Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial scanner families support #10

Merged
merged 9 commits into from
Dec 1, 2022
Merged

Initial scanner families support #10

merged 9 commits into from
Dec 1, 2022

Conversation

FrimIdan
Copy link
Member

@FrimIdan FrimIdan commented Nov 22, 2022
edited

Added initial scanner families support
Implemented vulnerabilities and sbom families logic
Implemented a temporary CLI run to simulate the run based on the .families.yaml config file

Pending openclarity/kubeclarity#263 for the job factory support

CLI example run

$ make cli && ./cli/bin/vmclarity --config .families.yaml --output results.txt
Building CLI ...
total 394552
-rwxr-xr-x  1 idanf  staff  191143184 Nov 27 13:13 vmclarity
INFO[0000] init config
INFO[0000] Using config file (.families.yaml): &{SBOM:{Enabled:true AnalyzersList:[syft gomod] Inputs:[{Input:node:slim InputType:image}] MergeWith:[{SbomPath:nginx.11.cdx.json}] AnalyzersConfig:{Registry:{SkipVerifyTLS:false UseHTTP:false Auths:[{Authority:authority Username:username Password:password Token:token}]} Analyzer:{OutputFormat:cyclonedx-json AnalyzerList:[] Scope:Squashed TrivyConfig:{Timeout:300}} Scanner:{ScannersList:[] GrypeConfig:{LocalGrypeConfig:{UpdateDB:false DBRootDir: ListingURL: Scope:} RemoteGrypeConfig:{GrypeServerAddress: GrypeServerTimeout:0s} Mode:} DependencyTrackConfig:{APIKey: Host: ProjectName: ProjectVersion: ShouldDeleteProject:false DisableTLS:false InsecureSkipVerify:false FetchVulnerabilitiesRetryCount:0 FetchVulnerabilitiesRetrySleep:0s}} LocalImageScan:false}} Vulnerabilities:{Enabled:true ScannersList:[grype] Inputs:[{Input:nginx:1.12 InputType:image}] InputFromSbom:true ScannersConfig:{Registry:{SkipVerifyTLS:false UseHTTP:false Auths:[{Authority:authority Username:username Password:password Token:token}]} Analyzer:{OutputFormat: AnalyzerList:[] Scope: TrivyConfig:{Timeout:0}} Scanner:{ScannersList:[] GrypeConfig:{LocalGrypeConfig:{UpdateDB:true DBRootDir:/tmp/ ListingURL:https://toolbox-data.anchore.io/grype/databases/listing.json Scope:squashed} RemoteGrypeConfig:{GrypeServerAddress: GrypeServerTimeout:2m0s} Mode:LOCAL} DependencyTrackConfig:{APIKey: Host: ProjectName: ProjectVersion: ShouldDeleteProject:false DisableTLS:false InsecureSkipVerify:false FetchVulnerabilitiesRetryCount:0 FetchVulnerabilitiesRetrySleep:0s}} LocalImageScan:false}} Secrets:{Enabled:true ScannersList:[gitleaks] Inputs:[{Input:/dir InputType:dir} {Input:/rootfs InputType:rootfs}]} Rootkits:{Enabled:false} Malware:{Enabled:false} Misconfiguration:{Enabled:false} Exploits:{Enabled:false}}
INFO[0000] Running...                                    app=vmclarity
INFO[0000] SBOM Run...                                   app=vmclarity family=sbom
INFO[0000] Skip generating hash in the case of image
INFO[0000] Called syft analyzer on source registry:node:slim  analyzer=syft app=vmclarity family=sbom
INFO[0045] Skipping analyze unsupported source type: image  analyzer=gomod app=vmclarity family=sbom
INFO[0045] Got result for job "gomod"                    app=vmclarity family=sbom
INFO[0047] Sending successful results                    analyzer=syft app=vmclarity family=sbom
INFO[0047] Got result for job "syft"                     app=vmclarity family=sbom
INFO[0047] Merging result from "gomod"                   app=vmclarity family=sbom
INFO[0047] Merging result from "syft"                    app=vmclarity family=sbom
INFO[0047] Merging result from "nginx.11.cdx.json"       app=vmclarity family=sbom
INFO[0047] SBOM Done...                                  app=vmclarity family=sbom
INFO[0047] Vulnerabilities Run...                        app=vmclarity family=vulnerabilities
INFO[0047] Using input from SBOM results                 app=vmclarity family=vulnerabilities
INFO[0047] Loading DB. update=true                       app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0048] Gathering packages for source registry:nginx:1.12  app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0076] Found 469 vulnerabilities                     app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0076] Sending successful results                    app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0076] Got result for job "grype"                    app=vmclarity family=vulnerabilities
INFO[0076] Merging result from "grype"                   app=vmclarity family=vulnerabilities
INFO[0076] Loading DB. update=true                       app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0077] Gathering packages for source sbom:/tmp/sbom  app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0077] Found 1382 vulnerabilities                    app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0078] Sending successful results                    app=vmclarity family=vulnerabilities mode=local scanner=grype
INFO[0078] Got result for job "grype"                    app=vmclarity family=vulnerabilities
INFO[0078] Merging result from "grype"                   app=vmclarity family=vulnerabilities
INFO[0078] Vulnerabilities Done...                       app=vmclarity family=vulnerabilities
INFO[0078] Secrets Run...                                app=vmclarity family=secrets
INFO[0078] Secrets Done...                               app=vmclarity family=secrets
INFO[0078] Writing results to sbom.results.txt...        app=vmclarity
INFO[0078] Writing results to vulnerabilities.results.txt...  app=vmclarity

@FrimIdan FrimIdan changed the title initial scanner families support [Draft] initial scanner families support Nov 22, 2022
@FrimIdan FrimIdan changed the title [Draft] initial scanner families support Initial scanner families support Nov 27, 2022
@FrimIdan FrimIdan self-assigned this Nov 27, 2022
ghost
ghost suggested changes Nov 29, 2022
View reviewed changes
shared/pkg/families/manager.go Outdated Show resolved Hide resolved
shared/pkg/families/misconfiguration/config.go Show resolved Hide resolved
shared/pkg/families/results.go Outdated Show resolved Hide resolved
@FrimIdan FrimIdan requested a review from a user December 1, 2022 08:48
ghost
ghost reviewed Dec 1, 2022
View reviewed changes
shared/pkg/families/sbom/family.go Show resolved Hide resolved
shared/pkg/families/sbom/result.go Show resolved Hide resolved
shared/pkg/families/manager.go Show resolved Hide resolved
shared/pkg/families/misconfiguration/config.go Show resolved Hide resolved
@FrimIdan FrimIdan requested review from a user December 1, 2022 14:53
@FrimIdan FrimIdan merged commit e8dd500 into main Dec 1, 2022
@FrimIdan FrimIdan deleted the scanner-families branch December 1, 2022 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akpsgit akpsgit akpsgit left review comments

Assignees

@FrimIdan FrimIdan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@FrimIdan @akpsgit