mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-07-25 04:17:50 +00:00
Limit the number of reported items
In some evironments, there may be a very large number of images, containers, etc not satisfying a given test. For example, in one environment, we saw *378k* images not satisfying 4.6, mostly because the customer was never cleaning up old images. To avoid overly long lists of items, add a new option "-n LIMIT" that limits the number of items included in JSON output. When the limit is reached, the list will be truncated and a trailing (truncated) will be added. Here's an example: ``` {"id": "5.9", "desc": "Ensure the host's network namespace is not shared", "result": "WARN", "details": "Containers running with networking mode 'host': k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0 k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0 (truncated)", "items": ["k8s_POD_storage-provisioner_kube-system_ef960ef5-62c5-11e9-802f-08002719228f_0","k8s_POD_kube-proxy-xfln8_kube-system_ee70c4c3-62c5-11e9-802f-08002719228f_0","(truncated)"]}, ``` Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
parent
41593e80d0
commit
4cfb58f675
2 changed files with 24 additions and 3 deletions
|
@ -55,13 +55,14 @@ usage () {
|
|||
-e CHECK optional Comma delimited list of specific check(s) to exclude
|
||||
-i INCLUDE optional Comma delimited list of patterns within a container or image name to check
|
||||
-x EXCLUDE optional Comma delimited list of patterns within a container or image name to exclude from check
|
||||
-n LIMIT optional In JSON output, when reporting lists of items (containers, images, etc.), limit the number of reported items to LIMIT. Default 0 (no limit).
|
||||
EOF
|
||||
}
|
||||
|
||||
# Get the flags
|
||||
# If you add an option here, please
|
||||
# remember to update usage() above.
|
||||
while getopts bhl:c:e:i:x:t: args
|
||||
while getopts bhl:c:e:i:x:t:n: args
|
||||
do
|
||||
case $args in
|
||||
b) nocolor="nocolor";;
|
||||
|
@ -71,6 +72,7 @@ do
|
|||
e) checkexclude="$OPTARG" ;;
|
||||
i) include="$OPTARG" ;;
|
||||
x) exclude="$OPTARG" ;;
|
||||
n) limit="$OPTARG" ;;
|
||||
*) usage; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
|
@ -79,6 +81,10 @@ if [ -z "$logger" ]; then
|
|||
logger="${myname}.log"
|
||||
fi
|
||||
|
||||
if [ -z "$limit" ]; then
|
||||
limit=0
|
||||
fi
|
||||
|
||||
# Load output formating
|
||||
. ./output_lib.sh
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue