arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #101 from Quentin-M/ctrb_minseverity

Browse Source 
contrib: Add minimum severity support to analyze-local-images
This commit is contained in:
Quentin Machu 2016-03-17 12:37:35 -04:00
commit 19b730ea67
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
contrib/analyze-local-images/main.go
View File

@ -31,6 +31,7 @@ import (
"time" "time"
"github.com/coreos/clair/api/v1" "github.com/coreos/clair/api/v1"
"github.com/coreos/clair/utils/types"
) )
const ( const (
@ -43,6 +44,7 @@ func main() {
// Parse command-line arguments. // Parse command-line arguments.
endpoint := flag.String("endpoint", "http://127.0.0.1:6060", "Address to Clair API") endpoint := flag.String("endpoint", "http://127.0.0.1:6060", "Address to Clair API")
myAddress := flag.String("my-address", "127.0.0.1", "Address from the point of view of Clair") myAddress := flag.String("my-address", "127.0.0.1", "Address from the point of view of Clair")
minimumSeverity := flag.String("minimum-severity", "Negligible", "Minimum severity of vulnerabilities to show (Unknown, Negligible, Low, Medium, High, Critical, Defcon1)")
flag.Usage = func() { flag.Usage = func() {
fmt.Fprintf(os.Stderr, "Usage: %s [options] image-id\n\nOptions:\n", os.Args[0]) fmt.Fprintf(os.Stderr, "Usage: %s [options] image-id\n\nOptions:\n", os.Args[0])
@ -57,6 +59,12 @@ func main() {
} }
imageName := flag.Args()[0] imageName := flag.Args()[0]
minSeverity := types.Priority(*minimumSeverity)
if !minSeverity.IsValid() {
flag.Usage()
os.Exit(1)
}
// Save image. // Save image.
fmt.Printf("Saving %s\n", imageName) fmt.Printf("Saving %s\n", imageName)
path, err := save(imageName) path, err := save(imageName)
@ -130,11 +138,19 @@ func main() {
fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName) fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName)
if len(feature.Vulnerabilities) > 0 { if len(feature.Vulnerabilities) > 0 {
isSafe = false isFirstVulnerability := true
fmt.Printf(" - Added by: %s\n", feature.AddedBy)
for _, vulnerability := range feature.Vulnerabilities { for _, vulnerability := range feature.Vulnerabilities {
if minSeverity.Compare(types.Priority(vulnerability.Severity)) > 0 {
continue
}
if isFirstVulnerability {
isSafe = false
isFirstVulnerability = false
fmt.Printf(" - Added by layer: %s\n", feature.AddedBy)
}
fmt.Printf("### (%s) %s\n", vulnerability.Severity, vulnerability.Name) fmt.Printf("### (%s) %s\n", vulnerability.Severity, vulnerability.Name)
if vulnerability.Description != "" { if vulnerability.Description != "" {