cloudoperators · drochow · Oct 9, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024
@@ -86,7 +86,7 @@ func HandleAccount(fqdn string, account models.Account, keppelScanner *scanner.S
 	if err != nil {
 		log.WithFields(log.Fields{
 			"account:": account.Name,
-		}).WithError(err).Error("Error during ProcessRepository")
+		}).WithError(err).Error("Error during listing ProcessRepository")
 		return err
 	}
 
@@ -129,11 +129,34 @@ func HandleRepository(fqdn string, account models.Account, repository models.Rep
 			}).Error("Component not found")
 			return
 		}
+		if manifest.VulnerabilityStatus == "Unsupported" {
+			log.WithFields(log.Fields{
+				"account:":   account.Name,
+				"repository": repository.Name,
+			}).Warn("Manifest has UNSUPPORTED type: " + manifest.MediaType)
+			continue
+		}
+		if manifest.VulnerabilityStatus == "Clean" {
+			log.WithFields(log.Fields{
+				"account:":   account.Name,
+				"repository": repository.Name,
+			}).Info("Manifest has no Vulnerabilities")
+			continue
+		}
 		HandleManifest(account, repository, manifest, component, keppelScanner, keppelProcessor)
 	}
 }
 
 func HandleManifest(account models.Account, repository models.Repository, manifest models.Manifest, component *client.Component, keppelScanner *scanner.Scanner, keppelProcessor *processor.Processor) {
+	childManifests, err := keppelScanner.ListManifestsOfManifest(account.Name, repository.Name, manifest.Digest)
+
+	if err != nil {
+		log.WithFields(log.Fields{
+			"account:":   account.Name,
+			"repository": repository.Name,
+		}).WithError(err).Error("Error during ListManifestsOfManifest")
+	}
+
 	componentVersion, err := keppelProcessor.ProcessManifest(manifest, component.Id)
 	if err != nil {
 		log.WithFields(log.Fields{
@@ -146,20 +169,33 @@ func HandleManifest(account models.Account, repository models.Repository, manife
 				"account:":   account.Name,
 				"repository": repository.Name,
 			}).WithError(err).Error("Error during GetComponentVersion")
+			return
+		}
+		if componentVersion == nil {
+			log.WithFields(log.Fields{
+				"account:":   account.Name,
+				"repository": repository.Name,
+			}).WithError(err).Error("Error during GetComponentVersion")
+			return
 		}
-	}
-	trivyReport, err := keppelScanner.GetTrivyReport(account.Name, repository.Name, manifest.Digest)
-	if err != nil {
-		log.WithFields(log.Fields{
-			"account:":   account.Name,
-			"repository": repository.Name,
-		}).WithError(err).Error("Error during GetTrivyReport")
-		return
 	}
 
-	if trivyReport == nil {
-		return
-	}
+	childManifests = append(childManifests, manifest)
 
-	keppelProcessor.ProcessReport(*trivyReport, componentVersion.Id)
+	for _, m := range childManifests {
+		trivyReport, err := keppelScanner.GetTrivyReport(account.Name, repository.Name, m.Digest)
+		if err != nil {
+			log.WithFields(log.Fields{
+				"account:":   account.Name,
+				"repository": repository.Name,
+			}).WithError(err).Error("Error during GetTrivyReport")
+			return
+		}
+
+		if trivyReport == nil {
+			return
+		}
+
+		keppelProcessor.ProcessReport(*trivyReport, componentVersion.Id)
+	}
 }
@@ -53,6 +53,7 @@ func (p *Processor) ProcessManifest(manifest models.Manifest, componentId string
 	})
 
 	if err != nil {
+		log.WithError(err).Error("Error while creating component")
 		return nil, err
 	}
 

@@ -156,6 +156,28 @@ func (s *Scanner) ListManifests(account string, repository string) ([]models.Man
 	return manifestResponse.Manifests, nil
 }
 
+func (s *Scanner) ListManifestsOfManifest(account string, repository string, manifest string) ([]models.Manifest, error) {
+	url := fmt.Sprintf("%s/v2/%s/%s/manifests/%s", s.KeppelBaseUrl, account, repository, manifest)
+	body, err := s.sendRequest(url, s.AuthToken)
+	if err != nil {
+		log.WithFields(log.Fields{
+			"url": url,
+		}).WithError(err).Error("Error during request in ListManifests")
+		return nil, err
+	}
+
+	var manifestResponse models.ManifestResponse
+	if err = json.Unmarshal(body, &manifestResponse); err != nil {
+		log.WithFields(log.Fields{
+			"url":  url,
+			"body": body,
+		}).WithError(err).Error("Error during unmarshal in ListManifests")
+		return nil, err
+	}
+
+	return manifestResponse.Manifests, nil
+}
+
 func (s *Scanner) GetTrivyReport(account string, repository string, manifest string) (*models.TrivyReport, error) {
 	url := fmt.Sprintf("%s/keppel/v1/accounts/%s/repositories/%s/_manifests/%s/trivy_report", s.KeppelBaseUrl, account, repository, manifest)
 	body, err := s.sendRequest(url, s.AuthToken)
@@ -172,6 +194,14 @@ func (s *Scanner) GetTrivyReport(account string, repository string, manifest str
 
 	var trivyReport models.TrivyReport
 	if err = json.Unmarshal(body, &trivyReport); err != nil {
+		if strings.Contains(string(body), "not") {
+			log.WithFields(log.Fields{
+				"url":  url,
+				"body": body,
+			}).Info("Trivy report not found")
+			return nil, fmt.Errorf("Trivy report not found")
+		}
+
 		log.WithFields(log.Fields{
 			"url":  url,
 			"body": body,
@@ -195,6 +225,7 @@ func (s *Scanner) sendRequest(url string, token string) ([]byte, error) {
 	}
 
 	resp, err := client.Do(req)
+
 	if err != nil {
 		return nil, err
 	}