Skip to content

Commit

Permalink
trivy testing
Browse files Browse the repository at this point in the history
  • Loading branch information
Nithunikzz committed Sep 7, 2023
1 parent 57d1f36 commit 9a8ebf1
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 36 deletions.
32 changes: 16 additions & 16 deletions agent/kubviz/k8smetrics_agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,8 @@ var (
)

func runTrivyScans(config *rest.Config, js nats.JetStreamContext) error {
err := RunTrivyK8sClusterScan(js)
if err != nil {
return err
}
err = RunTrivyImageScans(config, js)

err := RunTrivyImageScans(config, js)
if err != nil {
return err
}
Expand Down Expand Up @@ -107,19 +104,22 @@ func main() {
go publishMetrics(clientset, js, clusterMetricsChan, controlChan)

collectAndPublishMetrics := func() {
err := outDatedImages(config, js)
LogErr(err)
err = KubePreUpgradeDetector(config, js)
LogErr(err)
err = GetAllResources(config, js)
LogErr(err)
err = RakeesOutput(config, js)
LogErr(err)
// getK8sEvents(clientset)
err = runTrivyScans(config, js)
// err := outDatedImages(config, js)
// LogErr(err)
// err = KubePreUpgradeDetector(config, js)
// LogErr(err)
// err = GetAllResources(config, js)
// LogErr(err)
// err = RakeesOutput(config, js)
// LogErr(err)
// // getK8sEvents(clientset)
// err = runTrivyScans(config, js)
// LogErr(err)
err = RunTrivyK8sClusterScan(clientset, js)
LogErr(err)
err = RunKubeScore(clientset, js)
LogErr(err)
// LogErr(err)// err = RunKubeScore(clientset, js)
// LogErr(err)
}

controlChan <- true
Expand Down
58 changes: 39 additions & 19 deletions agent/kubviz/trivy.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package main

import (
"context"
"encoding/json"
"fmt"
"log"
"strings"

Expand All @@ -10,33 +12,51 @@ import (
"github.com/intelops/kubviz/constants"
"github.com/intelops/kubviz/model"
"github.com/nats-io/nats.go"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)

func RunTrivyK8sClusterScan(js nats.JetStreamContext) error {
var report report.ConsolidatedReport
out, err := executeCommand("trivy k8s --report summary cluster --timeout 60m -f json -q --cache-dir /tmp/.cache")
// log.Println("Commnd for k8s cluster scan: trivy k8s --report summary cluster --timeout 60m -f json -q --cache-dir /tmp/.cache")
parts := strings.SplitN(out, "{", 2)
if len(parts) <= 1 {
log.Println("No output from k8s cluster scan command", err)
return err
}
// log.Println("Command logs for k8s cluster scan", parts[0])
jsonPart := "{" + parts[1]
// log.Println("First 200 k8s cluster scan lines output", jsonPart[:200])
// log.Println("Last 200 k8s cluster scan lines output", jsonPart[len(jsonPart)-200:])
err = json.Unmarshal([]byte(jsonPart), &report)
func RunTrivyK8sClusterScan(clientset *kubernetes.Clientset, js nats.JetStreamContext) error {

namespaceList, err := clientset.CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})
if err != nil {
log.Printf("Error occurred while Unmarshalling json for k8s cluster scan: %v", err)
log.Println("Error occurred while listing namespaces: ", err)
return err
}
err = publishTrivyK8sReport(report, js)
if err != nil {
return err

for _, ns := range namespaceList.Items {
namespace := ns.Name
log.Printf("Scanning namespace: %s\n", namespace)

var report report.ConsolidatedReport
cmd := fmt.Sprintf("trivy k8s --namespace %s --report summary all --timeout 60m -f json -q --cache-dir /tmp/.cache", namespace)
out, err := executeCommand(cmd)
if err != nil {
log.Printf("Error occurred while running Trivy scan for namespace %s: %v", namespace, err)
continue // Continue to the next namespace on error.
}

parts := strings.SplitN(out, "{", 2)
if len(parts) <= 1 {
log.Printf("No output from Trivy scan command for namespace %s\n", namespace)
continue // Continue to the next namespace if there's no output.
}

jsonPart := "{" + parts[1]
err = json.Unmarshal([]byte(jsonPart), &report)
if err != nil {
log.Printf("Error occurred while Unmarshalling JSON for namespace %s: %v", namespace, err)
continue // Continue to the next namespace on error.
}

err = publishTrivyK8sReport(report, js)
if err != nil {
log.Printf("Error occurred while publishing Trivy scan report for namespace %s: %v", namespace, err)
}
return nil
}
return nil
}

func publishTrivyK8sReport(report report.ConsolidatedReport, js nats.JetStreamContext) error {
metrics := model.Trivy{
ID: uuid.New().String(),
Expand Down
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ require (
github.com/docker/docker v24.0.4+incompatible
github.com/genuinetools/reg v0.16.1
github.com/getkin/kin-openapi v0.118.0
github.com/ghodss/yaml v1.0.0
github.com/gin-gonic/gin v1.9.1
github.com/go-co-op/gocron v1.30.1
github.com/go-playground/webhooks/v6 v6.2.0
Expand Down

0 comments on commit 9a8ebf1

Please sign in to comment.