refactor: scan-job reports (aquasecurity#1639)

* refactor: scan-job reports Signed-off-by: chenk <[email protected]> * refactor: refactor scan-job reports Signed-off-by: chenk <[email protected]> * refactor: refactor scan-job reports Signed-off-by: chenk <[email protected]> * refactor: refactor scan-job reports Signed-off-by: chenk <[email protected]> * refactor: refactor scan-job reports Signed-off-by: chenk <[email protected]> --------- Signed-off-by: chenk <[email protected]>
cnwaldron · Nov 16, 2023 · 293d94b · 293d94b
1 parent 0893487
commit 293d94b
Show file tree

Hide file tree

Showing 8 changed files with 269 additions and 241 deletions.
diff --git a/pkg/exposedsecretreport/io.go b/pkg/exposedsecretreport/io.go
@@ -4,8 +4,10 @@ import (
 	"context"
 
 	"github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
+	"github.com/aquasecurity/trivy-operator/pkg/ext"
 	"github.com/aquasecurity/trivy-operator/pkg/kube"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -88,3 +90,35 @@ func (r *readWriter) FindByOwner(ctx context.Context, owner kube.ObjectRef) ([]v
 
 	return list.DeepCopy().Items, nil
 }
+
+func BuildExposedSecretsReportData(clock ext.Clock, registry v1alpha1.Registry, artifact v1alpha1.Artifact, version string, secrets []v1alpha1.ExposedSecret) v1alpha1.ExposedSecretReportData {
+	return v1alpha1.ExposedSecretReportData{
+		UpdateTimestamp: metav1.NewTime(clock.Now()),
+		Scanner: v1alpha1.Scanner{
+			Name:    v1alpha1.ScannerNameTrivy,
+			Vendor:  "Aqua Security",
+			Version: version,
+		},
+		Registry: registry,
+		Artifact: artifact,
+		Summary:  secretSummary(secrets),
+		Secrets:  secrets,
+	}
+}
+
+func secretSummary(secrets []v1alpha1.ExposedSecret) v1alpha1.ExposedSecretSummary {
+	var s v1alpha1.ExposedSecretSummary
+	for _, v := range secrets {
+		switch v.Severity {
+		case v1alpha1.SeverityCritical:
+			s.CriticalCount++
+		case v1alpha1.SeverityHigh:
+			s.HighCount++
+		case v1alpha1.SeverityMedium:
+			s.MediumCount++
+		case v1alpha1.SeverityLow:
+			s.LowCount++
+		}
+	}
+	return s
+}
diff --git a/pkg/plugins/trivy/config.go b/pkg/plugins/trivy/config.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/aquasecurity/trivy-operator/pkg/utils"
+	"github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport"
 
 	"github.com/aquasecurity/trivy-operator/pkg/trivyoperator"
 
@@ -78,8 +79,8 @@ type Config struct {
 	trivyoperator.PluginConfig
 }
 
-func (c Config) GetAdditionalVulnerabilityReportFields() AdditionalFields {
-	addFields := AdditionalFields{}
+func (c Config) GetAdditionalVulnerabilityReportFields() vulnerabilityreport.AdditionalFields {
+	addFields := vulnerabilityreport.AdditionalFields{}
 
 	fields, ok := c.Data[keyTrivyAdditionalVulnerabilityReportFields]
 	if !ok {

diff --git a/pkg/plugins/trivy/config_test.go b/pkg/plugins/trivy/config_test.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/aquasecurity/trivy-operator/pkg/ext"
 	"github.com/aquasecurity/trivy-operator/pkg/kube"
+	"github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport"
 
 	"github.com/aquasecurity/trivy-operator/pkg/trivyoperator"
 
@@ -87,12 +88,12 @@ func TestConfig_GetAdditionalVulnerabilityReportFields(t *testing.T) {
 	testCases := []struct {
 		name             string
 		configData       Config
-		additionalFields AdditionalFields
+		additionalFields vulnerabilityreport.AdditionalFields
 	}{
 		{
 			name:             "no additional fields are set",
 			configData:       Config{PluginConfig: trivyoperator.PluginConfig{}},
-			additionalFields: AdditionalFields{},
+			additionalFields: vulnerabilityreport.AdditionalFields{},
 		},
 		{
 			name: "all additional fields are set",
@@ -101,7 +102,7 @@ func TestConfig_GetAdditionalVulnerabilityReportFields(t *testing.T) {
 					"trivy.additionalVulnerabilityReportFields": "PackageType,PkgPath,Class,Target,Links,Description,CVSS",
 				},
 			}},
-			additionalFields: AdditionalFields{Description: true, Links: true, CVSS: true, Class: true, PackageType: true, PkgPath: true, Target: true},
+			additionalFields: vulnerabilityreport.AdditionalFields{Description: true, Links: true, CVSS: true, Class: true, PackageType: true, PkgPath: true, Target: true},
 		},
 		{
 			name: "some additional fields are set",
@@ -110,7 +111,7 @@ func TestConfig_GetAdditionalVulnerabilityReportFields(t *testing.T) {
 					"trivy.additionalVulnerabilityReportFields": "PackageType,Target,Links,CVSS",
 				},
 			}},
-			additionalFields: AdditionalFields{Links: true, CVSS: true, PackageType: true, Target: true},
+			additionalFields: vulnerabilityreport.AdditionalFields{Links: true, CVSS: true, PackageType: true, Target: true},
 		},
 	}