feat(repo): Add bearer authentication method for support various git hosting platform

docs/docs/target/repository.md

@@ -137,9 +137,11 @@ $ trivy repo --tag <tag-name> <repo-name>
 ```
 
 ### Scanning Private Repositories
-In order to scan private GitHub or GitLab repositories, the environment variable `GITHUB_TOKEN` or `GITLAB_TOKEN` must be set, respectively, with a valid token that has access to the private repository being scanned.
+In order to scan private repositories, the environment variable `GITHUB_TOKEN`, `GITLAB_TOKEN`, `BITBUCKET_TOKEN` must be set, respectively, with a valid token that has access to the private repository being scanned.
 
-The `GITHUB_TOKEN` environment variable will take precedence over `GITLAB_TOKEN`, so if a private GitLab repository will be scanned, then `GITHUB_TOKEN` must be unset.
+The `GITHUB_TOKEN` environment variable will take precedence over `GITLAB_TOKEN` and `BITBUCKET_TOKEN`, so if a private GitLab repository will be scanned, then `GITHUB_TOKEN` must be unset.
+
+If you need to specify the username, set `GIT_USERNAME` value to authenticate with username.
 
 You can find how to generate your GitHub Token in the following [GitHub documentation.](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
 
@@ -152,4 +154,9 @@ $ trivy repo <your private GitHub repo URL>
 # or
 $ export GITLAB_TOKEN="your_private_gitlab_token"
 $ trivy repo <your private GitLab repo URL>
+
+# or
+$ export GIT_USERNAME="bitbucket_token_username"
+$ export BITBUCKET_TOKEN="your_private_bitbucket_token"
+$ trivy repo <your private Git repo URL>
 ```

pkg/fanal/artifact/repo/git.go

@@ -2,6 +2,7 @@ package repo
 
 import (
 	"context"
+	"log"
 	"net/url"
 	"os"
 
@@ -187,36 +188,40 @@ func newURL(rawurl string) (*url.URL, error) {
 	return u, nil
 }
 
-// Helper function to check for a GitHub/GitLab token from env vars in order to
+// Helper function to check for a GitHub/GitLab/BitBucket token from env vars in order to
 // make authenticated requests to access private repos
 func gitAuth() *http.BasicAuth {
 	var auth *http.BasicAuth
 
 	// The username can be anything for HTTPS Git operations
 	gitUsername := "fanal-aquasecurity-scan"
-
-	// We first check if a GitHub token was provided
-	githubToken := os.Getenv("GITHUB_TOKEN")
-	if githubToken != "" {
-		auth = &http.BasicAuth{
-			Username: gitUsername,
-			Password: githubToken,
+	if username := os.Getenv("GIT_USERNAME"); username != "" {
+		gitUsername = username
+	}
+
+	tokenSources := []struct {
+		envVar string
+		name   string
+	}{
+		{"GITHUB_TOKEN", "GitHub"},
+		{"GITLAB_TOKEN", "GitLab"},
+		{"BITBUCKET_TOKEN", "BitBucket"},
+	}
+
+	// Iterate token sources
+	for _, source := range tokenSources {
+		token := os.Getenv(source.envVar)
+		if token != "" {
+			auth = &http.BasicAuth{
+				Username: gitUsername,
+				Password: token,
+			}
+			log.Printf("Found token for authentication %s", source.name)
+			return auth
 		}
-		return auth
-	}
-
-	// Otherwise we check if a GitLab token was provided
-	gitlabToken := os.Getenv("GITLAB_TOKEN")
-	if gitlabToken != "" {
-		auth = &http.BasicAuth{
-			Username: gitUsername,
-			Password: gitlabToken,
-		}
-		return auth
 	}
 
 	// If no token was provided, we simply return a nil,
 	// which will make the request to be unauthenticated
 	return nil
-
 }