|
| 1 | +# SPDX-License-Identifier: Apache-2.0 |
| 2 | +# |
| 3 | +# http://nexb.com and https://github.com/aboutcode-org/scancode.io |
| 4 | +# The ScanCode.io software is licensed under the Apache License version 2.0. |
| 5 | +# Data generated with ScanCode.io is provided as-is without warranties. |
| 6 | +# ScanCode is a trademark of nexB Inc. |
| 7 | +# |
| 8 | +# You may not use this software except in compliance with the License. |
| 9 | +# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0 |
| 10 | +# Unless required by applicable law or agreed to in writing, software distributed |
| 11 | +# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR |
| 12 | +# CONDITIONS OF ANY KIND, either express or implied. See the License for the |
| 13 | +# specific language governing permissions and limitations under the License. |
| 14 | +# |
| 15 | +# Data Generated with ScanCode.io is provided on an "AS IS" BASIS, WITHOUT WARRANTIES |
| 16 | +# OR CONDITIONS OF ANY KIND, either express or implied. No content created from |
| 17 | +# ScanCode.io should be considered or used as legal advice. Consult an Attorney |
| 18 | +# for any legal advice. |
| 19 | +# |
| 20 | +# ScanCode.io is a free software code scanning tool from nexB Inc. and others. |
| 21 | +# Visit https://github.com/aboutcode-org/scancode.io for support and download. |
| 22 | + |
| 23 | +import sys |
| 24 | + |
| 25 | +from django.core.management.base import BaseCommand |
| 26 | +from django.core.management.base import CommandError |
| 27 | +from django.utils.text import slugify |
| 28 | + |
| 29 | +from scanpipe.management.commands import CreateProjectCommandMixin |
| 30 | +from scanpipe.management.commands import execute_project |
| 31 | +from scanpipe.pipes.kubernetes import get_images_from_kubectl |
| 32 | + |
| 33 | + |
| 34 | +class Command(CreateProjectCommandMixin, BaseCommand): |
| 35 | + help = "Analyze all images of a Kubernetes cluster." |
| 36 | + |
| 37 | + def add_arguments(self, parser): |
| 38 | + super().add_arguments(parser) |
| 39 | + parser.add_argument("name", help="Project name.") |
| 40 | + parser.add_argument( |
| 41 | + "--multi", |
| 42 | + action="store_true", |
| 43 | + help="Create multiple projects instead of a single one.", |
| 44 | + ) |
| 45 | + parser.add_argument( |
| 46 | + "--find-vulnerabilities", |
| 47 | + action="store_true", |
| 48 | + help="Run the find_vulnerabilities pipeline during the analysis.", |
| 49 | + ) |
| 50 | + parser.add_argument( |
| 51 | + "--execute", |
| 52 | + action="store_true", |
| 53 | + help="Execute the pipelines right after the project creation.", |
| 54 | + ) |
| 55 | + parser.add_argument( |
| 56 | + "--dry-run", |
| 57 | + action="store_true", |
| 58 | + help=( |
| 59 | + "Do not create any projects." |
| 60 | + "Print the images and projects that would be created." |
| 61 | + ), |
| 62 | + ) |
| 63 | + # Additional kubectl options |
| 64 | + parser.add_argument( |
| 65 | + "--namespace", |
| 66 | + type=str, |
| 67 | + help="Kubernetes namespace to query (for --kubectl mode).", |
| 68 | + ) |
| 69 | + parser.add_argument( |
| 70 | + "--context", |
| 71 | + type=str, |
| 72 | + help="Kubernetes context to use (for --kubectl mode).", |
| 73 | + ) |
| 74 | + |
| 75 | + def handle(self, *args, **options): |
| 76 | + self.verbosity = options["verbosity"] |
| 77 | + project_name = options["name"] |
| 78 | + pipelines = ["analyze_docker_image"] |
| 79 | + create_multiple_projects = options["multi"] |
| 80 | + execute = options["execute"] |
| 81 | + run_async = options["async"] |
| 82 | + labels = options["labels"] |
| 83 | + notes = options["notes"] |
| 84 | + created_projects = [] |
| 85 | + |
| 86 | + if options["find_vulnerabilities"]: |
| 87 | + pipelines.append("find_vulnerabilities") |
| 88 | + |
| 89 | + images = self.get_images(**options) |
| 90 | + if not images: |
| 91 | + raise CommandError("No images found.") |
| 92 | + |
| 93 | + create_project_options = { |
| 94 | + "pipelines": pipelines, |
| 95 | + "notes": notes, |
| 96 | + "labels": labels, |
| 97 | + } |
| 98 | + |
| 99 | + if create_multiple_projects: |
| 100 | + labels.append(f"k8s-{slugify(project_name)}") |
| 101 | + for reference in images: |
| 102 | + project = self.create_project( |
| 103 | + **create_project_options, |
| 104 | + name=f"{project_name}: {reference}", |
| 105 | + input_urls=[f"docker://{reference}"], |
| 106 | + ) |
| 107 | + created_projects.append(project) |
| 108 | + |
| 109 | + else: |
| 110 | + project = self.create_project( |
| 111 | + **create_project_options, |
| 112 | + name=project_name, |
| 113 | + input_urls=[f"docker://{reference}" for reference in images], |
| 114 | + ) |
| 115 | + created_projects.append(project) |
| 116 | + |
| 117 | + if execute: |
| 118 | + for project in created_projects: |
| 119 | + execute_project(project=project, run_async=run_async, command=self) |
| 120 | + |
| 121 | + def get_images(self, **options): |
| 122 | + namespace = options.get("namespace") |
| 123 | + context = options.get("context") |
| 124 | + dry_run = options.get("dry_run") |
| 125 | + |
| 126 | + if self.verbosity >= 1: |
| 127 | + self.stdout.write( |
| 128 | + "Extracting images from Kubernetes cluster using kubectl..." |
| 129 | + ) |
| 130 | + |
| 131 | + try: |
| 132 | + images = get_images_from_kubectl(namespace=namespace, context=context) |
| 133 | + except Exception as e: |
| 134 | + raise CommandError(e) |
| 135 | + |
| 136 | + if self.verbosity >= 1 or dry_run: |
| 137 | + self.stdout.write( |
| 138 | + self.style.SUCCESS(f"Found {len(images)} images in the cluster:"), |
| 139 | + ) |
| 140 | + self.stdout.write("\n".join(images)) |
| 141 | + |
| 142 | + if dry_run: |
| 143 | + self.stdout.write("Dry run mode, no projects were created.") |
| 144 | + sys.exit(0) |
| 145 | + |
| 146 | + return images |
0 commit comments