Rename to scan-throttler

J12934 · J12934 · commit b33ba4aaf293 · 2025-08-19T16:02:12.000+02:00
Clearer than deduplicator as it conveys a "time" element to the
deduplication
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -22,7 +22,7 @@ jobs:
         name: Container Image Metadata
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.CONTAINER_REGISTRY }}/scan-deduplicator/scan-deduplicator
+          images: ${{ env.CONTAINER_REGISTRY }}/scan-throttler/scan-throttler
           tags: |
             latest
       - name: Set up QEMU
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -5,8 +5,8 @@ permissions:
 env:
   GO_STATIC_CHECK_VERSION: "2025.1.1"
 jobs:
-  scan-deduplicator:
-    name: "Scan Deduplicator"
+  scan-throttler:
+    name: "Scan Throttler"
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/Dockerfile b/Dockerfile
@@ -7,8 +7,8 @@ RUN go mod download
 COPY . .
 ARG TARGETOS TARGETARCH
 RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build
-RUN chmod +x scan-deduplicator
+RUN chmod +x scan-throttler
 
 FROM gcr.io/distroless/static:nonroot
-COPY --from=builder --chown=nonroot:nonroot /src/scan-deduplicator /scan-deduplicator
-CMD ["/scan-deduplicator"]
+COPY --from=builder --chown=nonroot:nonroot /src/scan-throttler /scan-throttler
+CMD ["/scan-throttler"]
diff --git a/deploy/cache.yaml b/deploy/cache.yaml
@@ -1,19 +1,19 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: scan-deduplicator-cache
+  name: scan-throttler-cache
   labels:
-    app: scan-deduplicator-cache
+    app: scan-throttler-cache
 spec:
-  serviceName: "scan-deduplicator-cache"
+  serviceName: "scan-throttler-cache"
   replicas: 1
   selector:
     matchLabels:
-      app: scan-deduplicator-cache
+      app: scan-throttler-cache
   template:
     metadata:
       labels:
-        app: scan-deduplicator-cache
+        app: scan-throttler-cache
     spec:
       containers:
         - name: valkey
@@ -37,7 +37,7 @@ spec:
             - name: VALKEY_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: scan-deduplicator-cache-credentials
+                  name: scan-throttler-cache-credentials
                   key: password
           startupProbe:
             tcpSocket:
@@ -74,10 +74,10 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: scan-deduplicator-cache
+  name: scan-throttler-cache
 spec:
   selector:
-    app: scan-deduplicator-cache
+    app: scan-throttler-cache
   ports:
     - protocol: TCP
       port: 6379
diff --git a/deploy/certificate.yaml b/deploy/certificate.yaml
@@ -1,13 +1,13 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: scan-deduplicator-cert
-  namespace: scan-deduplicator
+  name: scan-throttler-cert
+  namespace: scan-throttler
 spec:
-  secretName: scan-deduplicator-cert
+  secretName: scan-throttler-cert
   dnsNames:
-  - scan-deduplicator-validator.scan-deduplicator.svc.cluster.local
-  - scan-deduplicator-validator.scan-deduplicator.svc
-  - scan-deduplicator-validator.scan-deduplicator
+    - scan-throttler-validator.scan-throttler.svc.cluster.local
+    - scan-throttler-validator.scan-throttler.svc
+    - scan-throttler-validator.scan-throttler
   issuerRef:
-    name: scan-deduplicator-ca-issuer
+    name: scan-throttler-ca-issuer
diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
@@ -1,33 +1,33 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: scan-deduplicator-validator
-  namespace: scan-deduplicator
+  name: scan-throttler-validator
+  namespace: scan-throttler
   labels:
-    app: scan-deduplicator-validator
+    app: scan-throttler-validator
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: scan-deduplicator-validator
+      app: scan-throttler-validator
   template:
     metadata:
       labels:
-        app: scan-deduplicator-validator
+        app: scan-throttler-validator
     spec:
       containers:
-        - name: scan-deduplicator-validator
-          image: ghcr.io/securecodebox/scan-deduplicator/scan-deduplicator:latest
+        - name: scan-throttler-validator
+          image: ghcr.io/securecodebox/scan-throttler/scan-throttler:latest
           imagePullPolicy: IfNotPresent
           command:
-            - /scan-deduplicator
+            - /scan-throttler
             - -tls-cert-file=/etc/webhook/certs/tls.crt
             - -tls-key-file=/etc/webhook/certs/tls.key
           env:
             - name: VALKEY_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: scan-deduplicator-cache-credentials
+                  name: scan-throttler-cache-credentials
                   key: password
           resources:
             limits:
@@ -43,4 +43,4 @@ spec:
       volumes:
         - name: webhook-certs
           secret:
-            secretName: scan-deduplicator-cert
+            secretName: scan-throttler-cert
diff --git a/deploy/issuer.yaml b/deploy/issuer.yaml
@@ -1,7 +1,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: scan-deduplicator-ca-issuer
-  namespace: scan-deduplicator
+  name: scan-throttler-ca-issuer
+  namespace: scan-throttler
 spec:
-  selfSigned: {}
+  selfSigned: {}
diff --git a/deploy/service.yaml b/deploy/service.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: scan-deduplicator-validator
-  namespace: scan-deduplicator
+  name: scan-throttler-validator
+  namespace: scan-throttler
   labels:
-    app: scan-deduplicator-validator
+    app: scan-throttler-validator
 spec:
   ports:
-  - port: 443
-    targetPort: 8080
+    - port: 443
+      targetPort: 8080
   selector:
-    app: scan-deduplicator-validator
+    app: scan-throttler-validator
diff --git a/deploy/webhook.yaml b/deploy/webhook.yaml
@@ -1,22 +1,22 @@
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
-  name: scan-deduplicator-validator
+  name: scan-throttler-validator
   annotations:
-    cert-manager.io/inject-ca-from: scan-deduplicator/scan-deduplicator-cert
+    cert-manager.io/inject-ca-from: scan-throttler/scan-throttler-cert
 webhooks:
-- name: scan-deduplicator.securecodebox.io
-  admissionReviewVersions:
-  - v1
-  clientConfig:
-    service:
-      name: scan-deduplicator-validator
-      namespace: scan-deduplicator
-      path: /validate
-      port: 443
-  rules:
-    - operations: [ "CREATE" ]
-      apiGroups: ["execution.securecodebox.io"]
-      apiVersions: ["v1"]
-      resources: ["scans"]
-  sideEffects: None
+  - name: scan-throttler.securecodebox.io
+    admissionReviewVersions:
+      - v1
+    clientConfig:
+      service:
+        name: scan-throttler-validator
+        namespace: scan-throttler
+        path: /validate
+        port: 443
+    rules:
+      - operations: ["CREATE"]
+        apiGroups: ["execution.securecodebox.io"]
+        apiVersions: ["v1"]
+        resources: ["scans"]
+    sideEffects: None
diff --git a/example/manifests/cascading-rules.yaml b/example/manifests/cascading-rules.yaml
@@ -7,7 +7,7 @@ metadata:
     securecodebox.io/intensive: light
 spec:
   scanAnnotations:
-    scan-deduplicator.securecodebox.io/min-time-interval: 4h
+    scan-throttler.securecodebox.io/min-time-interval: 4h
   matches:
     anyOf:
       - category: "Host"
@@ -28,7 +28,7 @@ metadata:
     securecodebox.io/intensive: light
 spec:
   scanAnnotations:
-    scan-deduplicator.securecodebox.io/min-time-interval: 24h
+    scan-throttler.securecodebox.io/min-time-interval: 24h
   matches:
     anyOf:
       - category: "Open Port"
diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module github.com/secureCodeBox/scan-deduplicator
+module github.com/secureCodeBox/scan-throttler
 
 go 1.24.0
 
diff --git a/main.go b/main.go
@@ -7,7 +7,7 @@ import (
 	"net/http"
 	"os"
 
-	"github.com/secureCodeBox/scan-deduplicator/thresholds"
+	"github.com/secureCodeBox/scan-throttler/thresholds"
 	executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
 	"github.com/sirupsen/logrus"
 	kwhhttp "github.com/slok/kubewebhook/v2/pkg/http"
@@ -22,12 +22,12 @@ import (
 	"github.com/valkey-io/valkey-go"
 )
 
-type scanDeduplicatorValidator struct {
+type scanThrottlerValidator struct {
 	logger      kwhlog.Logger
 	cacheClient *valkey.Client
 }
 
-func (v *scanDeduplicatorValidator) Validate(ctx context.Context, _ *kwhmodel.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
+func (v *scanThrottlerValidator) Validate(ctx context.Context, _ *kwhmodel.AdmissionReview, obj metav1.Object) (*kwhvalidating.ValidatorResult, error) {
 	v.logger.Infof("Validating Scan.")
 	scan, ok := obj.(*executionv1.Scan)
 
@@ -43,7 +43,7 @@ func (v *scanDeduplicatorValidator) Validate(ctx context.Context, _ *kwhmodel.Ad
 		return &kwhvalidating.ValidatorResult{
 			Valid:    true,
 			Message:  "Failed to check for duplicated scan. Failed to generate scan hash",
-			Warnings: []string{"Failed to generate scan hash.", "Deduplication wasn't performed."},
+			Warnings: []string{"Failed to generate scan hash.", "Throttling wasn't performed."},
 		}, err
 	}
 
@@ -52,16 +52,16 @@ func (v *scanDeduplicatorValidator) Validate(ctx context.Context, _ *kwhmodel.Ad
 		v.logger.Errorf("Failed to get threshold for scan!", err)
 		return &kwhvalidating.ValidatorResult{
 			Valid:    true,
-			Message:  fmt.Sprintf("Failed to get threshold for scan. %s", err),
-			Warnings: []string{"Failed to get threshold for scan.", "Deduplication wasn't performed."},
+			Message:  fmt.Sprintf("Failed to get throttle  threshold for scan. %s", err),
+			Warnings: []string{"Failed to get throttle threshold for scan.", "Throttling wasn't performed."},
 		}, err
 	}
 
 	if threshhold == 0 {
-		v.logger.Infof("No deduplication threshold set. Skipping deduplication.")
+		v.logger.Infof("No throttle threshold set. Skipping throttling.")
 		return &kwhvalidating.ValidatorResult{
 			Valid:   true,
-			Message: "No deduplication threshold set. Skipping deduplication.",
+			Message: "No throttle threshold set. Skipping throttling.",
 		}, nil
 	}
 
@@ -72,7 +72,7 @@ func (v *scanDeduplicatorValidator) Validate(ctx context.Context, _ *kwhmodel.Ad
 		return &kwhvalidating.ValidatorResult{
 			Valid:    true,
 			Message:  fmt.Sprintf("Failed to check for duplicated scan. %s", err),
-			Warnings: []string{"Failed to check for duplicated scan. Could not reach cache.", "Deduplication wasn't performed."},
+			Warnings: []string{"Failed to check for duplicated scan. Could not reach cache.", "Throttling wasn't performed."},
 		}, err
 	}
 
@@ -134,20 +134,20 @@ func main() {
 		os.Exit(1)
 	}
 
-	client, err := valkey.NewClient(valkey.ClientOption{InitAddress: []string{"scan-deduplicator-cache:6379"}, Password: valkeyPassword})
+	client, err := valkey.NewClient(valkey.ClientOption{InitAddress: []string{"scan-throttler-cache:6379"}, Password: valkeyPassword})
 	if err != nil {
 		panic(err)
 	}
 	defer client.Close()
 
-	vl := &scanDeduplicatorValidator{
+	vl := &scanThrottlerValidator{
 		logger:      logger,
 		cacheClient: &client,
 	}
 
 	logger.Infof("Initializing Webhook")
 	vcfg := kwhvalidating.WebhookConfig{
-		ID:        "scanDeduplicatorValidator",
+		ID:        "scanThrottlerValidator",
 		Obj:       &executionv1.Scan{},
 		Validator: vl,
 		Logger:    logger,
diff --git a/readme.md b/readme.md
diff --git a/thresholds/thesholds_test.go b/thresholds/thesholds_test.go
diff --git a/thresholds/thresholds.go b/thresholds/thresholds.go
