Skip to content

refactor: move internal packages to internal/ directory #9606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
+1,496 −1,450
Open

refactor: move internal packages to internal/ directory #9606

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ff8d12a
refactor: move internal packages from pkg/ to internal/ directory
knqyf263 Oct 7, 2025
0330e3b
refactor: update import paths for moved packages
knqyf263 Oct 7, 2025
1293801
refactor: update magefiles paths for moved packages
knqyf263 Oct 8, 2025
aba6d6f
refactor: move public API packages back to pkg/
knqyf263 Oct 8, 2025
d1320de
refactor: expose compliance API in pkg/compliance
knqyf263 Oct 8, 2025
8447d01
refactor: move k8s back to pkg/ as public API
knqyf263 Oct 8, 2025
4cddf9f
refactor: move policy back to pkg/ as public API
knqyf263 Oct 8, 2025
e7b9571
refactor: move iac/severity back to pkg/ as public API
knqyf263 Oct 8, 2025
1a0ddde
refactor: move iac/scanners/kubernetes back to pkg/ as public API
knqyf263 Oct 8, 2025
869a6b0
style: fix linter issues
knqyf263 Oct 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
4 changes: 2 additions & 2 deletions .golangci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ linters:
reason: "`aquasecurity/go-version` is designed for our use-cases"
- github.com/liamg/memoryfs:
recommendations:
- github.com/aquasecurity/trivy/pkg/mapfs
- github.com/aquasecurity/trivy/internal/mapfs
gosec:
excludes:
- G101
Expand Down Expand Up @@ -162,7 +162,7 @@ linters:
exclusions:
generated: lax
paths:
- "pkg/iac/scanners/terraform/parser/funcs" # copies of Terraform functions
- "internal/iac/scanners/terraform/parser/funcs" # copies of Terraform functions
rules:
- path: ".*_test.go$"
linters:
Expand Down
8 changes: 4 additions & 4 deletions integration/integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@ import (
"github.com/xeipuuv/gojsonschema"

"github.com/aquasecurity/trivy-db/pkg/metadata"
"github.com/aquasecurity/trivy/internal/clock"
"github.com/aquasecurity/trivy/internal/db"
"github.com/aquasecurity/trivy/internal/dbtest"
"github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/clock"
"github.com/aquasecurity/trivy/internal/uuid"
"github.com/aquasecurity/trivy/internal/vex/repo"
"github.com/aquasecurity/trivy/pkg/commands"
"github.com/aquasecurity/trivy/pkg/db"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/uuid"
"github.com/aquasecurity/trivy/pkg/vex/repo"

_ "modernc.org/sqlite"
)
Expand Down
0 pkg/attestation/attestation.go → internal/attestation/attestation.go
View file
Open in desktop
File renamed without changes.
2 changes: 1 addition & 1 deletion pkg/attestation/attestation_test.go → internal/attestation/attestation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
"github.com/stretchr/testify/require"

"github.com/aquasecurity/trivy/pkg/attestation"
"github.com/aquasecurity/trivy/internal/attestation"
)

func TestStatement_UnmarshalJSON(t *testing.T) {
Expand Down
4 changes: 2 additions & 2 deletions pkg/attestation/sbom/rekor.go → internal/attestation/sbom/rekor.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ import (
"github.com/samber/lo"
"golang.org/x/xerrors"

"github.com/aquasecurity/trivy/pkg/attestation"
"github.com/aquasecurity/trivy/internal/attestation"
"github.com/aquasecurity/trivy/internal/rekor"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/rekor"
)

var ErrNoSBOMAttestation = xerrors.New("no SBOM attestation found")
Expand Down
4 changes: 2 additions & 2 deletions pkg/attestation/sbom/rekor_test.go → internal/attestation/sbom/rekor_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/aquasecurity/trivy/pkg/attestation/sbom"
"github.com/aquasecurity/trivy/internal/attestation/sbom"
"github.com/aquasecurity/trivy/internal/rekortest"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/rekortest"
)

func TestRekor_RetrieveSBOM(t *testing.T) {
Expand Down
0 pkg/attestation/testdata/attestation.json → ...nal/attestation/testdata/attestation.json
View file
Open in desktop
File renamed without changes.
0 pkg/clock/clock.go → internal/clock/clock.go
View file
Open in desktop
File renamed without changes.
0 pkg/cloud/aws/config/config.go → internal/cloud/aws/config/config.go
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trivy-aws uses this package - https://github.com/aquasecurity/trivy-aws/blob/6e28982904fb3a988cfdfcd41a63ac0caac6e8d4/pkg/commands/run.go#L32

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default settings and trivial logic are used to load the AWS config, so I think it can be reimplemented in trivy-aws.

File renamed without changes.
9 changes: 8 additions & 1 deletion pkg/compliance/report/json.go → internal/compliance/report/json.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ import (
"io"

"golang.org/x/xerrors"

compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
)

const (
allReport = "all"
summaryReport = "summary"
)

type JSONWriter struct {
Expand All @@ -14,7 +21,7 @@ type JSONWriter struct {
}

// Write writes the results in JSON format
func (jw JSONWriter) Write(report *ComplianceReport) error {
func (jw JSONWriter) Write(report *compliance.Report) error {
var output []byte
var err error

Expand Down
9 changes: 5 additions & 4 deletions pkg/compliance/report/json_test.go → internal/compliance/report/json_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,17 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/aquasecurity/trivy/pkg/compliance/report"
"github.com/aquasecurity/trivy/internal/compliance/report"
compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
"github.com/aquasecurity/trivy/pkg/types"
)

func TestJSONWriter_Write(t *testing.T) {
input := &report.ComplianceReport{
input := &compliance.Report{
ID: "1234",
Title: "NSA",
RelatedResources: []string{"https://example.com"},
Results: []*report.ControlCheckResult{
Results: []*compliance.ControlCheckResult{
{
ID: "1.0",
Name: "Non-root containers",
Expand Down Expand Up @@ -55,7 +56,7 @@ func TestJSONWriter_Write(t *testing.T) {
tests := []struct {
name string
reportType string
input *report.ComplianceReport
input *compliance.Report
want string
}{
{
Expand Down
40 changes: 40 additions & 0 deletions internal/compliance/report/report.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package report

import (
ctypes "github.com/aquasecurity/trivy/pkg/compliance/types"
iacTypes "github.com/aquasecurity/trivy/pkg/iac/types"
"github.com/aquasecurity/trivy/pkg/types"
)

// BuildComplianceReportResults create compliance results data
func BuildComplianceReportResults(checksMap map[string]types.Results, s iacTypes.Spec) *ctypes.Report {
controlCheckResult := buildControlCheckResults(checksMap, s.Controls)
return &ctypes.Report{
ID: s.ID,
Title: s.Title,
Description: s.Description,
Version: s.Version,
RelatedResources: s.RelatedResources,
Results: controlCheckResult,
}
}

// buildControlCheckResults create compliance results data
func buildControlCheckResults(checksMap map[string]types.Results, controls []iacTypes.Control) []*ctypes.ControlCheckResult {
var complianceResults []*ctypes.ControlCheckResult
for _, control := range controls {
var results types.Results
for _, c := range control.Checks {
results = append(results, checksMap[c.ID]...)
}
complianceResults = append(complianceResults, &ctypes.ControlCheckResult{
Name: control.Name,
ID: control.ID,
Description: control.Description,
Severity: string(control.Severity),
DefaultStatus: control.DefaultStatus,
Results: results,
})
}
return complianceResults
}
16 changes: 8 additions & 8 deletions pkg/compliance/report/report_test.go → internal/compliance/report/report_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ import (

dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/compliance/report"
"github.com/aquasecurity/trivy/pkg/compliance/spec"
cm "github.com/aquasecurity/trivy/pkg/compliance"
compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
iacTypes "github.com/aquasecurity/trivy/pkg/iac/types"
"github.com/aquasecurity/trivy/pkg/types"
Expand All @@ -18,12 +18,12 @@ import (
func TestBuildComplianceReport(t *testing.T) {
type args struct {
scanResults []types.Results
cs spec.ComplianceSpec
cs compliance.Spec
}
tests := []struct {
name string
args args
want *report.ComplianceReport
want *compliance.Report
wantErr assert.ErrorAssertionFunc
}{
{
Expand Down Expand Up @@ -96,7 +96,7 @@ func TestBuildComplianceReport(t *testing.T) {
},
},
},
cs: spec.ComplianceSpec{
cs: compliance.Spec{
Spec: iacTypes.Spec{
ID: "1234",
Title: "NSA",
Expand Down Expand Up @@ -137,15 +137,15 @@ func TestBuildComplianceReport(t *testing.T) {
},
},
},
want: &report.ComplianceReport{
want: &compliance.Report{
ID: "1234",
Title: "NSA",
Description: "National Security Agency - Kubernetes Hardening Guidance",
Version: "1.0",
RelatedResources: []string{
"https://example.com",
},
Results: []*report.ControlCheckResult{
Results: []*compliance.ControlCheckResult{
{
ID: "1.0",
Name: "Non-root containers",
Expand Down Expand Up @@ -231,7 +231,7 @@ func TestBuildComplianceReport(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := report.BuildComplianceReport(tt.args.scanResults, tt.args.cs)
got, err := cm.BuildReport(tt.args.scanResults, tt.args.cs)
if !tt.wantErr(t, err, fmt.Sprintf("BuildComplianceReport(%v, %v)", tt.args.scanResults, tt.args.cs)) {
return
}
Expand Down
13 changes: 7 additions & 6 deletions pkg/compliance/report/summary.go → internal/compliance/report/summary.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,13 @@ import (
"golang.org/x/xerrors"

"github.com/aquasecurity/table"
compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
)

func BuildSummary(cr *ComplianceReport) *SummaryReport {
var ccma []ControlCheckSummary
func BuildSummary(cr *compliance.Report) *compliance.SummaryReport {
var ccma []compliance.ControlCheckSummary
for _, control := range cr.Results {
ccm := ControlCheckSummary{
ccm := compliance.ControlCheckSummary{
ID: control.ID,
Name: control.Name,
Severity: control.Severity,
Expand All @@ -25,7 +26,7 @@ func BuildSummary(cr *ComplianceReport) *SummaryReport {
}
ccma = append(ccma, ccm)
}
return &SummaryReport{
return &compliance.SummaryReport{
ID: cr.ID,
Title: cr.Title,
SummaryControls: ccma,
Expand All @@ -43,7 +44,7 @@ func NewSummaryWriter(output io.Writer) SummaryWriter {
}

// Write writes the results in a summarized table format
func (s SummaryWriter) Write(report *ComplianceReport) error {
func (s SummaryWriter) Write(report *compliance.Report) error {
if _, err := fmt.Fprintln(s.Output); err != nil {
return xerrors.Errorf("failed to write summary report: %w", err)
}
Expand Down Expand Up @@ -76,7 +77,7 @@ func (s SummaryWriter) columns() []string {
}
}

func (s SummaryWriter) generateSummary(summaryControls ControlCheckSummary) []string {
func (s SummaryWriter) generateSummary(summaryControls compliance.ControlCheckSummary) []string {
// "-" means manual checks
numOfIssues := "-"
status := "-"
Expand Down
23 changes: 12 additions & 11 deletions pkg/compliance/report/summary_test.go → internal/compliance/report/summary_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,26 @@ import (
"github.com/samber/lo"
"github.com/stretchr/testify/assert"

"github.com/aquasecurity/trivy/pkg/compliance/report"
"github.com/aquasecurity/trivy/internal/compliance/report"
compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
"github.com/aquasecurity/trivy/pkg/types"
)

func TestBuildSummary(t *testing.T) {
tests := []struct {
name string
reportType string
input *report.ComplianceReport
want *report.SummaryReport
input *compliance.Report
want *compliance.SummaryReport
}{
{
name: "build report summary config only",
reportType: "summary",
input: &report.ComplianceReport{
input: &compliance.Report{
ID: "1234",
Title: "NSA",
RelatedResources: []string{"https://example.com"},
Results: []*report.ControlCheckResult{
Results: []*compliance.ControlCheckResult{
{
ID: "1.0",
Name: "Non-root containers",
Expand Down Expand Up @@ -57,11 +58,11 @@ func TestBuildSummary(t *testing.T) {
},
},
},
want: &report.SummaryReport{
want: &compliance.SummaryReport{
SchemaVersion: 0,
ID: "1234",
Title: "NSA",
SummaryControls: []report.ControlCheckSummary{
SummaryControls: []compliance.ControlCheckSummary{
{
ID: "1.0",
Name: "Non-root containers",
Expand All @@ -80,11 +81,11 @@ func TestBuildSummary(t *testing.T) {
{
name: "build full json output report",
reportType: "all",
input: &report.ComplianceReport{
input: &compliance.Report{
ID: "1234",
Title: "NSA",
RelatedResources: []string{"https://example.com"},
Results: []*report.ControlCheckResult{
Results: []*compliance.ControlCheckResult{
{
ID: "1.0",
Name: "Non-root containers",
Expand Down Expand Up @@ -130,11 +131,11 @@ func TestBuildSummary(t *testing.T) {
},
},
},
want: &report.SummaryReport{
want: &compliance.SummaryReport{
SchemaVersion: 0,
ID: "1234",
Title: "NSA",
SummaryControls: []report.ControlCheckSummary{
SummaryControls: []compliance.ControlCheckSummary{
{
ID: "1.0",
Name: "Non-root containers",
Expand Down
3 changes: 2 additions & 1 deletion pkg/compliance/report/table.go → internal/compliance/report/table.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"golang.org/x/xerrors"

dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
pkgReport "github.com/aquasecurity/trivy/pkg/report/table"
"github.com/aquasecurity/trivy/pkg/types"
)
Expand All @@ -26,7 +27,7 @@ const (
IssuesColumn = "Issues"
)

func (tw TableWriter) Write(ctx context.Context, report *ComplianceReport) error {
func (tw TableWriter) Write(ctx context.Context, report *compliance.Report) error {
switch tw.Report {
case allReport:
t := pkgReport.NewWriter(pkgReport.Options{
Expand Down
9 changes: 5 additions & 4 deletions pkg/compliance/report/table_test.go → internal/compliance/report/table_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/aquasecurity/trivy/pkg/compliance/report"
"github.com/aquasecurity/trivy/internal/compliance/report"
compliance "github.com/aquasecurity/trivy/pkg/compliance/types"
"github.com/aquasecurity/trivy/pkg/types"
)

Expand All @@ -18,17 +19,17 @@ func TestTableWriter_Write(t *testing.T) {
tests := []struct {
name string
reportType string
input *report.ComplianceReport
input *compliance.Report
want string
}{
{
name: "build summary table",
reportType: "summary",
input: &report.ComplianceReport{
input: &compliance.Report{
ID: "1234",
Title: "NSA",
RelatedResources: []string{"https://example.com"},
Results: []*report.ControlCheckResult{
Results: []*compliance.ControlCheckResult{
{
ID: "1.0",
Name: "Non-root containers",
Expand Down
0 pkg/compliance/report/testdata/all.json → internal/compliance/report/testdata/all.json
View file
Open in desktop
File renamed without changes.
0 pkg/compliance/report/testdata/summary.json → ...l/compliance/report/testdata/summary.json
View file
Open in desktop
File renamed without changes.
Loading
Loading