Merge branch 'main' into ui-priority-scan-1592

.github/workflows/build-publish-binaries.yaml

@@ -0,0 +1,47 @@
+name: Build & Publish agent binaries
+
+on:
+  workflow_dispatch:
+    inputs:
+      ver:
+        description: "Binaries Version"
+        required: true
+        type: string
+
+env:
+  DF_BIN_VER: ${{ inputs.ver }}
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          aws-access-key-id: ${{secrets.AWS_KEY_ID}}
+          aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
+          aws-region: us-east-2
+
+      - name: Build agent binaries
+        run: |
+          make agent
+
+      - name: Extract agent binaries
+        run: |
+          mkdir -p /tmp/binaries/$DF_BIN_VER
+          cd /tmp/binaries/$DF_BIN_VER
+          id=$(docker create deepfenceio/deepfence_agent_ce:latest)
+          docker cp $id:/usr/local/bin/syft - > syft
+          docker cp $id:/home/deepfence/bin/yara-hunter/YaraHunter - > YaraHunter
+          docker cp $id:/home/deepfence/bin/secret-scanner/SecretScanner - > SecretScanner
+          docker cp $id:/usr/local/discovery/deepfence-discovery - > deepfence-discovery
+          docker cp $id:/opt/td-agent-bit/bin/fluent-bit - > fluent-bit
+          docker cp $id:/usr/local/bin/compliance_check/compliance - > compliance
+          docker rm -v $id
+
+      - name: Upload to S3
+        run: aws s3 sync /tmp/binaries s3://deepfence-tm-binaries

deepfence_agent/tools/apache/scope/probe/host/reporter.go

@@ -17,7 +17,7 @@ import (
 
 // Agent version to display in metadata
 var (
-	AgentVersionNo           = "v2.0.0"
+	AgentVersionNo           = "v2.0.1"
 	agentCommitID            = "Unknown"
 	agentBuildTime           = "0"
 	DockerSocketPath         = os.Getenv("DOCKER_SOCKET_PATH")

deepfence_bootstrapper/cgroups/cgroups.go

@@ -71,6 +71,9 @@ func LoadCgroup(name string, cpulimit int64, memlimit int64) error {
 			},
 		}
 		m, err := cgroup2.LoadSystemd("/", name+".slice")
+		if err != nil {
+			return err
+		}
 		err = m.Update(&res)
 		if err != nil {
 			// This hack is needed inside containers
@@ -106,9 +109,9 @@ func AttachProcessToCgroup(name string, pid int) error {
 
 func UnloadAll() {
 	for _, v := range cgroups1 {
-		v.Delete()
+		_ = v.Delete()
 	}
 	for _, m := range cgroups2 {
-		m.DeleteSystemd()
+		_ = m.DeleteSystemd()
 	}
 }

deepfence_bootstrapper/controls/controls.go

@@ -119,7 +119,10 @@ func SetAgentControls() {
 		func(req ctl.EnableAgentPluginRequest) error {
 			log.Info().Msg("Start & download Agent Plugin")
 			router.SetUpgrade()
-			supervisor.UpgradeProcess(req.PluginName, req.BinUrl)
+			err = supervisor.UpgradeProcess(req.PluginName, req.BinUrl)
+			if err != nil {
+				return err
+			}
 			return supervisor.StartProcess(req.PluginName)
 		})
 	if err != nil {
@@ -179,7 +182,7 @@ func SetAgentControls() {
 			var err error
 			if ok {
 				retVal := linuxScanner.StopScan(scanId)
-				if retVal == false {
+				if !retVal {
 					err = errors.New("Failed to stop scan")
 				}
 			} else {

deepfence_bootstrapper/controls/diagnostic_logs.go

@@ -23,18 +23,18 @@ func SendAgentDiagnosticLogs(req ctl.SendAgentDiagnosticLogsRequest, pathsToZip
 	fileName := "/tmp/" + req.FileName
 	err = utils.RecursiveZip(pathsToZip, excludePathPrefixes, fileName)
 	if err != nil {
-		publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, err.Error())
+		_ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, err.Error())
 		return err
 	}
 	defer os.RemoveAll(fileName)
 
 	resp, statusCode, err := utils.UploadFile(req.UploadURL, fileName)
 	if err != nil {
-		publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, err.Error())
+		_ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, err.Error())
 		return err
 	}
 	if statusCode != http.StatusOK {
-		publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, string(resp))
+		_ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, string(resp))
 		return errors.New(string(resp))
 	}
 

deepfence_bootstrapper/go.mod

@@ -1,6 +1,6 @@
 module github.com/deepfence/ThreatMapper/deepfence_bootstrapper
 
-go 1.20
+go 1.21
 
 replace github.com/deepfence/golang_deepfence_sdk/utils => ../golang_deepfence_sdk/utils/
 
@@ -13,7 +13,6 @@ replace github.com/deepfence/df-utils => ../deepfence_agent/tools/apache/deepfen
 replace github.com/deepfence/agent-plugins-grpc => ../deepfence_agent/plugins/agent-plugins-grpc
 
 require (
-	github.com/Jeffail/tunny v0.1.4
 	github.com/abrander/go-supervisord v0.0.0-20210517172913-a5469a4c50e2
 	github.com/containerd/cgroups/v3 v3.0.2
 	github.com/deepfence/ThreatMapper/deepfence_utils v0.0.0-00010101000000-000000000000

deepfence_bootstrapper/go.sum

@@ -6,8 +6,6 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7O
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/Jeffail/tunny v0.1.4 h1:chtpdz+nUtaYQeCKlNBg6GycFF/kGVHOr6A3cmzTJXs=
-github.com/Jeffail/tunny v0.1.4/go.mod h1:P8xAx4XQl0xsuhjX1DtfaMDCSuavzdb2rwbd0lk+fvo=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/NYTimes/gziphandler v1.0.2-0.20180227021810-5032c8878b9d/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
@@ -71,6 +69,7 @@ github.com/evanphx/json-patch v0.0.0-20170719203123-944e07253867/go.mod h1:50XU6
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fluent/fluent-logger-golang v1.5.0/go.mod h1:2/HCT/jTy78yGyeNGQLGQsjF3zzzAuy6Xlk6FCMV5eU=
 github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss=
+github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsouza/go-dockerclient v1.3.0/go.mod h1:IN9UPc4/w7cXiARH2Yg99XxUHbAM+6rAi9hzBVbkWRU=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
@@ -111,6 +110,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -167,10 +167,12 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
 github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
@@ -251,6 +253,7 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/richo/GOSHOUT v0.0.0-20210103052837-9a2e452d4c18/go.mod h1:MSTsYcO3SGF1j/eewqZORAzbp3BUbisi2094EDP3+To=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.30.0 h1:SymVODrcRsaRaSInD9yQtKbtWqwsfoPcRff/oRXLj4c=
 github.com/rs/zerolog v1.30.0/go.mod h1:/tk+P47gFdPXq4QYjvCmT5/Gsug2nagsFWBWhAiSi1w=
@@ -269,6 +272,7 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd
 github.com/spf13/cobra v0.0.0-20151013225139-8b2293c74173/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -319,6 +323,7 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
+go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -445,6 +450,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
@@ -465,6 +471,7 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.0.0-20181204000039-89a74a8d264d/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA=
 k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo=
@@ -489,3 +496,4 @@ sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kF
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

deepfence_bootstrapper/main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	_ "embed"
 	"errors"
 	"os"
@@ -57,6 +58,9 @@ func main() {
 	log.Info().Msgf("version: %s", Version)
 	log.Info().Msg("Starting bootstrapper")
 
+	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
+	defer cancel()
+
 	var cfg config.Config
 	var err error
 	if enable_cluster_discovery {
@@ -67,11 +71,11 @@ func main() {
 	if err != nil {
 		log.Fatal().Msgf("%v", err)
 	}
-	c := make(chan os.Signal, 2)
-	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
 
-	cc := make(chan struct{})
-	server.StartRPCServer("/tmp/deepfence_boot.sock", cc)
+	err = server.StartRPCServer(ctx, "/tmp/deepfence_boot.sock")
+	if err != nil {
+		log.Fatal().Msgf("%v", err)
+	}
 
 	if !enable_cluster_discovery {
 		for _, entry := range cfg.Cgroups {
@@ -137,18 +141,8 @@ func main() {
 	}
 
 	log.Info().Msg("Everything is up")
-loop:
-	for {
-		select {
-		case <-c:
-			select {
-			case cc <- struct{}{}:
-			default:
-			}
-			break loop
-		}
-	}
-
+	<-ctx.Done()
+	log.Info().Msgf("Signal received, wrapping up: %v", ctx.Err())
 	cgroups.UnloadAll()
 	os.Exit(0)
 

deepfence_bootstrapper/router/malware_scanner.go

@@ -7,15 +7,12 @@ import (
 
 	pb "github.com/deepfence/agent-plugins-grpc/srcgo"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 
 	ctl "github.com/deepfence/ThreatMapper/deepfence_utils/controls"
 	"github.com/deepfence/ThreatMapper/deepfence_utils/log"
 )
 
-const (
-	defaultMalwareScanConcurrency = 1
-)
-
 func getDfInstallDir() string {
 	installDir, exists := os.LookupEnv("DF_INSTALL_DIR")
 	if exists {
@@ -26,11 +23,8 @@ func getDfInstallDir() string {
 }
 
 var (
-	ebpfMalwareSocketPath     = getDfInstallDir() + "/tmp/yara-hunter.sock"
-	ssEbpfMalwareLogPath      = getDfInstallDir() + "/var/log/fenced/malwareScanner.log"
-	MalwareCertPath           = getDfInstallDir() + "/etc/filebeat/filebeat.crt"
-	malwareScanFilename       = getDfInstallDir() + "/var/log/fenced/malware-scan/malware_scan.log"
-	malwareScanStatusFilename = getDfInstallDir() + "/var/log/fenced/malware-scan-log/malware_scan_log.log"
+	ebpfMalwareSocketPath = getDfInstallDir() + "/tmp/yara-hunter.sock"
+	MalwareCertPath       = getDfInstallDir() + "/etc/filebeat/filebeat.crt"
 )
 
 var (
@@ -40,13 +34,6 @@ var (
 	MalwareScanDir         string
 )
 
-type malwareScanParameters struct {
-	client      pb.MalwareScannerClient
-	req         *pb.MalwareRequest
-	controlArgs map[string]string
-	hostName    string
-}
-
 func init() {
 	MalwareMgmtConsoleUrl = os.Getenv("MGMT_CONSOLE_URL")
 	consolePort := os.Getenv("MGMT_CONSOLE_PORT")
@@ -87,8 +74,9 @@ func StartMalwareScan(req ctl.StartMalwareScanRequest) error {
 		}
 	}
 
-	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath, grpc.WithAuthority("dummy"),
-		grpc.WithInsecure())
+	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath,
+		grpc.WithAuthority("dummy"),
+		grpc.WithTransportCredentials(insecure.NewCredentials()))
 	if err != nil {
 		fmt.Printf("error in creating malware scanner client: %s\n", err.Error())
 		return err
@@ -109,8 +97,9 @@ func StartMalwareScan(req ctl.StartMalwareScanRequest) error {
 }
 
 func GetMalwareScannerJobCount() int32 {
-	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath, grpc.WithAuthority("dummy"),
-		grpc.WithInsecure())
+	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath,
+		grpc.WithAuthority("dummy"),
+		grpc.WithTransportCredentials(insecure.NewCredentials()))
 	if err != nil {
 		fmt.Printf("error in creating malware scanner client: %s\n", err.Error())
 		return 0
@@ -126,8 +115,9 @@ func GetMalwareScannerJobCount() int32 {
 
 func StopMalwareScan(req ctl.StopMalwareScanRequest) error {
 	fmt.Printf("Stop Malware Scan : %v\n", req)
-	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath, grpc.WithAuthority("dummy"),
-		grpc.WithInsecure())
+	conn, err := grpc.Dial("unix://"+ebpfMalwareSocketPath,
+		grpc.WithAuthority("dummy"),
+		grpc.WithTransportCredentials(insecure.NewCredentials()))
 	if err != nil {
 		fmt.Printf("StopMalwareScannerJob::error in creating malware scanner client: %s\n", err.Error())
 		return err

deepfence_bootstrapper/router/openapi_client_controls.go

@@ -92,7 +92,6 @@ func (ct *OpenapiClient) StartControlsWatching(nodeId string, isClusterAgent boo
 				ctl, _, err := ct.API().ControlsAPI.GetAgentControlsExecute(req)
 				if err != nil {
 					log.Error().Msgf("Getting controls failed: %v\n", err)
-					rand.Seed(time.Now().UnixNano())
 					randomDelay := rand.Intn(int(ct.PublishInterval() / 2))
 					time.Sleep(time.Duration(randomDelay) * time.Second)
 					continue