feat: support dockerfile base image vulnerability scan

xieshenzh commented 7 months ago

Support scanning base image in dockerfile

Jira: https://issues.redhat.com/browse/APPENG-2253

Changed the RHDA plugin to support IntelliJ 2022.1+, due to breaking changes to the Docker plugin which is required for dockerfile scanning.

xieshenzh commented 7 months ago

@zvigrinberg Could you please take a look at this PR for dockerfile base image scanning? Thanks.

This PR depends on the changes of https://github.com/RHEcosystemAppEng/exhort-java-api/pull/96

xieshenzh commented 7 months ago

@xieshenzh in Overall good job for what concern snyk token, let's either remove it completely ( as snyk integration is discontinued) , or just hide its label and text field ( there is a chance that there will be arrangement and agreement between us and snyk, so once it will happen, we can just toggle the two setVisible method' argument from false to true and that's it, rather than re-insert the code again , you call, either do that or keep snyk text field + label code aside in a topic branch in your fork or in the upstream repository , and in case snyk will do "comeback", then it will be easier to merge it instantly...

In addition, please let QE test this version according to the agreed scenarios , and once we get green light from them, and we removing either way the snyk token text field and label, we're good to go ( you just need to bump version of exhort-java-api to 0.0.7-SNAPSHOT after we'll merge exhort-java-api' Image scanning PR).

Thanks @zvigrinberg . I removed the code for snyk, the changes are in a separate commit. We can revert it if we want to support it again in the future.

zvigrinberg commented 7 months ago

@xieshenzh I Couldn't find any usages or references in this PR for the new EXHORT_SYFT_IMAGE_SOURCE property I Remember that i saw it before as a setting implemented as radiobutton that let the user selecting the image source container runtime cli tool. But maybe it exists and i just missed it.

xieshenzh commented 7 months ago

@xieshenzh I Couldn't find any usages or references in this PR for the new EXHORT_SYFT_IMAGE_SOURCE property I Remember that i saw it before as a setting implemented as radiobutton that let the user selecting the image source container runtime cli tool. But maybe it exists and i just missed it.

Hi @zvigrinberg ,

EXHORT_SYFT_IMAGE_SOURCE is used to specify the source from which Syft gets the images.

Originally, there are four values (radio buttons) for users to select in the plugin configuration:

registry: get image directly from remote registry
docker: get image from docker daemon offline
podman: get image from podman daemon offline
default: use docker, podman, and containerd daemons, if no success try the remote registry

Then I figured, the plugin always sends request to the exhort backend, it will not work offline. And the default option covers all the other three options. So I deleted this property, and simplified the plugin configuration. The plugin will always use the default option.

But this property still exists in the exhort-java-api, in case there are more scenarios to support in the future (e.g. read image from local disk).