gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: k8s hide empty report when scanning resource (#2517)

Browse Source 
Signed-off-by: Jose Donizetti <jdbjunior@gmail.com>
This commit is contained in:
Jose Donizetti
2022-07-14 10:30:01 -03:00
committed by GitHub
parent 783cf6fe74
commit ae9ba340af
5 changed files with 34 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/k8s/commands/cluster.go
View File

@@ -22,5 +22,5 @@ func clusterRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) err
return xerrors.Errorf("get k8s artifacts error: %w", err) return xerrors.Errorf("get k8s artifacts error: %w", err)
} }
return run(ctx, opts, cluster.GetCurrentContext(), artifacts) return run(ctx, opts, cluster.GetCurrentContext(), artifacts, true)
} }

2
pkg/k8s/commands/namespace.go
View File

@@ -24,7 +24,7 @@ func namespaceRun(ctx context.Context, opts flag.Options, cluster k8s.Cluster) e
return xerrors.Errorf("get k8s artifacts error: %w", err) return xerrors.Errorf("get k8s artifacts error: %w", err)
} }
return run(ctx, opts, cluster.GetCurrentContext(), artifacts) return run(ctx, opts, cluster.GetCurrentContext(), artifacts, true)
} }
func getNamespace(opts flag.Options, currentNamespace string) string { func getNamespace(opts flag.Options, currentNamespace string) string {

4
pkg/k8s/commands/resource.go
View File

@@ -33,7 +33,7 @@ func resourceRun(ctx context.Context, args []string, opts flag.Options, cluster
return err return err
} }
return run(ctx, opts, cluster.GetCurrentContext(), targets) return run(ctx, opts, cluster.GetCurrentContext(), targets, false)
} }
// pod/NAME or pod NAME etc // pod/NAME or pod NAME etc
@@ -42,7 +42,7 @@ func resourceRun(ctx context.Context, args []string, opts flag.Options, cluster
return err return err
} }
return run(ctx, opts, cluster.GetCurrentContext(), []*artifacts.Artifact{artifact}) return run(ctx, opts, cluster.GetCurrentContext(), []*artifacts.Artifact{artifact}, false)
} }
func extractKindAndName(args []string) (string, string, error) { func extractKindAndName(args []string) (string, string, error) {

4
pkg/k8s/commands/run.go
View File

@@ -41,7 +41,7 @@ func Run(ctx context.Context, args []string, opts flag.Options) error {
} }
} }
func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*artifacts.Artifact) error { func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*artifacts.Artifact, showEmpty bool) error {
ctx, cancel := context.WithTimeout(ctx, opts.Timeout) ctx, cancel := context.WithTimeout(ctx, opts.Timeout)
defer cancel() defer cancel()
@@ -76,7 +76,7 @@ func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*ar
Report: opts.ReportFormat, Report: opts.ReportFormat,
Output: opts.Output, Output: opts.Output,
Severities: opts.Severities, Severities: opts.Severities,
}, opts.ScanOptions.SecurityChecks); err != nil { }, opts.ScanOptions.SecurityChecks, showEmpty); err != nil {
return xerrors.Errorf("unable to write results: %w", err) return xerrors.Errorf("unable to write results: %w", err)
} }

44
pkg/k8s/report/report.go
View File

@@ -83,6 +83,10 @@ func (r Report) Failed() bool {
return false return false
} }
func (r Report) empty() bool {
return len(r.Misconfigurations) == 0 && len(r.Vulnerabilities) == 0
}
func (r Report) consolidate() ConsolidatedReport { func (r Report) consolidate() ConsolidatedReport {
consolidated := ConsolidatedReport{ consolidated := ConsolidatedReport{
SchemaVersion: r.SchemaVersion, SchemaVersion: r.SchemaVersion,
@@ -124,30 +128,38 @@ type Writer interface {
} }
// Write writes the results in the give format // Write writes the results in the give format
func Write(report Report, option Option, securityChecks []string) error { func Write(report Report, option Option, securityChecks []string, showEmpty bool) error {
switch option.Format { switch option.Format {
case jsonFormat: case jsonFormat:
jwriter := JSONWriter{Output: option.Output, Report: option.Report} jwriter := JSONWriter{Output: option.Output, Report: option.Report}
return jwriter.Write(report) return jwriter.Write(report)
case tableFormat: case tableFormat:
workloadReport, rbacReport := separateMisConfigRoleAssessment(report, securityChecks) workloadReport, rbacReport := separateMisConfigRoleAssessment(report, securityChecks)
WorkloadWriter := &TableWriter{
Output: option.Output, if !workloadReport.empty() || showEmpty {
Report: option.Report, WorkloadWriter := &TableWriter{
Severities: option.Severities, Output: option.Output,
ColumnHeading: ColumnHeading(securityChecks, WorkloadColumns()), Report: option.Report,
Severities: option.Severities,
ColumnHeading: ColumnHeading(securityChecks, WorkloadColumns()),
}
err := WorkloadWriter.Write(workloadReport)
if err != nil {
return err
}
} }
err := WorkloadWriter.Write(workloadReport)
if err != nil { if !rbacReport.empty() || showEmpty {
return err rbacWriter := &TableWriter{
Output: option.Output,
Report: option.Report,
Severities: option.Severities,
ColumnHeading: ColumnHeading(securityChecks, RoleColumns()),
}
return rbacWriter.Write(rbacReport)
} }
rbacWriter := &TableWriter{
Output: option.Output, return nil
Report: option.Report,
Severities: option.Severities,
ColumnHeading: ColumnHeading(securityChecks, RoleColumns()),
}
return rbacWriter.Write(rbacReport)
default: default:
return xerrors.Errorf(`unknown format %q. Use "json" or "table"`, option.Format) return xerrors.Errorf(`unknown format %q. Use "json" or "table"`, option.Format)
} }