From 93b5bf65f8fba509af56b4366d323f9be3851689 Mon Sep 17 00:00:00 2001
From: "Alan (Maciej) Paruszewski" <mparuszewski@gitlab.com>
Date: Thu, 8 Jul 2021 16:06:43 +0000
Subject: [PATCH] Add Clsuter Image Scanning filter and configuration
---
.../components/configuration_table.vue | 2 ++
.../components/constants.js | 26 +++++++++++++++++++
.../vue_shared/security_reports/constants.js | 1 +
.../project/project_vulnerabilities.vue | 1 +
.../security_dashboard/store/constants.js | 1 +
.../shared/filters/scanner_filter_spec.js | 5 ++--
locale/gitlab.pot | 6 +++++
7 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/app/assets/javascripts/security_configuration/components/configuration_table.vue b/app/assets/javascripts/security_configuration/components/configuration_table.vue
index 2110af1522b81..7f250bf1365be 100644
--- a/app/assets/javascripts/security_configuration/components/configuration_table.vue
+++ b/app/assets/javascripts/security_configuration/components/configuration_table.vue
@@ -8,6 +8,7 @@ import {
REPORT_TYPE_DAST_PROFILES,
REPORT_TYPE_DEPENDENCY_SCANNING,
REPORT_TYPE_CONTAINER_SCANNING,
+ REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
REPORT_TYPE_COVERAGE_FUZZING,
REPORT_TYPE_API_FUZZING,
REPORT_TYPE_LICENSE_COMPLIANCE,
@@ -46,6 +47,7 @@ export default {
[REPORT_TYPE_DAST_PROFILES]: Upgrade,
[REPORT_TYPE_DEPENDENCY_SCANNING]: Upgrade,
[REPORT_TYPE_CONTAINER_SCANNING]: Upgrade,
+ [REPORT_TYPE_CLUSTER_IMAGE_SCANNING]: Upgrade,
[REPORT_TYPE_COVERAGE_FUZZING]: Upgrade,
[REPORT_TYPE_API_FUZZING]: Upgrade,
[REPORT_TYPE_LICENSE_COMPLIANCE]: Upgrade,
diff --git a/app/assets/javascripts/security_configuration/components/constants.js b/app/assets/javascripts/security_configuration/components/constants.js
index f4e060fbcdc07..ea2053b3326cd 100644
--- a/app/assets/javascripts/security_configuration/components/constants.js
+++ b/app/assets/javascripts/security_configuration/components/constants.js
@@ -9,6 +9,7 @@ import {
REPORT_TYPE_SECRET_DETECTION,
REPORT_TYPE_DEPENDENCY_SCANNING,
REPORT_TYPE_CONTAINER_SCANNING,
+ REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
REPORT_TYPE_COVERAGE_FUZZING,
REPORT_TYPE_API_FUZZING,
REPORT_TYPE_LICENSE_COMPLIANCE,
@@ -76,6 +77,18 @@ export const CONTAINER_SCANNING_CONFIG_HELP_PATH = helpPagePath(
{ anchor: 'configuration' },
);
+export const CLUSTER_IMAGE_SCANNING_NAME = __('ciReport|Cluster Image Scanning');
+export const CLUSTER_IMAGE_SCANNING_DESCRIPTION = __(
+ 'Check your Kubernetes cluster images for known vulnerabilities.',
+);
+export const CLUSTER_IMAGE_SCANNING_HELP_PATH = helpPagePath(
+ 'user/application_security/cluster_image_scanning/index',
+);
+export const CLUSTER_IMAGE_SCANNING_CONFIG_HELP_PATH = helpPagePath(
+ 'user/application_security/cluster_image_scanning/index',
+ { anchor: 'configuration' },
+);
+
export const COVERAGE_FUZZING_NAME = __('Coverage Fuzzing');
export const COVERAGE_FUZZING_DESCRIPTION = __(
'Find bugs in your code with coverage-guided fuzzing.',
@@ -131,6 +144,12 @@ export const scanners = [
helpPath: CONTAINER_SCANNING_HELP_PATH,
type: REPORT_TYPE_CONTAINER_SCANNING,
},
+ {
+ name: CLUSTER_IMAGE_SCANNING_NAME,
+ description: CLUSTER_IMAGE_SCANNING_DESCRIPTION,
+ helpPath: CLUSTER_IMAGE_SCANNING_HELP_PATH,
+ type: REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
+ },
{
name: SECRET_DETECTION_NAME,
description: SECRET_DETECTION_DESCRIPTION,
@@ -203,6 +222,13 @@ export const securityFeatures = [
configurationHelpPath: CONTAINER_SCANNING_CONFIG_HELP_PATH,
type: REPORT_TYPE_CONTAINER_SCANNING,
},
+ {
+ name: CLUSTER_IMAGE_SCANNING_NAME,
+ description: CLUSTER_IMAGE_SCANNING_DESCRIPTION,
+ helpPath: CLUSTER_IMAGE_SCANNING_HELP_PATH,
+ configurationHelpPath: CLUSTER_IMAGE_SCANNING_CONFIG_HELP_PATH,
+ type: REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
+ },
{
name: SECRET_DETECTION_NAME,
description: SECRET_DETECTION_DESCRIPTION,
diff --git a/app/assets/javascripts/vue_shared/security_reports/constants.js b/app/assets/javascripts/vue_shared/security_reports/constants.js
index 1cdcf87097f1f..4a50dfbd82f05 100644
--- a/app/assets/javascripts/vue_shared/security_reports/constants.js
+++ b/app/assets/javascripts/vue_shared/security_reports/constants.js
@@ -22,6 +22,7 @@ export const REPORT_TYPE_DAST_PROFILES = 'dast_profiles';
export const REPORT_TYPE_SECRET_DETECTION = 'secret_detection';
export const REPORT_TYPE_DEPENDENCY_SCANNING = 'dependency_scanning';
export const REPORT_TYPE_CONTAINER_SCANNING = 'container_scanning';
+export const REPORT_TYPE_CLUSTER_IMAGE_SCANNING = 'cluster_image_scanning';
export const REPORT_TYPE_COVERAGE_FUZZING = 'coverage_fuzzing';
export const REPORT_TYPE_LICENSE_COMPLIANCE = 'license_scanning';
export const REPORT_TYPE_API_FUZZING = 'api_fuzzing';
diff --git a/ee/app/assets/javascripts/security_dashboard/components/project/project_vulnerabilities.vue b/ee/app/assets/javascripts/security_dashboard/components/project/project_vulnerabilities.vue
index da690ed3b12e9..8bd094cb503bb 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/project/project_vulnerabilities.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/project/project_vulnerabilities.vue
@@ -163,6 +163,7 @@ export default {
i18n: {
API_FUZZING: __('API Fuzzing'),
CONTAINER_SCANNING: __('Container Scanning'),
+ CLUSTER_IMAGE_SCANNING: __('ciReport|Cluster Image Scanning'),
COVERAGE_FUZZING: __('Coverage Fuzzing'),
SECRET_DETECTION: __('Secret Detection'),
DEPENDENCY_SCANNING: __('Dependency Scanning'),
diff --git a/ee/app/assets/javascripts/security_dashboard/store/constants.js b/ee/app/assets/javascripts/security_dashboard/store/constants.js
index 51329c748a36f..6f015835e6392 100644
--- a/ee/app/assets/javascripts/security_dashboard/store/constants.js
+++ b/ee/app/assets/javascripts/security_dashboard/store/constants.js
@@ -13,6 +13,7 @@ export const SEVERITY_LEVELS = {
export const REPORT_TYPES = {
container_scanning: s__('ciReport|Container Scanning'),
+ cluster_image_scanning: s__('ciReport|Cluster Image Scanning'),
dast: s__('ciReport|DAST'),
dependency_scanning: s__('ciReport|Dependency Scanning'),
sast: s__('ciReport|SAST'),
diff --git a/ee/spec/frontend/security_dashboard/components/shared/filters/scanner_filter_spec.js b/ee/spec/frontend/security_dashboard/components/shared/filters/scanner_filter_spec.js
index 0ffc325476cf7..832329f370c97 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/filters/scanner_filter_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/filters/scanner_filter_spec.js
@@ -26,13 +26,14 @@ const defaultScanners = [
createScannerConfig(DEFAULT_SCANNER, 'CONTAINER_SCANNING', 6),
createScannerConfig(DEFAULT_SCANNER, 'DAST', 7),
createScannerConfig(DEFAULT_SCANNER, 'DAST', 8),
+ createScannerConfig(DEFAULT_SCANNER, 'CLUSTER_IMAGE_SCANNING', 9),
];
const customScanners = [
...defaultScanners,
- createScannerConfig('Custom', 'SAST', 9),
createScannerConfig('Custom', 'SAST', 10),
- createScannerConfig('Custom', 'DAST', 11),
+ createScannerConfig('Custom', 'SAST', 11),
+ createScannerConfig('Custom', 'DAST', 12),
];
describe('Scanner Filter component', () => {
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 52229dc874979..5786f4a40ebee 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -6330,6 +6330,9 @@ msgstr ""
msgid "Check your Docker images for known vulnerabilities."
msgstr ""
+msgid "Check your Kubernetes cluster images for known vulnerabilities."
+msgstr ""
+
msgid "Check your source instance permissions."
msgstr ""
@@ -38305,6 +38308,9 @@ msgstr ""
msgid "ciReport|Checks"
msgstr ""
+msgid "ciReport|Cluster Image Scanning"
+msgstr ""
+
msgid "ciReport|Code quality"
msgstr ""
--
GitLab