quayio-scanner 0.3.2 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 15795d58c96f27ce19472584bd56fecdc49f11c833e2521df12ae54544cdaaec
4
- data.tar.gz: ee7a1307813f90b2631086f55e51f991310329e19a6a12dd22c2badcdf577711
3
+ metadata.gz: de92233c0413236dfeb715ffc2bdf3b0355a7cd7a6cbf1bb8ba1507381b71ac5
4
+ data.tar.gz: 9903c847f82a53e14db535eaced022c774288e89b53ffaf765b3abfa4d40df11
5
5
  SHA512:
6
- metadata.gz: 8f1f0cff0ea95d5488a32fa52f4c206f8a3674f324319aaeed46fb8545c76d9bda0caeab5dccefc718e596a35e7054bea8d66a5f4cc601695f015baec335a2f2
7
- data.tar.gz: 86d43813af9825fe5f6129e25b1547050e53a8fc493bb05b3fa1045c616f9b9085b50728fd3e3d0ef4fbfea92b324054d5d3e32e2b0c2b8c57e529c90b5757a2
6
+ metadata.gz: 4c216489fe912aa1a7ec9e6fc504aa241c872b809502c47bdcb72565b8d3ab8dc33504072d5037ab43a06b9a5abf7564db28b7a3ffe7908f1230b2483cf8fefa
7
+ data.tar.gz: a9e5c35ed78d30da1ef5ea51881ae5ad42fec33af3a5d04cf44bf598fd74a8b45555d4cc367d4f710d97099298223ff69fe9d1670e104608f94fa83889271dd5
@@ -44,10 +44,18 @@ class CheckContainerVulnerabilities < Sensu::Plugin::Check::CLI
44
44
  default: '',
45
45
  proc: proc { |w| w.split(',') }
46
46
 
47
+ option :ignore_namespace_names,
48
+ description: 'Namespace names to ignore',
49
+ short: '-n NAMESPACE_NAME[,NAMESPACE_NAME]',
50
+ long: '--ignore-namespace-names NAMESPACE_NAME[,NAMESPACE_NAME]',
51
+ default: '',
52
+ proc: proc { |w| w.split(',') }
53
+
47
54
  def run
48
55
  status, message = Quayio::Scanner::Check.new(config[:docker_url],
49
56
  config[:quayio_token],
50
- config[:whitelist]).run
57
+ config[:whitelist],
58
+ config[:ignore_namespace_names]).run
51
59
 
52
60
  if status == :ok
53
61
  ok message
@@ -2,7 +2,7 @@ require 'docker'
2
2
 
3
3
  module Quayio
4
4
  module Scanner
5
- Check = Struct.new(:docker_url, :quayio_token, :whitelist) do
5
+ Check = Struct.new(:docker_url, :quayio_token, :whitelist, :ignore_namespace_names) do
6
6
  def run
7
7
  Docker.url = docker_url
8
8
 
@@ -27,7 +27,7 @@ module Quayio
27
27
 
28
28
  def vulnerable_images
29
29
  containers
30
- .map { |container| Image.new(container, quayio_token, whitelist) }
30
+ .map { |container| Image.new(container, quayio_token, whitelist, ignore_namespace_names) }
31
31
  .select(&:vulnerable?)
32
32
  .map(&:name)
33
33
  end
@@ -5,11 +5,12 @@ module Quayio
5
5
  QUAY_IO_REPO_NAME =
6
6
  %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
7
7
 
8
- attr_reader :name, :whitelist, :repository
8
+ attr_reader :name, :whitelist, :repository, :ignore_namespace_names
9
9
 
10
- def initialize(name, quayio_token, whitelist)
10
+ def initialize(name, quayio_token, whitelist, ignore_namespace_names)
11
11
  @name = name
12
12
  @whitelist = whitelist
13
+ @ignore_namespace_names = ignore_namespace_names
13
14
 
14
15
  @name.match(QUAY_IO_REPO_NAME) do |r|
15
16
  org, repo, tag = r.captures
@@ -36,7 +37,8 @@ module Quayio
36
37
  !raw_scan['data']['Layer']['Features'].detect do |f|
37
38
  f['Vulnerabilities']&.detect do |v|
38
39
  RELEVANT_SEVERITIES.include?(v['Severity']) && \
39
- !whitelist.include?(v['Name'])
40
+ !whitelist.include?(v['Name']) && \
41
+ !ignore_namespace_names.include?(v['NamespaceName'])
40
42
  end
41
43
  end.nil?
42
44
  end
@@ -1,5 +1,5 @@
1
1
  module Quayio
2
2
  module Scanner
3
- VERSION = '0.3.2'.freeze
3
+ VERSION = '0.4.0'.freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quayio-scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benjamin Meichsner
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-02 00:00:00.000000000 Z
11
+ date: 2023-02-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docker-api
@@ -114,7 +114,7 @@ dependencies:
114
114
  - - "<="
115
115
  - !ruby/object:Gem::Version
116
116
  version: '0.81'
117
- description:
117
+ description:
118
118
  email:
119
119
  - benjamin.meichsner@aboutsource.net
120
120
  executables:
@@ -142,7 +142,7 @@ homepage: https://github.com/aboutsource/quayio-scanner
142
142
  licenses:
143
143
  - MIT
144
144
  metadata: {}
145
- post_install_message:
145
+ post_install_message:
146
146
  rdoc_options: []
147
147
  require_paths:
148
148
  - lib
@@ -157,8 +157,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
157
157
  - !ruby/object:Gem::Version
158
158
  version: '0'
159
159
  requirements: []
160
- rubygems_version: 3.1.2
161
- signing_key:
160
+ rubygems_version: 3.3.25
161
+ signing_key:
162
162
  specification_version: 4
163
163
  summary: Scan quay.io for vulnerabilities in running docker containers.
164
164
  test_files: []