Update for review comments

aquasecurity · May 5, 2021 · 03b8ef7 · 03b8ef7
1 parent 04dfa8a
commit 03b8ef7
Show file tree

Hide file tree

Showing 4 changed files with 417 additions and 28 deletions.
diff --git a/pkg/plugin/trivy/plugin.go b/pkg/plugin/trivy/plugin.go
@@ -41,7 +41,7 @@ type Config interface {
 	GetTrivyImageRef() (string, error)
 	GetTrivyMode() (starboard.TrivyMode, error)
 	GetTrivyServerURL() (string, error)
-	GetTrivyInsecureRegistries() []string
+	GetTrivyInsecureRegistries() map[string]bool
 }
 
 // NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an
@@ -273,20 +273,10 @@ func (s *scanner) getPodSpecForStandaloneMode(spec corev1.PodSpec, credentials m
 			})
 		}
 
-		ref, err := name.ParseReference(c.Image)
+		env, err = s.appendTrivyInsecureEnv(c.Image, env)
 		if err != nil {
 			return corev1.PodSpec{}, nil, err
 		}
-		insecureRegistries := s.config.GetTrivyInsecureRegistries()
-		for _, insecureRegistry := range insecureRegistries {
-			if ref.Context().RegistryStr() == insecureRegistry {
-				env = append(env, corev1.EnvVar{
-					Name:  "TRIVY_INSECURE",
-					Value: "true",
-				})
-				break
-			}
-		}
 
 		containers = append(containers, corev1.Container{
 			Name:                     c.Name,
@@ -495,20 +485,10 @@ func (s *scanner) getPodSpecForClientServerMode(spec corev1.PodSpec, credentials
 			})
 		}
 
-		ref, err := name.ParseReference(container.Image)
+		env, err = s.appendTrivyInsecureEnv(container.Image, env)
 		if err != nil {
 			return corev1.PodSpec{}, nil, err
 		}
-		insecureRegistries := s.config.GetTrivyInsecureRegistries()
-		for _, insecureRegistry := range insecureRegistries {
-			if ref.Context().RegistryStr() == insecureRegistry {
-				env = append(env, corev1.EnvVar{
-					Name:  "TRIVY_INSECURE",
-					Value: "true",
-				})
-				break
-			}
-		}
 
 		containers = append(containers, corev1.Container{
 			Name:                     container.Name,
@@ -546,3 +526,20 @@ func (s *scanner) ParseVulnerabilityScanResult(imageRef string, logsReader io.Re
 	}
 	return result, nil
 }
+
+func (s *scanner) appendTrivyInsecureEnv(image string, env []corev1.EnvVar) ([]corev1.EnvVar, error) {
+	ref, err := name.ParseReference(image)
+	if err != nil {
+		return nil, err
+	}
+
+	insecureRegistries := s.config.GetTrivyInsecureRegistries()
+	if insecureRegistries[ref.Context().RegistryStr()] {
+		env = append(env, corev1.EnvVar{
+			Name:  "TRIVY_INSECURE",
+			Value: "true",
+		})
+	}
+
+	return env, nil
+}