forked from aquasecurity/trivy-db
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
103 lines (81 loc) · 3.52 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
SHELL=/bin/bash
LDFLAGS=-ldflags "-s -w"
GOPATH=$(shell go env GOPATH)
GOBIN=$(GOPATH)/bin
ifndef REPO_OWNER
REPO_OWNER=aquasecurity
endif
u := $(if $(update),-u)
$(GOBIN)/wire:
go install github.com/google/wire/cmd/[email protected]
.PHONY: wire
wire: $(GOBIN)/wire
wire gen ./...
$(GOBIN)/mockery:
go install github.com/knqyf263/mockery/cmd/mockery@latest
.PHONY: mock
mock: $(GOBIN)/mockery
$(GOBIN)/mockery -all -inpkg -case=snake
.PHONY: deps
deps:
go get ${u} -d
go mod tidy
$(GOBIN)/golangci-lint:
curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOBIN) v1.54.2
.PHONY: test
test:
go test -v -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
.PHONY: lint
lint: $(GOBIN)/golangci-lint
$(GOBIN)/golangci-lint run
.PHONY: lintfix
lintfix: $(GOBIN)/golangci-lint
$(GOBIN)/golangci-lint run --fix
.PHONY: build
build:
go build $(LDFLAGS) ./cmd/trivy-db
.PHONY: clean
clean:
rm -rf integration/testdata/fixtures/
$(GOBIN)/bbolt:
go install go.etcd.io/bbolt/cmd/[email protected]
trivy-db:
make build
.PHONY: db-fetch-langs
db-fetch-langs:
mkdir -p cache/{ruby-advisory-db,php-security-advisories,nodejs-security-wg,ghsa,cocoapods-specs,bitnami-vulndb,govulndb}
wget -qO - https://github.com/rubysec/ruby-advisory-db/archive/master.tar.gz | tar xz -C cache/ruby-advisory-db --strip-components=1
wget -qO - https://github.com/FriendsOfPHP/security-advisories/archive/master.tar.gz | tar xz -C cache/php-security-advisories --strip-components=1
wget -qO - https://github.com/nodejs/security-wg/archive/main.tar.gz | tar xz -C cache/nodejs-security-wg --strip-components=1
wget -qO - https://github.com/bitnami/vulndb/archive/main.tar.gz | tar xz -C cache/bitnami-vulndb --strip-components=1
wget -qO - https://github.com/github/advisory-database/archive/refs/heads/main.tar.gz | tar xz -C cache/ghsa --strip-components=1
wget -qO - https://github.com/golang/vulndb/archive/refs/heads/master.tar.gz | tar xz -C cache/govulndb --strip-components=1
## required to convert GHSA Swift repo links to Cocoapods package names
wget -qO - https://github.com/CocoaPods/Specs/archive/master.tar.gz | tar xz -C cache/cocoapods-specs --strip-components=1
.PHONY: db-build
db-build: trivy-db
./trivy-db build --cache-dir cache --update-interval 6h
.PHONY: db-compact
db-compact: $(GOBIN)/bbolt cache/db/trivy.db
mkdir -p assets/
$(GOBIN)/bbolt compact -o ./assets/trivy.db cache/db/trivy.db
cp cache/db/metadata.json ./assets/metadata.json
rm -rf cache/db
.PHONY: db-compress
db-compress: assets/trivy.db assets/metadata.json
tar cvzf assets/db.tar.gz -C assets/ trivy.db metadata.json
.PHONY: db-clean
db-clean:
rm -rf cache assets
.PHONY: db-fetch-vuln-list
db-fetch-vuln-list:
mkdir -p cache/vuln-list
wget -qO - https://github.com/$(REPO_OWNER)/vuln-list/archive/main.tar.gz | tar xz -C cache/vuln-list --strip-components=1
mkdir -p cache/vuln-list-redhat
wget -qO - https://github.com/$(REPO_OWNER)/vuln-list-redhat/archive/main.tar.gz | tar xz -C cache/vuln-list-redhat --strip-components=1
mkdir -p cache/vuln-list-debian
wget -qO - https://github.com/$(REPO_OWNER)/vuln-list-debian/archive/main.tar.gz | tar xz -C cache/vuln-list-debian --strip-components=1
mkdir -p cache/vuln-list-nvd
wget -qO - https://github.com/$(REPO_OWNER)/vuln-list-nvd/archive/main.tar.gz | tar xz -C cache/vuln-list-nvd --strip-components=1
mkdir -p cache/vuln-list-k8s
wget -qO - https://github.com/$(REPO_OWNER)/vuln-list-k8s/archive/main.tar.gz | tar xz -C cache/vuln-list-k8s --strip-components=1