From 8dd7a1f4f738b753824145261ef4e3033f74e60b Mon Sep 17 00:00:00 2001
From: Rory Stokes <contact@rorystok.es>
Date: Mon, 18 Jan 2021 12:29:53 +1030
Subject: [PATCH] Add vulnerability reporting scripts

---
 base-images        |  2 ++
 generate-report.sh | 63 ++++++++++++++++++++++++++++++++++++++++++++++
 list-images.sh     | 10 ++++++++
 operator-images    |  2 ++
 4 files changed, 77 insertions(+)
 create mode 100644 base-images
 create mode 100755 generate-report.sh
 create mode 100755 list-images.sh
 create mode 100644 operator-images

diff --git a/base-images b/base-images
new file mode 100644
index 0000000..f5e7285
--- /dev/null
+++ b/base-images
@@ -0,0 +1,2 @@
+lightbend/akka-base 2.0.19-cloudflow-akka-2.6.9-scala-2.12
+lightbend/flink 2.0.19-cloudflow-flink-1.10.0-scala-2.12
diff --git a/generate-report.sh b/generate-report.sh
new file mode 100755
index 0000000..4c2cae8
--- /dev/null
+++ b/generate-report.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+set -euo pipefail
+
+REPORT_NAME="$1"
+
+REPORT_PAYLOAD=$(mktemp /tmp/report-payload.json.XXXXXX)
+
+# Create report payload header
+cat > $REPORT_PAYLOAD << EOF
+{
+  "name": "${REPORT_NAME}",
+  "resources": {
+    "repositories": [
+      {
+        "name": "docker-local",
+        "include_path_patterns": [
+EOF
+
+# Tag and push the images to JFrog Artifactory for scanning
+while read IMAGE TAG; do
+    echo "Pushing $IMAGE:$TAG to JFrog Artifactory"
+    JFROG_IMAGE="${IMAGE//./-}"
+    docker pull "$IMAGE:$TAG"
+    docker tag "$IMAGE:$TAG" "lightbendcloudflow-docker-local.jfrog.io/$JFROG_IMAGE:$TAG"
+    docker push "lightbendcloudflow-docker-local.jfrog.io/$JFROG_IMAGE:$TAG"
+
+    # Add path pattern for image to report payload
+    echo "          \"/${JFROG_IMAGE}/${TAG}/*\"," >> $REPORT_PAYLOAD
+done
+
+# Remove the trailing comma from the last path pattern
+sed -i '$ s/.$//' $REPORT_PAYLOAD
+
+# Add report payload footer
+cat >> $REPORT_PAYLOAD << EOF
+        ]
+      }
+    ]
+  }
+}
+EOF
+
+# Wait for Artifactory to recognise any new images
+sleep 10
+
+echo ""
+echo "Final report payload:"
+cat $REPORT_PAYLOAD
+
+echo ""
+
+# Submit report for processing
+REPORT_ID=$(curl -s -H "Content-Type: application/json" -XPOST -d @$REPORT_PAYLOAD \
+    --user ${JFROG_USERNAME}:${JFROG_API_KEY} \
+    https://lightbendcloudflow.jfrog.io/xray/api/v1/reports/vulnerabilities |
+    grep -oP '(?<="report_id":)[0-9]+')
+
+
+echo "${REPORT_ID}"
+    
+rm $REPORT_PAYLOAD
+
+# echo "$IMAGES"
\ No newline at end of file
diff --git a/list-images.sh b/list-images.sh
new file mode 100755
index 0000000..a50a429
--- /dev/null
+++ b/list-images.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -euo pipefail
+
+for image in $(grep -oP '([a-zA-Z]+)(?=Image)' cloudflow-enterprise-components/values.yaml ); do
+    echo $(grep -oP "(?<=${image}Image: ).*" cloudflow-enterprise-components/values.yaml | tr -d "\"") \
+        $(grep -oP "(?<=${image}Version: ).*" cloudflow-enterprise-components/values.yaml | tr -d "\"")
+done
+
+echo $(grep -oP "(?<=image: ).*" cloudflow-enterprise-components/values.yaml | tr -d "\"") \
+    $(grep -oP "(?<=version: ).*" cloudflow-enterprise-components/values.yaml | tr -d "\"")
\ No newline at end of file
diff --git a/operator-images b/operator-images
new file mode 100644
index 0000000..b827e26
--- /dev/null
+++ b/operator-images
@@ -0,0 +1,2 @@
+lightbend/cloudflow-operator 2.0.19
+lightbend/flinkk8soperator v0.5.0