🎉 fix TrivyOperator new report structure

[manuel-sommer]

Trivyoperator has a new report structure.

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the security capabilities of the Trivy Operator tool, including enhancing the handling of scan reports, adding more contextual information to finding descriptions, tagging findings with additional metadata, and updating unit tests.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the security capabilities of the Trivy Operator tool, which is used for vulnerability scanning in Kubernetes environments. The key changes include:

1. Handling of Trivy Operator Scan Reports: The code changes in the parser.py, secrets_handler.py, checks_handler.py, and vulnerability_handler.py files enhance the parsing and handling of the Trivy Operator scan reports. This includes improvements in extracting and presenting findings related to vulnerabilities, compliance checks, and secrets.

2. Enhancing Finding Descriptions: The code changes add more contextual information to the finding descriptions, such as the container name, resource kind, name, and namespace. This provides security teams with better visibility and understanding of the identified issues.

3. Tagging of Findings: The findings are now tagged with additional metadata, such as the resource namespace, package types, and vulnerability IDs. This can help with the organization, filtering, and tracking of the identified security issues.

4. Unit Test Updates: The changes in the test_trivy_operator_parser.py file update the expected output of a specific test case to match the actual output of the parser.

Overall, these changes enhance the security capabilities of the Trivy Operator tool and improve the quality and usefulness of the security information it provides. This is an important aspect of application security, as it helps security teams and developers better understand and address the identified vulnerabilities, compliance issues, and secrets within the Kubernetes environment.

Files Changed:

1. dojo/tools/trivy_operator/parser.py: The changes in this file focus on improving the handling of the Trivy Operator scan report, including the ability to parse both single-item and list-based JSON data structures.
2. dojo/tools/trivy_operator/secrets_handler.py: The changes in this file enhance the handling of secrets detected by the Trivy tool, including adding more contextual information to the findings and tagging them with the resource namespace.
3. dojo/tools/trivy_operator/checks_handler.py: The changes in this file improve the handling of Trivy checks, including the addition of more contextual information in the finding descriptions and the tagging of findings by namespace.
4. dojo/tools/trivy_operator/vulnerability_handler.py: The changes in this file enhance the handling of vulnerability information, including the extraction of additional contextual details and the tagging of findings based on package types and classes.
5. unittests/tools/test_trivy_operator_parser.py: The changes in this file update the expected output of a specific test case in the TrivyOperatorParser unit tests.
6. unittests/scans/trivy_operator/findings_in_list.json: This file appears to be a sample Trivy Operator scan report, which includes findings related to Kubernetes configuration issues and container image vulnerabilities.

Code Analysis

We ran 9 analyzers against 6 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved