feat(security-toolbox): allow scanners to be configured (#421)

This PR enables passing a list of scanners to be used for policy checks.

Author: skipi

security-toolbox/docker

@@ -6,7 +6,9 @@ require_relative "policies/policy"
 
 Dir["#{__dir__}/policies/docker/*.rb"].each { |f| require_relative f }
 
-args = {}
+args = {
+  scanners: "vuln,misconfig,secret,license"
+}
 OptionParser.new do |parser|
   parser.on("-i", "--image IMAGE", "Docker image to scan") do |image|
     args[:image] = image
@@ -35,6 +37,10 @@ OptionParser.new do |parser|
   parser.on("-d", "--dependencies", "Install dependencies") do
     args[:install_dependencies] = true
   end
+
+  parser.on("", "--scanners SCANNERS", "Which scanners to use") do |scanners|
+    args[:scanners] = scanners
+  end
 end.parse!
 
 policy_file = "docker-ignore-policy.rego"

security-toolbox/policies/docker/trivy_image.rb

@@ -15,6 +15,7 @@ def initialize(args)
 
     @skip_files = args[:skip_files].to_s.split(",") || []
     @skip_dirs = args[:skip_dirs].to_s.split(",") || []
+    @scanners = args[:scanners]
   end
 
   def test

security-toolbox/policies/docker/trivy_table_output.rb

@@ -3,6 +3,8 @@
 class Policy::TrivyTableOutput < Policy
   def initialize(args)
     super(args)
+
+    @scanners = args[:scanners]
   end
 
   def test
@@ -11,7 +13,7 @@ def test
       "convert",
       "--format table",
       "--output table.txt",
-      "--scanners vuln,secret,misconfig,license",
+      "--scanners #{@scanners}",
       "out/docker-scan-trivy.json"
     ]