catalog icon indicating copy to clipboard operation
catalog copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

adding tekton task for anchore engine vulnerability scanner cli

Open arunvel1988 opened this issue 1 year ago • 12 comments

Changes

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you review them:

  • [x] Follows the authoring recommendations
  • [x] Includes docs (if user facing)
  • [x] Includes tests (for new tasks or changed functionality)
  • [x] Meets the Tekton contributor standards (including functionality, content, code)
  • [x] Commit messages follow commit message best practices
  • [x] Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • [x] Complies with Catalog Organization TEP, see example. Note An issue has been filed to automate this validation

    • [x] File path follows <kind>/<name>/<version>/name.yaml

    • [x] Has README.md at <kind>/<name>/<version>/README.md

    • [x] Has mandatory metadata.labels - app.kubernetes.io/version the same as the <version> of the resource

    • [x] Has mandatory metadata.annotations tekton.dev/pipelines.minVersion

    • [x] mandatory spec.description follows the convention

        ```

  spec:
    description: >-
      one line summary of the resource

      Paragraph(s) to describe the resource.
  ```

See the contribution guide for more details.

arunvel1988 avatar Jan 09 '24 06:01 arunvel1988

Hi @arunvel1988. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tekton-robot avatar Jan 09 '24 06:01 tekton-robot

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation
FILE: task/anchore-cli/0.1/secret.yaml
Catlin script lint Output 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In anchore-cli-anchore-cli line 2:
export ANCHORE_CLI_URL=$(params.ANCHORE_CLI_URL)
       ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                       ^-----------------------^ SC2046 (warning): Quote this to prevent word splitting.


In anchore-cli-anchore-cli line 3:
anchore-cli image add $(params.IMAGE_NAME) > /dev/null 2>&1
                      ^------------------^ SC2046 (warning): Quote this to prevent word splitting.


In anchore-cli-anchore-cli line 4:
anchore-cli image vuln $(params.IMAGE_NAME) > /dev/null 2>&1
                       ^------------------^ SC2046 (warning): Quote this to prevent word splitting.


In anchore-cli-anchore-cli line 5:
status=`anchore-cli evaluate check $(params.IMAGE_NAME)`
       ^-- SC2006 (style): Use $(...) notation instead of legacy backticks `...`.
                                   ^------------------^ SC2046 (warning): Quote this to prevent word splitting.

Did you mean: 
status=$(anchore-cli evaluate check $(params.IMAGE_NAME))


In anchore-cli-anchore-cli line 6:
if echo $status | grep  -q 'fail'; then
        ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
if echo "$status" | grep  -q 'fail'; then

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2155 -- Declare and assign separately to ...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

tekton-robot avatar Jan 09 '24 06:01 tekton-robot

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please ask for approval from vinamra28 after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

tekton-robot avatar Jan 09 '24 06:01 tekton-robot

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation
FILE: task/anchore-cli/0.1/secret.yaml

tekton-robot avatar Jan 09 '24 06:01 tekton-robot

@vinamra28 why is my pr not reviewed ? any issues? kindly help as its first time

arunvel1988 avatar Jan 11 '24 04:01 arunvel1988

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation

tekton-robot avatar Jan 11 '24 06:01 tekton-robot

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation

tekton-robot avatar Jan 11 '24 06:01 tekton-robot

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation

tekton-robot avatar Jan 11 '24 07:01 tekton-robot

@vinamra28 have made all changes

arunvel1988 avatar Jan 11 '24 09:01 arunvel1988

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation
FILE: task/terrascan-cli/0.1/terrascan-cli.yaml
ERROR: Resource path is invalid; expected path: task/terrascan-install/terrascan-install.yaml
ERROR: Task: tekton.dev/v1beta1 - name: "terrascan-install" must have a label "app.kubernetes.io/version" to indicate version
ERROR: Task: tekton.dev/v1beta1 - name: "terrascan-install" is missing a mandatory annotation for minimum pipeline version("tekton.dev/pipelines.minVersion")
ERROR: Task: tekton.dev/v1beta1 - name: "terrascan-install" is missing a mandatory annotation for category("tekton.dev/categories")
ERROR: Category not defined
You can choose from the categories present at location: https://raw.githubusercontent.com/tektoncd/hub/main/config.yaml"
HINT : Task: tekton.dev/v1beta1 - name: "terrascan-install" is missing a readable display name annotation("tekton.dev/displayName")
HINT : Task: tekton.dev/v1beta1 - name: "terrascan-install" is easily discoverable if it has annotation for tag "tekton.dev/tags"
HINT : Task: tekton.dev/v1beta1 - name: "terrascan-install" is more usable if it has "tekton.dev/platforms" annotation about platforms to run
WARN : Step "install-terrascan" uses image "alpine:latest"; consider using a fully qualified name - e.g. docker.io/library/ubuntu:1.0
ERROR: Step "install-terrascan" uses image "alpine:latest" which must be tagged with a specific version
WARN : Step "verify-terrascan-installation" uses image "alpine:latest"; consider using a fully qualified name - e.g. docker.io/library/ubuntu:1.0
ERROR: Step "verify-terrascan-installation" uses image "alpine:latest" which must be tagged with a specific version

tekton-robot avatar Jan 11 '24 12:01 tekton-robot

Catlin Output 
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation

tekton-robot avatar Jan 11 '24 12:01 tekton-robot

@vinamra28 made changes as mentioned

arunvel1988 avatar Jan 13 '24 07:01 arunvel1988

New changes are detected. LGTM label has been removed.

tekton-robot avatar May 13 '24 05:05 tekton-robot

Catlin Output 
FILE: task/42crunch-api-security-audit/0.2/42crunch-api-security-audit.yaml
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation
FILE: task/ansible-builder/0.1/ansible-builder.yaml
WARN : Step "ansible-builder-create" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/ansible-runner/0.2/ansible-runner.yaml
WARN : Step "requirements" uses image "$(params.image)" that contains variables; skipping validation
WARN : Step "run-playbook" uses image "$(params.image)" that contains variables; skipping validation
FILE: task/buildah/0.7/buildah.yaml
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/dockerslim-build/0.1/dockerslim-build.yaml
WARN : Step "docker-build" uses image "$(params.builder_image)" that contains variables; skipping validation
WARN : Step "docker-push" uses image "$(params.push_image)" that contains variables; skipping validation
FILE: task/golang-fuzz/0.1/golang-fuzz.yaml
WARN : Step "fuzz" uses image "docker.io/library/golang:$(params.version)" that contains variables; skipping validation
FILE: task/hugo/0.1/hugo.yaml
Catlin script lint Output 
WARN : step: redhat-dependency-analytics is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In redhat-dependency-analytics-redhat-dependency-analytics line 6:
    jq -n {} | jq --arg exit_code "1" '. + {exit_code: $exit_code}' > $OUTPUT_FILE_PATH
                                                                      ^---------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    jq -n {} | jq --arg exit_code "1" '. + {exit_code: $exit_code}' > "$OUTPUT_FILE_PATH"


In redhat-dependency-analytics-redhat-dependency-analytics line 10:
    printf "\n[ERROR] Failed to install dependencies from requirements.txt.\n$error_message"
           ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In redhat-dependency-analytics-redhat-dependency-analytics line 26:
  cp $MANIFEST_FILE_PATH /shared/requirements.txt
     ^-----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  cp "$MANIFEST_FILE_PATH" /shared/requirements.txt


In redhat-dependency-analytics-redhat-dependency-analytics line 44:
    ((elapsed_time++))
    ^----------------^ SC3006 (warning): In POSIX sh, standalone ((..)) is undefined.
                  ^-- SC3018 (warning): In POSIX sh, ++ is undefined.


In redhat-dependency-analytics-redhat-dependency-analytics line 47:
  export EXHORT_PIP_FREEZE=$(cat /shared/pip_freeze.txt | base64 -w 0)
         ^---------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                           ^-- SC2046 (warning): Quote this to prevent word splitting.
                                 ^--------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In redhat-dependency-analytics-redhat-dependency-analytics line 48:
  export EXHORT_PIP_SHOW=$(cat /shared/pip_show.txt | base64 -w 0)
         ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                         ^-- SC2046 (warning): Quote this to prevent word splitting.
                               ^------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In redhat-dependency-analytics-redhat-dependency-analytics line 53:
export EXHORT_GO_MVS_LOGIC_ENABLED=$(echo "$(params.use-go-mvs-logic)")
       ^-------------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                   ^-- SC2046 (warning): Quote this to prevent word splitting.
                                          ^--------------------------^ SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2155 -- Declare and assign separately to ...
  https://www.shellcheck.net/wiki/SC3006 -- In POSIX sh, standalone ((..)) is...

tekton-robot avatar May 13 '24 05:05 tekton-robot

@arunvel1988, can you please refer the following link in order to squash the commits?

vinamra28 avatar May 13 '24 05:05 vinamra28

apologies @arunvel1988 for getting late on this, can you please squash the commits and then we can merge this PR? /lgtm

sure will check

arunvel1988 avatar May 13 '24 05:05 arunvel1988

@arunvel1988, can you please refer the following link in order to squash the commits?

yes will check

arunvel1988 avatar May 13 '24 05:05 arunvel1988

@arunvel1988, can you please refer the following link in order to squash the commits?

yes will check

@vinamra28 I think its done. can u check please ...

arunvel1988 avatar May 13 '24 06:05 arunvel1988

no @arunvel1988, I still can see 8 commits 😅

vinamra28 avatar May 13 '24 08:05 vinamra28

Catlin Output 
FILE: task/42crunch-api-security-audit/0.2/42crunch-api-security-audit.yaml
FILE: task/anchore-cli/0.1/anchore-cli.yaml
WARN : Step "anchore-cli" uses image "$(params.ANCHORE_CLI_IMAGE)" that contains variables; skipping validation
FILE: task/ansible-builder/0.1/ansible-builder.yaml
WARN : Step "ansible-builder-create" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/ansible-runner/0.2/ansible-runner.yaml
WARN : Step "requirements" uses image "$(params.image)" that contains variables; skipping validation
WARN : Step "run-playbook" uses image "$(params.image)" that contains variables; skipping validation
FILE: task/dockerslim-build/0.1/dockerslim-build.yaml
WARN : Step "docker-build" uses image "$(params.builder_image)" that contains variables; skipping validation
WARN : Step "docker-push" uses image "$(params.push_image)" that contains variables; skipping validation
FILE: task/golang-fuzz/0.1/golang-fuzz.yaml
WARN : Step "fuzz" uses image "docker.io/library/golang:$(params.version)" that contains variables; skipping validation
FILE: task/hugo/0.1/hugo.yaml
Catlin script lint Output 
WARN : step: redhat-dependency-analytics is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In redhat-dependency-analytics-redhat-dependency-analytics line 6:
    jq -n {} | jq --arg exit_code "1" '. + {exit_code: $exit_code}' > $OUTPUT_FILE_PATH
                                                                      ^---------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    jq -n {} | jq --arg exit_code "1" '. + {exit_code: $exit_code}' > "$OUTPUT_FILE_PATH"


In redhat-dependency-analytics-redhat-dependency-analytics line 10:
    printf "\n[ERROR] Failed to install dependencies from requirements.txt.\n$error_message"
           ^-- SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".


In redhat-dependency-analytics-redhat-dependency-analytics line 26:
  cp $MANIFEST_FILE_PATH /shared/requirements.txt
     ^-----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  cp "$MANIFEST_FILE_PATH" /shared/requirements.txt


In redhat-dependency-analytics-redhat-dependency-analytics line 44:
    ((elapsed_time++))
    ^----------------^ SC3006 (warning): In POSIX sh, standalone ((..)) is undefined.
                  ^-- SC3018 (warning): In POSIX sh, ++ is undefined.


In redhat-dependency-analytics-redhat-dependency-analytics line 47:
  export EXHORT_PIP_FREEZE=$(cat /shared/pip_freeze.txt | base64 -w 0)
         ^---------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                           ^-- SC2046 (warning): Quote this to prevent word splitting.
                                 ^--------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In redhat-dependency-analytics-redhat-dependency-analytics line 48:
  export EXHORT_PIP_SHOW=$(cat /shared/pip_show.txt | base64 -w 0)
         ^-------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                         ^-- SC2046 (warning): Quote this to prevent word splitting.
                               ^------------------^ SC2002 (style): Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.


In redhat-dependency-analytics-redhat-dependency-analytics line 53:
export EXHORT_GO_MVS_LOGIC_ENABLED=$(echo "$(params.use-go-mvs-logic)")
       ^-------------------------^ SC2155 (warning): Declare and assign separately to avoid masking return values.
                                   ^-- SC2046 (warning): Quote this to prevent word splitting.
                                          ^--------------------------^ SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2155 -- Declare and assign separately to ...
  https://www.shellcheck.net/wiki/SC3006 -- In POSIX sh, standalone ((..)) is...

tekton-robot avatar May 13 '24 10:05 tekton-robot