feat: trivy template for slack

aquasecurity · Aug 9, 2022 · 76ae586 · 76ae586
1 parent cfce699
commit 76ae586
Show file tree

Hide file tree

Showing 3 changed files with 145 additions and 1 deletion.
diff --git a/rego-templates/vuls-slack-aggregation-trivy.rego b/rego-templates/vuls-slack-aggregation-trivy.rego
@@ -0,0 +1,28 @@
+package postee.vuls.slack.trivy.aggregation
+
+import data.postee.flat_array
+
+
+title := "Vulnerability scan report"
+
+url := urlsResult {
+    urls := [ scan | 
+            item:=input[i].url
+
+            scan:=[item]
+    ] 
+
+    urlsResult:= concat("\n", flat_array(urls))
+}
+
+result := res {
+    scans := [ scan | 
+            item:=input[i].Description #collection is expected
+
+            scan:=array.concat([{"type":"section","text":{"type":"mrkdwn","text": input[i].title}}], item)
+    ] 
+
+    res:= flat_array(scans)
+}
+
+
diff --git a/rego-templates/vuls-slack-aggregation.rego b/rego-templates/vuls-slack-aggregation.rego
@@ -1,4 +1,4 @@
-package postee.vuls.slack.aggregation
+package postee.vuls.slack.trivy.aggregation
 
 import data.postee.flat_array
 

diff --git a/rego-templates/vuls-trivy-slack.rego b/rego-templates/vuls-trivy-slack.rego
@@ -0,0 +1,116 @@
+package postee.vuls.slack
+
+import data.postee.by_flag
+import data.postee.flat_array #converts [[{...},{...}], [{...},{...}]] to [{...},{...},{...},{...}]
+import data.postee.duplicate
+import data.postee.with_default
+
+############################################# Common functions ############################################
+
+# TODO support generic property
+check_failed(item) = false {
+not item.failed
+}
+check_failed(item) = true {
+ item.failed
+}
+###########################################################################################################
+
+# render_sections split collection of cells provided to chunks of 5 rows each and wraps every chunk with section element
+render_sections(rows, caption) = a { 
+    count(rows) > 0 # only if some vulnerabilities are found
+    a:=flat_array([ s |
+        # code below converts 2 dimension array like [[row1, row2, ... row5], ....]
+        group_size := 10 #it's 5 but every row is represented by 2 items
+        num_chunks := ceil(count(rows) / group_size) - 1
+        indices := { b | b := numbers.range(0, num_chunks)[_] * group_size }
+    	fields:=[array.slice(rows, i, i + group_size) | i := indices[_]][_]
+
+        # builds markdown section based on slice
+
+        s := [
+        	{
+                "type": "section",
+                "text": {
+                    "type": "mrkdwn",
+                    "text": caption
+                }
+            },
+            {
+                "type": "section",
+                "fields":fields
+
+            }
+        ]
+	])
+}
+render_sections(rows, caption) = [] { #do not render section if provided collection is empty
+    count(rows) == 0
+}
+###########################################################################################################
+
+vln_list(severity) = l {
+    # builds list of rows for section for the given severity
+	vlnrb := [r |
+                    some j
+                    item := input.Results[0]
+                    vlnname := item.Vulnerabilities[j].VulnerabilityID
+
+                    fxvrsn := with_default(item.Vulnerabilities[j],"FixedVersion", "none")
+                    resource_name = with_default(item.Vulnerabilities[j], "PkgName", "none")
+                    resource_version = with_default(item.Vulnerabilities[j], "InstalledVersion", "none")
+
+                    #item.Vulnerabilities[j].Severity == severity
+
+                    r := [
+                    	{"type": "mrkdwn", "text": vlnname},
+                      {"type": "mrkdwn", "text": concat(" / ", [resource_name, resource_version, fxvrsn])}
+                    ]
+
+              ]
+    caption := sprintf("*%s severity vulnerabilities*", [severity])  #TODO make first char uppercase
+
+    headers := [
+        {"type": "mrkdwn", "text": "*Vulnerability ID*"},
+        {"type": "mrkdwn", "text": "*Resource name / Installed version / Fix version*"}
+    ]
+    rows := array.concat(headers, flat_array(vlnrb))
+
+    # split rows and wrap slices with markdown section
+    l := render_sections(rows, caption)
+}
+
+###########################################################################################################
+postee := with_default(input, "postee", {})
+aqua_server := with_default(postee, "AquaServer", "")
+
+title = sprintf("Vulnerability scan report",[]) # title is 
+aggregation_pkg := "postee.vuls.slack.trivy.aggregation"
+
+result = res {
+	severities := ["CRITICAL", "HIGH", "MEDIUM", "low", "negligible"]
+
+	headers := [
+    {"type":"section","text":{"type":"mrkdwn","text":sprintf("Image name: %s",  [input.ArtifactName])}},
+    {"type":"section","text":{"type":"mrkdwn","text":sprintf("Type: %s", [input.ArtifactType])}},
+    {
+        "type": "section",
+        "text": {
+            "type": "mrkdwn",
+            "text": "*Found vulnerabilities*"
+        }
+    }
+	  ]
+
+    res := flat_array([
+        headers,
+        vln_list("CRITICAL"), 
+     #   vln_list("HIGH"),
+     #   vln_list("MEDIUM"),
+     #   vln_list("low"),
+     #   vln_list("negligible"),
+    ])
+
+}
+
+