aquasecurity · danielpacak · Jun 16, 2021 · Jun 16, 2021
diff --git a/cmd/scanner-aqua/main.go b/cmd/scanner-aqua/main.go
@@ -64,7 +64,7 @@ func run() error {
 
 // scan scans the specified image reference. Firstly, attempt to download a vulnerability
 // report with Aqua REST API call. If the report is not found, execute the `scannercli scan` command.
-func scan(opt options, imageRef string) (report v1alpha1.VulnerabilityScanResult, err error) {
+func scan(opt options, imageRef string) (report v1alpha1.VulnerabilityReportData, err error) {
 	clientset := client.NewClient(opt.baseURL, client.Authorization{
 		Basic: &opt.credentials,
 	})

diff --git a/itest/helper/helper.go b/itest/helper/helper.go
@@ -186,7 +186,7 @@ func (b *VulnerabilityReportBuilder) Build() *v1alpha1.VulnerabilityReport {
 				starboard.LabelResourceNamespace: b.namespace,
 			},
 		},
-		Report: v1alpha1.VulnerabilityScanResult{
+		Report: v1alpha1.VulnerabilityReportData{
 			UpdateTimestamp: metav1.NewTime(time.Now()),
 			Scanner:         trivyScanner,
 			Registry: v1alpha1.Registry{

diff --git a/itest/matcher/matcher_test.go b/itest/matcher/matcher_test.go
@@ -53,7 +53,7 @@ func TestVulnerabilityReportMatcher(t *testing.T) {
 					},
 				},
 			},
-			Report: v1alpha1.VulnerabilityScanResult{
+			Report: v1alpha1.VulnerabilityReportData{
 				Scanner: v1alpha1.Scanner{
 					Name:    "Trivy",
 					Vendor:  "Aqua Security",

diff --git a/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go b/pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go
@@ -65,14 +65,14 @@ type VulnerabilityReport struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Report VulnerabilityScanResult `json:"report"`
+	Report VulnerabilityReportData `json:"report"`
 }
 
-// VulnerabilityScanResult is the spec for the vulnerability scan result.
+// VulnerabilityReportData is the spec for the vulnerability scan result.
 //
 // The spec follows the Pluggable Scanners API defined for Harbor.
 // @see https://github.com/goharbor/pluggable-scanner-spec/blob/master/api/spec/scanner-adapter-openapi-v1.0.yaml
-type VulnerabilityScanResult struct {
+type VulnerabilityReportData struct {
 	UpdateTimestamp metav1.Time          `json:"updateTimestamp"`
 	Scanner         Scanner              `json:"scanner"`
 	Registry        Registry             `json:"registry"`

diff --git a/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/plugin/aqua/plugin.go b/pkg/plugin/aqua/plugin.go
@@ -180,8 +180,8 @@ func (s *plugin) newScanJobContainer(ctx starboard.PluginContext, podContainer c
 	}, nil
 }
 
-func (s *plugin) ParseVulnerabilityReportData(_ starboard.PluginContext, _ string, logsReader io.ReadCloser) (v1alpha1.VulnerabilityScanResult, error) {
-	var report v1alpha1.VulnerabilityScanResult
+func (s *plugin) ParseVulnerabilityReportData(_ starboard.PluginContext, _ string, logsReader io.ReadCloser) (v1alpha1.VulnerabilityReportData, error) {
+	var report v1alpha1.VulnerabilityReportData
 	err := json.NewDecoder(logsReader).Decode(&report)
 	return report, err
 }

diff --git a/pkg/plugin/aqua/scanner/api/scanner.go b/pkg/plugin/aqua/scanner/api/scanner.go
@@ -26,10 +26,10 @@ func NewScanner(version string, clientset client.Clientset) *Scanner {
 	}
 }
 
-func (s *Scanner) Scan(imageRef string) (v1alpha1.VulnerabilityScanResult, error) {
+func (s *Scanner) Scan(imageRef string) (v1alpha1.VulnerabilityReportData, error) {
 	registries, err := s.clientset.Registries().List()
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
 	var registryName string
@@ -49,18 +49,18 @@ func (s *Scanner) Scan(imageRef string) (v1alpha1.VulnerabilityScanResult, error
 
 	reference, err := name.ParseReference(imageRef)
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
 	vulnerabilities, err := s.clientset.Images().Vulnerabilities(registryName, reference.Context().RepositoryStr(), reference.Identifier())
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
 	return s.convert(reference, vulnerabilities)
 }
 
-func (s *Scanner) convert(ref name.Reference, response client.VulnerabilitiesResponse) (v1alpha1.VulnerabilityScanResult, error) {
+func (s *Scanner) convert(ref name.Reference, response client.VulnerabilitiesResponse) (v1alpha1.VulnerabilityReportData, error) {
 	items := make([]v1alpha1.Vulnerability, 0)
 
 	for _, result := range response.Results {
@@ -85,7 +85,7 @@ func (s *Scanner) convert(ref name.Reference, response client.VulnerabilitiesRes
 		artifact.Digest = t.DigestStr()
 	}
 
-	return v1alpha1.VulnerabilityScanResult{
+	return v1alpha1.VulnerabilityReportData{
 		UpdateTimestamp: metav1.NewTime(time.Now()),
 		Scanner: v1alpha1.Scanner{
 			Name:    "Aqua CSP",

diff --git a/pkg/plugin/aqua/scanner/cli/scanner.go b/pkg/plugin/aqua/scanner/cli/scanner.go
@@ -28,7 +28,7 @@ func NewScanner(version string, baseURL string, credentials client.UsernameAndPa
 	}
 }
 
-func (s *Scanner) Scan(imageRef string) (report v1alpha1.VulnerabilityScanResult, err error) {
+func (s *Scanner) Scan(imageRef string) (report v1alpha1.VulnerabilityReportData, err error) {
 	args := []string{
 		"scan",
 		"--checkonly",
@@ -57,7 +57,7 @@ func (s *Scanner) Scan(imageRef string) (report v1alpha1.VulnerabilityScanResult
 	return s.convert(imageRef, aquaReport)
 }
 
-func (s *Scanner) convert(imageRef string, aquaReport ScanReport) (report v1alpha1.VulnerabilityScanResult, err error) {
+func (s *Scanner) convert(imageRef string, aquaReport ScanReport) (report v1alpha1.VulnerabilityReportData, err error) {
 	items := make([]v1alpha1.Vulnerability, 0)
 
 	for _, resourceScan := range aquaReport.Resources {
@@ -98,7 +98,7 @@ func (s *Scanner) convert(imageRef string, aquaReport ScanReport) (report v1alph
 		artifact.Digest = t.DigestStr()
 	}
 
-	report = v1alpha1.VulnerabilityScanResult{
+	report = v1alpha1.VulnerabilityReportData{
 		UpdateTimestamp: metav1.NewTime(time.Now()),
 		Scanner: v1alpha1.Scanner{
 			Name:    "Aqua CSP",

diff --git a/pkg/plugin/trivy/plugin.go b/pkg/plugin/trivy/plugin.go
@@ -769,16 +769,16 @@ func (p *plugin) appendTrivyInsecureEnv(config Config, image string, env []corev
 	return env, nil
 }
 
-func (p *plugin) ParseVulnerabilityReportData(ctx starboard.PluginContext, imageRef string, logsReader io.ReadCloser) (v1alpha1.VulnerabilityScanResult, error) {
+func (p *plugin) ParseVulnerabilityReportData(ctx starboard.PluginContext, imageRef string, logsReader io.ReadCloser) (v1alpha1.VulnerabilityReportData, error) {
 	config, err := p.newConfigFrom(ctx)
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
 	var reports []ScanReport
 	err = json.NewDecoder(logsReader).Decode(&reports)
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 	vulnerabilities := make([]v1alpha1.Vulnerability, 0)
 
@@ -800,20 +800,20 @@ func (p *plugin) ParseVulnerabilityReportData(ctx starboard.PluginContext, image
 
 	registry, artifact, err := p.parseImageRef(imageRef)
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
 	trivyImageRef, err := config.GetImageRef()
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
 	version, err := starboard.GetVersionFromImageRef(trivyImageRef)
 	if err != nil {
-		return v1alpha1.VulnerabilityScanResult{}, err
+		return v1alpha1.VulnerabilityReportData{}, err
 	}
 
-	return v1alpha1.VulnerabilityScanResult{
+	return v1alpha1.VulnerabilityReportData{
 		UpdateTimestamp: metav1.NewTime(p.clock.Now()),
 		Scanner: v1alpha1.Scanner{
 			Name:    "Trivy",

diff --git a/pkg/plugin/trivy/plugin_test.go b/pkg/plugin/trivy/plugin_test.go
@@ -1582,7 +1582,7 @@ var (
 		]
 	}]`
 
-	sampleReport = v1alpha1.VulnerabilityScanResult{
+	sampleReport = v1alpha1.VulnerabilityReportData{
 		UpdateTimestamp: metav1.NewTime(fixedTime),
 		Scanner: v1alpha1.Scanner{
 			Name:    "Trivy",
@@ -1644,7 +1644,7 @@ func TestScanner_ParseVulnerabilityReportData(t *testing.T) {
 		imageRef       string
 		input          string
 		expectedError  error
-		expectedReport v1alpha1.VulnerabilityScanResult
+		expectedReport v1alpha1.VulnerabilityReportData
 	}{
 		{
 			name:           "Should convert vulnerability report in JSON format when input is quiet",
@@ -1658,7 +1658,7 @@ func TestScanner_ParseVulnerabilityReportData(t *testing.T) {
 			imageRef:      "core.harbor.domain/library/nginx@sha256:d20aa6d1cae56fd17cd458f4807e0de462caf2336f0b70b5eeb69fcaaf30dd9c",
 			input:         `null`,
 			expectedError: nil,
-			expectedReport: v1alpha1.VulnerabilityScanResult{
+			expectedReport: v1alpha1.VulnerabilityReportData{
 				UpdateTimestamp: metav1.NewTime(fixedTime),
 				Scanner: v1alpha1.Scanner{
 					Name:    "Trivy",

diff --git a/pkg/report/html.go b/pkg/report/html.go
@@ -43,7 +43,7 @@ func (h *workloadReporter) RetrieveData(workload kube.Object) (templates.Workloa
 		return templates.WorkloadReport{}, err
 	}
 
-	vulnsReports := map[string]v1alpha1.VulnerabilityScanResult{}
+	vulnsReports := map[string]v1alpha1.VulnerabilityReportData{}
 	for _, vulnerabilityReport := range vulnerabilityReports {
 		containerName, ok := vulnerabilityReport.Labels[starboard.LabelContainerName]
 		if !ok {

diff --git a/pkg/report/html_test.go b/pkg/report/html_test.go
@@ -19,7 +19,7 @@ func Test_topNVulnerabilitiesByScore(t *testing.T) {
 			name: "Should return top 5 vulnerabilities with count",
 			reports: []v1alpha1.VulnerabilityReport{
 				{
-					Report: v1alpha1.VulnerabilityScanResult{
+					Report: v1alpha1.VulnerabilityReportData{
 						Vulnerabilities: []v1alpha1.Vulnerability{
 							{
 								VulnerabilityID: "CVE-2019-1549",
@@ -43,7 +43,7 @@ func Test_topNVulnerabilitiesByScore(t *testing.T) {
 					},
 				},
 				{
-					Report: v1alpha1.VulnerabilityScanResult{
+					Report: v1alpha1.VulnerabilityReportData{
 						Vulnerabilities: []v1alpha1.Vulnerability{
 							{
 								VulnerabilityID: "CVE-2019-1548",
@@ -131,7 +131,7 @@ func Test_topNVulnerabilitiesByScore(t *testing.T) {
 			name: "Should return 2 vulnerabilities with count when some input has nil scores",
 			reports: []v1alpha1.VulnerabilityReport{
 				{
-					Report: v1alpha1.VulnerabilityScanResult{
+					Report: v1alpha1.VulnerabilityReportData{
 						Vulnerabilities: []v1alpha1.Vulnerability{
 							{
 								VulnerabilityID: "CVE-2019-1549",
@@ -155,7 +155,7 @@ func Test_topNVulnerabilitiesByScore(t *testing.T) {
 					},
 				},
 				{
-					Report: v1alpha1.VulnerabilityScanResult{
+					Report: v1alpha1.VulnerabilityReportData{
 						Vulnerabilities: []v1alpha1.Vulnerability{
 							{
 								VulnerabilityID: "CVE-2019-1548",

diff --git a/pkg/report/templates/types.go b/pkg/report/templates/types.go
@@ -14,7 +14,7 @@ type WorkloadReport struct {
 	GeneratedAt time.Time
 
 	// FIXME Do not use map as the order of iteration is unpredictable.
-	VulnsReports      map[string]v1alpha1.VulnerabilityScanResult
+	VulnsReports      map[string]v1alpha1.VulnerabilityReportData
 	ConfigAuditReport *v1alpha1.ConfigAuditReport
 }
 

diff --git a/pkg/vulnerabilityreport/builder.go b/pkg/vulnerabilityreport/builder.go
@@ -27,7 +27,7 @@ type ReportBuilder struct {
 	owner     metav1.Object
 	container string
 	hash      string
-	result    v1alpha1.VulnerabilityScanResult
+	data      v1alpha1.VulnerabilityReportData
 }
 
 func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder {
@@ -51,8 +51,8 @@ func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder {
 	return b
 }
 
-func (b *ReportBuilder) Data(result v1alpha1.VulnerabilityScanResult) *ReportBuilder {
-	b.result = result
+func (b *ReportBuilder) Data(data v1alpha1.VulnerabilityReportData) *ReportBuilder {
+	b.data = data
 	return b
 }
 
@@ -93,7 +93,7 @@ func (b *ReportBuilder) Get() (v1alpha1.VulnerabilityReport, error) {
 			Namespace: b.owner.GetNamespace(),
 			Labels:    labels,
 		},
-		Report: b.result,
+		Report: b.data,
 	}
 	err = controllerutil.SetControllerReference(b.owner, &report, b.scheme)
 	if err != nil {

diff --git a/pkg/vulnerabilityreport/builder_test.go b/pkg/vulnerabilityreport/builder_test.go
@@ -24,7 +24,7 @@ func TestBuilder(t *testing.T) {
 		}).
 		Container("my-container").
 		PodSpecHash("xyz").
-		Data(v1alpha1.VulnerabilityScanResult{}).
+		Data(v1alpha1.VulnerabilityReportData{}).
 		Get()
 
 	g.Expect(err).ToNot(gomega.HaveOccurred())
@@ -49,6 +49,6 @@ func TestBuilder(t *testing.T) {
 				starboard.LabelPodSpecHash:       "xyz",
 			},
 		},
-		Report: v1alpha1.VulnerabilityScanResult{},
+		Report: v1alpha1.VulnerabilityReportData{},
 	}))
 }
diff --git a/pkg/vulnerabilityreport/io_test.go b/pkg/vulnerabilityreport/io_test.go
@@ -213,7 +213,7 @@ func TestNewReadWriter(t *testing.T) {
 					starboard.LabelContainerName:     "my-container-01",
 				},
 			},
-			Report: v1alpha1.VulnerabilityScanResult{},
+			Report: v1alpha1.VulnerabilityReportData{},
 		}, &v1alpha1.VulnerabilityReport{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: "my-namespace",
@@ -225,7 +225,7 @@ func TestNewReadWriter(t *testing.T) {
 					starboard.LabelContainerName:     "my-container-02",
 				},
 			},
-			Report: v1alpha1.VulnerabilityScanResult{},
+			Report: v1alpha1.VulnerabilityReportData{},
 		}, &v1alpha1.VulnerabilityReport{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: "my-namespace",
@@ -237,7 +237,7 @@ func TestNewReadWriter(t *testing.T) {
 					starboard.LabelContainerName:     "my-sts-container",
 				},
 			},
-			Report: v1alpha1.VulnerabilityScanResult{},
+			Report: v1alpha1.VulnerabilityReportData{},
 		}).Build()
 
 		readWriter := vulnerabilityreport.NewReadWriter(client)