18517631058

Committed 15 Oct 2025 04:18AM UTC coverage: 69.207% (-11.1%) from 80.267%

Build # 18517631058

Build Type

Pull #22745

github

Committed by

web-flow

Commit Message

Merge 642a76ca1 into 99919310e

Pull Request Pull Request #22745: [windows] Add windows support in the stdio crate.

Run Details

53815 of 77759 relevant lines covered (69.21%)

2.42 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/python/pants/backend/docker/lint/trivy/rules.py

# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).
from dataclasses import dataclass
from typing import Any, cast

from pants.backend.docker.package_types import BuiltDockerImage
from pants.backend.docker.target_types import DockerImageSourceField, DockerImageTarget
from pants.backend.tools.trivy.rules import RunTrivyRequest, run_trivy
from pants.backend.tools.trivy.subsystem import SkipTrivyField, Trivy
from pants.core.goals.lint import LintResult, LintTargetsRequest
from pants.core.goals.package import (
    EnvironmentAwarePackageRequest,
    PackageFieldSet,
    environment_aware_package,
)
from pants.core.util_rules.partitions import PartitionerType
from pants.engine.addresses import Addresses
from pants.engine.internals.graph import find_valid_field_sets, resolve_targets
from pants.engine.internals.native_engine import EMPTY_DIGEST
from pants.engine.rules import collect_rules, implicitly, rule
from pants.engine.target import FieldSet, FieldSetsPerTargetRequest, Target
from pants.util.logging import LogLevel


@dataclass(frozen=True)
class TrivyDockerFieldSet(FieldSet):
    required_fields = (DockerImageSourceField,)

    source: DockerImageSourceField

    @classmethod
    def opt_out(cls, tgt: Target) -> bool:
        return tgt.get(SkipTrivyField).value


class TrivyDockerRequest(LintTargetsRequest):
    field_set_type = TrivyDockerFieldSet
    tool_subsystem = Trivy
    partitioner_type = PartitionerType.DEFAULT_ONE_PARTITION_PER_INPUT


def command_args():
    return (
        # workaround for Trivy DB being overloaded on pulls
        "--db-repository",
        "ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db",
        # quiet progress output, which just clutters logs
        "--no-progress",
    )


@rule(desc="Lint Docker image with Trivy", level=LogLevel.DEBUG)
async def run_trivy_docker(
    request: TrivyDockerRequest.Batch[TrivyDockerFieldSet, Any],
) -> LintResult:
    addrs = tuple(e.address for e in request.elements)
    tgts = await resolve_targets(**implicitly(Addresses(addrs)))

    field_sets_per_tgt = await find_valid_field_sets(
        FieldSetsPerTargetRequest(PackageFieldSet, tgts), **implicitly()
    )
    [field_set] = field_sets_per_tgt.field_sets

    package = await environment_aware_package(EnvironmentAwarePackageRequest(field_set))
    built_image: BuiltDockerImage = cast(BuiltDockerImage, package.artifacts[0])
    r = await run_trivy(
        RunTrivyRequest(
            command="image",
            command_args=command_args(),
            scanners=(),
            target=built_image.image_id,
            input_digest=EMPTY_DIGEST,
            description=f"Run Trivy on docker image {','.join(built_image.tags)}",
        ),
        **implicitly(),
    )

    return LintResult.create(request, r)


def rules():
    return (
        *collect_rules(),
        *TrivyDockerRequest.rules(),
        DockerImageTarget.register_plugin_field(SkipTrivyField),
    )

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3	from dataclasses import dataclass	×
4	from typing import Any, cast	×
5
6	from pants.backend.docker.package_types import BuiltDockerImage	×
7	from pants.backend.docker.target_types import DockerImageSourceField, DockerImageTarget	×
8	from pants.backend.tools.trivy.rules import RunTrivyRequest, run_trivy	×
9	from pants.backend.tools.trivy.subsystem import SkipTrivyField, Trivy	×
10	from pants.core.goals.lint import LintResult, LintTargetsRequest	×
11	from pants.core.goals.package import (	×
12	EnvironmentAwarePackageRequest,
13	PackageFieldSet,
14	environment_aware_package,
15	)
16	from pants.core.util_rules.partitions import PartitionerType	×
17	from pants.engine.addresses import Addresses	×
18	from pants.engine.internals.graph import find_valid_field_sets, resolve_targets	×
19	from pants.engine.internals.native_engine import EMPTY_DIGEST	×
20	from pants.engine.rules import collect_rules, implicitly, rule	×
21	from pants.engine.target import FieldSet, FieldSetsPerTargetRequest, Target	×
22	from pants.util.logging import LogLevel	×
23
24
25	@dataclass(frozen=True)	×
26	class TrivyDockerFieldSet(FieldSet):	×
27	required_fields = (DockerImageSourceField,)	×
28
29	source: DockerImageSourceField	×
30
31	@classmethod	×
32	def opt_out(cls, tgt: Target) -> bool:	×
33	return tgt.get(SkipTrivyField).value	×
34
35
36	class TrivyDockerRequest(LintTargetsRequest):	×
37	field_set_type = TrivyDockerFieldSet	×
38	tool_subsystem = Trivy	×
39	partitioner_type = PartitionerType.DEFAULT_ONE_PARTITION_PER_INPUT	×
40
41
42	def command_args():	×
43	return (	×
44	# workaround for Trivy DB being overloaded on pulls
45	"--db-repository",
46	"ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db",
47	# quiet progress output, which just clutters logs
48	"--no-progress",
49	)
50
51
52	@rule(desc="Lint Docker image with Trivy", level=LogLevel.DEBUG)	×
53	async def run_trivy_docker(	×
54	request: TrivyDockerRequest.Batch[TrivyDockerFieldSet, Any],
55	) -> LintResult:
56	addrs = tuple(e.address for e in request.elements)	×
57	tgts = await resolve_targets(**implicitly(Addresses(addrs)))	×
58
59	field_sets_per_tgt = await find_valid_field_sets(	×
60	FieldSetsPerTargetRequest(PackageFieldSet, tgts), **implicitly()
61	)
62	[field_set] = field_sets_per_tgt.field_sets	×
63
64	package = await environment_aware_package(EnvironmentAwarePackageRequest(field_set))	×
65	built_image: BuiltDockerImage = cast(BuiltDockerImage, package.artifacts[0])	×
66	r = await run_trivy(	×
67	RunTrivyRequest(
68	command="image",
69	command_args=command_args(),
70	scanners=(),
71	target=built_image.image_id,
72	input_digest=EMPTY_DIGEST,
73	description=f"Run Trivy on docker image {','.join(built_image.tags)}",
74	),
75	**implicitly(),
76	)
77
78	return LintResult.create(request, r)	×
79
80
81	def rules():	×
82	return (	×
83	*collect_rules(),
84	*TrivyDockerRequest.rules(),
85	DockerImageTarget.register_plugin_field(SkipTrivyField),
86	)

pantsbuild / pants / 18517631058

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous