Update orchestrator.py

austinsonger · Jun 9, 2024 · 147fe00 · 147fe00
1 parent dc849ef
commit 147fe00
Showing 1 changed file with 32 additions and 28 deletions.
diff --git a/entrypoint/entrypoint/orchestrator.py b/entrypoint/entrypoint/orchestrator.py
@@ -1,33 +1,37 @@
 import logging
-import boto3
-import json
-from entrypoint import pkg_vuln, executor
 
-def execute(args) -> int:
-    logging.info("Starting the Amazon Inspector EC2 scan results fetch process")
+from .cli import init
+from .installer import prepare_environment
+from .executor import invoke_command
+from .pkg_vuln import parse_vulns, create_jira_tickets
 
-    client = boto3.client(
-        'inspector',
-        aws_access_key_id=args.aws_access_key_id,
-        aws_secret_access_key=args.aws_secret_access_key,
-        region_name=args.aws_region
-    )
+def run_scan():
+    args = init()
 
-    try:
-        findings = client.list_findings(assessmentRunArns=[args.assessment_run_arn])
-        logging.info("Successfully fetched findings")
-        findings_detail = pkg_vuln.process_findings_to_json(findings)
-        print(f"Findings: {findings_detail}")
-        pkg_vuln.set_github_actions_output('inspector_scan_results', findings_detail)
-        return 0
-    except Exception as e:
-        logging.error(f"Failed to fetch findings: {e}")
-        return 1
+    if not prepare_environment(args.aws_access_key_id, args.aws_secret_access_key, args.aws_region):
+        logging.error("Environment preparation failed.")
+        return
 
-def invoke_aws_command(args) -> int:
-    """
-    Invokes an AWS CLI command using the executor.
-    :param args: The arguments for the AWS CLI command
-    :return: The exit code of the command
-    """
-    return executor.invoke_command('aws', args)
+    # Adjust the command based on agentless or agent-based scan
+    if args.agentless:
+        cmd = ['aws', 'inspector2', 'start-assessment', '--resource-group-arn', args.assessment_run_arn, '--agentless']
+    else:
+        cmd = ['aws', 'inspector2', 'start-assessment', '--resource-group-arn', args.assessment_run_arn]
+
+    result_code = invoke_command(cmd[0], cmd[1:])
+
+    if result_code != 0:
+        logging.error(f"Scan command failed with exit code {result_code}.")
+    else:
+        logging.info("Scan command executed successfully.")
+
+        # Read scan results
+        with open('inspector_scan_results.json', 'r') as file:
+            inspector_scan_json = file.read()
+
+        # Parse vulnerabilities
+        vulnerabilities = parse_vulns(inspector_scan_json)
+
+        # Create Jira tickets if Jira parameters are provided
+        if args.jira_url and args.jira_username and args.jira_api_token and args.jira_project_key:
+            create_jira_tickets(args.jira_url, args.jira_username, args.jira_api_token, args.jira_project_key, vulnerabilities)