quayio-scanner 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/check-container-vulnerabilities.rb +9 -1
- data/lib/quayio/scanner/check.rb +2 -2
- data/lib/quayio/scanner/image.rb +5 -3
- data/lib/quayio/scanner/version.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de92233c0413236dfeb715ffc2bdf3b0355a7cd7a6cbf1bb8ba1507381b71ac5
|
|
4
|
+
data.tar.gz: 9903c847f82a53e14db535eaced022c774288e89b53ffaf765b3abfa4d40df11
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c216489fe912aa1a7ec9e6fc504aa241c872b809502c47bdcb72565b8d3ab8dc33504072d5037ab43a06b9a5abf7564db28b7a3ffe7908f1230b2483cf8fefa
|
|
7
|
+
data.tar.gz: a9e5c35ed78d30da1ef5ea51881ae5ad42fec33af3a5d04cf44bf598fd74a8b45555d4cc367d4f710d97099298223ff69fe9d1670e104608f94fa83889271dd5
|
|
@@ -44,10 +44,18 @@ class CheckContainerVulnerabilities < Sensu::Plugin::Check::CLI
|
|
|
44
44
|
default: '',
|
|
45
45
|
proc: proc { |w| w.split(',') }
|
|
46
46
|
|
|
47
|
+
option :ignore_namespace_names,
|
|
48
|
+
description: 'Namespace names to ignore',
|
|
49
|
+
short: '-n NAMESPACE_NAME[,NAMESPACE_NAME]',
|
|
50
|
+
long: '--ignore-namespace-names NAMESPACE_NAME[,NAMESPACE_NAME]',
|
|
51
|
+
default: '',
|
|
52
|
+
proc: proc { |w| w.split(',') }
|
|
53
|
+
|
|
47
54
|
def run
|
|
48
55
|
status, message = Quayio::Scanner::Check.new(config[:docker_url],
|
|
49
56
|
config[:quayio_token],
|
|
50
|
-
config[:whitelist]
|
|
57
|
+
config[:whitelist],
|
|
58
|
+
config[:ignore_namespace_names]).run
|
|
51
59
|
|
|
52
60
|
if status == :ok
|
|
53
61
|
ok message
|
data/lib/quayio/scanner/check.rb
CHANGED
|
@@ -2,7 +2,7 @@ require 'docker'
|
|
|
2
2
|
|
|
3
3
|
module Quayio
|
|
4
4
|
module Scanner
|
|
5
|
-
Check = Struct.new(:docker_url, :quayio_token, :whitelist) do
|
|
5
|
+
Check = Struct.new(:docker_url, :quayio_token, :whitelist, :ignore_namespace_names) do
|
|
6
6
|
def run
|
|
7
7
|
Docker.url = docker_url
|
|
8
8
|
|
|
@@ -27,7 +27,7 @@ module Quayio
|
|
|
27
27
|
|
|
28
28
|
def vulnerable_images
|
|
29
29
|
containers
|
|
30
|
-
.map { |container| Image.new(container, quayio_token, whitelist) }
|
|
30
|
+
.map { |container| Image.new(container, quayio_token, whitelist, ignore_namespace_names) }
|
|
31
31
|
.select(&:vulnerable?)
|
|
32
32
|
.map(&:name)
|
|
33
33
|
end
|
data/lib/quayio/scanner/image.rb
CHANGED
|
@@ -5,11 +5,12 @@ module Quayio
|
|
|
5
5
|
QUAY_IO_REPO_NAME =
|
|
6
6
|
%r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
|
|
7
7
|
|
|
8
|
-
attr_reader :name, :whitelist, :repository
|
|
8
|
+
attr_reader :name, :whitelist, :repository, :ignore_namespace_names
|
|
9
9
|
|
|
10
|
-
def initialize(name, quayio_token, whitelist)
|
|
10
|
+
def initialize(name, quayio_token, whitelist, ignore_namespace_names)
|
|
11
11
|
@name = name
|
|
12
12
|
@whitelist = whitelist
|
|
13
|
+
@ignore_namespace_names = ignore_namespace_names
|
|
13
14
|
|
|
14
15
|
@name.match(QUAY_IO_REPO_NAME) do |r|
|
|
15
16
|
org, repo, tag = r.captures
|
|
@@ -36,7 +37,8 @@ module Quayio
|
|
|
36
37
|
!raw_scan['data']['Layer']['Features'].detect do |f|
|
|
37
38
|
f['Vulnerabilities']&.detect do |v|
|
|
38
39
|
RELEVANT_SEVERITIES.include?(v['Severity']) && \
|
|
39
|
-
!whitelist.include?(v['Name'])
|
|
40
|
+
!whitelist.include?(v['Name']) && \
|
|
41
|
+
!ignore_namespace_names.include?(v['NamespaceName'])
|
|
40
42
|
end
|
|
41
43
|
end.nil?
|
|
42
44
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: quayio-scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benjamin Meichsner
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-02-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: docker-api
|
|
@@ -114,7 +114,7 @@ dependencies:
|
|
|
114
114
|
- - "<="
|
|
115
115
|
- !ruby/object:Gem::Version
|
|
116
116
|
version: '0.81'
|
|
117
|
-
description:
|
|
117
|
+
description:
|
|
118
118
|
email:
|
|
119
119
|
- benjamin.meichsner@aboutsource.net
|
|
120
120
|
executables:
|
|
@@ -142,7 +142,7 @@ homepage: https://github.com/aboutsource/quayio-scanner
|
|
|
142
142
|
licenses:
|
|
143
143
|
- MIT
|
|
144
144
|
metadata: {}
|
|
145
|
-
post_install_message:
|
|
145
|
+
post_install_message:
|
|
146
146
|
rdoc_options: []
|
|
147
147
|
require_paths:
|
|
148
148
|
- lib
|
|
@@ -157,8 +157,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
157
157
|
- !ruby/object:Gem::Version
|
|
158
158
|
version: '0'
|
|
159
159
|
requirements: []
|
|
160
|
-
rubygems_version: 3.
|
|
161
|
-
signing_key:
|
|
160
|
+
rubygems_version: 3.3.25
|
|
161
|
+
signing_key:
|
|
162
162
|
specification_version: 4
|
|
163
163
|
summary: Scan quay.io for vulnerabilities in running docker containers.
|
|
164
164
|
test_files: []
|