quayio-scanner 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +1 -1
  3. data/Gemfile.lock +39 -36
  4. data/README.md +6 -5
  5. data/lib/quayio/scanner/repository.rb +14 -16
  6. data/lib/quayio/scanner/version.rb +1 -1
  7. data/quayio-scanner.gemspec +3 -3
  8. metadata +8 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: de92233c0413236dfeb715ffc2bdf3b0355a7cd7a6cbf1bb8ba1507381b71ac5
4
- data.tar.gz: 9903c847f82a53e14db535eaced022c774288e89b53ffaf765b3abfa4d40df11
3
+ metadata.gz: 2ab390e409e94c94ca9097786c8ff05a4c94e24b40d0fd78d2621f8bd752c60c
4
+ data.tar.gz: c0c4030b04c344eec2bce1f28e40179c0fed6e7db9660c2d62e514f2ee0a2e56
5
5
  SHA512:
6
- metadata.gz: 4c216489fe912aa1a7ec9e6fc504aa241c872b809502c47bdcb72565b8d3ab8dc33504072d5037ab43a06b9a5abf7564db28b7a3ffe7908f1230b2483cf8fefa
7
- data.tar.gz: a9e5c35ed78d30da1ef5ea51881ae5ad42fec33af3a5d04cf44bf598fd74a8b45555d4cc367d4f710d97099298223ff69fe9d1670e104608f94fa83889271dd5
6
+ metadata.gz: 7e4515512e9e08ca58895302fac1cffd954683aba481f2dda77d93c88d7695ecef403373e8314a442c9d8146d98d85e7beb894f195bf59631968933f46bcc489
7
+ data.tar.gz: 67e97c27c4bf9db2a256c7258f983fb9bbfeed980aca6276f9d5b29b37cf4706a5f881327f84af572c47235313932b48b8b38abaa0a1d6519c9d69a3a02d3642
data/.rubocop.yml CHANGED
@@ -1,5 +1,5 @@
1
1
  AllCops:
2
- TargetRubyVersion: 2.3
2
+ TargetRubyVersion: 2.7
3
3
 
4
4
  Lint/RaiseException:
5
5
  Enabled: true
data/Gemfile.lock CHANGED
@@ -1,8 +1,8 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- quayio-scanner (0.3.2)
5
- docker-api (~> 1.33)
4
+ quayio-scanner (0.4.0)
5
+ docker-api (~> 2.4)
6
6
  rest-client (~> 2.1)
7
7
  sensu-plugin (~> 4.0)
8
8
 
@@ -10,63 +10,66 @@ GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
12
  ast (2.4.2)
13
- diff-lcs (1.5.0)
14
- docker-api (1.34.2)
15
- excon (>= 0.47.0)
13
+ diff-lcs (1.5.1)
14
+ docker-api (2.4.0)
15
+ excon (>= 0.64.0)
16
16
  multi_json
17
- domain_name (0.5.20190701)
18
- unf (>= 0.0.5, < 1.0.0)
19
- excon (0.92.3)
17
+ domain_name (0.6.20240107)
18
+ excon (1.2.3)
20
19
  http-accept (1.7.0)
21
- http-cookie (1.0.5)
20
+ http-cookie (1.0.8)
22
21
  domain_name (~> 0.5)
23
- jaro_winkler (1.5.4)
24
- json (2.6.2)
25
- mime-types (3.4.1)
22
+ json (2.9.1)
23
+ logger (1.6.5)
24
+ mime-types (3.6.0)
25
+ logger
26
26
  mime-types-data (~> 3.2015)
27
- mime-types-data (3.2022.0105)
27
+ mime-types-data (3.2025.0204)
28
28
  mixlib-cli (1.7.0)
29
29
  multi_json (1.15.0)
30
30
  netrc (0.11.0)
31
- parallel (1.22.1)
32
- parser (3.1.2.0)
31
+ parallel (1.26.3)
32
+ parser (3.3.7.1)
33
33
  ast (~> 2.4.1)
34
+ racc
35
+ racc (1.8.1)
34
36
  rainbow (3.1.1)
35
- rake (13.0.6)
37
+ rake (13.2.1)
38
+ regexp_parser (2.10.0)
36
39
  rest-client (2.1.0)
37
40
  http-accept (>= 1.7.0, < 2.0)
38
41
  http-cookie (>= 1.0.2, < 2.0)
39
42
  mime-types (>= 1.16, < 4.0)
40
43
  netrc (~> 0.8)
41
- rexml (3.2.5)
42
- rspec (3.11.0)
43
- rspec-core (~> 3.11.0)
44
- rspec-expectations (~> 3.11.0)
45
- rspec-mocks (~> 3.11.0)
46
- rspec-core (3.11.0)
47
- rspec-support (~> 3.11.0)
48
- rspec-expectations (3.11.0)
44
+ rexml (3.4.0)
45
+ rspec (3.13.0)
46
+ rspec-core (~> 3.13.0)
47
+ rspec-expectations (~> 3.13.0)
48
+ rspec-mocks (~> 3.13.0)
49
+ rspec-core (3.13.3)
50
+ rspec-support (~> 3.13.0)
51
+ rspec-expectations (3.13.3)
49
52
  diff-lcs (>= 1.2.0, < 2.0)
50
- rspec-support (~> 3.11.0)
51
- rspec-mocks (3.11.1)
53
+ rspec-support (~> 3.13.0)
54
+ rspec-mocks (3.13.2)
52
55
  diff-lcs (>= 1.2.0, < 2.0)
53
- rspec-support (~> 3.11.0)
54
- rspec-support (3.11.0)
55
- rubocop (0.81.0)
56
- jaro_winkler (~> 1.5.1)
56
+ rspec-support (~> 3.13.0)
57
+ rspec-support (3.13.2)
58
+ rubocop (0.93.1)
57
59
  parallel (~> 1.10)
58
- parser (>= 2.7.0.1)
60
+ parser (>= 2.7.1.5)
59
61
  rainbow (>= 2.2.2, < 4.0)
62
+ regexp_parser (>= 1.8)
60
63
  rexml
64
+ rubocop-ast (>= 0.6.0)
61
65
  ruby-progressbar (~> 1.7)
62
66
  unicode-display_width (>= 1.4.0, < 2.0)
63
- ruby-progressbar (1.11.0)
67
+ rubocop-ast (1.38.0)
68
+ parser (>= 3.3.1.0)
69
+ ruby-progressbar (1.13.0)
64
70
  sensu-plugin (4.0.0)
65
71
  json (< 3.0.0)
66
72
  mixlib-cli (~> 1.5)
67
- unf (0.1.4)
68
- unf_ext
69
- unf_ext (0.0.8.2)
70
73
  unicode-display_width (1.8.0)
71
74
 
72
75
  PLATFORMS
@@ -77,7 +80,7 @@ DEPENDENCIES
77
80
  quayio-scanner!
78
81
  rake (~> 13.0)
79
82
  rspec (~> 3.7)
80
- rubocop (~> 0.49, <= 0.81)
83
+ rubocop (~> 0.93)
81
84
 
82
85
  BUNDLED WITH
83
86
  2.1.4
data/README.md CHANGED
@@ -25,11 +25,12 @@ This plugin attempts to fetch vulnerabilities for all running containers
25
25
 
26
26
  ### Parameters
27
27
 
28
- | Parameter | Description |
29
- |---------------|-------------------------|
30
- | -d URL | Docker URL |
31
- | -t TOKEN | Quay.io oauth token |
32
- | -w WHITELIST | Vulnerability whitelist |
28
+ | Parameter | Description |
29
+ |--------------------------|-----------------------------------------|
30
+ | -d URL | Docker URL |
31
+ | -t TOKEN | Quay.io oauth token |
32
+ | -w WHITELIST[,WHITELIST] | Vulnerability whitelist |
33
+ | -n NAMESPACE[,NAMESPACE] | Namespaces (quay.io scanners) to ignore |
33
34
 
34
35
  ### Example
35
36
 
data/lib/quayio/scanner/repository.rb CHANGED
@@ -23,22 +23,20 @@ module Quayio
23
23
 
24
24
  def api_call(uri)
25
25
  (1..Float::INFINITY).each do |attempt|
26
- begin
27
- response = RestClient.get(
28
- "https://quay.io/api/v1/repository/#{org}/#{repo}#{uri}",
29
- authorization: "Bearer #{quayio_token}",
30
- accept: :json,
31
- open_timeout: 15
32
- )
33
- return JSON.parse(response)
34
- rescue RestClient::Exception => e
35
- raise e if attempt >= MAX_ATTEMPTS
36
-
37
- # retry later, if we hit cdn rate limiting or on connection errors
38
- raise e unless e.http_code == 520 || e.http_code.nil?
39
-
40
- sleep(rand(10))
41
- end
26
+ response = RestClient.get(
27
+ "https://quay.io/api/v1/repository/#{org}/#{repo}#{uri}",
28
+ authorization: "Bearer #{quayio_token}",
29
+ accept: :json,
30
+ open_timeout: 15
31
+ )
32
+ return JSON.parse(response)
33
+ rescue RestClient::Exception => e
34
+ raise e if attempt >= MAX_ATTEMPTS
35
+
36
+ # retry later, if we hit cdn rate limiting or on connection errors
37
+ raise e unless e.http_code == 520 || e.http_code.nil?
38
+
39
+ sleep(rand(10))
42
40
  end
43
41
  end
44
42
  end
data/lib/quayio/scanner/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Quayio
2
2
  module Scanner
3
- VERSION = '0.4.0'.freeze
3
+ VERSION = '0.4.1'.freeze
4
4
  end
5
5
  end
data/quayio-scanner.gemspec CHANGED
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
13
13
  spec.homepage = 'https://github.com/aboutsource/quayio-scanner'
14
14
  spec.license = 'MIT'
15
15
 
16
- spec.required_ruby_version = '>= 2.3.0'
16
+ spec.required_ruby_version = '>= 2.7.0'
17
17
 
18
18
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
19
19
  f.match(%r{^(test|spec|features)/})
@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
21
21
  spec.executables = Dir.glob('bin/**/*.rb').map { |f| File.basename(f) }
22
22
  spec.require_paths = ['lib']
23
23
 
24
- spec.add_dependency 'docker-api', '~> 1.33'
24
+ spec.add_dependency 'docker-api', '~> 2.4'
25
25
  spec.add_dependency 'rest-client', '~> 2.1'
26
26
  spec.add_dependency 'sensu-plugin', '~> 4.0'
27
27
  spec.add_development_dependency 'bundler', '~> 2.1'
28
28
  spec.add_development_dependency 'rake', '~> 13.0'
29
29
  spec.add_development_dependency 'rspec', '~> 3.7'
30
- spec.add_development_dependency 'rubocop', '~> 0.49', '<= 0.81'
30
+ spec.add_development_dependency 'rubocop', '~> 0.93'
31
31
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quayio-scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benjamin Meichsner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-02-20 00:00:00.000000000 Z
11
+ date: 2025-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docker-api
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.33'
19
+ version: '2.4'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.33'
26
+ version: '2.4'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rest-client
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,20 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '0.49'
104
- - - "<="
105
- - !ruby/object:Gem::Version
106
- version: '0.81'
103
+ version: '0.93'
107
104
  type: :development
108
105
  prerelease: false
109
106
  version_requirements: !ruby/object:Gem::Requirement
110
107
  requirements:
111
108
  - - "~>"
112
109
  - !ruby/object:Gem::Version
113
- version: '0.49'
114
- - - "<="
115
- - !ruby/object:Gem::Version
116
- version: '0.81'
110
+ version: '0.93'
117
111
  description:
118
112
  email:
119
113
  - benjamin.meichsner@aboutsource.net
@@ -150,14 +144,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
150
144
  requirements:
151
145
  - - ">="
152
146
  - !ruby/object:Gem::Version
153
- version: 2.3.0
147
+ version: 2.7.0
154
148
  required_rubygems_version: !ruby/object:Gem::Requirement
155
149
  requirements:
156
150
  - - ">="
157
151
  - !ruby/object:Gem::Version
158
152
  version: '0'
159
153
  requirements: []
160
- rubygems_version: 3.3.25
154
+ rubygems_version: 3.1.2
161
155
  signing_key:
162
156
  specification_version: 4
163
157
  summary: Scan quay.io for vulnerabilities in running docker containers.