Skip to content

chore(scanner): refactor CVSS score mapping#12893

Merged
RTann merged 5 commits intomasterfrom
ross-refactor-scanner-cvss
Oct 4, 2024
Merged

chore(scanner): refactor CVSS score mapping#12893
RTann merged 5 commits intomasterfrom
ross-refactor-scanner-cvss

Conversation

@RTann
Copy link
Contributor

@RTann RTann commented Oct 3, 2024

Description

This makes changes to the CVSS score mapping in Scanner. This originally started when dealing with merge conflicts in #12452, but as I tried to resolve them, the changes became too much for that PR. So, I created this one.

This PR:

  • refactors the CVSS score processing by only attempting to compute the one related to the updater as well as NVD
  • Accounts for manual vulnerabilities getting CVSS scores from NVD (or other sources)
  • Simply uses the Severity we get from ClairCore. There is no real reason to change it (actually, the client currently never uses it, so we really don't need it at all)

User-facing documentation

  • CHANGELOG is updated OR update is not needed
  • documentation PR is not needed

Testing and quality

  • the change is production ready: the change is GA or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • modified existing tests

CI

@openshift-ci
Copy link

openshift-ci bot commented Oct 3, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@RTann RTann force-pushed the ross-refactor-scanner-cvss branch from 786b943 to 556a0eb Compare October 3, 2024 22:27
@RTann RTann marked this pull request as ready for review October 3, 2024 22:27
@RTann RTann requested a review from a team as a code owner October 3, 2024 22:27
@RTann RTann force-pushed the ross-refactor-scanner-cvss branch from 556a0eb to 0d7c9d8 Compare October 3, 2024 22:36
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Oct 3, 2024
edited
Loading

Images are ready for the commit at f1255d1.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.6.x-658-gf1255d16ef.

daynewlee
daynewlee reviewed Oct 3, 2024
View reviewed changes
daynewlee
daynewlee reviewed Oct 3, 2024
View reviewed changes
daynewlee
daynewlee approved these changes Oct 3, 2024
View reviewed changes
Copy link
Contributor

@daynewlee daynewlee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only some nits and question.
Should be good to go once all unit tests are passed.

@codecov
Copy link

codecov bot commented Oct 3, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 79.50820% with 25 lines in your changes missing coverage. Please review.

Project coverage is 48.23%. Comparing base (9d21f92) to head (f1255d1).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
pkg/scannerv4/mappers/mappers.go 79.50% 24 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12893      +/-   ##
==========================================
- Coverage   48.24%   48.23%   -0.02%     
==========================================
  Files        2441     2441              
  Lines      175630   175609      -21     
==========================================
- Hits        84739    84700      -39     
- Misses      84070    84084      +14     
- Partials     6821     6825       +4
Flag Coverage Δ
go-unit-tests 48.23% <79.50%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

dcaravel
dcaravel reviewed Oct 4, 2024
View reviewed changes
@RTann RTann force-pushed the ross-refactor-scanner-cvss branch from 1c82277 to 1f916c0 Compare October 4, 2024 01:29
@openshift-ci
Copy link

openshift-ci bot commented Oct 4, 2024

@RTann: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/gke-qa-e2e-tests 1f916c0 link false /test gke-qa-e2e-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@RTann RTann force-pushed the ross-refactor-scanner-cvss branch from 1f916c0 to 9f43cb5 Compare October 4, 2024 19:33
@RTann
Copy link
Contributor Author

RTann commented Oct 4, 2024

I'm going to merge once CI passes, but please feel free to leave more comments here or offline, and we can make a followup

@RTann RTann enabled auto-merge (squash) October 4, 2024 19:42
@RTann RTann force-pushed the ross-refactor-scanner-cvss branch from 9f43cb5 to f1255d1 Compare October 4, 2024 20:17
@RTann RTann merged commit 248bb34 into master Oct 4, 2024
@RTann RTann deleted the ross-refactor-scanner-cvss branch October 4, 2024 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daynewlee daynewlee daynewlee approved these changes

@dcaravel dcaravel dcaravel left review comments

@jvdm jvdm Awaiting requested review from jvdm

@BradLugo BradLugo Awaiting requested review from BradLugo

Assignees

No one assigned

Labels

area/scanner

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@RTann @rhacs-bot @daynewlee @dcaravel