openclarity · csatib02 · Jun 6, 2024 · May 29, 2024 · May 30, 2024 · May 30, 2024
@@ -115,6 +115,9 @@ jobs:
         if: inputs.platform == 'kubernetes'
         uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
 
+      - name: Install btrfs
+        run: sudo apt-get install libbtrfs-dev -y
+
       - name: Run end to end tests
         env:
           VMCLARITY_E2E_APISERVER_IMAGE:  ${{ format('{0}:{1}', needs.images.outputs.apiserver-image, inputs.image_tag) }}
@@ -123,7 +126,7 @@ jobs:
           VMCLARITY_E2E_UIBACKEND_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.ui-backend-image, inputs.image_tag) }}
           VMCLARITY_E2E_SCANNER_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.cli-image, inputs.image_tag) }}
           VMCLARITY_E2E_CR_DISCOVERY_SERVER_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.cr-discovery-server-image, inputs.image_tag) }}
-          VMCLARITY_E2E_SCANNER_PLUGIN_KICS: ${{ format('{0}:{1}', needs.images.outputs.plugin-kics-image, inputs.image_tag) }}
+          VMCLARITY_E2E_PLUGIN_KICS_IMAGE: ${{ format('{0}:{1}', needs.images.outputs.plugin-kics-image, inputs.image_tag) }}
           VMCLARITY_E2E_PLATFORM: ${{ inputs.platform }}
         run: |
           if [[ "${{ inputs.platform }}" == "kubernetes" ]]; then

@@ -11,3 +11,4 @@ go.work*
 .licensei.cache
 vendor
 pyvenv.cfg
+/queries/
@@ -550,7 +550,7 @@ func (v *VMClarityPresenter) ExportPluginsResult(ctx context.Context, res famili
 				apitypes.ScannerStatusReasonSuccess,
 				nil,
 			)
-			assetScan.Plugins.FindingInfos = &pluginResults.Output
+			assetScan.Plugins.FindingInfos = &pluginResults.Findings
 			// TODO Total plugins should be split by type
 			assetScan.Summary.TotalPlugins = to.Ptr(pluginResults.GetTotal())
 			assetScan.Stats.Plugins = getInputScanStats(pluginResults.Metadata.InputScans)

@@ -0,0 +1,100 @@
+// Copyright © 2024 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package e2e
+
+import (
+	"context"
+	"path/filepath"
+
+	"github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+
+	"github.com/openclarity/vmclarity/scanner/families"
+	"github.com/openclarity/vmclarity/scanner/families/plugins"
+	"github.com/openclarity/vmclarity/scanner/families/plugins/common"
+	"github.com/openclarity/vmclarity/scanner/families/plugins/runner/config"
+	"github.com/openclarity/vmclarity/scanner/families/types"
+	"github.com/openclarity/vmclarity/scanner/utils"
+)
+
+const scannerPluginName = "kics"
+
+type Notifier struct {
+	Results []families.FamilyResult
+}
+
+func (n *Notifier) FamilyStarted(context.Context, types.FamilyType) error { return nil }
+
+func (n *Notifier) FamilyFinished(_ context.Context, res families.FamilyResult) error {
+	n.Results = append(n.Results, res)
+
+	return nil
+}
+
+var _ = ginkgo.Describe("Running KICS scan", func() {
+	ginkgo.Context("which scans an openapi.yaml file", func() {
+		ginkgo.It("should finish successfully", func(ctx ginkgo.SpecContext) {
+			if cfg.TestEnvConfig.Images.PluginKics == "" {
+				ginkgo.Skip("KICS plugin image not provided")
+			}
+
+			input, err := filepath.Abs("./testdata")
+			gomega.Expect(err).NotTo(gomega.HaveOccurred())
+			notifier := &Notifier{}
+
+			errs := families.New(&families.Config{
+				Plugins: plugins.Config{
+					Enabled:      true,
+					ScannersList: []string{scannerPluginName},
+					Inputs: []types.Input{
+						{
+							Input:     input,
+							InputType: string(utils.ROOTFS),
+						},
+					},
+					ScannersConfig: &common.ScannersConfig{
+						scannerPluginName: config.Config{
+							Name:          scannerPluginName,
+							ImageName:     cfg.TestEnvConfig.Images.PluginKics,
+							InputDir:      "",
+							ScannerConfig: "",
+						},
+					},
+				},
+			}).Run(ctx, notifier)
+			gomega.Expect(errs).To(gomega.BeEmpty())
+
+			gomega.Eventually(func() bool {
+				if len(notifier.Results) != 1 {
+					return false
+				}
+
+				results := notifier.Results[0].Result.(*plugins.Results)                             // nolint:forcetypeassert
+				rawData := results.PluginOutputs[scannerPluginName].RawJSON.(map[string]interface{}) // nolint:forcetypeassert
+
+				if rawData["total_counter"] != float64(23) {
+					return false
+				}
+
+				if len(results.Findings) != 23 {
+					return false
+				}
+
+				return true
+			}, DefaultTimeout, DefaultPeriod).Should(gomega.BeTrue())
+		})
+	})
+})
@@ -208,6 +208,7 @@ components:
       description: Describes data saved to a JSON file when a scan finishes successfully.
       required:
         - vmclarity
+        - rawJSON
       properties:
         annotations:
           # Can be used to attach some scan data consumable by third-party service.
@@ -217,6 +218,11 @@ components:
           # Specifies concrete scan result data that can be consumed by VMClarity API.
           # Required.
           $ref: '#/components/schemas/VMClarityData'
+        rawJSON:
+          # Specifies raw scan result data.
+          # Required.
+          type: null
+          description: Defines scan result data that is not consumed by VMClarity API.
 
     VMClarityData:
       type: object

@@ -14,26 +14,31 @@ class Result(Model):
     Do not edit the class manually.
     """
 
-    def __init__(self, annotations=None, vmclarity=None):  # noqa: E501
+    def __init__(self, annotations=None, vmclarity=None, raw_json=None):  # noqa: E501
         """Result - a model defined in OpenAPI
 
         :param annotations: The annotations of this Result.  # noqa: E501
         :type annotations: Dict[str, str]
         :param vmclarity: The vmclarity of this Result.  # noqa: E501
         :type vmclarity: VMClarityData
+        :param raw_json: The raw_json of this Result.  # noqa: E501
+        :type raw_json: object
         """
         self.openapi_types = {
             'annotations': Dict[str, str],
-            'vmclarity': VMClarityData
+            'vmclarity': VMClarityData,
+            'raw_json': object
         }
 
         self.attribute_map = {
             'annotations': 'annotations',
-            'vmclarity': 'vmclarity'
+            'vmclarity': 'vmclarity',
+            'raw_json': 'rawJSON'
         }
 
         self._annotations = annotations
         self._vmclarity = vmclarity
+        self._raw_json = raw_json
 
     @classmethod
     def from_dict(cls, dikt) -> 'Result':
@@ -91,3 +96,28 @@ def vmclarity(self, vmclarity: VMClarityData):
             raise ValueError("Invalid value for `vmclarity`, must not be `None`")  # noqa: E501
 
         self._vmclarity = vmclarity
+
+    @property
+    def raw_json(self) -> object:
+        """Gets the raw_json of this Result.
+
+        Defines scan result data that is not consumed by VMClarity API.  # noqa: E501
+
+        :return: The raw_json of this Result.
+        :rtype: object
+        """
+        return self._raw_json
+
+    @raw_json.setter
+    def raw_json(self, raw_json: object):
+        """Sets the raw_json of this Result.
+
+        Defines scan result data that is not consumed by VMClarity API.  # noqa: E501
+
+        :param raw_json: The raw_json of this Result.
+        :type raw_json: object
+        """
+        if raw_json is None:
+            raise ValueError("Invalid value for `raw_json`, must not be `None`")  # noqa: E501
+
+        self._raw_json = raw_json
@@ -204,6 +204,7 @@ func (s *Scanner) formatOutput(rawFile, outputFile string) error {
 		Vmclarity: types.VMClarityData{
 			Misconfigurations: &misconfigurations,
 		},
+		RawJSON: summary,
 	}
 	if err := result.Export(outputFile); err != nil {
 		return fmt.Errorf("failed to save KICS result: %w", err)

@@ -15,10 +15,14 @@
 
 package common
 
-import "github.com/openclarity/vmclarity/api/types"
+import (
+	"github.com/openclarity/vmclarity/api/types"
+	plugintypes "github.com/openclarity/vmclarity/plugins/sdk-go/types"
+)
 
 type Results struct {
-	Output       []types.FindingInfo
+	Findings     []types.FindingInfo
+	Output       *plugintypes.Result
 	ScannedInput string
 	ScannerName  string
 	Error        error

@@ -22,6 +22,7 @@ import (
 
 	apitypes "github.com/openclarity/vmclarity/api/types"
 	"github.com/openclarity/vmclarity/core/log"
+	plugintypes "github.com/openclarity/vmclarity/plugins/sdk-go/types"
 	"github.com/openclarity/vmclarity/scanner/families/interfaces"
 	"github.com/openclarity/vmclarity/scanner/families/plugins/common"
 	"github.com/openclarity/vmclarity/scanner/families/plugins/runner"
@@ -64,12 +65,15 @@ func (p *Plugins) Run(ctx context.Context, res *results.Results) (interfaces.IsR
 
 		// Merge results from all plugins into the same output
 		var mergedResults []apitypes.FindingInfo
+		mergedPluginResult := make(map[string]plugintypes.Result)
 		for name, result := range managerResults {
 			logger.Infof("Merging result from %q", name)
-			mergedResults = append(mergedResults, result.(*common.Results).Output...) //nolint:forcetypeassert
+			mergedResults = append(mergedResults, result.(*common.Results).Findings...) //nolint:forcetypeassert
+			mergedPluginResult[name] = *result.(*common.Results).Output                 //nolint:forcetypeassert
 		}
 
-		pluginsResults.Output = mergedResults
+		pluginsResults.Findings = mergedResults
+		pluginsResults.PluginOutputs = mergedPluginResult
 		pluginsResults.Metadata.InputScans = append(pluginsResults.Metadata.InputScans, types.CreateInputScanMetadata(startTime, endTime, inputSize, input))
 	}