Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secsan: Add tags field to event data on new vulnerability notifications (PROJQUAY-5681) #1997

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

secsan: Add tags field to event data on new vulnerability notifications (PROJQUAY-5681) #1997

wants to merge 1 commit into from

Conversation

Marcusk19
Copy link
Contributor

Add tag field to event data for vulnerability notifications on new image pushes.

Missing tag field caused an exception for slack notifications, should allow slack notifications to fire for new images.

Screenshot 2023-06-29 at 11 49 55 AM

@Marcusk19 Marcusk19 force-pushed the vulnerability_slack_notifications branch from 47297d0 to fd2d203 Compare August 31, 2023 16:06
@codecov
Copy link

codecov bot commented Aug 31, 2023
edited

Codecov Report

Attention: Patch coverage is 50.00000% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 70.80%. Comparing base (827ca13) to head (600b605).
Report is 1 commits behind head on master.

Files Patch % Lines
data/secscan_model/secscan_v4_model.py 50.00% 3 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1997   +/-   ##
=======================================
  Coverage   70.80%   70.80%           
=======================================
  Files         436      436           
  Lines       40532    40536    +4     
  Branches     5283     5284    +1     
=======================================
+ Hits        28697    28700    +3     
- Misses      10158    10161    +3     
+ Partials     1677     1675    -2
Flag Coverage Δ
unit 70.80% <50.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

kleesc
kleesc reviewed Sep 7, 2023
View reviewed changes
data/secscan_model/secscan_v4_model.py Outdated
tag_names = list(
registry_model.tag_names_for_manifest(manifest, TAG_LIMIT)
)
print("TAG_NAMES: ", tag_names)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Forgot to remove this print statement

hdonnay
hdonnay reviewed Sep 7, 2023
View reviewed changes
data/secscan_model/secscan_v4_model.py
@@ -56,6 +57,7 @@


DEFAULT_SECURITY_SCANNER_V4_REINDEX_THRESHOLD = 86400 # 1 day
TAG_LIMIT = 100
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the limit? What subset is chosen when it's exceeded?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I understand the limit is for retrieving the tag names that point to that manifest up to that limit. So at max there will only be 100 tags attached to the event data for the notification.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, so how is that 100 chosen?
The limit will have to be documented somewhere, also.

Alternatively, is it possible to page through all the tags and emit multiple events if needed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The security notification worker already sets it as 100 which is why I chose that number. It's also possible to set it as None for no limit.
Is it better to just go through all tag names and not limit it to 100?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe? It could make the event object very large, which is why I suggested paging.

@Marcusk19
add tags field to event data on new vulnerability notifications
600b605 
when building message notification, use get() to avoid exception when
looking up event_data["tags"]

use get() to avoid throwing error if key is not found
@Marcusk19 Marcusk19 force-pushed the vulnerability_slack_notifications branch from 710976c to 600b605 Compare March 4, 2024 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hdonnay hdonnay hdonnay left review comments

@Sunandadadi Sunandadadi Awaiting requested review from Sunandadadi

@kleesc kleesc Awaiting requested review from kleesc

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@Marcusk19 @hdonnay @kleesc