Have security scanner analyze only send notifications for *new* layers
Following this change, anytime a layer is indexed by the security scanner, we only send notifications out if the layer previously had a security_indexed_engine value of `-1`, thus ensuring it has *never* been indexed previously. This will allow us to change to version of the security scanner upwards, and have all the images be re-indexed, without firing off notifications in a spammy manner.
This commit is contained in:
Joseph Schorr
parent
5686c80af1
commit
624b2a8385
3 changed files with 53 additions and 5 deletions
|
|
@ -30,6 +30,10 @@ logger = logging.getLogger(__name__)
|
|||
|
||||
DEFAULT_DB_CONNECT_TIMEOUT = 10 # seconds
|
||||
|
||||
# IMAGE_NOT_SCANNED_ENGINE_VERSION is the version found in security_indexed_engine when the
|
||||
# image has not yet been scanned.
|
||||
IMAGE_NOT_SCANNED_ENGINE_VERSION = -1
|
||||
|
||||
_SCHEME_DRIVERS = {
|
||||
'mysql': MySQLDatabase,
|
||||
'mysql+pymysql': MySQLDatabase,
|
||||
|
|
@ -665,7 +669,7 @@ class Image(BaseModel):
|
|||
v1_checksum = CharField(null=True)
|
||||
|
||||
security_indexed = BooleanField(default=False, index=True)
|
||||
security_indexed_engine = IntegerField(default=-1, index=True)
|
||||
security_indexed_engine = IntegerField(default=IMAGE_NOT_SCANNED_ENGINE_VERSION, index=True)
|
||||
|
||||
# We use a proxy here instead of 'self' in order to disable the foreign key constraint
|
||||
parent = ForeignKeyField(_ImageProxy, null=True, related_name='children')
|
||||
|
|
|
|||
Reference in a new issue