chore(): Enhances the capabilities of Tricks
- Adds quick scan capability for scanning without pushing the image - Automates pulling Oras' latest version
This commit is contained in:
parent
fda6eaa868
commit
9d81a323d0
3 changed files with 23 additions and 3 deletions
|
@ -1,11 +1,10 @@
|
|||
FROM python:alpine
|
||||
MAINTAINER Elia El Lazkani <git@lazkani.io>
|
||||
|
||||
ARG ORAS_VERSION="1.0.0"
|
||||
|
||||
COPY scripts/* /usr/local/bin/
|
||||
|
||||
RUN apk add --virtual .build-deps curl && \
|
||||
export ORAS_VERSION=$(wget -qO - "https://api.github.com/repos/oras-project/oras/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
|
||||
curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \
|
||||
mkdir -p oras-install/ && \
|
||||
tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \
|
||||
|
|
18
scripts/quick-scan
Executable file
18
scripts/quick-scan
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env python
|
||||
import sys
|
||||
from args import argument_parse
|
||||
from trivy import Trivy
|
||||
|
||||
def main():
|
||||
|
||||
args = argument_parse()
|
||||
|
||||
trivy = Trivy(args.image, args.tag)
|
||||
scan = trivy.full_scan(image_src="remote", generate_report=False)
|
||||
if not scan:
|
||||
sys.exit(1)
|
||||
print("Full scan successful...")
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -57,7 +57,7 @@ class Trivy:
|
|||
return self.error()
|
||||
return self.success()
|
||||
|
||||
def full_scan(self, image_src: str = None):
|
||||
def full_scan(self, image_src: str = None, generate_report: bool = True):
|
||||
severity_check, sc_return_code = self.scan_critical_severity(image_src=image_src)
|
||||
full_report, _ = self.full_report(image_src=image_src)
|
||||
|
||||
|
@ -69,6 +69,9 @@ class Trivy:
|
|||
return self.error()
|
||||
print("Passed security check scan...")
|
||||
|
||||
if not generate_report:
|
||||
return self.success()
|
||||
|
||||
_, _ = self.generate_cdx_report(image_src=image_src)
|
||||
|
||||
result = self.get_result()
|
||||
|
|
Loading…
Reference in a new issue