Skip to content

Commit deab7e7

Browse files
S3B4SZ17S3B4SZ17
committed
fix: Changing the description of some tools for the filter query language
Signed-off-by: S3B4SZ17 <sebastian.zumbado@sysdig.com>
1 parent 4d5f4a4 commit deab7e7

File tree

7 files changed

+251
-53
lines changed

7 files changed

+251
-53
lines changed

Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,4 +33,6 @@ COPY --from=builder --chown=app:app /app/app_config.yaml /app
3333

3434
RUN pip install /app/sysdig_mcp_server.tar.gz
3535

36+
USER 1001:1001
37+
3638
ENTRYPOINT ["sysdig-mcp-server"]

charts/sysdig-mcp/values.yaml

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -46,13 +46,12 @@ podLabels: {}
4646
podSecurityContext: {}
4747
# fsGroup: 2000
4848

49-
securityContext: {}
50-
# capabilities:
51-
# drop:
52-
# - ALL
53-
# readOnlyRootFilesystem: true
54-
# runAsNonRoot: true
55-
# runAsUser: 1000
49+
securityContext:
50+
readOnlyRootFilesystem: false
51+
runAsNonRoot: true
52+
runAsUser: 1001
53+
runAsGroup: 1001
54+
fsGroup: 1001
5655

5756
service:
5857
type: ClusterIP

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[project]
22
name = "sysdig-mcp-server"
3-
version = "0.1.1"
3+
version = "0.1.2-beta.0"
44
description = "Sysdig MCP Server"
55
readme = "README.md"
66
requires-python = ">=3.12"

tools/inventory/tool.py

Lines changed: 137 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@
1818
from utils.query_helpers import create_standard_response
1919

2020
# Configure logging
21-
log = logging.getLogger(__name__)
2221
logging.basicConfig(format="%(asctime)s-%(process)d-%(levelname)s- %(message)s", level=os.environ.get("LOGLEVEL", "ERROR"))
22+
log = logging.getLogger(__name__)
2323

2424
# Load app config (expects keys: mcp.host, mcp.port, mcp.transport)
2525
app_config = get_app_config()
@@ -69,12 +69,143 @@ def tool_list_resources(
6969
Field(
7070
description=(
7171
"""
72-
Sysdig Secure filter expression for inventory resources,
73-
base filter: platform in ("GCP", "AWS", "Azure", "Kubernetes"),
74-
Examples:
75-
not isExposed exists; category in ("IAM") and isExposed exists; category in ("IAM","Audit & Monitoring")
72+
Use the filter-query-language to filter the results.
73+
74+
List of supported fields:
75+
- field: accountName
76+
Description: The account name that will be included in the results.
77+
- field: accountId
78+
Description: The account id that will be included in the results.
79+
- field: cluster
80+
Description: The kubernetes cluster that will be included in the results.
81+
- field: externalDNS
82+
Description: The external DNS that will be included in the results.
83+
- field: distribution
84+
Description: The kubernetes distribution that will be included in the results.
85+
- field: integrationName
86+
Description: The name of the integration an IaC resource belongs to.
87+
- field: labels
88+
Description: The resource labels that will be included in the results.
89+
- field: location
90+
Description: The web address of an IaC Manifest.
91+
- field: name
92+
Description: The names that will be included in the results.
93+
- field: namespace
94+
Description: The namespace that will be included in the results.
95+
- field: nodeType
96+
Description: The nodeType that will be included in the results.
97+
- field: osName
98+
Description: The operating system that will be included in the results.
99+
- field: osImage
100+
Description: The operating system image that will be included in the results.
101+
- field: organization
102+
Description: The organization that will be included in the results.
103+
- field: platform
104+
Description: The platform that will be included in the results.
105+
- field: control.accepted
106+
Description: Include (or Exclude) only resources with accepted results.
107+
Supported operators: exists and not exists.
108+
- field: policy
109+
Description: Include resources that applied the selected policies.
110+
Supported operators: in, not in, exists, not exists.
111+
- field: control.severity
112+
Description: Include resources that have violated risks in the selected severities.
113+
Supported operators: in, not in.
114+
- field: control.failed
115+
Description: Include resources that have violated the selected risks.
116+
Supported operators: in, not in, exists, not exists.
117+
- field: policy.failed
118+
Description: Include resources that failed the selected policies.
119+
Supported operators: in, not in, exists, not exists.
120+
- field: policy.passed
121+
Description: Include resources that passed the selected policies.
122+
Supported operators: in, not in, exists, not exists.
123+
- field: projectName
124+
Description: The project name that will be included in the results.
125+
- field: projectId
126+
Description: The project id that will be included in the results.
127+
- field: region
128+
Description: The regions that will be included in the results.
129+
- field: repository
130+
Description: The Repository an IaC resource belongs to.
131+
- field: resourceOrigin
132+
Description: Origin of the resource. Supported values: Code, Deployed.
133+
- field: type
134+
Description: The resource types that will be included in the results.
135+
- field: subscriptionName
136+
Description: The Azure subscription name that will be included in the results.
137+
- field: subscriptionId
138+
Description: The Azure subscription id that will be included in the results.
139+
- field: sourceType
140+
Description: The source type of an IaC resource.
141+
Supported values: YAML, Kustomize, Terraform, Helm.
142+
- field: version
143+
Description: OCP Cluster versions that will be included in the results.
144+
- field: zone
145+
Description: The zones that will be included in the results.
146+
- field: category
147+
Description: The category that will be included in the results.
148+
Supported operators: in, not in.
149+
- field: isExposed
150+
Description: Specifies whether the resource to return is exposed to the internet.
151+
Supported operators: exists and not exists.
152+
- field: validatedExposure
153+
Description: Specifies whether the resource to return is exposed to the internet and could be reach
154+
by our network exposure validator. Supported operators: exists and not exists.
155+
- field: arn
156+
Description: The AWS ARN of the resource.
157+
- field: resourceId
158+
Description: The Azure or GCP Resource Identifier of the resource.
159+
- field: container.name
160+
Description: Filters the resource by a container.
161+
- field: architecture
162+
Description: Image architecture.
163+
- field: baseOS
164+
Description: Image Base OS.
165+
- field: digest
166+
Description: Image Digest.
167+
- field: imageId
168+
Description: Image Id.
169+
- field: os
170+
Description: Image OS.
171+
- field: container.imageName
172+
Description: Image Pullstring.
173+
- field: image.registry
174+
Description: Image Registry.
175+
- field: image.tag
176+
Description: Image tag.
177+
- field: package.inUse
178+
Description: Package in use filter. Supported operators: exists and not exists.
179+
- field: package.info
180+
Description: Filters by a package using the format [packge name] - field: [version].
181+
- field: package.path
182+
Description: Filters by package path.
183+
- field: package.type
184+
Description: Package type.
185+
- field: vuln.cvssScore
186+
Description: Filter by vulnerability CVSS. Supported operators: = and >=.
187+
- field: vuln.hasExploit
188+
Description: Filters resources by the existence of vulnerabilities with exploits.
189+
Supported operators: exists and not exists.
190+
- field: vuln.hasFix
191+
Description: Filters resources by the existence of vulnerabilities with fixes.
192+
Supported operators: exists and not exists.
193+
- field: vuln.name
194+
Description: Filter by vulnerability name.
195+
- field: vuln.severity
196+
Description: Filter by vulnerability severity. Supported operators: in, not in, exists and not exists.
197+
- field: machineImage
198+
Description: Filter by host machine image.
76199
"""
77-
)
200+
),
201+
examples=[
202+
'zone in ("zone1") and machineImage = "ami-0b22b359fdfabe1b5"',
203+
'(projectId = "1235495521" or projectId = "987654321") and vuln.severity in ("Critical")',
204+
'vuln.name in ("CVE-2023-0049")',
205+
'vuln.cvssScore >= "3"',
206+
'container.name in ("sysdig-container") and not labels exists',
207+
'imageId in ("sha256:3768ff6176e29a35ce1354622977a1e5c013045cbc4f30754ef3459218be8ac")',
208+
],
78209
),
79210
] = 'platform in ("GCP", "AWS", "Azure", "Kubernetes")',
80211
page_number: Annotated[int, Field(ge=1, description="Page number for pagination (1-based index)")] = 1,

tools/vulnerability_management/tool.py

Lines changed: 48 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -73,14 +73,34 @@ def tool_list_runtime_vulnerabilities(
7373
Field(
7474
description=(
7575
"""
76-
Logical filter expression to select runtime vulnerabilities.
77-
Supports operators: =, !=, in, exists, contains, startsWith. Combine with and/or/not.
78-
Key fields include: asset.type, aws.account.id, aws.host.name, aws.region,
79-
cloudProvider, cloudProvider.account.id, cloudProvider.region,
80-
gcp.instance.id, gcp.instance.zone, gcp.project.id, gcp.project.numericId,
81-
host.hostName, kubernetes.cluster.name, kubernetes.namespace.name, kubernetes.node.name,
82-
kubernetes.pod.container.name, kubernetes.workload.name, kubernetes.workload.type,
83-
workload.name, workload.orchestrator
76+
Use the filter-query-language to filter the results.
77+
78+
Key fields include:
79+
- asset.type
80+
- aws.account.id
81+
- aws.host.name
82+
- aws.region
83+
- cloudProvider
84+
- cloudProvider.account.id
85+
- cloudProvider.region
86+
- gcp.instance.id
87+
- gcp.instance.zone
88+
- gcp.project.id
89+
- gcp.project.numericId
90+
- host.hostName
91+
- kubernetes.cluster.name
92+
- kubernetes.namespace.name
93+
- kubernetes.node.name
94+
- kubernetes.pod.container.name
95+
- kubernetes.workload.name
96+
- kubernetes.workload.type
97+
- workload.name
98+
- workload.orchestrator
99+
100+
The supported fields are all the fields of the Scope above, plus::
101+
- freeText
102+
- hasRunningVulns
103+
- hasRunningVulns.
84104
"""
85105
),
86106
examples=[
@@ -208,20 +228,18 @@ def tool_list_registry_scan_results(
208228
Optional[str],
209229
Field(
210230
description=(
211-
"Logical filter expression to select registry scan results. "
212-
"Supports operators: =, !=, in, exists, contains, startsWith. "
213-
"Combine with and/or/not. "
214-
"Key selectors include: "
215-
'- policyStatus (values "noPolicy", "failed", "passed", "accepted"), '
216-
"- registry.vendor, registry.name, freeText"
231+
"""
232+
Use the filter-query-language to filter the results.
233+
234+
The supported fields are:
235+
- freeText
236+
- vendor
237+
"""
217238
),
218239
examples=[
219-
'policyStatus in ("noPolicy") and registry.vendor = "harbor"',
220-
'registry.vendor = "dockerv2" and registry.name = "index.docker.io"',
221-
'registry.vendor = "harbor" and freeText in ("redis")',
222-
'policyStatus in ("failed") and registry.vendor = "harbor"'
223-
'policyStatus in ("passed", "accepted") and registry.vendor = "harbor"',
224-
'registry.vendor = "dockerv2" and registry.name = "registry.access.redhat.com"',
240+
'freeText = "alpine:latest" and vendor = "docker"',
241+
'vendor = "ecr"',
242+
'vendor = "harbor" and freeText in ("redis")',
225243
],
226244
),
227245
] = None,
@@ -235,13 +253,10 @@ def tool_list_registry_scan_results(
235253
filter (Optional[str]): Logical filter expression to select registry scan results.
236254
Supports operators: =, !=, in, exists, contains, startsWith.
237255
Combine with and/or/not.
238-
Key selectors include:
239-
- policyStatus (values "noPolicy", "failed", "passed", "accepted"),
240-
- registry.vendor, registry.name, freeText
256+
Key selectors include: freeText (string), vendor (e.g., "docker", "ecr", "harbor").
241257
Examples:
242-
- policyStatus in ("noPolicy") and registry.vendor = "harbor"
243-
- registry.vendor = "dockerv2" and registry.name = "index.docker.io"
244-
- registry.vendor = "harbor" and freeText in ("redis")
258+
- freeText = "alpine:latest" and vendor = "docker"
259+
- vendor = "ecr"
245260
limit (int): Maximum number of results to return.
246261
cursor (Optional[str]): Pagination cursor. If None, returns the first page.
247262
@@ -335,17 +350,16 @@ def tool_list_pipeline_scan_results(
335350
Optional[str],
336351
Field(
337352
description=(
338-
"Logical filter expression to select pipeline scan results. "
339-
"Supports operators: =, !=, in, exists, contains, startsWith. "
340-
"Combine with and/or/not. "
341-
"Key selectors include: "
342-
"- policyEvaluationsPassed (true/false), "
343-
"- freeText (string)."
353+
"""
354+
Use the filter-query-language to filter the results.
355+
356+
The supported fields are:
357+
- freeText
358+
"""
344359
),
345360
examples=[
346-
"policyEvaluationsPassed = true",
361+
'freeText in ("nginx")',
347362
'freeText in ("ubuntu")',
348-
'policyEvaluationsPassed = false and freeText in ("ubuntu")',
349363
],
350364
),
351365
] = None,

0 commit comments

Comments
 (0)