Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial support for image scanning #989

Merged
merged 9 commits into from
Aug 22, 2021
Merged

Initial support for image scanning #989

merged 9 commits into from
Aug 22, 2021

Conversation

Rchanger
Copy link
Contributor

@Rchanger Rchanger commented Aug 13, 2021
edited by cesar-rodriguez
Loading

Initial support for image scanning. closes #927

@codecov
Copy link

codecov bot commented Aug 13, 2021
edited
Loading

Codecov Report

Merging #989 (e02d445) into master (6ae1274) will decrease coverage by 0.17%.
The diff coverage is 77.77%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #989      +/-   ##
==========================================
- Coverage   78.63%   78.46%   -0.18%     
==========================================
  Files         225      231       +6     
  Lines        5781     6255     +474     
==========================================
+ Hits         4546     4908     +362     
- Misses        946     1045      +99     
- Partials      289      302      +13
Impacted Files Coverage Δ
pkg/iac-providers/output/types.go 100.00% <ø> (ø)
pkg/iac-providers/terraform/commons/resource.go 75.67% <ø> (ø)
pkg/results/types.go 100.00% <ø> (ø)
pkg/vulnerability/gcr.go 33.33% <33.33%> (ø)
pkg/k8s/admission-webhook/validating-webhook.go 83.44% <50.00%> (ø)
pkg/vulnerability/ecr.go 72.09% <72.09%> (ø)
pkg/vulnerability/acr.go 87.23% <87.23%> (ø)
pkg/http-server/file-scan.go 82.72% <94.73%> (+1.53%) ⬆️
pkg/vulnerability/vulnerability.go 95.65% <95.65%> (ø)
pkg/cli/run.go 87.65% <100.00%> (ø)
... and 16 more

@Rchanger Rchanger marked this pull request as ready for review August 16, 2021 12:41
patilpankaj212
patilpankaj212 reviewed Aug 17, 2021
View reviewed changes
pkg/cli/scan.go Outdated Show resolved Hide resolved
pkg/http-server/remote-repo.go Outdated Show resolved Hide resolved
pkg/iac-providers/output/vulnerability.go Outdated Show resolved Hide resolved
pkg/iac-providers/output/vulnerability.go Outdated Show resolved Hide resolved
pkg/runtime/executor.go Outdated Show resolved Hide resolved
pkg/iac-providers/output/types.go Show resolved Hide resolved
@Rchanger Rchanger force-pushed the sr_vulnerability_integration branch from cfa3ee8 to 5afbc5f Compare August 19, 2021 06:29
patilpankaj212
patilpankaj212 previously approved these changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@patilpankaj212 patilpankaj212 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !!

cesar-rodriguez
cesar-rodriguez suggested changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@cesar-rodriguez cesar-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please fix merge conflicts?

@Rchanger Rchanger force-pushed the sr_vulnerability_integration branch from 5afbc5f to 8ea1723 Compare August 19, 2021 17:09
cesar-rodriguez
cesar-rodriguez suggested changes Aug 20, 2021
View reviewed changes
Copy link
Contributor

@cesar-rodriguez cesar-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please update the readme and usage docs with instructions for the new --find-vuln flag?

@Rchanger
Copy link
Contributor Author

Can you please update the readme and usage docs with instructions for the new --find-vuln flag?

updated readme and usage docs

@Rchanger Rchanger force-pushed the sr_vulnerability_integration branch from 378b8ff to e02d445 Compare August 22, 2021 03:49
@sonarcloud
Copy link

sonarcloud bot commented Aug 22, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@cesar-rodriguez cesar-rodriguez merged commit 01184ad into tenable:master Aug 22, 2021
cesar-rodriguez pushed a commit to nasir-rabbani/terrascan that referenced this pull request Aug 22, 2021
@Rchanger
Initial support for image scanning (tenable#989)
f6d0605 
* inital support for image vulnerability scanning

* adds: flag for vul scanning and human readable output support

* Adds: unit test cases and code refactoring

* made vulnerability methods mockable

* adds: documentation for vulnerability scanning

* adds: support google artifact registry

* updates docs

* updates flag message

* fixes: tf file image extraction and e2e test

Co-authored-by: Cesar Rodriguez <cesar@accurics.com>
cesar-rodriguez pushed a commit that referenced this pull request Aug 22, 2021
@nasir-rabbani @Rchanger
added binary based support for kustomize v2 and v3 (#988)
a559f4b 
* added binary based support for kustomize v2 and v3

* updated sigs.k8s.io/kustomize/api to v0.8.11 and removed depricated uses

* updated go.sum

* updated doc, added kustomize install script

* removed code smells

* added copyright message

* Extract Docker images from Terraform templates (#937)

* extract container images from tf iac files

* increase kubernetes resource scan coverage

* using constants for common strings

* adds: extract image ref from tf file

* code nits: added comments and removed unwanted variables

* adds: extracting containers from aws and azure resources

* code nits: added new method for jsoncode type

Co-authored-by: Suvarna Rokade <suvarnarokade11@gmail.com>

* Initial support for image scanning (#989)

* inital support for image vulnerability scanning

* adds: flag for vul scanning and human readable output support

* Adds: unit test cases and code refactoring

* made vulnerability methods mockable

* adds: documentation for vulnerability scanning

* adds: support google artifact registry

* updates docs

* updates flag message

* fixes: tf file image extraction and e2e test

Co-authored-by: Cesar Rodriguez <cesar@accurics.com>

* merging go.sum

* updates docs

Co-authored-by: Devang Gaur <devang.gaur@accurics.com>
Co-authored-by: Suvarna Rokade <suvarnarokade11@gmail.com>
Co-authored-by: Cesar Rodriguez <cesar@accurics.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cesar-rodriguez cesar-rodriguez cesar-rodriguez approved these changes

@patilpankaj212 patilpankaj212 patilpankaj212 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Support For ECR
3 participants
@Rchanger @cesar-rodriguez @patilpankaj212