Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add virtual machine scan command #2910

Merged
merged 116 commits into from Nov 27, 2022
Merged

feat: add virtual machine scan command #2910

merged 116 commits into from Nov 27, 2022

Conversation

masahiro331
Copy link
Collaborator

@masahiro331 masahiro331 commented Sep 19, 2022
edited by knqyf263

Description

Add new scanner for virtual machine image.

$ trivy vm 

Scan a virtual machine image

Usage:
  trivy vm [flags] VM_IMAGE

Examples:
  # Scan your AWS AMI
  $ trivy vm ami:${your_ami_id}

  # Scan your AWS EBS snapshot
  $ trivy vm ebs:${your_ebs_snapshot_id}

Architecture

スクリーンショット 2022-10-01 16 59 52

Support Filesystem

  • XFS
  • EXT4
  • others....

Support Virtual Machine Image

  • Raw Image
  • VMDK
  • VHD
  • VHDX
  • qcow2
  • others...

Support partition disk driver

  • Master boot record
  • GUID partition table
  • Extended Master boot record

Support LVM

  • lvm

Issue

Add parse libraries

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@masahiro331 masahiro331 changed the title feat(vm): add virtual machine scan feat: add virtual machine scan command Sep 19, 2022
@knqyf263
Copy link
Collaborator

knqyf263 commented Nov 25, 2022
edited

AMI scanning (EBS snapshot)

AMI ID AMI name Status Note
ami-0c0000ceb18c73b8a Red Hat Enterprise Linux 9
ami-06220be3176081cf0 Red Hat Enterprise Linux (RHEL) 7 (HVM)
ami-076309742d466ad69 Amazon Linux 2 AMI (HVM) - Kernel 5.10
ami-034a7d2833172671e Amazon Linux 2 AMI (HVM) - Kernel 4.14
ami-0caef02b518350c8b Ubuntu Server 22.04 LTS
ami-06148e0e81e5187c8 Ubuntu Server 20.04 LTS
ami-0a5b5c0ea66ec560d Debian 11
ami-0b4c74d41ee4bed78 CentOS 7 (x86_64) - with Updates HVM bootable partition
ami-0fb02f20850e23fd0 SUSE Linux Enterprise Server 15
ami-0b3d1809cc222924a AlmaLinux OS 8
ami-0e2bc7a3ca89f5d06 Rocky Linux 8 bootable partition

Script

https://gist.github.com/knqyf263/560020453511fe8107e2e9796fffbbd6#file-ami-snapshot-sh

@knqyf263
Copy link
Collaborator

I figured out why it failed on CentOS/Rocky Linux.

The images successfully scanned were GPT-partitioned.

[ec2-user@ip-172-31-32-24 ~]$ sudo fdisk -l /dev/xvda
Disk /dev/xvda: 8 GiB, 8589934592 bytes, 16777216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: DA90AB95-8C11-4BAE-9157-C48213FBAD0C

Device       Start      End  Sectors Size Type
/dev/xvda1    4096 16777182 16773087   8G Linux filesystem
/dev/xvda128  2048     4095     2048   1M BIOS boot

Partition table entries are not in disk order.

Rocky Linux is MBR-partitioned.

[rocky@ip-172-31-46-195 ~]$ sudo fdisk -l
Disk /dev/xvda: 10 GiB, 10737418240 bytes, 20971520 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xec07056d

Device     Boot Start      End  Sectors Size Id Type
/dev/xvda1 *     2048 20971486 20969439  10G 83 Linux

We should not just skip bootable partition. We should skip only MBR and BIOS boot partition, not EFI System Partition (ESP).

@knqyf263
Copy link
Collaborator

knqyf263 commented Nov 26, 2022
edited

Fixed in 6c7f970. I confirmed CentOS and Rocky Linux work now.

@knqyf263
Copy link
Collaborator

knqyf263 commented Nov 27, 2022
edited

AMI scanning (EBS snapshot) after the fix

AMI ID AMI name Status Note
ami-0c0000ceb18c73b8a Red Hat Enterprise Linux 9
ami-06220be3176081cf0 Red Hat Enterprise Linux (RHEL) 7 (HVM)
ami-076309742d466ad69 Amazon Linux 2 AMI (HVM) - Kernel 5.10
ami-034a7d2833172671e Amazon Linux 2 AMI (HVM) - Kernel 4.14
ami-0caef02b518350c8b Ubuntu Server 22.04 LTS
ami-06148e0e81e5187c8 Ubuntu Server 20.04 LTS
ami-0a5b5c0ea66ec560d Debian 11
ami-0b4c74d41ee4bed78 CentOS 7 (x86_64) - with Updates HVM MBR
ami-0fb02f20850e23fd0 SUSE Linux Enterprise Server 15
ami-0b3d1809cc222924a AlmaLinux OS 8
ami-0e2bc7a3ca89f5d06 Rocky Linux 8 MBR

Script

https://gist.github.com/knqyf263/560020453511fe8107e2e9796fffbbd6#file-ami-snapshot-sh

@knqyf263
Copy link
Collaborator

Now it's all green 🎉🎉 🎉 🎉 🎉

@knqyf263 knqyf263 merged commit 22d92e4 into aquasecurity:main Nov 27, 2022
@masahiro331 masahiro331 mentioned this pull request Nov 27, 2022
Merged
7 tasks
@itaysk itaysk mentioned this pull request Nov 30, 2022
Closed
@knqyf263 knqyf263 mentioned this pull request Dec 11, 2022
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

@AnaisUrlichs AnaisUrlichs Awaiting requested review from AnaisUrlichs

@itaysk itaysk Awaiting requested review from itaysk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@masahiro331 @knqyf263 @tamirkiviti13 @afdesk @itaysk