importer: trivy_operator: make endpoints contain the affected artifac…

…t if reported by Trivy Trivy operator may provide information which artifact is affected by the reported finding. However, this information was lost. This change introduces artifact details as parts of Endpoint properties (host).
netceteragroup · Aug 2, 2024 · c903850 · c903850
1 parent 5c7874e
commit c903850
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/dojo/tools/trivy_operator/parser.py b/dojo/tools/trivy_operator/parser.py
@@ -61,9 +61,21 @@ def handle_resource(self, data, test):
             resource_name = labels.get("trivy-operator.resource.name", "")
             container_name = labels.get("trivy-operator.container.name", "")
 
+            affected_artifact = "unknown_artifact"
+            if report.get("registry"):
+                registry = report.get("registry").get("server", "unknown_registry")
+                if report.get("artifact"):
+                    artifact = report.get("artifact")
+                    repository = artifact.get("repository", "unknown_repo")
+                    tag = artifact.get("tag", "unknown_tag")
+                    # having tag after colon as 'host' property of Endpoint
+                    # makes an endpoint broken. however, there is no better
+                    # option at the moment to keep the information.
+                    affected_artifact = f"{registry}/{repository}:{tag}"
+
             endpoint = Endpoint(
-                host=resource_namespace,
-                path=f"{resource_kind}/{resource_name}/{container_name}"
+                host=affected_artifact,
+                path=f"{resource_namespace}/{resource_kind}/{resource_name}/{container_name}"
             )
 
             service = ""