safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-10 13:43:01 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity

feat: Add support for publishing policy violation

Browse Source
This commit is contained in:
abhisek 2024-10-01 12:00:17 +05:30
parent a9b424dc51
commit fce0410ae3
No known key found for this signature in database
GPG Key ID: CB92A4990C02A88F
3 changed files with 70 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
go.mod
View File

@ -3,8 +3,8 @@ module github.com/safedep/vet
go 1.22.1
require (
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240928092914-054512bde05f.1
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240928092914-054512bde05f.2
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20241001040428-5024b95e2438.1
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20241001040428-5024b95e2438.2
github.com/AlecAivazis/survey/v2 v2.3.7
github.com/CycloneDX/cyclonedx-go v0.9.0
github.com/anchore/syft v1.11.1

12
go.sum
View File

@ -1,13 +1,9 @@
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2 h1:cFrEG/pJch6t62+jqndcPXeTNkYcztS4tBRgNkR+drw=
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2/go.mod h1:ylS4c28ACSI59oJrOdW4pHS4n0Hw4TgSPHn8rpHl4Yw=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1 h1:2ELSEnzC34KBVKPsmdzbFSUdZoCa56K/xb6bQ/QKfd4=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1/go.mod h1:N2s2AvQRTd39jzo6zQL1b7aohwR6HF8J6pyXbBzbkak=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240928092914-054512bde05f.1 h1:D25CwoCuLxqjaHYtlWmRaGXrXWeqPW3+eGWozHKRbFw=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240928092914-054512bde05f.1/go.mod h1:tkD4uIlOlf/6Zt/zeRoWyfmwuV3sJdGvFolWB41YVPs=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2 h1:UZdrFL+T3SUjJy8rX8N3HD4gb18Wp1gcPmIHKbEG3cA=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240928092914-054512bde05f.2 h1:A9H0rP48/ZhngHW/8zJj+l1zRJYakvgEMw2KuwQCBkA=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240928092914-054512bde05f.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20241001040428-5024b95e2438.1 h1:nQMeHCwT5hnmDgzX1oYuaPIz+hV442uWwdsP0TJ4qYc=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20241001040428-5024b95e2438.1/go.mod h1:+aEd+E2o+EacpWkrNgH6Zb1oZRfG+jefNMovX918l9E=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20241001040428-5024b95e2438.2 h1:XO8i9KutEuRIkoPB6wYtIXI3RIWQEmol5CE8Y/WTjaI=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20241001040428-5024b95e2438.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=

64
pkg/reporter/sync.go
View File

@ -11,10 +11,12 @@ import (
"buf.build/gen/go/safedep/api/grpc/go/safedep/services/controltower/v1/controltowerv1grpc"
packagev1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/package/v1"
policyv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/policy/v1"
vulnerabilityv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/vulnerability/v1"
controltowerv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/services/controltower/v1"
drygrpc "github.com/safedep/dry/adapters/grpc"
"github.com/safedep/dry/utils"
"github.com/safedep/vet/gen/checks"
"github.com/safedep/vet/pkg/analyzer"
"github.com/safedep/vet/pkg/common/logger"
"github.com/safedep/vet/pkg/models"
@ -338,6 +340,68 @@ func (s *syncReporter) syncEvent(event *analyzer.AnalyzerEvent) error {
return fmt.Errorf("failed to sync event: invalid event data")
}
manifestSessionKey := pkg.Manifest.Path
session, err := s.sessions.getSession(manifestSessionKey)
if err != nil {
return fmt.Errorf("failed to get session for package: %s/%s/%s: %w",
pkg.Manifest.Ecosystem, pkg.GetName(), pkg.GetVersion(), err)
}
checkType := policyv1.RuleCheck_RULE_CHECK_UNSPECIFIED
switch filter.GetCheckType() {
case checks.CheckType_CheckTypeVulnerability:
checkType = policyv1.RuleCheck_RULE_CHECK_VULNERABILITY
case checks.CheckType_CheckTypeLicense:
checkType = policyv1.RuleCheck_RULE_CHECK_LICENSE
case checks.CheckType_CheckTypeMalware:
checkType = policyv1.RuleCheck_RULE_CHECK_MALWARE
case checks.CheckType_CheckTypeMaintenance:
checkType = policyv1.RuleCheck_RULE_CHECK_MAINTENANCE
case checks.CheckType_CheckTypePopularity:
checkType = policyv1.RuleCheck_RULE_CHECK_POPULARITY
case checks.CheckType_CheckTypeSecurityScorecard:
checkType = policyv1.RuleCheck_RULE_CHECK_PROJECT_SCORECARD
default:
logger.Warnf("unsupported check type: %s", filter.GetCheckType())
}
req := controltowerv1.PublishPolicyViolationRequest{
ToolSession: &controltowerv1.ToolSession{
ToolSessionId: session.sessionId,
},
Manifest: &packagev1.PackageManifest{
Ecosystem: pkg.Manifest.GetControlTowerSpecEcosystem(),
Namespace: &pkg.Manifest.Path,
Name: pkg.Manifest.GetDisplayPath(),
},
PackageVersion: &packagev1.PackageVersion{
Package: &packagev1.Package{
Ecosystem: pkg.Manifest.GetControlTowerSpecEcosystem(),
Name: pkg.Name,
},
Version: pkg.Version,
},
Violation: &policyv1.Violation{
Rule: &policyv1.Rule{
Name: filter.GetName(),
Description: filter.GetSummary(),
Value: filter.GetValue(),
Check: checkType,
},
Evidences: []*policyv1.ViolationEvidence{},
},
}
_, err = session.toolServiceClient.PublishPolicyViolation(context.Background(), &req)
if err != nil {
return fmt.Errorf("failed to publish policy violation: %w", err)
}
return nil
}