Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

optimise dockerfile #6226

Open
wants to merge 81 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
81 commits
Select commit Hold shift + click to select a range
3b7b718
optimise dockerfile
nishant-d Dec 27, 2024
10f39a3
build optimise
nishant-d Dec 27, 2024
bc34abf
handle the case when a cve is not found in our database to enforce po…
prakash100198 Dec 30, 2024
df4beab
removed casbin database creation call (#6238)
kartik-579 Dec 31, 2024
b64dca1
fix: graceful shutdown handling and logs flush (#6239)
Shivam-nagar23 Dec 31, 2024
33f0ad6
isProd in cluster
prkhrkat Dec 31, 2024
385432f
Merge pull request #6241 from devtron-labs/cluster-fix
prkhrkat Dec 31, 2024
2c3ea7d
common lib hash update and add pg failure queries flag
ayu-devtron Jan 2, 2025
69097b9
chore: merging user service with connection manager (#6225)
iamayushm Jan 2, 2025
de8652b
chore: Argocd repository secret creation service refactoring (#6229)
iamayushm Jan 2, 2025
2ddc994
Merge branch 'develop' into img-scan-bug-fixes
prakash100198 Jan 3, 2025
c168da4
fix app level cve add and it wasn't enforcing it at app level only
prakash100198 Jan 3, 2025
54e776a
soft delete previous policies so that consistent data is created in s…
prakash100198 Jan 5, 2025
703bf36
use ilike with regex matching in app name filter at cve search
prakash100198 Jan 5, 2025
15ccde9
bypass vulnerability check for rollback trigger
prakash100198 Jan 6, 2025
11b47d5
update common lib hash to use updated query processor function
ayu-devtron Jan 6, 2025
d60c186
main sync develop
vikramdevtron Jan 6, 2025
e93cadb
Merge pull request #6256 from devtron-labs/main-sync-develop-6jan
vikramdevtron Jan 6, 2025
0c2479c
update common lib hash
ayu-devtron Jan 6, 2025
0733fad
SeverityStringToEnum
prakash100198 Jan 6, 2025
ef09af6
FilterDeployInfoByScannedArtifactsDeployedInEnv
prakash100198 Jan 6, 2025
5e2dbeb
Merge branch 'develop' into img-scan-bug-fixes
prakash100198 Jan 6, 2025
8cffe77
wire
prakash100198 Jan 6, 2025
c8dfc37
some changes after self review
prakash100198 Jan 7, 2025
cb7f9ac
added schme json for cronjobs (#6260)
badal773 Jan 7, 2025
36d9331
code review comments + self review comments incorporation
prakash100198 Jan 7, 2025
dcb7a39
Merge branch 'develop' into img-scan-bug-fixes
prakash100198 Jan 7, 2025
390dea2
wip
kartik-579 Jan 8, 2025
12f01f2
wip
kartik-579 Jan 8, 2025
96a9a3b
update common-lib hash
ayu-devtron Jan 8, 2025
0baf4e7
created resourceTree service
kartik-579 Jan 8, 2025
fe30a55
resrouce tree service ent
kartik-579 Jan 8, 2025
44b3a0f
Added licenses
kartik-579 Jan 8, 2025
c2ba630
removed resource tree
kartik-579 Jan 8, 2025
24701e6
wip
kartik-579 Jan 8, 2025
de84a08
removed unused dependencies
kartik-579 Jan 8, 2025
233ec55
oss/ent
kartik-579 Jan 8, 2025
6ecdabf
wip
kartik-579 Jan 8, 2025
4226677
wip
kartik-579 Jan 8, 2025
1328df4
oss/ent
kartik-579 Jan 8, 2025
1f916e4
minor changes
kartik-579 Jan 8, 2025
eadaccf
updated log
kartik-579 Jan 8, 2025
a1ba8d7
added ent func
kartik-579 Jan 8, 2025
c4389f6
len check in soft delete policies
prakash100198 Jan 8, 2025
ffef7f9
added pointer in receiver
kartik-579 Jan 8, 2025
d414602
return statement
kartik-579 Jan 8, 2025
d7713a4
wip
kartik-579 Jan 8, 2025
1e32846
erview comments
kartik-579 Jan 10, 2025
940bc2f
review comments
kartik-579 Jan 10, 2025
c6f8cca
wip
kartik-579 Jan 10, 2025
c472b6e
wip
kartik-579 Jan 10, 2025
384a769
query update
kartik-579 Jan 10, 2025
b758948
Merge pull request #6262 from devtron-labs/helm-type-pipeline-app-status
kartik-579 Jan 10, 2025
9672e0f
Merge branch 'develop' of github.com:devtron-labs/devtron into pg-ena…
ayu-devtron Jan 10, 2025
e17ca74
put deleted check in FindLatestCdWorkflowRunnerArtifactMetadataForApp…
prakash100198 Jan 10, 2025
3008f93
fix
prakash100198 Jan 10, 2025
17284db
update oss hash
ayu-devtron Jan 10, 2025
36fb5ba
hash update
ayu-devtron Jan 10, 2025
366bf84
fix: dependabot dt25 (#6237)
RajeevRanjan27 Jan 11, 2025
aff3919
use common query monitoring bean
ayu-devtron Jan 11, 2025
922aecb
env_gen update
ayu-devtron Jan 11, 2025
800291f
update oss hash
ayu-devtron Jan 12, 2025
3005129
Merge branch 'develop' of github.com:devtron-labs/devtron into pg-ena…
ayu-devtron Jan 12, 2025
4c5c318
udpate oss hash
ayu-devtron Jan 12, 2025
a9cd284
update oss hash
ayu-devtron Jan 12, 2025
abd7531
Merge pull request #6243 from devtron-labs/pg-enable-metrics
ayu-devtron Jan 13, 2025
0bf67af
Merge branch 'develop' into img-scan-bug-fixes
prakash100198 Jan 13, 2025
a0ef645
Merge pull request #6259 from devtron-labs/img-scan-bug-fixes
prakash100198 Jan 13, 2025
1f3d001
main sync develop
vikramdevtron Jan 13, 2025
205b6ba
authenticator and common lib updated
vikramdevtron Jan 13, 2025
0f5cf58
Merge pull request #6273 from devtron-labs/main-sync-develop-13jan
vikramdevtron Jan 13, 2025
64229e2
added labels on app-manual-sync job (#6269)
pawan-59 Jan 13, 2025
be8504d
Merge branch 'main' into sync-main-develop
RajeevRanjan27 Jan 13, 2025
ba6b6fb
Merge pull request #6276 from devtron-labs/sync-main-develop
RajeevRanjan27 Jan 13, 2025
ab1d13e
remove unused variable causing double register in prometheus
ayu-devtron Jan 14, 2025
376206d
Merge pull request #6279 from devtron-labs/pg-descriptor-fix
ayu-devtron Jan 14, 2025
ded2c48
chore: Argo common client (#6266)
iamayushm Jan 15, 2025
6321361
updated Dockerfile to remove extra layers
pawan-59 Jan 16, 2025
820aa60
updated DockerfileEA to remove extra layers
pawan-59 Jan 16, 2025
18c494a
updated dockerfile to add vendor step
pawan-59 Jan 16, 2025
2974559
Merge branch 'develop' into dockerfile-optimise
pawan-59 Jan 16, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
handle the case when a cve is not found in our database to enforce po…
…licy on
prakash100198 committed Dec 30, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit bc34abfb61d80f4759acba0dd4e2011033a738c5
7 changes: 7 additions & 0 deletions api/bean/Security.go
Original file line number Diff line number Diff line change
@@ -27,6 +27,13 @@ type CreateVulnerabilityPolicyRequest struct {
Severity string `json:"severity,omitempty"`
}

func (r CreateVulnerabilityPolicyRequest) IsRequestGlobal() bool {
if r.ClusterId == 0 && r.EnvId == 0 && r.AppId == 0 {
return true
}
return false
}

// CreateVulnerabilityPolicyResponse defines model for CreateVulnerabilityPolicyResponse.
type CreateVulnerabilityPolicyResponse struct {
// Error object
47 changes: 13 additions & 34 deletions pkg/policyGovernance/security/imageScanning/CvePolicyService.go
Original file line number Diff line number Diff line change
@@ -23,8 +23,10 @@ import (
bean2 "github.com/devtron-labs/common-lib/imageScan/bean"
repository1 "github.com/devtron-labs/devtron/internal/sql/repository/app"
"github.com/devtron-labs/devtron/internal/sql/repository/helper"
"github.com/devtron-labs/devtron/internal/util"
"github.com/devtron-labs/devtron/pkg/cluster/environment"
"github.com/devtron-labs/devtron/pkg/pipeline/types"
"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/adapter"
"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/read"
repository3 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
securityBean "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository/bean"
@@ -428,55 +430,32 @@ func (impl *PolicyServiceImpl) parsePolicyAction(action string) (securityBean.Po
}

func (impl *PolicyServiceImpl) SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error) {
isGlobal := false
if request.ClusterId == 0 && request.EnvId == 0 && request.AppId == 0 {
isGlobal = true
}
action, err := impl.parsePolicyAction(string(*request.Action))
if err != nil {
impl.logger.Errorw("error in parsing policy action", "action", request.Action, "err", err)
return nil, err
}
var severity securityBean.Severity
if len(request.Severity) > 0 {
if request.Severity == securityBean.CRITICAL {
severity = securityBean.Critical
} else if request.Severity == securityBean.HIGH {
severity = securityBean.High
} else if request.Severity == securityBean.MODERATE || request.Severity == securityBean.MEDIUM {
severity = securityBean.Medium
} else if request.Severity == securityBean.LOW {
severity = securityBean.Low
} else if request.Severity == securityBean.UNKNOWN {
severity = securityBean.Unknown
} else {
severity, err = securityBean.SeverityStringToEnumWithError(request.Severity)
if err != nil {
return nil, fmt.Errorf("unsupported Severity %s", request.Severity)
}
} else {
cveStore, err := impl.cveStoreRepository.FindByName(request.CveId)
if err != nil {
if err != nil && !util.IsErrNoRows(err) {
impl.logger.Errorw("error in finding cveStore by cveId", "cveId", request.CveId, "err", err)
return nil, err
} else if util.IsErrNoRows(err) {
errMessage := fmt.Sprintf("cve %s not found in our database", request.CveId)
return nil, util.NewApiError(http.StatusNotFound, errMessage, errMessage)
}
severity = cveStore.GetSeverity()
}
policy := &repository3.CvePolicy{
Global: isGlobal,
ClusterId: request.ClusterId,
EnvironmentId: request.EnvId,
AppId: request.AppId,
CVEStoreId: request.CveId,
Action: action,
Severity: &severity,
AuditLog: sql.AuditLog{
CreatedOn: time.Now(),
CreatedBy: userId,
UpdatedOn: time.Now(),
UpdatedBy: userId,
},
}
policy, err = impl.cvePolicyRepository.SavePolicy(policy)
policy, err := impl.cvePolicyRepository.SavePolicy(adapter.BuildCvePolicy(request, action, severity, time.Now(), userId))
if err != nil {
impl.logger.Errorw("error in saving policy", "err", err)
return nil, fmt.Errorf("error in saving policy")
impl.logger.Errorw("error in saving policy", "request", request, "err", err)
return nil, err
}
return &bean.IdVulnerabilityPolicyResult{Id: policy.Id}, nil
}
22 changes: 22 additions & 0 deletions pkg/policyGovernance/security/imageScanning/adapter/adapter.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
package adapter

import (
bean2 "github.com/devtron-labs/devtron/api/bean"
"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/bean"
"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/helper/parser"
"github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
bean3 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository/bean"
"github.com/devtron-labs/devtron/pkg/sql"
"time"
)

@@ -61,3 +65,21 @@ func ExecutionDetailsToResourceScanResponseDto(respFromExecutionDetail *bean.Ima
resp.ImageScan = &parser.ImageScanResponse{Vulnerability: vulnerabilityResponse}
return resp
}

func BuildCvePolicy(request bean2.CreateVulnerabilityPolicyRequest, action bean3.PolicyAction, severity bean3.Severity, time time.Time, userId int32) *repository.CvePolicy {
return &repository.CvePolicy{
Global: request.IsRequestGlobal(),
ClusterId: request.ClusterId,
EnvironmentId: request.EnvId,
AppId: request.AppId,
CVEStoreId: request.CveId,
Action: action,
Severity: &severity,
AuditLog: sql.AuditLog{
CreatedOn: time,
CreatedBy: userId,
UpdatedOn: time,
UpdatedBy: userId,
},
}
}
Original file line number Diff line number Diff line change
@@ -16,6 +16,8 @@

package bean

import "fmt"

const (
HIGH string = "high"
CRITICAL string = "critical"
@@ -51,6 +53,23 @@ const (
Unknown
)

func SeverityStringToEnumWithError(severity string) (Severity, error) {
if severity == LOW {
return Low, nil
} else if severity == MEDIUM || severity == MODERATE {
return Medium, nil
} else if severity == HIGH {
return High, nil
} else if severity == CRITICAL {
return Critical, nil
} else if severity == SAFE {
return Safe, nil
} else if severity == UNKNOWN {
return Unknown, nil
}
return 0, fmt.Errorf("unsupported Severity %s", severity)
}

//// Handling for future use
//func (d Severity) ValuesOf(severity string) Severity {
// if severity == CRITICAL || severity == HIGH {