From 9d81a323d0e807910734f82b270813cf597f0d3a Mon Sep 17 00:00:00 2001 From: Elia el Lazkani Date: Fri, 19 Jan 2024 23:48:43 +0100 Subject: [PATCH] chore(): Enhances the capabilities of Tricks - Adds quick scan capability for scanning without pushing the image - Automates pulling Oras' latest version --- Dockerfile | 3 +-- scripts/quick-scan | 18 ++++++++++++++++++ scripts/trivy.py | 5 ++++- 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100755 scripts/quick-scan diff --git a/Dockerfile b/Dockerfile index 6c9ebc1..3608ba3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,10 @@ FROM python:alpine MAINTAINER Elia El Lazkani -ARG ORAS_VERSION="1.0.0" - COPY scripts/* /usr/local/bin/ RUN apk add --virtual .build-deps curl && \ + export ORAS_VERSION=$(wget -qO - "https://api.github.com/repos/oras-project/oras/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \ mkdir -p oras-install/ && \ tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \ diff --git a/scripts/quick-scan b/scripts/quick-scan new file mode 100755 index 0000000..8664044 --- /dev/null +++ b/scripts/quick-scan @@ -0,0 +1,18 @@ +#!/usr/bin/env python +import sys +from args import argument_parse +from trivy import Trivy + +def main(): + + args = argument_parse() + + trivy = Trivy(args.image, args.tag) + scan = trivy.full_scan(image_src="remote", generate_report=False) + if not scan: + sys.exit(1) + print("Full scan successful...") + + +if __name__ == '__main__': + main() diff --git a/scripts/trivy.py b/scripts/trivy.py index 44bf39a..dfc3aca 100644 --- a/scripts/trivy.py +++ b/scripts/trivy.py @@ -57,7 +57,7 @@ class Trivy: return self.error() return self.success() - def full_scan(self, image_src: str = None): + def full_scan(self, image_src: str = None, generate_report: bool = True): severity_check, sc_return_code = self.scan_critical_severity(image_src=image_src) full_report, _ = self.full_report(image_src=image_src) @@ -69,6 +69,9 @@ class Trivy: return self.error() print("Passed security check scan...") + if not generate_report: + return self.success() + _, _ = self.generate_cdx_report(image_src=image_src) result = self.get_result() -- 2.45.2