Hello guys, I hope you all doing well and today I am going to share my code contribution of the 11th week of the GSoC program.
I have been working on documentation this week. I have added a guide about how to scan docker image with the CVE Binary Tool since a user has requested it and this will be super useful to devops guys. I have researched different ways to do this and I have mentioned two easy way to scan a docker image in the documentation:
cve-bin-toolinside a docker instance and scan the directory just how you would normally and export report to the host.
- Export directory you want to scan from container to host and scan it on the host.
Both of the above mentioned methods can help one to scan a docker image and one can choose one over another. Second method is comparatively easier than first but has overhead of copying all data from container to host while first method requires you to install cve-bin-tool in docker container which can take around 10 minutes.
I have also noticed that when directory we are scanning have multiple file contains same product, CVEScanner perform unnecessary database IO and It can be performance bottleneck. So, I have short-circuited the flow in case product has already been scanned. This will save us significant time introduced due to redundant work. I have also fixed filename generation bugs mentioned by Harmandeep Singh. I have also reviewed PR of other contributors.
I have some documentation part left to do and I am also going to improve tests for module I have created and will also go through entire code base and add appropriate comments and docstrings for new contributors in these last 2 weeks.