quayio-scanner 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1eacf83494b11fb31f062ba8e916628d2477ba13ec76cc83ef8f98091c2b0313
-  data.tar.gz: 3bdf57c972fa6e1aa5e500cc3e887e7f4ea33498644dcd7b8a90ed0e93d9d24a
+  metadata.gz: 5c3eabc5c737c5a7e3e6c104f221de20f4dc1be4e91bb54241f308f5367b84c5
+  data.tar.gz: 457e6d878eb67842929377ffe54589efe832335275c4a0ef0ea5845ea9d68fd0
 SHA512:
-  metadata.gz: b7ffabd2e0523bce627fd779519c25828546e6591c6cbdbbc536ffcd783b1898f3c88eab366d84bca14b1ed6b51f62cafd258bad6ab83e1cc5364db22c92c5b5
-  data.tar.gz: 4dc30215d24326a4494cc06edd31cfb226682060c819d1d972c5bf114e569ca9978871072ab20382bdc7126d84050e027dd2c2bbe9b8e538546fc2d3b5a36484
+  metadata.gz: a89b445dfb42e088056cfa4b07634eb7fab13b5d7a5d342a39188f660e8b7da7f521d04b76540c084f59b364b7af322ae3718d017c56c100a556e9baffa8231c
+  data.tar.gz: e459485a56218b2305bfe7294f2936fba44cb1d063ac0951060290a5c77e6ad8aaa341e2ffa1dd4e0dcab13583ff64cda96e861ccac0ed6f3be030fdb308e2e0

data/.rubocop.yml

@@ -1,14 +1,28 @@
 AllCops:
   TargetRubyVersion: 2.3
 
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
+
+Metrics:
+  Enabled: false
+
+
 Style/FrozenStringLiteralComment:
   Enabled: false
 
 Style/Documentation:
   Enabled: false
 
-Metrics/MethodLength:
-  Max: 50
+Style/HashEachMethods:
+  Enabled: true
+
+Style/HashTransformKeys:
+  Enabled: true
 
-Metrics/BlockLength:
-  Max: 200
+Style/HashTransformValues:
+  Enabled: true

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    quayio-scanner (0.3.0)
+    quayio-scanner (0.3.1)
       docker-api (~> 1.33)
       rest-client (~> 2.1)
       sensu-plugin (~> 4.0)
@@ -16,11 +16,12 @@ GEM
       multi_json
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    excon (0.92.1)
+    excon (0.92.3)
     http-accept (1.7.0)
-    http-cookie (1.0.4)
+    http-cookie (1.0.5)
       domain_name (~> 0.5)
-    json (2.6.1)
+    jaro_winkler (1.5.4)
+    json (2.6.2)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2022.0105)
@@ -28,11 +29,10 @@ GEM
     multi_json (1.15.0)
     netrc (0.11.0)
     parallel (1.22.1)
-    parser (3.1.1.0)
+    parser (3.1.2.0)
       ast (~> 2.4.1)
     rainbow (3.1.1)
-    rake (10.5.0)
-    regexp_parser (2.2.1)
+    rake (13.0.6)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -48,28 +48,25 @@ GEM
     rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
     rspec-support (3.11.0)
-    rubocop (0.93.1)
+    rubocop (0.81.0)
+      jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8)
       rexml
-      rubocop-ast (>= 0.6.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.16.0)
-      parser (>= 3.1.1.0)
     ruby-progressbar (1.11.0)
     sensu-plugin (4.0.0)
       json (< 3.0.0)
       mixlib-cli (~> 1.5)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8.1)
+    unf_ext (0.0.8.2)
     unicode-display_width (1.8.0)
 
 PLATFORMS
@@ -78,9 +75,9 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 2.1)
   quayio-scanner!
-  rake (~> 10.0)
+  rake (~> 13.0)
   rspec (~> 3.7)
-  rubocop (~> 0.49)
+  rubocop (~> 0.49, <= 0.81)
 
 BUNDLED WITH
-   2.2.23
+   2.1.4

data/LICENSE/json/LICENSE.txt

@@ -0,0 +1,56 @@
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
+You can redistribute it and/or modify it under either the terms of the
+2-clause BSDL (see the file BSDL), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or binary form,
+     provided that you do at least ONE of the following:
+
+       a) distribute the binaries and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard binaries non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under these terms.
+
+     For the list of those files and their copying conditions, see the
+     file LEGAL.
+
+  5. The scripts and library files supplied as input to or produced as
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them,
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

data/README.md

@@ -1,6 +1,7 @@
 # Quayio::Scanner
 
-Scan quay.io for vulnerabilties in running docker containers. Implemented as sensu check.
+Quayio Scanner translates critical vulnerabilities in running docker containers
+into Sensu check results to transform vulnerability scans into actionable alerts.
 
 ## Installation
 
@@ -18,15 +19,34 @@ Or install it yourself as:
 
     $ gem install quayio-scanner
 
+## USAGE
+
+This plugin attempts to fetch vulnerabilities for all running containers
+
+### Parameters
+
+| Parameter     | Description             |
+|---------------|-------------------------|
+| -d URL        | Docker URL              |
+| -t TOKEN      | Quay.io oauth token     |
+| -w WHITELIST  | Vulnerability whitelist |
+
+### Example
+
+    $ check-container-vulnerabilities.rb --docker-url unix:///var/run/docker.sock --quayio-token AccessTokenGoesHere
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/aboutsource/quayio-scanner.
 
-
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
 
+### json
+
+Copyright 2019 - present [Florian Frank](mailto:flori@ping.de) - The gem [json](https://github.com/flori/json/) is distributed under the [Ruby License](LICENSE/json/LICENSE.txt).
+
 ## Security
 
-* [Snyk](https://app.snyk.io/org/about-source/project/6eb2d381-87e7-49c4-a47f-ccad97f33ae3)
+- [Snyk](https://app.snyk.io/org/about-source/project/6eb2d381-87e7-49c4-a47f-ccad97f33ae3)

data/bin/check-container-vulnerabilities.rb

@@ -4,7 +4,7 @@
 #
 # DESCRIPTION:
 #
-#   This plugin attempts to fetch vulnerabilties for all running containers
+#   This plugin attempts to fetch vulnerabilities for all running containers
 #
 # OUTPUT:
 #   plain text
@@ -18,7 +18,8 @@
 #   gem: rest-client
 #
 # USAGE:
-#   ./check-container-vulnerabilities.rb -d <docker-url> -t <quay-io-oauth-token>
+#   ./check-container-vulnerabilities.rb \
+#     -d <docker-url> -t <quay-io-oauth-token>
 #
 
 require 'sensu-plugin/check/cli'

data/lib/quayio/scanner/check.rb

@@ -9,7 +9,10 @@ module Quayio
         if vulnerable_images.empty?
           [:ok, "#{containers.size} Containers are ok"]
         else
-          [:critical, "The images are insecure: #{vulnerable_images.join(', ')}"]
+          [
+            :critical,
+            "The images are insecure: #{vulnerable_images.join(', ')}"
+          ]
         end
       end
 

data/lib/quayio/scanner/image.rb

@@ -2,7 +2,8 @@ module Quayio
   module Scanner
     class Image
       RELEVANT_SEVERITIES = %w[High Critical].freeze
-      QUAY_IO_REPO_NAME = %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
+      QUAY_IO_REPO_NAME =
+        %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
 
       attr_reader :name, :whitelist, :repository
 
@@ -24,7 +25,7 @@ module Quayio
 
       def quayio?
         # safe guard, do not trust QUAY_IO_REPO_NAME regex match
-        !!name.match(%r{^quay.io\/})
+        name.match?(%r{^quay.io\/})
       end
 
       def scanned?
@@ -32,11 +33,12 @@ module Quayio
       end
 
       def vulnerabilities_present?
-        !!raw_scan['data']['Layer']['Features'].detect do |f|
+        !raw_scan['data']['Layer']['Features'].detect do |f|
           f['Vulnerabilities']&.detect do |v|
-            RELEVANT_SEVERITIES.include?(v['Severity']) && !whitelist.include?(v['Name'])
+            RELEVANT_SEVERITIES.include?(v['Severity']) &&\
+            !whitelist.include?(v['Name'])
           end
-        end
+        end.nil?
       end
 
       def raw_scan

data/lib/quayio/scanner/repository.rb

@@ -18,7 +18,7 @@ module Quayio
 
       def fetch_manifest_ref
         result = api_call("/tag/?specificTag=#{tag}&onlyActiveTags=1")
-        (result['tags'].first)['manifest_digest']
+        result['tags'].first['manifest_digest']
       end
 
       def api_call(uri)

data/lib/quayio/scanner/version.rb

@@ -1,5 +1,5 @@
 module Quayio
   module Scanner
-    VERSION = '0.3.0'.freeze
+    VERSION = '0.3.1'.freeze
   end
 end

data/quayio-scanner.gemspec

@@ -8,7 +8,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ['Benjamin Meichsner']
   spec.email         = ['benjamin.meichsner@aboutsource.net']
 
-  spec.summary       = 'Scan quay.io for vulnerabilties in running docker containers.'
+  spec.summary       = 'Scan quay.io for vulnerabilities in '\
+                       'running docker containers.'
   spec.homepage      = 'https://github.com/aboutsource/quayio-scanner'
   spec.license       = 'MIT'
 
@@ -17,14 +18,14 @@ Gem::Specification.new do |spec|
   spec.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
-  spec.executables   = Dir.glob('bin/**/*.rb').map { |file| File.basename(file) }
+  spec.executables   = Dir.glob('bin/**/*.rb').map { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
   spec.add_dependency 'docker-api', '~> 1.33'
   spec.add_dependency 'rest-client', '~> 2.1'
   spec.add_dependency 'sensu-plugin', '~> 4.0'
   spec.add_development_dependency 'bundler', '~> 2.1'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.7'
-  spec.add_development_dependency 'rubocop', '~> 0.49'
+  spec.add_development_dependency 'rubocop', '~> 0.49', '<= 0.81'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: quayio-scanner
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Benjamin Meichsner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-29 00:00:00.000000000 Z
+date: 2022-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docker-api
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -101,6 +101,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.49'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '0.81'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -108,6 +111,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.49'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '0.81'
 description: 
 email:
 - benjamin.meichsner@aboutsource.net
@@ -122,6 +128,7 @@ files:
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
+- LICENSE/json/LICENSE.txt
 - README.md
 - Rakefile
 - bin/check-container-vulnerabilities.rb
@@ -153,5 +160,5 @@ requirements: []
 rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
-summary: Scan quay.io for vulnerabilties in running docker containers.
+summary: Scan quay.io for vulnerabilities in running docker containers.
 test_files: []