Add multi-arch images support

README.md

@@ -29,6 +29,8 @@ See [Installation](#installation) and [Common Examples](#common-examples)
 
 # TOC
 
+- [Checkpoints Comparison](#checkpoints-comparison)
+- [TOC](#toc)
 - [Features](#features)
 - [Comparison](#comparison)
 - [Installation](#installation)
@@ -46,25 +48,34 @@ See [Installation](#installation) and [Common Examples](#common-examples)
   - [Basic](#basic)
   - [Docker](#docker)
 - [Checkpoint Summary](#checkpoint-summary)
-- [Common Examples](#common-examples)
-  - [Scan an image](#scan-an-image)
-  - [Scan an image file](#scan-an-image-file)
-  - [Get or Save the results as JSON](#get-or-save-the-results-as-json)
-  - [Specify exit code](#specify-exit-code)
-  - [Specify exit level](#specify-exit-level)
-  - [Ignore the specified checkpoints](#ignore-the-specified-checkpoints)
-- [Continuous Integration](#continuous-integration-ci)
-  - [GitHub Action](#github-action)
-  - [Travis CI](#travis-ci)
-  - [CircleCI](#circleci)
+  - [Level](#level)
+  - [Common Examples](#common-examples)
+    - [Scan an image](#scan-an-image)
+    - [Scan an image file](#scan-an-image-file)
+    - [Get or Save the results as JSON](#get-or-save-the-results-as-json)
+    - [Get or Save the results as SARIF](#get-or-save-the-results-as-sarif)
+    - [Specify exit code](#specify-exit-code)
+    - [Specify exit level](#specify-exit-level)
+    - [Ignore the specified checkpoints](#ignore-the-specified-checkpoints)
+    - [Accept suspicious `environment variables` / `files` / `file extensions`](#accept-suspicious-environment-variables--files--file-extensions)
+    - [Reject suspicious `environment variables` / `files` / `file extensions`](#reject-suspicious-environment-variables--files--file-extensions)
+  - [Continuous Integration (CI)](#continuous-integration-ci)
+    - [GitHub Action](#github-action)
+    - [Travis CI](#travis-ci)
+    - [CircleCI](#circleci)
   - [GitLab CI](#gitlab-ci)
-  - [Authorization for Private Docker Registry](#authorization-for-private-docker-registry) 
-- [Checkpoint Details](CHECKPOINT.md)
-  - CIS's Docker Image Checkpoints
-  - Dockle Checkpoints for Docker
-  - Dockle Checkpoints for Linux
-- [Credits](#credits)
-- [Roadmap](#roadmap)
+  - [Authorization for Private Docker Registry](#authorization-for-private-docker-registry)
+    - [Docker Hub](#docker-hub)
+    - [Amazon ECR (Elastic Container Registry)](#amazon-ecr-elastic-container-registry)
+    - [GCR (Google Container Registry)](#gcr-google-container-registry)
+    - [Self Hosted Registry (BasicAuth)](#self-hosted-registry-basicauth)
+  - [Contributors](#contributors)
+    - [Code Contributors](#code-contributors)
+    - [Financial Contributors](#financial-contributors)
+      - [Individuals](#individuals)
+      - [Organizations](#organizations)
+- [License](#license)
+- [Author](#author)
 
 # Features
 
@@ -317,6 +328,12 @@ Simply specify an image name (and a tag).
 $ dockle goodwithtech/test-image:v1
 ```
 
+If the image is multi-arch, select a platform explicitly (defaults to host):
+
+```bash
+$ dockle --platform linux/arm64 goodwithtech/test-image:v1
+```
+
 <details>
 <summary>Result</summary>
 

go.mod

@@ -3,10 +3,10 @@ module github.com/SpazioDati/dockle
 go 1.22.10
 
 require (
+	github.com/SpazioDati/deckoder v0.0.7-sd
 	github.com/containers/image/v5 v5.33.0
 	github.com/d4l3k/messagediff v1.2.2-0.20180726183240-b9e99b2f9263
 	github.com/docker/go-connections v0.5.0
-	github.com/goodwithtech/deckoder v0.0.6
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/owenrumney/go-sarif/v2 v2.0.17

go.sum

@@ -19,6 +19,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg=
 github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y=
+github.com/SpazioDati/deckoder v0.0.7-sd h1:xMcdZLnBXYRffvt75EY6aSfuUmRPjZ69WMDXaiEUkRQ=
+github.com/SpazioDati/deckoder v0.0.7-sd/go.mod h1:IecdnM9f2nPWsuWR/nFIBFjO6TS5I95WLH3o23EqyTY=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
 github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
@@ -111,8 +113,6 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/goodwithtech/deckoder v0.0.6 h1:7PI0tzMElK5FH85BaGYmeDTSQF6ny6MM8sgMfovCkoA=
-github.com/goodwithtech/deckoder v0.0.6/go.mod h1:IkAGj3DCFBLgnZ0JrWl7Q2Au1tHZff7pkPWCZD0HHW8=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=

pkg/app.go

@@ -44,6 +44,11 @@ OPTIONS:
 			Name:  "input",
 			Usage: "input file path instead of image name",
 		},
+		cli.StringFlag{
+			Name:   "platform",
+			EnvVar: "DOCKLE_PLATFORM",
+			Usage:  "target platform (os/arch[/variant]) when fetching the image",
+		},
 		cli.StringSliceFlag{
 			Name:   "ignore, i",
 			EnvVar: "DOCKLE_IGNORES",

pkg/assessor/assessor.go

@@ -3,7 +3,7 @@ package assessor
 import (
 	"os"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/assessor/cache"
 	"github.com/SpazioDati/dockle/pkg/assessor/privilege"

pkg/assessor/cache/cache.go

@@ -6,8 +6,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
-	"github.com/goodwithtech/deckoder/utils"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
+	"github.com/SpazioDati/deckoder/utils"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 	"github.com/SpazioDati/dockle/pkg/types"

pkg/assessor/cache/cache_test.go

@@ -3,9 +3,9 @@ package cache
 import (
 	"testing"
 
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 	"github.com/SpazioDati/dockle/pkg/log"
 	"github.com/SpazioDati/dockle/pkg/types"
-	deckodertypes "github.com/goodwithtech/deckoder/types"
 )
 
 func init() {

pkg/assessor/contentTrust/contentTrust.go

@@ -3,7 +3,7 @@ package contentTrust
 import (
 	"os"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 	"github.com/SpazioDati/dockle/pkg/types"

pkg/assessor/credential/credential.go

@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 	"unicode/utf8"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 

pkg/assessor/group/group.go

@@ -7,7 +7,7 @@ import (
 	"os"
 	"strings"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 

pkg/assessor/hosts/hosts.go

@@ -3,7 +3,7 @@ package hosts
 import (
 	"os"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 	"github.com/SpazioDati/dockle/pkg/types"

pkg/assessor/manifest/manifest.go

@@ -10,7 +10,7 @@ import (
 	"strings"
 	"time"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/google/shlex"
 

pkg/assessor/passwd/passwd.go

@@ -7,7 +7,7 @@ import (
 	"os"
 	"strings"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 

pkg/assessor/privilege/suid.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/types"
 )

pkg/assessor/user/user.go

@@ -7,7 +7,7 @@ import (
 	"os"
 	"strings"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/log"
 	"github.com/SpazioDati/dockle/pkg/types"

pkg/run.go

@@ -11,8 +11,8 @@ import (
 	"github.com/SpazioDati/dockle/pkg/assessor/credential"
 	"github.com/SpazioDati/dockle/pkg/assessor/manifest"
 
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 	"github.com/containers/image/v5/transports/alltransports"
-	deckodertypes "github.com/goodwithtech/deckoder/types"
 
 	"github.com/SpazioDati/dockle/config"
 	"github.com/SpazioDati/dockle/pkg/utils"
@@ -63,6 +63,7 @@ func Run(c *cli.Context) (err error) {
 		Timeout:               c.Duration("timeout"),
 		UserName:              c.String("username"),
 		Password:              c.String("password"),
+		Platform:              c.String("platform"),
 		InsecureSkipTLSVerify: c.Bool("insecure"),
 		DockerDaemonHost:      getDockerSockPath(c),
 		DockerDaemonCertPath:  c.String("cert-path"),

pkg/scanner/scan.go

@@ -7,10 +7,10 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/goodwithtech/deckoder/analyzer"
-	"github.com/goodwithtech/deckoder/extractor"
-	"github.com/goodwithtech/deckoder/extractor/docker"
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	"github.com/SpazioDati/deckoder/analyzer"
+	"github.com/SpazioDati/deckoder/extractor"
+	"github.com/SpazioDati/deckoder/extractor/docker"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/SpazioDati/dockle/pkg/types"
 

pkg/scanner/scan_test.go

@@ -8,7 +8,7 @@ import (
 
 	"github.com/google/go-cmp/cmp/cmpopts"
 
-	deckodertypes "github.com/goodwithtech/deckoder/types"
+	deckodertypes "github.com/SpazioDati/deckoder/types"
 
 	"github.com/google/go-cmp/cmp"