Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ inputs:
required: false
cli-scanner-version:
description: Custom sysdig-cli-scanner version to download. Oldest supported version is 1.26.0.
default: "1.24.1"
default: "1.26.0"
required: false
cli-scanner-sha256sum:
description: 'SHA256 sum of the Sysdig CLI scanner binary to verify the download.'
Expand Down
49 changes: 21 additions & 28 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion dist/index.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "secure-inline-scan-action",
"version": "6.3.5",
"version": "6.3.6",
"description": "This actions performs image analysis on locally built container image and posts the result of the analysis to Sysdig Secure.",
"main": "index.js",
"scripts": {
Expand Down
2 changes: 1 addition & 1 deletion src/domain/scanresult/Package.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ export class Package {
public readonly name: string,
public readonly version: Version,
public readonly path: string,
public readonly foundInLayer: Layer
public readonly foundInLayer: Layer | null
) { }

addVulnerability(vulnerability: Vulnerability) {
Expand Down
4 changes: 2 additions & 2 deletions src/domain/scanresult/ScanResult.ts
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,10 @@ export class ScanResult {
name: string,
version: string,
path: string,
foundInLayer: Layer
foundInLayer: Layer | null
): Package {
const pkg = new Package(id, packageType, name, new Version(version), path, foundInLayer);
foundInLayer.addPackage(pkg);
if (foundInLayer) foundInLayer.addPackage(pkg);
this.packages.add(pkg);
return pkg;
}
Expand Down
2 changes: 1 addition & 1 deletion src/domain/scanresult/Vulnerability.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ export class Vulnerability {
getFoundInLayers(): Layer[] {
const layers = new Set<Layer>();
for (const pkg of this.foundInPackages) {
layers.add(pkg.foundInLayer);
if (pkg.foundInLayer) layers.add(pkg.foundInLayer);
}
return Array.from(layers);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,18 +99,20 @@ export class JsonScanResultV1ToScanResultAdapter {
private addPackages(reportResult: ReportResult, scanResult: ScanResult): void {
for (const key in reportResult.packages) {
const pkgData = reportResult.packages[key];
const JsonLayer = reportResult.layers[pkgData.layerRef];
if (!JsonLayer) continue;

const layer = scanResult.findLayerByDigest(JsonLayer.digest ?? '');
if (!layer) continue;
let layer = null;
if (pkgData.layerRef) {
const jsonLayer = reportResult.layers[pkgData.layerRef];
if (jsonLayer) {
layer = scanResult.findLayerByDigest(jsonLayer.digest ?? '') ?? null;
}
}

const pkg = scanResult.addPackage(
key,
PackageType.fromString(pkgData.type),
pkgData.name,
pkgData.version,
pkgData.path,
pkgData.path ?? '',
layer
);

Expand Down Expand Up @@ -180,9 +182,10 @@ export class JsonScanResultV1ToScanResultAdapter {
bundle
);
for (const failureData of ruleData.failures ?? []) {
const pkg = scanResult.findPackageByID(failureData.packageRef)!;
let jsonVuln = reportResult.vulnerabilities[failureData.vulnerabilityRef] as JsonVulnerability;
const vuln = scanResult.findVulnerabilityByCve(jsonVuln.name)!;
const pkg = scanResult.findPackageByID(failureData.packageRef);
const jsonVuln = reportResult.vulnerabilities[failureData.vulnerabilityRef] as JsonVulnerability;
const vuln = jsonVuln ? scanResult.findVulnerabilityByCve(jsonVuln.name) : undefined;
if (!pkg || !vuln) continue;

rule.addFailure(
failureData.description || "",
Expand Down
17 changes: 2 additions & 15 deletions src/infrastructure/sysdig/SysdigCliScanner.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import * as core from '@actions/core';
import * as exec from '@actions/exec';
import * as fs from 'fs';
import process from 'process';
import { IScanner } from '../../application/ports/IScanner';
import { ComposeFlags, ScanMode } from '../../application/ports/ScannerDTOs';
Expand All @@ -26,7 +27,6 @@ export class SysdigCliScanner implements IScanner {
const scanFlags = this.composeFlags(config);
let { envvars, flags } = scanFlags;
let execOutput = '';
let errOutput = '';


const scanOptions: exec.ExecOptions = {
Expand All @@ -48,19 +48,6 @@ export class SysdigCliScanner implements IScanner {
}
};

const catOptions: exec.ExecOptions = {
silent: true,
ignoreReturnCode: true,
listeners: {
stdout: (data) => {
execOutput += data.toString();
},
stderr: (data) => {
errOutput += data.toString();
}
}
}

let start = performance.now();
const command = scannerPath;
const loggableFlags = flags.map(flag => flag.includes(' ') ? `"${flag}"` : flag);
Expand All @@ -75,11 +62,11 @@ export class SysdigCliScanner implements IScanner {

// VM mode: Parse JSON output
if (retCode == 0 || retCode == 1) {
await exec.exec(`cat ./${cliScannerResult}`, undefined, catOptions);
core.setOutput("scanReport", `./${cliScannerResult}`);
}

try {
execOutput = fs.readFileSync(`./${cliScannerResult}`, 'utf-8');
const jsonScanResult = JSON.parse(execOutput) as JsonScanResultV1;
return new JsonScanResultV1ToScanResultAdapter().toScanResult(jsonScanResult);
} catch (e) {
Expand Down
Loading
Loading