feat(cve): cache trivy results for an image:tag (#1101)

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2024-12-30 22:34:13 -05:00 · 2023-01-17 23:14:17 +02:00 · 2023-01-17 23:14:17 +02:00 · 9f8bc60b20
commit 9f8bc60b20
parent eebc750367
3 changed files with 56 additions and 1 deletions
--- a/go.mod
+++ b/go.mod
@ -243,7 +243,7 @@ require (
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/golang-lru v0.5.4
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.10.1 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
--- a/pkg/extensions/search/cve/trivy/cache.go
+++ b/pkg/extensions/search/cve/trivy/cache.go
@ -0,0 +1,41 @@
 package trivy
 import (
 	lru "github.com/hashicorp/golang-lru"
 	cvemodel "zotregistry.io/zot/pkg/extensions/search/cve/model"
 	"zotregistry.io/zot/pkg/log"
 )
 type CveCache struct {
 	cache *lru.Cache
 	log   log.Logger
 }
 func NewCveCache(size int, log log.Logger) *CveCache {
 	cache, _ := lru.New(size)
 	return &CveCache{cache: cache, log: log}
 }
 func (cveCache *CveCache) Add(image string, cveMap map[string]cvemodel.CVE) {
 	cveCache.cache.Add(image, cveMap)
 }
 func (cveCache *CveCache) Get(image string) map[string]cvemodel.CVE {
 	value, ok := cveCache.cache.Get(image)
 	if !ok {
 		return nil
 	}
 	cveMap, ok := value.(map[string]cvemodel.CVE)
 	if !ok {
 		return nil
 	}
 	return cveMap
 }
 func (cveCache *CveCache) Purge() {
 	cveCache.cache.Purge()
 }
--- a/pkg/extensions/search/cve/trivy/scanner.go
+++ b/pkg/extensions/search/cve/trivy/scanner.go
@ -77,6 +77,7 @@ type Scanner struct {
 	storeController storage.StoreController
 	log             log.Logger
 	dbLock          *sync.Mutex
 	cache           *CveCache
 }
 func NewScanner(storeController storage.StoreController,
@ -114,6 +115,7 @@ func NewScanner(storeController storage.StoreController,
 		cveController:   cveController,
 		storeController: storeController,
 		dbLock:          &sync.Mutex{},
 		cache:           NewCveCache(10000, log), //nolint:gomnd
 	}
 }
@ -147,6 +149,10 @@ func (scanner Scanner) getTrivyContext(image string) *trivyCtx {
 }
 func (scanner Scanner) IsImageFormatScannable(image string) (bool, error) {
 	if scanner.cache.Get(image) != nil {
 		return true, nil
 	}
 	imageDir, inputTag := common.GetImageDirAndTag(image)
 	repoMeta, err := scanner.repoDB.GetRepoMeta(imageDir)
@ -194,6 +200,10 @@ func (scanner Scanner) IsImageFormatScannable(image string) (bool, error) {
 }
 func (scanner Scanner) ScanImage(image string) (map[string]cvemodel.CVE, error) {
 	if scanner.cache.Get(image) != nil {
 		return scanner.cache.Get(image), nil
 	}
 	cveidMap := make(map[string]cvemodel.CVE)
 	scanner.log.Debug().Str("image", image).Msg("scanning image")
@ -264,6 +274,8 @@ func (scanner Scanner) ScanImage(image string) (map[string]cvemodel.CVE, error)
 		}
 	}
 	scanner.cache.Add(image, cveidMap)
 	return cveidMap, nil
 }
@ -293,6 +305,8 @@ func (scanner Scanner) UpdateDB() error {
 		}
 	}
 	scanner.cache.Purge()
 	return nil
 }