|
70 | 70 | python3 scan_docker_image_lite.py <imagespec> --detect-options='--detect.clone.project.version.name=version --detect.project.clone.categories=COMPONENT_DATA,VULN_DATA' |
71 | 71 |
|
72 | 72 | There is not validation of extra parameters passed, use with care. |
| 73 | +
|
| 74 | +MK 2022-10-24 Automating grouping. |
| 75 | +By adding specific markers to the Dockerfile, it is possible to enable automating group detection. |
| 76 | +
|
| 77 | +In the Dockerfile, once the specific group is complete, add the following command: |
| 78 | +
|
| 79 | +RUN echo <groupname>_group_end |
| 80 | +
|
| 81 | +e.g. |
| 82 | +
|
| 83 | +. . . |
| 84 | +RUN echo base_group_end |
| 85 | +. . . |
| 86 | +RUN echo app_group_end |
| 87 | +. . . |
| 88 | +
|
| 89 | +that will generate grouping as N:base,N:app |
| 90 | +
|
| 91 | +
|
73 | 92 | ''' |
74 | 93 |
|
75 | 94 | from blackduck.HubRestApi import HubInstance |
|
83 | 102 | import sys |
84 | 103 | from argparse import ArgumentParser |
85 | 104 | import argparse |
| 105 | +import re |
86 | 106 |
|
87 | 107 | #hub = HubInstance() |
88 | 108 |
|
@@ -129,7 +149,15 @@ def pull_container_image(self, image_name): |
129 | 149 | args.append('pull') |
130 | 150 | args.append(image_name) |
131 | 151 | return subprocess.run(args) |
132 | | - |
| 152 | + |
| 153 | + def get_container_image_history(self, image_name): |
| 154 | + args = [] |
| 155 | + args.append(self.docker_path) |
| 156 | + args.append('history') |
| 157 | + args.append(image_name) |
| 158 | + result = subprocess.run(args, capture_output=True) |
| 159 | + return result |
| 160 | + |
133 | 161 | def save_container_image(self, image_name): |
134 | 162 | args = [] |
135 | 163 | args.append(self.docker_path) |
@@ -216,9 +244,25 @@ def __init__( |
216 | 244 | def prepare_container_image(self): |
217 | 245 | self.docker.initdir() |
218 | 246 | self.docker.pull_container_image(self.container_image_name) |
| 247 | + result = self.docker.get_container_image_history(self.container_image_name) |
| 248 | + history = result.stdout.splitlines() |
| 249 | + layer_count = 0 |
| 250 | + history_grouping = '' |
| 251 | + for line in reversed(history): |
| 252 | + print (line) |
| 253 | + if not line.rstrip().endswith(b' 0B'): |
| 254 | + layer_count +=1 |
| 255 | + match = re.search('echo (.+?)_group_end', str(line)) |
| 256 | + if match: |
| 257 | + found = match.group(1) |
| 258 | + if len(history_grouping): |
| 259 | + history_grouping += ',' |
| 260 | + history_grouping += str(layer_count) + ":" + found |
| 261 | + if len(history_grouping) and self.grouping == '1024:everything': |
| 262 | + self.grouping = history_grouping |
219 | 263 | self.docker.save_container_image(self.container_image_name) |
220 | 264 | self.docker.unravel_container() |
221 | | - |
| 265 | + |
222 | 266 | def process_container_image_by_user_defined_groups(self): |
223 | 267 | self.manifest = self.docker.read_manifest() |
224 | 268 | print(self.manifest) |
|
0 commit comments