Container Scanning report common output: Execute clair server as a subprocess within the analyzer
Sub-issue of #32934 (closed)
Implementation plan
Implement all the functionality of start.sh in the golang version of the klar analyzer which was implemented here:
-
Configure/export all the same environment variables -
Allow overriding the postgres vulnerabilities database url used by clair -
Start the clair server as a background process and ensure that it's responsive before attempting to scan the image -
Handle errors from the clair server
-
Output deprecation warning if the CLAIR_DB_IMAGE_TAG
environment variable does not equallatest
(see here for details) -
Execute the klar binary to initiate a container scan and save the results in memory -
Handle errors from klar
-
Run the golang klar analyzer
against the output created in step6.
to produce agl-container-scanning-report.json
file -
Ensure the new rails parser can handle the file produced by step 8.
-
Add unit tests for the above behaviour -
Test the new docker image using the container scanning test project -
Update the CI configuration to to use the shared CI config -
Remove the reference to/container-scanner/start.sh
in the Container-Scanning template-
/container-scanner/start.sh
is still needed in order to maintain backward compatibility with the previous container scanning tool
-
Edited by Adam Cohen