Added support for Docker Inspector and some cosmetic changes

Author: subham-sps

examples/scan_docker_image.py

@@ -14,7 +14,9 @@
 
       repository/image-name:version
 
-Main project will be named "repository/image-name" and will have "version" as a version
+Main project will be named "Docker_repository/image-name" and will have "version" as a version
+
+Docker Inspector scan project will be named as DI_"repository/image-name" and will have "version" as a version
 
 Sub-projects for layers will be named as
       repository/image-name_layer_1
@@ -149,13 +151,26 @@ def detect_run(self, options=['--help']):
         cmd.extend(options)
         subprocess.run(cmd)
 
+    def detect_inspector_run(self, options=['--help']):
+        cmd = ['bash']
+        cmd.append(self.filename)
+        cmd.append('--blackduck.url=%s' % self.baseurl)
+        cmd.append('--blackduck.api.token=' + self.token)
+        cmd.append('--blackduck.trust.cert=true')
+        cmd.append('--detect.tools=DOCKER')
+        #cmd.append('--detect.docker.inspector.air.gap.path=/root/packaged-inspectors/docker')
+        cmd.extend(options)
+        subprocess.run(cmd)
+
+
 class ContainerImageScanner():
 
-    def __init__(self, hub, container_image_name, workdir='/tmp/workdir', dockerfile=None, base_image=None, omit_base_layers=False):
+    def __init__(self, hub, container_image_name, proj_name, workdir='/tmp/workdir', dockerfile=None, base_image=None, omit_base_layers=False):
         self.hub = hub
         self.hub_detect = Detector(hub)
         self.docker = DockerWrapper(workdir)
         self.container_image_name = container_image_name
+        self.proj_name = proj_name
         cindex = container_image_name.rfind(':')
         if cindex == -1:
             self.image_name = container_image_name
@@ -184,7 +199,7 @@ def process_container_image(self):
         offset = 0
         for i in self.manifest[0]['Layers']:
             layer = {}
-            layer['name'] = self.image_name + "_layer_" + str(num)
+            layer['name'] = self.proj_name + "_layer_" + str(num)
             layer['path'] = i
             while self.config['history'][num + offset -1].get('empty_layer', False):
                 offset = offset + 1
@@ -195,7 +210,7 @@ def process_container_image(self):
         print (json.dumps(self.layers, indent=4))
 
     def generate_project_structures(self, base_layers=None):
-        main_project_release = self.hub.get_or_create_project_version(self.image_name, self.image_version)
+        main_project_release = self.hub.get_or_create_project_version("Docker_" + self.proj_name, self.image_version)
 
         for layer in self.layers:
             parameters = {}
@@ -219,9 +234,9 @@ def generate_project_structures(self, base_layers=None):
             print ("Number of addon layers {}".format(len(addon))) 
 
             if (len(base) > 0):
-                main_project_release_addon = self.hub.get_or_create_project_version(self.image_name, addon_image_version)
+                main_project_release_addon = self.hub.get_or_create_project_version(self.proj_name, addon_image_version)
                 if not self.omit_base_layers:
-                    main_project_release_base = self.hub.get_or_create_project_version(self.image_name, base_image_version)
+                    main_project_release_base = self.hub.get_or_create_project_version(self.proj_name, base_image_version)
                     for layer in base:
                         parameters = {}
                         parameters['description'] = layer['command']['created_by']
@@ -240,7 +255,7 @@ def generate_project_structures(self, base_layers=None):
                 print("************************************************************")
 
     def generate_single_layer_project_structure(self, layer_number):
-        main_project_release = self.hub.get_or_create_project_version(self.image_name, self.image_version)
+        main_project_release = self.hub.get_or_create_project_version("Docker_" + self.proj_name, self.image_version)
 
         layer = self.layers[layer_number - 1]
         parameters = {}
@@ -268,10 +283,21 @@ def submit_single_layer_scan(self, layer_number):
         options.append('--detect.source.path={}/{}'.format(self.docker.imagedir, layer['path'].split('/')[0]))
         self.hub_detect.detect_run(options)
 
+    def submit_docker_inspector_scan(self):
+        main_project_release = self.hub.get_or_create_project_version("Docker_" + self.proj_name, self.image_version)
+        sub_project_release = self.hub.get_or_create_project_version('DI_{}'.format(self.proj_name), self.image_version)
+        self.hub.add_version_as_component(main_project_release, sub_project_release)
+        options = []
+        options.append('--detect.project.name=DI_{}'.format(self.proj_name))
+        options.append('--detect.project.version.name="{}"'.format(self.image_version))
+        options.append('--detect.code.location.name=DI_{}'.format(self.docker.imagefile))
+        options.append('--detect.docker.tar={}'.format(self.docker.imagefile))
+        self.hub_detect.detect_inspector_run(options)
+
     def cleanup_project_structure(self):
-        release = self.hub.get_or_create_project_version(self.image_name,self.image_version)
-        base_release = self.hub.get_project_version_by_name(self.image_name,self.image_version + "__base_layers")
-        addon_release = self.hub.get_project_version_by_name(self.image_name,self.image_version + "_addon_layers")
+        release = self.hub.get_or_create_project_version(self.proj_name,self.image_version)
+        base_release = self.hub.get_project_version_by_name(self.proj_name,self.image_version + "__base_layers")
+        addon_release = self.hub.get_project_version_by_name(self.proj_name,self.image_version + "_addon_layers")
 
         print("--------")
         print(base_release)
@@ -298,15 +324,15 @@ def cleanup_project_structure(self):
                 print(self.hub.delete_project_version_by_name(sub_name, sub_version_name))
 
         if base_release:
-            print(self.hub.delete_project_version_by_name(self.image_name,self.image_version + "__base_layers"))
+            print(self.hub.delete_project_version_by_name(self.proj_name,self.image_version + "__base_layers"))
         if addon_release:
-            print(self.hub.delete_project_version_by_name(self.image_name,self.image_version + "_addon_layers"))
-        project = self.hub.get_project_by_name(self.image_name)
+            print(self.hub.delete_project_version_by_name(self.proj_name,self.image_version + "_addon_layers"))
+        project = self.hub.get_project_by_name(self.proj_name)
         versions = self.hub.get_project_versions(project)
         if versions['totalCount'] == 1:
-            print(self.hub.delete_project_by_name(self.image_name))
+            print(self.hub.delete_project_by_name(self.proj_name))
         else:
-            print(self.hub.delete_project_version_by_name(self.image_name,self.image_version))
+            print(self.hub.delete_project_version_by_name(self.proj_name,self.image_version))
 
     def get_base_layers(self):
         if (not self.dockerfile)and (not self.base_image):
@@ -344,10 +370,10 @@ def get_base_layers(self):
         return base_layers  
 
 
-def scan_container_image(imagespec, layer_number=0):
+def scan_container_image(imagespec, projname, layer_number=0):
 
     hub = HubInstance()
-    scanner = ContainerImageScanner(hub, imagespec)
+    scanner = ContainerImageScanner(hub, imagespec, projname)
     scanner.prepare_container_image()
     scanner.process_container_image()
     if layer_number == 0:
@@ -356,21 +382,23 @@ def scan_container_image(imagespec, layer_number=0):
     else:
         scanner.generate_single_layer_project_structure(layer_number)
         scanner.submit_single_layer_scan(int(layer_number))
+    scanner.submit_docker_inspector_scan()
 
-def scan_container_image_with_dockerfile(imagespec, dockerfile, base_image, omit_base_layers):
+def scan_container_image_with_dockerfile(imagespec, projname, dockerfile, base_image, omit_base_layers):
     hub = HubInstance()
-    scanner = ContainerImageScanner(hub, imagespec, dockerfile=dockerfile, base_image=base_image, omit_base_layers=omit_base_layers)
+    scanner = ContainerImageScanner(hub, imagespec, projname, dockerfile=dockerfile, base_image=base_image, omit_base_layers=omit_base_layers)
     base_layers = scanner.get_base_layers()
     print (json.dumps(base_layers, indent=2))
     # sys.exit()
     scanner.prepare_container_image()
     scanner.process_container_image()
     scanner.generate_project_structures(base_layers)
     scanner.submit_layer_scans()
+    scanner.submit_docker_inspector_scan()
 
-def clean_container_project(imagespec):
+def clean_container_project(imagespec, projname):
     hub = HubInstance()
-    scanner = ContainerImageScanner(hub, imagespec)
+    scanner = ContainerImageScanner(hub, imagespec, projname)
     scanner.cleanup_project_structure()
 
 
@@ -383,6 +411,7 @@ def main(argv=None):
 
     parser = ArgumentParser()
     parser.add_argument('imagespec', help="Container image tag, e.g.  repository/imagename:version")
+    parser.add_argument('projname', help="Project Name")
     parser.add_argument('--cleanup', default=False, help="Delete project hierarchy only. Do not scan")
     parser.add_argument('--rescan-layer',default=0, type=int, help="Rescan specific layer in case of failure, 0 - scan as usual")
     parser.add_argument('--dockerfile',default=None, type=str, help="Specify dockerfile used to build this container(experimantal), can't use with --base-image")
@@ -405,17 +434,17 @@ def main(argv=None):
         sys.exit(1)
 
     if args.cleanup:
-        clean_container_project(args.imagespec)
+        clean_container_project(args.imagespec, args.projname)
         sys.exit(1)
     if args.dockerfile or args.base_image:
-        clean_container_project(args.imagespec)
-        scan_container_image_with_dockerfile(args.imagespec, args.dockerfile, args.base_image, args.omit_base_layers)
+        clean_container_project(args.imagespec, args.projname)
+        scan_container_image_with_dockerfile(args.imagespec, args.projname, args.dockerfile, args.base_image, args.omit_base_layers)
     else:
         if args.rescan_layer == 0:
-            clean_container_project(args.imagespec)
-            scan_container_image(args.imagespec)
+            clean_container_project(args.imagespec, args.projname)
+            scan_container_image(args.imagespec, args.projname)
         else:
-            scan_container_image(args.imagespec, args.rescan_layer)
+            scan_container_image(args.imagespec, args.rescan_layer, args.projname)
 
 if __name__ == "__main__":
     sys.exit(main())