@sanity-labs/backstage-plugin-trivy-backend 0.0.1

package/README.md

@@ -0,0 +1,114 @@
+# Trivy Backend Plugin
+
+This backend plugin integrates Trivy security scan results from Google Cloud Storage into Backstage.
+
+## Features
+
+- Fetches Trivy scan results from GCS bucket (`sanity-trivy-logs`)
+- Parses filesystem and image scan outputs
+- Provides REST API endpoints for security findings
+- Links findings to CircleCI builds and GitHub PRs
+
+## API Endpoints
+
+### `GET /api/trivy/health`
+Health check endpoint.
+
+### `GET /api/trivy/scans`
+Returns all security scans sorted by timestamp (newest first).
+
+Response:
+```json
+[
+  {
+    "repo": "alert-relay",
+    "branch": "add-ci",
+    "scanId": "2627705d-5a14-4d61-ae79-e9ec457b851c",
+    "timestamp": "2024-01-15T10:30:00Z",
+    "metadata": {
+      "circleciUrl": "https://circleci.com/gh/sanity-io/alert-relay/9",
+      "githubPr": "https://github.com/sanity-io/alert-relay/pull/4",
+      "gitCommit": "6e0858eab194dcab5235b4ef41165f80c7a9dd45",
+      "committer": "obliadp"
+    },
+    "findings": [
+      {
+        "file": "deploy/base/deployment.yaml",
+        "severity": "HIGH",
+        "title": "Container should set securityContext.readOnlyRootFilesystem",
+        "description": "An immutable root file system prevents...",
+        "lines": "18-62",
+        "avdId": "https://avd.aquasec.com/misconfig/ksv014"
+      }
+    ]
+  }
+]
+```
+
+### `GET /api/trivy/scans/:repo/:branch/:scanId`
+Returns a specific scan by repo, branch, and scan ID.
+
+### `GET /api/trivy/scans/:repo/latest`
+Returns the latest scan for a specific repository.
+
+## Setup
+
+1. Ensure you have access to the `sanity-trivy-logs` GCS bucket
+2. Configure GCP credentials for the Backstage backend
+3. Add the plugin to your backend in `packages/backend/src/index.ts`:
+
+```typescript
+import trivy from '@internal/backstage-plugin-trivy-backend';
+
+const backend = createBackend();
+backend.add(trivy());
+backend.start();
+```
+
+## Configuration
+
+### app-config.yaml
+
+```yaml
+trivy:
+  # GCS bucket name (default: sanity-trivy-logs)
+  bucketName: sanity-trivy-logs
+
+  # Backend cache time in minutes (default: 5)
+  # How long to cache GCS responses in memory
+  cacheTime: 5
+
+  # Severity filter (default: CRITICAL, HIGH, MEDIUM)
+  severityFilter:
+    - CRITICAL
+    - HIGH
+    - MEDIUM
+```
+
+### GCP Authentication
+
+The plugin uses Google Cloud Storage with Application Default Credentials. Ensure your Backstage backend has appropriate GCP credentials configured.
+
+### Caching
+
+The backend implements in-memory caching to reduce GCS API calls:
+
+- Caches all API responses for the configured `cacheTime` duration
+- Cache keys are based on endpoint parameters
+- Cache stats available via `/api/trivy/health` endpoint
+- Automatic cache invalidation after TTL expires
+
+```json
+// GET /api/trivy/health response
+{
+  "status": "ok",
+  "cache": {
+    "size": 3,
+    "keys": ["all-scans", "latest-alert-relay", "scan-alert-relay-main-abc123"]
+  },
+  "config": {
+    "bucketName": "sanity-trivy-logs",
+    "cacheTime": 5
+  }
+}
+```

package/dist/index.cjs.js

@@ -0,0 +1,325 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var backendPluginApi = require('@backstage/backend-plugin-api');
+var backendCommon = require('@backstage/backend-common');
+var express = require('express');
+var Router = require('express-promise-router');
+var storage = require('@google-cloud/storage');
+
+function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
+
+var express__default = /*#__PURE__*/_interopDefaultLegacy(express);
+var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
+
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+class CacheManager {
+  constructor(ttlMinutes = 5, logger) {
+    __publicField(this, "cache");
+    __publicField(this, "ttlMs");
+    __publicField(this, "logger");
+    this.cache = /* @__PURE__ */ new Map();
+    this.ttlMs = ttlMinutes * 60 * 1e3;
+    this.logger = logger;
+  }
+  get(key) {
+    const entry = this.cache.get(key);
+    if (!entry) {
+      return null;
+    }
+    const age = Date.now() - entry.timestamp;
+    if (age > this.ttlMs) {
+      this.cache.delete(key);
+      this.logger.debug(`Cache miss (expired): ${key}`);
+      return null;
+    }
+    this.logger.debug(`Cache hit: ${key}`);
+    return entry.data;
+  }
+  set(key, data) {
+    this.cache.set(key, {
+      data,
+      timestamp: Date.now()
+    });
+    this.logger.debug(`Cache set: ${key}`);
+  }
+  has(key) {
+    const entry = this.cache.get(key);
+    if (!entry)
+      return false;
+    const age = Date.now() - entry.timestamp;
+    if (age > this.ttlMs) {
+      this.cache.delete(key);
+      return false;
+    }
+    return true;
+  }
+  clear() {
+    this.cache.clear();
+    this.logger.info("Cache cleared");
+  }
+  size() {
+    return this.cache.size;
+  }
+  stats() {
+    return {
+      size: this.cache.size,
+      keys: Array.from(this.cache.keys())
+    };
+  }
+}
+
+function parseMetadata(content) {
+  var _a, _b, _c, _d;
+  const lines = content.split("\n");
+  const metadata = {};
+  for (const line of lines) {
+    if (line.startsWith("CircleCI Build URL:")) {
+      metadata.circleciUrl = ((_a = line.split(":", 2)[1]) == null ? void 0 : _a.trim()) || void 0;
+    } else if (line.startsWith("GitHub PR:")) {
+      metadata.githubPr = ((_b = line.split(":", 2)[1]) == null ? void 0 : _b.trim()) || void 0;
+    } else if (line.startsWith("Git Commit:")) {
+      metadata.gitCommit = ((_c = line.split(":", 2)[1]) == null ? void 0 : _c.trim()) || void 0;
+    } else if (line.startsWith("Committer:")) {
+      metadata.committer = ((_d = line.split(":", 2)[1]) == null ? void 0 : _d.trim()) || void 0;
+    }
+  }
+  return metadata;
+}
+function parseTrivyOutput(content) {
+  const findings = [];
+  const sections = content.split(/\n(?=[^\s])/);
+  let currentFile = "";
+  for (const section of sections) {
+    const fileMatch = section.match(/^(.+)\s+\((\w+)\)\s*\n={40}/);
+    if (fileMatch) {
+      currentFile = fileMatch[1];
+      continue;
+    }
+    const severityMatch = section.match(/^(CRITICAL|HIGH|MEDIUM|LOW|UNKNOWN):\s+(.+)/);
+    if (severityMatch && currentFile) {
+      const severity = severityMatch[1];
+      const title = severityMatch[2];
+      const descMatch = section.match(/═{40}\n([\s\S]+?)\n(?:See|─{40})/);
+      const description = descMatch ? descMatch[1].trim() : "";
+      const avdMatch = section.match(/See\s+(https:\/\/avd\.aquasec\.com\/[^\s]+)/);
+      const avdId = avdMatch ? avdMatch[1] : void 0;
+      const linesMatch = section.match(/─{40}\n\s*(.+?):(\d+)-(\d+)/);
+      const lines = linesMatch ? `${linesMatch[2]}-${linesMatch[3]}` : "";
+      findings.push({
+        file: currentFile,
+        severity,
+        title,
+        description,
+        lines,
+        avdId
+      });
+    }
+  }
+  return findings;
+}
+function getBackendConfig(config) {
+  const trivyConfig = config == null ? void 0 : config.getOptionalConfig("trivy");
+  return {
+    bucketName: (trivyConfig == null ? void 0 : trivyConfig.getOptionalString("bucketName")) || "sanity-trivy-logs",
+    cacheTime: (trivyConfig == null ? void 0 : trivyConfig.getOptionalNumber("cacheTime")) || 5
+  };
+}
+async function createRouter(options) {
+  const { logger, config } = options;
+  const router = Router__default["default"]();
+  router.use(express__default["default"].json());
+  const backendConfig = getBackendConfig(config);
+  const storage$1 = new storage.Storage();
+  const bucketName = backendConfig.bucketName;
+  const cache = new CacheManager(backendConfig.cacheTime, logger);
+  router.get("/health", (_, response) => {
+    logger.info("PONG!");
+    response.json({
+      status: "ok",
+      cache: cache.stats(),
+      config: {
+        bucketName,
+        cacheTime: backendConfig.cacheTime
+      }
+    });
+  });
+  router.get("/scans", async (_, response) => {
+    try {
+      const cacheKey = "all-scans";
+      const cached = cache.get(cacheKey);
+      if (cached) {
+        logger.info("Returning cached scans");
+        response.json(cached);
+        return;
+      }
+      const [files] = await storage$1.bucket(bucketName).getFiles({
+        prefix: "repos/"
+      });
+      const scans = /* @__PURE__ */ new Map();
+      for (const file of files) {
+        const pathParts = file.name.split("/");
+        if (pathParts.length < 4)
+          continue;
+        const repo = pathParts[1];
+        const branch = pathParts[2];
+        const scanId = pathParts[3];
+        const fileName = pathParts[4];
+        const key = `${repo}/${branch}/${scanId}`;
+        if (!scans.has(key)) {
+          scans.set(key, {
+            repo,
+            branch,
+            scanId,
+            metadata: {},
+            findings: [],
+            timestamp: file.metadata.timeCreated ? new Date(file.metadata.timeCreated) : /* @__PURE__ */ new Date()
+          });
+        }
+        const scan = scans.get(key);
+        if (fileName === "trivy-metadata.txt") {
+          const [content] = await file.download();
+          scan.metadata = parseMetadata(content.toString());
+        } else if (fileName === "trivy-fs-output.txt" || fileName === "trivy-image-output.txt") {
+          const [content] = await file.download();
+          const findings = parseTrivyOutput(content.toString());
+          scan.findings.push(...findings);
+        }
+      }
+      const scanArray = Array.from(scans.values()).sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());
+      cache.set(cacheKey, scanArray);
+      response.json(scanArray);
+    } catch (error) {
+      logger.error("Error fetching scans:", error);
+      response.status(500).json({ error: "Failed to fetch scans" });
+    }
+  });
+  router.get("/scans/:repo/:branch/:scanId", async (request, response) => {
+    try {
+      const { repo, branch, scanId } = request.params;
+      const cacheKey = `scan-${repo}-${branch}-${scanId}`;
+      const cached = cache.get(cacheKey);
+      if (cached) {
+        logger.info(`Returning cached scan: ${cacheKey}`);
+        response.json(cached);
+        return;
+      }
+      const prefix = `repos/${repo}/${branch}/${scanId}/`;
+      const [files] = await storage$1.bucket(bucketName).getFiles({ prefix });
+      const scan = {
+        repo,
+        branch,
+        scanId,
+        metadata: {},
+        findings: [],
+        timestamp: /* @__PURE__ */ new Date()
+      };
+      for (const file of files) {
+        const fileName = file.name.split("/").pop();
+        if (fileName === "trivy-metadata.txt") {
+          const [content] = await file.download();
+          scan.metadata = parseMetadata(content.toString());
+        } else if (fileName === "trivy-fs-output.txt" || fileName === "trivy-image-output.txt") {
+          const [content] = await file.download();
+          scan.findings.push(...parseTrivyOutput(content.toString()));
+        }
+        if (file.metadata.timeCreated) {
+          scan.timestamp = new Date(file.metadata.timeCreated);
+        }
+      }
+      cache.set(cacheKey, scan);
+      response.json(scan);
+    } catch (error) {
+      logger.error("Error fetching scan:", error);
+      response.status(500).json({ error: "Failed to fetch scan" });
+    }
+  });
+  router.get("/scans/:repo/latest", async (request, response) => {
+    try {
+      const { repo } = request.params;
+      const cacheKey = `latest-${repo}`;
+      const cached = cache.get(cacheKey);
+      if (cached) {
+        logger.info(`Returning cached latest scan: ${cacheKey}`);
+        response.json(cached);
+        return;
+      }
+      const prefix = `repos/${repo}/`;
+      const [files] = await storage$1.bucket(bucketName).getFiles({ prefix });
+      const scans = /* @__PURE__ */ new Map();
+      for (const file of files) {
+        const pathParts = file.name.split("/");
+        if (pathParts.length < 5)
+          continue;
+        const branch = pathParts[2];
+        const scanId = pathParts[3];
+        const fileName = pathParts[4];
+        const key = `${repo}/${branch}/${scanId}`;
+        if (!scans.has(key)) {
+          scans.set(key, {
+            repo,
+            branch,
+            scanId,
+            metadata: {},
+            findings: [],
+            timestamp: file.metadata.timeCreated ? new Date(file.metadata.timeCreated) : /* @__PURE__ */ new Date()
+          });
+        }
+        const scan = scans.get(key);
+        if (fileName === "trivy-metadata.txt") {
+          const [content] = await file.download();
+          scan.metadata = parseMetadata(content.toString());
+        } else if (fileName === "trivy-fs-output.txt" || fileName === "trivy-image-output.txt") {
+          const [content] = await file.download();
+          scan.findings.push(...parseTrivyOutput(content.toString()));
+        }
+      }
+      const latestScan = Array.from(scans.values()).sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime())[0];
+      if (!latestScan) {
+        response.status(404).json({ error: "No scans found for repo" });
+        return;
+      }
+      cache.set(cacheKey, latestScan);
+      response.json(latestScan);
+    } catch (error) {
+      logger.error("Error fetching latest scan:", error);
+      response.status(500).json({ error: "Failed to fetch latest scan" });
+    }
+  });
+  router.use(backendCommon.errorHandler());
+  return router;
+}
+
+const trivyPlugin = backendPluginApi.createBackendPlugin({
+  pluginId: "trivy",
+  register(env) {
+    env.registerInit({
+      deps: {
+        httpRouter: backendPluginApi.coreServices.httpRouter,
+        logger: backendPluginApi.coreServices.logger,
+        config: backendPluginApi.coreServices.rootConfig
+      },
+      async init({ httpRouter, logger, config }) {
+        httpRouter.use(
+          await createRouter({
+            logger,
+            config
+          })
+        );
+        httpRouter.addAuthPolicy({
+          path: "/health",
+          allow: "unauthenticated"
+        });
+      }
+    });
+  }
+});
+
+exports["default"] = trivyPlugin;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs.js","sources":["../src/service/cache.ts","../src/service/router.ts","../src/plugin.ts"],"sourcesContent":["import { LoggerService } from '@backstage/backend-plugin-api';\n\ninterface CacheEntry<T> {\n  data: T;\n  timestamp: number;\n}\n\nexport class CacheManager {\n  private cache: Map<string, CacheEntry<any>>;\n  private ttlMs: number;\n  private logger: LoggerService;\n\n  constructor(ttlMinutes: number = 5, logger: LoggerService) {\n    this.cache = new Map();\n    this.ttlMs = ttlMinutes * 60 * 1000;\n    this.logger = logger;\n  }\n\n  get<T>(key: string): T | null {\n    const entry = this.cache.get(key);\n\n    if (!entry) {\n      return null;\n    }\n\n    const age = Date.now() - entry.timestamp;\n\n    if (age > this.ttlMs) {\n      this.cache.delete(key);\n      this.logger.debug(`Cache miss (expired): ${key}`);\n      return null;\n    }\n\n    this.logger.debug(`Cache hit: ${key}`);\n    return entry.data as T;\n  }\n\n  set<T>(key: string, data: T): void {\n    this.cache.set(key, {\n      data,\n      timestamp: Date.now(),\n    });\n    this.logger.debug(`Cache set: ${key}`);\n  }\n\n  has(key: string): boolean {\n    const entry = this.cache.get(key);\n    if (!entry) return false;\n\n    const age = Date.now() - entry.timestamp;\n    if (age > this.ttlMs) {\n      this.cache.delete(key);\n      return false;\n    }\n\n    return true;\n  }\n\n  clear(): void {\n    this.cache.clear();\n    this.logger.info('Cache cleared');\n  }\n\n  size(): number {\n    return this.cache.size;\n  }\n\n  stats(): { size: number; keys: string[] } {\n    return {\n      size: this.cache.size,\n      keys: Array.from(this.cache.keys()),\n    };\n  }\n}\n","import { errorHandler } from '@backstage/backend-common';\nimport { LoggerService } from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport { Storage } from '@google-cloud/storage';\nimport { CacheManager } from './cache';\n\nexport interface RouterOptions {\n  logger: LoggerService;\n  config?: Config;\n}\n\ninterface TrivyBackendConfig {\n  bucketName: string;\n  cacheTime: number;\n}\n\ninterface TrivyMetadata {\n  circleciUrl?: string;\n  githubPr?: string;\n  gitCommit?: string;\n  committer?: string;\n}\n\ninterface TrivyFinding {\n  file: string;\n  severity: string;\n  title: string;\n  description: string;\n  lines: string;\n  avdId?: string;\n}\n\ninterface TrivyScanResult {\n  repo: string;\n  branch: string;\n  scanId: string;\n  metadata: TrivyMetadata;\n  findings: TrivyFinding[];\n  timestamp: Date;\n}\n\nfunction parseMetadata(content: string): TrivyMetadata {\n  const lines = content.split('\\n');\n  const metadata: TrivyMetadata = {};\n\n  for (const line of lines) {\n    if (line.startsWith('CircleCI Build URL:')) {\n      metadata.circleciUrl = line.split(':', 2)[1]?.trim() || undefined;\n    } else if (line.startsWith('GitHub PR:')) {\n      metadata.githubPr = line.split(':', 2)[1]?.trim() || undefined;\n    } else if (line.startsWith('Git Commit:')) {\n      metadata.gitCommit = line.split(':', 2)[1]?.trim() || undefined;\n    } else if (line.startsWith('Committer:')) {\n      metadata.committer = line.split(':', 2)[1]?.trim() || undefined;\n    }\n  }\n\n  return metadata;\n}\n\nfunction parseTrivyOutput(content: string): TrivyFinding[] {\n  const findings: TrivyFinding[] = [];\n  const sections = content.split(/\\n(?=[^\\s])/);\n\n  let currentFile = '';\n\n  for (const section of sections) {\n    // Check if this is a file header\n    const fileMatch = section.match(/^(.+)\\s+\\((\\w+)\\)\\s*\\n={40}/);\n    if (fileMatch) {\n      currentFile = fileMatch[1];\n      continue;\n    }\n\n    // Check if this is a finding\n    const severityMatch = section.match(/^(CRITICAL|HIGH|MEDIUM|LOW|UNKNOWN):\\s+(.+)/);\n    if (severityMatch && currentFile) {\n      const severity = severityMatch[1];\n      const title = severityMatch[2];\n\n      // Extract description\n      const descMatch = section.match(/═{40}\\n([\\s\\S]+?)\\n(?:See|─{40})/);\n      const description = descMatch ? descMatch[1].trim() : '';\n\n      // Extract AVD ID\n      const avdMatch = section.match(/See\\s+(https:\\/\\/avd\\.aquasec\\.com\\/[^\\s]+)/);\n      const avdId = avdMatch ? avdMatch[1] : undefined;\n\n      // Extract line numbers\n      const linesMatch = section.match(/─{40}\\n\\s*(.+?):(\\d+)-(\\d+)/);\n      const lines = linesMatch ? `${linesMatch[2]}-${linesMatch[3]}` : '';\n\n      findings.push({\n        file: currentFile,\n        severity,\n        title,\n        description,\n        lines,\n        avdId,\n      });\n    }\n  }\n\n  return findings;\n}\n\nfunction getBackendConfig(config?: Config): TrivyBackendConfig {\n  const trivyConfig = config?.getOptionalConfig('trivy');\n  return {\n    bucketName: trivyConfig?.getOptionalString('bucketName') || 'sanity-trivy-logs',\n    cacheTime: trivyConfig?.getOptionalNumber('cacheTime') || 5,\n  };\n}\n\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const { logger, config } = options;\n  const router = Router();\n  router.use(express.json());\n\n  const backendConfig = getBackendConfig(config);\n  const storage = new Storage();\n  const bucketName = backendConfig.bucketName;\n  const cache = new CacheManager(backendConfig.cacheTime, logger);\n\n  router.get('/health', (_, response) => {\n    logger.info('PONG!');\n    response.json({\n      status: 'ok',\n      cache: cache.stats(),\n      config: {\n        bucketName,\n        cacheTime: backendConfig.cacheTime,\n      },\n    });\n  });\n\n  // Get all scans\n  router.get('/scans', async (_, response) => {\n    try {\n      const cacheKey = 'all-scans';\n      const cached = cache.get<TrivyScanResult[]>(cacheKey);\n\n      if (cached) {\n        logger.info('Returning cached scans');\n        response.json(cached);\n        return;\n      }\n\n      const [files] = await storage.bucket(bucketName).getFiles({\n        prefix: 'repos/',\n      });\n\n      const scans = new Map<string, TrivyScanResult>();\n\n      for (const file of files) {\n        const pathParts = file.name.split('/');\n        if (pathParts.length < 4) continue;\n\n        const repo = pathParts[1];\n        const branch = pathParts[2];\n        const scanId = pathParts[3];\n        const fileName = pathParts[4];\n\n        const key = `${repo}/${branch}/${scanId}`;\n\n        if (!scans.has(key)) {\n          scans.set(key, {\n            repo,\n            branch,\n            scanId,\n            metadata: {},\n            findings: [],\n            timestamp: file.metadata.timeCreated\n              ? new Date(file.metadata.timeCreated)\n              : new Date(),\n          });\n        }\n\n        const scan = scans.get(key)!;\n\n        if (fileName === 'trivy-metadata.txt') {\n          const [content] = await file.download();\n          scan.metadata = parseMetadata(content.toString());\n        } else if (fileName === 'trivy-fs-output.txt' || fileName === 'trivy-image-output.txt') {\n          const [content] = await file.download();\n          const findings = parseTrivyOutput(content.toString());\n          scan.findings.push(...findings);\n        }\n      }\n\n      const scanArray = Array.from(scans.values())\n        .sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());\n\n      cache.set(cacheKey, scanArray);\n      response.json(scanArray);\n    } catch (error) {\n      logger.error('Error fetching scans:', error as Error);\n      response.status(500).json({ error: 'Failed to fetch scans' });\n    }\n  });\n\n  // Get scan by ID\n  router.get('/scans/:repo/:branch/:scanId', async (request, response) => {\n    try {\n      const { repo, branch, scanId } = request.params;\n      const cacheKey = `scan-${repo}-${branch}-${scanId}`;\n      const cached = cache.get<TrivyScanResult>(cacheKey);\n\n      if (cached) {\n        logger.info(`Returning cached scan: ${cacheKey}`);\n        response.json(cached);\n        return;\n      }\n\n      const prefix = `repos/${repo}/${branch}/${scanId}/`;\n\n      const [files] = await storage.bucket(bucketName).getFiles({ prefix });\n\n      const scan: TrivyScanResult = {\n        repo,\n        branch,\n        scanId,\n        metadata: {},\n        findings: [],\n        timestamp: new Date(),\n      };\n\n      for (const file of files) {\n        const fileName = file.name.split('/').pop();\n\n        if (fileName === 'trivy-metadata.txt') {\n          const [content] = await file.download();\n          scan.metadata = parseMetadata(content.toString());\n        } else if (fileName === 'trivy-fs-output.txt' || fileName === 'trivy-image-output.txt') {\n          const [content] = await file.download();\n          scan.findings.push(...parseTrivyOutput(content.toString()));\n        }\n\n        if (file.metadata.timeCreated) {\n          scan.timestamp = new Date(file.metadata.timeCreated);\n        }\n      }\n\n      cache.set(cacheKey, scan);\n      response.json(scan);\n    } catch (error) {\n      logger.error('Error fetching scan:', error as Error);\n      response.status(500).json({ error: 'Failed to fetch scan' });\n    }\n  });\n\n  // Get latest scan for a repo\n  router.get('/scans/:repo/latest', async (request, response) => {\n    try {\n      const { repo } = request.params;\n      const cacheKey = `latest-${repo}`;\n      const cached = cache.get<TrivyScanResult>(cacheKey);\n\n      if (cached) {\n        logger.info(`Returning cached latest scan: ${cacheKey}`);\n        response.json(cached);\n        return;\n      }\n\n      const prefix = `repos/${repo}/`;\n\n      const [files] = await storage.bucket(bucketName).getFiles({ prefix });\n\n      const scans = new Map<string, TrivyScanResult>();\n\n      for (const file of files) {\n        const pathParts = file.name.split('/');\n        if (pathParts.length < 5) continue;\n\n        const branch = pathParts[2];\n        const scanId = pathParts[3];\n        const fileName = pathParts[4];\n\n        const key = `${repo}/${branch}/${scanId}`;\n\n        if (!scans.has(key)) {\n          scans.set(key, {\n            repo,\n            branch,\n            scanId,\n            metadata: {},\n            findings: [],\n            timestamp: file.metadata.timeCreated\n              ? new Date(file.metadata.timeCreated)\n              : new Date(),\n          });\n        }\n\n        const scan = scans.get(key)!;\n\n        if (fileName === 'trivy-metadata.txt') {\n          const [content] = await file.download();\n          scan.metadata = parseMetadata(content.toString());\n        } else if (fileName === 'trivy-fs-output.txt' || fileName === 'trivy-image-output.txt') {\n          const [content] = await file.download();\n          scan.findings.push(...parseTrivyOutput(content.toString()));\n        }\n      }\n\n      const latestScan = Array.from(scans.values())\n        .sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime())[0];\n\n      if (!latestScan) {\n        response.status(404).json({ error: 'No scans found for repo' });\n        return;\n      }\n\n      cache.set(cacheKey, latestScan);\n      response.json(latestScan);\n    } catch (error) {\n      logger.error('Error fetching latest scan:', error as Error);\n      response.status(500).json({ error: 'Failed to fetch latest scan' });\n    }\n  });\n\n  router.use(errorHandler() as any);\n  return router;\n}\n","import {\n  coreServices,\n  createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { createRouter } from './service/router';\n\nexport const trivyPlugin = createBackendPlugin({\n  pluginId: 'trivy',\n  register(env) {\n    env.registerInit({\n      deps: {\n        httpRouter: coreServices.httpRouter,\n        logger: coreServices.logger,\n        config: coreServices.rootConfig,\n      },\n      async init({ httpRouter, logger, config }) {\n        httpRouter.use(\n          await createRouter({\n            logger,\n            config,\n          }) as any,\n        );\n        httpRouter.addAuthPolicy({\n          path: '/health',\n          allow: 'unauthenticated',\n        });\n      },\n    });\n  },\n});\n"],"names":["Router","express","storage","Storage","errorHandler","createBackendPlugin","coreServices"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAOO,MAAM,YAAa,CAAA;AAAA,EAKxB,WAAA,CAAY,UAAqB,GAAA,CAAA,EAAG,MAAuB,EAAA;AAJ3D,IAAQ,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA,CAAA;AACR,IAAQ,aAAA,CAAA,IAAA,EAAA,OAAA,CAAA,CAAA;AACR,IAAQ,aAAA,CAAA,IAAA,EAAA,QAAA,CAAA,CAAA;AAGN,IAAK,IAAA,CAAA,KAAA,uBAAY,GAAI,EAAA,CAAA;AACrB,IAAK,IAAA,CAAA,KAAA,GAAQ,aAAa,EAAK,GAAA,GAAA,CAAA;AAC/B,IAAA,IAAA,CAAK,MAAS,GAAA,MAAA,CAAA;AAAA,GAChB;AAAA,EAEA,IAAO,GAAuB,EAAA;AAC5B,IAAA,MAAM,KAAQ,GAAA,IAAA,CAAK,KAAM,CAAA,GAAA,CAAI,GAAG,CAAA,CAAA;AAEhC,IAAA,IAAI,CAAC,KAAO,EAAA;AACV,MAAO,OAAA,IAAA,CAAA;AAAA,KACT;AAEA,IAAA,MAAM,GAAM,GAAA,IAAA,CAAK,GAAI,EAAA,GAAI,KAAM,CAAA,SAAA,CAAA;AAE/B,IAAI,IAAA,GAAA,GAAM,KAAK,KAAO,EAAA;AACpB,MAAK,IAAA,CAAA,KAAA,CAAM,OAAO,GAAG,CAAA,CAAA;AACrB,MAAA,IAAA,CAAK,MAAO,CAAA,KAAA,CAAM,CAAyB,sBAAA,EAAA,GAAG,CAAE,CAAA,CAAA,CAAA;AAChD,MAAO,OAAA,IAAA,CAAA;AAAA,KACT;AAEA,IAAA,IAAA,CAAK,MAAO,CAAA,KAAA,CAAM,CAAc,WAAA,EAAA,GAAG,CAAE,CAAA,CAAA,CAAA;AACrC,IAAA,OAAO,KAAM,CAAA,IAAA,CAAA;AAAA,GACf;AAAA,EAEA,GAAA,CAAO,KAAa,IAAe,EAAA;AACjC,IAAK,IAAA,CAAA,KAAA,CAAM,IAAI,GAAK,EAAA;AAAA,MAClB,IAAA;AAAA,MACA,SAAA,EAAW,KAAK,GAAI,EAAA;AAAA,KACrB,CAAA,CAAA;AACD,IAAA,IAAA,CAAK,MAAO,CAAA,KAAA,CAAM,CAAc,WAAA,EAAA,GAAG,CAAE,CAAA,CAAA,CAAA;AAAA,GACvC;AAAA,EAEA,IAAI,GAAsB,EAAA;AACxB,IAAA,MAAM,KAAQ,GAAA,IAAA,CAAK,KAAM,CAAA,GAAA,CAAI,GAAG,CAAA,CAAA;AAChC,IAAA,IAAI,CAAC,KAAA;AAAO,MAAO,OAAA,KAAA,CAAA;AAEnB,IAAA,MAAM,GAAM,GAAA,IAAA,CAAK,GAAI,EAAA,GAAI,KAAM,CAAA,SAAA,CAAA;AAC/B,IAAI,IAAA,GAAA,GAAM,KAAK,KAAO,EAAA;AACpB,MAAK,IAAA,CAAA,KAAA,CAAM,OAAO,GAAG,CAAA,CAAA;AACrB,MAAO,OAAA,KAAA,CAAA;AAAA,KACT;AAEA,IAAO,OAAA,IAAA,CAAA;AAAA,GACT;AAAA,EAEA,KAAc,GAAA;AACZ,IAAA,IAAA,CAAK,MAAM,KAAM,EAAA,CAAA;AACjB,IAAK,IAAA,CAAA,MAAA,CAAO,KAAK,eAAe,CAAA,CAAA;AAAA,GAClC;AAAA,EAEA,IAAe,GAAA;AACb,IAAA,OAAO,KAAK,KAAM,CAAA,IAAA,CAAA;AAAA,GACpB;AAAA,EAEA,KAA0C,GAAA;AACxC,IAAO,OAAA;AAAA,MACL,IAAA,EAAM,KAAK,KAAM,CAAA,IAAA;AAAA,MACjB,MAAM,KAAM,CAAA,IAAA,CAAK,IAAK,CAAA,KAAA,CAAM,MAAM,CAAA;AAAA,KACpC,CAAA;AAAA,GACF;AACF;;AC9BA,SAAS,cAAc,OAAgC,EAAA;AA3CvD,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,CAAA;AA4CE,EAAM,MAAA,KAAA,GAAQ,OAAQ,CAAA,KAAA,CAAM,IAAI,CAAA,CAAA;AAChC,EAAA,MAAM,WAA0B,EAAC,CAAA;AAEjC,EAAA,KAAA,MAAW,QAAQ,KAAO,EAAA;AACxB,IAAI,IAAA,IAAA,CAAK,UAAW,CAAA,qBAAqB,CAAG,EAAA;AAC1C,MAAS,QAAA,CAAA,WAAA,GAAA,CAAA,CAAc,UAAK,KAAM,CAAA,GAAA,EAAK,CAAC,CAAE,CAAA,CAAC,CAApB,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAuB,IAAU,EAAA,KAAA,KAAA,CAAA,CAAA;AAAA,KAC/C,MAAA,IAAA,IAAA,CAAK,UAAW,CAAA,YAAY,CAAG,EAAA;AACxC,MAAS,QAAA,CAAA,QAAA,GAAA,CAAA,CAAW,UAAK,KAAM,CAAA,GAAA,EAAK,CAAC,CAAE,CAAA,CAAC,CAApB,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAuB,IAAU,EAAA,KAAA,KAAA,CAAA,CAAA;AAAA,KAC5C,MAAA,IAAA,IAAA,CAAK,UAAW,CAAA,aAAa,CAAG,EAAA;AACzC,MAAS,QAAA,CAAA,SAAA,GAAA,CAAA,CAAY,UAAK,KAAM,CAAA,GAAA,EAAK,CAAC,CAAE,CAAA,CAAC,CAApB,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAuB,IAAU,EAAA,KAAA,KAAA,CAAA,CAAA;AAAA,KAC7C,MAAA,IAAA,IAAA,CAAK,UAAW,CAAA,YAAY,CAAG,EAAA;AACxC,MAAS,QAAA,CAAA,SAAA,GAAA,CAAA,CAAY,UAAK,KAAM,CAAA,GAAA,EAAK,CAAC,CAAE,CAAA,CAAC,CAApB,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAuB,IAAU,EAAA,KAAA,KAAA,CAAA,CAAA;AAAA,KACxD;AAAA,GACF;AAEA,EAAO,OAAA,QAAA,CAAA;AACT,CAAA;AAEA,SAAS,iBAAiB,OAAiC,EAAA;AACzD,EAAA,MAAM,WAA2B,EAAC,CAAA;AAClC,EAAM,MAAA,QAAA,GAAW,OAAQ,CAAA,KAAA,CAAM,aAAa,CAAA,CAAA;AAE5C,EAAA,IAAI,WAAc,GAAA,EAAA,CAAA;AAElB,EAAA,KAAA,MAAW,WAAW,QAAU,EAAA;AAE9B,IAAM,MAAA,SAAA,GAAY,OAAQ,CAAA,KAAA,CAAM,6BAA6B,CAAA,CAAA;AAC7D,IAAA,IAAI,SAAW,EAAA;AACb,MAAA,WAAA,GAAc,UAAU,CAAC,CAAA,CAAA;AACzB,MAAA,SAAA;AAAA,KACF;AAGA,IAAM,MAAA,aAAA,GAAgB,OAAQ,CAAA,KAAA,CAAM,6CAA6C,CAAA,CAAA;AACjF,IAAA,IAAI,iBAAiB,WAAa,EAAA;AAChC,MAAM,MAAA,QAAA,GAAW,cAAc,CAAC,CAAA,CAAA;AAChC,MAAM,MAAA,KAAA,GAAQ,cAAc,CAAC,CAAA,CAAA;AAG7B,MAAM,MAAA,SAAA,GAAY,OAAQ,CAAA,KAAA,CAAM,kCAAkC,CAAA,CAAA;AAClE,MAAA,MAAM,cAAc,SAAY,GAAA,SAAA,CAAU,CAAC,CAAA,CAAE,MAAS,GAAA,EAAA,CAAA;AAGtD,MAAM,MAAA,QAAA,GAAW,OAAQ,CAAA,KAAA,CAAM,6CAA6C,CAAA,CAAA;AAC5E,MAAA,MAAM,KAAQ,GAAA,QAAA,GAAW,QAAS,CAAA,CAAC,CAAI,GAAA,KAAA,CAAA,CAAA;AAGvC,MAAM,MAAA,UAAA,GAAa,OAAQ,CAAA,KAAA,CAAM,6BAA6B,CAAA,CAAA;AAC9D,MAAM,MAAA,KAAA,GAAQ,UAAa,GAAA,CAAA,EAAG,UAAW,CAAA,CAAC,CAAC,CAAI,CAAA,EAAA,UAAA,CAAW,CAAC,CAAC,CAAK,CAAA,GAAA,EAAA,CAAA;AAEjE,MAAA,QAAA,CAAS,IAAK,CAAA;AAAA,QACZ,IAAM,EAAA,WAAA;AAAA,QACN,QAAA;AAAA,QACA,KAAA;AAAA,QACA,WAAA;AAAA,QACA,KAAA;AAAA,QACA,KAAA;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAAA,GACF;AAEA,EAAO,OAAA,QAAA,CAAA;AACT,CAAA;AAEA,SAAS,iBAAiB,MAAqC,EAAA;AAC7D,EAAM,MAAA,WAAA,GAAc,iCAAQ,iBAAkB,CAAA,OAAA,CAAA,CAAA;AAC9C,EAAO,OAAA;AAAA,IACL,UAAA,EAAA,CAAY,WAAa,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,WAAA,CAAA,iBAAA,CAAkB,YAAiB,CAAA,KAAA,mBAAA;AAAA,IAC5D,SAAA,EAAA,CAAW,WAAa,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,WAAA,CAAA,iBAAA,CAAkB,WAAgB,CAAA,KAAA,CAAA;AAAA,GAC5D,CAAA;AACF,CAAA;AAEA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAM,MAAA,EAAE,MAAQ,EAAA,MAAA,EAAW,GAAA,OAAA,CAAA;AAC3B,EAAA,MAAM,SAASA,0BAAO,EAAA,CAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,2BAAQ,CAAA,IAAA,EAAM,CAAA,CAAA;AAEzB,EAAM,MAAA,aAAA,GAAgB,iBAAiB,MAAM,CAAA,CAAA;AAC7C,EAAM,MAAAC,SAAA,GAAU,IAAIC,eAAQ,EAAA,CAAA;AAC5B,EAAA,MAAM,aAAa,aAAc,CAAA,UAAA,CAAA;AACjC,EAAA,MAAM,KAAQ,GAAA,IAAI,YAAa,CAAA,aAAA,CAAc,WAAW,MAAM,CAAA,CAAA;AAE9D,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,MAAA,CAAO,KAAK,OAAO,CAAA,CAAA;AACnB,IAAA,QAAA,CAAS,IAAK,CAAA;AAAA,MACZ,MAAQ,EAAA,IAAA;AAAA,MACR,KAAA,EAAO,MAAM,KAAM,EAAA;AAAA,MACnB,MAAQ,EAAA;AAAA,QACN,UAAA;AAAA,QACA,WAAW,aAAc,CAAA,SAAA;AAAA,OAC3B;AAAA,KACD,CAAA,CAAA;AAAA,GACF,CAAA,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,QAAA,EAAU,OAAO,CAAA,EAAG,QAAa,KAAA;AAC1C,IAAI,IAAA;AACF,MAAA,MAAM,QAAW,GAAA,WAAA,CAAA;AACjB,MAAM,MAAA,MAAA,GAAS,KAAM,CAAA,GAAA,CAAuB,QAAQ,CAAA,CAAA;AAEpD,MAAA,IAAI,MAAQ,EAAA;AACV,QAAA,MAAA,CAAO,KAAK,wBAAwB,CAAA,CAAA;AACpC,QAAA,QAAA,CAAS,KAAK,MAAM,CAAA,CAAA;AACpB,QAAA,OAAA;AAAA,OACF;AAEA,MAAM,MAAA,CAAC,KAAK,CAAI,GAAA,MAAMD,UAAQ,MAAO,CAAA,UAAU,EAAE,QAAS,CAAA;AAAA,QACxD,MAAQ,EAAA,QAAA;AAAA,OACT,CAAA,CAAA;AAED,MAAM,MAAA,KAAA,uBAAY,GAA6B,EAAA,CAAA;AAE/C,MAAA,KAAA,MAAW,QAAQ,KAAO,EAAA;AACxB,QAAA,MAAM,SAAY,GAAA,IAAA,CAAK,IAAK,CAAA,KAAA,CAAM,GAAG,CAAA,CAAA;AACrC,QAAA,IAAI,UAAU,MAAS,GAAA,CAAA;AAAG,UAAA,SAAA;AAE1B,QAAM,MAAA,IAAA,GAAO,UAAU,CAAC,CAAA,CAAA;AACxB,QAAM,MAAA,MAAA,GAAS,UAAU,CAAC,CAAA,CAAA;AAC1B,QAAM,MAAA,MAAA,GAAS,UAAU,CAAC,CAAA,CAAA;AAC1B,QAAM,MAAA,QAAA,GAAW,UAAU,CAAC,CAAA,CAAA;AAE5B,QAAA,MAAM,MAAM,CAAG,EAAA,IAAI,CAAI,CAAA,EAAA,MAAM,IAAI,MAAM,CAAA,CAAA,CAAA;AAEvC,QAAA,IAAI,CAAC,KAAA,CAAM,GAAI,CAAA,GAAG,CAAG,EAAA;AACnB,UAAA,KAAA,CAAM,IAAI,GAAK,EAAA;AAAA,YACb,IAAA;AAAA,YACA,MAAA;AAAA,YACA,MAAA;AAAA,YACA,UAAU,EAAC;AAAA,YACX,UAAU,EAAC;AAAA,YACX,SAAA,EAAW,IAAK,CAAA,QAAA,CAAS,WACrB,GAAA,IAAI,IAAK,CAAA,IAAA,CAAK,QAAS,CAAA,WAAW,CAClC,mBAAA,IAAI,IAAK,EAAA;AAAA,WACd,CAAA,CAAA;AAAA,SACH;AAEA,QAAM,MAAA,IAAA,GAAO,KAAM,CAAA,GAAA,CAAI,GAAG,CAAA,CAAA;AAE1B,QAAA,IAAI,aAAa,oBAAsB,EAAA;AACrC,UAAA,MAAM,CAAC,OAAO,CAAI,GAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AACtC,UAAA,IAAA,CAAK,QAAW,GAAA,aAAA,CAAc,OAAQ,CAAA,QAAA,EAAU,CAAA,CAAA;AAAA,SACvC,MAAA,IAAA,QAAA,KAAa,qBAAyB,IAAA,QAAA,KAAa,wBAA0B,EAAA;AACtF,UAAA,MAAM,CAAC,OAAO,CAAI,GAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AACtC,UAAA,MAAM,QAAW,GAAA,gBAAA,CAAiB,OAAQ,CAAA,QAAA,EAAU,CAAA,CAAA;AACpD,UAAK,IAAA,CAAA,QAAA,CAAS,IAAK,CAAA,GAAG,QAAQ,CAAA,CAAA;AAAA,SAChC;AAAA,OACF;AAEA,MAAA,MAAM,YAAY,KAAM,CAAA,IAAA,CAAK,MAAM,MAAO,EAAC,EACxC,IAAK,CAAA,CAAC,CAAG,EAAA,CAAA,KAAM,EAAE,SAAU,CAAA,OAAA,KAAY,CAAE,CAAA,SAAA,CAAU,SAAS,CAAA,CAAA;AAE/D,MAAM,KAAA,CAAA,GAAA,CAAI,UAAU,SAAS,CAAA,CAAA;AAC7B,MAAA,QAAA,CAAS,KAAK,SAAS,CAAA,CAAA;AAAA,aAChB,KAAO,EAAA;AACd,MAAO,MAAA,CAAA,KAAA,CAAM,yBAAyB,KAAc,CAAA,CAAA;AACpD,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,yBAAyB,CAAA,CAAA;AAAA,KAC9D;AAAA,GACD,CAAA,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,8BAAA,EAAgC,OAAO,OAAA,EAAS,QAAa,KAAA;AACtE,IAAI,IAAA;AACF,MAAA,MAAM,EAAE,IAAA,EAAM,MAAQ,EAAA,MAAA,KAAW,OAAQ,CAAA,MAAA,CAAA;AACzC,MAAA,MAAM,WAAW,CAAQ,KAAA,EAAA,IAAI,CAAI,CAAA,EAAA,MAAM,IAAI,MAAM,CAAA,CAAA,CAAA;AACjD,MAAM,MAAA,MAAA,GAAS,KAAM,CAAA,GAAA,CAAqB,QAAQ,CAAA,CAAA;AAElD,MAAA,IAAI,MAAQ,EAAA;AACV,QAAO,MAAA,CAAA,IAAA,CAAK,CAA0B,uBAAA,EAAA,QAAQ,CAAE,CAAA,CAAA,CAAA;AAChD,QAAA,QAAA,CAAS,KAAK,MAAM,CAAA,CAAA;AACpB,QAAA,OAAA;AAAA,OACF;AAEA,MAAA,MAAM,SAAS,CAAS,MAAA,EAAA,IAAI,CAAI,CAAA,EAAA,MAAM,IAAI,MAAM,CAAA,CAAA,CAAA,CAAA;AAEhD,MAAM,MAAA,CAAC,KAAK,CAAA,GAAI,MAAMA,SAAA,CAAQ,MAAO,CAAA,UAAU,CAAE,CAAA,QAAA,CAAS,EAAE,MAAA,EAAQ,CAAA,CAAA;AAEpE,MAAA,MAAM,IAAwB,GAAA;AAAA,QAC5B,IAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,UAAU,EAAC;AAAA,QACX,UAAU,EAAC;AAAA,QACX,SAAA,sBAAe,IAAK,EAAA;AAAA,OACtB,CAAA;AAEA,MAAA,KAAA,MAAW,QAAQ,KAAO,EAAA;AACxB,QAAA,MAAM,WAAW,IAAK,CAAA,IAAA,CAAK,KAAM,CAAA,GAAG,EAAE,GAAI,EAAA,CAAA;AAE1C,QAAA,IAAI,aAAa,oBAAsB,EAAA;AACrC,UAAA,MAAM,CAAC,OAAO,CAAI,GAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AACtC,UAAA,IAAA,CAAK,QAAW,GAAA,aAAA,CAAc,OAAQ,CAAA,QAAA,EAAU,CAAA,CAAA;AAAA,SACvC,MAAA,IAAA,QAAA,KAAa,qBAAyB,IAAA,QAAA,KAAa,wBAA0B,EAAA;AACtF,UAAA,MAAM,CAAC,OAAO,CAAI,GAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AACtC,UAAA,IAAA,CAAK,SAAS,IAAK,CAAA,GAAG,iBAAiB,OAAQ,CAAA,QAAA,EAAU,CAAC,CAAA,CAAA;AAAA,SAC5D;AAEA,QAAI,IAAA,IAAA,CAAK,SAAS,WAAa,EAAA;AAC7B,UAAA,IAAA,CAAK,SAAY,GAAA,IAAI,IAAK,CAAA,IAAA,CAAK,SAAS,WAAW,CAAA,CAAA;AAAA,SACrD;AAAA,OACF;AAEA,MAAM,KAAA,CAAA,GAAA,CAAI,UAAU,IAAI,CAAA,CAAA;AACxB,MAAA,QAAA,CAAS,KAAK,IAAI,CAAA,CAAA;AAAA,aACX,KAAO,EAAA;AACd,MAAO,MAAA,CAAA,KAAA,CAAM,wBAAwB,KAAc,CAAA,CAAA;AACnD,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,wBAAwB,CAAA,CAAA;AAAA,KAC7D;AAAA,GACD,CAAA,CAAA;AAGD,EAAA,MAAA,CAAO,GAAI,CAAA,qBAAA,EAAuB,OAAO,OAAA,EAAS,QAAa,KAAA;AAC7D,IAAI,IAAA;AACF,MAAM,MAAA,EAAE,IAAK,EAAA,GAAI,OAAQ,CAAA,MAAA,CAAA;AACzB,MAAM,MAAA,QAAA,GAAW,UAAU,IAAI,CAAA,CAAA,CAAA;AAC/B,MAAM,MAAA,MAAA,GAAS,KAAM,CAAA,GAAA,CAAqB,QAAQ,CAAA,CAAA;AAElD,MAAA,IAAI,MAAQ,EAAA;AACV,QAAO,MAAA,CAAA,IAAA,CAAK,CAAiC,8BAAA,EAAA,QAAQ,CAAE,CAAA,CAAA,CAAA;AACvD,QAAA,QAAA,CAAS,KAAK,MAAM,CAAA,CAAA;AACpB,QAAA,OAAA;AAAA,OACF;AAEA,MAAM,MAAA,MAAA,GAAS,SAAS,IAAI,CAAA,CAAA,CAAA,CAAA;AAE5B,MAAM,MAAA,CAAC,KAAK,CAAA,GAAI,MAAMA,SAAA,CAAQ,MAAO,CAAA,UAAU,CAAE,CAAA,QAAA,CAAS,EAAE,MAAA,EAAQ,CAAA,CAAA;AAEpE,MAAM,MAAA,KAAA,uBAAY,GAA6B,EAAA,CAAA;AAE/C,MAAA,KAAA,MAAW,QAAQ,KAAO,EAAA;AACxB,QAAA,MAAM,SAAY,GAAA,IAAA,CAAK,IAAK,CAAA,KAAA,CAAM,GAAG,CAAA,CAAA;AACrC,QAAA,IAAI,UAAU,MAAS,GAAA,CAAA;AAAG,UAAA,SAAA;AAE1B,QAAM,MAAA,MAAA,GAAS,UAAU,CAAC,CAAA,CAAA;AAC1B,QAAM,MAAA,MAAA,GAAS,UAAU,CAAC,CAAA,CAAA;AAC1B,QAAM,MAAA,QAAA,GAAW,UAAU,CAAC,CAAA,CAAA;AAE5B,QAAA,MAAM,MAAM,CAAG,EAAA,IAAI,CAAI,CAAA,EAAA,MAAM,IAAI,MAAM,CAAA,CAAA,CAAA;AAEvC,QAAA,IAAI,CAAC,KAAA,CAAM,GAAI,CAAA,GAAG,CAAG,EAAA;AACnB,UAAA,KAAA,CAAM,IAAI,GAAK,EAAA;AAAA,YACb,IAAA;AAAA,YACA,MAAA;AAAA,YACA,MAAA;AAAA,YACA,UAAU,EAAC;AAAA,YACX,UAAU,EAAC;AAAA,YACX,SAAA,EAAW,IAAK,CAAA,QAAA,CAAS,WACrB,GAAA,IAAI,IAAK,CAAA,IAAA,CAAK,QAAS,CAAA,WAAW,CAClC,mBAAA,IAAI,IAAK,EAAA;AAAA,WACd,CAAA,CAAA;AAAA,SACH;AAEA,QAAM,MAAA,IAAA,GAAO,KAAM,CAAA,GAAA,CAAI,GAAG,CAAA,CAAA;AAE1B,QAAA,IAAI,aAAa,oBAAsB,EAAA;AACrC,UAAA,MAAM,CAAC,OAAO,CAAI,GAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AACtC,UAAA,IAAA,CAAK,QAAW,GAAA,aAAA,CAAc,OAAQ,CAAA,QAAA,EAAU,CAAA,CAAA;AAAA,SACvC,MAAA,IAAA,QAAA,KAAa,qBAAyB,IAAA,QAAA,KAAa,wBAA0B,EAAA;AACtF,UAAA,MAAM,CAAC,OAAO,CAAI,GAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AACtC,UAAA,IAAA,CAAK,SAAS,IAAK,CAAA,GAAG,iBAAiB,OAAQ,CAAA,QAAA,EAAU,CAAC,CAAA,CAAA;AAAA,SAC5D;AAAA,OACF;AAEA,MAAM,MAAA,UAAA,GAAa,MAAM,IAAK,CAAA,KAAA,CAAM,QAAQ,CAAA,CACzC,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,SAAA,CAAU,SAAY,GAAA,CAAA,CAAE,UAAU,OAAQ,EAAC,EAAE,CAAC,CAAA,CAAA;AAElE,MAAA,IAAI,CAAC,UAAY,EAAA;AACf,QAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,2BAA2B,CAAA,CAAA;AAC9D,QAAA,OAAA;AAAA,OACF;AAEA,MAAM,KAAA,CAAA,GAAA,CAAI,UAAU,UAAU,CAAA,CAAA;AAC9B,MAAA,QAAA,CAAS,KAAK,UAAU,CAAA,CAAA;AAAA,aACjB,KAAO,EAAA;AACd,MAAO,MAAA,CAAA,KAAA,CAAM,+BAA+B,KAAc,CAAA,CAAA;AAC1D,MAAA,QAAA,CAAS,OAAO,GAAG,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,+BAA+B,CAAA,CAAA;AAAA,KACpE;AAAA,GACD,CAAA,CAAA;AAED,EAAO,MAAA,CAAA,GAAA,CAAIE,4BAAqB,CAAA,CAAA;AAChC,EAAO,OAAA,MAAA,CAAA;AACT;;AChUO,MAAM,cAAcC,oCAAoB,CAAA;AAAA,EAC7C,QAAU,EAAA,OAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,YAAYC,6BAAa,CAAA,UAAA;AAAA,QACzB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,UAAA;AAAA,OACvB;AAAA,MACA,MAAM,IAAK,CAAA,EAAE,UAAY,EAAA,MAAA,EAAQ,QAAU,EAAA;AACzC,QAAW,UAAA,CAAA,GAAA;AAAA,UACT,MAAM,YAAa,CAAA;AAAA,YACjB,MAAA;AAAA,YACA,MAAA;AAAA,WACD,CAAA;AAAA,SACH,CAAA;AACA,QAAA,UAAA,CAAW,aAAc,CAAA;AAAA,UACvB,IAAM,EAAA,SAAA;AAAA,UACN,KAAO,EAAA,iBAAA;AAAA,SACR,CAAA,CAAA;AAAA,OACH;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+
+declare const trivyPlugin: _backstage_backend_plugin_api.BackendFeatureCompat;
+
+export { trivyPlugin as default };

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@sanity-labs/backstage-plugin-trivy-backend",
+  "version": "0.0.1",
+  "main": "dist/index.cjs.js",
+  "types": "dist/index.d.ts",
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  },
+  "backstage": {
+    "role": "backend-plugin"
+  },
+  "dependencies": {
+    "@backstage/backend-common": "^0.21.0",
+    "@backstage/backend-plugin-api": "^0.6.10",
+    "@backstage/catalog-model": "^1.4.3",
+    "@backstage/config": "^1.1.1",
+    "@google-cloud/storage": "^7.7.0",
+    "express": "^4.18.2",
+    "express-promise-router": "^4.1.1",
+    "node-fetch": "^2.7.0",
+    "winston": "^3.11.0",
+    "yn": "^4.0.0"
+  },
+  "devDependencies": {
+    "@backstage/cli": "^0.25.0",
+    "@types/express": "*",
+    "@types/jest": "^30.0.0",
+    "@types/node": "*",
+    "@types/webpack-env": "^1.18.8"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "start": "backstage-cli package start",
+    "build": "backstage-cli package build",
+    "lint": "backstage-cli package lint",
+    "test": "backstage-cli package test",
+    "clean": "backstage-cli package clean",
+    "tsc": "tsc --project tsconfig.json --declaration --emitDeclarationOnly --outDir dist-types/src"
+  }
+}