Merge pull request #276 from kubescape/sup-empty-repo

* send total images count on registry scanning * report status completed on no images to scan
kubescape · Dec 23, 2024 · 2b4bc6e · 2b4bc6e
2 parents 0212693 + e011d21
commit 2b4bc6e
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 15 deletions.
diff --git a/go.mod b/go.mod
@@ -5,9 +5,9 @@ go 1.23.0
 toolchain go1.23.2
 
 require (
-	github.com/armosec/armoapi-go v0.0.496
+	github.com/armosec/armoapi-go v0.0.501
 	github.com/armosec/cluster-notifier-api-go v0.0.5
-	github.com/armosec/registryx v0.0.23
+	github.com/armosec/registryx v0.0.24
 	github.com/armosec/utils-go v0.0.58
 	github.com/armosec/utils-k8s-go v0.0.30
 	github.com/aws/aws-sdk-go v1.55.5

diff --git a/go.sum b/go.sum
@@ -139,14 +139,14 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armosec/armoapi-go v0.0.496 h1:eUBeMaDkGxC2F0ItyH3zfHTevAe6HyOo8+GBCGovStE=
-github.com/armosec/armoapi-go v0.0.496/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY=
+github.com/armosec/armoapi-go v0.0.501 h1:npi5fwtnoPJw9pAeKpn4PDmlP6jYYNrIl6P/EQqty+0=
+github.com/armosec/armoapi-go v0.0.501/go.mod h1:TruqDSAPgfRBXCeM+Cgp6nN4UhJSbe7la+XDKV2pTsY=
 github.com/armosec/cluster-notifier-api-go v0.0.5 h1:UKY58ehKocKgtqzrawyaIHJa5paG9A4srv+4/6n+Ez4=
 github.com/armosec/cluster-notifier-api-go v0.0.5/go.mod h1:p5w9/zWIWwpi8W8mHGQdE6HuBb3AxXmZM9Rp//JWvx0=
 github.com/armosec/gojay v1.2.17 h1:VSkLBQzD1c2V+FMtlGFKqWXNsdNvIKygTKJI9ysY8eM=
 github.com/armosec/gojay v1.2.17/go.mod h1:vuvX3DlY0nbVrJ0qCklSS733AWMoQboq3cFyuQW9ybc=
-github.com/armosec/registryx v0.0.23 h1:yuWyfQGLrxgaexnG8d72gPgcjAkTXkSwiHWoC6w/xcE=
-github.com/armosec/registryx v0.0.23/go.mod h1:Wv/IjsruMf07rGhqTLxb4WDOzirVcoRdcCr+J/8n2pM=
+github.com/armosec/registryx v0.0.24 h1:PXyZp4CRcREKda6d1MyqJj6knSXPvUAZliSqT0KwWPI=
+github.com/armosec/registryx v0.0.24/go.mod h1:Wv/IjsruMf07rGhqTLxb4WDOzirVcoRdcCr+J/8n2pM=
 github.com/armosec/utils-go v0.0.58 h1:g9RnRkxZAmzTfPe2ruMo2OXSYLwVSegQSkSavOfmaIE=
 github.com/armosec/utils-go v0.0.58/go.mod h1:CdqKHKruVJMCxGcZXYW9J+5P9FZou8dMzVpcB0Xt8pk=
 github.com/armosec/utils-k8s-go v0.0.30 h1:Gj8MJck0jZPSLSq8ZMiRPT3F/laOYQdaLxXKKcjijt4=

diff --git a/mainhandler/vulnscan.go b/mainhandler/vulnscan.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strconv"
 	"strings"
 	"time"
 
@@ -63,6 +64,8 @@ func getAPScanURL(config config.IConfig) *url.URL {
 	}
 }
 
+const noImagesToScanError = "no images to scan"
+
 func getVulnScanURL(config config.IConfig) *url.URL {
 	return &url.URL{
 		Scheme: "http",
@@ -184,6 +187,10 @@ func (actionHandler *ActionHandler) scanRegistriesV2AndUpdateStatus(ctx context.
 
 	err = actionHandler.scanRegistriesV2(ctx, sessionObj, imageRegistry)
 	if err != nil {
+		if err.Error() == noImagesToScanError { // nothing to scan
+			actionHandler.exporter.SendRegistryStatus(imageRegistry.GetBase().GUID, apitypes.Completed, "", scanTime)
+			return nil
+		}
 		actionHandler.exporter.SendRegistryStatus(imageRegistry.GetBase().GUID, apitypes.Failed, err.Error(), scanTime)
 		return err
 	}
@@ -205,6 +212,8 @@ func (actionHandler *ActionHandler) scanRegistriesV2(ctx context.Context, sessio
 	images, err := client.GetImagesToScan(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get registry images to scan with err %v", err)
+	} else if len(images) == 0 {
+		return errors.New(noImagesToScanError)
 	}
 
 	registryScanCMDList, err := actionHandler.getRegistryImageScanCommands(sessionObj, client, imageRegistry, images)
@@ -253,7 +262,8 @@ func (actionHandler *ActionHandler) loadRegistryFromSessionObj(sessionObj *utils
 
 func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *utils.SessionObj, client interfaces.RegistryClient, imageRegistry apitypes.ContainerImageRegistry, images map[string]string) ([]*apis.RegistryScanCommand, error) {
 	scanID := uuid.NewString()
-	registryScanCMDList := make([]*apis.RegistryScanCommand, 0, len(images))
+	imagesCount := len(images)
+	registryScanCMDList := make([]*apis.RegistryScanCommand, 0, imagesCount)
 	for image, tag := range images {
 		repository := image
 		parts := strings.SplitN(image, "/", 2)
@@ -266,14 +276,15 @@ func (actionHandler *ActionHandler) getRegistryImageScanCommands(sessionObj *uti
 			ImageTag:    image + ":" + tag,
 			Session:     apis.SessionChain{ActionTitle: "vulnerability-scan", JobIDs: make([]string, 0), Timestamp: sessionObj.Reporter.GetTimestamp()},
 			Args: map[string]interface{}{
-				identifiers.AttributeRegistryName:   imageRegistry.GetDisplayName(),
-				identifiers.AttributeRepository:     repository,
-				identifiers.AttributeTag:            tag,
-				identifiers.AttributeUseHTTP:        false,
-				identifiers.AttributeSkipTLSVerify:  false,
-				identifiers.AttributeSensor:         imageRegistry.GetBase().ClusterName,
-				identifiers.AttributeRegistryID:     imageRegistry.GetBase().GUID,
-				identifiers.AttributeRegistryScanID: scanID,
+				identifiers.AttributeRegistryName:            imageRegistry.GetDisplayName(),
+				identifiers.AttributeRepository:              repository,
+				identifiers.AttributeTag:                     tag,
+				identifiers.AttributeUseHTTP:                 false,
+				identifiers.AttributeSkipTLSVerify:           false,
+				identifiers.AttributeSensor:                  imageRegistry.GetBase().ClusterName,
+				identifiers.AttributeRegistryID:              imageRegistry.GetBase().GUID,
+				identifiers.AttributeRegistryScanID:          scanID,
+				identifiers.AttributeRegistryScanImagesCount: strconv.Itoa(imagesCount),
 			},
 		}
 		auth, err := client.GetDockerAuth()