From 8aebcde9e194853ff7dc3e90589951b041d43b3a Mon Sep 17 00:00:00 2001 From: Quentin Anglade Date: Tue, 14 Jan 2020 14:39:16 +0100 Subject: [PATCH] Feat: -trivyargs to pass custom CLI args to trivy. Version bump to 0.1.1 --- main.go | 30 ++++++++++++++++++++++++------ plugin.yaml | 2 +- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/main.go b/main.go index 89648e9..89642cd 100644 --- a/main.go +++ b/main.go @@ -47,7 +47,7 @@ ScannerLoop: return nil, images } -func scanImage(image string, ctx context.Context, cli *client.Client, cacheDir string, json bool) string { +func scanImage(image string, ctx context.Context, cli *client.Client, cacheDir string, json bool, trivyOpts string) string { config := container.Config{ Image: "aquasec/trivy", Cmd: []string{"--cache-dir", "/.cache"}, @@ -62,6 +62,7 @@ func scanImage(image string, ctx context.Context, cli *client.Client, cacheDir s } else { config.Cmd = append(config.Cmd, "-q") } + config.Cmd = append(config.Cmd, strings.Fields(trivyOpts)...) config.Cmd = append(config.Cmd, image) resp, err := cli.ContainerCreate(ctx, &config, &container.HostConfig{ Binds: []string{cacheDir + ":/.cache"}, @@ -90,16 +91,19 @@ func scanImage(image string, ctx context.Context, cli *client.Client, cacheDir s return string(outputContent) } -func scanChart(chart string, json bool, ctx context.Context, cli *client.Client, cacheDir string) { +func scanChart(chart string, json bool, ctx context.Context, cli *client.Client, cacheDir string, trivyOpts string) { log.Infof("Scanning chart %s", chart) jsonOutput := "" if err, images := getChartImages(chart); err != nil { - log.Fatalf("Could not find images for chart %v: %v\nDid you run 'help update ?'", chart, err) + log.Fatalf("Could not find images for chart %v: %v. Did you run 'helm repo update' ?", chart, err) } else { + if len(images) == 0 { + log.Fatalf("No images found in chart %s.", chart) + } log.Debugf("Found images for chart %v: %v", chart, images) for _, image := range images { log.Debugf("Scanning image %v", image) - output := scanImage(image, ctx, cli, cacheDir, json) + output := scanImage(image, ctx, cli, cacheDir, json, trivyOpts) if json { jsonOutput += output } else { @@ -115,11 +119,20 @@ func scanChart(chart string, json bool, ctx context.Context, cli *client.Client, func main() { var jsonOutput bool var noPull bool - var chart string + var chart string = "" + var trivyArgs = "" + + flag.Usage = func() { + fmt.Fprintf(os.Stderr, "Usage: helm trivy [options] \n") + fmt.Fprintf(os.Stderr, "Example: helm trivy -json stable/mariadb\n\n") + fmt.Fprintf(os.Stderr, "Options:\n") + flag.PrintDefaults() + } flag.BoolVar(&jsonOutput, "json", false, "Enable JSON output") flag.BoolVar(&debug, "debug", false, "Enable debug logging") flag.BoolVar(&noPull, "nopull", false, "Don't pull latest trivy image") + flag.StringVar(&trivyArgs, "trivyargs", "", "CLI args to passthrough to trivy") flag.Parse() if debug { @@ -133,6 +146,11 @@ func main() { chart = v break } + if chart == "" { + fmt.Fprintf(os.Stderr, "Error: No chart specified.\n") + flag.Usage() + os.Exit(2) + } ctx := context.Background() cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) @@ -164,5 +182,5 @@ func main() { os.Exit(0) }(cacheDir) - scanChart(chart, jsonOutput, ctx, cli, cacheDir) + scanChart(chart, jsonOutput, ctx, cli, cacheDir, trivyArgs) } diff --git a/plugin.yaml b/plugin.yaml index f337137..b41901a 100644 --- a/plugin.yaml +++ b/plugin.yaml @@ -1,6 +1,6 @@ --- name: "trivy" -version: "0.1.0" +version: "0.1.1" usage: "Check images in your charts for vulnerabilities" description: |- "Test your helm charts' docker images with trivy"