⭐️ trace-id argument for cnquery (#1244)

* ⭐️ trace-id argument for cnquery
* 🧹 update to latest cnquery

apps/cnspec/cmd/scan.go

@@ -66,6 +66,7 @@ func init() {
 	_ = scanCmd.Flags().String("asset-name", "", "User-override for the asset name")
 	_ = scanCmd.Flags().StringToString("annotation", nil, "Add an annotation to the asset.") // user-added, editable
 	_ = scanCmd.Flags().StringToString("props", nil, "Custom values for properties")
+	_ = scanCmd.Flags().String("trace-id", "", "Trace identifier")
 
 	// v6 should make detect-cicd and category flag public
 	_ = scanCmd.Flags().Bool("detect-cicd", true, "Try to detect CI/CD environments. If detected, set the asset category to 'cicd'.")
@@ -112,6 +113,7 @@ To manually configure a policy, use this:
 		_ = viper.BindPFlag("policy-bundle", cmd.Flags().Lookup("policy-bundle"))
 		_ = viper.BindPFlag("detect-cicd", cmd.Flags().Lookup("detect-cicd"))
 		_ = viper.BindPFlag("asset-name", cmd.Flags().Lookup("asset-name"))
+		_ = viper.BindPFlag("trace-id", cmd.Flags().Lookup("trace-id"))
 		_ = viper.BindPFlag("category", cmd.Flags().Lookup("category"))
 		_ = viper.BindPFlag("score-threshold", cmd.Flags().Lookup("score-threshold"))
 
@@ -245,6 +247,11 @@ func getCobraScanConfig(cmd *cobra.Command, runtime *providers.Runtime, cliRes *
 		cliRes.Asset.Name = assetName
 	}
 
+	traceId := viper.GetString("trace-id")
+	if traceId != "" && cliRes.Asset != nil {
+		cliRes.Asset.TraceId = traceId
+	}
+
 	inv, err := inventoryloader.ParseOrUse(cliRes.Asset, viper.GetBool("insecure"), optAnnotations)
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to parse inventory")

cli/reporter/aws_sqs_handler.go

@@ -47,10 +47,14 @@ func (h *awsSqsHandler) WriteReport(ctx context.Context, report *policy.ReportCo
 
 func (h *awsSqsHandler) convertReport(report *policy.ReportCollection) ([]byte, error) {
 	switch h.format {
-	case FormatYAML:
-		return reportToYaml(report)
-	case FormatJSON:
-		return reportToJson(report)
+	case FormatYAMLv1:
+		return reportToYamlV1(report)
+	case FormatJSONv1:
+		return reportToJsonV1(report)
+	case FormatYAMLv2:
+		return reportToYamlV2(report)
+	case FormatJSONv2:
+		return reportToJsonV2(report)
 	default:
 		return nil, fmt.Errorf("'%s' is not supported in the aws sqs handler, please use one of the other formats", string(h.format))
 	}

cli/reporter/azure_service_bus_handler.go

@@ -55,7 +55,7 @@ func (h *azureSbusHandler) WriteReport(ctx context.Context, report *policy.Repor
 	msg := &azservicebus.Message{
 		Body: data,
 	}
-	if h.format == FormatJSON {
+	if h.format == FormatJSONv1 || h.format == FormatJSONv2 {
 		typ := "application/json"
 		msg.ContentType = &typ
 	}
@@ -71,10 +71,14 @@ func (h *azureSbusHandler) WriteReport(ctx context.Context, report *policy.Repor
 
 func (h *azureSbusHandler) convertReport(report *policy.ReportCollection) ([]byte, error) {
 	switch h.format {
-	case FormatYAML:
-		return reportToYaml(report)
-	case FormatJSON:
-		return reportToJson(report)
+	case FormatYAMLv1:
+		return reportToYamlV1(report)
+	case FormatJSONv1:
+		return reportToJsonV1(report)
+	case FormatYAMLv2:
+		return reportToYamlV2(report)
+	case FormatJSONv2:
+		return reportToJsonV2(report)
 	default:
 		return nil, fmt.Errorf("'%s' is not supported in the azure service bus handler, please use one of the other formats", string(h.format))
 	}

cli/reporter/cli_reporter.go

@@ -145,18 +145,36 @@ func (r *Reporter) WriteReport(ctx context.Context, data *policy.ReportCollectio
 			data:    data,
 		}
 		return rr.print()
-	case FormatYAML:
-		yaml, err := reportToYaml(data)
+	case FormatYAMLv1:
+		yaml, err := reportToYamlV1(data)
 		if err != nil {
 			return err
 		}
 
 		_, err = r.out.Write(yaml)
 		return err
+	case FormatJSONv1:
+		yaml, err := reportToJsonV1(data)
+		if err != nil {
+			return err
+		}
 
-	case FormatJSON:
-		writer := shared.IOWriter{Writer: r.out}
-		return ConvertToJSON(data, &writer)
+		_, err = r.out.Write(yaml)
+		return err
+	case FormatJSONv2:
+		data, err := reportToJsonV2(data)
+		if err != nil {
+			return err
+		}
+		_, err = r.out.Write(data)
+		return err
+	case FormatYAMLv2:
+		data, err := reportToYamlV2(data)
+		if err != nil {
+			return err
+		}
+		_, err = r.out.Write(data)
+		return err
 	case FormatJUnit:
 		writer := shared.IOWriter{Writer: r.out}
 		return ConvertToJunit(data, &writer)
@@ -204,7 +222,7 @@ func (r *Reporter) PrintVulns(data *mvd.VulnReport, target string) error {
 	case FormatCSV:
 		writer := shared.IOWriter{Writer: r.out}
 		return VulnReportToCSV(data, &writer)
-	case FormatYAML:
+	case FormatYAMLv1, FormatYAMLv2:
 		raw := bytes.Buffer{}
 		writer := shared.IOWriter{Writer: &raw}
 		err := VulnReportToJSON(target, data, &writer)
@@ -218,7 +236,7 @@ func (r *Reporter) PrintVulns(data *mvd.VulnReport, target string) error {
 		}
 		_, err = r.out.Write(json)
 		return err
-	case FormatJSON:
+	case FormatJSONv1, FormatJSONv2:
 		writer := shared.IOWriter{Writer: r.out}
 		return VulnReportToJSON(target, data, &writer)
 	default:

cli/reporter/cli_reporter_test.go

@@ -86,7 +86,7 @@ func TestVulnReporter(t *testing.T) {
 	assert.Contains(t, buf.String(), "5.5    libblkid1       2.34-0.1ubuntu9.1")
 	assert.Contains(t, buf.String(), "USN-5279-1")
 
-	r = NewReporter(FormatYAML, false)
+	r = NewReporter(FormatYAMLv1, false)
 	r.out = &writer
 	require.NoError(t, err)
 

cli/reporter/json_test.go

@@ -30,7 +30,7 @@ func TestJsonOutput(t *testing.T) {
 	writer := shared.IOWriter{Writer: &buf}
 
 	r := &Reporter{
-		Format:  FormatJSON,
+		Format:  FormatJSONv1,
 		Printer: &printer.DefaultPrinter,
 		Colors:  &colors.DefaultColorTheme,
 		out:     &writer,
@@ -57,7 +57,7 @@ func TestJsonOutputOnlyErrors(t *testing.T) {
 	writer := shared.IOWriter{Writer: &buf}
 
 	r := &Reporter{
-		Format:  FormatJSON,
+		Format:  FormatJSONv1,
 		Printer: &printer.DefaultPrinter,
 		Colors:  &colors.DefaultColorTheme,
 		out:     &writer,

cli/reporter/output_handler.go

@@ -72,8 +72,8 @@ func determineOutputType(target string) OutputTarget {
 	return LOCAL_FILE
 }
 
-func reportToYaml(report *policy.ReportCollection) ([]byte, error) {
-	json, err := reportToJson(report)
+func reportToYamlV1(report *policy.ReportCollection) ([]byte, error) {
+	json, err := reportToJsonV1(report)
 	if err != nil {
 		return nil, err
 	}
@@ -84,7 +84,7 @@ func reportToYaml(report *policy.ReportCollection) ([]byte, error) {
 	return yaml, nil
 }
 
-func reportToJson(report *policy.ReportCollection) ([]byte, error) {
+func reportToJsonV1(report *policy.ReportCollection) ([]byte, error) {
 	raw := bytes.Buffer{}
 	writer := shared.IOWriter{Writer: &raw}
 	err := ConvertToJSON(report, &writer)
@@ -93,3 +93,24 @@ func reportToJson(report *policy.ReportCollection) ([]byte, error) {
 	}
 	return raw.Bytes(), nil
 }
+
+func reportToYamlV2(report *policy.ReportCollection) ([]byte, error) {
+	json, err := reportToJsonV2(report)
+	if err != nil {
+		return nil, err
+	}
+	yaml, err := yaml.JSONToYAML(json)
+	if err != nil {
+		return nil, err
+	}
+	return yaml, nil
+}
+
+func reportToJsonV2(report *policy.ReportCollection) ([]byte, error) {
+	r, err := ConvertToProto(report)
+	if err != nil {
+		return nil, err
+	}
+
+	return r.ToJSON()
+}

cli/reporter/print.go

@@ -19,10 +19,12 @@ const (
 	FormatSummary
 	FormatFull
 	FormatReport
-	FormatYAML
-	FormatJSON
+	FormatYAMLv1
+	FormatJSONv1
 	FormatJUnit
 	FormatCSV
+	FormatJSONv2
+	FormatYAMLv2
 )
 
 // Formats that are supported by the reporter
@@ -32,9 +34,13 @@ var Formats = map[string]Format{
 	"full":    FormatFull,
 	"":        FormatCompact,
 	"report":  FormatReport,
-	"yaml":    FormatYAML,
-	"yml":     FormatYAML,
-	"json":    FormatJSON,
+	"yaml-v1": FormatYAMLv1,
+	"yaml-v2": FormatYAMLv2,
+	"yaml":    FormatYAMLv1,
+	"yml":     FormatYAMLv2,
+	"json-v1": FormatJSONv1,
+	"json-v2": FormatJSONv2,
+	"json":    FormatJSONv1,
 	"junit":   FormatJUnit,
 	"csv":     FormatCSV,
 }

cli/reporter/proto.go

@@ -54,6 +54,7 @@ func ConvertToProto(data *policy.ReportCollection) (*Report, error) {
 			Mrn:          a.Mrn,
 			Name:         a.Name,
 			PlatformName: platformName,
+			TraceId:      a.TraceId,
 		}
 		protoReport.Assets[assetMrn] = pAsset
 	}
@@ -178,8 +179,9 @@ func (r *Report) ToCnqueryReport() *cr.Report {
 
 	for id, asset := range r.Assets {
 		report.Assets[id] = &cr.Asset{
-			Mrn:  asset.Mrn,
-			Name: asset.Name,
+			Mrn:     asset.Mrn,
+			Name:    asset.Name,
+			TraceId: asset.TraceId,
 		}
 	}
 

go.mod

@@ -33,13 +33,13 @@ require (
 	github.com/spf13/pflag v1.0.6-0.20201009195203-85dd5c8bc61c
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.9.0
-	go.mondoo.com/cnquery/v10 v10.11.1
-	go.mondoo.com/mondoo-go v0.0.0-20240312054001-2ab23a39b500
+	go.mondoo.com/cnquery/v10 v10.11.2-0.20240415171324-5136576b9e88
+	go.mondoo.com/mondoo-go v0.0.0-20240410071618-4acf10b559af
 	go.mondoo.com/ranger-rpc v0.6.0
 	go.opentelemetry.io/otel v1.25.0
 	gocloud.dev v0.37.0
 	golang.org/x/sys v0.19.0
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57
@@ -89,7 +89,7 @@ require (
 	github.com/ashanbrown/forbidigo v1.6.0 // indirect
 	github.com/ashanbrown/makezero v1.1.1 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
-	github.com/aws/aws-sdk-go v1.51.16 // indirect
+	github.com/aws/aws-sdk-go v1.51.21 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
@@ -114,7 +114,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240401215612-c264f63f0692 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240409155312-26d1ea377073 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bkielbasa/cyclop v1.2.1 // indirect
@@ -152,9 +152,9 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/denis-tingaikin/go-header v0.5.0 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v26.0.0+incompatible // indirect
+	github.com/docker/cli v26.0.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v26.0.0+incompatible // indirect
+	github.com/docker/docker v26.0.1+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.1 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -297,7 +297,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/package-url/packageurl-go v0.1.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.1 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/sftp v1.13.6 // indirect
@@ -374,7 +374,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.22.0 // indirect
-	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect
+	golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20240325151524-a685a6edb6d8 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
@@ -386,9 +386,9 @@ require (
 	golang.org/x/tools v0.20.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	google.golang.org/api v0.172.0 // indirect
-	google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240401170217-c3f982113cda // indirect
-	google.golang.org/grpc v1.63.0 // indirect
+	google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56 // indirect
+	google.golang.org/grpc v1.63.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -400,10 +400,10 @@ require (
 	k8s.io/component-base v0.29.0 // indirect
 	k8s.io/klog/v2 v2.110.1 // indirect
 	k8s.io/kubelet v0.29.0 // indirect
-	modernc.org/libc v1.49.2 // indirect
+	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.8.0 // indirect
-	modernc.org/sqlite v1.29.5 // indirect
+	modernc.org/sqlite v1.29.6 // indirect
 	moul.io/http2curl v1.0.0 // indirect
 	mvdan.cc/gofumpt v0.6.0 // indirect
 	mvdan.cc/unparam v0.0.0-20240104100049-c549a3470d14 // indirect