Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Time until old results are resent is unclear #117

Open
lorsal opened this issue Apr 13, 2021 · 4 comments
Open

Time until old results are resent is unclear #117

lorsal opened this issue Apr 13, 2021 · 4 comments

Comments

@lorsal
Copy link

lorsal commented Apr 13, 2021

I have a question about resending scan results upon rescan of images where the findings remain unchanged.

I saw that in the cfg.yaml, it is possible to configure the Delete_Old_Data parameter in order to define how long scan information is persisted in the database. I assumed that means that the results of rescans (if unchanged) are not sent out to recipients for whatever amount of days is entered as the parameter.

However, this does not seem to be the case. Is there another parameter somewhere else that influences this timeframe?
I scanned the aquasec operator image repeatedly and it is entered into the database (see screenshot of bolt db mounted in container).
But the scan results are sent out anyway if the rescan is done after a certain amount of time (a few hours, so definitely less than the number of days defined in the cfg.yaml).
boltdb
@jerbia
Copy link
Contributor

jerbia commented Apr 13, 2021

Hi @lorsal
One of the configuration items in cfg.yaml is 'Policy-Show-All', which can be true or false. This setting is defined per target (e.g can be defined under the Email target or the JIRA target, or both).

If set to false (which is the default) then Postee will cache the scan results in its database and will not send to the target a rescan that has the exact same results.
It will sent to the target a rescan that has different results (and will actually specify in its message that scan results have changed from previous scan).

If set to true then Postee will sent to this target all the rescans, without suppressing scans of same results.

Currently there is no flag to suppress same scan results for a period of time.

Do you have a use case that such behavior is needed?

@lorsal
Copy link
Author

lorsal commented Apr 13, 2021

Hi @jerbia

Well, we thought ideally we could resend scan results that have not changed after two weeks as a reminder to the application scope owner, ideally with a "warning" message that they should update their image. And then shorten that reminder time frame, e.g. the next one comes after one week, then half a week etc... along those lines.

So then the Delete_Old_Data parameter does not really have any effect on whether or not an old result is resent, right? At least if the number of days specified is more than the time between rescans. But what is that result caching time, really just a few hours?

@jerbia
Copy link
Contributor

jerbia commented Apr 14, 2021

Got it.
In that case I would not count on the Delete_Old_Data flag, as it was built for a different purpose (making sure DB size does not grow infinity).

We can change the "Policy-Show-All" into a "scan-cache-period" parameter, where you can specify how long to cache the scan results. If 0, results are not cached. We can support xH (hours), xD (days) and xY (years).

Would that work?

@lorsal
Copy link
Author

lorsal commented Apr 15, 2021

Yes, that would be great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jerbia @lorsal