Transform Trivy report into a ConsolidatedReport and process data
What does this MR do?
- Adds
data/kaspackage that contains theConsolidatedReportstruct. The struct and related functions are extracted from the gitlab-agent code. The code has been refactored so that it returnsprototool.Payloadwhich resembles the payload used for create-starboard-vulnerability API for KAS. Notice that the payload contains only thevulnerabilityand not the scanner information. That part will be filled in by the gitlab-agent. - Extends
kube/client.gowithPodControlledByBuiltInWorkloadfunctionality. Added respective mock. - Adds Trivy
report.goresponsible for reading the report and throwing an error if the size of the report is more than 100MB. - Adds
prototoolpackage that contains theprototool.Payload. Notice thatpayload.pb.gois autogenerated every time we changepayload.proto. - Adds
ConsolidatedReportConverterthat is responsible for:- Reading the Trivy report
- Transforming it to a
ConsolidatedReport - Transforming it to protobuffer format.
- Gzips the payload
- Base64 encode the payload
-
mainwas updated with all the payload transformation steps.
Why are we doing this?
The goal here is to minimise the size of the data we send through configmaps to the gitlab-agent OCS module. In order to do that instead of sending the Trivy report we extract the vulnerabilities that will be sent to KAS by the gitlab-agent using the create-starboard-vulnerability API. Then we transform it to protobuf format which reduces the size, we gzip it and finally we encode it in base64. This last step will increase the size but is required in order to store the data in a configmap.
What are the relevant issue numbers?
Overall design
gitlab-org&11968 (comment 1683845311)
Merging Order
Edited by Nick Ilieskou