feat: implement docker-compose image analysis (#16)

Author: tembleking

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "sysdig-lsp"
-version = "0.5.1"
+version = "0.6.0"
 edition = "2024"
 authors = [ "Sysdig Inc." ]
 readme = "README.md"
@@ -18,12 +18,14 @@ clap = { version = "4.5.34", features = ["derive"] }
 dirs = "6.0.0"
 futures = "0.3.31"
 itertools = "0.14.0"
+marked-yaml = { version = "0.8.0", features = ["serde"] }
 rand = "0.9.0"
 regex = "1.11.1"
 reqwest = "0.12.14"
 semver = "1.0.26"
 serde = { version = "1.0.219", features = ["alloc", "derive"] }
 serde_json = "1.0.135"
+serde_yaml = "0.9.34"
 serial_test = { version = "3.2.0", features = ["file_locks"] }
 tar = "0.4.44"
 thiserror = "2.0.12"

Cargo.toml

@@ -15,16 +15,16 @@ helping you detect vulnerabilities and misconfigurations earlier in the developm
 
 ## Features
 
-| Feature                         | **[VSCode Extension](https://github.com/sysdiglabs/vscode-extension)** | **[Sysdig LSP](./docs/features/README.md)**              |
-|---------------------------------|------------------------------------------------------------------------|----------------------------------------------------------|
-| Scan base image in Dockerfile   | Supported                                                              | [Supported](./docs/features/scan_base_image.md) (0.1.0+) |
-| Code lens support               | Supported                                                              | [Supported](./docs/features/code_lens.md) (0.2.0+)       |
-| Build and Scan Dockerfile       | Supported                                                              | [Supported](./docs/features/build_and_scan.md) (0.4.0+)  |
-| Layered image analysis          | Supported                                                              | [Supported](./docs/features/layered_analysis.md) (0.5.0+)|
-| Docker-compose image analysis   | Supported                                                              | In roadmap                                               |
-| K8s Manifest image analysis     | Supported                                                              | In roadmap                                               |
-| Infrastructure-as-code analysis | Supported                                                              | In roadmap                                               |
-| Vulnerability explanation       | Supported                                                              | In roadmap                                               |
+| Feature                         | **[VSCode Extension](https://github.com/sysdiglabs/vscode-extension)** | **[Sysdig LSP](./docs/features/README.md)**                            |
+|---------------------------------|------------------------------------------------------------------------|------------------------------------------------------------------------|
+| Scan base image in Dockerfile   | Supported                                                              | [Supported](./docs/features/scan_base_image.md) (0.1.0+)               |
+| Code lens support               | Supported                                                              | [Supported](./docs/features/code_lens.md) (0.2.0+)                     |
+| Build and Scan Dockerfile       | Supported                                                              | [Supported](./docs/features/build_and_scan.md) (0.4.0+)                |
+| Layered image analysis          | Supported                                                              | [Supported](./docs/features/layered_analysis.md) (0.5.0+)              |
+| Docker-compose image analysis   | Supported                                                              | [Supported](./docs/features/docker_compose_image_analysis.md) (0.6.0+) |
+| K8s Manifest image analysis     | Supported                                                              | In roadmap                                                             |
+| Infrastructure-as-code analysis | Supported                                                              | In roadmap                                                             |
+| Vulnerability explanation       | Supported                                                              | In roadmap                                                             |
 
 ## Build
 

README.md

@@ -18,4 +18,7 @@ Sysdig LSP provides tools to integrate container security checks into your devel
 - Scans each Dockerfile layer individually for precise vulnerability identification.
 - Supports detailed analysis in single-stage and multi-stage Dockerfiles.
 
+## [Docker-compose Image Analysis](./docker_compose_image_analysis.md)
+- Scans the images defined in your `docker-compose.yml` files for vulnerabilities.
+
 See the linked documents for more details.

docs/features/README.md

@@ -0,0 +1,20 @@
+# Docker-compose Image Analysis
+
+Sysdig LSP scans the images defined in your `docker-compose.yml` files to identify vulnerabilities.
+
+> [!IMPORTANT]
+> Sysdig LSP analyzes each service's image in your compose file.
+
+![Sysdig LSP executing docker-compose image scan](./docker_compose_image_analysis.gif)
+
+## Example
+
+```yaml
+services:
+  web:
+    image: nginx:latest
+  db:
+    image: postgres:13
+```
+
+In this example, Sysdig LSP will provide actions to scan both `nginx:latest` and `postgres:13` images.

docs/features/docker_compose_image_analysis.gif

@@ -67,59 +67,33 @@ impl<C> CommandExecutor<C>
 where
     C: LSPClient,
 {
-    pub async fn scan_image_from_file(
+    pub async fn scan_image(
         &self,
         uri: &str,
-        line: u32,
+        range: Range,
+        image_name: &str,
         image_scanner: &impl ImageScanner,
     ) -> Result<()> {
-        let document_text = self
-            .document_database
-            .read_document_text(uri)
-            .await
-            .ok_or_else(|| {
-                Error::internal_error().with_message("unable to obtain document to scan")
-            })?;
-
-        let image_for_selected_line =
-            self.image_from_line(line, &document_text).ok_or_else(|| {
-                Error::parse_error().with_message(format!(
-                    "unable to retrieve image for the selected line: {line}"
-                ))
-            })?;
-
         self.show_message(
             MessageType::INFO,
-            format!("Starting scan of {image_for_selected_line}...").as_str(),
+            format!("Starting scan of {image_name}...").as_str(),
         )
         .await;
 
         let scan_result = image_scanner
-            .scan_image(image_for_selected_line)
+            .scan_image(image_name)
             .await
             .map_err(|e| Error::internal_error().with_message(e.to_string()))?;
 
         self.show_message(
             MessageType::INFO,
-            format!("Finished scan of {image_for_selected_line}.").as_str(),
+            format!("Finished scan of {image_name}.").as_str(),
         )
         .await;
 
         let diagnostic = {
-            let range_for_selected_line = Range::new(
-                Position::new(line, 0),
-                Position::new(
-                    line,
-                    document_text
-                        .lines()
-                        .nth(line as usize)
-                        .map(|x| x.len() as u32)
-                        .unwrap_or(u32::MAX),
-                ),
-            );
-
             let mut diagnostic = Diagnostic {
-                range: range_for_selected_line,
+                range,
                 severity: Some(DiagnosticSeverity::HINT),
                 message: "No vulnerabilities found.".to_owned(),
                 ..Default::default()
@@ -128,7 +102,7 @@ where
             if scan_result.has_vulnerabilities() {
                 diagnostic.message = format!(
                     "Vulnerabilities found for {}: {} Critical, {} High, {} Medium, {} Low, {} Negligible",
-                    image_for_selected_line,
+                    image_name,
                     scan_result.count_vulns_of_severity(VulnSeverity::Critical),
                     scan_result.count_vulns_of_severity(VulnSeverity::High),
                     scan_result.count_vulns_of_severity(VulnSeverity::Medium),