deepfence
diff --git a/‎Dockerfile‎
Lines changed: 13 additions & 8 deletions b/‎Dockerfile‎
Lines changed: 13 additions & 8 deletions
diff --git a/‎Makefile‎
Lines changed: 4 additions & 4 deletions b/‎Makefile‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 3 additions & 3 deletions b/‎README.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎agent-plugins-grpc‎ b/‎agent-plugins-grpc‎
diff --git a/‎go.mod‎
Lines changed: 84 additions & 61 deletions b/‎go.mod‎
Lines changed: 84 additions & 61 deletions
@@ -1,32 +1,37 @@
-FROM golang:1.23-bookworm AS build
+FROM golang:1.25-trixie AS build
 
 RUN apt-get clean && apt-get update
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
     build-essential git gcc libc-dev libffi-dev bash make apt-utils
+
+# Copy YaraHunter first (for local replace directive)
+WORKDIR /go
+COPY YaraHunter/ YaraHunter/
+
 WORKDIR /go/package-scanner/
-COPY . .
+COPY package-scanner/ .
 
 ARG TARGETPLATFORM
 ARG MAKE_CMD=package-scanner
 RUN TARGETPLATFORM=$TARGETPLATFORM make tools
 RUN CGO_ENABLED=0 make $MAKE_CMD
 
-FROM debian:bookworm-slim
-LABEL MAINTAINER="Deepfence Inc"
+FROM debian:trixie-slim
+LABEL maintainer="Deepfence Inc"
 LABEL deepfence.role=system
 
 ENV PACKAGE_SCAN_CONCURRENCY=5 \
-    DOCKER_VERSION=27.3.1 \
-    NERDCTL_VERSION=1.7.7
+    DOCKER_VERSION=29.1.3 \
+    NERDCTL_VERSION=2.2.0
 
 # ENV GRYPE_DB_UPDATE_URL="https://threat-intel.deepfence.io/vulnerability-db/listing.json"
 
 COPY --from=build /go/package-scanner/package-scanner /usr/local/bin/package-scanner
 COPY --from=build /go/package-scanner/tools/grype-bin/grype.bin /usr/local/bin/grype
 COPY --from=build /go/package-scanner/tools/syft-bin/syft.bin /usr/local/bin/syft
 
-COPY grype.yaml /root/.grype.yaml
-COPY entrypoint.sh /entrypoint.sh
+COPY package-scanner/grype.yaml /root/.grype.yaml
+COPY package-scanner/entrypoint.sh /entrypoint.sh
 
 RUN apt-get update
 
 
@@ -1,5 +1,5 @@
 export IMAGE_REPOSITORY?=quay.io/deepfenceio
-export DF_IMG_TAG?=2.5.7
+export DF_IMG_TAG?=2.5.8
 
 all: package-scanner
 
@@ -35,15 +35,15 @@ publish-docker-cli:
 
 .PHONY: docker-cli
 docker-cli:
-	docker build --build-arg MAKE_CMD="cli" -t $(IMAGE_REPOSITORY)/deepfence_package_scanner_cli:$(DF_IMG_TAG) .
+	docker build --build-arg MAKE_CMD="cli" -t $(IMAGE_REPOSITORY)/deepfence_package_scanner_cli:$(DF_IMG_TAG) -f Dockerfile ..
 
 .PHONY: docker-cli-multi-arch-push
 docker-cli-multi-arch-push: buildx
-	docker buildx build --build-arg MAKE_CMD="cli" --platform linux/arm64,linux/amd64 --tag $(IMAGE_REPOSITORY)/deepfence_package_scanner_cli:$(DF_IMG_TAG) . --push
+	docker buildx build --build-arg MAKE_CMD="cli" --platform linux/arm64,linux/amd64 --tag $(IMAGE_REPOSITORY)/deepfence_package_scanner_cli:$(DF_IMG_TAG) -f Dockerfile .. --push
 
 .PHONY: docker-multi-arch
 docker-multi-arch:
-	docker buildx build --platform linux/arm64,linux/amd64 --tag $(IMAGE_REPOSITORY)/deepfence_package_scanner:$(DF_IMG_TAG) .
+	docker buildx build --platform linux/arm64,linux/amd64 --tag $(IMAGE_REPOSITORY)/deepfence_package_scanner:$(DF_IMG_TAG) -f Dockerfile ..
 
 .PHONY: buildx
 buildx:
 
@@ -48,16 +48,16 @@ export DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key>
 
 ## Build docker image
 1. make docker-cli
-2. docker images should show new image with name quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.7
+2. docker images should show new image with name quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.8
 ```
 $ docker images
 REPOSITORY                                          TAG       IMAGE ID       CREATED             SIZE
-quay.io/deepfenceio/deepfence_package_scanner_cli   2.5.7     e06fb1cd3868   About an hour ago   569MB
+quay.io/deepfenceio/deepfence_package_scanner_cli   2.5.8     e06fb1cd3868   About an hour ago   569MB
 nginx                                               latest    1403e55ab369   8 days ago          142MB
 ```
 
 ## Docker image standalone usage example
 ```
 docker pull nginx:latest
-docker run -it --rm -e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> -e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> -v /var/run/docker.sock:/var/run/docker.sock --name package-scanner quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.7 -source nginx:latest
+docker run -it --rm -e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> -e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> -v /var/run/docker.sock:/var/run/docker.sock --name package-scanner quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.8 -source nginx:latest
 ```
@@ -1,111 +1,134 @@
 module github.com/deepfence/package-scanner
 
-go 1.23.2
+go 1.25.5
 
 replace github.com/deepfence/agent-plugins-grpc => ./agent-plugins-grpc/
 
+replace github.com/deepfence/YaraHunter => ../YaraHunter
+
 require (
 	github.com/Jeffail/tunny v0.1.4
-	github.com/deepfence/YaraHunter v0.0.0-20250424121040-0bbd794a7321
-	github.com/deepfence/agent-plugins-grpc v1.1.0
-	github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20250404165334-270bd6030734
-	github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20250404165334-270bd6030734
-	github.com/deepfence/vessel v0.14.0
-	github.com/gin-gonic/gin v1.10.0
+	github.com/deepfence/YaraHunter v0.0.0-20251222131915-e8654b4b528f
+	github.com/deepfence/agent-plugins-grpc v0.0.0-00010101000000-000000000000
+	github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20251220185839-eab97c9c3b76
+	github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20251220185839-eab97c9c3b76
+	github.com/deepfence/vessel v0.15.0
+	github.com/gin-gonic/gin v1.11.0
 	github.com/google/uuid v1.6.0
-	github.com/olekukonko/tablewriter v0.0.5
-	github.com/sirupsen/logrus v1.9.3
-	google.golang.org/grpc v1.72.0
+	github.com/olekukonko/tablewriter v1.1.2
+	github.com/rs/zerolog v1.34.0
+	google.golang.org/grpc v1.77.0
 	gopkg.in/yaml.v3 v3.0.1
-	zombiezen.com/go/sqlite v1.4.0
-
+	zombiezen.com/go/sqlite v1.4.2
 )
 
 require (
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
-	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/Microsoft/hcsshim v0.12.9 // indirect
+	github.com/Microsoft/hcsshim v0.14.0-rc.1 // indirect
 	github.com/VirusTotal/gyp v0.9.0 // indirect
-	github.com/bytedance/sonic v1.11.6 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
-	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/containerd/cgroups/v3 v3.0.4 // indirect
-	github.com/containerd/containerd v1.7.27 // indirect
-	github.com/containerd/containerd/api v1.8.0 // indirect
+	github.com/bytedance/sonic v1.14.0 // indirect
+	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/clipperhouse/displaywidth v0.6.0 // indirect
+	github.com/clipperhouse/stringish v0.1.1 // indirect
+	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
+	github.com/containerd/cgroups/v3 v3.1.2 // indirect
+	github.com/containerd/containerd/api v1.10.0 // indirect
+	github.com/containerd/containerd/v2 v2.2.1 // indirect
 	github.com/containerd/continuity v0.4.5 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
-	github.com/containerd/platforms v0.2.1 // indirect
+	github.com/containerd/platforms v1.0.0-rc.2 // indirect
+	github.com/containerd/plugin v1.0.0 // indirect
 	github.com/containerd/ttrpc v1.2.7 // indirect
 	github.com/containerd/typeurl/v2 v2.2.3 // indirect
+	github.com/cyphar/filepath-securejoin v0.5.1 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v28.1.1+incompatible // indirect
-	github.com/docker/go-connections v0.5.0 // indirect
-	github.com/docker/go-events v0.0.0-20241114183025-9940093291f5 // indirect
+	github.com/docker/docker v28.5.2+incompatible // indirect
+	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.20.0 // indirect
+	github.com/go-playground/validator/v10 v10.27.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.11 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/klauspost/compress v1.18.1 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.19 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/sys/mountinfo v0.7.2 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/moby/sys/signal v0.7.1 // indirect
-	github.com/moby/sys/user v0.3.0 // indirect
+	github.com/moby/sys/user v0.4.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
+	github.com/olekukonko/errors v1.1.0 // indirect
+	github.com/olekukonko/ll v0.1.3 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/opencontainers/runtime-spec v1.2.0 // indirect
-	github.com/opencontainers/selinux v1.11.1 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
+	github.com/opencontainers/runtime-spec v1.3.0 // indirect
+	github.com/opencontainers/selinux v1.13.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.54.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
+	github.com/ugorji/go/codec v1.3.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
-	golang.org/x/net v0.39.0 // indirect
-	golang.org/x/sync v0.13.0 // indirect
-	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.24.0 // indirect
-	google.golang.org/genproto v0.0.0-20241202173237-19429a94021a // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
-	modernc.org/libc v1.55.3 // indirect
-	modernc.org/mathutil v1.6.0 // indirect
-	modernc.org/memory v1.8.0 // indirect
-	modernc.org/sqlite v1.33.1 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
+	go.opentelemetry.io/otel v1.38.0 // indirect
+	go.opentelemetry.io/otel/metric v1.38.0 // indirect
+	go.opentelemetry.io/otel/trace v1.38.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
+	golang.org/x/arch v0.20.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+	modernc.org/libc v1.65.7 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.11.0 // indirect
+	modernc.org/sqlite v1.37.1 // indirect
+)
+
+exclude (
+	google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8
+	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55
+	google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884
+	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013
+	google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4
+	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
 )