.yaml

@@ -1,6 +1,17 @@
 name: Test
 on: pull_request
 jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          version: v1.31
+          args: --deadline=30m
+
   integration:
     name: Integration Test
     runs-on: ubuntu-latest
@@ -34,3 +45,4 @@ jobs:
       with:
         version: latest
         args: release --snapshot --rm-dist --skip-publish
+

.golangci.yaml

@@ -0,0 +1,71 @@
+linters-settings:
+  errcheck:
+    check-type-assertions: true
+    check-blank: true
+  govet:
+    check-shadowing: true
+  gofmt:
+    simplify: false
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 10
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 100
+  goconst:
+    min-len: 3
+    min-occurrences: 3
+  misspell:
+    locale: US
+  goimports:
+    local-prefixes: github.com/rahul23/trivy
+
+linters:
+  disable-all: true
+  enable:
+    - structcheck
+    - ineffassign
+    - typecheck
+    - govet
+    - errcheck
+    - varcheck
+    - deadcode
+    - golint
+    - gosec
+    - unconvert
+    - goconst
+    - gocyclo
+    - gofmt
+    - goimports
+    - maligned
+    - misspell
+
+run:
+  skip-files:
+    - ".*._mock.go$"
+    - ".*._test.go$"
+    - "integration/*"
+
+issues:
+  exclude-rules:
+    - linters:
+        - gosec
+      text: "G304: Potential file inclusion"
+    - linters:
+        - gosec
+      text: "Deferring unsafe method"
+    - linters:
+        - errcheck
+      text: "Close` is not checked"
+    - linters:
+        - errcheck
+      text: "os.*` is not checked"
+    - linters:
+        - golint
+      text: "a blank import should be only in a main or test package"
+  exclude:
+    - "should have a package comment, unless it's in another file for this package"
+  exclude-use-default: false
+  max-same-issues: 0

go.mod

@@ -34,4 +34,4 @@ require (
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
-)
+)

go.sum

@@ -748,4 +748,4 @@ moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
 moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
+sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

integration/docker/docker.go

@@ -15,12 +15,14 @@ import (
 	"github.com/docker/docker/api/types"
 )
 
+// RegistryConfig holds the config for docker registry
 type RegistryConfig struct {
 	URL      *url.URL
 	Username string
 	Password string
 }
 
+// GetAuthConfig returns the docker registry authConfig
 func (c RegistryConfig) GetAuthConfig() types.AuthConfig {
 	return types.AuthConfig{
 		Username:      c.Username,
@@ -29,6 +31,7 @@ func (c RegistryConfig) GetAuthConfig() types.AuthConfig {
 	}
 }
 
+// GetRegistryAuth returns the json encoded docker registry auth
 func (c RegistryConfig) GetRegistryAuth() (string, error) {
 	authConfig := types.AuthConfig{
 		Username: c.Username,
@@ -41,10 +44,12 @@ func (c RegistryConfig) GetRegistryAuth() (string, error) {
 	return base64.URLEncoding.EncodeToString(encodedJSON), nil
 }
 
+// Docker returns docker client
 type Docker struct {
 	cli *client.Client
 }
 
+// New is the factory method to return docker client
 func New() (Docker, error) {
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 	if err != nil {
@@ -73,7 +78,7 @@ func (d Docker) ReplicateImage(ctx context.Context, imageRef, imagePath string,
 	if err != nil {
 		return err
 	}
-	if _, err := io.Copy(ioutil.Discard, resp.Body); err != nil {
+	if _, err = io.Copy(ioutil.Discard, resp.Body); err != nil {
 		return err
 	}
 	defer resp.Body.Close()

internal/app.go

@@ -20,6 +20,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/vulnerability"
 )
 
+// VersionInfo holds the trivy DB version Info
 type VersionInfo struct {
 	Version         string       `json:",omitempty"`
 	VulnerabilityDB *db.Metadata `json:",omitempty"`
@@ -250,6 +251,7 @@ var (
 	}
 )
 
+// NewApp is the factory method to return Trivy CLI
 func NewApp(version string) *cli.App {
 	cli.VersionPrinter = func(c *cli.Context) {
 		showVersion(c.String("cache-dir"), c.String("format"), c.App.Version, c.App.Writer)
@@ -307,7 +309,7 @@ func setHidden(flags []cli.Flag, hidden bool) []cli.Flag {
 func showVersion(cacheDir, outputFormat, version string, outputWriter io.Writer) {
 	var dbMeta *db.Metadata
 
-	metadata, _ := tdb.NewMetadata(afero.NewOsFs(), cacheDir).Get()
+	metadata, _ := tdb.NewMetadata(afero.NewOsFs(), cacheDir).Get() // nolint: errcheck
 	if !metadata.UpdatedAt.IsZero() && !metadata.NextUpdate.IsZero() && metadata.Version != 0 {
 		dbMeta = &db.Metadata{
 			Version:    metadata.Version,
@@ -319,7 +321,7 @@ func showVersion(cacheDir, outputFormat, version string, outputWriter io.Writer)
 
 	switch outputFormat {
 	case "json":
-		b, _ := json.Marshal(VersionInfo{
+		b, _ := json.Marshal(VersionInfo{ // nolint: errcheck
 			Version:         version,
 			VulnerabilityDB: dbMeta,
 		})
@@ -345,6 +347,7 @@ func showVersion(cacheDir, outputFormat, version string, outputWriter io.Writer)
 	}
 }
 
+// NewImageCommand is the factory method to add image command
 func NewImageCommand() *cli.Command {
 	return &cli.Command{
 		Name:      "image",
@@ -356,6 +359,7 @@ func NewImageCommand() *cli.Command {
 	}
 }
 
+// NewFilesystemCommand is the factory method to add filesystem command
 func NewFilesystemCommand() *cli.Command {
 	return &cli.Command{
 		Name:      "filesystem",
@@ -389,6 +393,7 @@ func NewFilesystemCommand() *cli.Command {
 	}
 }
 
+// NewRepositoryCommand is the factory method to add repository command
 func NewRepositoryCommand() *cli.Command {
 	return &cli.Command{
 		Name:      "repository",
@@ -422,6 +427,7 @@ func NewRepositoryCommand() *cli.Command {
 	}
 }
 
+// NewClientCommand is the factory method to add client command
 func NewClientCommand() *cli.Command {
 	return &cli.Command{
 		Name:      "client",
@@ -465,6 +471,7 @@ func NewClientCommand() *cli.Command {
 	}
 }
 
+// NewServerCommand is the factory method to add server command
 func NewServerCommand() *cli.Command {
 	return &cli.Command{
 		Name:    "server",

internal/app_test.go

@@ -109,3 +109,12 @@ Vulnerability DB:
 		})
 	}
 }
+
+func TestNewCommands(t *testing.T) {
+	NewApp("test")
+	NewClientCommand()
+	NewFilesystemCommand()
+	NewImageCommand()
+	NewRepositoryCommand()
+	NewServerCommand()
+}

internal/artifact/config/config.go

@@ -7,6 +7,7 @@ import (
 	"github.com/aquasecurity/trivy/internal/config"
 )
 
+// Config holds the artifact config
 type Config struct {
 	config.GlobalConfig
 	config.ArtifactConfig
@@ -22,6 +23,7 @@ type Config struct {
 	autoRefresh bool
 }
 
+// New is the factory method to return config
 func New(c *cli.Context) (Config, error) {
 	gc, err := config.NewGlobalConfig(c)
 	if err != nil {
@@ -41,6 +43,7 @@ func New(c *cli.Context) (Config, error) {
 	}, nil
 }
 
+// Init initializes the artifact config
 func (c *Config) Init(image bool) error {
 	if err := c.ReportConfig.Init(c.Logger); err != nil {
 		return err
@@ -53,7 +56,7 @@ func (c *Config) Init(image bool) error {
 	}
 
 	// --clear-cache, --download-db-only and --reset don't conduct the scan
-	if c.ClearCache || c.DownloadDBOnly || c.Reset {
+	if c.skipScan() {
 		return nil
 	}
 
@@ -69,3 +72,10 @@ func (c *Config) Init(image bool) error {
 
 	return nil
 }
+
+func (c *Config) skipScan() bool {
+	if c.ClearCache || c.DownloadDBOnly || c.Reset {
+		return true
+	}
+	return false
+}

internal/artifact/fs.go

@@ -21,6 +21,7 @@ func filesystemScanner(ctx context.Context, dir string, ac cache.ArtifactCache,
 	return s, cleanup, nil
 }
 
+// FilesystemRun runs scan on filesystem
 func FilesystemRun(cliCtx *cli.Context) error {
 	c, err := config.New(cliCtx)
 	if err != nil {

internal/artifact/image.go

@@ -30,6 +30,7 @@ func dockerScanner(ctx context.Context, imageName string, ac cache.ArtifactCache
 	return s, cleanup, nil
 }
 
+// ImageRun runs scan on docker image
 func ImageRun(cliCtx *cli.Context) error {
 	c, err := config.New(cliCtx)
 	if err != nil {

internal/artifact/repository.go

@@ -21,6 +21,7 @@ func repositoryScanner(ctx context.Context, dir string, ac cache.ArtifactCache,
 	return s, cleanup, nil
 }
 
+// RepositoryRun runs scan on repository
 func RepositoryRun(cliCtx *cli.Context) error {
 	c, err := config.New(cliCtx)
 	if err != nil {

internal/artifact/run.go

@@ -19,9 +19,12 @@ import (
 	"github.com/aquasecurity/trivy/pkg/utils"
 )
 
+// InitializeScanner type to define initialize function signature
 type InitializeScanner func(context.Context, string, cache.ArtifactCache, cache.LocalArtifactCache, time.Duration) (
 	scanner.Scanner, func(), error)
 
+// nolint: gocyclo
+// TODO: refactror and fix cyclometic complexity
 func run(c config.Config, initializeScanner InitializeScanner) error {
 	if err := log.InitLogger(c.Debug, c.Quiet); err != nil {
 		l.Fatal(err)
@@ -90,7 +93,8 @@ func run(c config.Config, initializeScanner InitializeScanner) error {
 	vulnClient := initializeVulnerabilityClient()
 	for i := range results {
 		vulnClient.FillInfo(results[i].Vulnerabilities, results[i].Type)
-		vulns, err := vulnClient.Filter(ctx, results[i].Vulnerabilities,
+		var vulns []types.DetectedVulnerability
+		vulns, err = vulnClient.Filter(ctx, results[i].Vulnerabilities,
 			c.Severities, c.IgnoreUnfixed, c.IgnoreFile, c.IgnorePolicy)
 		if err != nil {
 			return xerrors.Errorf("unable to filter vulnerabilities: %w", err)

internal/client/config/config.go

@@ -10,6 +10,7 @@ import (
 	"github.com/aquasecurity/trivy/internal/config"
 )
 
+// Config holds the Trivy client config
 type Config struct {
 	config.GlobalConfig
 	config.ArtifactConfig
@@ -25,6 +26,7 @@ type Config struct {
 	CustomHeaders http.Header
 }
 
+// New is the factory method for Config
 func New(c *cli.Context) (Config, error) {
 	gc, err := config.NewGlobalConfig(c)
 	if err != nil {
@@ -43,6 +45,7 @@ func New(c *cli.Context) (Config, error) {
 	}, nil
 }
 
+// Init initializes the config
 func (c *Config) Init() (err error) {
 	// --clear-cache doesn't conduct the scan
 	if c.ClearCache {

internal/client/run.go

@@ -17,6 +17,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/utils"
 )
 
+// Run runs the scan
 func Run(cliCtx *cli.Context) error {
 	c, err := config.New(cliCtx)
 	if err != nil {
@@ -25,6 +26,8 @@ func Run(cliCtx *cli.Context) error {
 	return run(c)
 }
 
+// nolint: gocyclo
+// TODO: refactror and fix cyclometic complexity
 func run(c config.Config) (err error) {
 	if err = log.InitLogger(c.Debug, c.Quiet); err != nil {
 		return xerrors.Errorf("failed to initialize a logger: %w", err)
@@ -80,7 +83,8 @@ func run(c config.Config) (err error) {
 
 	vulnClient := initializeVulnerabilityClient()
 	for i := range results {
-		vulns, err := vulnClient.Filter(ctx, results[i].Vulnerabilities,
+		var vulns []types.DetectedVulnerability
+		vulns, err = vulnClient.Filter(ctx, results[i].Vulnerabilities,
 			c.Severities, c.IgnoreUnfixed, c.IgnoreFile, c.IgnorePolicy)
 		if err != nil {
 			return err