Container Scanning report common output: Execute clair server as a subprocess within the analyzer
Sub-issue of #32934 (closed)
Implementation plan
Implement all the functionality of start.sh in the golang version of the klar analyzer which was implemented here:
-
Configure/export all the same environment variables -
Allow overriding the postgres vulnerabilities database url used by clair -
Start the clair server as a background process and ensure that it's responsive before attempting to scan the image -
Handle errors from the clair server -
Output deprecation warning if the CLAIR_DB_IMAGE_TAGenvironment variable does not equallatest(see here for details) -
Execute the klar binary to initiate a container scan and save the results in memory -
Handle errors from klar -
Run the golang klar analyzeragainst the output created in step6.to produce agl-container-scanning-report.jsonfile -
Ensure the new rails parser can handle the file produced by step 8. -
Add unit tests for the above behaviour -
Test the new docker image using the container scanning test project -
Update the CI configuration to to use the shared CI config -
Remove the reference to/container-scanner/start.shin the Container-Scanning template-
/container-scanner/start.shis still needed in order to maintain backward compatibility with the previous container scanning tool
-
Edited by Adam Cohen