Skip to content

Commit

Permalink
poll for asset score updates
Browse files Browse the repository at this point in the history
Signed-off-by: Ivan Milchev <[email protected]>
  • Loading branch information
imilchev committed Mar 13, 2024
1 parent db72822 commit d7a5ba4
Showing 1 changed file with 35 additions and 13 deletions.
48 changes: 35 additions & 13 deletions policy/scan/local_scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -512,24 +512,46 @@ func (s *LocalScanner) RunAssetJob(job *AssetJob) {
return
}

job.Reporter.AddReport(job.Asset, results)

upstream := s.upstreamServices(job.Ctx, job.UpstreamConfig)
// The vuln report is relevant only when we have an aggregate reporter
if vulnReporter, isAggregateReporter := job.Reporter.(VulnReporter); upstream != nil && isAggregateReporter {
// get new gql client
mondooClient, err := gql.NewClient(job.UpstreamConfig, s._upstreamClient.HttpClient)
if err != nil {
return
if upstream != nil {
// If we show the score, we need to fetch it from upstream and update it
if !job.UpstreamConfig.Incognito {
assetScore := results.Report.Scores[job.Asset.Mrn]

// Retry fetching the score a few times, in case it's not updated yet
for i := 0; i < 15; i++ {
score, err := upstream.PolicyResolver.GetScore(job.Ctx, &policy.EntityScoreReq{EntityMrn: job.Asset.Mrn, ScoreMrn: job.Asset.Mrn})
if err != nil {
log.Error().Err(err).Msg("could not get asset score")
}
if score.Score.ValueModifiedTime > assetScore.ValueModifiedTime {
results.Report.Scores[job.Asset.Mrn] = score.Score
results.Report.Score = score.Score
log.Debug().Uint32("old score", assetScore.Value).Uint32("new score", score.Score.Value).Msg("score updated")
break
}
log.Debug().Msg("score not updated yet, waiting 2 seconds")
time.Sleep(2 * time.Second)
}
}

gqlVulnReport, err := mondooClient.GetVulnCompactReport(job.Asset.Mrn)
if err != nil {
log.Error().Err(err).Msg("could not get vulnerability report")
return
// The vuln report is relevant only when we have an aggregate reporter
if vulnReporter, isAggregateReporter := job.Reporter.(VulnReporter); isAggregateReporter {
// get new gql client
mondooClient, err := gql.NewClient(job.UpstreamConfig, s._upstreamClient.HttpClient)
if err != nil {
return
}

gqlVulnReport, err := mondooClient.GetVulnCompactReport(job.Asset.Mrn)
if err != nil {
log.Error().Err(err).Msg("could not get vulnerability report")
return
}
vulnReporter.AddVulnReport(job.Asset, gqlVulnReport)
}
vulnReporter.AddVulnReport(job.Asset, gqlVulnReport)
}
job.Reporter.AddReport(job.Asset, results)

// When the progress bar is disabled there's no feedback when an asset is done scanning. Adding this message
// such that it is visible from the logs.
Expand Down

0 comments on commit d7a5ba4

Please sign in to comment.