Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-02-15 00:57:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kubescape] Release 3.0.7-debian-12-r1 (#63894)

Browse Source 
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot
2024-03-19 14:02:25 +01:00
committed by GitHub
parent dd26b99a25
commit 5957bd340e
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bitnami/kubescape/3/debian-12/Dockerfile
View File

@@ -7,10 +7,10 @@ ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-03-18T11:36:20Z" \
org.opencontainers.image.created="2024-03-19T12:37:19Z" \
org.opencontainers.image.description="Application packaged by VMware, Inc" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="3.0.7-debian-12-r0" \
org.opencontainers.image.ref.name="3.0.7-debian-12-r1" \
org.opencontainers.image.title="kubescape" \
org.opencontainers.image.vendor="VMware, Inc." \
org.opencontainers.image.version="3.0.7"

17
bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh
View File

@@ -163,32 +163,33 @@ kubescape_oss_assessment() {
read -r -a unique_matching_images <<< "$(echo "${matching_images[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')"
! is_boolean_yes "$silent" && info "Scanning images ${unique_matching_images[*]}"
images_scanned=0
images_success_scanned=0
# For each image available in Tanzu Application Catalog, add a vulnerability report to the original project scan
for image in "${unique_matching_images[@]}"; do
! is_boolean_yes "$silent" && info "Running command '${cmd} ${scan_image_args[*]} ${image}'"
KUBESCAPE_IMAGE_OUTPUT=""
info "Scanning image $((images_scanned + 1)) out of ${#unique_matching_images[@]}: ${image}"
for ((i = 1; i <= retries; i += 1)); do
KUBESCAPE_IMAGE_OUTPUT="$(${cmd} "${scan_image_args[@]}" "${image}" 2> /dev/null || echo '')"
if [[ -n "$KUBESCAPE_IMAGE_OUTPUT" ]]; then
debug "Result: $KUBESCAPE_IMAGE_OUTPUT"
break
else
! is_boolean_yes "$silent" && warn "Image scan failed. Retrying... ${i}/${retries}"
! is_boolean_yes "$silent" && debug "Image scan failed. Retrying... ${i}/${retries}"
fi
done
if [[ -n "$KUBESCAPE_IMAGE_OUTPUT" ]]; then
KUBESCAPE_IMAGE_VULNS="$(jq --arg image "$image" '{imageID: $image, vulnerabilities: [.matches[].vulnerability | {id, severity}]}' <(echo "$KUBESCAPE_IMAGE_OUTPUT"))"
KUBESCAPE_OUTPUT="$(jq '.security += [input]' <(echo "$KUBESCAPE_OUTPUT") <(echo "$KUBESCAPE_IMAGE_VULNS"))"
info "Image successfully scanned."
images_scanned="$((images_scanned + 1))"
images_success_scanned="$((images_success_scanned + 1))"
else
warn "Failed to scan image '${image}' after several attempts."
debug "Failed to scan image '${image}' after several attempts."
fi
images_scanned="$((images_scanned + 1))"
done
info "Report contains ${images_scanned}/${#unique_matching_images[@]} images available in Tanzu Application Catalog"
info "Total scanned: ${images_success_scanned} out of ${#unique_matching_images[@]}"
! is_boolean_yes "$silent" && info "OSS Assessment report successfully generated"
if [[ -n "$output" ]]; then
@@ -196,4 +197,8 @@ kubescape_oss_assessment() {
else
echo "$KUBESCAPE_OUTPUT"
fi
if [[ "${images_success_scanned}" != "${#unique_matching_images[@]}" ]]; then
info "For getting a more complete report, visit the OSS Health Assessment FAQ to scan images from private repositories."
fi
}