feat(kics): make reportFormats param configurable

Signed-off-by: Bence Csati <bcsati@cisco.com>
openclarity · Jul 5, 2024 · b2cac25 · b2cac25
1 parent 95d7820
commit b2cac25
Show file tree

Hide file tree

Showing 7 changed files with 259 additions and 60 deletions.
diff --git a/e2e/kics_output_test.go b/e2e/kics_output_test.go
@@ -0,0 +1,92 @@
+// Copyright © 2024 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package e2e
+
+import (
+	"path/filepath"
+	"reflect"
+
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+	"github.com/openclarity/vmclarity/scanner/families"
+	"github.com/openclarity/vmclarity/scanner/families/plugins"
+	"github.com/openclarity/vmclarity/scanner/families/plugins/common"
+	"github.com/openclarity/vmclarity/scanner/families/plugins/runner/config"
+	"github.com/openclarity/vmclarity/scanner/families/types"
+	"github.com/openclarity/vmclarity/scanner/utils"
+)
+
+var _ = ginkgo.Describe("Running a KICS scan", func() {
+	ginkgo.Context("which scans an openapi.yaml file and has report-formats set to sarif", func() {
+		ginkgo.It("should finish successfully, and output both JSON and Sarif format as well as VMClarity output", func(ctx ginkgo.SpecContext) {
+			if cfg.TestEnvConfig.Images.PluginKics == "" {
+				ginkgo.Skip("KICS plugin image not provided")
+			}
+
+			input, err := filepath.Abs("./testdata")
+			gomega.Expect(err).NotTo(gomega.HaveOccurred())
+			notifier := &Notifier{}
+
+			errs := families.New(&families.Config{
+				Plugins: plugins.Config{
+					Enabled:      true,
+					ScannersList: []string{scannerPluginName},
+					Inputs: []types.Input{
+						{
+							Input:     input,
+							InputType: string(utils.ROOTFS),
+						},
+					},
+					ScannersConfig: &common.ScannersConfig{
+						scannerPluginName: config.Config{
+							Name:          scannerPluginName,
+							ImageName:     cfg.TestEnvConfig.Images.PluginKics,
+							InputDir:      "",
+							ScannerConfig: "{\"report-formats\": [\"sarif\"]}",
+						},
+					},
+				},
+			}).Run(ctx, notifier)
+			gomega.Expect(errs).To(gomega.BeEmpty())
+
+			gomega.Eventually(func() bool {
+				results := notifier.Results[0].Result.(*plugins.Results).PluginOutputs[scannerPluginName] // nolint:forcetypeassert
+
+				isEmptyFuncs := []func() bool{
+					func() bool { return isEmpty(results.RawJSON) },
+					func() bool { return isEmpty(results.RawSarif) },
+					func() bool { return isEmpty(results.Vmclarity) },
+				}
+
+				for _, f := range isEmptyFuncs {
+					if f() {
+						return false
+					}
+				}
+
+				return true
+			}, DefaultTimeout, DefaultPeriod).Should(gomega.BeTrue())
+		})
+	})
+})
+
+func isEmpty(x interface{}) bool {
+	if x == nil {
+		return true
+	}
+
+	return reflect.DeepEqual(x, reflect.Zero(reflect.TypeOf(x)).Interface())
+}
diff --git a/plugins/README.md b/plugins/README.md
@@ -7,20 +7,22 @@ Project structure:
 - **sdk-*** - Language-specific libraries, templates, and examples to aid with the implementation of scanner plugins.
 - **store** - Collection of available plugins that can be directly used in VMClarity.
 
-### Requirements
+## Requirements
 
 Scanner plugins are distributed as containers and require [**Docker Engine**](https://docs.docker.com/engine/) on the host that runs the actual scanning via
 VMClarity CLI to work.
 
 ## Support
 
 ✅ List of supported environments:
+
 1. AWS
 2. GCP
 3. Azure
 4. Docker
 
 ❌ List of unsupported environments:
+
 - _Kubernetes_ - We plan on adding plugin support to Kubernetes once we have dealt with all the security considerations.
 
 _Note:_ Plugin support has been tested against [VMClarity installation artifacts](../installation) for the given environments.
@@ -51,5 +53,6 @@ plugins:
 You can use one of available SDKs in your language of choice to quickly develop scanner plugins for VMClarity.
 
 ✅ List of supported languages:
+
 - [Golang](sdk-go)
 - [Python](sdk-python)
diff --git a/plugins/openapi.yaml b/plugins/openapi.yaml
@@ -223,6 +223,11 @@ components:
           # Required.
           type: null
           description: Defines scan result data that is not consumed by VMClarity API.
+        rawSarif:
+          # Specifies raw scan result data in SARIF format.
+          # Optional.
+          type: null
+          description: Defines scan result data in that is not consumed by the VMClarity API.
 
     VMClarityData:
       type: object

diff --git a/plugins/sdk-go/internal/plugin/plugin.gen.go b/plugins/sdk-go/internal/plugin/plugin.gen.go
diff --git a/plugins/sdk-go/types/types.gen.go b/plugins/sdk-go/types/types.gen.go
diff --git a/plugins/sdk-python/plugin/models/result.py b/plugins/sdk-python/plugin/models/result.py
@@ -14,7 +14,7 @@ class Result(Model):
     Do not edit the class manually.
     """
 
-    def __init__(self, annotations=None, vmclarity=None, raw_json=None):  # noqa: E501
+    def __init__(self, annotations=None, vmclarity=None, raw_json=None, raw_sarif=None):  # noqa: E501
         """Result - a model defined in OpenAPI
 
         :param annotations: The annotations of this Result.  # noqa: E501
@@ -23,22 +23,27 @@ def __init__(self, annotations=None, vmclarity=None, raw_json=None):  # noqa: E5
         :type vmclarity: VMClarityData
         :param raw_json: The raw_json of this Result.  # noqa: E501
         :type raw_json: object
+        :param raw_sarif: The raw_sarif of this Result.  # noqa: E501
+        :type raw_sarif: object
         """
         self.openapi_types = {
             'annotations': Dict[str, str],
             'vmclarity': VMClarityData,
-            'raw_json': object
+            'raw_json': object,
+            'raw_sarif': object
         }
 
         self.attribute_map = {
             'annotations': 'annotations',
             'vmclarity': 'vmclarity',
-            'raw_json': 'rawJSON'
+            'raw_json': 'rawJSON',
+            'raw_sarif': 'rawSarif'
         }
 
         self._annotations = annotations
         self._vmclarity = vmclarity
         self._raw_json = raw_json
+        self._raw_sarif = raw_sarif
 
     @classmethod
     def from_dict(cls, dikt) -> 'Result':
@@ -121,3 +126,26 @@ def raw_json(self, raw_json: object):
             raise ValueError("Invalid value for `raw_json`, must not be `None`")  # noqa: E501
 
         self._raw_json = raw_json
+
+    @property
+    def raw_sarif(self) -> object:
+        """Gets the raw_sarif of this Result.
+
+        Defines scan result data in that is not consumed by the VMClarity API.  # noqa: E501
+
+        :return: The raw_sarif of this Result.
+        :rtype: object
+        """
+        return self._raw_sarif
+
+    @raw_sarif.setter
+    def raw_sarif(self, raw_sarif: object):
+        """Sets the raw_sarif of this Result.
+
+        Defines scan result data in that is not consumed by the VMClarity API.  # noqa: E501
+
+        :param raw_sarif: The raw_sarif of this Result.
+        :type raw_sarif: object
+        """
+
+        self._raw_sarif = raw_sarif