deckhouse · mvasl · Oct 14, 2024 · Oct 14, 2024
diff --git a/internal/mirror/cmd/vulndb/pull/pull.go b/internal/mirror/cmd/vulndb/pull/pull.go
@@ -106,6 +106,10 @@ func pull(_ *cobra.Command, _ []string) error {
  if err != nil {
  return fmt.Errorf("creating java db layout: %w", err)
  }
+ imageLayouts.TrivyChecks, err = layouts.CreateEmptyImageLayoutAtPath(filepath.Join(VulnerabilityDBPath, "trivy-checks"))
+ if err != nil {
+ return fmt.Errorf("creating java db layout: %w", err)
+ }
 
  if err := layouts.PullTrivyVulnerabilityDatabasesImages(pullContext, imageLayouts); err != nil {
  return fmt.Errorf("pull vulnerability databases: %w", err)

diff --git a/internal/mirror/cmd/vulndb/push/push.go b/internal/mirror/cmd/vulndb/push/push.go
@@ -93,6 +93,7 @@ func push(_ *cobra.Command, _ []string) error {
  path.Join(RegistryRepo, "security", "trivy-db"): filepath.Join(VulnerabilityDBPath, "trivy-db"),
  path.Join(RegistryRepo, "security", "trivy-bdu"): filepath.Join(VulnerabilityDBPath, "trivy-bdu"),
  path.Join(RegistryRepo, "security", "trivy-java-db"): filepath.Join(VulnerabilityDBPath, "trivy-java-db"),
+ path.Join(RegistryRepo, "security", "trivy-checks"): filepath.Join(VulnerabilityDBPath, "trivy-checks"),
  }
 
  repoCount := 0

diff --git a/pkg/libmirror/layouts/layouts.go b/pkg/libmirror/layouts/layouts.go
@@ -58,6 +58,8 @@ type ImageLayouts struct {
  TrivyBDUImages map[string]struct{}
  TrivyJavaDB layout.Path
  TrivyJavaDBImages map[string]struct{}
+ TrivyChecks layout.Path
+ TrivyChecksImages map[string]struct{}
 
  Modules map[string]ModuleImageLayout
 
@@ -90,6 +92,7 @@ func CreateOCIImageLayoutsForDeckhouse(
  &layouts.TrivyDB: filepath.Join(rootFolder, "security", "trivy-db"),
  &layouts.TrivyBDU: filepath.Join(rootFolder, "security", "trivy-bdu"),
  &layouts.TrivyJavaDB: filepath.Join(rootFolder, "security", "trivy-java-db"),
+ &layouts.TrivyChecks: filepath.Join(rootFolder, "security", "trivy-checks"),
  }
  for layoutPtr, fsPath := range fsPaths {
  *layoutPtr, err = CreateEmptyImageLayoutAtPath(fsPath)
@@ -183,6 +186,7 @@ func FillLayoutsWithBasicDeckhouseImages(
  mirrorCtx.DeckhouseRegistryRepo + "/security/trivy-db:2": {},
  mirrorCtx.DeckhouseRegistryRepo + "/security/trivy-bdu:1": {},
  mirrorCtx.DeckhouseRegistryRepo + "/security/trivy-java-db:1": {},
+ mirrorCtx.DeckhouseRegistryRepo + "/security/trivy-checks:0": {},
  }
 
  for _, version := range deckhouseVersions {

diff --git a/pkg/libmirror/layouts/pull.go b/pkg/libmirror/layouts/pull.go
@@ -127,6 +127,7 @@ func PullTrivyVulnerabilityDatabasesImages(
  layouts.TrivyDB: path.Join(pullCtx.DeckhouseRegistryRepo, "security", "trivy-db:2"),
  layouts.TrivyBDU: path.Join(pullCtx.DeckhouseRegistryRepo, "security", "trivy-bdu:1"),
  layouts.TrivyJavaDB: path.Join(pullCtx.DeckhouseRegistryRepo, "security", "trivy-java-db:1"),
+ layouts.TrivyChecks: path.Join(pullCtx.DeckhouseRegistryRepo, "security", "trivy-checks:0"),
  }
 
  for dbImageLayout, imageRef := range dbImages {

diff --git a/pkg/libmirror/layouts/pull_test.go b/pkg/libmirror/layouts/pull_test.go
@@ -49,6 +49,7 @@ func TestPullTrivyVulnerabilityDatabaseImageSuccessSkipTLS(t *testing.T) {
  deckhouseRepo + "/security/trivy-db:2",
  deckhouseRepo + "/security/trivy-bdu:1",
  deckhouseRepo + "/security/trivy-java-db:1",
+ deckhouseRepo + "/security/trivy-checks:0",
  }
 
  wantImages := make([]v1.Image, 0)
@@ -65,6 +66,7 @@ func TestPullTrivyVulnerabilityDatabaseImageSuccessSkipTLS(t *testing.T) {
  TrivyDB: createEmptyOCILayout(t),
  TrivyBDU: createEmptyOCILayout(t),
  TrivyJavaDB: createEmptyOCILayout(t),
+ TrivyChecks: createEmptyOCILayout(t),
  }
 
  err := PullTrivyVulnerabilityDatabasesImages(
@@ -102,6 +104,7 @@ func TestPullTrivyVulnerabilityDatabaseImageSuccessInsecure(t *testing.T) {
  deckhouseRepo + "/security/trivy-db:2",
  deckhouseRepo + "/security/trivy-bdu:1",
  deckhouseRepo + "/security/trivy-java-db:1",
+ deckhouseRepo + "/security/trivy-checks:0",
  }
 
  wantImages := make([]v1.Image, 0)
@@ -118,6 +121,7 @@ func TestPullTrivyVulnerabilityDatabaseImageSuccessInsecure(t *testing.T) {
  TrivyDB: createEmptyOCILayout(t),
  TrivyBDU: createEmptyOCILayout(t),
  TrivyJavaDB: createEmptyOCILayout(t),
+ TrivyChecks: createEmptyOCILayout(t),
  }
 
  err := PullTrivyVulnerabilityDatabasesImages(
@@ -153,6 +157,8 @@ func layoutByIndex(t *testing.T, layouts *ImageLayouts, idx int) layout.Path {
  return layouts.TrivyBDU
  case 2:
  return layouts.TrivyJavaDB
+ case 3:
+ return layouts.TrivyChecks
  default:
  t.Fatalf("Unexpected layout index, expected only [0-2], but got %d", idx)
  return ""

diff --git a/pkg/libmirror/operations/push.go b/pkg/libmirror/operations/push.go
@@ -103,6 +103,7 @@ func findLayoutsToPush(mirrorCtx *contexts.PushContext) (map[string]layout.Path,
  {"security", "trivy-db"},
  {"security", "trivy-bdu"},
  {"security", "trivy-java-db"},
+ {"security", "trivy-checks"},
  }
 
  for _, bundlePath := range bundlePaths {

diff --git a/testing/e2e/mirror/mirror_e2e_test.go b/testing/e2e/mirror/mirror_e2e_test.go
@@ -122,6 +122,7 @@ func createTrivyVulnerabilityDatabasesInRegistry(t *testing.T, repo string, inse
  repo + "/security/trivy-db:2",
  repo + "/security/trivy-bdu:1",
  repo + "/security/trivy-java-db:1",
+ repo + "/security/trivy-checks:0",
  }
 
  for _, image := range images {