contrib: Add minimum severity support to analyze-local-images
This commit is contained in:
parent
d73cfd116d
commit
910288fc97
@ -31,6 +31,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/coreos/clair/api/v1"
|
"github.com/coreos/clair/api/v1"
|
||||||
|
"github.com/coreos/clair/utils/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -43,6 +44,7 @@ func main() {
|
|||||||
// Parse command-line arguments.
|
// Parse command-line arguments.
|
||||||
endpoint := flag.String("endpoint", "http://127.0.0.1:6060", "Address to Clair API")
|
endpoint := flag.String("endpoint", "http://127.0.0.1:6060", "Address to Clair API")
|
||||||
myAddress := flag.String("my-address", "127.0.0.1", "Address from the point of view of Clair")
|
myAddress := flag.String("my-address", "127.0.0.1", "Address from the point of view of Clair")
|
||||||
|
minimumSeverity := flag.String("minimum-severity", "Negligible", "Minimum severity of vulnerabilities to show (Unknown, Negligible, Low, Medium, High, Critical, Defcon1)")
|
||||||
|
|
||||||
flag.Usage = func() {
|
flag.Usage = func() {
|
||||||
fmt.Fprintf(os.Stderr, "Usage: %s [options] image-id\n\nOptions:\n", os.Args[0])
|
fmt.Fprintf(os.Stderr, "Usage: %s [options] image-id\n\nOptions:\n", os.Args[0])
|
||||||
@ -57,6 +59,12 @@ func main() {
|
|||||||
}
|
}
|
||||||
imageName := flag.Args()[0]
|
imageName := flag.Args()[0]
|
||||||
|
|
||||||
|
minSeverity := types.Priority(*minimumSeverity)
|
||||||
|
if !minSeverity.IsValid() {
|
||||||
|
flag.Usage()
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
// Save image.
|
// Save image.
|
||||||
fmt.Printf("Saving %s\n", imageName)
|
fmt.Printf("Saving %s\n", imageName)
|
||||||
path, err := save(imageName)
|
path, err := save(imageName)
|
||||||
@ -130,11 +138,19 @@ func main() {
|
|||||||
fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName)
|
fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName)
|
||||||
|
|
||||||
if len(feature.Vulnerabilities) > 0 {
|
if len(feature.Vulnerabilities) > 0 {
|
||||||
isSafe = false
|
isFirstVulnerability := true
|
||||||
|
|
||||||
fmt.Printf(" - Added by: %s\n", feature.AddedBy)
|
|
||||||
|
|
||||||
for _, vulnerability := range feature.Vulnerabilities {
|
for _, vulnerability := range feature.Vulnerabilities {
|
||||||
|
if minSeverity.Compare(types.Priority(vulnerability.Severity)) > 0 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if isFirstVulnerability {
|
||||||
|
isSafe = false
|
||||||
|
isFirstVulnerability = false
|
||||||
|
fmt.Printf(" - Added by layer: %s\n", feature.AddedBy)
|
||||||
|
}
|
||||||
|
|
||||||
fmt.Printf("### (%s) %s\n", vulnerability.Severity, vulnerability.Name)
|
fmt.Printf("### (%s) %s\n", vulnerability.Severity, vulnerability.Name)
|
||||||
|
|
||||||
if vulnerability.Description != "" {
|
if vulnerability.Description != "" {
|
||||||
|
Loading…
Reference in New Issue
Block a user