added necessary go.mod deps and added categories to vulnerabilities

Author: LiorAlafiArmo

containerscan/elasticadapters.go

@@ -26,8 +26,11 @@ func (scanresult *ScanResultReport) ToFlatVulnerabilities() []*ElasticContainerV
 			result.RelevantLinks = append(result.RelevantLinks, "https://nvd.nist.gov/vuln/detail/"+vul.Name)
 			result.RelevantLinks = append(result.RelevantLinks, vul.Link)
 			result.Vulnerability.Link = "https://nvd.nist.gov/vuln/detail/" + vul.Name
+
+			result.Categories.IsRCE = result.IsRCE()
 			vuls = append(vuls, result)
 			vul2indx[vul.Name] = len(vuls) - 1
+
 		}
 	}
 	// find first introduced

containerscan/rawdatastrucutres.go

@@ -27,22 +27,27 @@ type ScanResultLayer struct {
 	Packages        LinuxPkgs           `json:"packageToFile"`
 }
 
+type VulnerabilityCategory struct {
+	IsRCE bool `json:"isRce"`
+}
+
 // Vulnerability - a vul object
 type Vulnerability struct {
-	Name               string      `json:"name"`
-	ImgHash            string      `json:"imageHash"`
-	ImgTag             string      `json:"imageTag"`
-	RelatedPackageName string      `json:"packageName"`
-	PackageVersion     string      `json:"packageVersion"`
-	Link               string      `json:"link"`
-	Description        string      `json:"description"`
-	Severity           string      `json:"severity"`
-	Metadata           interface{} `json:"metadata"`
-	Fixes              VulFixes    `json:"fixedIn"`
-	Relevancy          string      `json:"relevant"` // use the related enum
-	UrgentCount        int         `json:"urgent"`
-	NeglectedCount     int         `json:"neglected"`
-	HealthStatus       string      `json:"healthStatus"`
+	Name               string                `json:"name"`
+	ImgHash            string                `json:"imageHash"`
+	ImgTag             string                `json:"imageTag"`
+	RelatedPackageName string                `json:"packageName"`
+	PackageVersion     string                `json:"packageVersion"`
+	Link               string                `json:"link"`
+	Description        string                `json:"description"`
+	Severity           string                `json:"severity"`
+	Metadata           interface{}           `json:"metadata"`
+	Fixes              VulFixes              `json:"fixedIn"`
+	Relevancy          string                `json:"relevant"` // use the related enum
+	UrgentCount        int                   `json:"urgent"`
+	NeglectedCount     int                   `json:"neglected"`
+	HealthStatus       string                `json:"healthStatus"`
+	Categories         VulnerabilityCategory `json:"categories"`
 }
 
 // FixedIn when and which pkg was fixed (which version as well)

go.mod

@@ -3,6 +3,25 @@ module github.com/armosec/cluster-container-scanner-api
 go 1.17
 
 require (
-	github.com/armosec/utils-k8s-go v0.0.1
+	github.com/armosec/utils-k8s-go v0.0.2
 	github.com/francoispqt/gojay v1.2.13
 )
+
+require (
+	github.com/armosec/utils-go v0.0.2 // indirect
+	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/glog v1.0.0 // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
+	golang.org/x/text v0.3.6 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/apimachinery v0.22.2 // indirect
+	k8s.io/klog/v2 v2.9.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
+)

go.sum

@@ -57,8 +57,8 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armosec/utils-go v0.0.2 h1:NSzLcWNI0GoJ8SS+cvaiOPD/raBkS0ghZ1639cCXhfU=
 github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
-github.com/armosec/utils-k8s-go v0.0.1 h1:Ay3y7fW+4+FjVc0+obOWm8YsnEvM31vPAVoKTyTAFRk=
-github.com/armosec/utils-k8s-go v0.0.1/go.mod h1:qrU4pmY2iZsOb39Eltpm0sTTNM3E4pmeyWx4dgDUC2U=
+github.com/armosec/utils-k8s-go v0.0.2 h1:PvG/yzkl3TS5n0LIoY68Dc/yL79xykz5HIjZUpP3BmQ=
+github.com/armosec/utils-k8s-go v0.0.2/go.mod h1:qrU4pmY2iZsOb39Eltpm0sTTNM3E4pmeyWx4dgDUC2U=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=