github.com/khulnasoft/trivy@v0.48.1-0.20231207234930-27df843a75e0/integration/k8s_test.go (about) 1 //go:build k8s_integration 2 3 package integration 4 5 import ( 6 "encoding/json" 7 "os" 8 "path/filepath" 9 "testing" 10 11 cdx "github.com/CycloneDX/cyclonedx-go" 12 "github.com/khulnasoft/trivy/pkg/k8s/report" 13 "github.com/khulnasoft/trivy/pkg/types" 14 15 "github.com/samber/lo" 16 "github.com/stretchr/testify/assert" 17 "github.com/stretchr/testify/require" 18 ) 19 20 // Note: the test required k8s (kind) cluster installed. 21 // "mage test:k8s" will run this test. 22 23 func TestK8s(t *testing.T) { 24 t.Run("misconfig and vulnerability scan", func(t *testing.T) { 25 // Set up the output file 26 outputFile := filepath.Join(t.TempDir(), "output.json") 27 28 osArgs := []string{ 29 "k8s", 30 "cluster", 31 "--report", 32 "summary", 33 "-q", 34 "--timeout", 35 "5m0s", 36 "--format", 37 "json", 38 "--components", 39 "workload", 40 "--context", 41 "kind-kind-test", 42 "--output", 43 outputFile, 44 } 45 46 // Run Trivy 47 err := execute(osArgs) 48 require.NoError(t, err) 49 50 var got report.ConsolidatedReport 51 f, err := os.Open(outputFile) 52 require.NoError(t, err) 53 defer f.Close() 54 55 err = json.NewDecoder(f).Decode(&got) 56 require.NoError(t, err) 57 58 // Flatten findings 59 results := lo.FlatMap(got.Findings, func(resource report.Resource, _ int) []types.Result { 60 return resource.Results 61 }) 62 63 // Has vulnerabilities 64 assert.True(t, lo.SomeBy(results, func(r types.Result) bool { 65 return len(r.Vulnerabilities) > 0 66 })) 67 68 // Has misconfigurations 69 assert.True(t, lo.SomeBy(results, func(r types.Result) bool { 70 return len(r.Misconfigurations) > 0 71 })) 72 }) 73 t.Run("kbom cycloneDx", func(t *testing.T) { 74 // Set up the output file 75 outputFile := filepath.Join(t.TempDir(), "output.json") 76 osArgs := []string{ 77 "k8s", 78 "cluster", 79 "--format", 80 "cyclonedx", 81 "-q", 82 "--context", 83 "kind-kind-test", 84 "--output", 85 outputFile, 86 } 87 88 // Run Trivy 89 err := execute(osArgs) 90 require.NoError(t, err) 91 92 var got *cdx.BOM 93 f, err := os.Open(outputFile) 94 require.NoError(t, err) 95 defer f.Close() 96 97 err = json.NewDecoder(f).Decode(&got) 98 require.NoError(t, err) 99 100 assert.Equal(t, got.Metadata.Component.Name, "k8s.io/kubernetes") 101 assert.Equal(t, got.Metadata.Component.Type, cdx.ComponentType("platform")) 102 103 // Has components 104 assert.True(t, len(*got.Components) > 0) 105 106 // Has dependecies 107 assert.True(t, lo.SomeBy(*got.Dependencies, func(r cdx.Dependency) bool { 108 return len(*r.Dependencies) > 0 109 })) 110 111 }) 112 113 t.Run("specific resource scan", func(t *testing.T) { 114 // Set up the output file 115 outputFile := filepath.Join(t.TempDir(), "output.json") 116 117 osArgs := []string{ 118 "k8s", 119 "-n", 120 "default", 121 "deployments/nginx-deployment", 122 "-q", 123 "--timeout", 124 "5m0s", 125 "--format", 126 "json", 127 "--components", 128 "workload", 129 "--context", 130 "kind-kind-test", 131 "--output", 132 outputFile, 133 } 134 135 // Run Trivy 136 err := execute(osArgs) 137 require.NoError(t, err) 138 139 var got report.Report 140 f, err := os.Open(outputFile) 141 require.NoError(t, err) 142 defer f.Close() 143 144 err = json.NewDecoder(f).Decode(&got) 145 require.NoError(t, err) 146 147 // Flatten findings 148 results := lo.FlatMap(got.Resources, func(resource report.Resource, _ int) []types.Result { 149 return resource.Results 150 }) 151 152 // Has vulnerabilities 153 assert.True(t, lo.SomeBy(results, func(r types.Result) bool { 154 return len(r.Vulnerabilities) > 0 155 })) 156 }) 157 }