feat: add layered analysis support #7
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
airadier
previously approved these changes
Apr 22, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR introduces layered analysis support for container image scanning, enabling per-layer vulnerability reporting and enhanced diagnostics for Dockerfiles.
- Implements conversion from SysdigImageScannerReport to a new image scan result structure with per-layer details.
- Updates diagnostic functions and tests to account for individual layer vulnerabilities.
- Adds a new Dockerfile parser and updates docs and versioning to reflect these changes.
Reviewed Changes
Copilot reviewed 16 out of 17 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/infra/sysdig_image_scanner_result.rs | Adds conversion logic to include layer-based vulnerability information |
| src/infra/sysdig_image_scanner.rs | Simplifies scan_image using the new conversion, removing deprecated logic |
| src/infra/dockerfile_ast_parser.rs | Introduces a new Dockerfile parser to support detailed layered analysis |
| src/infra/docker_image_builder.rs | Cleans up commented-out logging code and uses a build_info variable for image IDs |
| src/app/image_scanner.rs | Updates ImageScanResult and related types to support a vector of vulnerabilities |
| src/app/commands.rs | Updates diagnostic reporting to include layered vulnerability details |
| docs/features/ and README.md | Updates documentation to include layered analysis support |
| Cargo.toml | Bumps version from 0.4.1 to 0.5.0 |
Files not reviewed (1)
- tests/fixtures/Dockerfile: Language not supported
Comment on lines
37
to
42
| let layers = layers_for_result(report.result.as_ref().unwrap()); | ||
|
|
||
| ImageScanResult { | ||
| vulnerabilities, | ||
| is_compliant, | ||
| layers: layers.unwrap_or_default(), |
There was a problem hiding this comment.
Using unwrap() here may lead to a panic if report.result is None. Consider handling the None case explicitly.
Suggested change
| let layers = layers_for_result(report.result.as_ref().unwrap()); | |
| ImageScanResult { | |
| vulnerabilities, | |
| is_compliant, | |
| layers: layers.unwrap_or_default(), | |
| let layers = report | |
| .result | |
| .as_ref() | |
| .and_then(|result| layers_for_result(result)) | |
| .unwrap_or_default(); | |
| ImageScanResult { | |
| vulnerabilities, | |
| is_compliant, | |
| layers, |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.