feat(contrib/trivy) fill image info into scan results (#1475)

* feat(contrib/trivy) fill image info into scan results * fix match size * fix match size
2022-06-08 17:00:32 +09:00
parent 14518d925e
commit 2aca2e4352
2 changed files with 28 additions and 5 deletions
--- a/contrib/trivy/parser/v2/parser.go
+++ b/contrib/trivy/parser/v2/parser.go
@@ -2,6 +2,7 @@ package v2

 import (
 	"encoding/json"
+	"fmt"
 	"regexp"
 	"time"

@@ -35,7 +36,7 @@ func (p ParserV2) Parse(vulnJSON []byte) (result *models.ScanResult, err error)
 	return scanResult, nil
 }

-var dockerTagPattern = regexp.MustCompile(`:.+$`)
+var dockerTagPattern = regexp.MustCompile(`^(.*):(.*)$`)

 func setScanResultMeta(scanResult *models.ScanResult, report *types.Report) error {
 	if len(report.Results) == 0 {
@@ -43,8 +44,24 @@ func setScanResultMeta(scanResult *models.ScanResult, report *types.Report) erro
 	}

 	scanResult.ServerName = report.ArtifactName
-	if report.ArtifactType == "container_image" && !dockerTagPattern.MatchString(scanResult.ServerName) {
-		scanResult.ServerName += ":latest" // Complement if the tag is omitted
+	if report.ArtifactType == "container_image" {
+		matches := dockerTagPattern.FindStringSubmatch(report.ArtifactName)
+		var imageName, imageTag string
+		if 2 < len(matches) {
+			// including the image tag
+			imageName = matches[1]
+			imageTag = matches[2]
+		} else {
+			// no image tag
+			imageName = report.ArtifactName
+			imageTag = "latest" // Complement if the tag is omitted
+		}
+		scanResult.ServerName = fmt.Sprintf("%s:%s", imageName, imageTag)
+		if scanResult.Optional == nil {
+			scanResult.Optional = map[string]interface{}{}
+		}
+		scanResult.Optional["TRIVY_IMAGE_NAME"] = imageName
+		scanResult.Optional["TRIVY_IMAGE_TAG"] = imageTag
 	}

 	if report.Metadata.OS != nil {
--- a/contrib/trivy/parser/v2/parser_test.go
+++ b/contrib/trivy/parser/v2/parser_test.go
@@ -263,7 +263,10 @@ var redisSR = &models.ScanResult{
 			BinaryNames: []string{"bsdutils", "pkgA"},
 		},
 	},
-	Optional: nil,
+	Optional: map[string]interface{}{
+		"TRIVY_IMAGE_NAME": "redis",
+		"TRIVY_IMAGE_TAG":  "latest",
+	},
 }

 var strutsTrivy = []byte(`
@@ -718,7 +721,10 @@ var osAndLibSR = &models.ScanResult{
 			BinaryNames: []string{"libgnutls30"},
 		},
 	},
-	Optional: nil,
+	Optional: map[string]interface{}{
+		"TRIVY_IMAGE_NAME": "quay.io/fluentd_elasticsearch/fluentd",
+		"TRIVY_IMAGE_TAG":  "v2.9.0",
+	},
 }

 func TestParseError(t *testing.T) {