Update tests for 0.28.1 and convert to JSON (#126)

* Fix bug with test for securityChecks option which caused it to be skipped. * Convert tests to JSON output only, and update them for Trivy 0.28.1. * Update CI test to use Trivy 0.28.1.
aquasecurity · Jun 15, 2022 · 2b22459 · 2b22459
1 parent 4b3b5f9
commit 2b22459
Show file tree

Hide file tree

Showing 7 changed files with 2,923 additions and 226 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -1,7 +1,7 @@
 name: "build"
 on: [push, pull_request]
 env:
-  TRIVY_VERSION: 0.27.1
+  TRIVY_VERSION: 0.28.1
 jobs:
   build:
     name: build

diff --git a/test/data/config.test b/test/data/config.test
@@ -1,8 +1,56 @@
-+---------------------------+------------+-----------+----------+------------------------------------------+
-|           TYPE            | MISCONF ID |   CHECK   | SEVERITY |                 MESSAGE                  |
-+---------------------------+------------+-----------+----------+------------------------------------------+
-| Dockerfile Security Check |   DS002    | root user |   HIGH   | Specify at least 1 USER                  |
-|                           |            |           |          | command in Dockerfile with               |
-|                           |            |           |          | non-root user as argument                |
-|                           |            |           |          | -->avd.aquasec.com/appshield/ds002       |
-+---------------------------+------------+-----------+----------+------------------------------------------+
+{
+  "SchemaVersion": 2,
+  "ArtifactName": ".",
+  "ArtifactType": "filesystem",
+  "Metadata": {
+    "ImageConfig": {
+      "architecture": "",
+      "created": "0001-01-01T00:00:00Z",
+      "os": "",
+      "rootfs": {
+        "type": "",
+        "diff_ids": null
+      },
+      "config": {}
+    }
+  },
+  "Results": [
+    {
+      "Target": "Dockerfile",
+      "Class": "config",
+      "Type": "dockerfile",
+      "MisconfSummary": {
+        "Successes": 22,
+        "Failures": 1,
+        "Exceptions": 0
+      },
+      "Misconfigurations": [
+        {
+          "Type": "Dockerfile Security Check",
+          "ID": "DS002",
+          "Title": "Image user should not be 'root'",
+          "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
+          "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
+          "Namespace": "builtin.dockerfile.DS002",
+          "Query": "data.builtin.dockerfile.DS002.deny",
+          "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile",
+          "Severity": "HIGH",
+          "PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
+          "References": [
+            "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
+            "https://avd.aquasec.com/misconfig/ds002"
+          ],
+          "Status": "FAIL",
+          "Layer": {},
+          "CauseMetadata": {
+            "Provider": "Dockerfile",
+            "Service": "general",
+            "Code": {
+              "Lines": null
+            }
+          }
+        }
+      ]
+    }
+  ]
+}
diff --git a/test/data/fs-scheck.test b/test/data/fs-scheck.test
@@ -28,21 +28,27 @@
         {
           "Type": "Dockerfile Security Check",
           "ID": "DS002",
-          "Title": "root user",
+          "Title": "Image user should not be 'root'",
           "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
           "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
-          "Namespace": "appshield.dockerfile.DS002",
-          "Query": "data.appshield.dockerfile.DS002.deny",
+          "Namespace": "builtin.dockerfile.DS002",
+          "Query": "data.builtin.dockerfile.DS002.deny",
           "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile",
           "Severity": "HIGH",
-          "PrimaryURL": "https://avd.aquasec.com/appshield/ds002",
+          "PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
           "References": [
             "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
-            "https://avd.aquasec.com/appshield/ds002"
+            "https://avd.aquasec.com/misconfig/ds002"
           ],
           "Status": "FAIL",
           "Layer": {},
-          "IacMetadata": {}
+          "CauseMetadata": {
+            "Provider": "Dockerfile",
+            "Service": "general",
+            "Code": {
+              "Lines": null
+            }
+          }
         }
       ]
     }

diff --git a/test/data/image-sarif.test b/test/data/image-sarif.test
@@ -442,7 +442,7 @@
               }
             }
           ],
-          "version": "0.27.1"
+          "version": "0.28.1"
         }
       },
       "results": [
-Original file line number
+Diff line change
@@ Expand Up / @@ -442,7 +442,7 @@ @@
                   }
                 }
               ],
-              "version": "0.27.1"
+              "version": "0.28.1"
             }
           },
           "results": [
@@ Expand Down @@