feat(trivy): Enhance Trivy report generation and metrics handling
- Updated `generate_report.sh` to include additional scanners and output paths. - Enhanced `send_report.py` with new data classes for misconfigurations and vulnerabilities. - Improved parsing logic for Trivy output, supporting both Kubernetes and image scans. - Added Prometheus metrics generation for various scan results, including misconfigurations and vulnerabilities. - Introduced unit tests for parsing Trivy output and generating Prometheus metrics. - Modified Terraform variables for SMTP port type and added Pushgateway URL variable.
This commit is contained in:
@@ -85,7 +85,7 @@ resource "kubernetes_cron_job_v1" "trivy" {
|
||||
backoff_limit = 1
|
||||
parallelism = 1
|
||||
completions = 1
|
||||
active_deadline_seconds = 250
|
||||
active_deadline_seconds = 600
|
||||
|
||||
template {
|
||||
metadata {
|
||||
@@ -126,9 +126,9 @@ resource "kubernetes_cron_job_v1" "trivy" {
|
||||
}
|
||||
}
|
||||
container {
|
||||
name = "send-report"
|
||||
image = "python:${local.python_version}"
|
||||
args = ["/scripts/send_report.py"]
|
||||
name = "send-report"
|
||||
image = "python:${local.python_version}"
|
||||
command = ["python3", "/scripts/send_report.py"]
|
||||
env {
|
||||
name = "SMTP_HOST"
|
||||
value = var.smtp_host
|
||||
@@ -163,6 +163,18 @@ resource "kubernetes_cron_job_v1" "trivy" {
|
||||
name = "EMAIL_TO"
|
||||
value = var.to_email
|
||||
}
|
||||
env {
|
||||
name = "PUSHGATEWAY_URL"
|
||||
value = var.pushgateway_url
|
||||
}
|
||||
env {
|
||||
name = "REPORT_PATH"
|
||||
value = "/tmp/report.html"
|
||||
}
|
||||
env {
|
||||
name = "TRIVY_OUTPUT_FILE"
|
||||
value = "/tmp/trivy.json"
|
||||
}
|
||||
security_context {
|
||||
run_as_non_root = true
|
||||
run_as_user = 1000
|
||||
|
||||
Reference in New Issue
Block a user