From 0ff5f96bb76ed9bec438f73ade2b1249a9025b16 Mon Sep 17 00:00:00 2001
From: chenk <hen.keinan@gmail.com>
Date: Tue, 5 Dec 2023 09:17:51 +0200
Subject: [PATCH] feat: filter k8s core components vuln results (#5713)

Signed-off-by: chenk <hen.keinan@gmail.com>
---
 pkg/k8s/report/report.go   |  4 ++--
 pkg/k8s/scanner/scanner.go | 27 ++++++++++++++++++++++++---
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/pkg/k8s/report/report.go b/pkg/k8s/report/report.go
index bf0d0aaf8626..df68e7d5ad0c 100644
--- a/pkg/k8s/report/report.go
+++ b/pkg/k8s/report/report.go
@@ -222,7 +222,7 @@ func infraResource(misConfig Resource) bool {
 }
 
 func CreateResource(artifact *artifacts.Artifact, report types.Report, err error) Resource {
-	r := CreateK8sResource(artifact, report.Results)
+	r := createK8sResource(artifact, report.Results)
 
 	r.Metadata = report.Metadata
 	r.Report = report
@@ -234,7 +234,7 @@ func CreateResource(artifact *artifacts.Artifact, report types.Report, err error
 	return r
 }
 
-func CreateK8sResource(artifact *artifacts.Artifact, scanResults types.Results) Resource {
+func createK8sResource(artifact *artifacts.Artifact, scanResults types.Results) Resource {
 	results := make([]types.Result, 0, len(scanResults))
 	// fix target name
 	for _, result := range scanResults {
diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go
index 35b9003fabf3..8e624dd4a9a6 100644
--- a/pkg/k8s/scanner/scanner.go
+++ b/pkg/k8s/scanner/scanner.go
@@ -262,7 +262,14 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A
 				return nil, err
 			}
 			if results != nil {
-				resources = append(resources, report.CreateK8sResource(artifact, results))
+				resource, err := s.filter(ctx, types.Report{
+					Results:      results,
+					ArtifactName: artifact.Name,
+				}, artifact)
+				if err != nil {
+					return nil, err
+				}
+				resources = append(resources, resource)
 			}
 		case nodeComponents:
 			var nf bom.NodeInfo
@@ -301,7 +308,14 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A
 				return nil, err
 			}
 			if results != nil {
-				resources = append(resources, report.CreateK8sResource(artifact, results))
+				resource, err := s.filter(ctx, types.Report{
+					Results:      results,
+					ArtifactName: artifact.Name,
+				}, artifact)
+				if err != nil {
+					return nil, err
+				}
+				resources = append(resources, resource)
 			}
 		case clusterInfo:
 			var cf bom.ClusterInfo
@@ -329,7 +343,14 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A
 				return nil, err
 			}
 			if results != nil {
-				resources = append(resources, report.CreateK8sResource(artifact, results))
+				resource, err := s.filter(ctx, types.Report{
+					Results:      results,
+					ArtifactName: artifact.Name,
+				}, artifact)
+				if err != nil {
+					return nil, err
+				}
+				resources = append(resources, resource)
 			}
 		}
 	}