Merge pull request #6294 from devtron-labs/aws-inspector-prakash-oss

misc: Aws inspector prakash oss

Author: prakash100198

cmd/external-app/wire.go

@@ -80,8 +80,8 @@ import (
 	"github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs"
 	repository2 "github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs/repository"
 	"github.com/devtron-labs/devtron/pkg/pipeline"
-	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning"
-	security2 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
+	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/scanTool"
+	security2 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/scanTool/repository"
 	"github.com/devtron-labs/devtron/pkg/sql"
 	util2 "github.com/devtron-labs/devtron/pkg/util"
 	util3 "github.com/devtron-labs/devtron/util"
@@ -130,6 +130,7 @@ func InitializeApp() (*App, error) {
 		telemetry.NewPosthogClient,
 		delete2.NewDeleteServiceImpl,
 		gitMaterial.GitMaterialWireSet,
+		scanTool.ScanToolWireSet,
 
 		sql.NewTransactionUtilImpl,
 
@@ -221,9 +222,6 @@ func InitializeApp() (*App, error) {
 		kubernetesResourceAuditLogs.Newk8sResourceHistoryServiceImpl,
 		wire.Bind(new(kubernetesResourceAuditLogs.K8sResourceHistoryService), new(*kubernetesResourceAuditLogs.K8sResourceHistoryServiceImpl)),
 
-		imageScanning.NewScanToolMetadataServiceImpl,
-		wire.Bind(new(imageScanning.ScanToolMetadataService), new(*imageScanning.ScanToolMetadataServiceImpl)),
-
 		security2.NewScanToolMetadataRepositoryImpl,
 		wire.Bind(new(security2.ScanToolMetadataRepository), new(*security2.ScanToolMetadataRepositoryImpl)),
 

cmd/external-app/wire_gen.go

@@ -288,8 +288,8 @@ require gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.10 => github.com/devtron-labs/argo-workflows/v3 v3.5.13
-	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250117064214-73c2e66ce2d7
-	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122110043-4d939279c70a
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250124111030-ae27cdeb9349
+	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250124111030-ae27cdeb9349
 	github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
 	github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.5.5
 	k8s.io/api => k8s.io/api v0.29.7

go.mod

@@ -792,10 +792,10 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13 h1:3pINq0gXOSeTw2z/vYe+j80lRpSN5Rp/8mfQORh8SmU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250117064214-73c2e66ce2d7 h1:Z29616pM3W6fcDvFsiX6JTWz2lYvdZdqzIRBfBwnK1U=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250117064214-73c2e66ce2d7/go.mod h1:5lv4Wfj5ERhhvDGXe2IeES6qxjvUVCcohaRwKnWBMNo=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122110043-4d939279c70a h1:kDemKb2wGKXaRjRqWuu7FIGcfeacoW0kH9yzpSDTWN8=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122110043-4d939279c70a/go.mod h1:1QJJLpgJSkb5Jm9xPeKAk+kXb0QgBOOOgJj0cgYhAVA=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250124111030-ae27cdeb9349 h1:AlIhzAP8dd6FRHFV+SaYFBaPN4cbglP7C1yPR7fWgMI=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250124111030-ae27cdeb9349/go.mod h1:5lv4Wfj5ERhhvDGXe2IeES6qxjvUVCcohaRwKnWBMNo=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250124111030-ae27cdeb9349 h1:J8rZroVKZJrVB7uN9QQKCkol7OWp4DKv8RQQdUbWee8=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250124111030-ae27cdeb9349/go.mod h1:1QJJLpgJSkb5Jm9xPeKAk+kXb0QgBOOOgJj0cgYhAVA=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
 github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80 h1:xwbTeijNTf4/j1v+tSfwVqwLVnReas/NqEKeQHvSTys=

go.sum

@@ -25,7 +25,7 @@ import (
 	clientErrors "github.com/devtron-labs/devtron/pkg/errors"
 	moduleRepo "github.com/devtron-labs/devtron/pkg/module/repo"
 	moduleUtil "github.com/devtron-labs/devtron/pkg/module/util"
-	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning"
+	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/scanTool"
 	"github.com/devtron-labs/devtron/pkg/server"
 	serverBean "github.com/devtron-labs/devtron/pkg/server/bean"
 	serverEnvConfig "github.com/devtron-labs/devtron/pkg/server/config"
@@ -61,13 +61,13 @@ type ModuleServiceImpl struct {
 	moduleCronService              ModuleCronService
 	moduleServiceHelper            ModuleServiceHelper
 	moduleResourceStatusRepository moduleRepo.ModuleResourceStatusRepository
-	scanToolMetadataService        imageScanning.ScanToolMetadataService
+	scanToolMetadataService        scanTool.ScanToolMetadataService
 }
 
 func NewModuleServiceImpl(logger *zap.SugaredLogger, serverEnvConfig *serverEnvConfig.ServerEnvConfig, moduleRepository moduleRepo.ModuleRepository,
 	moduleActionAuditLogRepository ModuleActionAuditLogRepository, helmAppService client.HelmAppService, serverDataStore *serverDataStore.ServerDataStore, serverCacheService server.ServerCacheService, moduleCacheService ModuleCacheService, moduleCronService ModuleCronService,
 	moduleServiceHelper ModuleServiceHelper, moduleResourceStatusRepository moduleRepo.ModuleResourceStatusRepository,
-	scanToolMetadataService imageScanning.ScanToolMetadataService) *ModuleServiceImpl {
+	scanToolMetadataService scanTool.ScanToolMetadataService) *ModuleServiceImpl {
 	return &ModuleServiceImpl{
 		logger:                         logger,
 		serverEnvConfig:                serverEnvConfig,

pkg/module/ModuleService.go

@@ -824,14 +824,32 @@ func (impl *CiServiceImpl) buildWfRequestForCiPipeline(pipeline *pipelineConfig.
 		ImageScanRetryDelay:         impl.config.ImageScanRetryDelay,
 		UseDockerApiToGetDigest:     impl.config.UseDockerApiToGetDigest,
 	}
-	if pipeline.App.AppType == helper.Job {
-		workflowRequest.AppName = pipeline.App.DisplayName
-	}
+	workflowRequest.SetAwsInspectorConfig("")
 	//in oss, there is no pipeline level workflow cache config, so we pass inherit to get the app level config
 	workflowCacheConfig := impl.ciCdPipelineOrchestrator.GetWorkflowCacheConfig(pipeline.App.AppType, trigger.PipelineType, common.WorkflowCacheConfigInherit)
 	workflowRequest.IgnoreDockerCachePush = !workflowCacheConfig.Value
 	workflowRequest.IgnoreDockerCachePull = !workflowCacheConfig.Value
 	impl.Logger.Debugw("Ignore Cache values", "IgnoreDockerCachePush", workflowRequest.IgnoreDockerCachePush, "IgnoreDockerCachePull", workflowRequest.IgnoreDockerCachePull)
+	if pipeline.App.AppType == helper.Job {
+		workflowRequest.AppName = pipeline.App.DisplayName
+	}
+	if pipeline.ScanEnabled {
+		scanToolMetadata, scanVia, err := impl.fetchImageScanExecutionMedium()
+		if err != nil {
+			impl.Logger.Errorw("error occurred getting scanned via", "err", err)
+			return nil, err
+		}
+		workflowRequest.SetExecuteImageScanningVia(scanVia)
+		if scanVia.IsScanMediumExternal() {
+			imageScanExecutionSteps, refPlugins, err := impl.fetchImageScanExecutionStepsForWfRequest(scanToolMetadata)
+			if err != nil {
+				impl.Logger.Errorw("error occurred, fetchImageScanExecutionStepsForWfRequest", "scanToolMetadata", scanToolMetadata, "err", err)
+				return nil, err
+			}
+			workflowRequest.SetImageScanningSteps(imageScanExecutionSteps)
+			workflowRequest.RefPlugins = append(workflowRequest.RefPlugins, refPlugins...)
+		}
+	}
 
 	if dockerRegistry != nil {
 		workflowRequest.DockerRegistryId = dockerRegistry.Id

pkg/pipeline/CiService.go

@@ -0,0 +1,16 @@
+package pipeline
+
+import (
+	"github.com/devtron-labs/common-lib/imageScan/bean"
+	bean2 "github.com/devtron-labs/devtron/pkg/pipeline/bean"
+	"github.com/devtron-labs/devtron/pkg/pipeline/types"
+	"github.com/devtron-labs/devtron/pkg/policyGovernance/security/scanTool/repository"
+)
+
+func (impl *CiServiceImpl) fetchImageScanExecutionMedium() (*repository.ScanToolMetadata, bean.ScanExecutionMedium, error) {
+	return &repository.ScanToolMetadata{}, "", nil
+}
+
+func (impl *CiServiceImpl) fetchImageScanExecutionStepsForWfRequest(scanToolMetadata *repository.ScanToolMetadata) ([]*types.ImageScanningSteps, []*bean2.RefPluginObject, error) {
+	return nil, nil, nil
+}

pkg/pipeline/CiService_ent.go

@@ -0,0 +1,35 @@
+package types
+
+import (
+	bean2 "github.com/devtron-labs/common-lib/imageScan/bean"
+	"github.com/devtron-labs/devtron/pkg/pipeline/bean"
+)
+
+type ImageScanningSteps struct {
+	Steps      []*bean.StepObject `json:"steps"`
+	ScanToolId int                `json:"scanToolId"`
+}
+
+func NewImageScanningStepsDto() *ImageScanningSteps {
+	return &ImageScanningSteps{}
+}
+
+func (r *ImageScanningSteps) WithSteps(steps []*bean.StepObject) *ImageScanningSteps {
+	return r
+}
+
+func (r *ImageScanningSteps) WithScanToolId(scanToolId int) *ImageScanningSteps {
+	return r
+}
+
+func (workflowRequest *WorkflowRequest) SetExecuteImageScanningVia(scanVia bean2.ScanExecutionMedium) {
+	return
+}
+
+func (workflowRequest *WorkflowRequest) SetImageScanningSteps(imageScanningSteps []*ImageScanningSteps) {
+	return
+}
+
+func (workflowRequest *WorkflowRequest) SetAwsInspectorConfig(awsInspectorConfig string) {
+	return
+}

pkg/pipeline/types/Workflow_ent.go

@@ -74,6 +74,7 @@ type GlobalPluginService interface {
 	PatchPlugin(pluginDto *bean2.PluginMetadataDto, userId int32) (*bean2.PluginMetadataDto, error)
 	GetDetailedPluginInfoByPluginId(pluginId int) (*bean2.PluginMetadataDto, error)
 	GetAllDetailedPluginInfo() ([]*bean2.PluginMetadataDto, error)
+	GetNewPluginStepsDtoByRefPluginIdentifier(identifier string) (*bean2.PluginStepsDto, error)
 
 	CreatePluginOrVersions(pluginDto *bean2.PluginParentMetadataDto, userId int32) (int, error)
 	ListAllPluginsV2(filter *bean2.PluginsListFilter) (*bean2.PluginsDto, error)
@@ -2134,7 +2135,7 @@ func (impl *GlobalPluginServiceImpl) createNewPlugin(tx *pg.Tx, pluginDto *bean2
 
 	pluginStageMapping := &repository.PluginStageMapping{
 		PluginId:  pluginParentMetadata.Id,
-		StageType: repository.CI_CD,
+		StageType: pluginDto.GetPluginStageType(),
 		AuditLog:  sql.NewDefaultAuditLog(userId),
 	}
 	_, err = impl.globalPluginRepository.SavePluginStageMapping(pluginStageMapping, tx)
@@ -2329,3 +2330,13 @@ func validatePluginVariable(variable *bean2.PluginVariableDto) error {
 	}
 	return nil
 }
+
+func (impl *GlobalPluginServiceImpl) GetNewPluginStepsDtoByRefPluginIdentifier(identifier string) (*bean2.PluginStepsDto, error) {
+	pluginMetadata, err := impl.globalPluginRepository.GetPluginMetadataByPluginIdentifier(identifier)
+	if err != nil {
+		impl.logger.Errorw("error in getting plugin steps by plugin identifier", "identifier", identifier, "err", err)
+		return nil, err
+	}
+	pluginStepDto := adaptor.GetNewPluginStepDtoFromRefPluginMetadata(pluginMetadata)
+	return pluginStepDto, nil
+}