Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(trivy): Add dbRepository flag to get advisory database from OCI registry #1064

Merged
merged 13 commits into from
Apr 8, 2022

Conversation

ksashikumar
Copy link
Contributor

@ksashikumar ksashikumar commented Mar 23, 2022

This PR adds --db-repository flag to trivy plugin and helm config. The flag is introduced in aquasecurity/trivy#1873

Related issue in GitLab: #350232

@CLAassistant
Copy link

CLAassistant commented Mar 23, 2022

CLA assistant check
All committers have signed the CLA.

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@ksashikumar ksashikumar marked this pull request as ready for review March 24, 2022 17:23
@ksashikumar
Copy link
Contributor Author

@knqyf263 Could you please review this dependent PR also? Thanks 🙂

@codecov
Copy link

codecov bot commented Mar 25, 2022

Codecov Report

Merging #1064 (942fc57) into main (369589a) will decrease coverage by 0.03%.
The diff coverage is 62.50%.

@@            Coverage Diff             @@
##             main    #1064      +/-   ##
==========================================
- Coverage   58.00%   57.96%   -0.04%     
==========================================
  Files          71       71              
  Lines        9290     9305      +15     
==========================================
+ Hits         5389     5394       +5     
- Misses       3354     3361       +7     
- Partials      547      550       +3     
Impacted Files Coverage Δ
itest/matcher/matcher.go 75.65% <ø> (ø)
pkg/plugin/trivy/plugin.go 81.02% <62.50%> (-0.29%) ⬇️
pkg/operator/controller/ciskubebenchreport.go 50.99% <0.00%> (-3.59%) ⬇️
pkg/vulnerabilityreport/controller.go 57.31% <0.00%> (+1.52%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 369589a...942fc57. Read the comment docs.

pkg/plugin/trivy/plugin.go Outdated Show resolved Hide resolved
pkg/plugin/trivy/plugin.go Outdated Show resolved Hide resolved
pkg/plugin/trivy/plugin.go Outdated Show resolved Hide resolved
@ksashikumar ksashikumar requested a review from chen-keinan March 28, 2022 17:17
@chen-keinan chen-keinan added this to the Release v0.16.0 milestone Mar 29, 2022
@chen-keinan chen-keinan added the 🔦 plugin/trivy This issue is related to Trivy vulnerability scanner label Mar 29, 2022
@danielpacak danielpacak self-requested a review March 31, 2022 20:10
@ksashikumar
Copy link
Contributor Author

@chen-keinan Thanks for the comments, I've addressed them 🙂 Could you please take an another look?

@chen-keinan
Copy link
Contributor

@chen-keinan Thanks for the comments, I've addressed them 🙂 Could you please take an another look?

Thank you for the update; LGTM!!

@knqyf263
Copy link
Contributor

knqyf263 commented Apr 5, 2022

Note that Trivy added --db-repository in v0.25.1, but it had a critical bug. Please use v0.25.2 or greater.

@chen-keinan
Copy link
Contributor

chen-keinan commented Apr 5, 2022

@ksashikumar this PR should also include the trivy version change from : trivy:0.24.2 to trivy:0.25.2 (the version that support --db-repository flag) Its used in various places in the code:
example: values.yaml , starboard.yaml etc. (test files)

@ksashikumar
Copy link
Contributor Author

@ksashikumar this PR should also include the trivy version change from : trivy:0.24.2 to trivy:0.25.2 (the version that support --db-repository flag) Its used in various places in the code: example: values.yaml , starboard.yaml etc. (test files)

@chen-keinan Thanks for that! I've updated the version in the files. Could you please take another look?

@chen-keinan
Copy link
Contributor

chen-keinan commented Apr 6, 2022

@ksashikumar thank you for this effort;
It is also required to update trivy version on itest--> matcher.go and matcher_test.go
I think this is the cause for the Integration tests --> Run integration tests / Starboard CLI to fail

@ksashikumar
Copy link
Contributor Author

@ksashikumar thank you for this effort; need also to update trivy version on itest--> matcher.go and matcher_test.go I think this is the cause for the Integration tests --> Run integration tests / Starboard CLI to fail

@chen-keinan Oops, I missed that. Thanks for letting me know. I've fixed that 👍

Copy link
Contributor

@danielpacak danielpacak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've just run the code in my cluster, following the contributing guide, and I'm getting the following errors:

{"level":"error","ts":1649332073.3865209,"logger":"controller.replicaset","msg":"Reconciler error","reconciler group":"apps","reconciler kind":"ReplicaSet","name":"local-path-provisioner-5ddd94ff66","namespace":"local-path-storage","error":"constructing scan job: property trivy.dbRepository not set","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/Users/dpacak/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.2/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/Users/dpacak/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.2/pkg/internal/controller/controller.go:227"}

Please check my comments to see why it may happen. This should also fix integration tests run in the CI workflow.

deploy/static/starboard.yaml Show resolved Hide resolved
docs/vulnerability-scanning/trivy.md Show resolved Hide resolved
pkg/plugin/trivy/plugin_test.go Show resolved Hide resolved
@danielpacak danielpacak merged commit 7d53816 into aquasecurity:main Apr 8, 2022
@ksashikumar ksashikumar deleted the sk/add-db-repository branch April 8, 2022 15:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🔦 plugin/trivy This issue is related to Trivy vulnerability scanner
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants