-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Effective scan configurations for asset scans #703
Comments
We have the user facing scan configuration in the ScanFamiliesConfig, this is (and should be) a sub-set of the possible vmclarity-scanner/cli configuration and can even have abstract concepts that the CLI will never know about. When the orchestrator runs a scan it is the provider that is responsible for creating the scan yaml config. If automount in the CLI is enabled this can modify the configuration further at run time. This "real" or "effective" configuration is what we want to push back to the API to see what the scanner/cli actually ran. Similarly when a user configures the CLI/scanner for CI/CD what they configured the CLI can't necessarily be converted directly back to the ScanFamiliesConfig, and probably shouldn't be because it wasn't an orchestrated flow, so in this case it'll also use this new field. The UI should be updated to display both the configured ScanFamiliesConfig and what the AssetScan ran using this new field and not the ScanFamiliesConfig. My only major concern with going this route is that it ties the scanning API objects to the vmclarity-cli configuration. Today there is no requirement for a provider to use the vmclarity-cli to scan the target system, as long as they can configure whatever they are scanning according to the user's ScanFamiliesConfig and export the results back in the correct format. I think we need to determine if we want the API to remain abstract and if so then the "Effective" configuration needs to be abstract too. |
After having an offline chat with @Tehsmash we come up with a solution which we think serve the purpose without expoding the API spec with The idea is to add a generic So in this case the actual I will create a separate issue for adding |
Problem Statement
It would be nice if the used scanner configurations were stored alongside with the asset scans.
With this feature, the config will be available in the case of the standalone mode.
Proposed Solution
Need to define a new object for the effective scanner config (e.g. EffectiveScannerConfig). This object should be a part of AssetScan.
Alternatives Considered
We can extend the
ScanFamiliesConfig
that part of theAssetScanTemplate
And instead of:
Use this
In this case we have to patch the
ScanFamiliesConfig
with the effective configurations.The text was updated successfully, but these errors were encountered: