diff --git a/dojo/tools/trivy_operator/checks_handler.py b/dojo/tools/trivy_operator/checks_handler.py index 879213345c..9c7c7ecc16 100644 --- a/dojo/tools/trivy_operator/checks_handler.py +++ b/dojo/tools/trivy_operator/checks_handler.py @@ -17,7 +17,7 @@ class TrivyChecksHandler: - def handle_checks(self, endpoint, service, checks, test): + def handle_checks(self, endpoints, service, checks, test): findings = [] for check in checks: check_title = check.get("title") @@ -62,6 +62,6 @@ def handle_checks(self, endpoint, service, checks, test): ) if check_id: finding.unsaved_vulnerability_ids = [check_id] - finding.unsaved_endpoints.append(endpoint) + finding.unsaved_endpoints += endpoints findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/parser.py b/dojo/tools/trivy_operator/parser.py index 2d5cc2c2e8..2fc765b192 100644 --- a/dojo/tools/trivy_operator/parser.py +++ b/dojo/tools/trivy_operator/parser.py @@ -61,22 +61,39 @@ def handle_resource(self, data, test): resource_name = labels.get("trivy-operator.resource.name", "") container_name = labels.get("trivy-operator.container.name", "") - endpoint = Endpoint( + endpoints = [] + endpoints.append(Endpoint( host=resource_namespace, path=f"{resource_kind}/{resource_name}/{container_name}" - ) + )) + + if report.get("registry"): + if report.get("artifact"): + registry = report.get("registry").get("server", "unknown_registry") + artifact = report.get("artifact") + repository = artifact.get("repository", "unknown_repo") + tag = artifact.get("tag", "unknown_tag") + # having full path to an image (forward slashes) and a tag + # after colon as 'host' property of Endpoint makes an + # endpoint broken, although, this is a desired value. Thus, + # we abuse 'path' field for that. + artifact_name = repository.split("/")[-1] + endpoints.append(Endpoint( + host=f"{artifact_name}", + path=f"{registry}/{repository}:{tag}" + )) service = "" vulnerabilities = report.get("vulnerabilities", None) if vulnerabilities is not None: - findings += TrivyVulnerabilityHandler().handle_vulns(endpoint, service, vulnerabilities, test) + findings += TrivyVulnerabilityHandler().handle_vulns(endpoints, service, vulnerabilities, test) checks = report.get("checks", None) if checks is not None: - findings += TrivyChecksHandler().handle_checks(endpoint, service, checks, test) + findings += TrivyChecksHandler().handle_checks(endpoints, service, checks, test) secrets = report.get("secrets", None) if secrets is not None: - findings += TrivySecretsHandler().handle_secrets(endpoint, service, secrets, test) + findings += TrivySecretsHandler().handle_secrets(endpoints, service, secrets, test) elif benchmarkreport is not None: findings += TrivyComplianceHandler().handle_compliance(benchmarkreport, test) return findings diff --git a/dojo/tools/trivy_operator/secrets_handler.py b/dojo/tools/trivy_operator/secrets_handler.py index 068f90d0f8..4a5ae2345b 100644 --- a/dojo/tools/trivy_operator/secrets_handler.py +++ b/dojo/tools/trivy_operator/secrets_handler.py @@ -15,7 +15,7 @@ class TrivySecretsHandler: - def handle_secrets(self, endpoint, service, secrets, test): + def handle_secrets(self, endpoints, service, secrets, test): findings = [] for secret in secrets: secret_title = secret.get("title") @@ -45,6 +45,6 @@ def handle_secrets(self, endpoint, service, secrets, test): ) if secret_rule_id: finding.unsaved_vulnerability_ids = [secret_rule_id] - finding.unsaved_endpoints.append(endpoint) + finding.unsaved_endpoints += endpoints findings.append(finding) return findings diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py index 21d038f1fd..9994d48007 100644 --- a/dojo/tools/trivy_operator/vulnerability_handler.py +++ b/dojo/tools/trivy_operator/vulnerability_handler.py @@ -17,7 +17,7 @@ class TrivyVulnerabilityHandler: - def handle_vulns(self, endpoint, service, vulnerabilities, test): + def handle_vulns(self, endpoints, service, vulnerabilities, test): findings = [] for vulnerability in vulnerabilities: vuln_id = vulnerability.get("vulnerabilityID", "0") @@ -87,6 +87,6 @@ def handle_vulns(self, endpoint, service, vulnerabilities, test): ) if vuln_id: finding.unsaved_vulnerability_ids = [vuln_id] - finding.unsaved_endpoints.append(endpoint) + finding.unsaved_endpoints += endpoints findings.append(finding) return findings