[Kubernetes Exporter] - Improve on Trivy k8s exporter (#100)

port-labs · May 13, 2024 · 5ea89aa · 5ea89aa
1 parent 9f5aff4
commit 5ea89aa
Show file tree

Hide file tree

Showing 2 changed files with 203 additions and 75 deletions.
diff --git a/kubernetes/blueprints/trivy-blueprints.json b/kubernetes/blueprints/trivy-blueprints.json
@@ -373,79 +373,176 @@
         }
     },
     {
-        "identifier": "trivyVulnerabilities",
-        "title": "Trivy Vulnerabilities",
+        "identifier": "trivyConfigAuditReport",
+        "title": "Trivy Config Audit Report",
         "icon": "Trivy",
         "schema": {
-            "properties": {
-                "scanner": {
-                    "title": "Scanner",
-                    "type": "string"
-                },
-                "criticalCount": {
-                    "title": "Critical Count",
-                    "type": "number"
-                },
-                "highCount": {
-                    "title": "High Count",
-                    "type": "number"
-                },
-                "lowCount": {
-                    "title": "Low Count",
-                    "type": "number"
-                },
-                "mediumCount": {
-                    "title": "Medium Count",
-                    "type": "number"
-                },
-                "category": {
-                    "title": "Category",
-                    "type": "string"
-                },
-                "message": {
-                    "title": "Message",
-                    "type": "array"
-                },
-                "severity": {
-                    "title": "Severity",
-                    "type": "string",
-                    "enum": [
-                        "LOW",
-                        "MEDIUM",
-                        "HIGH",
-                        "CRITICAL",
-                        "UNKNOWN"
-                    ],
-                    "enumColors": {
-                        "LOW": "green",
-                        "MEDIUM": "yellow",
-                        "HIGH": "red",
-                        "CRITICAL": "red",
-                        "UNKNOWN": "lightGray"
-                    }
-                },
-                "scannerVersion": {
-                    "title": "Scanner Version",
-                    "type": "string"
-                },
-                "createdAt": {
-                    "title": "Created At",
-                    "type": "string",
-                    "format": "date-time"
-                }
+          "properties": {
+            "category": {
+              "title": "Category",
+              "type": "string"
             },
-            "required": []
+            "messages": {
+              "title": "Messages",
+              "type": "array"
+            },
+            "description": {
+              "title": "Description",
+              "type": "string"
+            },
+            "severity": {
+              "title": "Severity",
+              "type": "string",
+              "enum": [
+                "LOW",
+                "MEDIUM",
+                "HIGH",
+                "CRITICAL",
+                "UNKNOWN"
+              ],
+              "enumColors": {
+                "LOW": "green",
+                "MEDIUM": "yellow",
+                "HIGH": "red",
+                "CRITICAL": "red",
+                "UNKNOWN": "lightGray"
+              }
+            },
+            "remediation": {
+              "title": "Remediation",
+              "type": "string"
+            },
+            "success": {
+              "title": "Success",
+              "type": "boolean"
+            },
+            "scanner": {
+              "title": "Scanner",
+              "type": "string"
+            },
+            "scannerVersion": {
+              "title": "Scanner Version",
+              "type": "string"
+            },
+            "createdAt": {
+              "title": "Created At",
+              "type": "string",
+              "format": "date-time"
+            },
+            "updatedAt": {
+              "title": "Updated At",
+              "type": "string",
+              "format": "date-time"
+            }
+          },
+          "required": []
         },
         "mirrorProperties": {},
         "calculationProperties": {},
         "aggregationProperties": {},
         "relations": {
-            "namespace": {
-                "title": "Namespace",
-                "target": "namespace",
-                "required": false,
-                "many": false
+          "namespace": {
+            "title": "Namespace",
+            "target": "namespace",
+            "required": false,
+            "many": false
+          }
+        }
+      },
+      {
+        "identifier": "trivyVulnerabilityReport",
+        "title": "Trivy Vulnerability Report",
+        "icon": "Trivy",
+        "schema": {
+          "properties": {
+            "resource": {
+              "title": "Resource",
+              "type": "string"
+            },
+            "score": {
+              "title": "Score",
+              "type": "number"
+            },
+            "fixedVersion": {
+              "title": "Fixed Version",
+              "type": "string"
+            },
+            "installedVersion": {
+              "title": "Installed Version",
+              "type": "string"
+            },
+            "lastModifiedDate": {
+              "title": "Last Modified Date",
+              "type": "string",
+              "format": "date-time"
+            },
+            "links": {
+              "icon": "DefaultProperty",
+              "title": "Links",
+              "type": "array",
+              "items": {
+                "type": "string",
+                "format": "url"
+              }
+            },
+            "primaryLink": {
+              "title": "Primary Link",
+              "type": "string",
+              "format": "url"
+            },
+            "publishedDate": {
+              "title": "Published Date",
+              "type": "string",
+              "format": "date-time"
+            },
+            "severity": {
+              "title": "Severity",
+              "type": "string",
+              "enum": [
+                "LOW",
+                "MEDIUM",
+                "HIGH",
+                "CRITICAL",
+                "UNKNOWN"
+              ],
+              "enumColors": {
+                "LOW": "green",
+                "MEDIUM": "yellow",
+                "HIGH": "red",
+                "CRITICAL": "red",
+                "UNKNOWN": "lightGray"
+              }
+            },
+            "target": {
+              "title": "Target",
+              "type": "string"
+            },
+            "scanner": {
+              "title": "Scanner Name",
+              "type": "string"
+            },
+            "scannerVersion": {
+              "title": "Scanner Version",
+              "type": "string"
+            },
+            "createdAt": {
+              "title": "Created At",
+              "type": "string",
+              "format": "date-time"
             }
+          },
+          "required": []
+        },
+        "mirrorProperties": {},
+        "calculationProperties": {},
+        "aggregationProperties": {},
+        "relations": {
+          "namespace": {
+            "title": "Namespace",
+            "target": "namespace",
+            "required": false,
+            "many": false
+          }
         }
-    }
+      }
 ]
diff --git a/kubernetes/trivy_config.tmpl b/kubernetes/trivy_config.tmpl
@@ -1,21 +1,52 @@
   - kind: aquasecurity.github.io/v1alpha1/configauditreports
+    selector:
+      query: 'true'
     port:
+      itemsToParse: .report.checks
       entity:
         mappings:
-          - identifier: .metadata.name + "-" + .metadata.namespace + "-" + env.CLUSTER_NAME
-            title: .metadata.name
+          - identifier: .metadata.name + "-" + .item.checkID + "-" + .metadata.namespace + "-" + env.CLUSTER_NAME
+            title: .item.title
             icon: '"Trivy"'
-            blueprint: '"trivyVulnerabilities"'
+            blueprint: '"trivyConfigAuditReport"'
             properties:
+              category: .item.category
+              messages: .item.messages
+              description: .item.description
+              severity: .item.severity
+              remediation: .item.remediation
+              success: .item.success
               scanner: .report.scanner.name
-              criticalCount: .report.summary.criticalCount
-              highCount: .report.summary.highCount
-              lowCount: .report.summary.lowCount
-              mediumCount: .report.summary.mediumCount
-              category: .report.checks[0].category
-              message: .report.checks[0].messages
-              severity: .report.checks[0].severity
               scannerVersion: .report.scanner.version
               createdAt: .metadata.creationTimestamp
+              updatedAt: .report.updateTimestamp
             relations:
               namespace: .metadata.namespace + "-" + env.CLUSTER_NAME
+
+  - kind: aquasecurity.github.io/v1alpha1/vulnerabilityreports
+    selector:
+      query: 'true'
+    port:
+      itemsToParse: .report.vulnerabilities
+      entity:
+        mappings:
+          - identifier: .metadata.name + "-" + .item.vulnerabilityID + "-" + .metadata.namespace + "-" + env.CLUSTER_NAME
+            title: .item.title
+            icon: '"Trivy"'
+            blueprint: '"trivyVulnerabilityReport"'
+            properties:
+              resource: .item.resource
+              score: .item.score
+              fixedVersion: .item.fixedVersion
+              installedVersion: .item.installedVersion
+              lastModifiedDate: .item.lastModifiedDate
+              links: .item.links
+              primaryLink: .item.primaryLink
+              publishedDate: .item.publishedDate
+              severity: .item.severity
+              target: .item.target
+              scanner: .report.scanner.name
+              scannerVersion: .report.scanner.version
+              createdAt: .metadata.creationTimestamp
+            relations:
+              namespace: .metadata.namespace + "-" + env.CLUSTER_NAME