From 2f336dead6aeb8198159918509d6d01917a28eca Mon Sep 17 00:00:00 2001 From: Ivan Stanev Date: Wed, 7 Dec 2022 14:44:11 +0000 Subject: [PATCH 1/2] feat: pass image id to snyk docker plugin When image id is available in workload metadata, we want snyk docker plugin to collect image names as a new fact for populating in the container image store. --- src/scanner/images/index.ts | 1 + src/scanner/index.ts | 2 +- test/system/kind.spec.ts | 7 +++++++ test/unit/scanner/images.spec.ts | 2 +- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/scanner/images/index.ts b/src/scanner/images/index.ts index f0785d223..467d59062 100644 --- a/src/scanner/images/index.ts +++ b/src/scanner/images/index.ts @@ -123,6 +123,7 @@ export async function scanImages( const pluginResponse = await scan({ path: archivePath, imageNameAndTag: imageName, + imageNameAndDigest: imageWithDigest, }); if ( diff --git a/src/scanner/index.ts b/src/scanner/index.ts index 8501788ab..a3b5eacdc 100644 --- a/src/scanner/index.ts +++ b/src/scanner/index.ts @@ -103,7 +103,7 @@ export function getUniqueImages(workloadMetadata: IWorkload[]): IScanImage[] { accum[meta.imageName] = { imageWithDigest: digest && `${imageName}@${digest}`, - imageName: meta.imageName, // Image name with tag + imageName: meta.imageName, // Image name with tag or digest, according to metadata image field declaration skopeoRepoType: SkopeoRepositoryType.DockerArchive, }; diff --git a/test/system/kind.spec.ts b/test/system/kind.spec.ts index e15e48820..177b99850 100644 --- a/test/system/kind.spec.ts +++ b/test/system/kind.spec.ts @@ -247,6 +247,13 @@ test('Kubernetes-Monitor with KinD', async () => { { type: 'imageLayers', data: expect.any(Array) }, { type: 'rootFs', data: expect.any(Array) }, { type: 'imageOsReleasePrettyName', data: expect.any(String) }, + { + type: 'imageNames', + data: [ + 'docker.io/library/openjdk:latest', + expect.stringContaining('docker.io/library/openjdk@sha256:'), + ], + }, ]), target: { image: 'docker-image|docker.io/library/openjdk' }, identity: { type: 'rpm', args: { platform: 'linux/amd64' } }, diff --git a/test/unit/scanner/images.spec.ts b/test/unit/scanner/images.spec.ts index 5bcda5af7..3c9db04fa 100644 --- a/test/unit/scanner/images.spec.ts +++ b/test/unit/scanner/images.spec.ts @@ -133,7 +133,7 @@ describe('getImageParts()', () => { .imageName, ).toEqual('kind-registry:5000/python-27'); }); - it('removed repository/image:tag contining dashes', () => { + it('removed repository/image:tag continuing dashes', () => { expect( scannerImages.getImageParts( 'kind-registry:5000/test/python-27:rc-buster', From ea6ae3c6f2f7ded6b1be9e35bc2e5a8327c0d69c Mon Sep 17 00:00:00 2001 From: Minsi Yang Date: Fri, 30 Dec 2022 16:23:30 +0000 Subject: [PATCH 2/2] chore: remove unused package --- package-lock.json | 1 - package.json | 1 - 2 files changed, 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index d38034ed2..d85acb9a7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,6 @@ "child-process-promise": "^2.2.1", "fs-extra": "^10.1.0", "lru-cache": "^6.0.0", - "minipass": "3.3.6", "needle": "^3.0.0", "sleep-promise": "^9.1.0", "snyk-config": "5.1.0", diff --git a/package.json b/package.json index 52618dcaf..2596c5aea 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,6 @@ "child-process-promise": "^2.2.1", "fs-extra": "^10.1.0", "lru-cache": "^6.0.0", - "minipass": "3.3.6", "needle": "^3.0.0", "sleep-promise": "^9.1.0", "snyk-config": "5.1.0",