def processing_mode(self):
return ProcessingMode(self.raw.get('processing_mode'))
def validate(self):
super().validate()
# Use enum.Enum's validation to validate configured processing mode.
ProcessingMode(self.processing_mode())
def scan_without_notification(
protecode_cfg_name: str,
protecode_group_id: str,
component_descriptor_path: str,
parallel_jobs: int=2,
processing_mode: str='rescan',
cve_threshold: float=7.0,
protecode_api_url=None,
allowed_licenses: typing.List[str] = [],
prohibited_licenses: typing.List[str] = [],
reference_protecode_group_ids: typing.List[int] = [],
include_image_references: typing.List[str] = [],
exclude_image_references: typing.List[str] = [],
include_image_names: typing.List[str] = [],
exclude_image_names: typing.List[str] = [],
include_component_names: typing.List[str] = [],
exclude_component_names: typing.List[str] = [],
no_license_report: bool = False,
):
cfg_factory = ci.util.ctx().cfg_factory()
protecode_cfg = cfg_factory.protecode(protecode_cfg_name)
if not protecode_api_url:
protecode_api_url = protecode_cfg.api_url()
logger.info(f'Using Protecode at: {protecode_api_url}')
protecode_group_url = f'{protecode_api_url}/group/{protecode_group_id}/'
cd = component_descriptor_util.component_descriptor_from_component_descriptor_path(
cd_path=component_descriptor_path,
)
protecode_api_url = protecode_cfg.api_url()
protecode_group_url = ci.util.urljoin(protecode_api_url, 'group', str(protecode_group_id))
filter_function = concourse.steps.images.create_composite_filter_function(
include_image_references=include_image_references,
exclude_image_references=exclude_image_references,
include_image_names=include_image_names,
exclude_image_names=exclude_image_names,
include_component_names=include_component_names,
exclude_component_names=exclude_component_names,
)
cvss_version = CVSSVersion.V3
concourse.steps.scan_container_images.print_protecode_info_table(
protecode_group_id=protecode_group_id,
reference_protecode_group_ids=reference_protecode_group_ids,
protecode_group_url=protecode_group_url,
cvss_version=cvss_version,
include_image_references=include_image_references,
exclude_image_references=exclude_image_references,
include_image_names=include_image_names,
exclude_image_names=exclude_image_names,
include_component_names=include_component_names,
exclude_component_names=exclude_component_names,
)
logger.info('running protecode scan for all components')
results = _upload_grouped_images(
protecode_cfg=protecode_cfg,
protecode_group_id=protecode_group_id,
component_descriptor=cd,
reference_group_ids=reference_protecode_group_ids,
processing_mode=ProcessingMode(processing_mode),
parallel_jobs=parallel_jobs,
cve_threshold=cve_threshold,
image_reference_filter=filter_function,
cvss_version=cvss_version,
)
results_above_threshold = [r for r in results if r.greatest_cve_score >= cve_threshold]
results_below_threshold = [r for r in results if r.greatest_cve_score < cve_threshold]
logger.info('Summary of found vulnerabilities:')
logger.info(f'{len(results_above_threshold)=}; {results_above_threshold=}')
logger.info(f'{len(results_below_threshold)=}; {results_below_threshold=}')