Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert trivy_scan.sh into python #2758

Merged
merged 7 commits into from
Jun 24, 2024
Merged

Convert trivy_scan.sh into python #2758

merged 7 commits into from
Jun 24, 2024

Conversation

hansinikarunarathne
Copy link
Member

Pull Request Template for Kubeflow manifests Issues

  • Please include a summary of changes and the related issue.
  • List any dependencies that are required for this change.
  • Please delete the options that are not relevant.
  • The following checklist will help you to satisfy the requirements.

✏️ A brief description of the changes

  • Convert trivy_scan.sh file fully into python

  • Implemented the same functionality in trivy_scan.sh file in python

✅ Contributor checklist

You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.

@hansinikarunarathne
Convert trivy_scan.sh into python
30cb4ab 
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@hansinikarunarathne
Chnage trivy.yaml
7893f9a 
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@hansinikarunarathne
fix the issue in yml pipeline
69b9fb6 
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@juliusvonkohout
Copy link
Member

juliusvonkohout commented Jun 24, 2024
edited
Loading

Does trivy.sh and trivy.py produce the exact same output? Please check that once and upload it here if possible.

juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
@juliusvonkohout juliusvonkohout self-assigned this Jun 24, 2024
@hansinikarunarathne
Copy link
Member Author

Below is the output of the trivy_scan.py
image

Below is the output of the trovy_scan.sh
image

There was an additional image in the manifest when running trivy_scan.py. I checked it and it is because there was a failure for that image when ran trivy_scan.sh. It is passed in the trivy_scan.py .

@juliusvonkohout
Copy link
Member

Amazing, did you get rid of the kustomize error messages? Please also adjust the github workflow such that it is triggered in this PR.

@hansinikarunarathne
create image-lists in the root and make chnages according to in the t…
ebc3766 
…rivy_scan.py

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@hansinikarunarathne
Add .gitkeep to track empty directory
0d7fdbe 
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@hansinikarunarathne
Fix a issue in a trivy_scan.yaml
5621640 
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@hansinikarunarathne
Copy link
Member Author

Amazing, did you get rid of the kustomize error messages? Please also adjust the github workflow such that it is triggered in this PR.

  1. I failed to get rid of the customize errors. And I documented those errors https://docs.google.com/document/d/1tP7FyIIXR1WziagqsZjgBNQ1d0YbdJOe30qoi_SqPA0/edit?usp=sharing
  2. I adjust the github workflow in the way to triggered in this PR

@hansinikarunarathne
make a fix in trivy_scan.py
6c2bd8f 
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
@juliusvonkohout
Copy link
Member

Please do not use .gitkeep, but generate the directory in python

@juliusvonkohout
Copy link
Member

/lgtm
/approve

@google-oss-prow google-oss-prow bot added the lgtm label Jun 24, 2024
@google-oss-prow Google OSS Prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: juliusvonkohout

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot merged commit 1b42748 into kubeflow:master Jun 24, 2024
4 checks passed
juliusvonkohout
juliusvonkohout reviewed Jun 24, 2024
View reviewed changes
hack/trivy_scan.py
print(f"The vulnerability detection may be insufficient because security updates are not provided for {image_name}:{image_tag}")
else:
severity_counts = {"LOW": 0, "MEDIUM": 0, "HIGH": 0, "CRITICAL": 0}
for vulns in vulnerabilities:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please consider proper names. e.g. for vulnerability in vulnerabilities for the follow up PR.

@juliusvonkohout juliusvonkohout mentioned this pull request Jun 25, 2024
Closed
10 tasks
@hansinikarunarathne hansinikarunarathne mentioned this pull request Jul 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliusvonkohout juliusvonkohout juliusvonkohout left review comments

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

Assignees

@juliusvonkohout juliusvonkohout

Labels
approved lgtm size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hansinikarunarathne @juliusvonkohout