Add security-hub command

cmd/harbor/root/cmd.go

@@ -9,6 +9,7 @@ import (
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/registry"
 	repositry "github.com/goharbor/harbor-cli/cmd/harbor/root/repository"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/schedule"
+	"github.com/goharbor/harbor-cli/cmd/harbor/root/securityhub"
 	"github.com/goharbor/harbor-cli/cmd/harbor/root/user"
 	"github.com/goharbor/harbor-cli/pkg/utils"
 	"github.com/spf13/cobra"
@@ -69,6 +70,7 @@ harbor help
 		HealthCommand(),
 		schedule.Schedule(),
 		labels.Labels(),
+		securityhub.SecurityHub(),
 	)
 
 	return root

cmd/harbor/root/securityhub/cmd.go

@@ -0,0 +1,19 @@
+package securityhub
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func SecurityHub() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "security-hub",
+		Short:   "Security Hub for managing security vulnerability",
+		Long:    "Security Hub provides tools to manage, monitor, and remediate security issues in repositories",
+	}
+	cmd.AddCommand(
+		ListVulnerabilityCommand(),
+		SummaryVulnerabilityCommand(),
+	)
+
+	return cmd
+}

cmd/harbor/root/securityhub/list.go

@@ -0,0 +1,42 @@
+package securityhub
+
+import (
+	"github.com/goharbor/harbor-cli/pkg/api"
+	"github.com/goharbor/harbor-cli/pkg/utils"
+	"github.com/goharbor/harbor-cli/pkg/views/securityhub/list"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func ListVulnerabilityCommand() *cobra.Command {
+	var opts api.ListFlags
+
+	cmd := &cobra.Command{
+		Use:   "list",
+		Short: "Show all the vulnerability list",
+		Run: func(cmd *cobra.Command, args []string) {
+			vulnerability, err := api.ListVulnerability(opts)
+			if err != nil {
+				log.Fatalf("failed to get vulnerability list: %v", err)
+				return
+			}
+
+			FormatFlag := viper.GetString("output-format")
+			if FormatFlag != "" {
+				err = utils.PrintFormat(vulnerability, FormatFlag)
+				if err != nil {
+					log.Error(err)
+				}
+			} else {
+				list.ListVulnerability(vulnerability.Payload)
+			}
+		},
+	}
+
+	flags := cmd.Flags()
+	flags.Int64VarP(&opts.Page, "page", "", 1, "Page number")
+	flags.Int64VarP(&opts.PageSize, "page-size", "", 10, "Size of per page")
+
+	return cmd
+}

cmd/harbor/root/securityhub/summay.go

@@ -0,0 +1,106 @@
+package securityhub
+
+import (
+	"github.com/goharbor/harbor-cli/pkg/api"
+	"github.com/goharbor/harbor-cli/pkg/utils"
+	"github.com/goharbor/harbor-cli/pkg/views/securityhub/summary"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func SummaryVulnerabilityCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "summary",
+		Short: "The vulnerability summary of the system",
+	}
+
+	cmd.AddCommand(
+		totalVulnerabilities(),
+		MostDangerousArtifacts(),
+		MostDangerousCVE(),
+	)
+
+	return cmd
+}
+
+func totalVulnerabilities() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "total",
+		Short: "Total Vulnerabilities",
+		Args: cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			sum, err := api.GetTotalVulnerabilities(false, false)
+
+			if err != nil {
+				log.Fatalf("failed to get vulnerability summary: %v", err)
+				return
+			}
+			FormatFlag := viper.GetString("output-format")
+			if FormatFlag != "" {
+				err = utils.PrintFormat(sum, FormatFlag)
+				if err != nil {
+					log.Error(err)
+				}
+			} else {
+				summary.GetTotalVulnerability(sum.Payload)
+			}
+		},
+	}
+
+	return cmd
+}
+
+func MostDangerousArtifacts() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "artifact",
+		Short: "Top 5 Most Dangerous Artifacts",
+		Args: cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			sum, err := api.GetTotalVulnerabilities(true, false)
+
+			if err != nil {
+				log.Fatalf("failed to get most dangerous artifacts: %v", err)
+				return
+			}
+			FormatFlag := viper.GetString("output-format")
+			if FormatFlag != "" {
+				err = utils.PrintFormat(sum, FormatFlag)
+				if err != nil {
+					log.Error(err)
+				}
+			} else {
+				summary.ShowMostDangerousArtifacts(sum.Payload)
+			}
+		},
+	}
+
+	return cmd
+}
+
+func MostDangerousCVE() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "cvelist",
+		Short: "Top 5 Most Dangerous CVEs",
+		Args: cobra.NoArgs,
+		Run: func(cmd *cobra.Command, args []string) {
+			sum, err := api.GetTotalVulnerabilities(false, true)
+
+			if err != nil {
+				log.Fatalf("failed to get most dangerous cvelist: %v", err)
+				return
+			}
+			FormatFlag := viper.GetString("output-format")
+			if FormatFlag != "" {
+				err = utils.PrintFormat(sum, FormatFlag)
+				if err != nil {
+					log.Error(err)
+				}
+			} else {
+				summary.ShowMostDangerousCVE(sum.Payload)
+			}
+		},
+	}
+
+	return cmd
+}

pkg/api/securityhub_handler.go

@@ -0,0 +1,44 @@
+package api
+
+import (
+	"github.com/goharbor/go-client/pkg/sdk/v2.0/client/securityhub"
+	"github.com/goharbor/harbor-cli/pkg/utils"
+)
+
+func ListVulnerability(opts ...ListFlags) (*securityhub.ListVulnerabilitiesOK, error) {
+	ctx, client, err := utils.ContextWithClient()
+	if err != nil {
+		return &securityhub.ListVulnerabilitiesOK{}, err
+	}
+
+	var listFlags ListFlags
+	if len(opts) > 0 {
+		listFlags = opts[0]
+	}
+
+	response, err := client.Securityhub.ListVulnerabilities(ctx,
+		&securityhub.ListVulnerabilitiesParams{
+			Page:     &listFlags.Page,
+			PageSize: &listFlags.PageSize,
+		})
+	if err != nil {
+		return &securityhub.ListVulnerabilitiesOK{}, err
+	}
+	return response, nil
+}
+
+func GetTotalVulnerabilities(withArtifact, WithCVE bool) (*securityhub.GetSecuritySummaryOK, error) {
+	ctx, client, err := utils.ContextWithClient()
+	if err != nil {
+		return &securityhub.GetSecuritySummaryOK{}, err
+	}
+	response, err := client.Securityhub.GetSecuritySummary(ctx, &securityhub.GetSecuritySummaryParams{
+		WithDangerousArtifact: &withArtifact,
+		WithDangerousCVE:      &WithCVE,
+	})
+	if err != nil {
+		return &securityhub.GetSecuritySummaryOK{}, err
+	}
+
+	return response, nil
+}

pkg/views/securityhub/list/view.go

@@ -0,0 +1,52 @@
+package list
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/charmbracelet/bubbles/table"
+	tea "github.com/charmbracelet/bubbletea"
+	"github.com/goharbor/go-client/pkg/sdk/v2.0/models"
+	"github.com/goharbor/harbor-cli/pkg/views/base/tablelist"
+)
+
+var columns = []table.Column{
+	{Title: "CVE ID", Width: 15},
+	{Title: "Repository Name", Width: 20},
+	{Title: "Digest", Width: 20},
+	{Title: "Tags", Width: 12},
+	{Title: "CVSS3", Width: 5},
+	{Title: "Severity", Width: 10},
+	{Title: "Package", Width: 20},
+	{Title: "Current version", Width: 15},
+	{Title: "Fixed in version", Width: 20},
+}
+
+func ListVulnerability(vulnerability []*models.VulnerabilityItem) {
+	var rows []table.Row
+	for _, vul := range vulnerability {
+		var tags string
+		for tag := range vul.Tags {
+			fmt.Println(tag)
+		}
+		rows = append(rows, table.Row{
+			vul.CVEID,
+			vul.RepositoryName,
+			vul.Digest[:16],
+			tags,
+			fmt.Sprintf("%.1f", vul.CvssV3Score),
+			vul.Severity,
+			vul.Package,
+			vul.Version,
+			vul.FixedVersion,
+		})
+	}
+
+	m := tablelist.NewModel(columns, rows, len(rows))
+
+	if _, err := tea.NewProgram(m).Run(); err != nil {
+		fmt.Println("Error running program:", err)
+		os.Exit(1)
+	}
+}
+

pkg/views/securityhub/summary/view.go

@@ -0,0 +1,94 @@
+package summary
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/charmbracelet/bubbles/table"
+	tea "github.com/charmbracelet/bubbletea"
+	"github.com/goharbor/go-client/pkg/sdk/v2.0/models"
+	"github.com/goharbor/harbor-cli/pkg/views/base/tablelist"
+)
+
+var columns_total = []table.Column{
+	{Title: "Critical", Width: 10},
+	{Title: "High", Width: 10},
+	{Title: "Medium", Width: 10},
+	{Title: "Low", Width: 10},
+	{Title: "N/A", Width: 10},
+	{Title: "None", Width: 10},
+}
+
+func GetTotalVulnerability(item *models.SecuritySummary) {
+	var rows []table.Row
+	fmt.Printf("%d total with %d fixable\n", item.TotalVuls, item.FixableCnt)
+	rows = append(rows, table.Row{
+		fmt.Sprintf("%d", item.CriticalCnt),
+		fmt.Sprintf("%d", item.HighCnt),
+		fmt.Sprintf("%d", item.MediumCnt),
+		fmt.Sprintf("%d", item.LowCnt),
+		fmt.Sprintf("%d", item.UnknownCnt),
+		fmt.Sprintf("%d", item.NoneCnt),
+	})
+
+	m := tablelist.NewModel(columns_total, rows, len(rows)+1)
+
+	if _, err := tea.NewProgram(m).Run(); err != nil {
+		fmt.Println("Error running program:", err)
+		os.Exit(1)
+	}
+}
+
+var columns_artifact = []table.Column{
+	{Title: "Repository Name", Width: 15},
+	{Title: "Digest", Width: 15},
+	{Title: "Critical", Width: 10},
+	{Title: "High", Width: 10},
+	{Title: "Medium", Width: 10},
+}
+
+func ShowMostDangerousArtifacts(item *models.SecuritySummary) {
+	var rows []table.Row
+	for _, artifact := range item.DangerousArtifacts {
+		rows = append(rows, table.Row{
+			artifact.RepositoryName,
+			artifact.Digest[:16],
+			fmt.Sprintf("%d", item.CriticalCnt),
+			fmt.Sprintf("%d", item.HighCnt),
+			fmt.Sprintf("%d", item.MediumCnt),
+		})
+	}
+
+	m := tablelist.NewModel(columns_artifact, rows, len(rows)+1)
+
+	if _, err := tea.NewProgram(m).Run(); err != nil {
+		fmt.Println("Error running program:", err)
+		os.Exit(1)
+	}
+}
+
+var columns_cve = []table.Column{
+	{Title: "CVE ID", Width: 15},
+	{Title: "Severity", Width: 15},
+	{Title: "CVSS3", Width: 5},
+	{Title: "Package", Width: 15},
+}
+
+func ShowMostDangerousCVE(item *models.SecuritySummary) {
+	var rows []table.Row
+	for _, cve := range item.DangerousCves {
+		rows = append(rows, table.Row{
+			cve.CVEID,
+			cve.Severity,
+			fmt.Sprintf("%.1f", cve.CvssScoreV3),
+			cve.Package,
+		})
+	}
+
+	m := tablelist.NewModel(columns_cve, rows, len(rows)+1)
+
+	if _, err := tea.NewProgram(m).Run(); err != nil {
+		fmt.Println("Error running program:", err)
+		os.Exit(1)
+	}
+}