types

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 16, 2022 License: Apache-2.0 Imports: 6 Imported by: 121

Documentation

Index

Constants

View Source 
const (
	ClassOSPkg       = "os-pkgs"      // For detected packages and vulnerabilities in OS packages
	ClassLangPkg     = "lang-pkgs"    // For detected packages and vulnerabilities in language-specific packages
	ClassConfig      = "config"       // For detected misconfigurations
	ClassSecret      = "secret"       // For detected secrets
	ClassLicense     = "license"      // For detected package licenses
	ClassLicenseFile = "license-file" // For detected licenses in files
	ClassCustom      = "custom"
)
View Source 
const (
	// VulnTypeUnknown is a vulnerability type of unknown
	VulnTypeUnknown = VulnType("unknown")

	// VulnTypeOS is a vulnerability type of OS packages
	VulnTypeOS = VulnType("os")

	// VulnTypeLibrary is a vulnerability type of programming language dependencies
	VulnTypeLibrary = VulnType("library")

	// SecurityCheckUnknown is a security check of unknown
	SecurityCheckUnknown = SecurityCheck("unknown")

	// SecurityCheckVulnerability is a security check of vulnerabilities
	SecurityCheckVulnerability = SecurityCheck("vuln")

	// SecurityCheckConfig is a security check of misconfigurations
	SecurityCheckConfig = SecurityCheck("config")

	// SecurityCheckSecret is a security check of secrets
	SecurityCheckSecret = SecurityCheck("secret")

	// SecurityCheckRbac is a security check of rbac assessment
	SecurityCheckRbac = SecurityCheck("rbac")

	// SecurityCheckLicense is the security check of licenses
	SecurityCheckLicense = SecurityCheck("license")
)
View Source 
const (
	SBOMSourceRekor = SBOMSource("rekor")
)

Variables

View Source 
var (
	VulnTypes      = []string{VulnTypeOS, VulnTypeLibrary}
	SecurityChecks = []string{
		SecurityCheckVulnerability, SecurityCheckConfig,
		SecurityCheckRbac, SecurityCheckSecret, SecurityCheckLicense,
	}
)
View Source 
var (
	SBOMSources = []string{
		SBOMSourceRekor,
	}
)

Functions

func GetDockerOption 

func GetDockerOption(insecureTlsSkip bool) (types.DockerOption, error)

GetDockerOption returns the Docker scanning options using DockerConfig

Types

type BySeverity added in v0.13.0 

type BySeverity []DetectedVulnerability

BySeverity implements sort.Interface based on the Severity field.

func (BySeverity) Len added in v0.13.0 

func (v BySeverity) Len() int

Len returns the length of DetectedVulnerabilities

func (BySeverity) Less added in v0.13.0 

func (v BySeverity) Less(i, j int) bool

Less compares 2 DetectedVulnerabilities based on package name, severity and vulnerabilityID

func (BySeverity) Swap added in v0.13.0 

func (v BySeverity) Swap(i, j int)

Swap swaps 2 vulnerability

type DetectedLicense added in v0.30.0 

type DetectedLicense struct {
	// Severity is the consistent parameter indicating how severe the issue is
	Severity string

	// Category holds the license category such as "forbidden"
	Category types.LicenseCategory

	// PkgName holds a package name of the license.
	// It will be empty if FilePath is filled.
	PkgName string

	// PkgName holds a file path of the license.
	// It will be empty if PkgName is filled.
	FilePath string // for file license

	// Name holds a detected license name
	Name string

	// Confidence is level of the match. The confidence level is between 0.0 and 1.0, with 1.0 indicating an
	// exact match and 0.0 indicating a complete mismatch
	Confidence float64

	// Link is a SPDX link of the license
	Link string
}

type DetectedMisconfiguration added in v0.19.0 

type DetectedMisconfiguration struct {
	Type          string               `json:",omitempty"`
	ID            string               `json:",omitempty"`
	AVDID         string               `json:",omitempty"`
	Title         string               `json:",omitempty"`
	Description   string               `json:",omitempty"`
	Message       string               `json:",omitempty"`
	Namespace     string               `json:",omitempty"`
	Query         string               `json:",omitempty"`
	Resolution    string               `json:",omitempty"`
	Severity      string               `json:",omitempty"`
	PrimaryURL    string               `json:",omitempty"`
	References    []string             `json:",omitempty"`
	Status        MisconfStatus        `json:",omitempty"`
	Layer         ftypes.Layer         `json:",omitempty"`
	CauseMetadata ftypes.CauseMetadata `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

DetectedMisconfiguration holds detected misconfigurations

type DetectedVulnerability added in v0.2.0 

type DetectedVulnerability struct {
	VulnerabilityID  string         `json:",omitempty"`
	VendorIDs        []string       `json:",omitempty"`
	PkgID            string         `json:",omitempty"` // It is used to construct dependency graph.
	PkgName          string         `json:",omitempty"`
	PkgPath          string         `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec
	InstalledVersion string         `json:",omitempty"`
	FixedVersion     string         `json:",omitempty"`
	Layer            ftypes.Layer   `json:",omitempty"`
	SeveritySource   types.SourceID `json:",omitempty"`
	PrimaryURL       string         `json:",omitempty"`
	Ref              string         `json:",omitempty"`

	// DataSource holds where the advisory comes from
	DataSource *types.DataSource `json:",omitempty"`

	// Custom is for extensibility and not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`

	// Embed vulnerability details
	types.Vulnerability
}

DetectedVulnerability holds the information of detected vulnerabilities

type DockerConfig 

type DockerConfig struct {
	UserName      string `env:"TRIVY_USERNAME"`
	Password      string `env:"TRIVY_PASSWORD"`
	RegistryToken string `env:"TRIVY_REGISTRY_TOKEN"`
	NonSSL        bool   `env:"TRIVY_NON_SSL" envDefault:"false"`
}

DockerConfig holds the config of Docker

type Library 

type Library struct {
	Name    string
	Version string
}

Library holds the attribute of a package library

type Metadata added in v0.24.0 

type Metadata struct {
	Size int64      `json:",omitempty"`
	OS   *ftypes.OS `json:",omitempty"`

	// Container image
	ImageID     string        `json:",omitempty"`
	DiffIDs     []string      `json:",omitempty"`
	RepoTags    []string      `json:",omitempty"`
	RepoDigests []string      `json:",omitempty"`
	ImageConfig v1.ConfigFile `json:",omitempty"`
}

Metadata represents a metadata of artifact

type MisconfStatus added in v0.19.0 

type MisconfStatus string

MisconfStatus represents a status of misconfiguration 

const (
	// StatusPassed represents successful status
	StatusPassed MisconfStatus = "PASS"

	// StatusFailure represents failure status
	StatusFailure MisconfStatus = "FAIL"

	// StatusException Passed represents the status of exception
	StatusException MisconfStatus = "EXCEPTION"
)

type MisconfSummary added in v0.24.0 

type MisconfSummary struct {
	Successes  int
	Failures   int
	Exceptions int
}

func (MisconfSummary) Empty added in v0.24.0 

func (s MisconfSummary) Empty() bool

type Report added in v0.24.0 

type Report struct {
	SchemaVersion int                 `json:",omitempty"`
	ArtifactName  string              `json:",omitempty"`
	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
	Metadata      Metadata            `json:",omitempty"`
	Results       Results             `json:",omitempty"`

	// SBOM
	CycloneDX *ftypes.CycloneDX `json:"-"` // Just for internal usage, not exported in JSON
}

Report represents a scan result

type Result added in v0.24.0 

type Result struct {
	Target            string                     `json:"Target"`
	Class             ResultClass                `json:"Class,omitempty"`
	Type              string                     `json:"Type,omitempty"`
	Packages          []ftypes.Package           `json:"Packages,omitempty"`
	Vulnerabilities   []DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
	MisconfSummary    *MisconfSummary            `json:"MisconfSummary,omitempty"`
	Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
	Secrets           []ftypes.SecretFinding     `json:"Secrets,omitempty"`
	Licenses          []DetectedLicense          `json:"Licenses,omitempty"`
	CustomResources   []ftypes.CustomResource    `json:"CustomResources,omitempty"`
}

Result holds a target and detected vulnerabilities

func (*Result) IsEmpty added in v0.30.0 

func (r *Result) IsEmpty() bool

func (*Result) MarshalJSON added in v0.28.0 

func (r *Result) MarshalJSON() ([]byte, error)

type ResultClass added in v0.24.0 

type ResultClass string

type Results added in v0.24.0 

type Results []Result

Results to hold list of Result

func (Results) Failed added in v0.24.0 

func (results Results) Failed() bool

Failed returns whether the result includes any vulnerabilities, misconfigurations or secrets

type SBOMSource added in v0.32.0 

type SBOMSource = string

type ScanOptions 

type ScanOptions struct {
	VulnType            []string
	SecurityChecks      []string
	ScanRemovedPackages bool
	ListAllPackages     bool
	LicenseCategories   map[types.LicenseCategory][]string
	FilePatterns        []string
}

ScanOptions holds the attributes for scanning vulnerabilities

type SecurityCheck added in v0.18.2 

type SecurityCheck = string

SecurityCheck represents the type of security check

type VulnType added in v0.18.2 

type VulnType = string

VulnType represents vulnerability type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.