Add platform selection (#666)

2024-11-10 06:34:13 +00:00 · 2022-03-15 09:13:05 -04:00 · 2022-03-15 09:13:05 -04:00 · cc8e7836f3
commit cc8e7836f3
parent 8614a67ac5
6 changed files with 25 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -499,7 +499,11 @@ file: ""
 #   - '/etc/**'
 #   - './out/**/*.json'
 # same as --exclude ; GRYPE_EXCLUDE env var
-exclude:
+exclude: []
+
+# os and/or architecture to use when referencing container images (e.g. "windows/armv6" or "arm64")
+# same as --platform; GRYPE_PLATFORM env var
+platform: ""

 # If using SBOM input, automatically generate CPEs when packages have none
 add-cpes-if-none: false
--- a/cmd/root.go
+++ b/cmd/root.go
@ -147,6 +147,11 @@ func setRootFlags(flags *pflag.FlagSet) {
 		"exclude", "", nil,
 		"exclude paths from being scanned using a glob expression",
 	)
+
+	flags.StringP(
+		"platform", "", "",
+		"an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux')",
+	)
 }

 func bindRootConfigOptions(flags *pflag.FlagSet) error {
@ -186,6 +191,10 @@ func bindRootConfigOptions(flags *pflag.FlagSet) error {
 		return err
 	}

+	if err := viper.BindPFlag("platform", flags.Lookup("platform")); err != nil {
+		return err
+	}
+
 	return nil
 }

@ -354,6 +363,7 @@ func getProviderConfig() pkg.ProviderConfig {
 		Exclusions:          appConfig.Exclusions,
 		CatalogingOptions:   appConfig.Search.ToConfig(),
 		GenerateMissingCPEs: appConfig.GenerateMissingCPEs,
+		Platform:            appConfig.Platform,
 	}
 }

--- a/grype/pkg/provider_config.go
+++ b/grype/pkg/provider_config.go
@ -10,4 +10,5 @@ type ProviderConfig struct {
 	Exclusions          []string
 	CatalogingOptions   cataloger.Config
 	GenerateMissingCPEs bool
+	Platform            string
 }
--- a/grype/pkg/syft_provider.go
+++ b/grype/pkg/syft_provider.go
@ -10,7 +10,7 @@ func syftProvider(userInput string, config ProviderConfig) ([]Package, Context,
 		return nil, Context{}, errDoesNotProvide
 	}

-	sourceInput, err := source.ParseInput(userInput, "", true)
+	sourceInput, err := source.ParseInput(userInput, config.Platform, true)
 	if err != nil {
 		return nil, Context{}, err
 	}
--- a/internal/config/application.go
+++ b/internal/config/application.go
@ -38,6 +38,7 @@ type Application struct {
 	Quiet               bool                    `yaml:"quiet" json:"quiet" mapstructure:"quiet"`                                              // -q, indicates to not show any status output to stderr (ETUI or logging UI)
 	CheckForAppUpdate   bool                    `yaml:"check-for-app-update" json:"check-for-app-update" mapstructure:"check-for-app-update"` // whether to check for an application update on start up or not
 	OnlyFixed           bool                    `yaml:"only-fixed" json:"only-fixed" mapstructure:"only-fixed"`                               // only fail if detected vulns have a fix
+	Platform            string                  `yaml:"platform" json:"platform" mapstructure:"platform"`                                     // --platform, override the target platform for a container image
 	CliOptions          CliOnlyOptions          `yaml:"-" json:"-"`
 	Search              search                  `yaml:"search" json:"search" mapstructure:"search"`
 	Ignore              []match.IgnoreRule      `yaml:"ignore" json:"ignore" mapstructure:"ignore"`
--- a/test/cli/cmd_test.go
+++ b/test/cli/cmd_test.go
@ -30,6 +30,13 @@ func TestCmd(t *testing.T) {
 				assertInOutput(`"built":`),                      // assert existence of the db status block
 			},
 		},
+		{
+			name: "platform-option-wired-up",
+			args: []string{"--platform", "arm64", "-o", "json", "registry:busybox:1.31"},
+			assertions: []traitAssertion{
+				assertInOutput("sha256:1ee006886991ad4689838d3a288e0dd3fd29b70e276622f16b67a8922831a853"), // linux/arm64 image digest
+			},
+		},
 		{
 			name: "responds-to-search-options",
 			args: []string{"-vv"},