add FindVulnerability lib function, wire up main with matcher

.gitignore

@@ -1,3 +1,5 @@
+.vscode/
+*.db
 *.tar
 .idea/
 *.log
@@ -16,4 +18,4 @@ coverage.txt
 *.test
 
 # Output of the go coverage tool, specifically when used with LiteIDE
-*.out
+*.out

cmd/root.go

@@ -5,11 +5,16 @@ import (
 	"os"
 
 	"github.com/anchore/imgbom/imgbom"
+	imgbomOS "github.com/anchore/imgbom/imgbom/os"
+	"github.com/anchore/imgbom/imgbom/pkg"
 	"github.com/anchore/imgbom/imgbom/scope"
 	"github.com/anchore/stereoscope"
 	"github.com/anchore/vulnscan/internal"
+	"github.com/anchore/vulnscan/internal/db"
 	"github.com/anchore/vulnscan/internal/format"
 	"github.com/anchore/vulnscan/vulnscan"
+	"github.com/anchore/vulnscan/vulnscan/vulnerability"
+	hashiVer "github.com/hashicorp/go-version"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -74,10 +79,40 @@ func runDefaultCmd(cmd *cobra.Command, args []string) int {
 		return 1
 	}
 
-	store := &struct{}{} // TODO: get store
-	results := vulnscan.FindAllVulnerabilities(store, &catalog)
+	// TODO: remove me
+	ver, err := hashiVer.NewVersion("8")
+	if err != nil {
+		panic(err)
+	}
 
-	fmt.Println(results)
+	// TODO: remove me (replace with imgbom os.Identify call)
+
+	osObj := imgbomOS.OS{
+		Type:    imgbomOS.DebianOS,
+		Version: ver,
+	}
+
+	// TODO: remove me
+	// add vulnerable package
+	catalog.Add(pkg.Package{
+		Name:    "neutron",
+		Version: "2014.1.2-5",
+		Type:    pkg.DebPkg,
+	})
+
+	// TODO: remove me
+
+	store := db.NewMockDb()
+	provider := vulnerability.NewProviderFromStore(store)
+
+	results := vulnscan.FindAllVulnerabilities(provider, osObj, catalog)
+
+	count := 0
+	for match := range results.Enumerate() {
+		fmt.Println(match)
+		count++
+	}
+	fmt.Printf("Found %d Vulnerabilities\n", count)
 
 	return 0
 }

go.sum

@@ -643,6 +643,7 @@ google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBr
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200519141106-08726f379972/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200521103424-e9a78aa275b7 h1:JUs1uIDQ46c7iI0QuMPzAHqXaSmqKF0f9freFMk2ivs=
 google.golang.org/genproto v0.0.0-20200521103424-e9a78aa275b7/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=

vulnscan/find.go

@@ -1,24 +1,25 @@
 package vulnscan
 
 import (
+	"github.com/anchore/imgbom/imgbom/os"
 	"github.com/anchore/imgbom/imgbom/pkg"
-	"github.com/anchore/vulnscan/vulnscan/match"
 	"github.com/anchore/vulnscan/vulnscan/matcher"
 	"github.com/anchore/vulnscan/vulnscan/result"
+	"github.com/anchore/vulnscan/vulnscan/vulnerability"
 )
 
-func FindAllVulnerabilities(store match.Store, catalog *pkg.Catalog) result.Result {
+func FindAllVulnerabilities(store vulnerability.Provider, o os.OS, catalog *pkg.Catalog) result.Result {
 	res := result.NewResult()
 	for p := range catalog.Enumerate() {
-		res.Merge(FindVulnerabilities(store, p))
+		res.Merge(FindVulnerabilities(store, o, p))
 	}
 	return res
 }
 
-func FindVulnerabilities(store match.Store, packages ...pkg.Package) result.Result {
+func FindVulnerabilities(store vulnerability.Provider, o os.OS, packages ...*pkg.Package) result.Result {
 	res := result.NewResult()
 	for _, p := range packages {
-		res.Merge(matcher.FindMatches(store, p))
+		res.Merge(matcher.FindMatches(store, o, p))
 	}
 	return res
 }