Log snyk stdout on error (#63)

* log snyk stdout as warning * set ctx with logger * bump chart version
equinor · Apr 18, 2024 · a903c70 · a903c70
1 parent 8718078
commit a903c70
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/charts/radix-vulnerability-scanner/Chart.yaml b/charts/radix-vulnerability-scanner/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 1.1.2
-version: 1.1.2
+appVersion: 1.1.3
+version: 1.1.3
 description: Scan images in RadixDeployments for vulnerabilities
 name: radix-vulnerability-scanner
diff --git a/pkg/scan/snyk.go b/pkg/scan/snyk.go
@@ -41,12 +41,13 @@ func NewSnykScanner(executor executor.Executor, opts ...SnykOption) *SnykScanner
 }
 
 func (s *SnykScanner) Scan(ctx context.Context, image string, dockerConfig dockercfg.Config) (*ScanResult, error) {
-
+	logger := log.Ctx(ctx).With().Str("pkg", "scan").Str("image", image).Logger()
+	ctx = logger.WithContext(ctx)
 	auths := append(s.commonDockerAuths, &dockerConfig)
 	var credArgs []string
 	// Try to get docker creds for image from common auths
 	for _, auth := range auths {
-		tmpCreds, err := s.getCredentialArgs(image, auth)
+		tmpCreds, err := s.getCredentialArgs(ctx, image, auth)
 		if err != nil {
 			return nil, err
 		}
@@ -64,17 +65,18 @@ func (s *SnykScanner) Scan(ctx context.Context, image string, dockerConfig docke
 		return nil
 	}
 
-	log.Ctx(ctx).Debug().Str("pkg", "scan").Str("image", image).Msg("scanning image")
+	logger.Debug().Msg("scanning image")
 	testArgs := []string{"container", "test", "--json", image}
 	var testArgsWithCreds []string
 	testArgsWithCreds = append(testArgsWithCreds, testArgs...)
 	testArgsWithCreds = append(testArgsWithCreds, credArgs...)
 	buf := &bytes.Buffer{}
 	err := scanFn(ctx, testArgsWithCreds, buf)
-	log.Trace().Str("pkg", "scan").Stringer("result", buf).Strs("args", testArgsWithCreds).Err(err).Msg("scan completed")
+	logger.Trace().Stringer("result", buf).Strs("args", testArgsWithCreds).Err(err).Msg("scan completed")
 
 	if err != nil {
 		if len(credArgs) == 0 {
+			logger.Warn().Stringer("stdout", buf).Msg("scan failed")
 			return nil, err
 		}
 
@@ -85,11 +87,12 @@ func (s *SnykScanner) Scan(ctx context.Context, image string, dockerConfig docke
 		// parameter contains invalid credentials for docker.io. Even if redis:latest is public, the invalid credentials
 		// from the `auths` parameter causes the scan to fail. We'll therefore try to do a second scan
 		// without supplying credential arguments
-		log.Ctx(ctx).Debug().Str("pkg", "scan").Str("image", image).Msg("scanning image again without creds")
+		logger.Debug().Msg("scanning image again without creds")
 		buf = &bytes.Buffer{}
 		err = scanFn(ctx, testArgs, buf)
-		log.Trace().Str("pkg", "scan").Stringer("result", buf).Strs("args", testArgsWithCreds).Err(err).Msg("retry scan completed")
+		logger.Trace().Stringer("result", buf).Strs("args", testArgsWithCreds).Err(err).Msg("retry scan completed")
 		if err != nil {
+			logger.Warn().Stringer("stdout", buf).Msg("scan failed")
 			return nil, err
 		}
 	}
@@ -102,8 +105,8 @@ func (s *SnykScanner) Scan(ctx context.Context, image string, dockerConfig docke
 	return &result, nil
 }
 
-func (s *SnykScanner) getCredentialArgs(image string, authProvider registry.AuthProvider) ([]string, error) {
-	auth, err := authProvider.GetAuth(context.Background(), image)
+func (s *SnykScanner) getCredentialArgs(ctx context.Context, image string, authProvider registry.AuthProvider) ([]string, error) {
+	auth, err := authProvider.GetAuth(ctx, image)
 	if err != nil {
 		return nil, err
 	}