Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
2 contributors

Users who have contributed to this file

@DanSanche @Katee
64 lines (53 sloc) 2.03 KB
// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
// [START containeranalysis_filter_vulnerability_occurrences]
import (
"context"
"fmt"
containeranalysis "cloud.google.com/go/containeranalysis/apiv1"
"google.golang.org/api/iterator"
grafeaspb "google.golang.org/genproto/googleapis/grafeas/v1"
)
// findHighSeverityVulnerabilitiesForImage retrieves a list of only high vulnerability occurrences associated with a resource.
func findHighSeverityVulnerabilitiesForImage(resourceURL, projectID string) ([]*grafeaspb.Occurrence, error) {
// resourceURL := fmt.Sprintf("https://gcr.io/my-project/my-image")
ctx := context.Background()
client, err := containeranalysis.NewClient(ctx)
if err != nil {
return nil, fmt.Errorf("NewClient: %v", err)
}
defer client.Close()
req := &grafeaspb.ListOccurrencesRequest{
Parent: fmt.Sprintf("projects/%s", projectID),
Filter: fmt.Sprintf("resourceUrl = %q kind = %q", resourceURL, "VULNERABILITY"),
}
var occurrenceList []*grafeaspb.Occurrence
it := client.GetGrafeasClient().ListOccurrences(ctx, req)
for {
occ, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
return nil, fmt.Errorf("occurrence iteration error: %v", err)
}
severityLevel := occ.GetVulnerability().GetSeverity()
if severityLevel == grafeaspb.Severity_HIGH || severityLevel == grafeaspb.Severity_CRITICAL {
occurrenceList = append(occurrenceList, occ)
}
}
return occurrenceList, nil
}
// [END containeranalysis_filter_vulnerability_occurrences]
You can’t perform that action at this time.