Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exit code handling #165

Merged
merged 12 commits into from
Oct 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 0 additions & 67 deletions .github/workflows/codeql-analysis.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/go-quality.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
name: Setup Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
-
name: Install Dependencies
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
go-version: '1.21'
check-latest: true
- run: go version
-
Expand Down
10 changes: 4 additions & 6 deletions .hookz.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
version: 2.4.0
sources:
- source: github.com/anchore/syft/cmd/syft@latest
- source: github.com/devops-kung-fu/hinge@latest
- source: github.com/kisielk/errcheck@latest
- source: honnef.co/go/tools/cmd/staticcheck@latest
- source: github.com/fzipp/gocyclo/cmd/gocyclo@latest
- source: golang.org/x/vuln/cmd/govulncheck@latest
hooks:
- type: pre-commit
actions:
Expand All @@ -26,6 +26,9 @@
- name: "errcheck: Ensure that errors are checked"
exec: errcheck
args: ["-ignoretests", "./..."]
- name: "govulncheck: Check for vulnerabilities"
exec: govulncheck
args: ["./..."]
- name: "gocyclo: Check cyclomatic complexities"
exec: gocyclo
args: ["-over", "13", "."]
Expand All @@ -41,11 +44,6 @@
- name: "go: Test coverage"
exec: go
args: ["tool", "cover", "-func=coverage.out"]
# - name: "syft: Generate a Software Bill of Materials (SBoM)"
# script: "
# #!/bin/bash \n
# syft . -o cyclonedx-json=sbom/bomber.cyclonedx.json &> /dev/null \n
# "
- name: "git: Add all changed files during the pre-commit stage"
exec: git
args: ["add", "."]
4 changes: 2 additions & 2 deletions .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@
"args": ["--provider=ossindex", "--debug=true", "scan", "./_TESTDATA_/sbom"]
},
{
"name": "Debug File (OSS Index - juiceshop)",
"name": "Debug File (OSS Index - juiceshop, fail = moderate)",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}/main.go",
"args": ["--debug=true", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
"args": ["--debug=true", "--fail=critical", "--provider=ossindex", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"]
},
{
"name": "Debug File (OSV- cargo-valid)",
Expand Down
23 changes: 21 additions & 2 deletions cmd/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ var (
renderer models.Renderer
provider models.Provider
ignoreFile string
failSeverity string

// summary, detailed bool
scanCmd = &cobra.Command{
Expand Down Expand Up @@ -99,6 +100,20 @@ var (
}
}

//Get rid of the packages that have a vulnerability lower than its fail severity
if failSeverity != "" {
for i, p := range response {
vulns := []models.Vulnerability{}
for _, v := range p.Vulnerabilities {
fs := int(lib.ParseFailSeverity(failSeverity))
vs := lib.ParseSeverity(v.Severity)
if vs >= fs {
vulns = append(vulns, v)
}
}
response[i].Vulnerabilities = vulns
}
}
for i, p := range response {
enrichedVulnerabilities, _ := enrichment.Enrich(p.Vulnerabilities)
response[i].Vulnerabilities = enrichedVulnerabilities
Expand All @@ -118,8 +133,7 @@ var (
}
vulnCount := 0
for _, r := range response {
vulns := len(r.Vulnerabilities)
vulnCount += vulns
vulnCount += len(r.Vulnerabilities)
for _, v := range r.Vulnerabilities {
lib.AdjustSummary(v.Severity, &severitySummary)
}
Expand All @@ -128,6 +142,10 @@ var (
if err = renderer.Render(results); err != nil {
log.Println(err)
}
if failSeverity != "" {
log.Printf("fail severity: %x\n", int(lib.ParseFailSeverity(failSeverity)))
os.Exit(int(lib.ParseFailSeverity(failSeverity)))
}

} else {
util.PrintInfo("No packages were detected. Nothing has been scanned.")
Expand All @@ -143,4 +161,5 @@ func init() {
scanCmd.PersistentFlags().StringVar(&credentials.Token, "token", "", "the API token for the provider being used.")
scanCmd.PersistentFlags().StringVar(&providerName, "provider", "osv", "the vulnerability provider (ossindex, osv).")
scanCmd.PersistentFlags().StringVar(&ignoreFile, "ignore-file", "", "an optional file containing CVEs to ignore when rendering output.")
scanCmd.PersistentFlags().StringVar(&failSeverity, "fail", "undefined", "anything above this severity will be returned with non-zero error code.")
}
36 changes: 19 additions & 17 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,48 +1,50 @@
module github.com/devops-kung-fu/bomber

go 1.20
go 1.21

toolchain go1.21.3

require (
github.com/CycloneDX/cyclonedx-go v0.7.1
github.com/CycloneDX/cyclonedx-go v0.7.2
github.com/briandowns/spinner v1.23.0
github.com/devops-kung-fu/common v0.2.5
github.com/gookit/color v1.5.3
github.com/devops-kung-fu/common v0.2.6
github.com/gookit/color v1.5.4
github.com/jarcoal/httpmock v1.3.0
github.com/jedib0t/go-pretty/v6 v6.4.6
github.com/jedib0t/go-pretty/v6 v6.4.8
github.com/kirinlabs/HttpRequest v1.1.1
github.com/microcosm-cc/bluemonday v1.0.23
github.com/package-url/packageurl-go v0.1.0
github.com/microcosm-cc/bluemonday v1.0.26
github.com/package-url/packageurl-go v0.1.2
github.com/remeh/sizedwaitgroup v1.0.0
github.com/spf13/afero v1.9.5
github.com/spf13/afero v1.10.0
github.com/spf13/cobra v1.7.0
github.com/stretchr/testify v1.8.2
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
github.com/stretchr/testify v1.8.4
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
)

require (
github.com/kr/pretty v0.3.0 // indirect
github.com/rogpeppe/go-internal v1.8.0 // indirect
golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect
golang.org/x/term v0.7.0 // indirect
golang.org/x/term v0.13.0 // indirect
)

require (
github.com/aymerick/douceur v0.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/fatih/color v1.15.0 // indirect
github.com/gomarkdown/markdown v0.0.0-20230322041520-c84983bdbf2a
github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386
github.com/gorilla/css v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.18 // indirect
github.com/mattn/go-runewidth v0.0.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
golang.org/x/net v0.9.0 // indirect
golang.org/x/sys v0.7.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading