Add flyctl support for scanning images with scantron

superfly / flyctl

Command line tools for fly.io services

https://fly.io

Apache License 2.0

1.42k stars 236 forks source link

Add flyctl support for scanning images with scantron #3725

Closed timflyio closed 2 months ago

timflyio commented 3 months ago

Change Summary

What and Why: Add support for fetching SBOMs and vuln scans from scantron and presenting them to the user. This allows users to quickly determine if they may be affected by security issues.

How: add new commands "scan sbom" and "scan vulns", which query scantron fro sboms and scan data, and present them to the user.

Related to: scantron

Documentation

[ ] Fresh Produce
[ ] In superfly/docs, or asked for help from docs team
[ ] n/a

btoews commented 2 months ago

One more thing I just noticed is that the registry returns the same response for

image digest doesn't exist
image repository doesn't exist
not authorized to access image

When scantron gets that response, it returns a 500. Flyctl should probably collect these errors and report them, but not fail the whole vulnsummary command.

btoews commented 2 months ago

I also got a 400 scanning another org with this log line in scantron

level=warning msg="bad digest" client="172.16.1.98:41518" error="unsupported digest algorithm: " method=GET path=//@