Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Scan multiple files at once #341

Open
1 task done
danthegoodman1 opened this issue May 25, 2021 · 5 comments
Open
1 task done

Scan multiple files at once #341

danthegoodman1 opened this issue May 25, 2021 · 5 comments

Comments

@danthegoodman1
Copy link

ISSUE TYPE
  • Feature Idea

BUG REPORT

SUMMARY

It would be great if there was a way to pass multiple files to kubeaudit so that it could do many at once, specifically for the docker container

ENVIRONMENT
  • latest docker version

Proposal:

Being able to run a command like:
docker run -v $(pwd):/app shopify/kubeaudit all -f /app/*.y\*ml
would be sublime. The above command spits out:

time="2021-05-25T14:45:41Z" level=fatal msg="Error opening manifest file" error="open /app/*.y\\*ml): no such file or directory"

If I manually pass multiple files in with working paths that I've tested individually, it only scans the first file, all others are ignored.

@ghost
Copy link

ghost commented May 25, 2021

Thanks for opening your first issue here! Be sure to follow the issue template!

@dani-santos-code
Copy link
Contributor

dani-santos-code commented May 25, 2021

Thanks for your suggestion @danthegoodman1. The team will triage this issue in the next meeting. Also, feel free to open a PR if you have time/want to contribute! :)

@genevieveluyt
Copy link
Contributor

genevieveluyt commented Jun 15, 2021

Agreed that support for multiple files would be really awesome. We've thought about implementing this before but got kind of stuck choosing the right approach. We could either

  1. Include the filename in each result (in the metadata)
    Pro: This wouldn't change any exposed structures since the metadata where we would be adding the filename is just a map that can contain any data
    Con: Results from the same file wouldn't necessarily be grouped together
    Con: We would need to pass the filename around through a lot of the codebase, or modify results at the end by inserting the filename

  2. Run the audit (as it works currently) for each file in the provided glob / directory and group the results by filename
    Pro: Results from the same file would be grouped together
    Pro: This would require very little change to the code since it would happen at basically the entrypoint
    Con: This would be a breaking change for both the package and for any programs consuming the JSON output

We could potentially get around the the con for option 2 by

  1. Providing a new function in the package like AuditGlob that returns results in the new structure (eg. a map where the key is the filename and the value is an array of results)
  2. For the cli, if the param passed into -f is a file, produce results as they are today, or if it's a glob / directory, group results by filename. This might result in kind of confusing behaviour, so a separate flag for like group-by-filename might be better?

@nobletrout
Copy link
Contributor

a cheap solution is to use xargs, for example
ls *.yaml | xargs kubeaudit all -f

@MikeDevresse
Copy link

I've come up with this if someone need, it finds all files recursively. This might be useful for CI for example.
find ./ | grep .yaml | xargs -I{} -d'\n' kubeaudit all -f {}

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants