quayio-scanner 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c3eabc5c737c5a7e3e6c104f221de20f4dc1be4e91bb54241f308f5367b84c5
4
- data.tar.gz: 457e6d878eb67842929377ffe54589efe832335275c4a0ef0ea5845ea9d68fd0
3
+ metadata.gz: de92233c0413236dfeb715ffc2bdf3b0355a7cd7a6cbf1bb8ba1507381b71ac5
4
+ data.tar.gz: 9903c847f82a53e14db535eaced022c774288e89b53ffaf765b3abfa4d40df11
5
5
  SHA512:
6
- metadata.gz: a89b445dfb42e088056cfa4b07634eb7fab13b5d7a5d342a39188f660e8b7da7f521d04b76540c084f59b364b7af322ae3718d017c56c100a556e9baffa8231c
7
- data.tar.gz: e459485a56218b2305bfe7294f2936fba44cb1d063ac0951060290a5c77e6ad8aaa341e2ffa1dd4e0dcab13583ff64cda96e861ccac0ed6f3be030fdb308e2e0
6
+ metadata.gz: 4c216489fe912aa1a7ec9e6fc504aa241c872b809502c47bdcb72565b8d3ab8dc33504072d5037ab43a06b9a5abf7564db28b7a3ffe7908f1230b2483cf8fefa
7
+ data.tar.gz: a9e5c35ed78d30da1ef5ea51881ae5ad42fec33af3a5d04cf44bf598fd74a8b45555d4cc367d4f710d97099298223ff69fe9d1670e104608f94fa83889271dd5
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- quayio-scanner (0.3.1)
4
+ quayio-scanner (0.3.2)
5
5
  docker-api (~> 1.33)
6
6
  rest-client (~> 2.1)
7
7
  sensu-plugin (~> 4.0)
@@ -44,10 +44,18 @@ class CheckContainerVulnerabilities < Sensu::Plugin::Check::CLI
44
44
  default: '',
45
45
  proc: proc { |w| w.split(',') }
46
46
 
47
+ option :ignore_namespace_names,
48
+ description: 'Namespace names to ignore',
49
+ short: '-n NAMESPACE_NAME[,NAMESPACE_NAME]',
50
+ long: '--ignore-namespace-names NAMESPACE_NAME[,NAMESPACE_NAME]',
51
+ default: '',
52
+ proc: proc { |w| w.split(',') }
53
+
47
54
  def run
48
55
  status, message = Quayio::Scanner::Check.new(config[:docker_url],
49
56
  config[:quayio_token],
50
- config[:whitelist]).run
57
+ config[:whitelist],
58
+ config[:ignore_namespace_names]).run
51
59
 
52
60
  if status == :ok
53
61
  ok message
@@ -2,7 +2,7 @@ require 'docker'
2
2
 
3
3
  module Quayio
4
4
  module Scanner
5
- Check = Struct.new(:docker_url, :quayio_token, :whitelist) do
5
+ Check = Struct.new(:docker_url, :quayio_token, :whitelist, :ignore_namespace_names) do
6
6
  def run
7
7
  Docker.url = docker_url
8
8
 
@@ -27,7 +27,7 @@ module Quayio
27
27
 
28
28
  def vulnerable_images
29
29
  containers
30
- .map { |container| Image.new(container, quayio_token, whitelist) }
30
+ .map { |container| Image.new(container, quayio_token, whitelist, ignore_namespace_names) }
31
31
  .select(&:vulnerable?)
32
32
  .map(&:name)
33
33
  end
@@ -5,11 +5,12 @@ module Quayio
5
5
  QUAY_IO_REPO_NAME =
6
6
  %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
7
7
 
8
- attr_reader :name, :whitelist, :repository
8
+ attr_reader :name, :whitelist, :repository, :ignore_namespace_names
9
9
 
10
- def initialize(name, quayio_token, whitelist)
10
+ def initialize(name, quayio_token, whitelist, ignore_namespace_names)
11
11
  @name = name
12
12
  @whitelist = whitelist
13
+ @ignore_namespace_names = ignore_namespace_names
13
14
 
14
15
  @name.match(QUAY_IO_REPO_NAME) do |r|
15
16
  org, repo, tag = r.captures
@@ -25,7 +26,7 @@ module Quayio
25
26
 
26
27
  def quayio?
27
28
  # safe guard, do not trust QUAY_IO_REPO_NAME regex match
28
- name.match?(%r{^quay.io\/})
29
+ !name.match(%r{^quay.io\/}).nil?
29
30
  end
30
31
 
31
32
  def scanned?
@@ -35,8 +36,9 @@ module Quayio
35
36
  def vulnerabilities_present?
36
37
  !raw_scan['data']['Layer']['Features'].detect do |f|
37
38
  f['Vulnerabilities']&.detect do |v|
38
- RELEVANT_SEVERITIES.include?(v['Severity']) &&\
39
- !whitelist.include?(v['Name'])
39
+ RELEVANT_SEVERITIES.include?(v['Severity']) && \
40
+ !whitelist.include?(v['Name']) && \
41
+ !ignore_namespace_names.include?(v['NamespaceName'])
40
42
  end
41
43
  end.nil?
42
44
  end
@@ -1,5 +1,5 @@
1
1
  module Quayio
2
2
  module Scanner
3
- VERSION = '0.3.1'.freeze
3
+ VERSION = '0.4.0'.freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quayio-scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benjamin Meichsner
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-31 00:00:00.000000000 Z
11
+ date: 2023-02-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docker-api
@@ -114,7 +114,7 @@ dependencies:
114
114
  - - "<="
115
115
  - !ruby/object:Gem::Version
116
116
  version: '0.81'
117
- description:
117
+ description:
118
118
  email:
119
119
  - benjamin.meichsner@aboutsource.net
120
120
  executables:
@@ -142,7 +142,7 @@ homepage: https://github.com/aboutsource/quayio-scanner
142
142
  licenses:
143
143
  - MIT
144
144
  metadata: {}
145
- post_install_message:
145
+ post_install_message:
146
146
  rdoc_options: []
147
147
  require_paths:
148
148
  - lib
@@ -157,8 +157,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
157
157
  - !ruby/object:Gem::Version
158
158
  version: '0'
159
159
  requirements: []
160
- rubygems_version: 3.1.2
161
- signing_key:
160
+ rubygems_version: 3.3.25
161
+ signing_key:
162
162
  specification_version: 4
163
163
  summary: Scan quay.io for vulnerabilities in running docker containers.
164
164
  test_files: []