feat(contrib/trivy) fill image info into scan results (future-architect#1475)

sadayuki-matsuno · web-flow · commit 2aca2e4352ce · 2022-06-08T17:00:32.000+09:00
* feat(contrib/trivy) fill image info into scan results

* fix match size

* fix match size
diff --git a/contrib/trivy/parser/v2/parser.go b/contrib/trivy/parser/v2/parser.go
@@ -2,6 +2,7 @@ package v2
 
 import (
 	"encoding/json"
+	"fmt"
 	"regexp"
 	"time"
 
@@ -35,16 +36,32 @@ func (p ParserV2) Parse(vulnJSON []byte) (result *models.ScanResult, err error)
 	return scanResult, nil
 }
 
-var dockerTagPattern = regexp.MustCompile(`:.+$`)
+var dockerTagPattern = regexp.MustCompile(`^(.*):(.*)$`)
 
 func setScanResultMeta(scanResult *models.ScanResult, report *types.Report) error {
 	if len(report.Results) == 0 {
 		return xerrors.Errorf("scanned images or libraries are not supported by Trivy. see https://aquasecurity.github.io/trivy/dev/vulnerability/detection/os/, https://aquasecurity.github.io/trivy/dev/vulnerability/detection/language/")
 	}
 
 	scanResult.ServerName = report.ArtifactName
-	if report.ArtifactType == "container_image" && !dockerTagPattern.MatchString(scanResult.ServerName) {
-		scanResult.ServerName += ":latest" // Complement if the tag is omitted
+	if report.ArtifactType == "container_image" {
+		matches := dockerTagPattern.FindStringSubmatch(report.ArtifactName)
+		var imageName, imageTag string
+		if 2 < len(matches) {
+			// including the image tag
+			imageName = matches[1]
+			imageTag = matches[2]
+		} else {
+			// no image tag
+			imageName = report.ArtifactName
+			imageTag = "latest" // Complement if the tag is omitted
+		}
+		scanResult.ServerName = fmt.Sprintf("%s:%s", imageName, imageTag)
+		if scanResult.Optional == nil {
+			scanResult.Optional = map[string]interface{}{}
+		}
+		scanResult.Optional["TRIVY_IMAGE_NAME"] = imageName
+		scanResult.Optional["TRIVY_IMAGE_TAG"] = imageTag
 	}
 
 	if report.Metadata.OS != nil {
diff --git a/contrib/trivy/parser/v2/parser_test.go b/contrib/trivy/parser/v2/parser_test.go
@@ -263,7 +263,10 @@ var redisSR = &models.ScanResult{
 			BinaryNames: []string{"bsdutils", "pkgA"},
 		},
 	},
-	Optional: nil,
+	Optional: map[string]interface{}{
+		"TRIVY_IMAGE_NAME": "redis",
+		"TRIVY_IMAGE_TAG":  "latest",
+	},
 }
 
 var strutsTrivy = []byte(`
@@ -718,7 +721,10 @@ var osAndLibSR = &models.ScanResult{
 			BinaryNames: []string{"libgnutls30"},
 		},
 	},
-	Optional: nil,
+	Optional: map[string]interface{}{
+		"TRIVY_IMAGE_NAME": "quay.io/fluentd_elasticsearch/fluentd",
+		"TRIVY_IMAGE_TAG":  "v2.9.0",
+	},
 }
 
 func TestParseError(t *testing.T) {
