From 00d9c4666fd4d7e3c1f61f72704db893b334b5af Mon Sep 17 00:00:00 2001 From: Alexandr Hacicheant Date: Thu, 5 Oct 2023 11:16:50 +0300 Subject: [PATCH] feat: added `Metadata` into the k8s resource's scan report (#5322) --- pkg/k8s/report/report.go | 10 +++++---- pkg/k8s/report/report_test.go | 40 +++++++++++++++++++++++++++++++++++ pkg/k8s/scanner/scanner.go | 5 ++++- 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/pkg/k8s/report/report.go b/pkg/k8s/report/report.go index 97784edf6a7..ca2e33cb39d 100644 --- a/pkg/k8s/report/report.go +++ b/pkg/k8s/report/report.go @@ -56,10 +56,9 @@ type Resource struct { Namespace string `json:",omitempty"` Kind string Name string - // TODO(josedonizetti): should add metadata? per report? per Result? - // Metadata Metadata `json:",omitempty"` - Results types.Results `json:",omitempty"` - Error string `json:",omitempty"` + Metadata types.Metadata `json:",omitempty"` + Results types.Results `json:",omitempty"` + Error string `json:",omitempty"` // original report Report types.Report `json:"-"` @@ -103,6 +102,7 @@ func (r Report) consolidate() ConsolidatedReport { Namespace: res.Namespace, Kind: res.Kind, Name: res.Name, + Metadata: res.Metadata, Results: append(res.Results, v.Results...), Error: res.Error, } @@ -237,6 +237,7 @@ func CreateResource(artifact *artifacts.Artifact, report types.Report, err error Namespace: artifact.Namespace, Kind: artifact.Kind, Name: artifact.Name, + Metadata: report.Metadata, Results: results, Report: report, } @@ -299,6 +300,7 @@ func copyResource(r Resource) Resource { Namespace: r.Namespace, Kind: r.Kind, Name: r.Name, + Metadata: r.Metadata, Error: r.Error, Report: r.Report, } diff --git a/pkg/k8s/report/report_test.go b/pkg/k8s/report/report_test.go index 34a79d6e327..b2b99804c62 100644 --- a/pkg/k8s/report/report_test.go +++ b/pkg/k8s/report/report_test.go @@ -15,6 +15,14 @@ var ( Namespace: "default", Kind: "Deploy", Name: "orion", + Metadata: types.Metadata{ + RepoTags: []string{ + "alpine:3.14", + }, + RepoDigests: []string{ + "alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260", + }, + }, Results: types.Results{ { Misconfigurations: []types.DetectedMisconfiguration{ @@ -62,6 +70,14 @@ var ( Namespace: "default", Kind: "Deploy", Name: "orion", + Metadata: types.Metadata{ + RepoTags: []string{ + "alpine:3.14", + }, + RepoDigests: []string{ + "alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260", + }, + }, Results: types.Results{ { Vulnerabilities: []types.DetectedVulnerability{ @@ -102,6 +118,14 @@ var ( Namespace: "default", Kind: "Deploy", Name: "orion", + Metadata: types.Metadata{ + RepoTags: []string{ + "alpine:3.14", + }, + RepoDigests: []string{ + "alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260", + }, + }, Results: types.Results{ { Misconfigurations: []types.DetectedMisconfiguration{ @@ -181,6 +205,14 @@ var ( Namespace: "default", Kind: "Cronjob", Name: "hello", + Metadata: types.Metadata{ + RepoTags: []string{ + "alpine:3.14", + }, + RepoDigests: []string{ + "alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260", + }, + }, Results: types.Results{ {Vulnerabilities: []types.DetectedVulnerability{{VulnerabilityID: "CVE-2020-9999"}}}, }, @@ -190,6 +222,14 @@ var ( Namespace: "default", Kind: "Pod", Name: "prometheus", + Metadata: types.Metadata{ + RepoTags: []string{ + "alpine:3.14", + }, + RepoDigests: []string{ + "alpine:3.14@sha256:8fe1727132b2506c17ba0e1f6a6ed8a016bb1f5735e43b2738cd3fd1979b6260", + }, + }, Results: types.Results{ {Misconfigurations: []types.DetectedMisconfiguration{{ID: "ID100"}}}, }, diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index f0434941997..30796af2d48 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -122,7 +122,10 @@ func (s *Scanner) Scan(ctx context.Context, artifactsData []*artifacts.Artifact) onResult := func(result scanResult) error { resources = append(resources, result.vulns...) - resources = append(resources, result.misconfig) + // don't add empty misconfig results to resources slice to avoid an empty resource + if result.misconfig.Results != nil { + resources = append(resources, result.misconfig) + } return nil }