feature: Add support for trivy configuration

Author: machadoit

.codacy/codacy.yaml

@@ -2,4 +2,4 @@ runtimes:
     - [email protected]
 tools:
     - [email protected]
-    - trivy@0.50.0
+    - trivy@0.59.1

cmd/init.go

@@ -72,20 +72,25 @@ func createConfigurationFile(tools []tools.Tool) error {
 
 func configFileTemplate(tools []tools.Tool) string {
 
-	// Default version
+	// Default versions
 	eslintVersion := "9.3.0"
+	trivyVersion := "0.59.1" // Latest stable version
 
 	for _, tool := range tools {
 		if tool.Uuid == "f8b29663-2cb2-498d-b923-a10c6a8c05cd" {
 			eslintVersion = tool.Version
 		}
+		if tool.Uuid == "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb" {
+			trivyVersion = tool.Version
+		}
 	}
 
 	return fmt.Sprintf(`runtimes:
     - [email protected]
 tools:
     - eslint@%s
-`, eslintVersion)
+    - trivy@%s
+`, eslintVersion, trivyVersion)
 }
 
 func buildRepositoryConfigurationFiles(token string) error {
@@ -150,7 +155,24 @@ func buildRepositoryConfigurationFiles(token string) error {
 	_, err = eslintConfigFile.WriteString(eslintConfigurationString)
 	if err != nil {
 		log.Fatal(err)
+	}
 
+	// Create Trivy configuration after processing ESLint
+	trivyApiConfiguration := extractTrivyConfiguration(apiToolConfigurations)
+	if trivyApiConfiguration != nil {
+		// Create trivy.yaml file based on API configuration
+		err = createTrivyConfigFile(*trivyApiConfiguration)
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println("Trivy configuration created based on Codacy settings")
+	} else {
+		// Create default trivy.yaml if no configuration from API
+		err = createDefaultTrivyConfigFile()
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println("Default Trivy configuration created")
 	}
 
 	return nil
@@ -197,6 +219,20 @@ func extractESLintConfiguration(toolConfigurations []CodacyToolConfiguration) *C
 	return nil
 }
 
+// extractTrivyConfiguration extracts Trivy configuration from the Codacy API response
+func extractTrivyConfiguration(toolConfigurations []CodacyToolConfiguration) *CodacyToolConfiguration {
+	// Trivy internal codacy uuid
+	const TrivyUUID = "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb"
+
+	for _, toolConfiguration := range toolConfigurations {
+		if toolConfiguration.Uuid == TrivyUUID {
+			return &toolConfiguration
+		}
+	}
+
+	return nil
+}
+
 type CodacyToolConfiguration struct {
 	Uuid      string                 `json:"uuid"`
 	IsEnabled bool                   `json:"isEnabled"`
@@ -212,3 +248,65 @@ type ParameterConfiguration struct {
 	name  string `json:"name"`
 	value string `json:"value"`
 }
+
+// createTrivyConfigFile creates a trivy.yaml configuration file based on the API configuration
+func createTrivyConfigFile(config CodacyToolConfiguration) error {
+	// Convert CodacyToolConfiguration to tools.ToolConfiguration
+	trivyDomainConfiguration := convertAPIToolConfigurationForTrivy(config)
+
+	// Use the shared CreateTrivyConfig function to generate the config content
+	trivyConfigurationString := tools.CreateTrivyConfig(trivyDomainConfiguration)
+
+	// Write to file
+	return os.WriteFile("trivy.yaml", []byte(trivyConfigurationString), 0644)
+}
+
+// convertAPIToolConfigurationForTrivy converts API tool configuration to domain model for Trivy
+func convertAPIToolConfigurationForTrivy(config CodacyToolConfiguration) tools.ToolConfiguration {
+	var patterns []tools.PatternConfiguration
+
+	// Only process if tool is enabled
+	if config.IsEnabled {
+		for _, pattern := range config.Patterns {
+			var parameters []tools.PatternParameterConfiguration
+
+			// By default patterns are enabled
+			patternEnabled := true
+
+			// Check if there's an explicit enabled parameter
+			for _, param := range pattern.Parameters {
+				if param.name == "enabled" && param.value == "false" {
+					patternEnabled = false
+				}
+			}
+
+			// Add enabled parameter
+			parameters = append(parameters, tools.PatternParameterConfiguration{
+				Name:  "enabled",
+				Value: fmt.Sprintf("%t", patternEnabled),
+			})
+
+			patterns = append(
+				patterns,
+				tools.PatternConfiguration{
+					PatternId:                pattern.InternalId,
+					ParamenterConfigurations: parameters,
+				},
+			)
+		}
+	}
+
+	return tools.ToolConfiguration{
+		PatternsConfiguration: patterns,
+	}
+}
+
+// createDefaultTrivyConfigFile creates a default trivy.yaml configuration file
+func createDefaultTrivyConfigFile() error {
+	// Use empty tool configuration to get default settings
+	emptyConfig := tools.ToolConfiguration{}
+	content := tools.CreateTrivyConfig(emptyConfig)
+
+	// Write to file
+	return os.WriteFile("trivy.yaml", []byte(content), 0644)
+}

tools/testdata/repositories/trivy/expected.sarif

@@ -1,6 +1,6 @@
 {
   "version": "2.1.0",
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
   "runs": [
     {
       "tool": {
@@ -37,7 +37,7 @@
               }
             }
           ],
-          "version": "0.50.0"
+          "version": "0.59.1"
         }
       },
       "results": [

tools/trivyConfigCreator.go

@@ -0,0 +1,80 @@
+package tools
+
+import (
+	"fmt"
+	"strings"
+)
+
+// CreateTrivyConfig generates a Trivy configuration based on the tool configuration
+func CreateTrivyConfig(config ToolConfiguration) string {
+	// Default settings - include all severities and scanners
+	includeLow := true
+	includeMedium := true
+	includeHigh := true
+	includeCritical := true
+	includeSecret := true
+
+	// Process patterns from Codacy API
+	for _, pattern := range config.PatternsConfiguration {
+		// Check if pattern is enabled
+		patternEnabled := true
+		for _, param := range pattern.ParamenterConfigurations {
+			if param.Name == "enabled" && param.Value == "false" {
+				patternEnabled = false
+			}
+		}
+
+		// Map patterns to configurations
+		if pattern.PatternId == "Trivy_vulnerability_minor" {
+			includeLow = patternEnabled
+		}
+		if pattern.PatternId == "Trivy_vulnerability_medium" {
+			includeMedium = patternEnabled
+		}
+		if pattern.PatternId == "Trivy_vulnerability" {
+			// This covers HIGH and CRITICAL
+			includeHigh = patternEnabled
+			includeCritical = patternEnabled
+		}
+		if pattern.PatternId == "Trivy_secret" {
+			includeSecret = patternEnabled
+		}
+	}
+
+	// Build the severity list based on enabled patterns
+	var severities []string
+	if includeLow {
+		severities = append(severities, "LOW")
+	}
+	if includeMedium {
+		severities = append(severities, "MEDIUM")
+	}
+	if includeHigh {
+		severities = append(severities, "HIGH")
+	}
+	if includeCritical {
+		severities = append(severities, "CRITICAL")
+	}
+
+	// Build the scanners list
+	var scanners []string
+	scanners = append(scanners, "vuln") // Always include vuln scanner
+	if includeSecret {
+		scanners = append(scanners, "secret")
+	}
+
+	// Generate trivy.yaml content
+	var contentBuilder strings.Builder
+	contentBuilder.WriteString("severity:\n")
+	for _, sev := range severities {
+		contentBuilder.WriteString(fmt.Sprintf("  - %s\n", sev))
+	}
+
+	contentBuilder.WriteString("\nscan:\n")
+	contentBuilder.WriteString("  scanners:\n")
+	for _, scanner := range scanners {
+		contentBuilder.WriteString(fmt.Sprintf("    - %s\n", scanner))
+	}
+
+	return contentBuilder.String()
+}