diff --git a/.github/workflows/cr.yaml b/.github/workflows/cr.yaml index e1e6c2b..051696b 100644 --- a/.github/workflows/cr.yaml +++ b/.github/workflows/cr.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v2 with: fetch-depth: 0 @@ -22,7 +22,7 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v2.1 + uses: azure/setup-helm@v1 - name: Run chart-releaser uses: helm/chart-releaser-action@v1.2.1 diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..7e09d5c --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,4 @@ +# 0.0.2 + +* Add unique ResultID props to VulnerabilityReport results +* Remove duplicated results from ConfigAuditReport \ No newline at end of file diff --git a/charts/trivy-operator-polr-adapter/Chart.yaml b/charts/trivy-operator-polr-adapter/Chart.yaml index cafcca3..af01d64 100644 --- a/charts/trivy-operator-polr-adapter/Chart.yaml +++ b/charts/trivy-operator-polr-adapter/Chart.yaml @@ -3,5 +3,5 @@ name: trivy-operator-polr-adapter description: Helm Chart to install the trivy-operator PolicyReport adapter type: application -version: "0.0.1" -appVersion: "0.0.1" +version: "0.0.2" +appVersion: "0.0.2" diff --git a/charts/trivy-operator-polr-adapter/values.yaml b/charts/trivy-operator-polr-adapter/values.yaml index 850707c..97dbaf1 100644 --- a/charts/trivy-operator-polr-adapter/values.yaml +++ b/charts/trivy-operator-polr-adapter/values.yaml @@ -4,7 +4,7 @@ image: registry: ghcr.io repository: fjogeleit/trivy-operator-polr-adapter pullPolicy: IfNotPresent - tag: 0.0.1 + tag: 0.0.2 imagePullSecrets: [] nameOverride: "" diff --git a/pkg/adapters/auditr/mapper.go b/pkg/adapters/auditr/mapper.go index 1fe3efc..ee27aa4 100644 --- a/pkg/adapters/auditr/mapper.go +++ b/pkg/adapters/auditr/mapper.go @@ -37,6 +37,10 @@ var ( ) func Map(report *v1alpha1.ConfigAuditReport, polr *v1alpha2.PolicyReport) (*v1alpha2.PolicyReport, bool) { + if len(report.Report.Checks) == 0 { + return nil, false + } + var updated bool if polr == nil { @@ -49,7 +53,7 @@ func Map(report *v1alpha1.ConfigAuditReport, polr *v1alpha2.PolicyReport) (*v1al res := CreateObjectReference(report) - for _, check := range append(report.Report.Checks, report.Report.PodChecks...) { + for _, check := range report.Report.Checks { props := map[string]string{} for i, m := range check.Messages { diff --git a/pkg/adapters/auditr/polr_client.go b/pkg/adapters/auditr/polr_client.go index 4d113b6..976879b 100644 --- a/pkg/adapters/auditr/polr_client.go +++ b/pkg/adapters/auditr/polr_client.go @@ -25,7 +25,9 @@ func (p *PolicyReportClient) GenerateReport(ctx context.Context, report *v1alpha } polr, updated := Map(report, polr) - if updated { + if polr == nil { + return nil + } else if updated { _, err = p.k8sClient.PolicyReports(report.Namespace).Update(ctx, polr, v1.UpdateOptions{}) } else { _, err = p.k8sClient.PolicyReports(report.Namespace).Create(ctx, polr, v1.CreateOptions{}) diff --git a/pkg/adapters/vulnr/mapper.go b/pkg/adapters/vulnr/mapper.go index b90c45c..02fe466 100644 --- a/pkg/adapters/vulnr/mapper.go +++ b/pkg/adapters/vulnr/mapper.go @@ -1,6 +1,7 @@ package vulnr import ( + "crypto/sha1" "fmt" "github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1" @@ -38,6 +39,10 @@ var ( ) func Map(report *v1alpha1.VulnerabilityReport, polr *v1alpha2.PolicyReport) (*v1alpha2.PolicyReport, bool) { + if len(report.Report.Vulnerabilities) == 0 { + return nil, false + } + var updated bool if polr == nil { @@ -56,12 +61,15 @@ func Map(report *v1alpha1.VulnerabilityReport, polr *v1alpha2.PolicyReport) (*v1 score = *vuln.Score } + result := MapResult(vuln.Severity) + props := map[string]string{ "artifact.repository": report.Report.Artifact.Repository, "artifact.tag": report.Report.Artifact.Tag, "registry.server": report.Report.Registry.Server, "score": fmt.Sprint(score), "resource": vuln.Resource, + "resultID": generateID(string(res.UID), res.Name, vuln.VulnerabilityID, vuln.Resource, string(result)), } if vuln.FixedVersion != "" { @@ -79,7 +87,7 @@ func Map(report *v1alpha1.VulnerabilityReport, polr *v1alpha2.PolicyReport) (*v1 Message: vuln.Title, Properties: props, Resources: []*corev1.ObjectReference{res}, - Result: MapResult(vuln.Severity), + Result: result, Severity: MapServerity(vuln.Severity), Category: category, Timestamp: *report.CreationTimestamp.ProtoTime(), @@ -162,3 +170,12 @@ func GeneratePolicyReportName(report *v1alpha1.VulnerabilityReport) string { return fmt.Sprintf("%s-%s", reportPrefix, name) } + +func generateID(uid, name, policy, rule, result string) string { + id := fmt.Sprintf("%s_%s_%s_%s_%s", uid, name, policy, rule, result) + + h := sha1.New() + h.Write([]byte(id)) + + return fmt.Sprintf("%x", h.Sum(nil)) +} diff --git a/pkg/adapters/vulnr/polr_client.go b/pkg/adapters/vulnr/polr_client.go index 8894baa..e5f59b7 100644 --- a/pkg/adapters/vulnr/polr_client.go +++ b/pkg/adapters/vulnr/polr_client.go @@ -25,7 +25,9 @@ func (p *PolicyReportClient) GenerateReport(ctx context.Context, report *v1alpha } polr, updated := Map(report, polr) - if updated { + if polr == nil { + return nil + } else if updated { _, err = p.k8sClient.PolicyReports(report.Namespace).Update(ctx, polr, v1.UpdateOptions{}) } else { _, err = p.k8sClient.PolicyReports(report.Namespace).Create(ctx, polr, v1.CreateOptions{})