gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(image): add support for Docker CIS Benchmark (#3496)

Browse Source 
Co-authored-by: chenk <hen.keinan@gmail.com>
This commit is contained in:
Teppei Fukuda
2023-01-31 07:31:59 +02:00
committed by GitHub
parent 6eec9ac0a4
commit cb5af0b33b
18 changed files with 253 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/k8s/commands/run.go
View File

@@ -6,13 +6,11 @@ import (
"github.com/spf13/viper"
"golang.org/x/xerrors"
"gopkg.in/yaml.v3"
"github.com/aquasecurity/trivy-kubernetes/pkg/artifacts"
"github.com/aquasecurity/trivy-kubernetes/pkg/k8s"
cmd "github.com/aquasecurity/trivy/pkg/commands/artifact"
cr "github.com/aquasecurity/trivy/pkg/compliance/report"
"github.com/aquasecurity/trivy/pkg/compliance/spec"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/k8s/report"
"github.com/aquasecurity/trivy/pkg/k8s/scanner"
@@ -83,17 +81,9 @@ func (r *runner) run(ctx context.Context, artifacts []*artifacts.Artifact) error
s := scanner.NewScanner(r.cluster, runner, r.flagOpts)
var complianceSpec spec.ComplianceSpec
// set scanners types by spec
if r.flagOpts.ReportOptions.Compliance != "" {
cs, err := spec.GetComplianceSpec(r.flagOpts.ReportOptions.Compliance)
if err != nil {
return xerrors.Errorf("spec loading from file system error: %w", err)
}
if err = yaml.Unmarshal(cs, &complianceSpec); err != nil {
return xerrors.Errorf("yaml unmarshal error: %w", err)
}
scanners, err := complianceSpec.Scanners()
if r.flagOpts.Compliance.Spec.ID != "" {
scanners, err := r.flagOpts.Compliance.Scanners()
if err != nil {
return xerrors.Errorf("scanner error: %w", err)
}
@@ -105,7 +95,7 @@ func (r *runner) run(ctx context.Context, artifacts []*artifacts.Artifact) error
return xerrors.Errorf("k8s scan error: %w", err)
}
if len(r.flagOpts.ReportOptions.Compliance) > 0 {
if r.flagOpts.Compliance.Spec.ID != "" {
var scanResults []types.Results
for _, rss := range rpt.Vulnerabilities {
scanResults = append(scanResults, rss.Results)
@@ -113,7 +103,7 @@ func (r *runner) run(ctx context.Context, artifacts []*artifacts.Artifact) error
for _, rss := range rpt.Misconfigurations {
scanResults = append(scanResults, rss.Results)
}
complianceReport, err := cr.BuildComplianceReport(scanResults, complianceSpec)
complianceReport, err := cr.BuildComplianceReport(scanResults, r.flagOpts.Compliance)
if err != nil {
return xerrors.Errorf("compliance report build error: %w", err)
}