Comments (2)
@afiunelw one thing I think we think through the behavior of the lacework vulnerability scan
capability. There are a few apis we need to account for...
image_id scan
This type of scan would take an image_id
as an argument and return a result
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/imageId/sha256:1ee...1d3b" -H "Authorization: Bearer YourAPIToken"
you can also filter the results by severity...
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/imageId/sha256:1ee...1d3b?severity=medium" -H "Authorization: Bearer YourAPIToken"
image_digest scan
USAGE EXAMPLES
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/imageDigest/sha256:5ee...c5b" -H "Authorization: Bearer YourAPIToken"
Where sha256:5ee...c5b is the Digest Id (sha256 hash) that Docker generated for the manifest of this image.
Optionally filter by severity.
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/imageDigest/sha256:5ee...c5b"?severity=medium" -H "Authorization: Bearer YourAPIToken"
Where sha256:5ee...c5b is the Digest Id (sha256 hash) that Docker generated for the manifest of this image.
Optionally filter by a date range.
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/imageDigest/sha256:5ee...c5b"?StartTime=2020-01-14T01:01:00Z?EndTime=2020-01-15T22:01:00Z" -H "Authorization: Bearer YourAPIToken"
Where sha256:5ee...c5b is the Digest Id (sha256 hash) that Docker generated for the manifest of this image.
On demand scan of the repository
This one seems to kick off a scan of the repository, but what if you have a number of repos. Which one are you scanning??
curl -X POST -H 'Content-Type: application/json' -d '{ "registry":"index.docker.io", "repository":"yourDockerOrg/yourRepository", "tag":"yourTag" }' "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/repository/images/scan" -H "Authorization: Bearer YourAPIToken"
Get status of scan jobs
USAGE EXAMPLES
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/reqId/498...1f0" -H "Authorization: Bearer YourAPIToken"
Where 498...1f0 is the request id returned from the POST /api/v1/external/repository/images/scan operation.
Optionally filter by severity.
curl "https://YourLacework.lacework.net/api/v1/external/vulnerabilities/container/reqId/498...1f0?severity=medium" -H "Authorization: Bearer YourAPIToken"
Where 498...1f0 is the request id returned from the POST /api/v1/external/repository/images/scan operation.
from go-sdk.
Thank you, Scott! Great feedback.
To elaborate a little bit more the thinking I did inside the description of this card, in
my opinion, there are three main functionalities we want to provide to the end-user:
- Get information about the last scan of a container image: Pretty straight forward, a command that can get the information about the last scan, these scans happen in the platform periodically, but if we want to integrate this functionality into pipelines and workflows, we need to have a way to trigger scans on demand.
- Request an on-demand vulnerability scan: This command will trigger a new vulnerability scan on-demand. Once a user generates an image and publishes it to their container registry, they can trigger a scan to be able to analyze the container.
- Track the progress of an on-demand vulnerability scan: Once a scan is triggered, the user will want to track the progress so that, when the scan is completed, the user can then get the information/report from the scan that just ran, but if the scan fails, the user will be able to ack upon it.
These are the main functionalities I see, if we agree on them we can then add
parameters that can modify the main functionalities, things you mentioned like,
filter by severity or by date range, search by image digest instead of image ID, etc.
Let's zoom to clarify these ideas.
from go-sdk.
Related Issues (20)
- CloudQuery Source Plugin?
- feat: Syntax Highlighting / LSP support for LQL language HOT 1
- bug: `lacework completion bash/fish/zsh` requires authentication HOT 1
- feat: More examples and "how to use" docs HOT 2
- Ability to manage compliance suppression from CLI HOT 2
- lacework configure command doesn't remove subaccount
- Running lacework cli command to scan package manifests is creating empty output file HOT 7
- GCP List Projects Limited Output HOT 2
- Container Assessments default end time might be slightly ahead of server time and will get rejected by LW API HOT 8
- Running install.ps1 for the second time fails
- Pass-through used profile for command recommendations HOT 1
- bug:fdsafsadfsd
- bug: missing AWS_CIS_14 and GCP_CIS_13 report type for PDF HOT 1
- bug: lacework agent list percentage counter infinitely increases. HOT 3
- feat: lacework agent list - does not show agent status. HOT 5
- bug: api.NewClient account format is confusing HOT 1
- bug: api.ListAllImages not returning all active images HOT 1
- feat(cli): CLI version tags for Docker image HOT 2
- bug: Create SSH `known_hosts` file if doesn't already exist HOT 1
- feat: add line length as a check in `make lint` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-sdk.