Migrate Trivy integration to use Trivy's gRPC API

[nscuro]

Current Behavior

The recent breaking changes in our Trivy integration were caused by the fact that we use the HTTP API, which Trivy generates based on gRPC / Protobuf definitions. It does not actively support this API, and the team might remove it soon-ish: https://github.com/aquasecurity/trivy/discussions/7329#discussioncomment-10312595

Proposed Behavior

Migrate to Trivy's gRPC API. Client code can be generated based on Trivy's .proto definitions:

• https://github.com/aquasecurity/trivy/blob/main/rpc/common/service.proto
• https://github.com/aquasecurity/trivy/blob/main/rpc/cache/service.proto
• https://github.com/aquasecurity/trivy/blob/main/rpc/scanner/service.proto

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested

[nscuro]

Tried to implement this (current WIP state here: https://github.com/nscuro/dependency-track/commit/2495488aaf8d95a77aa304aac85409e1a5458146), but realized that Trivy indeed only exposes its gRPC services via HTTP. Blocked until the gRPC services are exposed, if the Trivy project even wants to do it.

[nscuro]

Nvm, the HTTP server exposed by Trivy also supports application/protobuf payloads. Protobuf can be used without gRPC: https://twitchtv.github.io/twirp/docs/proto_and_json.html

[github-actions[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.