Skip to content

Commit 5cf7fbc

Browse files
maheshacharyamaheshacharya
authored
Merge pull request #289 from blackducksoftware/skip_base_layer
Skip base layer
2 parents e274af8 + b872839 commit 5cf7fbc

File tree

2 files changed

+60
-42
lines changed

2 files changed

+60
-42
lines changed

examples/client/multi-image/manage_project_structure.py

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@
4848
Sub-projects could be specified in a text file with -ssf --subproject-spec-file parameter
4949
Each line will have to contain full image specification.
5050
Specification will be parsed and image name prefixed by -str parameter will be used as a sub-project name
51-
In this mode any image that is not residing on ciena.com repository will be skipped.
51+
In this mode any image that is not residing on //your domain for example abc.com// repository will be skipped.
5252
If -str parameter is empty, Project Name will be used instead.
5353
5454
Container image name scanned will be written into project version nickname field
@@ -84,6 +84,7 @@ def __init__(self, args):
8484
else:
8585
self.init_project_data(args)
8686
self.serialize = args.serialize
87+
self.skip_group=args.skip_group
8788

8889
def connect(self):
8990
self.client = Client(base_url=self.base_url, token=self.access_token, verify=self.no_verify, timeout=60.0, retries=4)
@@ -314,15 +315,17 @@ def process_text_spec_file(self,args):
314315
prefix = args.string_to_put_in_front_of_subproject_name
315316
if not prefix:
316317
prefix = args.project_name
317-
with open(args.subproject_spec_file, "r") as f:
318-
lines = f.read().splitlines()
319-
for line in lines:
320-
image_name = line.split('/')[-1].split(':')[0] # Don't look at me, you wrote it!
321-
sub_project_name = "_".join((prefix, image_name))
322-
spec_line = ":".join((sub_project_name, line))
323-
# if "ciena.com" in spec_line:
324-
project_list.append(spec_line)
325-
return (project_list)
318+
if args.subproject_spec_file is not None :
319+
with open(args.subproject_spec_file, "r") as f:
320+
lines = f.read().splitlines()
321+
for line in lines:
322+
#print(line)
323+
image_name = line.split('/')[-1].split(':')[0] # Don't look at me, you wrote it!
324+
sub_project_name = "_".join((prefix, image_name))
325+
spec_line = ":".join((sub_project_name, line))
326+
# if "//your domain ex. abc.com //" in spec_line:
327+
project_list.append(spec_line)
328+
return (project_list)
326329

327330
def get_child_spec_list(self,args):
328331
if args.subproject_list:
@@ -459,7 +462,8 @@ def scan_container_images(self):
459462
parent_version,
460463
detect_options,
461464
hub=hub,
462-
binary=self.binary
465+
binary=self.binary,
466+
skip_group = self.skip_group
463467
)
464468
child['scan_results'] = results
465469
except Exception as e:
@@ -537,6 +541,7 @@ def parse_command_args():
537541
parser.add_argument("-ifm", "--individual-file-matching", action='store_true', help="Turn Individual file matching on")
538542
parser.add_argument("--reprocess-run-file", help="Reprocess Failures from previous run report.")
539543
parser.add_argument("--serialize", action='store_true', help="Serialize scan submissions by adding --detect.wait.for.results=true to scan invocations")
544+
parser.add_argument("--skip-group", required=False, help="exclude layers belog to specific groups, ex. 'base' ")
540545
args = parser.parse_args()
541546
if not args.reprocess_run_file and not (args.project_name and args.version_name):
542547
parser.error("[ -p/--project-name and -pv/--version-name ] or --reprocess-run-file are required")
@@ -565,3 +570,5 @@ def main():
565570

566571
if __name__ == "__main__":
567572
sys.exit(main())
573+
574+

examples/client/multi-image/scan_docker_image_lite.py

Lines changed: 42 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ class ContainerImageScanner():
229229

230230
def __init__(
231231
self, hub, container_image_name, workdir='/tmp/workdir',
232-
grouping=None, base_image=None, dockerfile=None, detect_options=None):
232+
grouping=None, base_image=None, dockerfile=None, detect_options=None, skip_group=None):
233233
self.hub = hub
234234
self.hub_detect = Detector(hub)
235235
self.docker = DockerWrapper(workdir)
@@ -251,6 +251,11 @@ def __init__(
251251
if detect_options:
252252
self.extra_options = detect_options.split(" ")
253253
self.binary = False
254+
if skip_group:
255+
self.skip_group=skip_group.split(",")
256+
else:
257+
self.skip_group=[]
258+
254259

255260
def prepare_container_image(self):
256261
self.docker.initdir()
@@ -344,7 +349,7 @@ def process_container_image_by_base_image_info(self):
344349
layer['name'] = self.project_name + "_" + self.project_version + "_layer_" + str(num)
345350
self.layers.append(layer)
346351
num = num + 1
347-
# print (json.dumps(self.layers, indent=4))
352+
#print (json.dumps(self.layers, indent=4))
348353

349354
def process_oci_container_image_by_user_defined_groups(self):
350355
self.manifest = self.docker.read_manifest()
@@ -373,7 +378,7 @@ def process_oci_container_image_by_user_defined_groups(self):
373378
layer['name'] = self.project_name + "_" + self.project_version + "_layer_" + str(layer['index'])
374379
if not layer.get('empty_layer', False):
375380
layer['path'] = layer_paths.pop(0)
376-
# print (json.dumps(self.layers, indent=4))
381+
#print (json.dumps(self.layers, indent=4))
377382

378383
def get_group_name(self, groups, index):
379384
group_name = 'undefined'
@@ -408,34 +413,39 @@ def process_oci_container_image(self):
408413

409414
def submit_layer_scans(self):
410415
for layer in self.layers:
411-
if not layer.get('empty_layer', False):
412-
options = []
413-
options.append('--detect.project.name={}'.format(layer['project_name']))
414-
options.append('--detect.project.version.name="{}"'.format(layer['project_version']))
415-
options.append('--detect.code.location.name={}_{}_code_{}'.format(layer['name'],self.image_version,layer['path']))
416-
if self.binary:
417-
options.append('--detect.tools=BINARY_SCAN')
418-
options.append('--detect.binary.scan.file.path={}/{}'.format(self.docker.imagedir, layer['path']))
419-
else:
420-
options.append('--detect.tools=SIGNATURE_SCAN')
421-
if self.oci_layout:
422-
options.append('--detect.source.path={}/{}'.format(self.docker.imagedir, layer['path']))
416+
417+
#print(f"layer group name={layer['group_name']} skip_group ={self.skip_group}")
418+
419+
if layer['group_name'] not in self.skip_group:
420+
421+
if not layer.get('empty_layer', False):
422+
options = []
423+
options.append('--detect.project.name={}'.format(layer['project_name']))
424+
options.append('--detect.project.version.name="{}"'.format(layer['project_version']))
425+
options.append('--detect.code.location.name={}_{}_code_{}'.format(layer['name'],self.image_version,layer['path']))
426+
if self.binary:
427+
options.append('--detect.tools=BINARY_SCAN')
428+
options.append('--detect.binary.scan.file.path={}/{}'.format(self.docker.imagedir, layer['path']))
423429
else:
424-
options.append('--detect.source.path={}/{}'.format(self.docker.imagedir, layer['path'].split('/')[0]))
425-
if self.base_image or self.grouping or self.dockerfile:
426-
options.extend(self.adorn_extra_options(layer))
427-
else:
428-
options.extend(self.extra_options)
429-
logging.debug(f"Submitting scan for {layer['name']}")
430-
completed = self.hub_detect.detect_run(options)
431-
scan_results = dict()
432-
for key, value in vars(completed).items():
433-
if type(value) is bytes:
434-
scan_results[key] = value.decode('utf-8')
430+
options.append('--detect.tools=SIGNATURE_SCAN')
431+
if self.oci_layout:
432+
options.append('--detect.source.path={}/{}'.format(self.docker.imagedir, layer['path']))
433+
else:
434+
options.append('--detect.source.path={}/{}'.format(self.docker.imagedir, layer['path'].split('/')[0]))
435+
if self.base_image or self.grouping or self.dockerfile:
436+
options.extend(self.adorn_extra_options(layer))
435437
else:
436-
scan_results[key] = value
437-
layer['scan_results'] = scan_results
438-
logging.debug(f"Detect run for {layer['name']} completed with returncode {completed.returncode}")
438+
options.extend(self.extra_options)
439+
logging.debug(f"Submitting scan for {layer['name']}")
440+
completed = self.hub_detect.detect_run(options)
441+
scan_results = dict()
442+
for key, value in vars(completed).items():
443+
if type(value) is bytes:
444+
scan_results[key] = value.decode('utf-8')
445+
else:
446+
scan_results[key] = value
447+
layer['scan_results'] = scan_results
448+
logging.debug(f"Detect run for {layer['name']} completed with returncode {completed.returncode}")
439449

440450
def adorn_extra_options(self, layer):
441451
result = list()
@@ -486,15 +496,15 @@ def get_base_layers(self):
486496

487497
def scan_container_image(
488498
imagespec, grouping=None, base_image=None, dockerfile=None,
489-
project_name=None, project_version=None, detect_options=None, hub=None, binary=False):
499+
project_name=None, project_version=None, detect_options=None, hub=None, binary=False, skip_group=None ):
490500

491501
if hub:
492502
hub = hub
493503
else:
494504
hub = HubInstance()
495505
scanner = ContainerImageScanner(
496506
hub, imagespec, grouping=grouping, base_image=base_image,
497-
dockerfile=dockerfile, detect_options=detect_options)
507+
dockerfile=dockerfile, detect_options=detect_options, skip_group=skip_group)
498508
if project_name:
499509
scanner.project_name = project_name
500510
if project_version:
@@ -507,6 +517,7 @@ def scan_container_image(
507517
if binary:
508518
scanner.binary = True
509519
logging.info(f"Scanning image {imagespec}")
520+
510521
scanner.prepare_container_image()
511522
scanner.process_container_image()
512523
scanner.submit_layer_scans()

0 commit comments

Comments
 (0)