add a data source to fetch xray scan results for an artifact

[matifali]

I want to fetch xray scan results of a docker artifact using the xray provider.

I am proposing having a data source with the name xray_artifact_scan in the form of,

data "xray_artifact_scan" "example" {
  artifact = "jfrog.example.com/docker-local/<NAMESPACE>/<IMAGE>:<TAG>"
}

output "image_vulnerabilities" {
  value = data.xray_artifact_scan.example.result
}

Here, data.xray_artifact_scan.example.result should have the form as returned by the following API endpoint to fetch vulnerabilities in an image. https://jfrog.com/help/r/xray-rest-apis/scans-list-get-artifacts.

{
    "data": [
        {
            "name": "bash_4.3-11+deb8u2_i386.deb",
            "repo_path": "/deb/bash_4.3-11+deb8u2_i386.deb",
            "package_id": "deb://bash",
            "version": "4.3-11+deb8u2",
            "sec_issues": {
                "high": 2,
                "low": 8,
                "medium": 3,
                "total": 13
            },
            "size": "1.13 MB",
            "violations": 0,
            "created": "2022-07-31T12:06:00+03:00",
            "deployed_by": "admin",
            "repo_full_path": "DEBs/deb/bash_4.3-11+deb8u2_i386.deb"
        }
    ],
    "offset": -1
}

[alexhung]

@matifali Thanks for the suggestion. I've added this to our road map.

[matifali]

@alexhung Thanks. Looking forward to it.

[matifali]

Thank you @alexhung. Could you give an example of how it can be used to only get vulnerabilities of a single artifact instead of all the artifacts in the repo?

Thanks :)

[alexhung]

@matifali For your use case, you should be able to find the artifact scan using the repo and repo_path attributes:

data "xray_artifacts_scan" "my_artifacts_scan" {
  repo = "docker-local"
  repo_path = "/<NAMESPACE>/<IMAGE>:<TAG>"
}

output "my_artifacts_scan" {
  value = data.xray_artifacts_scan.my_artifacts_scan.results[0]
}

[matifali]

Great thank you @alexhung