Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(deps): Merge defsec into trivy #6109

Merged
merged 14 commits into from
Feb 16, 2024
Merged

refactor(deps): Merge defsec into trivy #6109

merged 14 commits into from
Feb 16, 2024

Conversation

simar7
Copy link
Member

@simar7 simar7 commented Feb 12, 2024
edited
Loading

Description

Merges any remaining defsec packages into Trivy.

Related issues

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@simar7 simar7 mentioned this pull request Feb 12, 2024
Closed
7 tasks
This was referenced Feb 13, 2024
Closed
Merged
@simar7 simar7 requested a review from nikpivkin February 13, 2024 05:34
@simar7
update tests
dd6db3b 
Signed-off-by: Simar <simar@linux.com>
@simar7 simar7 self-assigned this Feb 14, 2024
@simar7 simar7 marked this pull request as ready for review February 14, 2024 06:03
@simar7 simar7 requested a review from knqyf263 as a code owner February 14, 2024 06:03
knqyf263
knqyf263 reviewed Feb 14, 2024
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to #5626, I presumed most logic existed in trivy-iac, so we've almost done the migration in #6005. However, this PR is also huge. What is the difference between trivy-iac and defsec?

cmd/iac/allowed_actions/main.go Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this file for? I'd like to keep Trivy only under the cmd/ dir. Does Mage help?
https://github.com/aquasecurity/trivy/tree/main/magefiles

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to support wildcards here we need to constantly know which actions are allowed. This is automatically generated by this code and put here.

I've converted them both (schema and allowed actions) into magefile targets. Thanks for the suggestion!

@simar7
Copy link
Member Author

simar7 commented Feb 15, 2024

According to #5626, I presumed most logic existed in trivy-iac, so we've almost done the migration in #6005. However, this PR is also huge. What is the difference between trivy-iac and defsec?

Sorry I apologize for another big PR but it is the last remaining pieces of defsec that are part of this PR.

As for the differences, we merged all the parsers (code that parses language files) and adapters (code that adapts parsed language files into defsec state) in the last PR. This PR is about merging the providers (code that describes the state of a service like AWS).

knqyf263
knqyf263 reviewed Feb 15, 2024
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I apologize for another big PR but it is the last remaining pieces of defsec that are part of this PR.

No apologies! I was just wondering why this PR was so large.

As for the differences, we merged all the parsers (code that parses language files) and adapters (code that adapts parsed language files into defsec state) in the last PR. This PR is about merging the providers (code that describes the state of a service like AWS).

I drew a diagram. Is this correct?

image

magefiles/magefile.go Outdated Show resolved Hide resolved
pkg/iac/providers/aws/ec2/instance.go Outdated Show resolved Hide resolved
@simar7
Copy link
Member Author

simar7 commented Feb 16, 2024

I drew a diagram. Is this correct?

Yes I would say so 👍🏼

@knqyf263
Copy link
Collaborator

Yes I would say so 👍🏼

Thanks for confirming!

@knqyf263 knqyf263 added this pull request to the merge queue Feb 16, 2024
Merged via the queue into main with commit 14adbb4 Feb 16, 2024
16 checks passed
@knqyf263 knqyf263 deleted the merge-defsec-2 branch February 16, 2024 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 left review comments

@nikpivkin nikpivkin nikpivkin approved these changes

Assignees

@simar7 simar7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

refactor(misconf): Merging trivy-iac into Trivy
3 participants
@simar7 @knqyf263 @nikpivkin