removed SA_EMAIL

imgscan/README.md

@@ -2,9 +2,8 @@
 
 GAR Prerequisites:
 1. **REGISTRY**: Full registry path for GAR
-2. **SA_EMAIL**: [Service Account Email](../res/gcp-service-account.png)
-3. Service Account Json: File containing the creds
-4. **IMGSPEC**: Regular expression for images to scan/upload-results. E.g. `.*:latest` => scan all the images having `latest` tag. Sample image name:`us-east1-docker.pkg.dev/kube-airgapped/accuknox-onprem/nginx:foobar`
+1. **Service Account Json**: [File containing the creds](../res/gcp-service-account.png)
+1. **IMGSPEC**: Regular expression for images to scan/upload-results. E.g. `.*:latest` => scan all the images having `latest` tag. Sample image name:`us-east1-docker.pkg.dev/kube-airgapped/accuknox-onprem/nginx:foobar`
 
 AccuKnox Prerequisites:
 1. **LABEL**: [AccuKnox Label](https://help.accuknox.com/how-to/how-to-create-labels/)
@@ -16,7 +15,6 @@ Scan images with tags `foobar`.
 ```bash
 docker run -eIMGSPEC=".*:foobar$" \
            -eREGISTRY=us-east1-docker.pkg.dev/kube-airgapped/accuknox-onprem \
-           -e"SA_EMAIL=<service-account-email>" \
            -eLABEL=labeltmp \
            -eTENANT=4093 \
            -eTOKEN=<get token> \
@@ -33,7 +31,6 @@ pipeline {
     environment {
         SA_FILE = credentials('SA_FILE')
         TOKEN = credentials('TOKEN')
-        SA_EMAIL = credentials('SA_EMAIL')
     }
     stages {
         stage('Accuknox') {
@@ -44,7 +41,6 @@ pipeline {
                     sh '''
                     docker run -e IMGSPEC=".*:foobar$" \
                         -e REGISTRY=us-east1-docker.pkg.dev/kube-airgapped/accuknox-onprem \
-                        -e "[email protected]" \
                         -e LABEL=mylabel \
                         -e TENANT=4093 \
                         -e TOKEN=$TOKEN \

imgscan/imagescan.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
 
 SA_JSON="$(pwd)/service_account.json"
-[[ "$SA_EMAIL" == "" ]] && echo "SA_EMAIL / ServiceAccount Email not provided" && exit 1
 [[ "$AKURL" == "" ]] && echo "AKURL / Accuknox endpoint is not set" && exit 1
 [[ "$TENANT" == "" ]] && echo "TENANT / Tenant id is not set" && exit 1
 [[ "$LABEL" == "" ]] && echo "LABEL / Labels are not set" && exit 1
@@ -11,15 +10,21 @@ SA_JSON="$(pwd)/service_account.json"
 
 export GOOGLE_APPLICATION_CREDENTIALS=$SA_JSON
 
-#REGISTRY=${REGISTRY:-us-east1-docker.pkg.dev/kube-airgapped/accuknox-onprem}
-
-gcloud auth activate-service-account $SA_EMAIL --key-file=$SA_JSON
+gcloud auth activate-service-account --key-file=$SA_JSON
+[[ $? -ne 0 ]] && echo "gcloud auth failed ret=$?" && exit 2
 
+imgcnt=0
+imgscanned=0
+imgskip=0
 for img in `gcloud artifacts docker images list "$REGISTRY" --include-tags --format=json | jq -r '.[] | "\(.package):\(.tags[])"' 2>/dev/null`; do
-	[[ ! $img =~ $IMGSPEC ]] && echo -en "\nskipping image [$img] ...\n" && continue
+	((imgcnt++))
+	[[ ! $img =~ $IMGSPEC ]] && echo -en "\nskipping image [$img] ...\n" && ((imgskip++)) && continue
 	echo -en "\nscanning $img ...\n"
 	rm -f report.json 2>/dev/null
 	trivy image $img --format json --timeout 3600s -o report.json > report.log  2>&1
-	[[ ! -f "report.json" ]] && echo "image scanning failed $img" && continue
+	[[ ! -f "report.json" ]] && echo "image scanning failed $img" && cat report.log && continue
 	curl -L -X POST "https://$AKURL/api/v1/artifact/?tenant_id=$TENANT&data_type=TR&label_id=$LABEL&save_to_s3=false" -H "Tenant-Id: $TENANT" -H "Authorization: Bearer $TOKEN" --form 'file=@"./report.json"'
+	((imgscanned++))
 done
+echo -en "\nStats:\nTotal:$imgcnt\nScanned:$imgscanned\nSkipped:$imgskip\n"
+exit 0