quayio-scanner 0.2.3 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +29 -29
  3. data/lib/quayio/scanner/image.rb +1 -1
  4. data/lib/quayio/scanner/repository.rb +8 -8
  5. data/lib/quayio/scanner/version.rb +1 -1
  6. data/quayio-scanner.gemspec +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ec3e0ce31e72f8fb58ce5bb62ec17af8395f8cbb0dfe6825bd8409e8388167a3
4
- data.tar.gz: af37eec22d47077ad5c6cdb761b18071864ab628d459b15ed7130c645a09edc4
3
+ metadata.gz: 1eacf83494b11fb31f062ba8e916628d2477ba13ec76cc83ef8f98091c2b0313
4
+ data.tar.gz: 3bdf57c972fa6e1aa5e500cc3e887e7f4ea33498644dcd7b8a90ed0e93d9d24a
5
5
  SHA512:
6
- metadata.gz: 194cca2abb4781442a8730a9ad0afb5097bc0e63d9dcd1a4c1dc0c92c6832af5020fd3e8dceb44fa5cd9c56da8bff986669146cd2ba8c141c165203fa5d09ee2
7
- data.tar.gz: 4ac42a474343fae8c5ce01141cf85ebf514a3d37050fc93f28f7cb5202c231ab1976b94112f7aff278a00c3fac3082a7f1f454e0291ac60b9e7be764689a8d1c
6
+ metadata.gz: b7ffabd2e0523bce627fd779519c25828546e6591c6cbdbbc536ffcd783b1898f3c88eab366d84bca14b1ed6b51f62cafd258bad6ab83e1cc5364db22c92c5b5
7
+ data.tar.gz: 4dc30215d24326a4494cc06edd31cfb226682060c819d1d972c5bf114e569ca9978871072ab20382bdc7126d84050e027dd2c2bbe9b8e538546fc2d3b5a36484
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- quayio-scanner (0.2.3)
4
+ quayio-scanner (0.3.0)
5
5
  docker-api (~> 1.33)
6
6
  rest-client (~> 2.1)
7
7
  sensu-plugin (~> 4.0)
@@ -9,49 +9,49 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- ast (2.4.1)
13
- diff-lcs (1.4.4)
12
+ ast (2.4.2)
13
+ diff-lcs (1.5.0)
14
14
  docker-api (1.34.2)
15
15
  excon (>= 0.47.0)
16
16
  multi_json
17
17
  domain_name (0.5.20190701)
18
18
  unf (>= 0.0.5, < 1.0.0)
19
- excon (0.85.0)
19
+ excon (0.92.1)
20
20
  http-accept (1.7.0)
21
21
  http-cookie (1.0.4)
22
22
  domain_name (~> 0.5)
23
- json (2.5.1)
24
- mime-types (3.3.1)
23
+ json (2.6.1)
24
+ mime-types (3.4.1)
25
25
  mime-types-data (~> 3.2015)
26
- mime-types-data (3.2021.0704)
26
+ mime-types-data (3.2022.0105)
27
27
  mixlib-cli (1.7.0)
28
28
  multi_json (1.15.0)
29
29
  netrc (0.11.0)
30
- parallel (1.19.2)
31
- parser (2.7.2.0)
30
+ parallel (1.22.1)
31
+ parser (3.1.1.0)
32
32
  ast (~> 2.4.1)
33
- rainbow (3.0.0)
33
+ rainbow (3.1.1)
34
34
  rake (10.5.0)
35
- regexp_parser (1.8.2)
35
+ regexp_parser (2.2.1)
36
36
  rest-client (2.1.0)
37
37
  http-accept (>= 1.7.0, < 2.0)
38
38
  http-cookie (>= 1.0.2, < 2.0)
39
39
  mime-types (>= 1.16, < 4.0)
40
40
  netrc (~> 0.8)
41
- rexml (3.2.4)
42
- rspec (3.9.0)
43
- rspec-core (~> 3.9.0)
44
- rspec-expectations (~> 3.9.0)
45
- rspec-mocks (~> 3.9.0)
46
- rspec-core (3.9.3)
47
- rspec-support (~> 3.9.3)
48
- rspec-expectations (3.9.3)
41
+ rexml (3.2.5)
42
+ rspec (3.11.0)
43
+ rspec-core (~> 3.11.0)
44
+ rspec-expectations (~> 3.11.0)
45
+ rspec-mocks (~> 3.11.0)
46
+ rspec-core (3.11.0)
47
+ rspec-support (~> 3.11.0)
48
+ rspec-expectations (3.11.0)
49
49
  diff-lcs (>= 1.2.0, < 2.0)
50
- rspec-support (~> 3.9.0)
51
- rspec-mocks (3.9.1)
50
+ rspec-support (~> 3.11.0)
51
+ rspec-mocks (3.11.0)
52
52
  diff-lcs (>= 1.2.0, < 2.0)
53
- rspec-support (~> 3.9.0)
54
- rspec-support (3.9.4)
53
+ rspec-support (~> 3.11.0)
54
+ rspec-support (3.11.0)
55
55
  rubocop (0.93.1)
56
56
  parallel (~> 1.10)
57
57
  parser (>= 2.7.1.5)
@@ -61,22 +61,22 @@ GEM
61
61
  rubocop-ast (>= 0.6.0)
62
62
  ruby-progressbar (~> 1.7)
63
63
  unicode-display_width (>= 1.4.0, < 2.0)
64
- rubocop-ast (1.1.0)
65
- parser (>= 2.7.1.5)
66
- ruby-progressbar (1.10.1)
64
+ rubocop-ast (1.16.0)
65
+ parser (>= 3.1.1.0)
66
+ ruby-progressbar (1.11.0)
67
67
  sensu-plugin (4.0.0)
68
68
  json (< 3.0.0)
69
69
  mixlib-cli (~> 1.5)
70
70
  unf (0.1.4)
71
71
  unf_ext
72
- unf_ext (0.0.7.7)
73
- unicode-display_width (1.7.0)
72
+ unf_ext (0.0.8.1)
73
+ unicode-display_width (1.8.0)
74
74
 
75
75
  PLATFORMS
76
76
  ruby
77
77
 
78
78
  DEPENDENCIES
79
- bundler (~> 2.2)
79
+ bundler (~> 2.1)
80
80
  quayio-scanner!
81
81
  rake (~> 10.0)
82
82
  rspec (~> 3.7)
data/lib/quayio/scanner/image.rb CHANGED
@@ -2,7 +2,7 @@ module Quayio
2
2
  module Scanner
3
3
  class Image
4
4
  RELEVANT_SEVERITIES = %w[High Critical].freeze
5
- QUAY_IO_REPO_NAME = %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w\.-]+)}.freeze
5
+ QUAY_IO_REPO_NAME = %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
6
6
 
7
7
  attr_reader :name, :whitelist, :repository
8
8
 
data/lib/quayio/scanner/repository.rb CHANGED
@@ -6,19 +6,19 @@ module Quayio
6
6
  Repository = Struct.new(:quayio_token, :org, :repo, :tag) do
7
7
  MAX_ATTEMPTS = 5
8
8
 
9
- def id
10
- @id ||= fetch_id
11
- end
12
-
13
9
  def scan
14
- api_call("/image/#{id}/security?vulnerabilities=true")
10
+ api_call("/manifest/#{manifest_ref}/security?vulnerabilities=true")
15
11
  end
16
12
 
17
13
  private
18
14
 
19
- def fetch_id
20
- result = api_call("/tag/#{tag}/images")
21
- (result['images'].first)['id']
15
+ def manifest_ref
16
+ @manifest_ref ||= fetch_manifest_ref
17
+ end
18
+
19
+ def fetch_manifest_ref
20
+ result = api_call("/tag/?specificTag=#{tag}&onlyActiveTags=1")
21
+ (result['tags'].first)['manifest_digest']
22
22
  end
23
23
 
24
24
  def api_call(uri)
data/lib/quayio/scanner/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Quayio
2
2
  module Scanner
3
- VERSION = '0.2.3'.freeze
3
+ VERSION = '0.3.0'.freeze
4
4
  end
5
5
  end
data/quayio-scanner.gemspec CHANGED
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
23
23
  spec.add_dependency 'docker-api', '~> 1.33'
24
24
  spec.add_dependency 'rest-client', '~> 2.1'
25
25
  spec.add_dependency 'sensu-plugin', '~> 4.0'
26
- spec.add_development_dependency 'bundler', '~> 2.2'
26
+ spec.add_development_dependency 'bundler', '~> 2.1'
27
27
  spec.add_development_dependency 'rake', '~> 10.0'
28
28
  spec.add_development_dependency 'rspec', '~> 3.7'
29
29
  spec.add_development_dependency 'rubocop', '~> 0.49'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quayio-scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benjamin Meichsner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-03 00:00:00.000000000 Z
11
+ date: 2022-03-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docker-api
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '2.2'
61
+ version: '2.1'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '2.2'
68
+ version: '2.1'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement