search

CycloneDX / cdxgen-plugins-bin

Binary plugins for @cyclonedx/cdxgen npm package
Apache License 2.0
1 stars 1 forks source link

Optimize trivy plugin #3

Open prabhu opened 1 year ago

prabhu commented 1 year ago

We're stuck with trivy for a bit more time. The purpose of this ticket is to optimize and trim the size of the plugin.

Below is the main code https://github.com/CycloneDX/cdxgen-plugins-bin/blob/main/thirdparty/trivy/main.go

While this imports all the commands, we only need two commands - image and rootfs. Even rootfs alone is enough since cdxgen could work with just that.

So perhaps a much simplified version of this code

https://github.com/aquasecurity/trivy/blob/main/pkg/commands/artifact/run.go#L197

Preetam commented 1 year ago

I think you can call https://github.com/aquasecurity/trivy/blob/1be1e2e6380efd9b63913721db1b9d61e3800126/pkg/commands/artifact/run.go#L404 with the flags you need.

The NewRootfsCommand function eventually calls

return artifact.Run(cmd.Context(), options, artifact.TargetRootfs)