def perform_analyze_nodocker(userId, manifest, image_record, registry_creds):
ret_analyze = {}
ret_query = {}
localconfig = anchore_engine.configuration.localconfig.get_config()
try:
tmpdir = localconfig['tmp_dir']
except Exception as err:
logger.warn("could not get tmp_dir from localconfig - exception: " + str(err))
tmpdir = "/tmp"
# choose the first TODO possible more complex selection here
try:
image_detail = image_record['image_detail'][0]
registry_manifest = manifest
pullstring = image_detail['registry'] + "/" + image_detail['repo'] + "@" + image_detail['imageDigest']
fulltag = image_detail['registry'] + "/" + image_detail['repo'] + ":" + image_detail['tag']
logger.debug("using pullstring ("+str(pullstring)+") and fulltag ("+str(fulltag)+") to pull image data")
except Exception as err:
image_detail = pullstring = fulltag = None
raise Exception("failed to extract requisite information from image_record - exception: " + str(err))
timer = int(time.time())
logger.spew("TIMING MARK0: " + str(int(time.time()) - timer))
logger.info("performing analysis on image: " + str([userId, pullstring, fulltag]))
logger.debug("obtaining anchorelock..." + str(pullstring))
with localanchore.get_anchorelock(lockId=pullstring):
logger.debug("obtaining anchorelock successful: " + str(pullstring))
analyzed_image_report = localanchore_standalone.analyze_image(userId, registry_manifest, image_record, tmpdir, registry_creds=registry_creds)
ret_analyze = analyzed_image_report
logger.info("performing analysis on image complete: " + str(pullstring))
return (ret_analyze)
def perform_analyze_localanchore(userId,
manifest,
image_record,
registry_creds,
layer_cache_enable=False):
ret_analyze = {}
localconfig = anchore_engine.configuration.localconfig.get_config()
do_docker_cleanup = localconfig['cleanup_images']
try:
image_detail = image_record['image_detail'][0]
registry_manifest = manifest
pullstring = image_detail['registry'] + "/" + image_detail[
'repo'] + "@" + image_detail['imageDigest']
fulltag = image_detail['registry'] + "/" + image_detail[
'repo'] + ":" + image_detail['tag']
logger.debug("using pullstring (" + str(pullstring) +
") and fulltag (" + str(fulltag) + ") to pull image data")
except Exception as err:
image_detail = pullstring = fulltag = None
raise Exception(
"failed to extract requisite information from image_record - exception: "
+ str(err))
timer = int(time.time())
logger.spew("TIMING MARK0: " + str(int(time.time()) - timer))
logger.debug("obtaining anchorelock..." + str(pullstring))
with localanchore.get_anchorelock(lockId=pullstring):
logger.debug("obtaining anchorelock successful: " + str(pullstring))
logger.spew("TIMING MARK1: " + str(int(time.time()) - timer))
logger.info("performing analysis on image: " + str(pullstring))
# pull the digest, but also any tags associated with the image (that we know of) in order to populate the local docker image
try:
rc = localanchore.pull(userId,
pullstring,
image_detail,
pulltags=True,
registry_creds=registry_creds)
if not rc:
raise Exception("anchore analyze failed:")
pullstring = re.sub("sha256:", "", rc['Id'])
image_detail['imageId'] = pullstring
except Exception as err:
logger.error("error on pull: " + str(err))
raise err
logger.spew("TIMING MARK2: " + str(int(time.time()) - timer))
# analyze!
try:
rc = localanchore.analyze(pullstring, image_detail)
if not rc:
raise Exception("anchore analyze failed:")
except Exception as err:
logger.error("error on analyze: " + str(err))
raise err
logger.spew("TIMING MARK3: " + str(int(time.time()) - timer))
# get the result from anchore
logger.debug("retrieving image data from anchore")
try:
image_data = localanchore.get_image_export(pullstring,
image_detail)
if not image_data:
raise Exception("anchore image data export failed:")
except Exception as err:
logger.error("error on image export: " + str(err))
raise err
logger.spew("TIMING MARK5: " + str(int(time.time()) - timer))
try:
logger.debug("removing image: " + str(pullstring))
rc = localanchore.remove_image(pullstring,
docker_remove=do_docker_cleanup,
anchore_remove=True)
logger.debug("removing image complete: " + str(pullstring))
except Exception as err:
raise err
logger.spew("TIMING MARK6: " + str(int(time.time()) - timer))
ret_analyze = image_data
logger.info("performing analysis on image complete: " + str(pullstring))
return (ret_analyze)
def perform_analyze(userId, pullstring, fulltag, image_detail, registry_creds):
ret_analyze = {}
ret_query = {}
localconfig = anchore_engine.configuration.localconfig.get_config()
do_docker_cleanup = localconfig['cleanup_images']
timer = int(time.time())
logger.spew("TIMING MARK0: " + str(int(time.time()) - timer))
logger.debug("obtaining anchorelock..." + str(pullstring))
with localanchore.get_anchorelock(lockId=pullstring):
logger.debug("obtaining anchorelock successful: " + str(pullstring))
logger.spew("TIMING MARK1: " + str(int(time.time()) - timer))
logger.info("performing analysis on image: " + str(pullstring))
# pull the digest, but also any tags associated with the image (that we know of) in order to populate the local docker image
try:
rc = localanchore.pull(userId, pullstring, image_detail, pulltags=True,
registry_creds=registry_creds)
if not rc:
raise Exception("anchore analyze failed:")
pullstring = re.sub("sha256:", "", rc['Id'])
image_detail['imageId'] = pullstring
except Exception as err:
logger.error("error on pull: " + str(err))
raise err
logger.spew("TIMING MARK2: " + str(int(time.time()) - timer))
# analyze!
try:
rc = localanchore.analyze(pullstring, image_detail)
if not rc:
raise Exception("anchore analyze failed:")
except Exception as err:
logger.error("error on analyze: " + str(err))
raise err
logger.spew("TIMING MARK3: " + str(int(time.time()) - timer))
# query!
try:
query_data = localanchore.run_queries(pullstring, image_detail)
if not query_data:
raise Exception("anchore queries failed:")
except Exception as err:
logger.error("error on run_queries: " + str(err))
raise err
logger.spew("TIMING MARK4: " + str(int(time.time()) - timer))
# get the result from anchore
logger.debug("retrieving image data from anchore")
try:
image_data = localanchore.get_image_export(pullstring, image_detail)
if not image_data:
raise Exception("anchore image data export failed:")
except Exception as err:
logger.error("error on image export: " + str(err))
raise err
logger.spew("TIMING MARK5: " + str(int(time.time()) - timer))
try:
logger.debug("removing image: " + str(pullstring))
rc = localanchore.remove_image(pullstring, docker_remove=do_docker_cleanup,
anchore_remove=True)
logger.debug("removing image complete: " + str(pullstring))
except Exception as err:
raise err
logger.spew("TIMING MARK6: " + str(int(time.time()) - timer))
ret_analyze = image_data
ret_query = query_data
logger.info("performing analysis on image complete: " + str(pullstring))
return (ret_analyze, ret_query)
