Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(db): Add dbRepository flag to get advisory database from OCI registry #1873

Merged
merged 7 commits into from
Mar 31, 2022
Merged

feat(db): Add dbRepository flag to get advisory database from OCI registry #1873

merged 7 commits into from
Mar 31, 2022

Conversation

ksashikumar
Copy link
Contributor

@ksashikumar ksashikumar commented Mar 23, 2022
edited
Loading

Description

This MR adds a new option --db-repository to download the vulnerability database from an external OCI registry. This will be helpful for GitLab's Cluster Image Scanning to use GitLab's Advisory DB.

Related issue in GitLab: #350232

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • [-] I've included a "before" and "after" example to the description (if the PR is a user interface change).

@ksashikumar ksashikumar force-pushed the sk/add-db-repository branch from 90b8f47 to bd243bc Compare March 23, 2022 15:23
knqyf263
knqyf263 reviewed Mar 23, 2022
View reviewed changes
pkg/db/db.go Outdated
@@ -132,13 +129,13 @@ func (c *Client) isNewDB(meta metadata.Metadata) bool {
}

// Download downloads the DB file
func (c *Client) Download(ctx context.Context, dst string) error {
func (c *Client) Download(ctx context.Context, dst string, dbRepository string) error {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we add WithDBRepository here?

trivy/pkg/db/db.go

Lines 26 to 46 in bd243bc

type options struct {
artifact *oci.Artifact
clock clock.Clock
}
// Option is a functional option
type Option func(*options)
// WithOCIArtifact takes an OCI artifact
func WithOCIArtifact(art *oci.Artifact) Option {
return func(opts *options) {
opts.artifact = art
}
}
// WithClock takes a clock
func WithClock(clock clock.Clock) Option {
return func(opts *options) {
opts.clock = clock
}
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea! I've updated it 👍

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update.

@CLAassistant
Copy link

CLAassistant commented Mar 23, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@ksashikumar ksashikumar marked this pull request as ready for review March 23, 2022 16:30
@ksashikumar ksashikumar mentioned this pull request Mar 24, 2022
Merged
@ksashikumar ksashikumar requested a review from knqyf263 March 24, 2022 17:45
knqyf263
knqyf263 reviewed Mar 28, 2022
View reviewed changes
pkg/db/db.go Show resolved Hide resolved
pkg/rpc/server/listen.go Outdated
@@ -50,7 +51,7 @@ func (s Server) ListenAndServe(serverCache cache.Cache) error {
dbUpdateWg := &sync.WaitGroup{}

go func() {
worker := newDBWorker(dbc.NewClient(s.cacheDir, true))
worker := newDBWorker(dbc.NewClient(s.cacheDir, true, dbc.WithDBRepository(dbRepository)))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then, we don't have to pass the default value here.

pkg/db/db_test.go Outdated
@@ -206,7 +207,7 @@ func TestClient_Download(t *testing.T) {
art, err := oci.NewArtifact("db", mediaType, true, oci.WithImage(img))
require.NoError(t, err)

client := db.NewClient(cacheDir, true, db.WithOCIArtifact(art), db.WithClock(timeDownloadedAt))
client := db.NewClient(cacheDir, true, db.WithOCIArtifact(art), db.WithClock(timeDownloadedAt), db.WithDBRepository(dbRepository))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

pkg/db/db.go Outdated
@@ -171,7 +178,7 @@ func (c *Client) updateDownloadedAt(dst string) error {
return nil
}

func (c *Client) populateOCIArtifact() error {
func (c *Client) populateOCIArtifact(dbRepository string) error {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have dbRepository as a member of Client. Do we need to pass it as an argument? We can access c.dbRepository in this method.

pkg/db/db.go Outdated
@@ -171,7 +178,7 @@ func (c *Client) updateDownloadedAt(dst string) error {
return nil
}

func (c *Client) populateOCIArtifact() error {
func (c *Client) populateOCIArtifact(dbRepository string) error {
if c.artifact == nil {
repo := fmt.Sprintf("%s:%d", dbRepository, db.SchemaVersion)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like

Suggested change
repo := fmt.Sprintf("%s:%d", dbRepository, db.SchemaVersion)
repo := fmt.Sprintf("%s:%d", c.dbRepository, db.SchemaVersion)

pkg/commands/operation/operation.go Outdated
@@ -106,6 +106,7 @@ func DownloadDB(appVersion, cacheDir string, quiet, skipUpdate bool) error {
if needsUpdate {
log.Logger.Info("Need to update DB")
log.Logger.Info("Downloading DB...")
log.Logger.Infof("Repository: %s", dbRepository)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I want to put it before Downloading DB....

@ksashikumar ksashikumar force-pushed the sk/add-db-repository branch from 62d86e7 to 1dceb4f Compare March 28, 2022 16:39
@ksashikumar ksashikumar requested a review from knqyf263 March 28, 2022 16:39
@ksashikumar
Copy link
Contributor Author

@knqyf263 Thanks for the great comments, I've addressed them. Could you please take a look again?

knqyf263
knqyf263 approved these changes Mar 31, 2022
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks for the contribution!

@knqyf263
Copy link
Collaborator

I'll fix the lint issues

@knqyf263 knqyf263 merged commit 0210567 into aquasecurity:main Mar 31, 2022
@ksashikumar
Copy link
Contributor Author

Looks great! Thanks for the contribution!

Thanks for helping me to merge this 👍 🙏

@ksashikumar ksashikumar deleted the sk/add-db-repository branch March 31, 2022 15:30
@knqyf263 knqyf263 mentioned this pull request Apr 7, 2022
Merged
8 tasks
@knqyf263 knqyf263 mentioned this pull request May 31, 2022
Closed
liamg pushed a commit that referenced this pull request Jun 7, 2022
@ksashikumar @knqyf263
feat(db): Add dbRepository flag to get advisory database from OCI reg…
83cb99a 
…istry (#1873)

Co-authored-by: knqyf263 <[email protected]>
This was referenced Jun 16, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ksashikumar @CLAassistant @knqyf263