refactor(deps): Merge defsec into Trivy

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/alicebob/miniredis/v2 v2.31.0
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/defsec v0.94.1
+	github.com/aquasecurity/defsec v0.94.1 // indirect
 	github.com/aquasecurity/go-dep-parser v0.0.0-20240124102329-7be7d210a3d4
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
@@ -25,7 +25,6 @@ require (
 	github.com/aquasecurity/tml v0.6.1
 	github.com/aquasecurity/trivy-aws v0.7.1
 	github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d
-	github.com/aquasecurity/trivy-iac v0.8.0
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
 	github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1
 	github.com/aquasecurity/trivy-policies v0.8.0
@@ -117,7 +116,25 @@ require (
 	modernc.org/sqlite v1.28.0
 )
 
-require github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c
+require (
+	github.com/Masterminds/semver v1.5.0
+	github.com/alecthomas/chroma v0.10.0
+	github.com/apparentlymart/go-cidr v1.1.0
+	github.com/aws/smithy-go v1.19.0
+	github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c
+	github.com/hashicorp/go-uuid v1.0.3
+	github.com/hashicorp/hcl/v2 v2.19.1
+	github.com/liamg/iamgo v0.0.9
+	github.com/liamg/jfather v0.0.7
+	github.com/liamg/memoryfs v1.6.0
+	github.com/mitchellh/go-homedir v1.1.0
+	github.com/olekukonko/tablewriter v0.0.5
+	github.com/owenrumney/squealer v1.2.1
+	github.com/zclconf/go-cty v1.13.0
+	github.com/zclconf/go-cty-yaml v1.0.3
+	golang.org/x/crypto v0.18.0
+	helm.sh/helm/v3 v3.14.0
+)
 
 require (
 	cloud.google.com/go v0.110.8 // indirect
@@ -141,7 +158,6 @@ require (
 	github.com/Intevation/jsonpath v0.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
@@ -151,10 +167,8 @@ require (
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
-	github.com/alecthomas/chroma v0.10.0 // indirect
 	github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
-	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -204,7 +218,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/workspaces v1.35.6 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/briandowns/spinner v1.23.0 // indirect
@@ -281,11 +294,9 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/hcl/v2 v2.19.1 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -299,9 +310,6 @@ require (
 	github.com/klauspost/compress v1.16.6 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/liamg/iamgo v0.0.9 // indirect
-	github.com/liamg/jfather v0.0.7 // indirect
-	github.com/liamg/memoryfs v1.6.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 // indirect
@@ -313,7 +321,6 @@ require (
 	github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
 	github.com/miekg/dns v1.1.53 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -331,12 +338,10 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/runc v1.1.5 // indirect
 	github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/owenrumney/squealer v1.2.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
@@ -369,8 +374,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/yuin/gopher-lua v1.1.0 // indirect
-	github.com/zclconf/go-cty v1.13.0 // indirect
-	github.com/zclconf/go-cty-yaml v1.0.3 // indirect
 	go.mongodb.org/mongo-driver v1.11.3 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
@@ -381,7 +384,6 @@ require (
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/goleak v1.3.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/net v0.20.0 // indirect
 	golang.org/x/oauth2 v0.13.0 // indirect
 	golang.org/x/sys v0.16.0 // indirect
@@ -398,7 +400,6 @@ require (
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	helm.sh/helm/v3 v3.14.0 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
 	k8s.io/apimachinery v0.29.0 // indirect
 	k8s.io/apiserver v0.29.0 // indirect
@@ -432,3 +433,5 @@ replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d3
 // testcontainers-go has a bug with versions v0.25.0 and v0.26.0
 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782
 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0
+
+replace github.com/aquasecurity/trivy-aws => /Users/simarpreetsingh/repos/trivy-aws

go.sum

@@ -349,12 +349,8 @@ github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da h1:pj/adfN
 github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da/go.mod h1:852lbQLpK2nCwlR4ZLYIccxYCfoQao6q9Nl6tjz54v8=
 github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
-github.com/aquasecurity/trivy-aws v0.7.1 h1:XElKZsP9Hqe2JVekQgGCIkFtgRgVlP+80wKL2JWBctk=
-github.com/aquasecurity/trivy-aws v0.7.1/go.mod h1:bJT7pzsqo9q5yi3arJSt789bAH0eDb7c+niFYMBNcMQ=
 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c=
 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs=
-github.com/aquasecurity/trivy-iac v0.8.0 h1:NKFhk/BTwQ0jIh4t74V8+6UIGUvPlaxO9HPlSMQi3fo=
-github.com/aquasecurity/trivy-iac v0.8.0/go.mod h1:ARiMeNqcaVWOXJmp8hmtMnNm/Jd836IOmDBUW5r4KEk=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
 github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1 h1:/LsIHMQJ4SOxZeib/bvLP7S3YDTXJVIsQyS4kIIP0GQ=

internal/adapters/arm/adapt.go

@@ -0,0 +1,50 @@
+package arm
+
+import (
+	"context"
+
+	"github.com/aquasecurity/trivy/internal/adapters/arm/appservice"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/authorization"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/compute"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/container"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/database"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/datafactory"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/datalake"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/keyvault"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/monitor"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/network"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/securitycenter"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/storage"
+	"github.com/aquasecurity/trivy/internal/adapters/arm/synapse"
+
+	"github.com/aquasecurity/trivy/pkg/providers/azure"
+	scanner "github.com/aquasecurity/trivy/pkg/scanners/azure"
+	"github.com/aquasecurity/trivy/pkg/state"
+)
+
+// Adapt ...
+func Adapt(ctx context.Context, deployment scanner.Deployment) *state.State {
+	return &state.State{
+		Azure: adaptAzure(deployment),
+	}
+}
+
+func adaptAzure(deployment scanner.Deployment) azure.Azure {
+
+	return azure.Azure{
+		AppService:     appservice.Adapt(deployment),
+		Authorization:  authorization.Adapt(deployment),
+		Compute:        compute.Adapt(deployment),
+		Container:      container.Adapt(deployment),
+		Database:       database.Adapt(deployment),
+		DataFactory:    datafactory.Adapt(deployment),
+		DataLake:       datalake.Adapt(deployment),
+		KeyVault:       keyvault.Adapt(deployment),
+		Monitor:        monitor.Adapt(deployment),
+		Network:        network.Adapt(deployment),
+		SecurityCenter: securitycenter.Adapt(deployment),
+		Storage:        storage.Adapt(deployment),
+		Synapse:        synapse.Adapt(deployment),
+	}
+
+}

internal/adapters/arm/appservice/adapt.go

@@ -0,0 +1,58 @@
+package appservice
+
+import (
+	"github.com/aquasecurity/trivy/pkg/providers/azure/appservice"
+	"github.com/aquasecurity/trivy/pkg/scanners/azure"
+	defsecTypes "github.com/aquasecurity/trivy/pkg/types"
+)
+
+func Adapt(deployment azure.Deployment) appservice.AppService {
+	return appservice.AppService{
+		Services:     adaptServices(deployment),
+		FunctionApps: adaptFunctionApps(deployment),
+	}
+}
+
+func adaptFunctionApps(deployment azure.Deployment) []appservice.FunctionApp {
+	var functionApps []appservice.FunctionApp
+
+	for _, resource := range deployment.GetResourcesByType("Microsoft.Web/sites") {
+		functionApps = append(functionApps, adaptFunctionApp(resource))
+	}
+	return functionApps
+}
+
+func adaptServices(deployment azure.Deployment) []appservice.Service {
+	var services []appservice.Service
+	for _, resource := range deployment.GetResourcesByType("Microsoft.Web/sites") {
+		services = append(services, adaptService(resource))
+	}
+	return services
+}
+
+func adaptFunctionApp(resource azure.Resource) appservice.FunctionApp {
+	return appservice.FunctionApp{
+		Metadata:  resource.Metadata,
+		HTTPSOnly: resource.Properties.GetMapValue("httpsOnly").AsBoolValue(false, resource.Properties.GetMetadata()),
+	}
+}
+
+func adaptService(resource azure.Resource) appservice.Service {
+	return appservice.Service{
+		Metadata:         resource.Metadata,
+		EnableClientCert: resource.Properties.GetMapValue("clientCertEnabled").AsBoolValue(false, resource.Properties.GetMetadata()),
+		Identity: struct{ Type defsecTypes.StringValue }{
+			Type: resource.Properties.GetMapValue("identity").GetMapValue("type").AsStringValue("", resource.Properties.GetMetadata()),
+		},
+		Authentication: struct{ Enabled defsecTypes.BoolValue }{
+			Enabled: resource.Properties.GetMapValue("siteAuthSettings").GetMapValue("enabled").AsBoolValue(false, resource.Properties.GetMetadata()),
+		},
+		Site: struct {
+			EnableHTTP2       defsecTypes.BoolValue
+			MinimumTLSVersion defsecTypes.StringValue
+		}{
+			EnableHTTP2:       resource.Properties.GetMapValue("httpsOnly").AsBoolValue(false, resource.Properties.GetMetadata()),
+			MinimumTLSVersion: resource.Properties.GetMapValue("minTlsVersion").AsStringValue("", resource.Properties.GetMetadata()),
+		},
+	}
+}

internal/adapters/arm/authorization/adapt.go

@@ -0,0 +1,38 @@
+package authorization
+
+import (
+	"github.com/aquasecurity/trivy/pkg/providers/azure/authorization"
+	"github.com/aquasecurity/trivy/pkg/scanners/azure"
+)
+
+func Adapt(deployment azure.Deployment) authorization.Authorization {
+	return authorization.Authorization{
+		RoleDefinitions: adaptRoleDefinitions(deployment),
+	}
+}
+
+func adaptRoleDefinitions(deployment azure.Deployment) (roleDefinitions []authorization.RoleDefinition) {
+	for _, resource := range deployment.GetResourcesByType("Microsoft.Authorization/roleDefinitions") {
+		roleDefinitions = append(roleDefinitions, adaptRoleDefinition(resource))
+	}
+	return roleDefinitions
+}
+
+func adaptRoleDefinition(resource azure.Resource) authorization.RoleDefinition {
+
+	return authorization.RoleDefinition{
+		Metadata:         resource.Metadata,
+		Permissions:      adaptPermissions(resource),
+		AssignableScopes: resource.Properties.GetMapValue("assignableScopes").AsStringValuesList(""),
+	}
+}
+
+func adaptPermissions(resource azure.Resource) (permissions []authorization.Permission) {
+	for _, permission := range resource.Properties.GetMapValue("permissions").AsList() {
+		permissions = append(permissions, authorization.Permission{
+			Metadata: resource.Metadata,
+			Actions:  permission.GetMapValue("actions").AsStringValuesList(""),
+		})
+	}
+	return permissions
+}

internal/adapters/arm/compute/adapt.go

@@ -0,0 +1,85 @@
+package compute
+
+import (
+	"github.com/aquasecurity/trivy/pkg/providers/azure/compute"
+	"github.com/aquasecurity/trivy/pkg/scanners/azure"
+	defsecTypes "github.com/aquasecurity/trivy/pkg/types"
+)
+
+func Adapt(deployment azure.Deployment) compute.Compute {
+	return compute.Compute{
+		LinuxVirtualMachines:   adaptLinuxVirtualMachines(deployment),
+		WindowsVirtualMachines: adaptWindowsVirtualMachines(deployment),
+		ManagedDisks:           adaptManagedDisks(deployment),
+	}
+}
+
+func adaptManagedDisks(deployment azure.Deployment) (managedDisks []compute.ManagedDisk) {
+
+	for _, resource := range deployment.GetResourcesByType("Microsoft.Compute/disks") {
+		managedDisks = append(managedDisks, adaptManagedDisk(resource))
+	}
+
+	return managedDisks
+}
+
+func adaptManagedDisk(resource azure.Resource) compute.ManagedDisk {
+	hasEncryption := resource.Properties.HasKey("encryption")
+
+	return compute.ManagedDisk{
+		Metadata: resource.Metadata,
+		Encryption: compute.Encryption{
+			Metadata: resource.Metadata,
+			Enabled:  defsecTypes.Bool(hasEncryption, resource.Metadata),
+		},
+	}
+}
+
+func adaptWindowsVirtualMachines(deployment azure.Deployment) (windowsVirtualMachines []compute.WindowsVirtualMachine) {
+	for _, resource := range deployment.GetResourcesByType("Microsoft.Compute/virtualMachines") {
+		if resource.Properties.GetMapValue("osProfile").GetMapValue("windowsConfiguration").AsMap() != nil {
+			windowsVirtualMachines = append(windowsVirtualMachines, adaptWindowsVirtualMachine(resource))
+		}
+	}
+
+	return windowsVirtualMachines
+}
+
+func adaptWindowsVirtualMachine(resource azure.Resource) compute.WindowsVirtualMachine {
+	return compute.WindowsVirtualMachine{
+		Metadata: resource.Metadata,
+		VirtualMachine: compute.VirtualMachine{
+			Metadata: resource.Metadata,
+			CustomData: resource.Properties.GetMapValue("osProfile").
+				GetMapValue("customData").AsStringValue("", resource.Metadata),
+		},
+	}
+}
+
+func adaptLinuxVirtualMachines(deployment azure.Deployment) (linuxVirtualMachines []compute.LinuxVirtualMachine) {
+	for _, resource := range deployment.GetResourcesByType("Microsoft.Compute/virtualMachines") {
+		if resource.Properties.GetMapValue("osProfile").GetMapValue("linuxConfiguration").AsMap() != nil {
+			linuxVirtualMachines = append(linuxVirtualMachines, adaptLinuxVirtualMachine(resource))
+		}
+	}
+
+	return linuxVirtualMachines
+}
+
+func adaptLinuxVirtualMachine(resource azure.Resource) compute.LinuxVirtualMachine {
+	return compute.LinuxVirtualMachine{
+		Metadata: resource.Metadata,
+		VirtualMachine: compute.VirtualMachine{
+			Metadata: resource.Metadata,
+			CustomData: resource.Properties.GetMapValue("osProfile").
+				GetMapValue("customData").AsStringValue("", resource.Metadata),
+		},
+		OSProfileLinuxConfig: compute.OSProfileLinuxConfig{
+			Metadata: resource.Metadata,
+			DisablePasswordAuthentication: resource.Properties.GetMapValue("osProfile").
+				GetMapValue("linuxConfiguration").
+				GetMapValue("disablePasswordAuthentication").AsBoolValue(false, resource.Metadata),
+		},
+	}
+
+}