container

Documentation

Index

• func FindContainerFiles(dir string) (dockerfiles, composeFiles []string)
• type ContainerFinding
• type ImageInfo
• type ScanResult
• type Scanner
  • func New(agg *cve.Aggregator) *Scanner
  • func (s *Scanner) Scan(ctx context.Context, dir string) (*ScanResult, error)

Functions

func FindContainerFiles

func FindContainerFiles(dir string) (dockerfiles, composeFiles []string)

FindContainerFiles is the exported version for the deps detector.

Types

type ContainerFinding

type ContainerFinding struct {
	Type        string   `json:"type"`     // "vuln", "misconfiguration"
	Severity    string   `json:"severity"` // CRITICAL, HIGH, MEDIUM, LOW
	Title       string   `json:"title"`
	Description string   `json:"description"`
	File        string   `json:"file"`
	Line        int      `json:"line"`
	CVE         *cve.CVE `json:"cve,omitempty"`
}

ContainerFinding represents a single finding from container scanning.

type ImageInfo

type ImageInfo struct {
	Name   string `json:"name"`
	Tag    string `json:"tag"`
	Digest string `json:"digest,omitempty"`
	File   string `json:"file"`
	Line   int    `json:"line"`
	BaseOS string `json:"base_os,omitempty"`
}

ImageInfo represents a detected base image.

type ScanResult

type ScanResult struct {
	Target   string             `json:"target"`
	Duration string             `json:"duration"`
	Images   []ImageInfo        `json:"images"`
	Findings []ContainerFinding `json:"findings"`
}

ScanResult holds container scan results.

type Scanner

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner performs container security analysis: Dockerfile misconfiguration detection, base image CVE matching, and docker-compose security checks.

func New

func New(agg *cve.Aggregator) *Scanner

func (*Scanner) Scan

func (s *Scanner) Scan(ctx context.Context, dir string) (*ScanResult, error)

Scan analyzes Dockerfiles and docker-compose files in the given directory.