Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use match-scanner library #90

Merged
merged 6 commits into from
Jun 28, 2024
Merged

use match-scanner library #90

merged 6 commits into from
Jun 28, 2024

Conversation

noboruma
Copy link
Contributor

No description provided.

@noboruma noboruma requested a review from ibreakthecloud June 25, 2024 05:29
ibreakthecloud
ibreakthecloud reviewed Jun 25, 2024
View reviewed changes
pkg/config/options.go Outdated Show resolved Hide resolved
pkg/scan/process_image.go
} else {
m.FileSeverity = updatedSeverity
}
m.FileSeverity = updatedSeverity
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO we need to do something about the way we calculated severity. currently we calculate sev per file instead of per malware using the length of total strings that matched. Instead we should be looking at rule to see percentage of $strings that matched or mixing both approaches.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ibreakthecloud please propose an algorithm for the sev calculation, looks like you have some ideas in mind, let's review that in a separate PR

@noboruma noboruma force-pushed the use-scanner-lib branch 8 times, most recently from 31f992a to 006deff Compare June 26, 2024 15:57
ibreakthecloud
ibreakthecloud reviewed Jun 26, 2024
View reviewed changes
pkg/scan/scanner.go Outdated Show resolved Hide resolved
ibreakthecloud
ibreakthecloud reviewed Jun 26, 2024
View reviewed changes
pkg/scan/scanner.go Outdated Show resolved Hide resolved
@noboruma noboruma force-pushed the use-scanner-lib branch 2 times, most recently from 7937e51 to b7ca09c Compare June 27, 2024 05:28
@noboruma noboruma force-pushed the use-scanner-lib branch 2 times, most recently from b2da95c to 501dbec Compare June 27, 2024 07:10
@noboruma noboruma marked this pull request as ready for review June 27, 2024 07:12
ibreakthecloud
ibreakthecloud approved these changes Jun 27, 2024
View reviewed changes
Copy link
Contributor

@ibreakthecloud ibreakthecloud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have good perf numbers regarding cpu and mem.
my todos for later:

  • fix the severity logic (have something better than what we have now)
  • deepfence's own threatintel for malware, where we'll curate our own rules from multiple sources, this will result in more faster matching.

Currently rules are the only bottle necks we have.

@noboruma noboruma merged commit b91b39a into main Jun 28, 2024
1 check passed
@noboruma noboruma deleted the use-scanner-lib branch June 28, 2024 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibreakthecloud ibreakthecloud ibreakthecloud approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@noboruma @ibreakthecloud