Skip to content

Commit 9ed3368

Browse files
author
sg
committed
fixup-modelscan
1 parent dad26e4 commit 9ed3368

File tree

3 files changed

+32
-15
lines changed

3 files changed

+32
-15
lines changed

components/producers/modelscan/main.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package main
33
import (
44
"encoding/json"
55
"log"
6+
"log/slog"
67

78
v1 "github.com/ocurity/dracon/api/proto/v1"
89

@@ -38,6 +39,7 @@ func main() {
3839

3940
func parseIssues(out *ModelScanOut) ([]*v1.Issue, error) {
4041
issues := []*v1.Issue{}
42+
slog.Info("found Critical issues", slog.Int("numCrit", len(out.IssuesBySeverity.Critical)))
4143
for _, crit := range out.IssuesBySeverity.Critical {
4244
issues = append(issues,
4345
&v1.Issue{
@@ -49,6 +51,7 @@ func parseIssues(out *ModelScanOut) ([]*v1.Issue, error) {
4951
Confidence: v1.Confidence_CONFIDENCE_UNSPECIFIED,
5052
})
5153
}
54+
slog.Info("found High issues", slog.Int("numHigh", len(out.IssuesBySeverity.High)))
5255
for _, crit := range out.IssuesBySeverity.High {
5356
issues = append(issues,
5457
&v1.Issue{
@@ -60,6 +63,7 @@ func parseIssues(out *ModelScanOut) ([]*v1.Issue, error) {
6063
Confidence: v1.Confidence_CONFIDENCE_UNSPECIFIED,
6164
})
6265
}
66+
slog.Info("found Medium issues", slog.Int("numMedium", len(out.IssuesBySeverity.Medium)))
6367
for _, crit := range out.IssuesBySeverity.Medium {
6468
issues = append(issues,
6569
&v1.Issue{
@@ -71,6 +75,7 @@ func parseIssues(out *ModelScanOut) ([]*v1.Issue, error) {
7175
Confidence: v1.Confidence_CONFIDENCE_UNSPECIFIED,
7276
})
7377
}
78+
slog.Info("found Low issues", slog.Int("numLow", len(out.IssuesBySeverity.Low)))
7479
for _, crit := range out.IssuesBySeverity.Low {
7580
issues = append(issues,
7681
&v1.Issue{

components/producers/modelscan/main_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,12 @@ const modelScanOut = `{
5151
"modelscan_version": "0.5.0",
5252
"timestamp": "2024-01-25T17:56:00.855056",
5353
"input_path": "/Users/mehrinkiani/Documents/modelscan/notebooks/XGBoostModels/unsafe_model.pkl",
54-
"total_issues": 1,
54+
"total_issues": 4,
5555
"summary": {
5656
"total_issues_by_severity": {
57-
"LOW": 0,
58-
"MEDIUM": 0,
59-
"HIGH": 0,
57+
"LOW": 1,
58+
"MEDIUM": 1,
59+
"HIGH": 1,
6060
"CRITICAL": 1
6161
}
6262
},

components/producers/modelscan/task.yaml

Lines changed: 23 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -20,34 +20,46 @@ spec:
2020
description: The workspace containing the source-code to scan.
2121
steps:
2222
- name: run-modelscan
23-
image: python:alpine
23+
image: python:3.11-alpine
24+
imagePullPolicy: Always
2425
script: |
25-
pip install 'modelscan[ tensorflow, h5py ]'
26-
modelscan \
27-
--path "$(workspaces.output.path)/source-code/$(params.producer-modelscan-relative-path-to-model)" \
28-
--reporting-format json \
29-
--output-file /scratch/out.json
26+
set -x
27+
set +e
28+
29+
pip install 'modelscan'
30+
modelscan --path "$(workspaces.output.path)/source-code/$(params.producer-modelscan-relative-path-to-model)" --reporting-format json --output-file /scratch/out.json
31+
32+
echo 'outfile:'
33+
cat /scratch/out.json
3034
3135
exitCode=$?
3236
if [[ $exitCode -eq 1 ]]; then
3337
echo "ModelScan found vulnerabilities"
3438
exit 0
35-
else if [[ $exitCode -eq 2 ]]; then
39+
elif [[ $exitCode -eq 2 ]]; then
3640
echo "ModelScan failed, error while scanning"
3741
exit $exitCode
38-
else if [[ $exitCode -eq 3 ]]; then
42+
elif [[ $exitCode -eq 3 ]]; then
3943
echo "ModelScan did not find any supported files while scanning"
4044
exit $exitCode
41-
else if [[ $exitCode -eq 4 ]]; then
45+
elif [[ $exitCode -eq 4 ]]; then
4246
echo "ModelScan encountered an error whle parsing CLI variables, the task definition has a bug"
4347
exit $exitCode
48+
elif [[ $exitCode -eq 0 ]]; then
49+
echo "ModelScan did not find any vulnerabilities"
50+
exit $exitCode
51+
else
52+
echo "Received unexpected exit code, exiting"
53+
exit $exitCode
4454
fi
4555
volumeMounts:
4656
- mountPath: /scratch
4757
name: scratch
4858
- name: produce-issues
49-
imagePullPolicy: IfNotPresent
50-
image: '{{ default "ghcr.io/ocurity/dracon" .Values.image.registry }}/components/producers/modelscan:{{ .Chart.AppVersion }}'
59+
imagePullPolicy: Always
60+
# image: '{{ default "ghcr.io/ocurity/dracon" .Values.image.registry }}/components/producers/modelscan:{{ .Chart.AppVersion }}'
61+
image: kind-registry:5000/components/producers/modelscan:v0.52.1-dad26e45-dirty
62+
5163
command: ["/app/components/producers/modelscan/modelscan-parser"]
5264
args:
5365
- "-in=/scratch/out.json"

0 commit comments

Comments
 (0)