Replace CGO-based sqlite3 driver with pure-Go modernc.org/sqlite

[Copilot]

Eliminates CGO dependency and system sqlite3 package to remove C toolchain requirement and reduce image CVEs.

Changes

Dependencies

• go.mod: github.com/mattn/go-sqlite3 v1.14.17 → modernc.org/sqlite v1.40.0

Driver registration (4 files)

• Import: _ "github.com/mattn/go-sqlite3" → _ "modernc.org/sqlite"
• Files: internal/db/setup.go, internal/scan/{docker_scan,deep_scan,fastscan}.go

Driver name (5 callsites)

• sql.Open("sqlite3", path) → sql.Open("sqlite", path)

Container runtime

• Dockerfile: Removed sqlite3 from apt packages

Example

// Before
import _ "github.com/mattn/go-sqlite3"
db, err := sql.Open("sqlite3", dbPath)

// After  
import _ "modernc.org/sqlite"
db, err := sql.Open("sqlite", dbPath)

No API changes. DSN format and SQL semantics unchanged.

Original prompt

Goal: Replace github.com/mattn/go-sqlite3 (CGO-based) with modernc.org/sqlite (pure-Go) to remove the need for a C toolchain and the runtime sqlite3 package, reducing image CVEs.

Required changes (apply to branch replace-sqlite-driver-modernc and open a PR to merge into main):

1. Update module and dependencies

• Edit config/atlas_go/go.mod:
  • Set go directive to 1.25
  • Replace require github.com/mattn/go-sqlite3 v1.14.17 with require modernc.org/sqlite at latest stable version. Use go get to populate correct module version and update go.sum.
• Run: cd config/atlas_go && go get modernc.org/sqlite@latest && go mod tidy && go mod download

2. Update Go imports

• Find where github.com/mattn/go-sqlite3 is imported (blank import) in the repo (commonly main.go or a db driver file). Replace blank import _ "github.com/mattn/go-sqlite3" with _ "modernc.org/sqlite".
• If code calls sql.Open("sqlite3", ...), update to sql.Open("sqlite", ...) or to the driver name required by modernc.org/sqlite per its documentation. Ensure DSN format is compatible (e.g., "file:/config/atlas.db?_foreign_keys=1").
• Ensure code builds and tests pass: run go build ./... and go test ./...

3. Update Dockerfile

• Remove the runtime apt package sqlite3 from the apt-get install line in the Dockerfile since the pure-Go driver does not require system sqlite libraries.
• Keep other necessary runtime packages.

4. Add minimal tests/verification

• Add a small build step or CI note in the PR description indicating the author ran go build and validated DB open/close operations locally.

5. Commit and push

• Commit changes to branch replace-sqlite-driver-modernc with a clear message: "Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite (pure-Go)".
• Push branch and open a PR titled: "Replace github.com/mattn/go-sqlite3 with pure-Go modernc.org/sqlite" targeting main.
• PR body should explain rationale (remove CGO, reduce image CVEs), list changed files, include steps to reproduce locally (go get, go build), and request a reviewer.

Notes for the agent performing changes:

• Preserve existing code behavior; only change the import and DB driver name where necessary.
• If any code adjustment beyond the import is required to satisfy modernc.org/sqlite's API (e.g., DSN differences), make minimal, well-commented changes and include tests or run go vet.
• Update go.sum accordingly.

Create the PR from branch replace-sqlite-driver-modernc into main and include the commit(s) and a clear PR description as described above.

This pull request was created as a result of the following prompt from Copilot chat.

Goal: Replace github.com/mattn/go-sqlite3 (CGO-based) with modernc.org/sqlite (pure-Go) to remove the need for a C toolchain and the runtime sqlite3 package, reducing image CVEs.

Required changes (apply to branch replace-sqlite-driver-modernc and open a PR to merge into main):

1. Update module and dependencies

• Edit config/atlas_go/go.mod:
  • Set go directive to 1.25
  • Replace require github.com/mattn/go-sqlite3 v1.14.17 with require modernc.org/sqlite at latest stable version. Use go get to populate correct module version and update go.sum.
• Run: cd config/atlas_go && go get modernc.org/sqlite@latest && go mod tidy && go mod download

2. Update Go imports

• Find where github.com/mattn/go-sqlite3 is imported (blank import) in the repo (commonly main.go or a db driver file). Replace blank import _ "github.com/mattn/go-sqlite3" with _ "modernc.org/sqlite".
• If code calls sql.Open("sqlite3", ...), update to sql.Open("sqlite", ...) or to the driver name required by modernc.org/sqlite per its documentation. Ensure DSN format is compatible (e.g., "file:/config/atlas.db?_foreign_keys=1").
• Ensure code builds and tests pass: run go build ./... and go test ./...

3. Update Dockerfile

• Remove the runtime apt package sqlite3 from the apt-get install line in the Dockerfile since the pure-Go driver does not require system sqlite libraries.
• Keep other necessary runtime packages.

4. Add minimal tests/verification

• Add a small build step or CI note in the PR description indicating the author ran go build and validated DB open/close operations locally.

5. Commit and push

• Commit changes to branch replace-sqlite-driver-modernc with a clear message: "Replace github.com/mattn/go-sqlite3 with modernc.org/sqlite (pure-Go)".
• Push branch and open a PR titled: "Replace github.com/mattn/go-sqlite3 with pure-Go modernc.org/sqlite" targeting main.
• PR body should explain rationale (remove CGO, reduce image CVEs), list changed files, include steps to reproduce locally (go get, go build), and request a reviewer.

Notes for the agent performing changes:

• Preserve existing code behavior; only change the import and DB driver name where necessary.
• If any code adjustment beyond the import is required to satisfy modernc.org/sqlite's API (e.g., DSN differences), make minimal, well-commented changes and include tests or run go vet.
• Update go.sum accordingly.

Create the PR from branch replace-sqlite-driver-modernc into main and include the commit(s) and a clear PR description as described above.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull Request Overview

This PR migrates the SQLite database driver from the CGO-based github.com/mattn/go-sqlite3 to the pure Go implementation modernc.org/sqlite. This eliminates the CGO dependency, simplifying builds and improving portability.

• Replaced all import statements from github.com/mattn/go-sqlite3 to modernc.org/sqlite
• Updated all sql.Open() calls to use driver name "sqlite" instead of "sqlite3"
• Removed the sqlite3 CLI tool from the Dockerfile as it's no longer needed for the Go driver

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
config/atlas_go/go.mod	Updated primary dependency from go-sqlite3 to modernc.org/sqlite with transitive dependencies
config/atlas_go/go.sum	Updated checksums reflecting the new driver and its dependencies
config/atlas_go/internal/scan/fastscan.go	Changed import and driver name in two sql.Open() calls
config/atlas_go/internal/scan/docker_scan.go	Changed import and driver name in sql.Open() call
config/atlas_go/internal/scan/deep_scan.go	Changed import and driver name in sql.Open() call
config/atlas_go/internal/db/setup.go	Changed import and driver name in sql.Open() call
Dockerfile	Removed sqlite3 CLI tool from apt-get install list

[Copilot]

The removal of sqlite3 CLI tool may impact debugging workflows. The documentation in .github/copilot-instructions.md and MIGRATION_GUIDE.md still references using sqlite3 /config/db/atlas.db for inspecting the database. Consider updating those documentation files to use an alternative method (e.g., mounting a volume and using sqlite3 from the host, or installing a SQLite CLI tool separately) or add a note that the sqlite3 CLI is no longer available in the container.

Suggested change

	nginx iputils-ping traceroute nmap net-tools curl jq ca-certificates nbtscan docker.io && \
	nginx iputils-ping traceroute nmap net-tools curl jq ca-certificates nbtscan docker.io sqlite3 && \