-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
postee.trivyoperator.slack rego template enhancements #469
Comments
thanks for filing this, happy to review a PR if you'd like to contribute this. cc @souravsk - this issue might be of interest to you if you're looking to contribute. As always, let us know if you need any help getting started. |
@simar7 ya happy to help. can you let me know where to start |
@souravsk under rego-templates dir there is a trivy-operator-slack.rego file, it should be update with the aforementioned requirements. You may also reuse trivy-jira.rego file |
@grglzrv what is the command to get the output that you are showing. I want to check it some explem and see the output. |
hey @grglzrv |
@souravsk it's a slack notification message |
I want to know from where I can get all this data to display.
or i have to do something else to get all this data to show the correct information |
Hi @souravsk this changes wont work, you need to install Trivy Operator, which has to be integrated with Postee. Postee will receive Vulnerability reports from the Trivy Operator as json format, so you need to write rego template for that {
"updateTimestamp": "2022-09-28 │T06:21:55Z",
"scanner": {
"name": "Trivy",
"vendor": "Aqua Security",
"version": "0.31.3"
},
"registry": {
"server": "ghcr.io"
},
"artifact": {
"repository": "fluxcd/image-reflector-controller",
"tag": "v0.20.1"
},
"summary": {
"criticalCount": 0,
"highCount": 1,
"mediumCount": 0,
"lowCount": 0,
"unknownCount": 0,
"noneCount": 0
},
"vulnerabilities": [
{
"vulnerabilityID": "CVE-2022-27664",
"resource": "golang.org/x/net",
"installedVersion": "v0.0.0-20220722155237-a1 58d28d115b",
"fixedVersion": "0.0.0-20220906165146-f3363e06e74c",
"severity": "HIGH",
"title": "title1",
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27664",
"links": [],
"score": 7.5,
"target": ""
},
{
"vulnerabilityID": "CVE-2022-27664",
"resource": "golang.org/x/net",
"installedVersion": "v0.0.0-20220722155237-a1 58d28d115b",
"fixedVersion": "0.0.0-20220906165146-f3363e06e74c",
"severity": "HIGH",
"title": "title2",
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27664",
"links": [],
"score": 7.5,
"target": ""
}
]
} you may use this website https://play.openpolicyagent.org/ in order to test the above json with your code. Bare in mind that vuln reports are maps , so you need you to use |
I just wrote some template only for Vuln reports, you may improve it and add the code from the current template package postee.trivyoperator.slack
tpl :=`
<p> Severity: %s </p>
<p> vulnerabilityID: %s </p>
<p> primaryLink: %s </p>
`
vulnIDs := vulnIdResult {
var := [ scan |
item1:=input.vulnerabilities[i].vulnerabilityID
scan:=item1
]
vulnIdResult:= concat("n", (var))
}
svrt := svrtResult {
var := [ scan |
item1:=input.vulnerabilities[i].severity
scan:=item1
]
svrtResult:= concat("\n", (var))
}
link := linkResult {
var := [ scan |
item1:=input.vulnerabilities[i].primaryLink
scan:=item1
]
linkResult:= concat("\n", (var))
}
result:= res {
res:= sprintf(tpl, [
svrt,
vulnIDs,
link
])
} |
okay |
Hey. @grglzrv do I have to make a new rego file so I just use the |
|
Not exactly cuz you need to separate the both vuln reports 0: and 1: . You need make list for - vuln id, installed versio, fixed versio, severity etc then you need to use |
@simar7 could you please give him some hits here, thanks |
Okya I understand the separation 0 and 1 index but I don't understand where we need the loop function |
input.vulnerabilities[i].severity - its a current situation I mean input.vulnerabilities[i].[j] Then you need to loop them into the result:= as well |
Sorry for replying this late
I tried like this but it is show error in |
Yes, i just gave you an example |
yes but it's showing an error in this |
@souravsk - can you share the link to your rego playground so we can help you better? |
is there any example of this type of rego file I just learn the basics of the rego language for this issue that's why I'm having head time understanding how this works. if this was in another language then I would have done it. so if you have any rego file where function and array are used then I can understand better. |
Take a look at some examples in the Postee repo. I recall there are some usages of loops. |
copied the existing jira template and made it suitable for the trivy operator report , think it can also be used for slack or at least as example: #595 looping through vulnerabilities:
|
example for slack : #597 |
Description
I would like to request some enhancements for postee.trivyoperator.slack template.
postee.trivyoperator.slack template gives very simple information, for example:
Could you please add more info?
for example:
if its possible to be in html format as severity type to be in the correct color, for example: CRITICAL - red, etc .
The text was updated successfully, but these errors were encountered: