add publishedDate and lastModifiedDate fields in vulnerability report

undistro · Jan 10, 2024 · f23eb82 · f23eb82
1 parent b31c335
commit f23eb82
Show file tree

Hide file tree

Showing 7 changed files with 335 additions and 241 deletions.
diff --git a/api/zora/v1alpha1/vulnerabilityreport_types.go b/api/zora/v1alpha1/vulnerabilityreport_types.go
@@ -36,17 +36,19 @@ type VulnerabilityReportSpec struct {
 }
 
 type Vulnerability struct {
-	ID          string `json:"id"`
-	Severity    string `json:"severity"`
-	Title       string `json:"title"`
-	Description string `json:"description,omitempty"`
-	Package     string `json:"package"`
-	Version     string `json:"version"`
-	FixVersion  string `json:"fixVersion,omitempty"`
-	URL         string `json:"url,omitempty"`
-	Status      string `json:"status,omitempty"`
-	Type        string `json:"type,omitempty"`
-	Score       string `json:"score,omitempty"`
+	ID               string       `json:"id"`
+	Severity         string       `json:"severity"`
+	Title            string       `json:"title"`
+	Description      string       `json:"description,omitempty"`
+	Package          string       `json:"package"`
+	Version          string       `json:"version"`
+	FixVersion       string       `json:"fixVersion,omitempty"`
+	URL              string       `json:"url,omitempty"`
+	Status           string       `json:"status,omitempty"`
+	Type             string       `json:"type,omitempty"`
+	Score            string       `json:"score,omitempty"`
+	PublishedDate    *metav1.Time `json:"publishedDate,omitempty"`
+	LastModifiedDate *metav1.Time `json:"lastModifiedDate,omitempty"`
 }
 
 type Distro struct {

diff --git a/api/zora/v1alpha1/zz_generated.deepcopy.go b/api/zora/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/zora/crds/zora.undistro.io_vulnerabilityreports.yaml b/charts/zora/crds/zora.undistro.io_vulnerabilityreports.yaml
@@ -144,8 +144,14 @@ spec:
                       type: string
                     id:
                       type: string
+                    lastModifiedDate:
+                      format: date-time
+                      type: string
                     package:
                       type: string
+                    publishedDate:
+                      format: date-time
+                      type: string
                     score:
                       type: string
                     severity:

diff --git a/config/crd/bases/zora.undistro.io_vulnerabilityreports.yaml b/config/crd/bases/zora.undistro.io_vulnerabilityreports.yaml
@@ -130,8 +130,14 @@ spec:
                       type: string
                     id:
                       type: string
+                    lastModifiedDate:
+                      format: date-time
+                      type: string
                     package:
                       type: string
+                    publishedDate:
+                      format: date-time
+                      type: string
                     score:
                       type: string
                     severity:

diff --git a/pkg/worker/report/trivy/parse.go b/pkg/worker/report/trivy/parse.go
@@ -22,10 +22,12 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"time"
 
 	trivyreport "github.com/aquasecurity/trivy/pkg/k8s/report"
 	trivytypes "github.com/aquasecurity/trivy/pkg/types"
 	"github.com/go-logr/logr"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/undistro/zora/api/zora/v1alpha1"
 )
@@ -112,20 +114,29 @@ func newVulnerability(vuln trivytypes.DetectedVulnerability, ignoreDescription b
 	}
 
 	return v1alpha1.Vulnerability{
-		ID:          vuln.VulnerabilityID,
-		Severity:    vuln.Severity,
-		Title:       vuln.Title,
-		Description: description,
-		Package:     vuln.PkgName,
-		Version:     vuln.InstalledVersion,
-		FixVersion:  vuln.FixedVersion,
-		URL:         vuln.PrimaryURL,
-		Status:      vuln.Status.String(),
-		Score:       getScore(vuln),
-		Type:        t,
+		ID:               vuln.VulnerabilityID,
+		Severity:         vuln.Severity,
+		Title:            vuln.Title,
+		Description:      description,
+		Package:          vuln.PkgName,
+		Version:          vuln.InstalledVersion,
+		FixVersion:       vuln.FixedVersion,
+		URL:              vuln.PrimaryURL,
+		Status:           vuln.Status.String(),
+		Score:            getScore(vuln),
+		Type:             t,
+		PublishedDate:    parseTime(vuln.PublishedDate),
+		LastModifiedDate: parseTime(vuln.LastModifiedDate),
 	}
 }
 
+func parseTime(t *time.Time) *metav1.Time {
+	if t == nil {
+		return nil
+	}
+	return &metav1.Time{Time: *t}
+}
+
 func getScore(vuln trivytypes.DetectedVulnerability) string {
 	var vendor *float64
 	for id, cvss := range vuln.CVSS {