quayio-scanner 0.3.2 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15795d58c96f27ce19472584bd56fecdc49f11c833e2521df12ae54544cdaaec
-  data.tar.gz: ee7a1307813f90b2631086f55e51f991310329e19a6a12dd22c2badcdf577711
+  metadata.gz: 2ab390e409e94c94ca9097786c8ff05a4c94e24b40d0fd78d2621f8bd752c60c
+  data.tar.gz: c0c4030b04c344eec2bce1f28e40179c0fed6e7db9660c2d62e514f2ee0a2e56
 SHA512:
-  metadata.gz: 8f1f0cff0ea95d5488a32fa52f4c206f8a3674f324319aaeed46fb8545c76d9bda0caeab5dccefc718e596a35e7054bea8d66a5f4cc601695f015baec335a2f2
-  data.tar.gz: 86d43813af9825fe5f6129e25b1547050e53a8fc493bb05b3fa1045c616f9b9085b50728fd3e3d0ef4fbfea92b324054d5d3e32e2b0c2b8c57e529c90b5757a2
+  metadata.gz: 7e4515512e9e08ca58895302fac1cffd954683aba481f2dda77d93c88d7695ecef403373e8314a442c9d8146d98d85e7beb894f195bf59631968933f46bcc489
+  data.tar.gz: 67e97c27c4bf9db2a256c7258f983fb9bbfeed980aca6276f9d5b29b37cf4706a5f881327f84af572c47235313932b48b8b38abaa0a1d6519c9d69a3a02d3642

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.7
 
 Lint/RaiseException:
   Enabled: true

data/Gemfile.lock

@@ -1,8 +1,8 @@
 PATH
   remote: .
   specs:
-    quayio-scanner (0.3.2)
-      docker-api (~> 1.33)
+    quayio-scanner (0.4.0)
+      docker-api (~> 2.4)
       rest-client (~> 2.1)
       sensu-plugin (~> 4.0)
 
@@ -10,63 +10,66 @@ GEM
   remote: https://rubygems.org/
   specs:
     ast (2.4.2)
-    diff-lcs (1.5.0)
-    docker-api (1.34.2)
-      excon (>= 0.47.0)
+    diff-lcs (1.5.1)
+    docker-api (2.4.0)
+      excon (>= 0.64.0)
       multi_json
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
-    excon (0.92.3)
+    domain_name (0.6.20240107)
+    excon (1.2.3)
     http-accept (1.7.0)
-    http-cookie (1.0.5)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
-    jaro_winkler (1.5.4)
-    json (2.6.2)
-    mime-types (3.4.1)
+    json (2.9.1)
+    logger (1.6.5)
+    mime-types (3.6.0)
+      logger
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
+    mime-types-data (3.2025.0204)
     mixlib-cli (1.7.0)
     multi_json (1.15.0)
     netrc (0.11.0)
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    parallel (1.26.3)
+    parser (3.3.7.1)
       ast (~> 2.4.1)
+      racc
+    racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.0.6)
+    rake (13.2.1)
+    regexp_parser (2.10.0)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.5)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rexml (3.4.0)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.3)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.2)
+    rubocop (0.93.1)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8)
       rexml
+      rubocop-ast (>= 0.6.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    ruby-progressbar (1.11.0)
+    rubocop-ast (1.38.0)
+      parser (>= 3.3.1.0)
+    ruby-progressbar (1.13.0)
     sensu-plugin (4.0.0)
       json (< 3.0.0)
       mixlib-cli (~> 1.5)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
     unicode-display_width (1.8.0)
 
 PLATFORMS
@@ -77,7 +80,7 @@ DEPENDENCIES
   quayio-scanner!
   rake (~> 13.0)
   rspec (~> 3.7)
-  rubocop (~> 0.49, <= 0.81)
+  rubocop (~> 0.93)
 
 BUNDLED WITH
    2.1.4

data/README.md

@@ -25,11 +25,12 @@ This plugin attempts to fetch vulnerabilities for all running containers
 
 ### Parameters
 
-| Parameter     | Description             |
-|---------------|-------------------------|
-| -d URL        | Docker URL              |
-| -t TOKEN      | Quay.io oauth token     |
-| -w WHITELIST  | Vulnerability whitelist |
+| Parameter                | Description                             |
+|--------------------------|-----------------------------------------|
+| -d URL                   | Docker URL                              |
+| -t TOKEN                 | Quay.io oauth token                     |
+| -w WHITELIST[,WHITELIST] | Vulnerability whitelist                 |
+| -n NAMESPACE[,NAMESPACE] | Namespaces (quay.io scanners) to ignore |
 
 ### Example
 

data/bin/check-container-vulnerabilities.rb

@@ -44,10 +44,18 @@ class CheckContainerVulnerabilities < Sensu::Plugin::Check::CLI
          default: '',
          proc: proc { |w| w.split(',') }
 
+  option :ignore_namespace_names,
+         description: 'Namespace names to ignore',
+         short: '-n NAMESPACE_NAME[,NAMESPACE_NAME]',
+         long: '--ignore-namespace-names NAMESPACE_NAME[,NAMESPACE_NAME]',
+         default: '',
+         proc: proc { |w| w.split(',') }
+
   def run
     status, message = Quayio::Scanner::Check.new(config[:docker_url],
                                                  config[:quayio_token],
-                                                 config[:whitelist]).run
+                                                 config[:whitelist],
+                                                 config[:ignore_namespace_names]).run
 
     if status == :ok
       ok message

data/lib/quayio/scanner/check.rb

@@ -2,7 +2,7 @@ require 'docker'
 
 module Quayio
   module Scanner
-    Check = Struct.new(:docker_url, :quayio_token, :whitelist) do
+    Check = Struct.new(:docker_url, :quayio_token, :whitelist, :ignore_namespace_names) do
       def run
         Docker.url = docker_url
 
@@ -27,7 +27,7 @@ module Quayio
 
       def vulnerable_images
         containers
-          .map { |container| Image.new(container, quayio_token, whitelist) }
+          .map { |container| Image.new(container, quayio_token, whitelist, ignore_namespace_names) }
           .select(&:vulnerable?)
           .map(&:name)
       end

data/lib/quayio/scanner/image.rb

@@ -5,11 +5,12 @@ module Quayio
       QUAY_IO_REPO_NAME =
         %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
 
-      attr_reader :name, :whitelist, :repository
+      attr_reader :name, :whitelist, :repository, :ignore_namespace_names
 
-      def initialize(name, quayio_token, whitelist)
+      def initialize(name, quayio_token, whitelist, ignore_namespace_names)
         @name = name
         @whitelist = whitelist
+        @ignore_namespace_names = ignore_namespace_names
 
         @name.match(QUAY_IO_REPO_NAME) do |r|
           org, repo, tag = r.captures
@@ -36,7 +37,8 @@ module Quayio
         !raw_scan['data']['Layer']['Features'].detect do |f|
           f['Vulnerabilities']&.detect do |v|
             RELEVANT_SEVERITIES.include?(v['Severity']) && \
-              !whitelist.include?(v['Name'])
+              !whitelist.include?(v['Name']) && \
+              !ignore_namespace_names.include?(v['NamespaceName'])
           end
         end.nil?
       end

data/lib/quayio/scanner/repository.rb

@@ -23,22 +23,20 @@ module Quayio
 
       def api_call(uri)
         (1..Float::INFINITY).each do |attempt|
-          begin
-            response = RestClient.get(
-              "https://quay.io/api/v1/repository/#{org}/#{repo}#{uri}",
-              authorization: "Bearer #{quayio_token}",
-              accept: :json,
-              open_timeout: 15
-            )
-            return JSON.parse(response)
-          rescue RestClient::Exception => e
-            raise e if attempt >= MAX_ATTEMPTS
-
-            # retry later, if we hit cdn rate limiting or on connection errors
-            raise e unless e.http_code == 520 || e.http_code.nil?
-
-            sleep(rand(10))
-          end
+          response = RestClient.get(
+            "https://quay.io/api/v1/repository/#{org}/#{repo}#{uri}",
+            authorization: "Bearer #{quayio_token}",
+            accept: :json,
+            open_timeout: 15
+          )
+          return JSON.parse(response)
+        rescue RestClient::Exception => e
+          raise e if attempt >= MAX_ATTEMPTS
+
+          # retry later, if we hit cdn rate limiting or on connection errors
+          raise e unless e.http_code == 520 || e.http_code.nil?
+
+          sleep(rand(10))
         end
       end
     end

data/lib/quayio/scanner/version.rb

@@ -1,5 +1,5 @@
 module Quayio
   module Scanner
-    VERSION = '0.3.2'.freeze
+    VERSION = '0.4.1'.freeze
   end
 end

data/quayio-scanner.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/aboutsource/quayio-scanner'
   spec.license       = 'MIT'
 
-  spec.required_ruby_version = '>= 2.3.0'
+  spec.required_ruby_version = '>= 2.7.0'
 
   spec.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
   spec.executables   = Dir.glob('bin/**/*.rb').map { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'docker-api', '~> 1.33'
+  spec.add_dependency 'docker-api', '~> 2.4'
   spec.add_dependency 'rest-client', '~> 2.1'
   spec.add_dependency 'sensu-plugin', '~> 4.0'
   spec.add_development_dependency 'bundler', '~> 2.1'
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.7'
-  spec.add_development_dependency 'rubocop', '~> 0.49', '<= 0.81'
+  spec.add_development_dependency 'rubocop', '~> 0.93'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: quayio-scanner
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.1
 platform: ruby
 authors:
 - Benjamin Meichsner
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-02 00:00:00.000000000 Z
+date: 2025-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docker-api
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.33'
+        version: '2.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.33'
+        version: '2.4'
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
@@ -100,21 +100,15 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.49'
-    - - "<="
-      - !ruby/object:Gem::Version
-        version: '0.81'
+        version: '0.93'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.49'
-    - - "<="
-      - !ruby/object:Gem::Version
-        version: '0.81'
-description: 
+        version: '0.93'
+description:
 email:
 - benjamin.meichsner@aboutsource.net
 executables:
@@ -142,7 +136,7 @@ homepage: https://github.com/aboutsource/quayio-scanner
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -150,7 +144,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -158,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.2
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Scan quay.io for vulnerabilities in running docker containers.
 test_files: []