Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13329 from jeff-phillips-18/pipeline-cves
ODC-7421: Show vulnerability column in the pipelinerun list page
- Loading branch information
Showing
15 changed files
with
686 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
...-plugin/src/components/pipelineruns/hooks/__tests__/usePipelineRunVulnerabilities.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
import { testHook } from '../../../../../../../__tests__/utils/hooks-utils'; | ||
import { | ||
PipeLineRunWithVulnerabilitiesData, | ||
PipeLineRunWithVulnerabilitiesNames, | ||
} from '../../../../test-data/pipeline-data'; | ||
import { usePipelineRunVulnerabilities } from '../usePipelineRunVulnerabilities'; | ||
|
||
describe('usePLRVulnerabilities', () => { | ||
it('should return vulnerability scan results', () => { | ||
const { | ||
result: { current: scanResults }, | ||
} = testHook(() => | ||
usePipelineRunVulnerabilities( | ||
PipeLineRunWithVulnerabilitiesData[PipeLineRunWithVulnerabilitiesNames.ScanOutput], | ||
), | ||
); | ||
expect(scanResults.vulnerabilities.critical).toBe(13); | ||
expect(scanResults.vulnerabilities.high).toBe(29); | ||
expect(scanResults.vulnerabilities.medium).toBe(32); | ||
expect(scanResults.vulnerabilities.low).toBe(3); | ||
}); | ||
it('should accept any scan results', () => { | ||
const { | ||
result: { current: scanResults }, | ||
} = testHook(() => | ||
usePipelineRunVulnerabilities( | ||
PipeLineRunWithVulnerabilitiesData[PipeLineRunWithVulnerabilitiesNames.MyScanOutput], | ||
), | ||
); | ||
expect(scanResults.vulnerabilities.critical).toBe(0); | ||
expect(scanResults.vulnerabilities.high).toBe(9); | ||
expect(scanResults.vulnerabilities.medium).toBe(2); | ||
expect(scanResults.vulnerabilities.low).toBe(13); | ||
}); | ||
it('should ignore improper scan results', () => { | ||
const { | ||
result: { current: scanResults }, | ||
} = testHook(() => | ||
usePipelineRunVulnerabilities( | ||
PipeLineRunWithVulnerabilitiesData[PipeLineRunWithVulnerabilitiesNames.InvalidScanOutput], | ||
), | ||
); | ||
expect(scanResults.vulnerabilities).toBeUndefined(); | ||
}); | ||
it('should aggregate vulnerability scan results', () => { | ||
const { | ||
result: { current: scanResults }, | ||
} = testHook(() => | ||
usePipelineRunVulnerabilities( | ||
PipeLineRunWithVulnerabilitiesData[PipeLineRunWithVulnerabilitiesNames.MultipleScanOutput], | ||
), | ||
); | ||
expect(scanResults.vulnerabilities.critical).toBe(13); | ||
expect(scanResults.vulnerabilities.high).toBe(38); | ||
expect(scanResults.vulnerabilities.medium).toBe(34); | ||
expect(scanResults.vulnerabilities.low).toBe(16); | ||
}); | ||
}); |
44 changes: 44 additions & 0 deletions
44
...kages/pipelines-plugin/src/components/pipelineruns/hooks/usePipelineRunVulnerabilities.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import * as React from 'react'; | ||
import { PipelineRunKind } from '../../../types'; | ||
|
||
const SCAN_OUTPUT_SUFFIX = 'SCAN_OUTPUT'; | ||
|
||
export type ScanResults = { | ||
vulnerabilities?: { | ||
critical: number; | ||
high: number; | ||
medium: number; | ||
low: number; | ||
}; | ||
}; | ||
|
||
export const getPipelineRunVulnerabilities = (pipelineRun: PipelineRunKind): ScanResults => { | ||
return pipelineRun.status?.results?.reduce((acc, result) => { | ||
if (result.name?.endsWith(SCAN_OUTPUT_SUFFIX)) { | ||
if (!acc.vulnerabilities) { | ||
acc.vulnerabilities = { critical: 0, high: 0, medium: 0, low: 0 }; | ||
} | ||
try { | ||
const taskVulnerabilities = JSON.parse(result.value); | ||
if (taskVulnerabilities.vulnerabilities) { | ||
acc.vulnerabilities.critical += taskVulnerabilities.vulnerabilities.critical || 0; | ||
acc.vulnerabilities.high += taskVulnerabilities.vulnerabilities.high || 0; | ||
acc.vulnerabilities.medium += taskVulnerabilities.vulnerabilities.medium || 0; | ||
acc.vulnerabilities.low += taskVulnerabilities.vulnerabilities.low || 0; | ||
} | ||
} catch (e) { | ||
// ignore | ||
} | ||
} | ||
return acc; | ||
}, {} as ScanResults); | ||
}; | ||
|
||
export const usePipelineRunVulnerabilities = (pipelineRun: PipelineRunKind): ScanResults => | ||
React.useMemo(() => { | ||
if (!pipelineRun) { | ||
return null; | ||
} | ||
|
||
return getPipelineRunVulnerabilities(pipelineRun); | ||
}, [pipelineRun]); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
...tend/packages/pipelines-plugin/src/components/pipelineruns/list-page/PipelineRunList.scss
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
.opp-pipeline-run-list { | ||
&__signed-indicator { | ||
display: inline-block; | ||
--pf-c-table--cell--Color: var(--pf-global--BackgroundColor--dark-transparent-100); | ||
margin-left: var(--pf-global--spacer-sm); | ||
> img { | ||
height: var(--pf-global--FontSize--lg); | ||
position: relative; | ||
top: 4px; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 10 additions & 9 deletions
19
...tend/packages/pipelines-plugin/src/components/pipelineruns/list-page/pipelinerun-table.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,12 @@ | ||
import { Kebab } from '@console/internal/components/utils'; | ||
|
||
export const tableColumnClasses = [ | ||
'', // name | ||
'', // namespace | ||
'pf-m-hidden pf-m-visible-on-sm', // status | ||
'pf-m-hidden pf-m-visible-on-lg', // task status | ||
'pf-m-hidden pf-m-visible-on-lg', // started | ||
'pf-m-hidden pf-m-visible-on-xl', // duration | ||
Kebab.columnClass, | ||
]; | ||
export const tableColumnClasses = { | ||
name: '', | ||
namespace: '', | ||
vulnerabilities: 'pf-m-hidden pf-m-visible-on-md', | ||
status: 'pf-m-hidden pf-m-visible-on-sm', | ||
taskStatus: 'pf-m-hidden pf-m-visible-on-lg', | ||
started: 'pf-m-hidden pf-m-visible-on-lg', | ||
duration: 'pf-m-hidden pf-m-visible-on-xl', | ||
actions: Kebab.columnClass, | ||
}; |
20 changes: 20 additions & 0 deletions
20
...kages/pipelines-plugin/src/components/pipelineruns/status/PipelineRunVulnerabilities.scss
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
.opp-vulnerabilities { | ||
display: flex; | ||
flex-wrap: wrap; | ||
gap: var(--pf-global--spacer--sm); | ||
&__severity { | ||
align-items: center; | ||
display: flex; | ||
flex-wrap: nowrap; | ||
gap: var(--pf-global--spacer--xs); | ||
} | ||
&__severity-status { | ||
align-items: center; | ||
display: flex; | ||
flex-wrap: nowrap; | ||
gap: var(--pf-global--spacer--xs); | ||
} | ||
&__severity-count { | ||
font-weight: var(--pf-global--FontWeight--bold); | ||
} | ||
} |
Oops, something went wrong.