Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update and Split Trivy #80

Merged
merged 37 commits into from
Jan 25, 2024
Merged

Update and Split Trivy #80

merged 37 commits into from
Jan 25, 2024

Conversation

faizan12123
Copy link
Contributor

@faizan12123 faizan12123 commented Dec 13, 2023
edited
Loading

Description

Updating Trivy from version 0.16.0 to version 0.48.0 to get all the new features Trivy has to offer. This will yield more results for SCA and container scanning from the trivy tool as well as expand the language support Trivy has for lock file scanning.

This PR will also split trivy SCA and Trivy container image scanning into 2 separate plugins for improved user experience. This will change the plugin list on the UI from Trivy (Container Images) to instead have one plugin called Trivy Container Image and another called Trivy SCA. Although the UI will be displaying the plugins as such, the API will still expect "trivy" as an argument to trigger the container image scanning and "trivy_sca" as an argument to trigger the SCA scanning.

This PR also updates the trivy SCA plugin to generate package-lock.json files and NPMRCs in directories where the package.json exists but there is no package-lock.json file for Trivy's SCA capability.

Cryptography dependency was updated as well

Motivation and Context

Trivy was outdated and we were missing out on some language support and more accurate scan results. We also wanted to improve the usability of Trivy by allowing more focused results from SCA and Container image scanning.

How Has This Been Tested?

  • Ran on local system as well as dev environment. Scans were yielding more results.
  • Unit tests were ran as well and all passed
  • Ran CI script to make sure both Trivy plugins were being called

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • My code follows conforms to the coding standards.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

Pic

Embed something funny here

@faizan12123
updating trivy plugin versions and commit hash
b757fce
@faizan12123
Editing Trivy plugin in to read for if dev dependencies is included o…
54939c7 
…r not as an argument and then altering the trivy scan command according to if that is true or not
@faizan12123
Fixed the parser for scanning lock files. Still need to fix the parse…
e50d191 
…r for images and fix the processor
@faizan12123
updated the artemisdb model to fix column level constraint issue caus…
fae5b31 
…ing errors, but did not create migration for it yet due to some errors I am getting when trying to create the migration due to my environment. Updated the Trivy plugin to fix parsing issues with the changes in the JSON due to a newer version of Trivy being used. Currently finishing the feature for parsing through directories of a project and generating package-lock files for directories that do not have one. Updated the UI for Trivy to say that it is an SCA scanner as well instead of just a container scanner.
@faizan12123
Finished package-lock generator. Now generates package-lock files if …
49a2142 
…package.json exists. Code still needs to be refactored/cleaned/split
@faizan12123
split up the code for trivy into multiple files for better readabilit…
3d9ca25 
…y. Also migrated the artemisdb model to reflect database changes.
@faizan12123
temporarily disabling image scanning from trivy for a|b testing
d32ed8a
@faizan12123
Merge branch 'main' into Updating-Trivy
d0a70d1 
Updating working branch with changes in main branch.
@faizan12123
updating axios from 1.6.1 to 1.6.5
c868d37
@faizan12123
Updating cryptography dependency
81b2d72
@faizan12123
moving write_npmrc to libs so that it can be a shared component betwe…
6372b53 
…en node dependencies and trivy as they both rely on the same code. Ensures better code re-usability
@faizan12123
removing files that have been relocated/deduced into one location
5b3834e
@faizan12123
fixing bug with generate_locks and logging errors
d238d97
@faizan12123
formatting files with black auto formatter for python to keep code co…
41e33a6 
…mpliant with coding standards
@faizan12123
fixing write_npmrc import for node_dependencies plugin since the file…
021bf68 
… was moved
@faizan12123
returning errors and warnings from the package lock generation to inf…
de16f9c 
…orm Users that we detected a missing lock file when we detect their package.json by itself
@faizan12123
changing the write_npmrc file to accept a log as a parameter so that …
2154738 
…the parent param can supply the logging method as it is a shared function
@faizan12123
fixing node_dependencies unit tests to match param changes to write_n…
3ba837f 
…pmrc
@faizan12123
fixing unit tests from changes made to write_npmrc
5c4adb3
@faizan12123
splitting trivy into 2 plugins. Trivy SCA and trivy image scanning
edb21be
@faizan12123
fixing typo
fb26a5c
@faizan12123
updating lingUI for internationalization
99cfdfc
@faizan12123
seperating unit tests for trivy backend changes and then fixing black…
dbc58fc 
… formatting
davakos
davakos reviewed Jan 22, 2024
View reviewed changes
backend/lambdas/api/repo/repo/util/const.py Outdated Show resolved Hide resolved
backend/libs/artemisdb/artemisdb/artemisdb/models.py Show resolved Hide resolved
backend/lambdas/api/repo/repo/util/const.py Outdated Show resolved Hide resolved
ui/src/app/scanPlugins.ts Outdated Show resolved Hide resolved
@faizan12123 faizan12123 changed the title Updating trivy Update and Split Trivy Jan 24, 2024
@faizan12123
Merge branch 'main' into Updating-Trivy
ae4a0c5 
Syncing main with feature branch
@faizan12123 faizan12123 marked this pull request as ready for review January 24, 2024 22:38
@faizan12123 faizan12123 requested a review from a team as a code owner January 24, 2024 22:38
breedenc
breedenc requested changes Jan 25, 2024
View reviewed changes
backend/engine/plugins/trivy/main.py Outdated Show resolved Hide resolved
backend/engine/plugins/trivy/main.py Show resolved Hide resolved
backend/engine/plugins/trivy_sca/main.py Outdated Show resolved Hide resolved
backend/engine/plugins/trivy_sca/main.py Outdated Show resolved Hide resolved
backend/engine/plugins/trivy_sca/settings.json Outdated Show resolved Hide resolved
@faizan12123
changed json.dump output to not boolean. Removed un-used import. Clea…
c7fc92e 
…ned up code for including/discluding dev dependency flag for trivy_sca
davakos
davakos reviewed Jan 25, 2024
View reviewed changes
backend/Dockerfiles/Dockerfile.dind Show resolved Hide resolved
backend/engine/plugins/lib/write_npmrc.py Show resolved Hide resolved
backend/engine/plugins/trivy_sca/main.py Outdated Show resolved Hide resolved
backend/engine/plugins/trivy_sca/main.py Outdated Show resolved Hide resolved
backend/engine/tests/test_trivy.py Show resolved Hide resolved
@faizan12123 faizan12123 merged commit dbb9389 into main Jan 25, 2024
3 checks passed
@davakos davakos deleted the Updating-Trivy branch February 1, 2024 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@breedenc breedenc breedenc approved these changes

@davakos davakos davakos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@faizan12123 @davakos @breedenc