api: add support for cveid and basescore (PROJQUAY-6698) (#125)

* api: add support for cveid and basescore (PROJQUAY-6698) * chore: update to go1.20 * api: update CRD schema * chore: fix script permissions * secscan: basescores only 1 decimal point --------- Signed-off-by: Ross Bryan <[email protected]>
quay · Feb 26, 2024 · e0cd732 · e0cd732
1 parent 7e08b0a
commit e0cd732
Show file tree

Hide file tree

Showing 12 changed files with 45 additions and 840 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.17 as builder
+FROM --platform=$BUILDPLATFORM golang:1.20 as builder
 
 ARG TARGETOS TARGETARCH
 WORKDIR /workspace

diff --git a/Dockerfile.codegen b/Dockerfile.codegen
@@ -1,4 +1,4 @@
-FROM golang:1.17
+FROM golang:1.20
 
 RUN go get -u k8s.io/code-generator || true && \
  go get -u k8s.io/kube-openapi || true && \

diff --git a/apis/secscan/v1alpha1/types.go b/apis/secscan/v1alpha1/types.go
@@ -12,6 +12,8 @@ type Feature struct {
  NamespaceName string `json:"namespaceName,omitempty"`
  Version string `json:"version,omitempty"`
  Vulnerabilities []*Vulnerability `json:"vulnerabilities,omitempty"`
+ BaseScores []string `json:"basescores,omitempty"`
+ CVEIds []string `json:"cveids,omitempty"`
 }
 
 type Vulnerability struct {

diff --git a/apis/secscan/v1alpha1/zz_generated.deepcopy.go b/apis/secscan/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/imagemanifestvuln.crd.yaml b/bundle/imagemanifestvuln.crd.yaml
@@ -70,6 +70,14 @@ spec:
  metadata:
  type: string
  minLength: 1
+ basescores:
+ type: array
+ items:
+ type: string
+ cveids:
+ type: array
+ items:
+ type: string
  status:
  type: object
  properties:

diff --git a/bundle/manifests/imagemanifestvulns.secscan.quay.redhat.com.crd.yaml b/bundle/manifests/imagemanifestvulns.secscan.quay.redhat.com.crd.yaml
@@ -79,6 +79,14 @@ spec:
  metadata:
  type: string
  minLength: 1
+ basescores:
+ type: array
+ items:
+ type: string
+ cveids:
+ type: array
+ items:
+ type: string
  status:
  type: object
  properties:

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/quay/container-security-operator
 
-go 1.17
+go 1.20
 
 require (
  github.com/go-kit/kit v0.12.0
@@ -30,7 +30,7 @@ require (
  github.com/gogo/protobuf v1.3.2 // indirect
  github.com/golang/protobuf v1.5.3 // indirect
  github.com/google/gnostic-models v0.6.8 // indirect
- github.com/google/go-cmp v0.5.9 // indirect
+ github.com/google/go-cmp v0.6.0 // indirect
  github.com/google/gofuzz v1.2.0 // indirect
  github.com/google/uuid v1.3.0 // indirect
  github.com/imdario/mergo v0.3.16 // indirect

diff --git a/go.sum b/go.sum
diff --git a/hack/build.sh b/hack/build.sh
diff --git a/hack/deploy.sh b/hack/deploy.sh
diff --git a/hack/teardown.sh b/hack/teardown.sh
diff --git a/secscan/types.go b/secscan/types.go
@@ -4,6 +4,7 @@ package secscan
 
 import (
  "encoding/json"
+ "fmt"
 
  secscanv1alpha1 "github.com/quay/container-security-operator/apis/secscan/v1alpha1"
  "github.com/quay/container-security-operator/image"
@@ -51,18 +52,28 @@ type Feature struct {
  Version string `json:"Version,omitempty"`
  Vulnerabilities []*Vulnerability `json:"Vulnerabilities,omitempty"`
  AddedBy string `json:"AddedBy,omitempty"`
+ BaseScores []float64 `json:"BaseScores,omitempty"`
+ CVEIds []string `json:"CVEIds,omitempty"`
 }
 
 func (f *Feature) ToSecscanFeature() *secscanv1alpha1.Feature {
  vulnerabilities := []*secscanv1alpha1.Vulnerability{}
  for _, v := range f.Vulnerabilities {
  vulnerabilities = append(vulnerabilities, v.ToSecscanVulnerability())
  }
+
+ var baseScores []string
+ for i := range f.BaseScores {
+ baseScores = append(baseScores, fmt.Sprintf("%.1f", f.BaseScores[i]))
+ }
+
  return &secscanv1alpha1.Feature{
  Name: f.Name,
  VersionFormat: f.VersionFormat,
  NamespaceName: f.NamespaceName,
  Version: f.Version,
+ BaseScores: baseScores,
+ CVEIds: f.CVEIds,
  Vulnerabilities: vulnerabilities,
  }
 }