Example 1 with ToolScanStatus
use of com.epam.pipeline.entity.pipeline.ToolScanStatus in project cloud-pipeline by epam.
the class ToolScanScheduler method forceScheduleScanTool.
/**
* Schedule a Tool for security scan. Since a Tool's scan is a time costly operation, there's a queue for that.
* A tool is added to that queue and will be processed in order. Once the tool is added to a queue, it's scanStatus
* field is being set to {@link ToolScanStatus}.PENDING
* @param registry a registry path, where tool is located
* @param id Tool's id or image
* @param version Tool's version (Docker tag)
* @param rescan
*/
public Future<ToolVersionScanResult> forceScheduleScanTool(final String registry, final String id, final String version, final Boolean rescan) {
if (!preferenceManager.getPreference(SystemPreferences.DOCKER_SECURITY_TOOL_SCAN_ENABLED)) {
throw new IllegalArgumentException(messageHelper.getMessage(MessageConstants.ERROR_TOOL_SCAN_DISABLED));
}
Tool tool = toolManager.loadTool(registry, id);
Optional<ToolVersionScanResult> toolVersionScanResult = toolManager.loadToolVersionScan(tool.getId(), version);
ToolScanStatus curentStatus = toolVersionScanResult.map(ToolVersionScanResult::getStatus).orElse(ToolScanStatus.NOT_SCANNED);
// The tool is already in the queue
if (curentStatus != ToolScanStatus.PENDING) {
String layerRef = toolVersionScanResult.map(ToolVersionScanResult::getLastLayerRef).orElse(null);
String digest = toolVersionScanResult.map(ToolVersionScanResult::getDigest).orElse(null);
toolManager.updateToolVersionScanStatus(tool.getId(), ToolScanStatus.PENDING, null, version, layerRef, digest);
return forceScanExecutor.submit(new DelegatingSecurityContextCallable<>(() -> {
LOGGER.info(messageHelper.getMessage(MessageConstants.INFO_TOOL_FORCE_SCAN_STARTED, tool.getImage()));
try {
ToolVersionScanResult scanResult = toolScanManager.scanTool(tool, version, rescan);
toolManager.updateToolVulnerabilities(scanResult.getVulnerabilities(), tool.getId(), version);
toolManager.updateToolDependencies(scanResult.getDependencies(), tool.getId(), version);
toolManager.updateToolVersionScanStatus(tool.getId(), ToolScanStatus.COMPLETED, scanResult.getScanDate(), version, scanResult.getLastLayerRef(), scanResult.getDigest());
return scanResult;
} catch (Exception e) {
toolManager.updateToolVersionScanStatus(tool.getId(), ToolScanStatus.FAILED, new Date(), version, null, null);
LOGGER.error(messageHelper.getMessage(MessageConstants.ERROR_TOOL_SCAN_FAILED, tool.getImage()), e);
throw new PipelineException(e);
}
}, SecurityContextHolder.getContext()));
}
return CompletableFuture.completedFuture(new ToolVersionScanResult(ToolScanStatus.PENDING, null, Collections.emptyList(), Collections.emptyList()));
}
Also used :
PipelineException(com.epam.pipeline.exception.PipelineException)
ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult)
ToolScanStatus(com.epam.pipeline.entity.pipeline.ToolScanStatus)
ToolScanExternalServiceException(com.epam.pipeline.exception.ToolScanExternalServiceException)
PipelineException(com.epam.pipeline.exception.PipelineException)
Date(java.util.Date)
Tool(com.epam.pipeline.entity.pipeline.Tool)
Aggregations
Tool (com.epam.pipeline.entity.pipeline.Tool)1
ToolScanStatus (com.epam.pipeline.entity.pipeline.ToolScanStatus)1
ToolVersionScanResult (com.epam.pipeline.entity.scan.ToolVersionScanResult)1
PipelineException (com.epam.pipeline.exception.PipelineException)1
ToolScanExternalServiceException (com.epam.pipeline.exception.ToolScanExternalServiceException)1
Date (java.util.Date)1
