chore(): Enhances the capabilities of Tricks
Some checks failed
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is passing
continuous-integration/drone/promote/production Build is passing

- Adds quick scan capability for scanning without pushing the image
- Automates pulling Oras' latest version
This commit is contained in:
Elia el Lazkani 2024-01-19 23:48:43 +01:00
parent fda6eaa868
commit 9d81a323d0
3 changed files with 23 additions and 3 deletions

View file

@ -1,11 +1,10 @@
FROM python:alpine FROM python:alpine
MAINTAINER Elia El Lazkani <git@lazkani.io> MAINTAINER Elia El Lazkani <git@lazkani.io>
ARG ORAS_VERSION="1.0.0"
COPY scripts/* /usr/local/bin/ COPY scripts/* /usr/local/bin/
RUN apk add --virtual .build-deps curl && \ RUN apk add --virtual .build-deps curl && \
export ORAS_VERSION=$(wget -qO - "https://api.github.com/repos/oras-project/oras/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \ curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \
mkdir -p oras-install/ && \ mkdir -p oras-install/ && \
tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \ tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \

18
scripts/quick-scan Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/env python
import sys
from args import argument_parse
from trivy import Trivy
def main():
args = argument_parse()
trivy = Trivy(args.image, args.tag)
scan = trivy.full_scan(image_src="remote", generate_report=False)
if not scan:
sys.exit(1)
print("Full scan successful...")
if __name__ == '__main__':
main()

View file

@ -57,7 +57,7 @@ class Trivy:
return self.error() return self.error()
return self.success() return self.success()
def full_scan(self, image_src: str = None): def full_scan(self, image_src: str = None, generate_report: bool = True):
severity_check, sc_return_code = self.scan_critical_severity(image_src=image_src) severity_check, sc_return_code = self.scan_critical_severity(image_src=image_src)
full_report, _ = self.full_report(image_src=image_src) full_report, _ = self.full_report(image_src=image_src)
@ -69,6 +69,9 @@ class Trivy:
return self.error() return self.error()
print("Passed security check scan...") print("Passed security check scan...")
if not generate_report:
return self.success()
_, _ = self.generate_cdx_report(image_src=image_src) _, _ = self.generate_cdx_report(image_src=image_src)
result = self.get_result() result = self.get_result()