Docker library tags improvements

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

binary.js

@@ -1,5 +1,11 @@
-import { platform as _platform, arch as _arch, tmpdir } from "node:os";
-import { existsSync, mkdtempSync, readFileSync, rmSync } from "node:fs";
+import { platform as _platform, arch as _arch, tmpdir, homedir } from "node:os";
+import {
+  existsSync,
+  mkdirSync,
+  mkdtempSync,
+  readFileSync,
+  rmSync
+} from "node:fs";
 import { join, dirname, basename } from "node:path";
 import { spawnSync } from "node:child_process";
 import { PackageURL } from "packageurl-js";
@@ -284,6 +290,13 @@ export const getOSPackages = (src) => {
   const allTypes = new Set();
   if (TRIVY_BIN) {
     let imageType = "image";
+    const trivyCacheDir = join(homedir(), ".cache", "trivy");
+    try {
+      mkdirSync(join(trivyCacheDir, "db"), { recursive: true });
+      mkdirSync(join(trivyCacheDir, "java-db"), { recursive: true });
+    } catch (err) {
+      // ignore errors
+    }
     if (existsSync(src)) {
       imageType = "rootfs";
     }
@@ -292,7 +305,10 @@ export const getOSPackages = (src) => {
     const args = [
       imageType,
       "--skip-db-update",
+      "--skip-java-db-update",
       "--offline-scan",
+      "--skip-files",
+      "**/*.jar",
       "--no-progress",
       "--exit-code",
       "0",

docker.js

@@ -333,7 +333,12 @@ export const parseImageName = (fullImageName) => {
  */
 export const getImage = async (fullImageName) => {
   let localData = undefined;
+  let pullData = undefined;
   const { repo, tag, digest } = parseImageName(fullImageName);
+  let repoWithTag = `${repo}:${tag !== "" ? tag : ":latest"}`;
+  if (repoWithTag.startsWith("library/")) {
+    repoWithTag = repoWithTag.replace("library/", "");
+  }
   // Fetch only the latest tag if none is specified
   if (tag === "" && digest === "") {
     fullImageName = fullImageName + ":latest";
@@ -379,6 +384,14 @@ export const getImage = async (fullImageName) => {
       }
     }
   }
+  try {
+    localData = await makeRequest(`images/${repoWithTag}/json`);
+    if (localData) {
+      return localData;
+    }
+  } catch (err) {
+    // ignore
+  }
   try {
     localData = await makeRequest(`images/${repo}/json`);
   } catch (err) {
@@ -397,7 +410,7 @@ export const getImage = async (fullImageName) => {
     }
     // If the data is not available locally
     try {
-      const pullData = await makeRequest(
+      pullData = await makeRequest(
         `images/create?fromImage=${fullImageName}`,
         "POST"
       );
@@ -415,15 +428,42 @@ export const getImage = async (fullImageName) => {
         return undefined;
       }
     } catch (err) {
-      // continue regardless of error
+      try {
+        if (DEBUG_MODE) {
+          console.log(`Re-trying the pull with the name ${repoWithTag}.`);
+        }
+        pullData = await makeRequest(
+          `images/create?fromImage=${repoWithTag}`,
+          "POST"
+        );
+      } catch (err) {
+        // continue regardless of error
+      }
     }
     try {
       if (DEBUG_MODE) {
-        console.log(`Trying with ${repo}`);
+        console.log(`Trying with ${repoWithTag}`);
+      }
+      localData = await makeRequest(`images/${repoWithTag}/json`);
+      if (localData) {
+        return localData;
       }
-      localData = await makeRequest(`images/${repo}/json`);
     } catch (err) {
       try {
+        if (DEBUG_MODE) {
+          console.log(`Trying with ${repo}`);
+        }
+        localData = await makeRequest(`images/${repo}/json`);
+        if (localData) {
+          return localData;
+        }
+      } catch (err) {
+        // continue regardless of error
+      }
+      try {
+        if (DEBUG_MODE) {
+          console.log(`Trying with ${fullImageName}`);
+        }
         localData = await makeRequest(`images/${fullImageName}/json`);
       } catch (err) {
         // continue regardless of error