Implement #Image

Signed-off-by: guillaume <guillaume.derouville@gmail.com>

stdlib/trivy/image.cue

@@ -0,0 +1,59 @@
+package trivy
+
+import (
+	"encoding/json"
+
+	"alpha.dagger.io/os"
+)
+
+// Scan an Image
+#Image: {
+	// Trivy configuration
+	config: #Config
+
+	// Image source (AWS, GCP, Docker Hub, Self hosted)
+	source: string
+
+	// Trivy Image arguments
+	args: [arg=string]: string
+	
+	// Enforce args best practices
+	args: {
+		"--exit-code": *"1" | string
+		"--severity": *"HIGH,CRITICAL" | string
+		"--format": *"table" | string
+		"--ignore-unfixed": *"true" | string
+	}
+
+	ctr: os.#Container & {
+		image: #CLI & {
+			"config": config
+		}
+		shell: {
+			path: "/bin/bash"
+			args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
+		}
+		command: #"""
+			trivyArgs="$(
+				echo "$ARGS" |
+				jq -c '
+					to_entries |
+					map(.key + " " + (.value | tostring) + " ") |
+					add
+			')"
+
+			trivy image "$trivyArgs" "$SOURCE"
+			echo "$SOURCE" > /ref
+			"""#
+		env: ARGS:   json.Marshal(args)
+		env: SOURCE: source
+	}
+
+	// Export ref to create dependency (wait for the check to finish)
+	ref: {
+		os.#File & {
+			from: ctr
+			path: "/ref"
+		}
+	}.contents @dagger(output)
+}