Documentation
¶
Overview ¶
Package vulnerabilityreport provides primitives for working with vulnerability scanners.
Index ¶
- Variables
- func BuildVulnerabilityReportData(clock ext.Clock, registry v1alpha1.Registry, artifact v1alpha1.Artifact, ...) v1alpha1.VulnerabilityReportData
- func GetCvssV3(findingCvss types.VendorCVSS) map[string]*CVSS
- func GetScanJobName(obj client.Object) string
- func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64
- func GetVulnerabilitiesFromScanResult(report ty.Result, addFields AdditionalFields) []v1alpha1.Vulnerability
- func OrderedBy(less ...LessFunc) *multiSorter
- func RegistryCredentialsSecretName(obj client.Object) string
- type AdditionalFields
- type BySeverity
- type CVSS
- type LessFunc
- type Plugin
- type ReadWriter
- type Reader
- type ReportBuilder
- func (b *ReportBuilder) AdditionalReportLabels(additionalReportLabels map[string]string) *ReportBuilder
- func (b *ReportBuilder) Container(name string) *ReportBuilder
- func (b *ReportBuilder) Controller(controller client.Object) *ReportBuilder
- func (b *ReportBuilder) Data(data v1alpha1.VulnerabilityReportData) *ReportBuilder
- func (b *ReportBuilder) Get() (*v1alpha1.VulnerabilityReport, *v1alpha1.ClusterVulnerabilityReport, error)
- func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder
- func (b *ReportBuilder) ReportTTL(ttl *time.Duration) *ReportBuilder
- func (b *ReportBuilder) ResourceLabelsToInclude(resourceLabelsToInclude []string) *ReportBuilder
- type ScanJobBuilder
- func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error)
- func (s *ScanJobBuilder) WithAffinity(affinity *corev1.Affinity) *ScanJobBuilder
- func (s *ScanJobBuilder) WithAnnotations(annotations map[string]string) *ScanJobBuilder
- func (s *ScanJobBuilder) WithCredentials(credentials map[string]docker.Auth) *ScanJobBuilder
- func (s *ScanJobBuilder) WithNodeSelector(nodeSelector map[string]string) *ScanJobBuilder
- func (s *ScanJobBuilder) WithObject(object client.Object) *ScanJobBuilder
- func (s *ScanJobBuilder) WithPlugin(plugin Plugin) *ScanJobBuilder
- func (s *ScanJobBuilder) WithPluginContext(pluginContext trivyoperator.PluginContext) *ScanJobBuilder
- func (s *ScanJobBuilder) WithPodPriorityClassName(podPriorityClassName string) *ScanJobBuilder
- func (s *ScanJobBuilder) WithPodSecurityContext(podSecurityContext *corev1.PodSecurityContext) *ScanJobBuilder
- func (s *ScanJobBuilder) WithPodTemplateLabels(podTemplateLabels map[string]string) *ScanJobBuilder
- func (s *ScanJobBuilder) WithSbomClusterReports(sbomClusterReports map[string]v1alpha1.SbomReportData) *ScanJobBuilder
- func (s *ScanJobBuilder) WithScanSecretTTL(ttl *time.Duration) *ScanJobBuilder
- func (s *ScanJobBuilder) WithSecurityContext(securityContext *corev1.SecurityContext) *ScanJobBuilder
- func (s *ScanJobBuilder) WithSkipInitContainers(skipInitContainers bool) *ScanJobBuilder
- func (s *ScanJobBuilder) WithTTL(ttl *time.Duration) *ScanJobBuilder
- func (s *ScanJobBuilder) WithTimeout(timeout time.Duration) *ScanJobBuilder
- func (s *ScanJobBuilder) WithTolerations(tolerations []corev1.Toleration) *ScanJobBuilder
- type Vulnerabilities
- type Writer
Constants ¶
This section is empty.
Variables ¶
View Source
var ( SummaryCount = []LessFunc{ func(r1, r2 *v1alpha1.VulnerabilityReport) bool { return r1.Report.Summary.CriticalCount < r2.Report.Summary.CriticalCount }, func(r1, r2 *v1alpha1.VulnerabilityReport) bool { return r1.Report.Summary.HighCount < r2.Report.Summary.HighCount }, func(r1, r2 *v1alpha1.VulnerabilityReport) bool { return r1.Report.Summary.MediumCount < r2.Report.Summary.MediumCount }, func(r1, r2 *v1alpha1.VulnerabilityReport) bool { return r1.Report.Summary.LowCount < r2.Report.Summary.LowCount }, func(r1, r2 *v1alpha1.VulnerabilityReport) bool { return r1.Report.Summary.UnknownCount < r2.Report.Summary.UnknownCount }} )
Functions ¶
func BuildVulnerabilityReportData ¶ added in v0.17.0
func GetScanJobName ¶
func GetScoreFromCVSS ¶ added in v0.17.0
func GetVulnerabilitiesFromScanResult ¶ added in v0.17.0
func GetVulnerabilitiesFromScanResult(report ty.Result, addFields AdditionalFields) []v1alpha1.Vulnerability
func OrderedBy ¶
func OrderedBy(less ...LessFunc) *multiSorter
OrderedBy returns a Sorter that sorts using the LessFunc functions, in order. Call its Sort method to sort the data.
Types ¶
type AdditionalFields ¶ added in v0.17.0
type BySeverity ¶
type BySeverity struct{ Vulnerabilities }
BySeverity implements sort.Interface by providing Less and using the Vulnerabilities.Len and Vulnerabilities.Swap methods of the embedded Vulnerabilities value.
func (BySeverity) Less ¶
func (s BySeverity) Less(i, j int) bool
type LessFunc ¶
type LessFunc func(p1, p2 *v1alpha1.VulnerabilityReport) bool
type Plugin ¶
type Plugin interface {
// Init is a callback to initialize this plugin, e.g. ensure the default
// configuration.
Init(ctx trivyoperator.PluginContext) error
// GetScanJobSpec describes the pod that will be created by Trivy-operator when
// it schedules a Kubernetes job to scan the workload with the specified
// descriptor.
// The second argument maps container names to Docker registry credentials,
// which can be passed to the scanner as environment variables with values
// set from returned secrets.
GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth,
securityContext *corev1.SecurityContext, clusterSbomReport map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error)
// ParseReportData is a callback to parse and convert logs of
// the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult.
ParseReportData(ctx trivyoperator.PluginContext, imageRef string, logsReader io.ReadCloser) (
v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error)
}
Plugin defines the interface between Trivy-operator and static vulnerability scanners.
type ReadWriter ¶
func NewReadWriter ¶
func NewReadWriter(objectResolver *kube.ObjectResolver) ReadWriter
NewReadWriter constructs a new ReadWriter which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.
type Reader ¶
type Reader interface {
FindByOwner(context.Context, kube.ObjectRef) ([]v1alpha1.VulnerabilityReport, error)
}
Reader is the interface that wraps methods for finding v1alpha1.VulnerabilityReport objects.
FindByOwner returns the slice of v1alpha1.VulnerabilityReport instances owned by the given kube.ObjectRef or an empty slice if the reports are not found.
type ReportBuilder ¶
type ReportBuilder struct {
// contains filtered or unexported fields
}
func NewReportBuilder ¶
func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder
func (*ReportBuilder) AdditionalReportLabels ¶ added in v0.13.0
func (b *ReportBuilder) AdditionalReportLabels(additionalReportLabels map[string]string) *ReportBuilder
func (*ReportBuilder) Container ¶
func (b *ReportBuilder) Container(name string) *ReportBuilder
func (*ReportBuilder) Controller ¶
func (b *ReportBuilder) Controller(controller client.Object) *ReportBuilder
func (*ReportBuilder) Data ¶
func (b *ReportBuilder) Data(data v1alpha1.VulnerabilityReportData) *ReportBuilder
func (*ReportBuilder) Get ¶
func (b *ReportBuilder) Get() (*v1alpha1.VulnerabilityReport, *v1alpha1.ClusterVulnerabilityReport, error)
func (*ReportBuilder) PodSpecHash ¶
func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder
func (*ReportBuilder) ReportTTL ¶
func (b *ReportBuilder) ReportTTL(ttl *time.Duration) *ReportBuilder
func (*ReportBuilder) ResourceLabelsToInclude ¶ added in v0.5.0
func (b *ReportBuilder) ResourceLabelsToInclude(resourceLabelsToInclude []string) *ReportBuilder
type ScanJobBuilder ¶
type ScanJobBuilder struct {
// contains filtered or unexported fields
}
func NewScanJobBuilder ¶
func NewScanJobBuilder() *ScanJobBuilder
func (*ScanJobBuilder) WithAffinity ¶ added in v0.19.1
func (s *ScanJobBuilder) WithAffinity(affinity *corev1.Affinity) *ScanJobBuilder
func (*ScanJobBuilder) WithAnnotations ¶
func (s *ScanJobBuilder) WithAnnotations(annotations map[string]string) *ScanJobBuilder
func (*ScanJobBuilder) WithCredentials ¶
func (s *ScanJobBuilder) WithCredentials(credentials map[string]docker.Auth) *ScanJobBuilder
func (*ScanJobBuilder) WithNodeSelector ¶ added in v0.2.0
func (s *ScanJobBuilder) WithNodeSelector(nodeSelector map[string]string) *ScanJobBuilder
func (*ScanJobBuilder) WithObject ¶
func (s *ScanJobBuilder) WithObject(object client.Object) *ScanJobBuilder
func (*ScanJobBuilder) WithPlugin ¶
func (s *ScanJobBuilder) WithPlugin(plugin Plugin) *ScanJobBuilder
func (*ScanJobBuilder) WithPluginContext ¶
func (s *ScanJobBuilder) WithPluginContext(pluginContext trivyoperator.PluginContext) *ScanJobBuilder
func (*ScanJobBuilder) WithPodPriorityClassName ¶ added in v0.13.0
func (s *ScanJobBuilder) WithPodPriorityClassName(podPriorityClassName string) *ScanJobBuilder
func (*ScanJobBuilder) WithPodSecurityContext ¶ added in v0.1.6
func (s *ScanJobBuilder) WithPodSecurityContext(podSecurityContext *corev1.PodSecurityContext) *ScanJobBuilder
func (*ScanJobBuilder) WithPodTemplateLabels ¶
func (s *ScanJobBuilder) WithPodTemplateLabels(podTemplateLabels map[string]string) *ScanJobBuilder
func (*ScanJobBuilder) WithSbomClusterReports ¶ added in v0.17.0
func (s *ScanJobBuilder) WithSbomClusterReports(sbomClusterReports map[string]v1alpha1.SbomReportData) *ScanJobBuilder
func (*ScanJobBuilder) WithScanSecretTTL ¶ added in v0.19.0
func (s *ScanJobBuilder) WithScanSecretTTL(ttl *time.Duration) *ScanJobBuilder
func (*ScanJobBuilder) WithSecurityContext ¶ added in v0.2.0
func (s *ScanJobBuilder) WithSecurityContext(securityContext *corev1.SecurityContext) *ScanJobBuilder
func (*ScanJobBuilder) WithSkipInitContainers ¶ added in v0.16.0
func (s *ScanJobBuilder) WithSkipInitContainers(skipInitContainers bool) *ScanJobBuilder
func (*ScanJobBuilder) WithTTL ¶ added in v0.12.0
func (s *ScanJobBuilder) WithTTL(ttl *time.Duration) *ScanJobBuilder
func (*ScanJobBuilder) WithTimeout ¶
func (s *ScanJobBuilder) WithTimeout(timeout time.Duration) *ScanJobBuilder
func (*ScanJobBuilder) WithTolerations ¶
func (s *ScanJobBuilder) WithTolerations(tolerations []corev1.Toleration) *ScanJobBuilder
type Vulnerabilities ¶
type Vulnerabilities []v1alpha1.Vulnerability
func (Vulnerabilities) Len ¶
func (s Vulnerabilities) Len() int
func (Vulnerabilities) Swap ¶
func (s Vulnerabilities) Swap(i, j int)
type Writer ¶
type Writer interface {
Write(context.Context, []v1alpha1.VulnerabilityReport) error
WriteCluster(context.Context, []v1alpha1.ClusterVulnerabilityReport) error
}
Writer is the interface that wraps the basic Write method.
Write creates or updates the given slice of v1alpha1.VulnerabilityReport instances.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.