Merge pull request #569 from armosec/removevulnscans

Disable vulnerability and relevancy scans in Helm configurations acro…
armosec · Jan 8, 2025 · e42ee52 · e42ee52
2 parents d9b6209 + 3208819
commit e42ee52
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 3 deletions.
diff --git a/tests_scripts/helm/base_network_policy.py b/tests_scripts/helm/base_network_policy.py
@@ -10,6 +10,11 @@ def __init__(self, test_obj=None, backend=None, kubernetes_obj=None, test_driver
         super(BaseNetworkPolicy, self).__init__(test_driver=test_driver, test_obj=test_obj, backend=backend,
                                                         kubernetes_obj=kubernetes_obj)
 
+        self.helm_kwargs = {
+            "capabilities.vulnerabilityScan": "disable",
+            "capabilities.relevancy": "disable"
+        }
+
     def validate_basic_metadata(self, actual_obj, expected_obj, namespace):
         """
         Validate basic metadata of the object

diff --git a/tests_scripts/helm/ks_microservice.py b/tests_scripts/helm/ks_microservice.py
@@ -445,6 +445,11 @@ def __init__(self, test_obj=None, backend=None, kubernetes_obj=None, test_driver
         super(ScanWithKubescapeAsServiceTest, self).__init__(test_obj=test_obj, backend=backend,
                                                              kubernetes_obj=kubernetes_obj, test_driver=test_driver)
 
+        self.helm_kwargs = {
+            "capabilities.vulnerabilityScan": "disable",
+            "capabilities.relevancy": "disable"
+        }
+
     def start(self):
         assert self.backend != None;
         f'the test {self.test_driver.test_name} must run with backend'
@@ -467,7 +472,7 @@ def start(self):
         # 2.1 add and update armo in repo
         self.add_and_upgrade_armo_to_repo()
         # 2.2 install armo helm-chart
-        self.install_armo_helm_chart()
+        self.install_armo_helm_chart(helm_kwargs=self.helm_kwargs)
         # 1.3 verify installation
         self.verify_running_pods(namespace=statics.CA_NAMESPACE_FROM_HELM_NAME, timeout=240)
 

diff --git a/tests_scripts/helm/network_policy.py b/tests_scripts/helm/network_policy.py
@@ -114,6 +114,9 @@ def start(self):
 
         helm_kwargs = self.test_obj.get_arg("helm_kwargs")
 
+        if self.helm_kwargs is not None:
+            helm_kwargs.update(self.helm_kwargs)
+
         Logger.logger.info('1. Install armo helm-chart')
         self.add_and_upgrade_armo_to_repo()
         self.install_armo_helm_chart(helm_kwargs=helm_kwargs)

diff --git a/tests_scripts/helm/smart_remediation.py b/tests_scripts/helm/smart_remediation.py
@@ -139,7 +139,8 @@ def __init__(
         )
 
         self.helm_kwargs = {
-            "capabilities.relevancy": "enable",
+            "capabilities.vulnerabilityScan": "disable",
+            "capabilities.relevancy": "disable",
             "capabilities.configurationScan": "enable",
             "capabilities.continuousScan": "disable",
             "capabilities.nodeScan": "disable",

diff --git a/tests_scripts/helm/vuln_scan.py b/tests_scripts/helm/vuln_scan.py
@@ -801,6 +801,12 @@ def __init__(self, test_obj=None, backend=None, kubernetes_obj=None, test_driver
         self.expected_layers = self.create_vulnerabilities_expected_results(
             expected_results=self.test_obj.kwargs['expected_layers'])
 
+        self.helm_kwargs = {
+            "capabilities.vulnerabilityScan": "disable",
+            "capabilities.relevancy": "disable"
+        }
+
+
     def start(self):
         # create registry scan cronjob and check
         # update both cronjob schedule and depth (in configmap)
@@ -811,7 +817,7 @@ def start(self):
             Logger.logger.info(f'using helm branch from test definition: {helm_branch}')
             self.helm_branch = helm_branch
 
-        cluster, namespace = self.setup_helm_chart()
+        cluster, namespace = self.setup_helm_chart(helm_kwargs=self.helm_kwargs)
         secret_data, registry = self.setup_phase(cluster, namespace)
         Logger.logger.info('applying registry secret')
         self.apply_registry_secret(secret_data)