From e1affd83759b36fa2bde7ad126f9225755124235 Mon Sep 17 00:00:00 2001 From: Tristan Colgate-McFarlane Date: Mon, 2 Oct 2023 15:26:32 +0100 Subject: [PATCH] fix(vulncheck): enable retry from the cli Signed-off-by: Tristan Colgate-McFarlane --- cmd/reimage/main.go | 6 +++++- grafeas.go | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cmd/reimage/main.go b/cmd/reimage/main.go index ab401ae..9e80a6b 100644 --- a/cmd/reimage/main.go +++ b/cmd/reimage/main.go @@ -52,6 +52,7 @@ type app struct { static *reimage.StaticRemapper GrafeasParent string VulnCheckTimeout time.Duration + VulnCheckMaxRetries int VulnCheckIgnoreList []string VulnCheckMaxCVSS float64 VulnCheckIgnoreImages string @@ -91,7 +92,8 @@ func setup() (*app, error) { flag.StringVar(&a.StaticMappings, "static-json-mappings-file", "", "take all mappings from a mappings file") flag.StringVar(&a.StaticMappingsImg, "static-json-mappings-img", "", "take all mapping from a mappings registry image") - flag.DurationVar(&a.VulnCheckTimeout, "vulncheck-timeout", 5*time.Minute, "how long to wait for vulnerability scanning to complete") + flag.DurationVar(&a.VulnCheckTimeout, "vulncheck-timeout", 10*time.Minute, "how long to wait for vulnerability scanning to complete") + flag.IntVar(&a.VulnCheckMaxRetries, "vulncheck-max-retries", 20, "max number of attempts to check for vulnerabilitie") flag.StringVar(&vulnIgnoreStr, "vulncheck-ignore-cve-list", "", "comma separated list of vulnerabilities to ignore") flag.Float64Var(&a.VulnCheckMaxCVSS, "vulncheck-max-cvss", 0.0, "maximum CVSS vulnerabitility score") flag.StringVar(&a.VulnCheckIgnoreImages, "vulncheck-ignore-images", "", "regexp of images to skip for CVE checks") @@ -369,6 +371,8 @@ func (a *app) checkVulns(ctx context.Context, imgs map[string]reimage.QualifiedI Grafeas: gc, MaxCVSS: float32(a.VulnCheckMaxCVSS), CVEIgnoreList: a.VulnCheckIgnoreList, + RetryMax: a.VulnCheckMaxRetries, + RetryDelay: a.VulnCheckTimeout, Logger: a.log, } diff --git a/grafeas.go b/grafeas.go index 1b699aa..edff4ec 100644 --- a/grafeas.go +++ b/grafeas.go @@ -10,6 +10,7 @@ import ( "encoding/json" "errors" "fmt" + "log/slog" "math" "regexp" "sort" @@ -237,6 +238,11 @@ func (vc *GrafeasVulnChecker) Check(ctx context.Context, dig name.Digest) (*Chec secRetry := math.Pow(2, float64(i)) delay := time.Duration(secRetry) * baseDelay + + if vc.Logger != nil { + vc.Logger.Info("retrying discovery due to error", slog.String("img", img), slog.Duration("delay", delay), slog.String("err", err.Error())) + } + time.Sleep(delay) }