Plumb scanner CLI into runtime scan job #31
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
changed the title
FrimIdan
reviewed
Jan 17, 2023
- Generates the families configuration for the scanner and passes it to the cloud-init - Passes the server endpoint and scan result ID to the scanner CLI in cloud-init - Updates the backend cloudformation to configure the scanner container image which is passed to the cloud-init
ghost
requested review from
FrimIdan and
akpsgit
and removed request for
FrimIdan
akpsgit
reviewed
Jan 18, 2023
| @@ -224,7 +235,20 @@ func (s *Scanner) runJob(ctx context.Context, data *scanData) (types.Job, error) | |||
| } | |||
| } | |||
|
|
|||
| launchInstance, err = s.providerClient.RunScanningJob(ctx, launchSnapshot, s.scanConfig) | |||
| volumeMountDirectory := "/vmToBeScanned" | |||
There was a problem hiding this comment.
Better to add a comment here. This is the path inside the docker that will run in the VM job where the snapshot is mapped to.
There was a problem hiding this comment.
its the directory chosen by the orchestrator where the job should mount the VM's volume so that the VMClarity CLI can find it
akpsgit
reviewed
Jan 18, 2023
akpsgit
reviewed
Jan 18, 2023
| @@ -233,6 +257,78 @@ func (s *Scanner) runJob(ctx context.Context, data *scanData) (types.Job, error) | |||
| return job, nil | |||
| } | |||
|
|
|||
| func (s *Scanner) getFamiliesConfigurationYaml(scanRootDirectory string) (string, error) { | |||
There was a problem hiding this comment.
maybe better to call it generateFamiliesConfigurationYaml?
akpsgit
reviewed
Jan 18, 2023
| } | ||
|
|
||
| func userSBOMConfigToFamiliesSbomConfig(sbomConfig *models.SBOMConfig, scanRootDirectory string) familiesSbom.Config { | ||
| if sbomConfig != nil && sbomConfig.Enabled != nil && !*sbomConfig.Enabled { |
There was a problem hiding this comment.
If the config is nil sbom will be enabled. not sure it's the required behaviour. I think that it's better to return an empty config in each of the checks or convert it to OR checks
akpsgit
reviewed
Jan 18, 2023
| } | ||
|
|
||
| func userVulnConfigToFamiliesVulnConfig(vulnerabilitiesConfig *models.VulnerabilitiesConfig) familiesVulnerabilities.Config { | ||
| if vulnerabilitiesConfig != nil && vulnerabilitiesConfig.Enabled != nil && !*vulnerabilitiesConfig.Enabled { |
akpsgit
reviewed
Jan 18, 2023
| // TODO(sambetts) The user needs to be able to provide this configuration | ||
| Registry: &kubeclarityConfig.Registry{}, | ||
| Scanner: &kubeclarityConfig.Scanner{ | ||
| GrypeConfig: kubeclarityConfig.GrypeConfig{ |
There was a problem hiding this comment.
Need to add a todo to run it in a remote mode and to run Grype server
FrimIdan
reviewed
Jan 18, 2023
FrimIdan
previously approved these changes
Jan 19, 2023
FrimIdan
reviewed
Jan 19, 2023
pbalogh-sa
approved these changes
Jan 20, 2023
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.