Skip to content

Images scan #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wisnuyudis wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Images scan #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
922f1fe
add some fiture then can out of error mssg
Jun 4, 2024
db8583b
add checking summary condition
Jun 5, 2024
696f6d3
docker image scaning
Jun 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions linux/pipe/ASoC.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def checkAuth(self):
resp = requests.get(f"{self.base_url}/api/V2/Account/TenantInfo", headers=headers)
return resp.status_code == 200

def generateIRX(self, scanName, appscanBin, stdoutFilePath = "", configFile=None, secret_scanning=False, printio=True):
def generateIRX(self, scanName, appscanBin, stdoutFilePath = "", configFile=None, imageName="", secret_scanning=False, printio=True):
enableSecrets = ""
if secret_scanning:
enableSecrets = "--enableSecrets"
Expand All @@ -53,9 +53,11 @@ def generateIRX(self, scanName, appscanBin, stdoutFilePath = "", configFile=None

with io.open(stdoutFile, 'wb') as writer, io.open(stdoutFile, 'rb') as reader:
if(configFile):
process = subprocess.Popen([appscanBin, "prepare", "-c", configFile, "-n", scanName, enableSecrets], stdout=writer)
#process = subprocess.Popen([appscanBin, "prepare", "-c", configFile, "-n", scanName, enableSecrets], stdout=writer)
process = subprocess.Popen([appscanBin, "prepare_sca", "-c", configFile, "-n", scanName, "-image", imageName, enableSecrets], stdout=writer)
else:
process = subprocess.Popen([appscanBin, "prepare", "-n", scanName, enableSecrets], stdout=writer)
#process = subprocess.Popen([appscanBin, "prepare", "-n", scanName, enableSecrets], stdout=writer)
process = subprocess.Popen([appscanBin, "prepare_sca", "-n", scanName, "-image", imageName, enableSecrets], stdout=writer)
while process.poll() is None:
if(printio):
sys.stdout.write(reader.read().decode('ascii'))
Expand Down Expand Up @@ -99,10 +101,12 @@ def createSastScan(self, scanName, appId, irxFileId, comment=""):
"Authorization": "Bearer "+self.token
}
resp = requests.post(f"{self.base_url}/api/v2/Scans/StaticAnalyzer", headers=headers, data=data)
if(resp.status_code == 201):
if resp.status_code == 201:
scanId = resp.json()["Id"]
return scanId
return None
else:
return {"status": "error", "error": resp.json(), "status_code": resp.status_code, "data": data}


def getScanStatus(self, scanId):
headers = {
Expand Down
17 changes: 15 additions & 2 deletions linux/pipe/RunSAST.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,17 @@ def run(self):
logger.debug("Scan Summary:\n"+json.dumps(summary, indent=2))
logger.info("========== Step 4: Complete =======================\n")

#Step 4.5: Checking a report
# logger.info("========== Step 4.5: Checking a report =============")
# # If the report have a Critical issue & High Issue then exit the program
# if(summary["critical_issues"]>0 or summary["high_issues"]>0):
# logger.error(f'Critical : {summary["critical_issues"]} or High : {summary["high_issues"]} issues found. Exiting')
# self.fail(message="Error Running ASoC SAST Pipeline")
# return False
# else:
# logger.info("No critical issues found")
# logger.info("========== Step 4.5: Complete =======================\n")

#Step 5: Download the Scan Report
logger.info("========== Step 5: Download Scan Report ===========")
notes = ""
Expand Down Expand Up @@ -301,7 +312,7 @@ def genIrx(self, scanName, appscanPath, targetPath, reportsDir, configFile=None,
logger.info(f"Secret Scanning Enabled: [{secret_scanning}]")

logger.info("Running AppScan Prepare")
irxFile = self.asoc.generateIRX(scanName, appscanPath, reportsDir, configFile, secret_scanning, self.debug)
irxFile = self.asoc.generateIRX(scanName, appscanPath, reportsDir, configFile, self.repo, secret_scanning, self.debug)
if(irxFile is None):
logger.error("IRX Not Generated")
return None
Expand Down Expand Up @@ -365,11 +376,13 @@ def runScan(self, scanName, appId, irxPath, comment="", wait=True):
logger.debug("Running Scan")
scanId = self.asoc.createSastScan(scanName, appId, fileId, comment)

if(scanId):
if(len(scanId) == 36):
logger.info("Scan Created")
logger.info(f"ScanId: [{scanId}]")
else:
logger.error("Scan not created!")
logger.error(scanId['error'])
logger.error(scanId['data'])
return None

#If Wait=False, return now with scanId
Expand Down