trivy

package
v0.11.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2023 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Overview

Package trivy provides primitives for working with Trivy.

Index

Constants

View Source
const (
	AWSECR_Image_Regex        = "^\\d+\\.dkr\\.ecr\\.(\\w+-\\w+-\\d+)\\.amazonaws\\.com\\/"
	SupportedConfigAuditKinds = "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
)
View Source
const (
	FsSharedVolumeName          = "trivyoperator"
	SharedVolumeLocationOfTrivy = "/var/trivyoperator/trivy"
)
View Source
const (
	// Plugin the name of this plugin.
	Plugin = "Trivy"
)

Variables

This section is empty.

Functions

func CheckAwsEcrPrivateRegistry

func CheckAwsEcrPrivateRegistry(ImageUrl string) string

func GetCvssV3 added in v0.3.0

func GetCvssV3(findingCvss types.VendorCVSS) map[string]*CVSS

func GetMirroredImage

func GetMirroredImage(image string, mirrors map[string]string) (string, error)

func GetScoreFromCVSS

func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64

func NewPlugin

func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) vulnerabilityreport.Plugin

NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an upstream Trivy container image to scan Kubernetes workloads.

The plugin supports Image and Filesystem commands. The Filesystem command may be used to scan workload images cached on cluster nodes by scheduling scan jobs on a particular node.

The Image command supports both Standalone and ClientServer modes depending on the settings returned by Config.GetMode. The ClientServer mode is usually more performant, however it requires a Trivy server accessible at the configurable Config.GetServerURL.

func NewTrivyConfigAuditPlugin

func NewTrivyConfigAuditPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) configauditreport.PluginInMemory

NewTrivyConfigAuditPlugin constructs a new configAudit.Plugin, which is using an upstream Trivy config audit scanner lib.

Types

type AdditionalFields added in v0.2.0

type AdditionalFields struct {
	Description bool
	Links       bool
	CVSS        bool
	Target      bool
	Class       bool
	PackageType bool
}

type CVSS

type CVSS struct {
	V3Score *float64 `json:"V3Score,omitempty"`
}

type Command

type Command string

Command to scan image or filesystem.

const (
	Filesystem Command = "filesystem"
	Image      Command = "image"
	Rootfs     Command = "rootfs"
)

type Config

type Config struct {
	trivyoperator.PluginConfig
}

Config defines configuration params for this plugin.

func (Config) FindIgnorePolicyKey added in v0.10.2

func (c Config) FindIgnorePolicyKey(workload client.Object) string

func (Config) GenerateIgnoreFileVolumeIfAvailable added in v0.10.2

func (c Config) GenerateIgnoreFileVolumeIfAvailable(trivyConfigName string) (*corev1.Volume, *corev1.VolumeMount)

func (Config) GenerateIgnorePolicyVolumeIfAvailable added in v0.10.2

func (c Config) GenerateIgnorePolicyVolumeIfAvailable(trivyConfigName string, workload client.Object) (*corev1.Volume, *corev1.VolumeMount)

func (Config) GetAdditionalVulnerabilityReportFields added in v0.2.0

func (c Config) GetAdditionalVulnerabilityReportFields() AdditionalFields

func (Config) GetCommand

func (c Config) GetCommand() (Command, error)

func (Config) GetDBRepository

func (c Config) GetDBRepository() (string, error)

func (Config) GetDBRepositoryInsecure

func (c Config) GetDBRepositoryInsecure() bool

func (Config) GetImagePullSecret added in v0.6.0

func (c Config) GetImagePullSecret() []corev1.LocalObjectReference

func (Config) GetImageRef

func (c Config) GetImageRef() (string, error)

GetImageRef returns upstream Trivy container image reference.

func (Config) GetInsecureRegistries

func (c Config) GetInsecureRegistries() map[string]bool

func (Config) GetMirrors

func (c Config) GetMirrors() map[string]string

func (Config) GetMode

func (c Config) GetMode() (Mode, error)

func (Config) GetNonSSLRegistries

func (c Config) GetNonSSLRegistries() map[string]bool

func (Config) GetResourceRequirements

func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)

GetResourceRequirements creates ResourceRequirements from the Config.

func (Config) GetServerInsecure

func (c Config) GetServerInsecure() bool

func (Config) GetServerURL

func (c Config) GetServerURL() (string, error)

func (Config) GetSlow added in v0.8.0

func (c Config) GetSlow() bool

func (Config) GetSupportedConfigAuditKinds

func (c Config) GetSupportedConfigAuditKinds() []string

func (Config) GetUseBuiltinRegoPolicies

func (c Config) GetUseBuiltinRegoPolicies() bool

func (Config) IgnoreFileExists

func (c Config) IgnoreFileExists() bool

func (Config) IgnoreUnfixed

func (c Config) IgnoreUnfixed() bool

func (Config) OfflineScan added in v0.7.0

func (c Config) OfflineScan() bool

type Layer

type Layer struct {
	Digest string `json:"Digest"`
	DiffID string `json:"DiffID"`
}

type Mode

type Mode string

Mode in which Trivy client operates.

const (
	Standalone   Mode = "Standalone"
	ClientServer Mode = "ClientServer"
)

type ScanReport

type ScanReport struct {
	Results []ScanResult `json:"Results"`
}

type ScanResult

type ScanResult struct {
	Target          string          `json:"Target"`
	Class           string          `json:"Class"`
	Type            string          `json:"Type"`
	Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
	Secrets         []Secret        `json:"Secrets"`
}

type Secret

type Secret struct {
	Target   string            `json:"Target"`
	RuleID   string            `json:"RuleID"`
	Category string            `json:"Category"`
	Severity v1alpha1.Severity `json:"Severity"`
	Title    string            `json:"Title"`
	Match    string            `json:"Match"`
}

type Vulnerability

type Vulnerability struct {
	VulnerabilityID  string            `json:"VulnerabilityID"`
	PkgName          string            `json:"PkgName"`
	InstalledVersion string            `json:"InstalledVersion"`
	FixedVersion     string            `json:"FixedVersion"`
	Title            string            `json:"Title"`
	Description      string            `json:"Description"`
	Severity         v1alpha1.Severity `json:"Severity"`
	Layer            Layer             `json:"Layer"`
	PrimaryURL       string            `json:"PrimaryURL"`
	References       []string          `json:"References"`
	CVSS             types.VendorCVSS  `json:"CVSS"`
	Target           string            `json:"Target"`
	Class            string            `json:"Class"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL