quayio-scanner 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 68516160274a0b51bf316fb40c10bf80cf09c23c
4
- data.tar.gz: 65a0702a0bd1377aeec19a4167bdf94e62d2d49e
2
+ SHA256:
3
+ metadata.gz: 66c2653d41f714187352754314ba1f6635f4fc5aa4a8d0898ccd3e12a5c66b96
4
+ data.tar.gz: c5c5766092d539ff79aef0bbf2e0ba711b665ea7f704ee8fd96caf761be1ecc4
5
5
  SHA512:
6
- metadata.gz: 7526a15532727f2831863844dc1d014e89990a9c1d4de86c7e01b5f6ce313e76f1123cdae6aa1a182b7b81d3b960336c17643b20a4e74af535c948f16c1759b9
7
- data.tar.gz: f82dd17253b0fa4bf26d11e3cc43ac18ce602836681b548644c3118f59a4e12674959302d0af073dcf2d6fa414746adb24a9b522951319c454d72f43f8d66b3b
6
+ metadata.gz: a1f2ef52c92a20f7c5b6625cc45ce8ea238c25d3958fd4314b6dca4cebebfef1a0dd7947bc2e95840ab94dfbed7e24f7c7d95db4caab2d2b9b2432cf20f4c6d6
7
+ data.tar.gz: 456cbd136d5c59fd756f3ae958e87c0f19aae2f0b88945b5e4be4ebfc7fe2a53bd7fd80070ac46bf95d0efd49b1fd77fe253513a260146980763849f536cc6a6
data/Rakefile CHANGED
@@ -1,2 +1,7 @@
1
1
  require 'bundler/gem_tasks'
2
- task default: :spec
2
+ require 'rspec/core/rake_task'
3
+ require 'rubocop/rake_task'
4
+
5
+ RuboCop::RakeTask.new
6
+
7
+ task default: %i[rubocop]
@@ -36,9 +36,16 @@ class CheckContainerVulnerabilities < Sensu::Plugin::Check::CLI
36
36
  short: '-t TOKEN',
37
37
  long: '--quayio-token TOKEN'
38
38
 
39
+ option :whitelist,
40
+ description: 'Vulnerability whitelist',
41
+ short: '-w WHITELIST[,WHITELIST]',
42
+ long: '--whitelist WHITELIST[,WHITELIST]',
43
+ default: '',
44
+ proc: proc { |w| w.split(',') }
45
+
39
46
  def run
40
- status, message = Quayio::Scanner::Check.new(config[:docker_url],
41
- config[:quayio_token]).run
47
+ status, message = Quayio::Scanner::Check.new(
48
+ config[:docker_url], config[:quayio_token], config[:whitelist]).run
42
49
 
43
50
  if status == :ok
44
51
  ok message
@@ -3,7 +3,7 @@ require 'docker'
3
3
 
4
4
  module Quayio
5
5
  module Scanner
6
- class Check < Struct.new(:docker_url, :quayio_token)
6
+ class Check < Struct.new(:docker_url, :quayio_token, :whitelist)
7
7
  def run
8
8
  Docker.url = docker_url
9
9
  containers = Docker::Container.all
@@ -11,7 +11,7 @@ module Quayio
11
11
  .uniq
12
12
 
13
13
  vulnerable_images = containers
14
- .map { |container| Image.new(container, quayio_token) }
14
+ .map { |container| Image.new(container, quayio_token, whitelist) }
15
15
  .select(&:vulnerable?)
16
16
  .map(&:name)
17
17
 
@@ -3,7 +3,7 @@ require 'rest-client'
3
3
 
4
4
  module Quayio
5
5
  module Scanner
6
- class Image < Struct.new(:name, :quayio_token)
6
+ class Image < Struct.new(:name, :quayio_token, :whitelist)
7
7
  RELEVANT_SEVERITIES = %w(Medium High Critical)
8
8
 
9
9
  def vulnerable?
@@ -26,9 +26,10 @@ module Quayio
26
26
 
27
27
  def high_vulnerabilities_present?
28
28
  raw_scan['data']['Layer']['Features'].detect do |f|
29
- f['Vulnerabilities'] &&
30
- f['Vulnerabilities']
31
- .detect { |v| RELEVANT_SEVERITIES.include?(v['Severity']) }
29
+ f['Vulnerabilities'] && f['Vulnerabilities'].detect do |v|
30
+ RELEVANT_SEVERITIES.include?(v['Severity']) &&
31
+ !whitelist.include?(v['Name'])
32
+ end
32
33
  end
33
34
  end
34
35
 
@@ -1,5 +1,5 @@
1
1
  module Quayio
2
2
  module Scanner
3
- VERSION = '0.1.2'.freeze
3
+ VERSION = '0.1.3'.freeze
4
4
  end
5
5
  end
@@ -1,6 +1,4 @@
1
- # coding: utf-8
2
-
3
- lib = File.expand_path('../lib', __FILE__)
1
+ lib = File.expand_path('lib', __dir__)
4
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
3
  require 'quayio/scanner/version'
6
4
 
@@ -20,10 +18,11 @@ Gem::Specification.new do |spec|
20
18
  spec.executables = Dir.glob('bin/**/*.rb').map { |file| File.basename(file) }
21
19
  spec.require_paths = ['lib']
22
20
 
23
- spec.add_dependency 'sensu-plugin', '~> 2.1'
24
21
  spec.add_dependency 'docker-api', '~> 1.33'
25
22
  spec.add_dependency 'rest-client', '~> 2.0'
23
+ spec.add_dependency 'sensu-plugin', '~> 2.1'
26
24
  spec.add_development_dependency 'bundler', '~> 1.14'
27
25
  spec.add_development_dependency 'rake', '~> 10.0'
26
+ spec.add_development_dependency 'rspec', '~> 3.7'
28
27
  spec.add_development_dependency 'rubocop', '~> 0.49'
29
28
  end
metadata CHANGED
@@ -1,57 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quayio-scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benjamin Meichsner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-30 00:00:00.000000000 Z
11
+ date: 2018-05-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: sensu-plugin
14
+ name: docker-api
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '2.1'
19
+ version: '1.33'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '2.1'
26
+ version: '1.33'
27
27
  - !ruby/object:Gem::Dependency
28
- name: docker-api
28
+ name: rest-client
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.33'
33
+ version: '2.0'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.33'
40
+ version: '2.0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: rest-client
42
+ name: sensu-plugin
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '2.0'
47
+ version: '2.1'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '2.0'
54
+ version: '2.1'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '10.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.7'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.7'
83
97
  - !ruby/object:Gem::Dependency
84
98
  name: rubocop
85
99
  requirement: !ruby/object:Gem::Requirement
@@ -133,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
133
147
  version: '0'
134
148
  requirements: []
135
149
  rubyforge_project:
136
- rubygems_version: 2.6.14
150
+ rubygems_version: 2.7.7
137
151
  signing_key:
138
152
  specification_version: 4
139
153
  summary: Scan quay.io for vulnerabilties in running docker containers.