Merge pull request #28 from evgenyz/main

Use latest claircore with fixes for filesystem layer

Author: evgenyz

README.md

@@ -43,10 +43,6 @@ to scan the underlying system and generate vulnerabilities report.
 
 The `--root-path` argument defines root directory of the target file system.
 
-> [!CAUTION]
-> Currently the tool fails if there is a problem with accessing files (https://github.com/ComplianceAsCode/cvetool/issues/9).
-> **At this moment it is not possible to get a report for the local system**.
-
 ## Scan a Container Image
 
 Run
@@ -71,9 +67,12 @@ Run
 ```
 $ mkdir -p ./rhel10-vm
 $ guestmount -a ~/.local/share/gnome-boxes/images/rhel10.0 -i --ro ./rhel10-vm
+```
+to mount the file system, and then
+```
 $ ./cvetool scan --root-path=./rhel10-vm --db-path=./matcher.db
 ```
-to mount the file system, scan and generate vulnerabilities report.
+to scan and generate vulnerabilities report.
 
 # Report Formats
 

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/hashicorp/go-version v1.7.0
 	github.com/jackc/pgx/v5 v5.7.6
 	github.com/klauspost/compress v1.18.1
-	github.com/quay/claircore v1.5.45
+	github.com/quay/claircore v1.5.46-0.20251103030235-52da6d5c69b1
 	github.com/quay/zlog v1.1.9
 	github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319
 	github.com/rs/zerolog v1.34.0
@@ -50,7 +50,7 @@ require (
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.66.1 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
-	github.com/quay/claircore/toolkit v1.2.4 // indirect
+	github.com/quay/claircore/toolkit v1.3.0 // indirect
 	github.com/quay/claircore/updater/driver v1.0.0 // indirect
 	github.com/quay/goval-parser v0.8.8 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect

go.sum

@@ -118,11 +118,11 @@ github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9Z
 github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
 github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
 github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
-github.com/quay/claircore v1.5.45 h1:I1tzV+wQo6RJeL3TqR06KFjdvlWzkarxlYXUdACGRnM=
-github.com/quay/claircore v1.5.45/go.mod h1:yrM+K0mQ//wzZi0Bq9cIku0rQz/fV/sCjXbY8IkC4Y8=
+github.com/quay/claircore v1.5.46-0.20251103030235-52da6d5c69b1 h1:k/EWPPCvN6sjqPHB0v6hgD9TIBcLFuoFk+KlemdW6JQ=
+github.com/quay/claircore v1.5.46-0.20251103030235-52da6d5c69b1/go.mod h1:esClvBUiOAZdaG1kfAywh/mKNgcw4W0otauoLLgoiRw=
 github.com/quay/claircore/toolkit v1.0.0/go.mod h1:3ELtgf92x7o1JCTSKVOAqhcnCTXc4s5qiGaEDx62i20=
-github.com/quay/claircore/toolkit v1.2.4 h1:Ld7rve32pUOrfR+7jJA9nGHeZ8nPejpEgNWkJ7OPJZM=
-github.com/quay/claircore/toolkit v1.2.4/go.mod h1:m6ZRpxJClVAraNpIYyCsW/ULF/33ye7KkGTyNTMwvDY=
+github.com/quay/claircore/toolkit v1.3.0 h1:QncygaArnuSKbkPESD2zMDz5xJLWlJxAGPZ69XCYA5o=
+github.com/quay/claircore/toolkit v1.3.0/go.mod h1:REVn3WdU+9yMurWa+h9mfuiPWYzKqSaKIGWZ4Xanj5g=
 github.com/quay/claircore/updater/driver v1.0.0 h1:w7dAUjO3GBK6RjNyTZ2Kwz0l/Wuic3ykKJWPB80uA94=
 github.com/quay/claircore/updater/driver v1.0.0/go.mod h1:My5aY1wBpgxcWaHQZ0VoPmmj/EzuH7fq4ntzJbos4OI=
 github.com/quay/goval-parser v0.8.8 h1:Uf+f9iF2GIR5GPUY2pGoa9il2+4cdES44ZlM0mWm4cA=

image/filesystem.go

@@ -25,7 +25,7 @@ func (i *fileSystemImage) getLayers(ctx context.Context) ([]*claircore.Layer, er
 
 	desc := &claircore.LayerDescription{
 		Digest:    fmt.Sprintf("sha256:%s", strings.Repeat("1", 64)),
-		URI:       i.rootDir,
+		URI:       "file://" + i.rootDir,
 		MediaType: "application/vnd.claircore.filesystem",
 	}