github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/k8s/commands/resource.go (about) 1 package commands 2 3 import ( 4 "context" 5 "strings" 6 7 "golang.org/x/xerrors" 8 9 "github.com/aquasecurity/trivy-kubernetes/pkg/artifacts" 10 "github.com/aquasecurity/trivy-kubernetes/pkg/k8s" 11 "github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s" 12 "github.com/devseccon/trivy/pkg/flag" 13 "github.com/devseccon/trivy/pkg/log" 14 ) 15 16 // resourceRun runs scan on kubernetes cluster 17 func resourceRun(ctx context.Context, args []string, opts flag.Options, cluster k8s.Cluster) error { 18 kind, name, err := extractKindAndName(args) 19 if err != nil { 20 return err 21 } 22 23 runner := newRunner(opts, cluster.GetCurrentContext()) 24 25 var trivyk trivyk8s.TrivyK8S 26 27 trivyk = trivyk8s.New(cluster, log.Logger, trivyk8s.WithExcludeOwned(opts.ExcludeOwned)) 28 29 if opts.AllNamespaces { 30 trivyk = trivyk.AllNamespaces() 31 } else { 32 trivyk = trivyk.Namespace(getNamespace(opts, cluster.GetCurrentNamespace())) 33 } 34 35 if name == "" { // pods or configmaps etc 36 if err = validateReportArguments(opts); err != nil { 37 return err 38 } 39 40 targets, err := trivyk.Resources(kind).ListArtifacts(ctx) 41 if err != nil { 42 return err 43 } 44 45 return runner.run(ctx, targets) 46 } 47 48 // pod/NAME or pod NAME etc 49 artifact, err := trivyk.GetArtifact(ctx, kind, name) 50 if err != nil { 51 return err 52 } 53 54 return runner.run(ctx, []*artifacts.Artifact{artifact}) 55 } 56 57 func extractKindAndName(args []string) (string, string, error) { 58 switch len(args) { 59 case 1: 60 s := strings.Split(args[0], "/") 61 if len(s) != 2 { 62 return args[0], "", nil 63 } 64 65 return s[0], s[1], nil 66 case 2: 67 return args[0], args[1], nil 68 } 69 70 return "", "", xerrors.Errorf("can't parse arguments %v. Please run `trivy k8s` for usage.", args) 71 }