feat(registry-scanner): add gar, gcr and nexus support (#1354)

Co-authored-by: Javi Prieto <[email protected]>
Co-authored-by: Hayk Kocharyan <[email protected]>
Co-authored-by: Álvaro Iradier <[email protected]>

Author: 4 people

charts/registry-scanner/Chart.yaml

@@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
 type: application
 home: https://sysdiglabs.github.io/registry-scanner/
 icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.10
+version: 1.1.11
 appVersion: 0.2.50
 maintainers:
   - name: giuse-sysdig

charts/registry-scanner/README.md

@@ -33,6 +33,7 @@ Follow the instructions in [Install Registry Scanner](https://docs.sysdig.com/en
 - Quay IO
 - IBM ICR
 - Azure ACR
+- Google GAR
 
 Once installed, you can view the scan results in the [Vulnerabilities UI](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/registry/) of Sysdig Secure.
 
@@ -60,7 +61,7 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
 | config.registryApiUrl                            | The API URL of the registry to scan. This is required if your registry type is Artifactory.                                                                                                                                                | <code>""</code>                              |
 | config.registryUser                              | The username for registry authentication.                                                                                                                                                                                                  | <code>""</code>                              |
 | config.registryPassword                          | The password for registry authentication.                                                                                                                                                                                                  | <code>""</code>                              |
-| config.registryType                              | Mandatory.<br/>The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, and dockerv2.                                                                                                                                 | <code>""</code>                              |
+| config.registryType                              | Mandatory.<br/>The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, gar, nexus and dockerv2.                                                                                                                      | <code>""</code>                              |
 | config.registryAccountId                         | The account ID. Applicable only for ICR registry type.                                                                                                                                                                                     | <code>""</code>                              |
 | config.icrIamApi                                 | The ICR IAM API. Applicable only for ICR registry type.                                                                                                                                                                                    | <code>""</code>                              |
 | config.icrIamApiSkipTLS                          | Ignore TLS certificate for IAM API. Applicable only for ICR registry type.                                                                                                                                                                 | <code>false</code>                           |

charts/registry-scanner/README.tpl

@@ -33,6 +33,7 @@ Follow the instructions in [Install Registry Scanner](https://docs.sysdig.com/en
 - Quay IO
 - IBM ICR
 - Azure ACR
+- Google GAR
 
 Once installed, you can view the scan results in the [Vulnerabilities UI](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/registry/) of Sysdig Secure.
 

charts/registry-scanner/ci/test-jfrog-saas-values.yaml.template.disabled

@@ -0,0 +1,13 @@
+config:
+  secureAPIToken: ${SECURE_API_TOKEN}
+  registryType: artifactory
+  registryURL: ${SYSDIG_JFROG_SAAS_QA_URL}
+  registryApiUrl: ${SYSDIG_JFROG_SAAS_QA_API_URL}
+  registryUser: ${SYSDIG_JFROG_SAAS_QA_USER}
+  registryPassword: ${SYSDIG_JFROG_SAAS_QA_TOKEN}
+  filter:
+    include: 'alpine:3.1'
+    exclude: '.*'
+scanOnStart:
+  enabled: true
+  asPostInstallHook: true

charts/registry-scanner/templates/job.yaml

@@ -12,4 +12,4 @@ metadata:
   {{- end }}
 spec:
   {{- include "registry-scanner.jobTemplate" . | indent 2}}
-{{- end}}
+{{- end }}

charts/registry-scanner/templates/secret.yaml

@@ -12,6 +12,12 @@ data:
   aws_access_key_id: {{ .Values.config.aws.accessKeyId | b64enc | quote }}
   aws_secret_access_key: {{ .Values.config.aws.secretAccessKey | b64enc | quote }}
   aws_region: {{ required "A valid .Values.config.aws.region is required" .Values.config.aws.region | b64enc | quote }}
+  {{- else if eq .Values.config.registryType "gar" }}
+  registryUser: {{ "_json_key_base64" | b64enc | quote }}
+  registryPassword: {{ required "A valid .Values.config.registryPassword is required" .Values.config.registryPassword | b64enc | quote }}
+  {{- else if eq .Values.config.registryType "gcr" }}
+  registryUser: {{ "_json_key" | b64enc | quote }}
+  registryPassword: {{ required "A valid .Values.config.registryPassword is required" .Values.config.registryPassword | b64enc | quote }}
   {{- else }}
   registryUser: {{ required "A valid .Values.config.registryUser is required" .Values.config.registryUser | b64enc | quote }}
   registryPassword: {{ required "A valid .Values.config.registryPassword is required" .Values.config.registryPassword | b64enc | quote }}

charts/registry-scanner/values.yaml

@@ -26,7 +26,7 @@ config:
   registryUser: ""
   # The password for registry authentication.
   registryPassword: ""
-  # Mandatory.<br/>The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, and dockerv2.
+  # Mandatory.<br/>The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, gar, nexus and dockerv2.
   registryType: ""
   # The account ID. Applicable only for ICR registry type.
   registryAccountId: ""