@@ -19,6 +19,7 @@ import objects.ECRRegistryIntegration
1919import objects.GCRImageIntegration
2020import objects.GoogleArtifactRegistry
2121import objects.QuayImageIntegration
22+ import objects.ScannerV4Integration
2223import objects.Secret
2324import objects.StackroxScannerIntegration
2425import services.ClusterService
@@ -43,15 +44,16 @@ class ImageScanningTest extends BaseSpecification {
4344
4445 static final private String UBI8_0_IMAGE = " registry.access.redhat.com/ubi8:8.0-208"
4546 static final private String RHEL7_IMAGE = " quay.io/rhacs-eng/qa-multi-arch:rhel7-minimal-7.5-422"
47+ static final private String RHEL9_IMAGE = " quay.io/rhacs-eng/qa-multi-arch:ubi9-minimal-9.6-1760515502"
4648 static final private String QUAY_IMAGE_WITH_CLAIR_SCAN_DATA = " quay.io/rhacs-eng/qa:nginx-unprivileged"
4749 static final private String GCR_IMAGE = " us.gcr.io/acs-san-stackroxci/qa-multi-arch/registry-image:0.2"
4850 static final private String NGINX_IMAGE = " quay.io/rhacs-eng/qa:nginx-1-12-1"
4951 static final private String OCI_IMAGE = " quay.io/rhacs-eng/qa:oci-manifest"
5052 static final private String LIST_IMAGE_OCI_MANIFEST = " quay.io/rhacs-eng/qa:list-image-oci-manifest"
5153 static final private String AR_IMAGE =
5254 " us-west1-docker.pkg.dev/acs-san-stackroxci/artifact-registry-test/nginx:1.17"
53- static final private String CENTOS_IMAGE = " quay.io/rhacs-eng/qa:centos7-base "
54- static final private String CENTOS_ECHO_IMAGE = " quay.io/rhacs-eng/qa:centos7-base -echo"
55+ static final private String UBI9_MINIMAL_IMAGE = " quay.io/rhacs-eng/qa:ubi9-minimal-9.5-1747111267-amd64 "
56+ static final private String UBI9_MINIMAL_ECHO_IMAGE = " quay.io/rhacs-eng/qa:ubi9-minimal-9.5-1747111267-amd64 -echo"
5557 static final private String LINEAGE_IMAGE_A = " quay.io/rhacs-eng/qa:lineage-jdk-17.0.11"
5658 static final private String LINEAGE_IMAGE_B = " quay.io/rhacs-eng/qa:lineage-jdk-17.0.13"
5759
@@ -419,7 +421,9 @@ class ImageScanningTest extends BaseSpecification {
419421 " Add scanner"
420422 String integrationId = scanner. createDefaultIntegration()
421423 assert integrationId
422- integrationIds. add(integrationId)
424+ if (scanner. isDeletable()) {
425+ integrationIds. add(integrationId)
426+ }
423427
424428 and :
425429 " Scan Image and verify results"
@@ -465,12 +469,20 @@ class ImageScanningTest extends BaseSpecification {
465469 new ClairV4ScannerIntegration () | " platform-python-pip" | " 9.0.3-13.el8" | 0 | " RHSA-2020:4432" | UBI8_0_IMAGE | " "
466470 new StackroxScannerIntegration () | " java-17-openjdk-headless" | " 1:17.0.11.0.9-2.el8.x86_64" | 135 | " " | LINEAGE_IMAGE_A | " "
467471 new StackroxScannerIntegration () | " java-17-openjdk-headless" | " 1:17.0.13.0.11-3.el8.x86_64" | 137 | " " | LINEAGE_IMAGE_B | " "
472+ new ScannerV4Integration () | " openssl-libs" | " 1:3.2.2-6.el9_5.1" | 18 | " CVE-2025-15467" | RHEL9_IMAGE | " "
473+ new ScannerV4Integration () | " systemd" | " 229-4ubuntu21.29" | 0 | " CVE-2021-33910" | OCI_IMAGE | " "
474+ new ScannerV4Integration () | " libc6" | " 2.35-0ubuntu3.1" | 4 | " CVE-2023-4911" | LIST_IMAGE_OCI_MANIFEST | " "
475+ new ScannerV4Integration () | " java-17-openjdk-headless" | " 1:17.0.11.0.9-2.el8" | 135 | " " | LINEAGE_IMAGE_A | " "
476+ new ScannerV4Integration () | " java-17-openjdk-headless" | " 1:17.0.13.0.11-3.el8" | 137 | " " | LINEAGE_IMAGE_B | " "
468477 }
469478
470479 @Unroll
471480 @Tag (" BAT" )
472481 @Tag (" Integration" )
473482 def " Verify Scan Results from Registries - #registry.name() - #component:#version - #image - #cve - #idx" () {
483+ // The current images in the AR repo are too old to produce scan results with Scanner V4.
484+ Assume . assumeFalse(" Skipping: AR image produces no results with Scanner V4" , scannerV4Enabled)
485+
474486 ImageIntegrationService . addStackroxScannerIntegration()
475487
476488 when :
@@ -531,7 +543,9 @@ class ImageScanningTest extends BaseSpecification {
531543 " Add scanner"
532544 String integrationId = scanner. createDefaultIntegration()
533545 assert integrationId
534- integrationIds. add(integrationId)
546+ if (scanner. isDeletable()) {
547+ integrationIds. add(integrationId)
548+ }
535549
536550 and :
537551 " Scan image"
@@ -726,28 +740,32 @@ class ImageScanningTest extends BaseSpecification {
726740
727741 def " Validate image deletion does not affect other images" () {
728742 given :
729- ImageIntegrationService . addStackroxScannerIntegration()
743+ if (! scannerV4Enabled) {
744+ ImageIntegrationService . addStackroxScannerIntegration()
745+ }
730746
731747 when :
732- " Scan CentOS image and derivative echo image (centos + touch file)"
733- ImageService . scanImage(CENTOS_ECHO_IMAGE , false )
734- def expectedDetails = ImageService . scanImage(CENTOS_IMAGE , false )
748+ " Scan UBI9 image and derivative echo image (UBI9 + touch file)"
749+ ImageService . scanImage(UBI9_MINIMAL_ECHO_IMAGE , false )
750+ def expectedDetails = ImageService . scanImage(UBI9_MINIMAL_IMAGE , false )
735751
736752 and :
737- " Delete CentOS image and ensure echo still same number of vulns"
753+ " Delete UBI9 image and ensure echo still same number of vulns"
738754 ImageService . deleteImages(
739- SearchServiceOuterClass.RawQuery . newBuilder(). setQuery(" Image:${ CENTOS_ECHO_IMAGE } " ). build(), true )
755+ SearchServiceOuterClass.RawQuery . newBuilder(). setQuery(" Image:${ UBI9_MINIMAL_ECHO_IMAGE } " ). build(), true )
740756 def actualDetails = ImageService . getImage(expectedDetails. id)
741757 assert actualDetails. scan. componentsList. sum { it. vulnsList. size() } > 0
742758
743759 then :
744- " Delete CentOS image and ensure echo still same number of vulns"
760+ " Delete UBI9 image and ensure echo still same number of vulns"
745761 expectedDetails. scan. componentsList. size() == actualDetails. scan. componentsList. size()
746762 expectedDetails. scan. componentsList. sum { it. vulnsList. size() } ==
747763 actualDetails. scan. componentsList. sum { it. vulnsList. size() }
748764
749765 cleanup :
750- deleteStackroxScanner = true
766+ if (! scannerV4Enabled) {
767+ deleteStackroxScanner = true
768+ }
751769 }
752770
753771 @Unroll
@@ -802,7 +820,7 @@ class ImageScanningTest extends BaseSpecification {
802820 }
803821
804822 where :
805- testName | integrationName | scannerName |
823+ testName | integrationName | defaultScannerName |
806824 imageIntegrationConfig
807825 " quay registry with token" | " quay" | " Stackrox Scanner" |
808826 { -> QuayImageIntegration . createCustomIntegration(
@@ -819,6 +837,9 @@ class ImageScanningTest extends BaseSpecification {
819837 { -> QuayImageIntegration . createCustomIntegration(
820838 [oauthToken : Env . mustGet(" QUAY_RHACS_ENG_BEARER_TOKEN" ), useRobotCreds : true ,
821839 includeScanner : true ,]) }
840+
841+ // Change the scanner name to Scanner V4 if it is enabled and the test mentions Stackrox Scanner specific.
842+ scannerName = (defaultScannerName == " Stackrox Scanner" && scannerV4Enabled) ? " Scanner V4" : defaultScannerName
822843 }
823844
824845 private static String expectAutoGeneratedRegistry (Secret secret ) {
0 commit comments