Temporary Fix docker images timeout issue (#4762)

* returned-the-old-way-of-handling-images

* introduced-additional-parameter

* amended-the-description

* amended-condition

cmd/whitesourceExecuteScan.go

@@ -200,10 +200,10 @@ func runWhitesourceScan(ctx context.Context, config *ScanOptions, scan *ws.Scan,
 	// Download Docker image for container scan
 	// ToDo: move it to improve testability
 	if config.BuildTool == "docker" {
-		if len(config.ScanImages) != 0 {
+		if len(config.ScanImages) != 0 && config.ActivateMultipleImagesScan {
 			for _, image := range config.ScanImages {
 				config.ScanImage = image
-				err := downloadDockerImageAsTar(config, utils)
+				err := downloadDockerImageAsTarNew(config, utils)
 				if err != nil {
 					return errors.Wrapf(err, "failed to download docker image")
 				}
@@ -1088,7 +1088,7 @@ func createToolRecordWhitesource(utils whitesourceUtils, workspace string, confi
 	return record.GetFileName(), nil
 }
 
-func downloadDockerImageAsTar(config *ScanOptions, utils whitesourceUtils) error {
+func downloadDockerImageAsTarNew(config *ScanOptions, utils whitesourceUtils) error {
 
 	imageNameToSave := strings.Replace(config.ScanImage, "/", "-", -1)
 
@@ -1113,3 +1113,27 @@ func downloadDockerImageAsTar(config *ScanOptions, utils whitesourceUtils) error
 
 	return nil
 }
+
+func downloadDockerImageAsTar(config *ScanOptions, utils whitesourceUtils) error {
+
+	saveImageOptions := containerSaveImageOptions{
+		ContainerImage:            config.ScanImage,
+		ContainerRegistryURL:      config.ScanImageRegistryURL,
+		ContainerRegistryUser:     config.ContainerRegistryUser,
+		ContainerRegistryPassword: config.ContainerRegistryPassword,
+		DockerConfigJSON:          config.DockerConfigJSON,
+		FilePath:                  config.ProjectName, // previously was config.ProjectName
+		ImageFormat:               "legacy",           // keep the image format legacy or whitesource is not able to read layers
+	}
+	dClientOptions := piperDocker.ClientOptions{ImageName: saveImageOptions.ContainerImage, RegistryURL: saveImageOptions.ContainerRegistryURL, LocalPath: "", ImageFormat: "legacy"}
+	dClient := &piperDocker.Client{}
+	dClient.SetOptions(dClientOptions)
+	if _, err := runContainerSaveImage(&saveImageOptions, &telemetry.CustomData{}, "./cache", "", dClient, utils); err != nil {
+		if strings.Contains(fmt.Sprint(err), "no image found") {
+			log.SetErrorCategory(log.ErrorConfiguration)
+		}
+		return errors.Wrapf(err, "failed to download Docker image %v", config.ScanImage)
+	}
+
+	return nil
+}

cmd/whitesourceExecuteScan_generated.go

@@ -56,6 +56,7 @@ type whitesourceExecuteScanOptions struct {
 	ScanImage                            string   `json:"scanImage,omitempty"`
 	ScanImages                           []string `json:"scanImages,omitempty"`
 	SkipParentProjectResolution          bool     `json:"skipParentProjectResolution,omitempty"`
+	ActivateMultipleImagesScan           bool     `json:"activateMultipleImagesScan,omitempty"`
 	ScanImageRegistryURL                 string   `json:"scanImageRegistryUrl,omitempty"`
 	SecurityVulnerabilities              bool     `json:"securityVulnerabilities,omitempty"`
 	ServiceURL                           string   `json:"serviceUrl,omitempty"`
@@ -353,6 +354,7 @@ func addWhitesourceExecuteScanFlags(cmd *cobra.Command, stepConfig *whitesourceE
 	cmd.Flags().StringVar(&stepConfig.ScanImage, "scanImage", os.Getenv("PIPER_scanImage"), "For `buildTool: docker`: Defines the docker image which should be scanned.")
 	cmd.Flags().StringSliceVar(&stepConfig.ScanImages, "scanImages", []string{}, "For `buildTool: docker`: Allowing to scan multiple docker images. In case parent project will not contain any dependecies, use skipParentProjectResolution parameter")
 	cmd.Flags().BoolVar(&stepConfig.SkipParentProjectResolution, "skipParentProjectResolution", false, "Parameter for multi-module, multi-images projects to skip the parent project resolution for reporing purpose Could be used if parent project is set as just a placeholder for scan and doesn't contain any dependencies.")
+	cmd.Flags().BoolVar(&stepConfig.ActivateMultipleImagesScan, "activateMultipleImagesScan", false, "Use this parameter to activate the scan of multiple images. Additionally you'll need to provide skipParentProjectResolution and scanImages parameters")
 	cmd.Flags().StringVar(&stepConfig.ScanImageRegistryURL, "scanImageRegistryUrl", os.Getenv("PIPER_scanImageRegistryUrl"), "For `buildTool: docker`: Defines the registry where the scanImage is located.")
 	cmd.Flags().BoolVar(&stepConfig.SecurityVulnerabilities, "securityVulnerabilities", true, "Whether security compliance is considered and reported as part of the assessment.")
 	cmd.Flags().StringVar(&stepConfig.ServiceURL, "serviceUrl", `https://saas.whitesourcesoftware.com/api`, "URL to the WhiteSource API endpoint.")
@@ -778,6 +780,15 @@ func whitesourceExecuteScanMetadata() config.StepData {
 						Aliases:     []config.Alias{},
 						Default:     false,
 					},
+					{
+						Name:        "activateMultipleImagesScan",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
+						Type:        "bool",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+						Default:     false,
+					},
 					{
 						Name: "scanImageRegistryUrl",
 						ResourceRef: []config.ResourceReference{

resources/metadata/whitesourceExecuteScan.yaml

@@ -396,6 +396,14 @@ spec:
           - STAGES
           - STEPS
         default: false
+      - name: activateMultipleImagesScan
+        type: bool
+        description: "Use this parameter to activate the scan of multiple images. Additionally you'll need to provide skipParentProjectResolution and scanImages parameters"
+        scope:
+          - PARAMETERS
+          - STAGES
+          - STEPS
+        default: false
       - name: scanImageRegistryUrl
         type: string
         description: "For `buildTool: docker`: Defines the registry where the scanImage is located."