swap result and resource

clihandler/initcliutils.go

@@ -11,8 +11,8 @@ import (
 	"github.com/armosec/kubescape/resourcehandler"
 	"github.com/armosec/kubescape/resultshandling/reporter"
 	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-
 	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
+
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/rbac-utils/rbacscanner"
 )

docs/proposals/container-image-vulnerability-adaptor.md

@@ -1,4 +1,4 @@
-# Container image vulnerabilty adaptor interface proposal
+# Container image vulnerability adaptor interface proposal
 
 ## Rationale
 
@@ -6,7 +6,7 @@ source #287
 
 ### Big picture
 
-* Kubescape team planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously effecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore the ability to get information from them is important.
+* Kubescape team is planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously effecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore the ability to get information from them is important.
 * There are information in the image repository which is important for existing controls as well. They are incomplete without it, example see this issue: Non-root containers check is broken #19 . These are not necessarily image vulnerability related. Can be information in the image manifest (like the issue before), but it can be the image BOM related.
 
 ### Relation to this proposal
@@ -114,4 +114,63 @@ type IContainerImageVulnerabilityAdaptor interface {
 
 	GetImagesInformation(imageIDs []ContainerImageIdentifier) ([]ContainerImageInformation, error)
 }
+```
+
+
+
+# Integration
+
+# Input
+
+The objects received from the interface will be converted to an Imetadata compatible objects as following
+
+```
+{
+    "apiVersion": "image.vulnscan.com/v1",
+    "kind": "VulnScan",
+    "metadata": {
+        "name": "nginx:latest"
+    },
+    "data": {
+        // returned by the adaptor API (structure like our backend gives for an image 
+    }
+}
+```
+
+
+# Output
+
+The rego results will be a combination of the k8s artifact and the list of relevant CVEs for the control
+
+```
+{
+    "apiVersion": "result.vulnscan.com/v1",
+    "kind": "Pod",
+    "metadata": {
+        "name": "nginx"
+    },
+    "relatedObjects": [
+        {
+            "apiVersion": "v1",
+            "kind": "Pod",
+            "metadata": {
+                "name": "nginx"
+            },
+            "spec": {
+                // podSpec
+            },
+        },
+        {
+            "apiVersion": "container.vulnscan.com/v1",
+            "kind": "VulnScan",
+            "metadata": {
+                "name": "nginx:latest",
+            },
+            "data": {
+                
+                // returned by the adaptor API (structure like our backend gives for an image  
+            }
+        }
+    ]
+}
 ```

resultshandling/reporter/v2/reporteventreceiver.go

@@ -78,27 +78,21 @@ func (report *ReportEventReceiver) prepareReport(postureReport *reporthandlingv2
 
 	reportCounter := 0
 
-	// send results
-	if err := report.sendResults(host, postureReport, &reportCounter); err != nil {
+	// send resources
+	if err := report.sendResources(host, postureReport, &reportCounter, false); err != nil {
 		return err
 	}
 	reportCounter++
 
-	// send resources
-	if err := report.sendResources(host, postureReport, &reportCounter); err != nil {
+	// send results
+	if err := report.sendResults(host, postureReport, &reportCounter, true); err != nil {
 		return err
 	}
-	// reportCounter++
-
-	// // send framework results
-	// if err := report.sendSummary(host, postureReport, &reportCounter); err != nil {
-	// 	return err
-	// }
 
 	return nil
 }
 
-func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int) error {
+func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
 	splittedPostureReport := setSubReport(postureReport)
 	counter := 0
 
@@ -127,10 +121,10 @@ func (report *ReportEventReceiver) sendResources(host string, postureReport *rep
 		splittedPostureReport.Resources = append(splittedPostureReport.Resources, v)
 	}
 
-	return report.sendReport(host, splittedPostureReport, *reportCounter, true)
+	return report.sendReport(host, splittedPostureReport, *reportCounter, isLastReport)
 }
 
-func (report *ReportEventReceiver) sendResults(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int) error {
+func (report *ReportEventReceiver) sendResults(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
 	splittedPostureReport := setSubReport(postureReport)
 	counter := 0
 
@@ -159,15 +153,9 @@ func (report *ReportEventReceiver) sendResults(host string, postureReport *repor
 		splittedPostureReport.Results = append(splittedPostureReport.Results, v)
 	}
 
-	return report.sendReport(host, splittedPostureReport, *reportCounter, false)
+	return report.sendReport(host, splittedPostureReport, *reportCounter, isLastReport)
 }
 
-func (report *ReportEventReceiver) sendSummary(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int) error {
-	splittedPostureReport := setSubReport(postureReport)
-	splittedPostureReport.SummaryDetails = postureReport.SummaryDetails
-
-	return report.sendReport(host, splittedPostureReport, *reportCounter, true)
-}
 func (report *ReportEventReceiver) sendReport(host string, postureReport *reporthandlingv2.PostureReport, counter int, isLastReport bool) error {
 	postureReport.PaginationInfo = reporthandlingv2.PaginationMarks{
 		ReportNumber: counter,