Documentation
¶
Index ¶
- type Azure
- type ClusterScanReport
- type ClusterScanReportSummary
- type ECR
- type HarborConfig
- type ImageScanResult
- type ImageVulnerabilitiesFinder
- type InsightVM
- type PodSpecSummary
- type Policy
- type RegistryExclusion
- type ReportFilter
- type ScanRateLimit
- type ScanScope
- type ScanTaskResult
- type SeveritySummary
- type SeveritySummaryMap
- type TrivyConfig
- type VulnProviderAPICreds
- type VulnProviderConfig
- type VulnProvidersConfig
- type VulnerabilityExclusion
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Azure ¶
type Azure struct {
// Azure Related
// https://docs.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az_ad_sp_reset_credentials
TenantId string `json:"tenantId,omitempty" envconfig:"AZURE_TENANT_ID" default:"" doc:"Tenant Id"`
SubscriptionId string `json:"subscriptionId,omitempty" envconfig:"AZURE_SUBSCRIPTION_ID" default:"" doc:"Subscription Id"`
ClientId string `json:"clientId,omitempty" envconfig:"AZURE_CLIENT_ID" default:"" doc:"Client Id"`
ClientSecret string `json:"clientSecret,omitempty" envconfig:"AZURE_CLIENT_SECRET" default:"" doc:"Client Secret"`
//ResourceGroupName string `json:"resourceGroupName,omitempty" envconfig:"AZURE_RG_NAME" default:"" doc:"Resource Group Name"`
CloudName string `` /* 170-byte string literal not displayed */
}
type ClusterScanReport ¶
type ClusterScanReport struct {
//A Cluster UUID Identifier ... (namespace uid of kube-system ;P)
ClusterId string
// CreationTimestamp is a timestamp representing the time when this report was
// created. It is represented in RFC3339 form and is in UTC.
CreationTimeStamp string `json:"CreationTimeStamp,omitempty"`
//Unique Report UUID
ReportUUID string
//The Policy with the report was generated with
Policy Policy
// Report Findings
Findings map[string]*ImageScanResult
// High level stats about this report
Summary ClusterScanReportSummary
}
func NewClusterScanReport ¶
func NewClusterScanReport() *ClusterScanReport
type ClusterScanReportSummary ¶
type ClusterScanReportSummary struct {
// ns/podName --> Severity Vector
PodSummary map[string]PodSpecSummary
ClusterSeverity SeveritySummary
NamespaceSeverity SeveritySummaryMap
// ns/podName --> Severity Vector
PodSeverity SeveritySummaryMap
PodFixableSeverity SeveritySummaryMap
FailedOrSkippedPods []string
FailedOrSkippedImages []string
AnalyzedPodCount uint32
ExcludedPodCount uint32
}
func NewClusterScanReportSummary ¶
func NewClusterScanReportSummary() *ClusterScanReportSummary
type HarborConfig ¶ added in v1.3.0
type HarborConfig struct {
Insecure bool `json:"insecure,omitempty" envconfig:"HARBOR_INSECURE" default:"false"`
Host string `json:"host,omitempty" envconfig:"HARBOR_HOST" default:"localhost"`
Username string `json:"username,omitempty" envconfig:"HARBOR_USERNAME" default:""`
Password string `json:"password,omitempty" envconfig:"HARBOR_PASSWORD" default:""`
}
type ImageScanResult ¶
type ImageScanResult struct {
Image string
CompletedOK bool
Reason string
//If completed ok - this value should be populated with findings (if there are any)
Findings []*grafeas.Occurrence
//Stats
Summary SeveritySummary
Fixable SeveritySummary
ExcludeCount uint32
}
type InsightVM ¶ added in v1.4.0
type InsightVM struct {
//https://help.rapid7.com/insightvm/en-us/api/api.html#section/Overview
ApiKey string `json:"apiKey,omitempty" envconfig:"INSIGHTVM_APIKEY" default:""`
Region string `json:"region,omitempty" envconfig:"INSIGHTVM_REGION" default:"us"`
}
type PodSpecSummary ¶
type PodSpecSummary struct {
Name string
Namespace string
Spec *v1.PodSpec
Severity SeveritySummary
Fixable SeveritySummary
ScanFailures uint32
}
type Policy ¶
type Policy struct {
ScanScope *ScanScope
ReportFilter *ReportFilter
RateLimit ScanRateLimit
}
func NewDefaultPolicy ¶
func NewDefaultPolicy() *Policy
type RegistryExclusion ¶
type ReportFilter ¶
type ReportFilter struct {
//Empty Severity --> Include All Severity
Severities string
//CVSS Score is greater than the specified threshold
CvssGreaterThan float32
//Include only fixable vulnerabilities
FixableOnly bool
//Specific CVEs
VulnerabilityExclusions []*VulnerabilityExclusion
}
Evaluate Each Occurence Against filter to exclude occurences from report. The conditions are ANDed - if any if the conditions
func LoadReportFilter ¶
func LoadReportFilter(fname string) (*ReportFilter, error)
type ScanRateLimit ¶
type ScanScope ¶
type ScanScope struct {
NamespaceExclude string
NamespaceInclude string
RegistryExclusion []*RegistryExclusion
// contains filtered or unexported fields
}
func (*ScanScope) IsNamespaceIncluded ¶
type ScanTaskResult ¶
type SeveritySummary ¶
type SeveritySummary map[grafeas.Severity]uint32
func NewSeveritySummary ¶
func NewSeveritySummary() SeveritySummary
func (SeveritySummary) Add ¶
func (s SeveritySummary) Add(b SeveritySummary)
func (SeveritySummary) Max ¶
func (s SeveritySummary) Max() (string, uint32)
func (SeveritySummary) String ¶
func (s SeveritySummary) String() string
func (SeveritySummary) Table ¶
func (s SeveritySummary) Table() string
type SeveritySummaryMap ¶
type SeveritySummaryMap map[string]SeveritySummary
func (SeveritySummaryMap) Table ¶
func (sm SeveritySummaryMap) Table(aux SeveritySummaryMap) string
type TrivyConfig ¶
type TrivyConfig struct {
CacheDir string `json:"cacheDir,omitempty" envconfig:"SCANNER_TRIVY_CACHE_DIR" default:"/home/iskan/.cache/trivy"`
ReportsDir string `json:"reportsDir,omitempty" envconfig:"SCANNER_TRIVY_REPORTS_DIR" default:"/home/iskan/.cache/reports"`
DebugMode bool `json:"debugMode,omitempty" envconfig:"SCANNER_TRIVY_DEBUG_MODE" default:"false"`
VulnType string `json:"vulnType,omitempty" envconfig:"SCANNER_TRIVY_VULN_TYPE" default:"os,library"`
Severity string `json:"severity,omitempty" envconfig:"SCANNER_TRIVY_SEVERITY" default:"UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"`
IgnoreUnfixed bool `json:"ignoreUnfixed,omitempty" envconfig:"SCANNER_TRIVY_IGNORE_UNFIXED" default:"false"`
SkipUpdate bool `json:"skipUpdate,omitempty" envconfig:"SCANNER_TRIVY_SKIP_UPDATE" default:"false"`
GitHubToken string `json:"githubToken,omitempty" envconfig:"SCANNER_TRIVY_GITHUB_TOKEN"`
Insecure bool `json:"insecure,omitempty" envconfig:"SCANNER_TRIVY_INSECURE" default:"false"`
}
func DefaultTrivyConfig ¶
func DefaultTrivyConfig() *TrivyConfig
type VulnProviderAPICreds ¶
type VulnProviderAPICreds struct {
GCR string `json:"gcr,omitempty"`
ECR *ECR `json:"ecr,omitempty"`
ACR *Azure `json:"acr,omitempty"`
Trivy *TrivyConfig `json:"trivy,omitempty"`
Harbor *HarborConfig `json:"harbor,omitempty"`
InsightVM *InsightVM `json:"insightvm,omitempty"`
}
type VulnProviderConfig ¶
type VulnProviderConfig struct {
//Repo Kind
Kind string
//Repo FQDN
Repository string
//API Access Credentials
Creds VulnProviderAPICreds
}
type VulnProvidersConfig ¶
type VulnProvidersConfig struct {
Providers []VulnProviderConfig
}
func LoadVulnProvidersConfig ¶
func LoadVulnProvidersConfig(fname string) (*VulnProvidersConfig, error)
func LoadVulnProvidersConfigFromBuffer ¶
func LoadVulnProvidersConfigFromBuffer(data []byte) (*VulnProvidersConfig, error)
Source Files
Click to show internal directories.
Click to hide internal directories.