def GenerateReport(DEBUG, accesskey, secretkey, repo, image, tag): client = TenableIO(accesskey, secretkey) # Gather the list of repositories resp = client.get("container-security/api/v2/reports/" + repo + "/" + image + "/" + tag) respdata = json.loads(resp.text) if DEBUG: print("Response", respdata) print("\n\n") with open("tiocs-report.csv", "w") as csvfile: fieldnames = [ 'cve', 'severity', 'vuln publication date', 'affected packages', 'remediation', 'description' ] writer = csv.DictWriter(csvfile, fieldnames=fieldnames) writer.writeheader() for i in respdata['findings']: packages = "" for j in i['packages']: if packages != "": packages += "\n" if DEBUG: print("Software packages affected", j['name'], j['version']) packages = packages + ' ' + str(j['name']) + ' ' + str( j['version']) if DEBUG: print(i) print("\n\n") print("Package", i['packages']) print("NVD Finding", i['nvdFinding']) print("CVE", i['nvdFinding']['cve']) print("Severity", i['nvdFinding']['cvss_score']) print("Remediation", i['nvdFinding']['remediation']) print("Description", i['nvdFinding']['description']) print("Vulnerability publication date", i['nvdFinding']['published_date']) rowdict = { 'cve': i['nvdFinding']['cve'], 'severity': i['nvdFinding']['cvss_score'], 'vuln publication date': i['nvdFinding']['published_date'], 'remediation': str(i['nvdFinding']['remediation']), 'description': str(i['nvdFinding']['description']), 'affected packages': packages } writer.writerow(rowdict) csvfile.close() return
tio = TenableIO(tio_access_key, tio_secret_key) for i in docker_client.containers.list(): #print("Docker container name: ", i.name) #print("Docker container ID: ", i.id) #print("Docker short container ID: ", i.short_id) print("Docker image tags: ", i.image.tags) print("Docker image ID: ", i.image.id) print("Docker image short ID: ", i.image.short_id) image_id = re.search("sha256:([0-9a-f]{12}).*", i.image.id) if image_id is not None: print("Image ID:", image_id[1]) querystring = {"image_id": image_id[1]} url = "container-security/api/v1/reports/by_image" try: response = tio.get(url, params=querystring) json_response = response.json() print(f"Image risk score: {json_response['risk_score']}") except NotFoundError: print("Image not assessed previously by Tenable.io CS") i.image.tag(f"registry.cloud.tenable.com/{i.image.tags[0]}") #target_image = docker_client.images.get(f"registry.cloud.tenable.com/{i.image.tags[0]}") docker_client.images.push( f"registry.cloud.tenable.com/{i.image.tags[0]}", auth_config={ "username": tio_access_key, "password": tio_secret_key }) print( f"Image should now be assessed in Tenable.io. Image pushed to registry.cloud.tenable.com/{i.image.tags[0]}" )
def printuri(list1): print(color.YELLOW + "Fetching list of Scans..." + color.END) i = 1 for scan in list1: print("(" + str(i) + ") Application_URI: " + scan["application_uri"]) i = i + 1 sl.append(scan["scan_id"]) response1 = input(color.YELLOW + "Which scan do you want to analize?: " + color.END) response1 = int(response1) - 1 id1 = sl[response1] return id1 url = "was/v2/scans" querystring = {"ordering":"asc","page":"0","size":"10"} headers = {'accept': 'application/json'} resp = tio.get(url, headers=headers, params=querystring) list1 = json.loads(resp.text)["data"] if json.loads(resp.text)["total_size"] < 10: id1 = printuri(list1) else: listt = createlist(url,list1,json.loads(resp.text)["total_size"]) id1 = printuri(listt) url2 = "was/v2/scans/" + id1 + "/vulnerabilities" headers2 = {'accept': 'application/json'} querystring2 = {"ordering":"asc","page":"0","size":"10"} resp2 = tio.get(url2, headers=headers2, params=querystring2) list2 = json.loads(resp2.text)["data"] headers3 = {'accept': 'text/plain'}