PyPI - devsecops-engine-tools - Versions diffs - 1.42.3__py3-none-any.whl → 1.43.0__py3-none-any.whl - Mend

devsecops-engine-tools 1.42.3py3-none-any.whl → 1.43.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (11) hide show

devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py CHANGED Viewed

@@ -53,7 +53,7 @@ class GithubActions(DevopsPlatformGateway):
         return results.get(type)
     def get_source_code_management_uri(self):
-        return f"{SystemVariables.github_server_url}/{SystemVariables.github_repository}"
+        return f"{SystemVariables.github_server_url.value()}/{SystemVariables.github_repository.value()}"
     def get_base_compact_remote_config_url(self, remote_config_repo):
         github_repository = SystemVariables.github_repository.value()

devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py CHANGED Viewed

@@ -9,3 +9,7 @@ class ImagesGateway(metaclass=ABCMeta):
     @abstractmethod
     def get_base_image(self, image_to_scan) -> str:
         "get base image"
+    @abstractmethod
+    def validate_base_image_date(self, image_to_scan, referenced_date) -> str:
+        "validate base image date"

devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py CHANGED Viewed

@@ -22,7 +22,8 @@ class ContainerScaScan:
         secret_tool,
         token_engine_container,
         image_to_scan,
-        exclusions
+        exclusions,
+        pipeline_name,
     ):
         self.tool_run = tool_run
         self.remote_config = remote_config
@@ -33,6 +34,7 @@ class ContainerScaScan:
         self.token_engine_container = token_engine_container
         self.image_to_scan = image_to_scan
         self.exclusions = exclusions
+        self.pipeline_name = pipeline_name
     def get_image(self, image_to_scan):
         """
@@ -44,13 +46,13 @@ class ContainerScaScan:
         return self.tool_images.list_images(image_to_scan)
     def get_base_image(self, matching_image):
-            """
+        """
             Process the base image.
             Returns:
                 String: base image.
             """
-            return self.tool_images.get_base_image(matching_image)
+        return self.tool_images.get_base_image(matching_image)
     def get_images_already_scanned(self):
         """
@@ -70,6 +72,17 @@ class ContainerScaScan:
         with open("scanned_images.txt", "a") as file:
             file.write(result_file + "\n")
+    def validate_base_image_date(self, matching_image, referenced_date):
+        """
+        Process the base image date validation.
+        Returns:
+            string: base image date.
+        """
+        return self.tool_images.validate_base_image_date(
+            matching_image, referenced_date
+        )
     def process(self):
         """
         Process SCA scanning.
@@ -80,8 +93,17 @@ class ContainerScaScan:
         base_image = None
         image_scanned = None
         matching_image = self.get_image(self.image_to_scan)
-        if self.remote_config['GET_IMAGE_BASE']:
+        if self.remote_config["GET_IMAGE_BASE"]:
             base_image = self.get_base_image(matching_image)
+        if self.remote_config["VALIDATE_BASE_IMAGE_DATE"][
+            "ENABLED"
+        ] and not self.exclusions.get(self.pipeline_name, {}).get(
+            "VALIDATE_BASE_IMAGE_DATE"
+        ):
+            self.validate_base_image_date(
+                matching_image,
+                self.remote_config["VALIDATE_BASE_IMAGE_DATE"]["REFERENCE_IMAGE_DATE"],
+            )
         sbom_components = None
         generate_sbom = self.remote_config["SBOM"]["ENABLED"] and any(
             branch in str(self.branch)
@@ -98,7 +120,9 @@ class ContainerScaScan:
                 self.secret_tool,
                 self.token_engine_container,
                 image_name,
-                result_file, base_image, self.exclusions,
+                result_file,
+                base_image,
+                self.exclusions,
                 generate_sbom,
             )
             self.set_image_scanned(image_name)

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py CHANGED Viewed

@@ -1,3 +1,4 @@
+from datetime import datetime
 from devsecops_engine_tools.engine_sca.engine_container.src.domain.model.gateways.images_gateway import (
     ImagesGateway,
 )
@@ -33,18 +34,82 @@ class DockerImages(ImagesGateway):
             )
     def get_base_image(self, matching_image):
+        image_details = self.get_image_details(matching_image.id)
+        if not image_details:
+            return None
+        labels = image_details.get("Config", {}).get("Labels", {})
+        return self.extract_base_image_from_labels(labels, matching_image)
+    def validate_base_image_date(self, matching_image, referenced_date):
+        image_details = self.get_image_details(matching_image.id)
+        if not image_details:
+            return False
+        labels = image_details.get("Config", {}).get("Labels", {})
+        baseline_date = labels.get("x86.baseline.date")
+        if baseline_date:
+            date_image = self.parse_date(baseline_date)
+        else:
+            base_image = self.extract_base_image_from_labels(labels)
+            date_image = self.extract_date_from_image(base_image)
+        return self.validate_date(date_image, referenced_date)
+    def get_image_details(self, image_id):
         try:
             client = docker.from_env()
-            image_details = client.api.inspect_image(matching_image.id)
-            labels = image_details.get("Config", {}).get("Labels", {})
-            source_image = labels.get("x86.image.name")
-            if source_image:
-                logger.info(f"Base image for '{matching_image}' from source-image label: {source_image}")
-                return source_image
-            logger.warning(f"Base image not found for '{matching_image}'.")
+            return client.api.inspect_image(image_id)
+        except Exception as e:
+            logger.error(f"Error obtaining image details for '{image_id}': {e}")
             return None
+    def extract_base_image_from_labels(self, labels, matching_image=None):
+        try:
+            source_image = labels.get("x86.image.name") or labels.get(
+                "image.base.ref.name"
+            )
+            if not source_image:
+                source_image = labels.get("source_images") or labels.get("source-image")
+            if source_image and matching_image:
+                logger.info(f"Base image for '{matching_image}' found: {source_image}")
+            elif matching_image:
+                logger.warning(f"Base image not found for '{matching_image}'.")
+            return source_image
         except Exception as e:
-            logger.error(f"Error getting base image: {e}")
-            return None
+            logger.error(f"Error extracting base image from labels: {e}")
+            return None
+    def extract_date_from_image(self, image_name):
+        if not image_name:
+            return None
+        try:
+            date = image_name.split("_")[-1]
+            return self.parse_date(date)
+        except Exception as e:
+            logger.error(f"Error extracting date from image name '{image_name}': {e}")
+            return None
+    def parse_date(self, date_str):
+        try:
+            return datetime.strptime(date_str, "%Y%m%d")
+        except ValueError:
+            logger.error(f"Invalid date format: {date_str}")
+            return None
+    def validate_date(self, date, referenced_date):
+        if not date:
+            raise ValueError("Cannot validate date: Invalid or missing date.")
+        reference_date = self.parse_date(referenced_date)
+        if not reference_date:
+            raise ValueError("Cannot validate date: Referenced date is invalid.")
+        if date < reference_date:
+            raise ValueError(
+                f"Compliance issue: the source base image date ({date.strftime('%Y-%m-%d')}) is older than the referenced date ({reference_date.strftime('%Y-%m-%d')})."
+            )
+        return True

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py CHANGED Viewed

@@ -52,7 +52,8 @@ def init_engine_sca_rm(
             secret_tool,
             dict_args["token_engine_container"],
             image_to_scan,
-            exclusions
+            exclusions,
+            pipeline_name
         )
         image_scanned, base_image, sbom_components = container_sca_scan.process()
         if image_scanned:

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.42.3'
1	+ version = '1.43.0'

{devsecops_engine_tools-1.42.3.dist-info → devsecops_engine_tools-1.43.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.42.3
+Version: 1.43.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.42.3.dist-info → devsecops_engine_tools-1.43.0.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=qzzHq7sSQn1Shj9yLpQ0xtfFSp9OLCxD3g-f8vYp3ig,19
+devsecops_engine_tools/version.py,sha256=rgVE2760niT3XN1VMw-ZEBrUP7L5heut-fiAjEx9JwA,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -40,7 +40,7 @@ devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/azure/azur
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/defect_dojo/defect_dojo.py,sha256=ptzqoY7BkNO4jlna7Uw30mreKZfspwBRqEZMAbhRka4,29969
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=cn9VGDaD9gUnJrLn9vEkQvfqYHIJftGE9ZACHEUOUxo,4132
+devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/github/github_actions.py,sha256=RbZS__LXeeztxumSKZ0aqmkQwKL39q1xdkJDVV_QSMU,4148
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_pretty_table/printer_pretty_table.py,sha256=NkXu7JYoCHXIx0HzHl4DhdLGEpocPMIqs2L0ADS-RcI,5369
 devsecops_engine_tools/engine_core/src/infrastructure/driven_adapters/printer_rich_table/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -198,16 +198,16 @@ devsecops_engine_tools/engine_sca/engine_container/src/domain/__init__.py,sha256
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py,sha256=sE7-GnNSNLWbA1H0mvTwXmxcOJXl8uvw-0hxMyX4oMc,290
-devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py,sha256=cXafS4v7tflUAaqf9t468gL8P6Wa9hY09BTNzKIuAWQ,277
+devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py,sha256=U72tVbOdR75FlitYGp4Wrj7_ZPz0WRsSTRA48goG3Ec,411
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/tool_gateway.py,sha256=2fT2DFb4IPqQczCrAI0qEuWQUb3XsqFhI5M0OzNYalo,286
 devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=N61PjZAecSqhGTYc2HcyuBqdhDTFZ6ZpQMmOQH17h9Y,4122
+devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=GvXsT-umEqB-2itAZiwlKIR581w78DbIJNknJ0o7EPw,4925
 devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py,sha256=4wgBTQSDE-C5v01C3Vxzeq0DJKZUSqQ5TVLG7yPZPKs,926
 devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py,sha256=2Q-20WqZUCTO5QQxEQnOX8fGlErgOMgiLBCDXBp3xFE,2634
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=kJfJbbsHgwmN1NWJ0lb4HhWNcadaFuSnLzr5xUV7QoM,1857
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=_p-JPfVBrDJBkAxWZHySLc54sMIEe9v1Ut77uTrqlOo,4316
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=tf33YFYB47th4Zu0WtWpsrAm5I6_xCON4yOwFacTQLA,6758
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=oK0NKuPODm38qDgQjf6w40lfNG6NFJS43p5k44wDoMA,2562
@@ -215,7 +215,7 @@ devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_ada
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py,sha256=LGqnO10Zt-0-TxUW6F1S46jVktlIwxWSYATKSVblCWI,2535
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py,sha256=7hGrUU37ZqZKHfkiNX2YrhIlDna8XnhJ3F7ONhneexs,5105
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py,sha256=D80_Qns1OYGkCh7pKO1NbVq8Upp-Gn3gLdxtFQbUzsw,2567
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py,sha256=zCHhb0dFbvPl4kueKroaJfjhra8RWQXxuSOqVOZmg7o,2595
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_dependencies/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -347,8 +347,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=XFap4yOK7ItLWsqbwDhvLd7NpDhs7i-UGJAMD6jjd7w,6687
-devsecops_engine_tools-1.42.3.dist-info/METADATA,sha256=r3wnjrTX8oIVaWN_HXA8kr3LQZFD26Cctk7PXJww0hg,11750
-devsecops_engine_tools-1.42.3.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
-devsecops_engine_tools-1.42.3.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.42.3.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.42.3.dist-info/RECORD,,
+devsecops_engine_tools-1.43.0.dist-info/METADATA,sha256=MlWUkXgNemUz4PZ-NRmIWTGmsuWeWYzJj0q5TNOw6XI,11750
+devsecops_engine_tools-1.43.0.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+devsecops_engine_tools-1.43.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.43.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.43.0.dist-info/RECORD,,

{devsecops_engine_tools-1.42.3.dist-info → devsecops_engine_tools-1.43.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.42.3.dist-info → devsecops_engine_tools-1.43.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.42.3.dist-info → devsecops_engine_tools-1.43.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.42.3__py3-none-any.whl → 1.43.0__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.42.3py3-none-any.whl → 1.43.0py3-none-any.whl