herve4m.quay.quay_vulnerability_info (1.2.0) — module

Install collection

Install with ansible-galaxy collection install herve4m.quay:==1.2.0

Add to requirements.yml

  collections:
    - name: herve4m.quay
      version: 1.2.0

Description

Gather information about the vulnerabilities of an image in a repository.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Retrieve the vulnerabilities of the coreos/dnsmasq:latest image
  herve4m.quay.quay_vulnerability_info:
    image: coreos/dnsmasq:latest
    quay_host: quay.io
  register: vuln

Inputs

    
image:
    description:
    - Name of the image. The format is C(namespace)/C(repository):C(tag) or C(namespace)/C(repository)@C(digest).
      The namespace can be an organization or a personal namespace.
    - If you omit the namespace part, then the module looks for the repository in your
      personal namespace.
    - If you omit the tag and the digest part, then C(latest) is assumed.
    required: true
    type: str

quay_host:
    default: http://127.0.0.1
    description:
    - URL for accessing the API. U(https://quay.example.com:8443) for example.
    - If you do not set the parameter, then the module uses the C(QUAY_HOST) environment
      variable.
    - If you do no set the environment variable either, then the module uses the U(http://127.0.0.1)
      URL.
    type: str

quay_token:
    description:
    - OAuth access token for authenticating against the API.
    - If you do not set the parameter, then the module tries the C(QUAY_TOKEN) environment
      variable.
    - Mutually exclusive with I(quay_username) and I(quay_password).
    type: str

quay_password:
    description:
    - The password to use for authenticating against the API.
    - If you do not set the parameter, then the module tries the C(QUAY_PASSWORD) environment
      variable.
    - If you set I(quay_password), then you also need to set I(quay_username).
    - Mutually exclusive with I(quay_token).
    type: str

quay_username:
    description:
    - The username to use for authenticating against the API.
    - If you do not set the parameter, then the module tries the C(QUAY_USERNAME) environment
      variable.
    - If you set I(quay_username), then you also need to set I(quay_password).
    - Mutually exclusive with I(quay_token).
    type: str

validate_certs:
    aliases:
    - verify_ssl
    default: true
    description:
    - Whether to allow insecure connections to the API.
    - If C(no), then the module does not validate SSL certificates.
    - If you do not set the parameter, then the module tries the C(QUAY_VERIFY_SSL) environment
      variable (C(yes), C(1), and C(True) mean yes, and C(no), C(0), C(False), and no
      value mean no).
    type: bool

Outputs

vulnerabilities:
  contains:
    Name:
      description: Name of the vulnerable software or package.
      returned: always
      sample: dnsmasq
      type: str
    Version:
      description: Version of the vulnerable software or package.
      returned: always
      sample: 2.76-r5
      type: str
    VersionFormat:
      description: Packaging format (C(rpm), C(dpkg), ...)
      returned: always
      sample: dpkg
      type: str
    Vulnerabilities:
      description: List of vulnerabilities for the software or package.
      elements: dict
      returned: always
      sample:
      - Description: null
        FixedBy: 2.76-r6
        Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15107
        Metadata:
          NVD:
            CVSSv2:
              PublishedDateTime: 2018-01-23T16:29Z
              Score: 5
              Vectors: AV:N/AC:L/Au:N/C:N/I:P/A:N
            CVSSv3:
              ExploitabilityScore: 3.9
              ImpactScore: 3.6
              Score: 7.5
              Vectors: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
        Name: CVE-2017-15107
        NamespaceName: alpine:v3.6
        Severity: Medium
      type: list
  description: List of vulnerabilities.
  elements: dict
  returned: always
  sample:
  - AddedBy: b95b...3753.d2943905-38bd-42ed-a468-d350d7aa5c86
    Name: python38-pip-wheel
    NamespaceName: centos:8
    Version: 19.3.1-1.module_el8.4.0+647+0ba99ce8
    VersionFormat: rpm
    Vulnerabilities:
    - Description: Python is an interpreted, interactive, ...
      FixedBy: 0:19.3.1-1.module+el8.4.0+8888+89bc7e79
      Link: https://access.redhat.com/errata/RHSA-2021:1879
      Metadata: null
      Name: RHSA-2021:1879
      NamespaceName: centos:8
      Severity: Medium
    - Description: Python is an interpreted, interactive, ...
      FixedBy: 0:19.3.1-1.module+el8.4.0+8888+89bc7e79
      Link: https://access.redhat.com/errata/RHSA-2021:2583
      Metadata: null
      Name: RHSA-2021:2583
      NamespaceName: centos:8
      Severity: Medium
  - AddedBy: b95b...3753.d2943905-38bd-42ed-a468-d350d7aa5c86
    Name: python38-libs
    NamespaceName: centos:8
    Version: 3.8.6-3.module_el8.4.0+665+abc3a503
    VersionFormat: rpm
    Vulnerabilities:
    - Description: Python is an interpreted, interactive, ...
      FixedBy: 0:3.8.6-3.module+el8.4.0+9579+e9717e18
      Link: https://access.redhat.com/errata/RHSA-2021:1879
      Metadata: null
      Name: RHSA-2021:1879
      NamespaceName: centos:8
      Severity: Medium
    - Description: Python is an interpreted, interactive, ...
      FixedBy: 0:3.8.6-3.module+el8.4.0+9579+e9717e18
      Link: https://access.redhat.com/errata/RHSA-2021:2583
      Metadata: null
      Name: RHSA-2021:2583
      NamespaceName: centos:8
      Severity: Medium
  type: list