feat(linux): add support for snap and flatpak pkgs

swarit-stepsecurity · swarit-stepsecurity · commit 22bec635d25f · 2026-04-23T22:44:57.000+05:30
Signed-off-by: Swarit Pandey &lt;swarit@stepsecurity.io&gt;
diff --git a/internal/detector/syspkg.go b/internal/detector/syspkg.go
@@ -132,6 +132,113 @@ func parsePackageList(stdout string, parseLine func(string) (string, string, boo
 	return packages
 }
 
+// DetectAdditionalManagers returns snap and/or flatpak if installed.
+// These coexist with the system PM — a machine can have rpm + snap + flatpak.
+func (d *SystemPkgDetector) DetectAdditionalManagers(ctx context.Context) []model.PkgManager {
+	if d.exec.GOOS() != model.PlatformLinux {
+		return nil
+	}
+
+	type additionalPM struct {
+		name       string
+		binary     string
+		versionCmd []string
+	}
+
+	candidates := []additionalPM{
+		{"snap", "snap", []string{"version"}},
+		{"flatpak", "flatpak", []string{"--version"}},
+	}
+
+	var managers []model.PkgManager
+	for _, pm := range candidates {
+		path, err := d.exec.LookPath(pm.binary)
+		if err != nil {
+			continue
+		}
+
+		version := "unknown"
+		stdout, _, _, err := d.exec.RunWithTimeout(ctx, 10*time.Second, pm.binary, pm.versionCmd...)
+		if err == nil {
+			if line := strings.TrimSpace(strings.SplitN(stdout, "\n", 2)[0]); line != "" {
+				version = line
+			}
+		}
+
+		managers = append(managers, model.PkgManager{
+			Name:    pm.name,
+			Version: version,
+			Path:    path,
+		})
+	}
+
+	return managers
+}
+
+// ListSnapPackages returns installed snap packages.
+func (d *SystemPkgDetector) ListSnapPackages(ctx context.Context) []model.SystemPackage {
+	if _, err := d.exec.LookPath("snap"); err != nil {
+		return nil
+	}
+
+	stdout, _, _, err := d.exec.RunWithTimeout(ctx, 30*time.Second, "snap", "list")
+	if err != nil {
+		return nil
+	}
+
+	// snap list output: "Name  Version  Rev  Tracking  Publisher  Notes"
+	// Skip the header line
+	lines := strings.Split(strings.TrimSpace(stdout), "\n")
+	if len(lines) < 2 {
+		return nil
+	}
+
+	var packages []model.SystemPackage
+	for _, line := range lines[1:] {
+		fields := strings.Fields(line)
+		if len(fields) >= 2 {
+			packages = append(packages, model.SystemPackage{Name: fields[0], Version: fields[1]})
+		}
+	}
+	return packages
+}
+
+// ListFlatpakPackages returns installed flatpak applications.
+func (d *SystemPkgDetector) ListFlatpakPackages(ctx context.Context) []model.SystemPackage {
+	if _, err := d.exec.LookPath("flatpak"); err != nil {
+		return nil
+	}
+
+	stdout, _, _, err := d.exec.RunWithTimeout(ctx, 30*time.Second,
+		"flatpak", "list", "--app", "--columns=application,version")
+	if err != nil {
+		return nil
+	}
+
+	stdout = strings.TrimSpace(stdout)
+	if stdout == "" {
+		return nil
+	}
+
+	var packages []model.SystemPackage
+	for _, line := range strings.Split(stdout, "\n") {
+		line = strings.TrimSpace(line)
+		if line == "" {
+			continue
+		}
+		// Format: "app.id\tversion" (tab-separated)
+		parts := strings.SplitN(line, "\t", 2)
+		version := "unknown"
+		if len(parts) >= 2 && parts[1] != "" {
+			version = parts[1]
+		}
+		if parts[0] != "" {
+			packages = append(packages, model.SystemPackage{Name: parts[0], Version: version})
+		}
+	}
+	return packages
+}
+
 // parseSpaceSeparated handles "name version" format (rpm, dpkg, pacman).
 func parseSpaceSeparated(line string) (string, string, bool) {
 	parts := strings.SplitN(line, " ", 2)
diff --git a/internal/model/model.go b/internal/model/model.go
@@ -20,9 +20,13 @@ type ScanResult struct {
 	PythonPkgManagers []PkgManager    `json:"python_package_managers"`
 	PythonPackages    []PythonPackage `json:"python_packages"`
 	PythonProjects    []ProjectInfo   `json:"python_projects"`
-	SystemPkgManager  *PkgManager     `json:"system_package_manager,omitempty"`
-	SystemPackages    []SystemPackage `json:"system_packages"`
-	Summary           Summary         `json:"summary"`
+	SystemPkgManager    *PkgManager     `json:"system_package_manager,omitempty"`
+	SystemPackages      []SystemPackage `json:"system_packages"`
+	SnapPkgManager      *PkgManager     `json:"snap_package_manager,omitempty"`
+	SnapPackages        []SystemPackage `json:"snap_packages"`
+	FlatpakPkgManager   *PkgManager     `json:"flatpak_package_manager,omitempty"`
+	FlatpakPackages     []SystemPackage `json:"flatpak_packages"`
+	Summary             Summary         `json:"summary"`
 }
 
 type Device struct {
@@ -95,6 +99,8 @@ type Summary struct {
 	BrewCasksCount        int `json:"brew_casks_count"`
 	PythonProjectsCount   int `json:"python_projects_count"`
 	SystemPackagesCount   int `json:"system_packages_count"`
+	SnapPackagesCount     int `json:"snap_packages_count"`
+	FlatpakPackagesCount  int `json:"flatpak_packages_count"`
 }
 
 // NodeScanResult holds raw scan output for enterprise telemetry.
diff --git a/internal/output/pretty.go b/internal/output/pretty.go
@@ -62,6 +62,12 @@ func Pretty(w io.Writer, result *model.ScanResult, colorMode string) error {
 	if result.SystemPkgManager != nil {
 		fmt.Fprintf(w, "    %-24s %s%d%s\n", "System Packages", c.green, result.Summary.SystemPackagesCount, c.reset)
 	}
+	if result.SnapPkgManager != nil {
+		fmt.Fprintf(w, "    %-24s %s%d%s\n", "Snap Packages", c.green, result.Summary.SnapPackagesCount, c.reset)
+	}
+	if result.FlatpakPkgManager != nil {
+		fmt.Fprintf(w, "    %-24s %s%d%s\n", "Flatpak Apps", c.green, result.Summary.FlatpakPackagesCount, c.reset)
+	}
 	fmt.Fprintln(w)
 
 	// AI AGENTS AND TOOLS
@@ -226,6 +232,36 @@ func Pretty(w io.Writer, result *model.ScanResult, colorMode string) error {
 		fmt.Fprintln(w)
 	}
 
+	// SNAP PACKAGES (Linux only)
+	if result.SnapPkgManager != nil {
+		fmt.Fprintf(w, "  %s%sSNAP PACKAGES%s\n", c.purple, c.bold, c.reset)
+		fmt.Fprintln(w)
+		if len(result.SnapPackages) > 0 {
+			printSectionHeader(w, c, "Installed Snaps", len(result.SnapPackages))
+			for _, pkg := range result.SnapPackages {
+				fmt.Fprintf(w, "      %-36s %s%s%s\n", pkg.Name, c.dim, pkg.Version, c.reset)
+			}
+		} else {
+			fmt.Fprintf(w, "    %sNo snap packages found%s\n", c.dim, c.reset)
+		}
+		fmt.Fprintln(w)
+	}
+
+	// FLATPAK APPS (Linux only)
+	if result.FlatpakPkgManager != nil {
+		fmt.Fprintf(w, "  %s%sFLATPAK APPS%s\n", c.purple, c.bold, c.reset)
+		fmt.Fprintln(w)
+		if len(result.FlatpakPackages) > 0 {
+			printSectionHeader(w, c, "Installed Apps", len(result.FlatpakPackages))
+			for _, pkg := range result.FlatpakPackages {
+				fmt.Fprintf(w, "      %-36s %s%s%s\n", pkg.Name, c.dim, pkg.Version, c.reset)
+			}
+		} else {
+			fmt.Fprintf(w, "    %sNo flatpak apps found%s\n", c.dim, c.reset)
+		}
+		fmt.Fprintln(w)
+	}
+
 	return nil
 }
 
diff --git a/internal/scan/scanner.go b/internal/scan/scanner.go
@@ -125,9 +125,11 @@ func Run(exec executor.Executor, log *progress.Logger, cfg *cli.Config) error {
 		log.StepSkip("disabled (use --enable-brew-scan to enable)")
 	}
 
-	// System package manager (Linux only — rpm, dpkg, pacman, apk)
+	// System package managers (Linux only — rpm/dpkg/pacman/apk + snap + flatpak)
 	var systemPkgManager *model.PkgManager
 	var systemPackages []model.SystemPackage
+	var snapPkgManager, flatpakPkgManager *model.PkgManager
+	var snapPackages, flatpakPackages []model.SystemPackage
 
 	if exec.GOOS() == model.PlatformLinux {
 		log.StepStart("Detecting system packages")
@@ -137,6 +139,19 @@ func Run(exec executor.Executor, log *progress.Logger, cfg *cli.Config) error {
 		if systemPkgManager != nil {
 			systemPackages = sysPkgDetector.ListPackages(ctx)
 		}
+
+		// Snap and flatpak coexist with the system PM
+		for _, mgr := range sysPkgDetector.DetectAdditionalManagers(ctx) {
+			mgr := mgr
+			switch mgr.Name {
+			case "snap":
+				snapPkgManager = &mgr
+				snapPackages = sysPkgDetector.ListSnapPackages(ctx)
+			case "flatpak":
+				flatpakPkgManager = &mgr
+				flatpakPackages = sysPkgDetector.ListFlatpakPackages(ctx)
+			}
+		}
 		log.StepDone(time.Since(start))
 	}
 
@@ -206,6 +221,12 @@ func Run(exec executor.Executor, log *progress.Logger, cfg *cli.Config) error {
 	if systemPackages == nil {
 		systemPackages = []model.SystemPackage{}
 	}
+	if snapPackages == nil {
+		snapPackages = []model.SystemPackage{}
+	}
+	if flatpakPackages == nil {
+		flatpakPackages = []model.SystemPackage{}
+	}
 
 	// Build result
 	now := time.Now()
@@ -230,6 +251,10 @@ func Run(exec executor.Executor, log *progress.Logger, cfg *cli.Config) error {
 		PythonProjects:    pythonProjects,
 		SystemPkgManager:  systemPkgManager,
 		SystemPackages:    systemPackages,
+		SnapPkgManager:    snapPkgManager,
+		SnapPackages:      snapPackages,
+		FlatpakPkgManager: flatpakPkgManager,
+		FlatpakPackages:   flatpakPackages,
 		Summary: model.Summary{
 			AIAgentsAndToolsCount: len(aiTools),
 			IDEInstallationsCount: len(ides),
@@ -240,6 +265,8 @@ func Run(exec executor.Executor, log *progress.Logger, cfg *cli.Config) error {
 			BrewCasksCount:        len(brewCasks),
 			PythonProjectsCount:   len(pythonProjects),
 			SystemPackagesCount:   len(systemPackages),
+			SnapPackagesCount:     len(snapPackages),
+			FlatpakPackagesCount:  len(flatpakPackages),
 		},
 	}
 
