PyPI - devsecops-engine-tools - Versions diffs - 1.87.1__py3-none-any.whl → 1.88.0__py3-none-any.whl - Mend

devsecops-engine-tools 1.87.1py3-none-any.whl → 1.88.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devsecops-engine-tools might be problematic. Click here for more details.

Files changed (10) hide show

devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/tool_gateway.py CHANGED Viewed

@@ -3,5 +3,5 @@ from abc import ABCMeta, abstractmethod
 class ToolGateway(metaclass=ABCMeta):
     @abstractmethod
-    def run_tool_container_sca(self, dict_args, secret_tool, token_engine_container, scan_image, release, base_image, exclusions, generate_sbom):
+    def run_tool_container_sca(self, dict_args, secret_tool, token_engine_container, scan_image, release, base_image, exclusions, generate_sbom, is_compressed_file=False):
         "run tool container sca"

devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py CHANGED Viewed

@@ -38,6 +38,13 @@ class ContainerScaScan:
         self.pipeline_name = pipeline_name
         self.context = context
+    def _is_compressed_file(self, image_to_scan):
+        """Check if the input is a compressed file (tar, tar.gz, etc.)"""
+        return any(
+            image_to_scan.lower().endswith(ext)
+            for ext in ['.tar', '.tar.gz', '.tgz', '.tar.bz2', '.tar.xz']
+        )
     def process(self):
         """
         Process SCA scanning.
@@ -47,51 +54,72 @@ class ContainerScaScan:
         """
         base_image = None
         image_scanned = None
-        matching_image = self._get_image(self.image_to_scan)
-        if self.remote_config["GET_IMAGE_BASE"]["ENABLED"]:
-            base_image = self._get_base_image(matching_image)
-        if self.remote_config["VALIDATE_BASE_IMAGE_DATE"][
-            "ENABLED"
-        ] and not self.exclusions.get(self.pipeline_name, {}).get(
-            "VALIDATE_BASE_IMAGE_DATE"
-        ):
-            self._validate_base_image_date(
-                matching_image,
-                self.remote_config["VALIDATE_BASE_IMAGE_DATE"]["REFERENCE_IMAGE_DATE"],
-            )
-        if self.remote_config["BLACK_LIST_BASE_IMAGE"][
-            "ENABLED"
-        ] and not self.exclusions.get(self.pipeline_name, {}).get(
-            "BLACK_LIST_BASE_IMAGE"
-        ):
-            self._validate_black_list_base_image(
-                base_image, self.remote_config["BLACK_LIST_BASE_IMAGE"]["BLACK_LIST"]
-            )
         sbom_components = None
+        is_compressed_file = self._is_compressed_file(self.image_to_scan)
+        if is_compressed_file:
+            if not os.path.exists(self.image_to_scan):
+                print(f"Compressed file not found: {self.image_to_scan}. Tool skipped.")
+                return image_scanned, base_image, sbom_components
+            matching_image = None
+            image_name = self.image_to_scan
+            print(f"Processing compressed file: {image_name}")
+        else:
+            matching_image = self._get_image(self.image_to_scan)
+            if not matching_image:
+                print(f"'Not image found for {self.image_to_scan}'. Tool skipped.")
+                return image_scanned, base_image, sbom_components
+            image_name = matching_image.tags[0]
+            if self.remote_config["GET_IMAGE_BASE"]["ENABLED"]:
+                base_image = self._get_base_image(matching_image)
+            if self.remote_config["VALIDATE_BASE_IMAGE_DATE"][
+                "ENABLED"
+            ] and not self.exclusions.get(self.pipeline_name, {}).get(
+                "VALIDATE_BASE_IMAGE_DATE"
+            ):
+                self._validate_base_image_date(
+                    matching_image,
+                    self.remote_config["VALIDATE_BASE_IMAGE_DATE"]["REFERENCE_IMAGE_DATE"],
+                )
+            if self.remote_config["BLACK_LIST_BASE_IMAGE"][
+                "ENABLED"
+            ] and not self.exclusions.get(self.pipeline_name, {}).get(
+                "BLACK_LIST_BASE_IMAGE"
+            ):
+                self._validate_black_list_base_image(
+                    base_image, self.remote_config["BLACK_LIST_BASE_IMAGE"]["BLACK_LIST"]
+                )
         generate_sbom = self.remote_config["SBOM"]["ENABLED"] and any(
             branch in str(self.branch)
             for branch in self.remote_config["SBOM"]["BRANCH_FILTER"]
         )
-        if matching_image:
-            image_name = matching_image.tags[0]
-            result_file = image_name.replace("/", "_") + "_scan_result.json"
-            if image_name in self._get_images_already_scanned():
-                print(f"The image {image_name} has already been scanned previously.")
-                return image_scanned, base_image, sbom_components
-            image_scanned, sbom_components = self.tool_run.run_tool_container_sca(
-                self.remote_config,
-                self.secret_tool,
-                self.token_engine_container,
-                image_name,
-                result_file,
-                base_image,
-                self.exclusions,
-                generate_sbom,
-            )
+        result_file = image_name.replace("/", "_").replace(".", "_") + "_scan_result.json"
+        if not is_compressed_file and image_name in self._get_images_already_scanned():
+            print(f"The image {image_name} has already been scanned previously.")
+            return image_scanned, base_image, sbom_components
+        image_scanned, sbom_components = self.tool_run.run_tool_container_sca(
+            self.remote_config,
+            self.secret_tool,
+            self.token_engine_container,
+            image_name,
+            result_file,
+            base_image,
+            self.exclusions,
+            generate_sbom,
+            is_compressed_file,
+        )
+        if not is_compressed_file:
             self._set_image_scanned(image_name)
-        else:
-            print(f"'Not image found for {self.image_to_scan}'. Tool skipped.")
         return image_scanned, base_image, sbom_components
     def deseralizator(self, image_scanned):

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py CHANGED Viewed

@@ -171,8 +171,12 @@ class PrismaCloudManagerScan(ToolGateway):
             raise ValueError("The string is not properly formatted. Make sure it contains a ':'.")
     def run_tool_container_sca(
-        self, remoteconfig, secret_tool, token_engine_container, image_name, result_file, base_image, exclusions, generate_sbom
+        self, remoteconfig, secret_tool, token_engine_container, image_name, result_file, base_image, exclusions, generate_sbom, is_compressed_file=False
     ):
+        if is_compressed_file:
+            logger.warning("Prisma Cloud does not support compressed file scanning. Skipping.")
+            return "", None
         prisma_key = (
             f"{secret_tool['access_prisma']}:{secret_tool['token_prisma']}" if secret_tool else token_engine_container
         )

devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py CHANGED Viewed

@@ -62,7 +62,7 @@ class TrivyScan(ToolGateway):
             except Exception as e:
                 logger.error(f"Error installing trivy: {e}")
-    def scan_image(self, prefix, image_name, result_file, base_image):
+    def scan_image(self, prefix, image_name, result_file, base_image, is_compressed_file=False):
         command = [
             prefix,
             "--scanners",
@@ -72,7 +72,12 @@ class TrivyScan(ToolGateway):
             "-o",
             result_file,
         ]
-        command.extend(["--quiet", "image", image_name])
+        if is_compressed_file:
+            command.extend(["--quiet", "image", "--input", image_name])
+        else:
+            command.extend(["--quiet", "image", image_name])
         try:
             subprocess.run(
                 command,
@@ -88,7 +93,7 @@ class TrivyScan(ToolGateway):
         except Exception as e:
             logger.error(f"Error during image scan of {image_name}: {e}")
-    def _generate_sbom(self, prefix, image_name, remoteconfig):
+    def _generate_sbom(self, prefix, image_name, remoteconfig, is_compressed_file=False):
         result_sbom = f"{image_name.replace('/', '_')}_SBOM.json"
         command = [
             prefix,
@@ -98,7 +103,10 @@ class TrivyScan(ToolGateway):
             "--output",
             result_sbom
         ]
-        command.extend(["--quiet", image_name])
+        if is_compressed_file:
+            command.extend(["--quiet", "--input", image_name])
+        else:
+            command.extend(["--quiet", image_name])
         try:
             subprocess.run(
                 command,
@@ -114,7 +122,7 @@ class TrivyScan(ToolGateway):
         except Exception as e:
             logger.error(f"Error generating SBOM: {e}")
-    def run_tool_container_sca(self, remoteconfig, secret_tool, token_engine_container, image_name, result_file, base_image, exclusions, generate_sbom):
+    def run_tool_container_sca(self, remoteconfig, secret_tool, token_engine_container, image_name, result_file, base_image, exclusions, generate_sbom, is_compressed_file=False):
         trivy_version = remoteconfig["TRIVY"]["TRIVY_VERSION"]
         os_platform = platform.system()
         arch_platform = platform.architecture()[0]
@@ -136,9 +144,9 @@ class TrivyScan(ToolGateway):
             return None
         image_scanned = (
-            self.scan_image(command_prefix, image_name, result_file, base_image)
+            self.scan_image(command_prefix, image_name, result_file, base_image, is_compressed_file)
         )
         if generate_sbom:
-            sbom_components = self._generate_sbom(command_prefix, image_name, remoteconfig)
+            sbom_components = self._generate_sbom(command_prefix, image_name, remoteconfig, is_compressed_file)
         return image_scanned, sbom_components

devsecops_engine_tools/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- version = '1.87.1'
1	+ version = '1.88.0'

{devsecops_engine_tools-1.87.1.dist-info → devsecops_engine_tools-1.88.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devsecops-engine-tools
-Version: 1.87.1
+Version: 1.88.0
 Summary: Tool for DevSecOps strategy
 Home-page: https://github.com/bancolombia/devsecops-engine-tools
 Author: Bancolombia DevSecOps Team

{devsecops_engine_tools-1.87.1.dist-info → devsecops_engine_tools-1.88.0.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 devsecops_engine_tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/version.py,sha256=GsiwQIJeSa9YQPOFzs1UbNvoL4qCUGLmfe76ZkByPww,19
+devsecops_engine_tools/version.py,sha256=yr2qJOoKyxSLorYEVz0SVgwOXwSnEc6XRZxWktmrRAs,19
 devsecops_engine_tools/engine_core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_core/src/applications/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -201,9 +201,9 @@ devsecops_engine_tools/engine_sca/engine_container/src/domain/model/context_cont
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/deserealizator_gateway.py,sha256=AVPZvwwhV-Vns7cM58vHzd4_no2xSdzHUKiI6-2lpNM,576
 devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/images_gateway.py,sha256=-bsTPQW6m6aVJ1NsWC0gQnmhsYMhsNL7HpC0ONvjJjU,648
-devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/tool_gateway.py,sha256=2fT2DFb4IPqQczCrAI0qEuWQUb3XsqFhI5M0OzNYalo,286
+devsecops_engine_tools/engine_sca/engine_container/src/domain/model/gateways/tool_gateway.py,sha256=HdBGR0QnSCiDlj9bKk6Q55jr9tc65bXbVYIqbWBCy0s,312
 devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=apfZ7wibpSsfGg0DbZ5kPXTOyNZmJfHOsOrFlBtg848,6146
+devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/container_sca_scan.py,sha256=nCdt4tuh9cfMa6PNIun7GNiS5AOBkmDENlHCLB5rJ7w,7232
 devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/handle_remote_config_patterns.py,sha256=4wgBTQSDE-C5v01C3Vxzeq0DJKZUSqQ5TVLG7yPZPKs,926
 devsecops_engine_tools/engine_sca/engine_container/src/domain/usecases/set_input_core.py,sha256=A5PpY0li7Pil2vPMpOHi0kkliqCxGbpQyBcB9VKyx5c,2904
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -211,11 +211,11 @@ devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_ada
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/docker/docker_images.py,sha256=VvkRP1knlRGUa6PE2zKTeByQuJVW27PF2FJ0zRy2TDA,6371
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=Qg_EdwkoElv9u58boP9Sva5VZCB7W4WhaWcziMND3VY,7650
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_cloud_manager_scan.py,sha256=Un0YmZeGh3LpOHiq6872lphD15cf02R9hwBUiHVuhCM,7848
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/prisma_cloud/prisma_deserialize_output.py,sha256=Eb7eRLyKQizPvaeX9uH8E1wxIKXCaAyNKUpmldw_iL8,2680
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_deserialize_output.py,sha256=f74mfDkzA7MD7QsaG-LDbcc2fX9nMvHHp-AkrcBg-h0,5294
-devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py,sha256=7hGrUU37ZqZKHfkiNX2YrhIlDna8XnhJ3F7ONhneexs,5105
+devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/driven_adapters/trivy_tool/trivy_manager_scan.py,sha256=pX5jGm218sLJDjFDW-KPU5hZCkxtvc4dj_heSrzsReQ,5478
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/entry_points/entry_point_tool.py,sha256=MCBVnUxfjnax2stjn9ByM0Hy9LQ9vAMK9GZkOk3ex9M,3077
 devsecops_engine_tools/engine_sca/engine_container/src/infrastructure/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -350,8 +350,8 @@ devsecops_engine_tools/engine_utilities/utils/name_conversion.py,sha256=ADJrRGax
 devsecops_engine_tools/engine_utilities/utils/printers.py,sha256=amYAr9YQfYgR6jK9a2l26z3oovFPQ3FAKmhq6BKhEBA,623
 devsecops_engine_tools/engine_utilities/utils/session_manager.py,sha256=Z0fdhB3r-dxU0nGSD9zW_B4r2Qol1rUnUCkhFR0U-HQ,487
 devsecops_engine_tools/engine_utilities/utils/utils.py,sha256=HCjS900TBoNcHrC4LaiP-Kf9frVdtagF130qOUgnO2M,6757
-devsecops_engine_tools-1.87.1.dist-info/METADATA,sha256=rH-6DCjoVDTYcUeyX7dTbOHnwRjJtF4zTrlcWcyNp5g,12093
-devsecops_engine_tools-1.87.1.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
-devsecops_engine_tools-1.87.1.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
-devsecops_engine_tools-1.87.1.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
-devsecops_engine_tools-1.87.1.dist-info/RECORD,,
+devsecops_engine_tools-1.88.0.dist-info/METADATA,sha256=zWFG8Ln2FSoyUV47_Q4bGdNlNlS3_idnYGKJ9-cXhPc,12093
+devsecops_engine_tools-1.88.0.dist-info/WHEEL,sha256=iAkIy5fosb7FzIOwONchHf19Qu7_1wCWyFNR5gu9nU0,91
+devsecops_engine_tools-1.88.0.dist-info/entry_points.txt,sha256=MHCTFFs9bdNKo6YcWCcBW2_8X6yTisgLOlmVx-V8Rxc,276
+devsecops_engine_tools-1.88.0.dist-info/top_level.txt,sha256=ge6y0X_xBAU1aG3EMWFtl9djbVyg5BxuSp2r2Lg6EQU,23
+devsecops_engine_tools-1.88.0.dist-info/RECORD,,

{devsecops_engine_tools-1.87.1.dist-info → devsecops_engine_tools-1.88.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{devsecops_engine_tools-1.87.1.dist-info → devsecops_engine_tools-1.88.0.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{devsecops_engine_tools-1.87.1.dist-info → devsecops_engine_tools-1.88.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

devsecops-engine-tools 1.87.1__py3-none-any.whl → 1.88.0__py3-none-any.whl

Potentially problematic release.

devsecops-engine-tools 1.87.1py3-none-any.whl → 1.88.0py3-none-any.whl