analysis

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SEVERITY_CRIT = "CRITICAL"
	SEVERITY_HIGH = "HIGH"
	SEVERITY_MED  = "MEDIUM"
	SEVERITY_INFO = "INFO"
)

Variables

This section is empty.

Functions

func ExportAnalysisConfig 

func ExportAnalysisConfig(format string, c *AnalysisConfig) (string, error)

func ExportDefaultConfig 

func ExportDefaultConfig(format string) (string, error)

Types

type AnalysisConfig 

type AnalysisConfig struct {
	AnalysisConfigInfo

	Rules []Rule

	GlobalExclusions []Exclusion
}

func DefaultAnalysisConfig 

func DefaultAnalysisConfig() *AnalysisConfig

func LoadAnalysisConfig 

func LoadAnalysisConfig(fname string) (*AnalysisConfig, error)

type AnalysisConfigInfo 

type AnalysisConfigInfo struct {
	//Config Name
	Name string
	//Rule Description
	Description string
	//Rule UUID
	Uuid string
}

type AnalysisFinding 

type AnalysisFinding struct {
	// Finding Severity
	Severity string

	//Rule Name
	Message string

	//Rule Description
	Recommendation string

	//The Rule Name that triggered this finding
	RuleName string
	//The Rule UUID that triggered this finding
	RuleUuid string

	//Documetation & additional reading references
	References []string
}

type AnalysisReport 

type AnalysisReport struct {
	//The Analysis Config Info
	AnalysisConfigInfo AnalysisConfigInfo

	Stats AnalysisStats

	//Report Create Time
	CreatedOn string

	Findings []AnalysisReportFinding

	ExclusionsInfo []ExclusionInfo
}

type AnalysisReportFinding 

type AnalysisReportFinding struct {
	Subject *v1.Subject

	Finding AnalysisFinding
}

type AnalysisStats 

type AnalysisStats struct {
	//Analysis Rules
	RuleCount int

	ExclusionCount int
}

type Analyzer 

type Analyzer interface {
	Analyze() (*AnalysisReport, error)
}

func CreateAnalyzer 

func CreateAnalyzer(config *AnalysisConfig, policies []rbac.SubjectPolicyList) Analyzer

type Exclusion 

type Exclusion struct {
	//Is this exclusion turned off
	Disabled bool

	//Exclusion note
	Comment string

	//Who added this exclusion
	AddedBy string

	//When this exclusion had changed -
	LastModified string

	//exception active after X, where X is a timestamp of seconds since epoch
	ValidBefore uint64

	//A Google CEL expression exceptions
	// Input: v1.Subject
	// Output: Boolean
	Expression string
}

type ExclusionInfo added in v1.16.0 

type ExclusionInfo struct {
	Subject *v1.Subject

	//Exclusion Message
	Message string
}

type Rule 

type Rule struct {
	//Rule Name
	Name string
	//Rule Description
	Description string
	//Rule Recommendation - rendered as a Google CEL expression to customize the message
	Recommendation string
	//Rule UUID
	Uuid string
	//Rule UUID
	Severity string

	//Documetation & additional reading references
	References []string

	//A Google CEL expression analysis rule.
	// Input: []SubjectPolicyList
	// Output: Boolean
	AnalysisExpr string

	//Any Resources that we should not report about.
	// For example do not report on findings from kube-system namespace
	Exclusions []Exclusion

	ExclusionCount uint32
}

Analysis Rule

type Rules 

type Rules []Rule

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.