From 9a8ebf12807595938678cc2fdde7e1f8ca32674b Mon Sep 17 00:00:00 2001 From: Nithunikzz Date: Thu, 7 Sep 2023 17:02:25 +0530 Subject: [PATCH] trivy testing --- agent/kubviz/k8smetrics_agent.go | 32 +++++++++--------- agent/kubviz/trivy.go | 58 +++++++++++++++++++++----------- go.mod | 1 - 3 files changed, 55 insertions(+), 36 deletions(-) diff --git a/agent/kubviz/k8smetrics_agent.go b/agent/kubviz/k8smetrics_agent.go index be1f9a3b..63612c10 100644 --- a/agent/kubviz/k8smetrics_agent.go +++ b/agent/kubviz/k8smetrics_agent.go @@ -56,11 +56,8 @@ var ( ) func runTrivyScans(config *rest.Config, js nats.JetStreamContext) error { - err := RunTrivyK8sClusterScan(js) - if err != nil { - return err - } - err = RunTrivyImageScans(config, js) + + err := RunTrivyImageScans(config, js) if err != nil { return err } @@ -107,19 +104,22 @@ func main() { go publishMetrics(clientset, js, clusterMetricsChan, controlChan) collectAndPublishMetrics := func() { - err := outDatedImages(config, js) - LogErr(err) - err = KubePreUpgradeDetector(config, js) - LogErr(err) - err = GetAllResources(config, js) - LogErr(err) - err = RakeesOutput(config, js) - LogErr(err) - // getK8sEvents(clientset) - err = runTrivyScans(config, js) + // err := outDatedImages(config, js) + // LogErr(err) + // err = KubePreUpgradeDetector(config, js) + // LogErr(err) + // err = GetAllResources(config, js) + // LogErr(err) + // err = RakeesOutput(config, js) + // LogErr(err) + // // getK8sEvents(clientset) + // err = runTrivyScans(config, js) + // LogErr(err) + err = RunTrivyK8sClusterScan(clientset, js) LogErr(err) err = RunKubeScore(clientset, js) - LogErr(err) + // LogErr(err)// err = RunKubeScore(clientset, js) + // LogErr(err) } controlChan <- true diff --git a/agent/kubviz/trivy.go b/agent/kubviz/trivy.go index adaf84ef..a2ab4d2e 100644 --- a/agent/kubviz/trivy.go +++ b/agent/kubviz/trivy.go @@ -1,7 +1,9 @@ package main import ( + "context" "encoding/json" + "fmt" "log" "strings" @@ -10,33 +12,51 @@ import ( "github.com/intelops/kubviz/constants" "github.com/intelops/kubviz/model" "github.com/nats-io/nats.go" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" ) -func RunTrivyK8sClusterScan(js nats.JetStreamContext) error { - var report report.ConsolidatedReport - out, err := executeCommand("trivy k8s --report summary cluster --timeout 60m -f json -q --cache-dir /tmp/.cache") - // log.Println("Commnd for k8s cluster scan: trivy k8s --report summary cluster --timeout 60m -f json -q --cache-dir /tmp/.cache") - parts := strings.SplitN(out, "{", 2) - if len(parts) <= 1 { - log.Println("No output from k8s cluster scan command", err) - return err - } - // log.Println("Command logs for k8s cluster scan", parts[0]) - jsonPart := "{" + parts[1] - // log.Println("First 200 k8s cluster scan lines output", jsonPart[:200]) - // log.Println("Last 200 k8s cluster scan lines output", jsonPart[len(jsonPart)-200:]) - err = json.Unmarshal([]byte(jsonPart), &report) +func RunTrivyK8sClusterScan(clientset *kubernetes.Clientset, js nats.JetStreamContext) error { + + namespaceList, err := clientset.CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{}) if err != nil { - log.Printf("Error occurred while Unmarshalling json for k8s cluster scan: %v", err) + log.Println("Error occurred while listing namespaces: ", err) return err } - err = publishTrivyK8sReport(report, js) - if err != nil { - return err + + for _, ns := range namespaceList.Items { + namespace := ns.Name + log.Printf("Scanning namespace: %s\n", namespace) + + var report report.ConsolidatedReport + cmd := fmt.Sprintf("trivy k8s --namespace %s --report summary all --timeout 60m -f json -q --cache-dir /tmp/.cache", namespace) + out, err := executeCommand(cmd) + if err != nil { + log.Printf("Error occurred while running Trivy scan for namespace %s: %v", namespace, err) + continue // Continue to the next namespace on error. + } + + parts := strings.SplitN(out, "{", 2) + if len(parts) <= 1 { + log.Printf("No output from Trivy scan command for namespace %s\n", namespace) + continue // Continue to the next namespace if there's no output. + } + + jsonPart := "{" + parts[1] + err = json.Unmarshal([]byte(jsonPart), &report) + if err != nil { + log.Printf("Error occurred while Unmarshalling JSON for namespace %s: %v", namespace, err) + continue // Continue to the next namespace on error. + } + + err = publishTrivyK8sReport(report, js) + if err != nil { + log.Printf("Error occurred while publishing Trivy scan report for namespace %s: %v", namespace, err) + } + return nil } return nil } - func publishTrivyK8sReport(report report.ConsolidatedReport, js nats.JetStreamContext) error { metrics := model.Trivy{ ID: uuid.New().String(), diff --git a/go.mod b/go.mod index f59496e8..11c6b941 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,6 @@ require ( github.com/docker/docker v24.0.4+incompatible github.com/genuinetools/reg v0.16.1 github.com/getkin/kin-openapi v0.118.0 - github.com/ghodss/yaml v1.0.0 github.com/gin-gonic/gin v1.9.1 github.com/go-co-op/gocron v1.30.1 github.com/go-playground/webhooks/v6 v6.2.0