Sh25-K8s report is supported (#27)

* wip * K8s cluster format is supported
fatihtokus · Mar 27, 2024 · c42883a · c42883a
1 parent 22d33f3
commit c42883a
Show file tree

Hide file tree

Showing 10 changed files with 42,808 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -17,16 +17,24 @@ $ trivy plugin install github.com/fatihtokus/scan2html
 
 ## Usage
 ```sh
-$ trivy scan2html config . interactive_result.html
+trivy scan2html fs --scanners vuln,secret,misconfig . interactive_result.html
 ```
 <details>
 <summary>Result</summary>
-  
+
 ![result](result-1.png)
+</details>
+
+```sh
+trivy scan2html trivy k8s cluster interactive_result.html
+```
+<details>
+<summary>Result</summary>
+
 ![result](result-2.png)
-
 </details>
 
+
 ## Help
 ```sh
 $ trivy scan2html -h
@@ -36,9 +44,12 @@ Usage: trivy scan2html [-h,--help] command target filename
 Options:
   -h, --help    Show usage.
 Examples:
-  # Scan  image
+  # Scan an image
   trivy scan2html image alpine:latest interactive_result.html
 
   # Scan a local folder
-  trivy scan2html config . interactive_result.html
+  trivy scan2html fs --scanners vuln,secret,misconfig . interactive_result.html
+
+  # Scan a k8s cluster
+  trivy scan2html trivy k8s cluster interactive_result.html
 ```
diff --git a/plugin.yaml b/plugin.yaml
@@ -1,15 +1,15 @@
 name: "scan2html"
 repository: github.com/fatihtokus/scan2html
-version: "0.2.3"
+version: "0.2.4"
 usage: scan targets into a smart html file
 description: |-
   A Trivy plugin that scans and outputs the results to a html file.
   trivy scan2html [-h,--help] command target filename
 platforms:
   - selector:
       os: windows
-    uri: https://github.com/fatihtokus/scan2html/releases/download/v0.2.3/scan2html.tar.gz
+    uri: https://github.com/fatihtokus/scan2html/releases/download/v0.2.4/scan2html.tar.gz
     bin: ./scan2html.sh
   -
-    uri: https://github.com/fatihtokus/scan2html/releases/download/v0.2.3/scan2html.tar.gz
+    uri: https://github.com/fatihtokus/scan2html/releases/download/v0.2.4/scan2html.tar.gz
     bin: ./scan2html
diff --git a/result-1.png b/result-1.png
diff --git a/result-2.png b/result-2.png
diff --git a/scan2html b/scan2html
@@ -10,11 +10,14 @@ Usage: trivy scan2html [-h,--help] command target filename
 Options:
   -h, --help    Show usage.
 Examples:
-  # Scan `alpine:latest` image
-  trivy scan2html image alpine:latest result.html
+# Scan an image
+  trivy scan2html image alpine:latest interactive_result.html
 
-  # Scan local folder
-  trivy scan2html fs . result.html
+  # Scan a local folder
+  trivy scan2html fs --scanners vuln,secret,misconfig . interactive_result.html
+
+  # Scan a k8s cluster
+  trivy scan2html trivy k8s cluster interactive_result.html
 EOS
   exit
 }
@@ -121,7 +124,7 @@ function scan {
     fi
 
     # Using replace_text function
-   replace_text "$reportName" "{TEMP_DATA:_7}" "$result_json"
+   replace_text "$reportName" "{TEMP_DATA:F7}" "$result_json"
 
   echo "$reportName has been created!"
   trap 'rm -f $tmp_result' EXIT

diff --git a/src/frontend-app/src/types/external/defaultResult.ts b/src/frontend-app/src/types/external/defaultResult.ts
@@ -7,8 +7,12 @@ export type CommonScanResult = {
 
   // K8s scan result
   ClusterName: string;
+  // default
   Vulnerabilities: Holder[];
   Misconfigurations: Holder[];
+  // K8s scan result for cluster
+  // command trivy k8s --format json -o results.json cluster
+  Resources: Holder[];
 };
 
 export type Holder = {

diff --git a/src/frontend-app/src/utils/index.tsx b/src/frontend-app/src/utils/index.tsx
@@ -1,6 +1,6 @@
 
 import { NormalizedResultForDataTable } from "../types";
-import { CommonResult, CommonScanResult } from "../types/external/defaultResult";
+import { CommonResult, Holder } from "../types/external/defaultResult";
 
 export function getVulnerabilities(
   results: any //CommonScanResult
@@ -10,18 +10,23 @@ export function getVulnerabilities(
   }
 
   if (results.Vulnerabilities) {
-     // k8s format
-    return vulnerabilitiesForK8s(results);
+     // k8s default format
+    return vulnerabilitiesForK8s(results.Vulnerabilities);
+  }
+
+  if (results.Resources) {
+     // k8s cluster format
+    return vulnerabilitiesForK8s(results.Resources);
   }
 
   return []; 
 }
 
 export function vulnerabilitiesForK8s(
-    results: CommonScanResult
+    vulnerabilityHolders: Holder[]
   ): NormalizedResultForDataTable[] {
     let formattedResultJson: NormalizedResultForDataTable[] = [];
-    results.Vulnerabilities.forEach((vulnerabilityHolder) => {
+    vulnerabilityHolders.forEach((vulnerabilityHolder) => {
     formattedResultJson = formattedResultJson.concat(mapVulnerabilityResults(vulnerabilityHolder.Results));
   });
 
@@ -66,20 +71,25 @@ export function getMisconfigurations(
       return mapMisconfigurationResults(results.Results);
   }
 
-  if (results.Vulnerabilities) {
-    // k8s format
-   return misconfigurationsForK8s(results);
+  if (results.Misconfigurations) {
+    // k8s default format
+   return misconfigurationsForK8s(results.Misconfigurations);
+  }
+
+  if (results.Resources) {
+     // k8s cluster format
+    return misconfigurationsForK8s(results.Resources);
   }
 
   return [];
 }
 
 function misconfigurationsForK8s(
-  results: CommonScanResult
+  misconfigurationHolders: Holder[]
 ): NormalizedResultForDataTable[] {
 
   let formattedResultJson: NormalizedResultForDataTable[] = [];
-  results.Misconfigurations.forEach((holder) => {
+  misconfigurationHolders.forEach((holder) => {
     formattedResultJson = formattedResultJson.concat(mapMisconfigurationResults(holder.Results));
   });
 

diff --git a/test/data/k8s/commands b/test/data/k8s/commands
@@ -0,0 +1,6 @@
+Supported result formats
+trivy k8s --format json -o results_k8s_cluster.json cluster
+
+
+Upsupported result formats
+trivy k8s --format json -o results_k8s_all.json --report=all all -n default --this returns a summary
diff --git a/test/data/k8s/results_k8s_all.json b/test/data/k8s/results_k8s_all.json
@@ -0,0 +1,92 @@
+{
+  "ClusterName": "minikube",
+  "Resources": [
+    {
+      "Namespace": "default",
+      "Kind": "ServiceAccount",
+      "Name": "default",
+      "Metadata": {
+        "ImageConfig": {
+          "architecture": "",
+          "created": "0001-01-01T00:00:00Z",
+          "os": "",
+          "rootfs": {
+            "type": "",
+            "diff_ids": null
+          },
+          "config": {}
+        }
+      },
+      "Results": [
+        {
+          "Target": "ServiceAccount/default",
+          "Class": "config",
+          "Type": "kubernetes",
+          "MisconfSummary": {
+            "Successes": 102,
+            "Failures": 0,
+            "Exceptions": 0
+          }
+        }
+      ]
+    },
+    {
+      "Namespace": "default",
+      "Kind": "Service",
+      "Name": "kubernetes",
+      "Metadata": {
+        "ImageConfig": {
+          "architecture": "",
+          "created": "0001-01-01T00:00:00Z",
+          "os": "",
+          "rootfs": {
+            "type": "",
+            "diff_ids": null
+          },
+          "config": {}
+        }
+      },
+      "Results": [
+        {
+          "Target": "Service/kubernetes",
+          "Class": "config",
+          "Type": "kubernetes",
+          "MisconfSummary": {
+            "Successes": 103,
+            "Failures": 0,
+            "Exceptions": 0
+          }
+        }
+      ]
+    },
+    {
+      "Namespace": "default",
+      "Kind": "ConfigMap",
+      "Name": "kube-root-ca.crt",
+      "Metadata": {
+        "ImageConfig": {
+          "architecture": "",
+          "created": "0001-01-01T00:00:00Z",
+          "os": "",
+          "rootfs": {
+            "type": "",
+            "diff_ids": null
+          },
+          "config": {}
+        }
+      },
+      "Results": [
+        {
+          "Target": "ConfigMap/kube-root-ca.crt",
+          "Class": "config",
+          "Type": "kubernetes",
+          "MisconfSummary": {
+            "Successes": 104,
+            "Failures": 0,
+            "Exceptions": 0
+          }
+        }
+      ]
+    }
+  ]
+}