[QUESTION] Does this support prisma cloud

Question

[QUESTION] Does this support prisma cloud

smartaquarius10 opened this issue 2 months ago · comments

Tanul Bhasin commented 2 months ago

What is your question?

Can we integrate this with twistcli. Many organisations use prisma cloud.

Any updates on this?

Sertaç Özercan · Answer 1 · Wed Apr 03 2024 02:04:05 GMT+0800 (China Standard Time)

@smartaquarius10 Yes, you can extend copa to support any scanner via plugins https://project-copacetic.github.io/copacetic/website/scanner-plugins
Please note that copa itself doesn't provide any built-in support for prisma. If you add a plugin to support prisma, we would love to feature in our docs.

In addition to this ,we are working on updating packages without scanners reports in #548

Closing this, please feel free to re-open if you have further questions.

Tanul Bhasin · Answer 2 · Wed Apr 03 2024 14:49:37 GMT+0800 (China Standard Time)

@sozercan Sure.. Will try working on it.. Will reach out to you if any help needed. Thanks.

Tanul Bhasin · Answer 3 · Fri Apr 05 2024 01:29:00 GMT+0800 (China Standard Time)

@sozercan

The Twistlock CLI is exclusively available for download from the Prisma Cloud Management Portal, which is only accessible to users with a valid license. It’s possible to write a go plugin to integrate it with Copacetic, however, I'm uncertain if that's permissible.

The crux of the issue is that the JSON report, which code processes, originates from a CLI tool which is downloaded from a licensed portal complicates matters.

I'm unsure where to find guidance on this.

Any suggestion. Or, do you have any prisma community portal details where such questions can be asked?

Sertaç Özercan · Answer 4 · Fri Apr 05 2024 02:06:36 GMT+0800 (China Standard Time)

Unfortunately, I don't have access to any paid/enterprise scanning solutions, and I can't comment on the licences for those.

In the next release, copa will be able to patch without scanner reports, that might make things easier for you. If you are interested in trying this out and can build from source, we have it merged to main branch for patching non-distroless images now. https://project-copacetic.github.io/copacetic/website/installation#development-setup

Tanul Bhasin · Answer 5 · Fri Apr 05 2024 02:38:00 GMT+0800 (China Standard Time)

@sozercan oh that’s great. Will try that one. But still, there must be some medium through which tool gets list of vulnerabilities internally. Are we only dependent on trivy then? Or, you are writing some custom code in copacetic to get list of vulnerabilities.

Sertaç Özercan · Answer 6 · Fri Apr 05 2024 02:50:19 GMT+0800 (China Standard Time)

@tanulbh no list of vulnerabilities needed, copa will upgrade all packages if no report and scanner is specified. since all packages is a superset of vuln packages, vulns should also be resolved.

if you want to constraint to vuln packages only, then you can use scanner reports, which is the behavior today. This will continue to be supported.

Tanul Bhasin · Answer 7 · Fri Apr 05 2024 03:01:20 GMT+0800 (China Standard Time)

@sozercan oh got it. Thank you so much.

A quick question. How/where to start to be a contributor in copacetic project. I am really interested to be part of this awesome initiative.

Tanul Bhasin · Answer 8 · Fri Apr 05 2024 03:03:01 GMT+0800 (China Standard Time)

@sozercan could you please guide me a little on this

Sertaç Özercan · Answer 9 · Fri Apr 05 2024 03:22:49 GMT+0800 (China Standard Time)

@tanulbh we would love you contributing! we have contributing guide here https://project-copacetic.github.io/copacetic/website/contributing doc has the community slack documented if you have any questions

Tanul Bhasin · Answer 10 · Fri Apr 05 2024 15:14:36 GMT+0800 (China Standard Time)

@sozercan Thanks for sharing. Will check that.