From 09810f824c33adfe6bf2a6edb3c5bb3d87a44a37 Mon Sep 17 00:00:00 2001
From: Max Lerebourg <maxlerebourg@gmail.com>
Date: Wed, 15 Mar 2023 20:36:56 +0100
Subject: [PATCH 1/2] :sparkles: add optional kube

---
 README.md                      | 1 +
 internal/vuln/config.go        | 2 ++
 internal/vuln/daemon/daemon.go | 2 +-
 main.go                        | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e7997f2..067db1b 100644
--- a/README.md
+++ b/README.md
@@ -84,6 +84,7 @@ All parameters are cli-flags.
 | `github-app-id` | `false` | `""` | GitHub App-ID. |
 | `github-app-installation-id` | `false` | `""` | GitHub App-Installation-ID. |
 | `reports-dir` | `false` | `/reports` | Directory to place the reports. |
+| `provider` | `false` | `kubernetes` | Orchestrator that run the app. |
 
 
 The flags can be configured as args or as environment-variables prefixed with `VULN_` to inject sensitive configs as secret values.
diff --git a/internal/vuln/config.go b/internal/vuln/config.go
index 3bcc555..1f84311 100644
--- a/internal/vuln/config.go
+++ b/internal/vuln/config.go
@@ -21,6 +21,7 @@ type Config struct {
 	ReportsDir              string   `yaml:"reportsDir" env:"VULN_REPORTS_DIR" flag:"reports-dir"`
 	PodLabelSelector        string   `yaml:"podLabelSelector" env:"VULN_POD_LABEL_SELECTOR" flag:"pod-label-selector"`
 	NamespaceLabelSelector  string   `yaml:"namespaceLabelSelector" env:"VULN_NAMESPACE_LABEL_SELECTOR" flag:"namespace-label-selector"`
+	Provider                string   `yaml:"provider" env:"VULN_PROVIDER" flag:"provider"`
 	Verbosity               string   `env:"VULN_VERBOSITY" flag:"verbosity"`
 }
 
@@ -44,6 +45,7 @@ var (
 	ConfigKeyReportsDir              = "reports-dir"
 	ConfigKeyPodLabelSelector        = "pod-label-selector"
 	ConfigKeyNamespaceLabelSelector  = "namespace-label-selector"
+	ConfigKeyProvider                = "provider"
 
 	OperatorConfig *Config
 )
diff --git a/internal/vuln/daemon/daemon.go b/internal/vuln/daemon/daemon.go
index 2e7b002..a73e50a 100644
--- a/internal/vuln/daemon/daemon.go
+++ b/internal/vuln/daemon/daemon.go
@@ -82,7 +82,7 @@ func (c *CronService) runBackgroundService() {
 		vuln.OperatorConfig.FilterConfigFile,
 		vuln.OperatorConfig.MinSeverity,
 		vuln.OperatorConfig.OnlyFixed,
-		false)
+		vuln.OperatorConfig.Provider != "kubernetes")
 
 	if err != nil {
 		c.printNextExecution()
diff --git a/main.go b/main.go
index 9bfa4b7..2d9f06f 100644
--- a/main.go
+++ b/main.go
@@ -73,6 +73,7 @@ func newRootCmd() *cobra.Command {
 	rootCmd.PersistentFlags().String(vuln.ConfigKeyReportsDir, "/reports", "Directory to place the reports.")
 	rootCmd.PersistentFlags().String(vuln.ConfigKeyPodLabelSelector, "", "Kubernetes Label-Selector for pods.")
 	rootCmd.PersistentFlags().String(vuln.ConfigKeyNamespaceLabelSelector, "", "Kubernetes Label-Selector for namespaces.")
+	rootCmd.PersistentFlags().String(vuln.ConfigKeyProvider, "kubernetes", "Orchestrator which run the app (kubernetes).")
 
 	return rootCmd
 }

From dde8964df20bb111803733297e8972de43dfe21d Mon Sep 17 00:00:00 2001
From: Max Lerebourg <maxlerebourg@gmail.com>
Date: Thu, 16 Mar 2023 19:41:00 +0100
Subject: [PATCH 2/2] :bug: finish the job

---
 internal/vuln/daemon/daemon.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/internal/vuln/daemon/daemon.go b/internal/vuln/daemon/daemon.go
index a73e50a..5cd9c74 100644
--- a/internal/vuln/daemon/daemon.go
+++ b/internal/vuln/daemon/daemon.go
@@ -6,6 +6,7 @@ import (
 	"github.com/ckotzbauer/libstandard"
 	"github.com/ckotzbauer/vulnerability-operator/internal/vuln"
 	"github.com/ckotzbauer/vulnerability-operator/internal/vuln/grype"
+	"github.com/ckotzbauer/vulnerability-operator/internal/vuln/kubernetes"
 	"github.com/ckotzbauer/vulnerability-operator/internal/vuln/source"
 	"github.com/ckotzbauer/vulnerability-operator/internal/vuln/source/git"
 	"github.com/ckotzbauer/vulnerability-operator/internal/vuln/source/kubernetes"
@@ -76,13 +77,14 @@ func (c *CronService) runBackgroundService() {
 
 		scanItems = append(scanItems, s.LoadScanItems()...)
 	}
+  isKube := vuln.OperatorConfig.Provider == "kubernetes"
 
 	gr, err := grype.New(
 		vuln.OperatorConfig.GrypeConfigFile,
 		vuln.OperatorConfig.FilterConfigFile,
 		vuln.OperatorConfig.MinSeverity,
 		vuln.OperatorConfig.OnlyFixed,
-		vuln.OperatorConfig.Provider != "kubernetes")
+		!isKube)
 
 	if err != nil {
 		c.printNextExecution()
@@ -92,6 +94,10 @@ func (c *CronService) runBackgroundService() {
 
 	defer gr.Close()
 
+	if !isKube {
+		gr = *gr.WithTestContainer(&libk8s.ContainerInfo{})
+	}
+
 	scanResult := vuln.ScanResult{FoundVulnerabilities: []vuln.Vulnerability{}, AuditedVulnerabilities: []vuln.Vulnerability{}}
 
 	for _, scanItem := range scanItems {