Merge pull request #650 from secureCodeBox/tests/trivy-integration

nigthknight · web-flow · commit fda8e47293df · 2021-09-21T10:16:49.000+02:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -976,6 +976,19 @@ jobs:
           cd tests/integration/
           npx jest --ci --color scanner/sslyze.test.js
 
+      # ---- Trivy Integration Tests ----
+
+      - name: "trivy Integration Tests"
+        run: |
+          kubectl -n integration-tests delete scans --all
+          helm -n integration-tests install trivy ./scanners/trivy/  \
+            --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-trivy" \
+            --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
+            --set-string="parser.env[0].value=true"
+          cd tests/integration/
+          npx jest --ci --color scanner/trivy.test.js
+
       # ---- Typo3scan Integration Tests ----
 
       - name: "typo3scan Integration Tests"
diff --git a/tests/integration/scanner/trivy.test.js b/tests/integration/scanner/trivy.test.js
@@ -0,0 +1,42 @@
+// SPDX-FileCopyrightText: 2021 iteratec GmbH
+//
+// SPDX-License-Identifier: Apache-2.0
+
+const { scan } = require("../helpers");
+
+jest.retryTimes(3);
+
+test(
+  "trivy scans vulnerable juiceshop demo target",
+  async () => {
+    const { categories, severities, count } = await scan(
+      "trivy-juice-shop",
+      "trivy",
+      ["bkimminich/juice-shop:v10.2.0"],
+      90
+    );
+
+    expect(count).toBeGreaterThanOrEqual(134);
+    expect(categories["Image Vulnerability"]).toBeGreaterThanOrEqual(26);
+    expect(categories["NPM Package Vulnerability"]).toBeGreaterThanOrEqual(108);
+    expect(severities["high"]).toBeGreaterThanOrEqual(82);
+    expect(severities["medium"]).toBeGreaterThanOrEqual(47);
+    expect(severities["low"]).toBeGreaterThanOrEqual(5);
+  },
+  3 * 60 * 1000
+);
+
+test(
+  "Invalid argument should be marked as errored",
+  async () => {
+    await expect(
+      scan(
+        "trivy-invalidArg",
+        "trivy",
+        ["--invalidArg", "not/a-valid-image:v0.0.0"],
+        90
+      )
+    ).rejects.toThrow("HTTP request failed");
+  },
+  3 * 60 * 1000
+);
