Documentation
¶
Index ¶
- Constants
- Variables
- func DigestAttributesDesignator(attributes map[string]string) (string, string, map[string]string)
- func DigestPortalDesignator(designator *PortalDesignator) (string, string, map[string]string)
- func GetInClusterSupportedNamespaces() []string
- func IsDesignatorsMatchContext(ctxSlice []ArmoContext, designator *PortalDesignator, designatorPrefix string) bool
- func ValidateContainerScanID(containerScanID string) bool
- type Alert2Channel
- type AlertLevel
- type ApprovementState
- type ApprovementStatus
- type ArmoContext
- type AssociationStatus
- type AttributesDesignators
- func (ad *AttributesDesignators) GetCluster() string
- func (ad *AttributesDesignators) GetKind() string
- func (ad *AttributesDesignators) GetLabels() map[string]string
- func (ad *AttributesDesignators) GetName() string
- func (ad *AttributesDesignators) GetNamespace() string
- func (ad *AttributesDesignators) GetPath() string
- func (ad *AttributesDesignators) GetResourceID() string
- type AuthMethod
- type Banner
- type ClusterResourceScanned
- type CollabAssignee
- type CollaborationConfig
- type CollaborationConfigOption
- type CollaborationConfigOptionType
- type CommonContainerScanSummaryResult
- type CommonSummaryFields
- type ControlInfo
- type ControlInputs
- type CustomerAccessStatus
- type CustomerConfig
- type CustomerOnboarding
- type CustomerState
- type DesignatorType
- type EnforcmentsRule
- type ExecutionPolicy
- type FixPath
- type FixedIn
- type GUID
- type GettingStartedChecklist
- type HighlightsByControl
- type InstallationData
- type KPILogin
- type KPIPostureScan
- type LicenseType
- type Misconfiguration
- type Misconfigurations
- type NewClusterAdmin
- type NewClusterAdmins
- type NodeUsage
- type NotificationConfigIdentifier
- type NotificationType
- type Notifications
- type NotificationsConfig
- type PolicyType
- type PortalBase
- func (p *PortalBase) GetAttributes() map[string]interface{}
- func (p *PortalBase) GetGUID() string
- func (p *PortalBase) GetName() string
- func (p *PortalBase) GetUpdatedTime() *time.Time
- func (p *PortalBase) SetAttributes(attributes map[string]interface{})
- func (p *PortalBase) SetGUID(guid string)
- func (p *PortalBase) SetName(name string)
- func (p *PortalBase) SetUpdatedTime(updatedTime *time.Time)
- type PortalCluster
- type PortalCustomer
- type PortalDesignator
- func (designator *PortalDesignator) DigestAttributesDesignator() AttributesDesignators
- func (designator *PortalDesignator) DigestPortalDesignator() AttributesDesignators
- func (designator *PortalDesignator) GetCluster() string
- func (designator *PortalDesignator) GetKind() string
- func (designator *PortalDesignator) GetLabels() map[string]string
- func (designator *PortalDesignator) GetName() string
- func (designator *PortalDesignator) GetNamespace() string
- func (designator *PortalDesignator) GetPath() string
- func (designator *PortalDesignator) GetResourceID() string
- func (designator *PortalDesignator) NKeys() int
- func (designator *PortalDesignator) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
- type PortalRegistryCronJob
- type PortalRepository
- type PostureAttributesList
- type PostureClusterOverTime
- type PostureClusterSummary
- type PostureContainerSummary
- type PostureControlSummary
- type PostureExceptionPolicy
- type PostureExceptionPolicyActions
- type PostureFrameworkOverTime
- type PostureFrameworkOverTimeCoord
- type PostureFrameworkSubsectionSummary
- type PostureFrameworkSummary
- type PostureFrameworksOverTime
- type PostureJobParams
- type PosturePaths
- type PosturePolicy
- type PostureReportResultRaw
- type PostureResource
- type PostureResourceSummary
- type PostureScanConfig
- type PostureSummary
- type PushNotification
- type PushReport
- type RawResource
- type RecommendationAssociation
- type RecommendationSkeletonV1
- type RecordStatus
- type RegistryInfo
- type RegistryJobParams
- type RegistryScanned
- type RelevantImageVulnerabilitiesConfiguration
- type RepoEntityKind
- type RepoEntitySummary
- type Repository
- type RepositoryScanned
- type ResourceScanned
- type ScanFrequency
- type ScanType
- type Settings
- type SeverityDetails
- type SeverityStats
- type ShortVulnerabilityResult
- type SlackChannel
- type SlackNotification
- type SlackSettings
- type Subscription
- type TopCtrlCluster
- type TopCtrlItem
- type TopVulItem
- type UpdateAuditEntry
- type User
- type V2ListRequest
- type VulFixes
- type Vulnerability
- type VulnerabilityCategory
- type VulnerabilityExceptionPolicy
- type VulnerabilityExceptionPolicyActions
- type VulnerabilityJobParams
- type VulnerabilityPolicy
- type VulnerabilityScanConfig
- type WeeklyReport
Constants ¶
View Source
const ( // In-cluster namespaces ArmoSystemNamespace = "armo-system" // deprecated, kept for backward compatibility KubescapeNamespace = "kubescape" ArmoKollectorContainerName = "armo-collector" // deprecated, kept for backward compatibility KollectorContainerName = "kollector" // registry scan LowestHelmVersionSupportedRegistryScanAndTest = "v1.9" LowestHelmVersionSupportedRegistryScan = "v1.7.14" RegistryInfoArgKey = "registryInfo-v1" RegistryScanSecretName = "kubescape-registry-scan" //nolint:gosec // vulnerability scan LowestHelmVersionSupportedVulnerabilityScan = "v1.7.17" // cronjob template annotation and labels CronJobTemplateAnnotationArmoJobIDKeyDeprecated = "armo.jobid" // deprecated CronJobTemplateAnnotationArmoCloudJobIDKeyDeprecated = "armo.cloud/jobid" // deprecated CronJobTemplateAnnotationJobIDKey = "app.kubescape/job-id" CronJobTemplateAnnotationUpdateJobIDDeprecated = "armo.updatejobid" // deprecated CronJobTemplateAnnotationUpdateJobID = "app.kubescape/update-job-id" CronJobTemplateAnnotationNamespaceKeyDeprecated = "armo.namespace" // deprecated CronJobTemplateAnnotationNamespaceKey = "app.kubescape/namespace" CronJobTemplateAnnotationRegistryNameKey = "armo.cloud/registryname" CronJobTemplateAnnotationHostScannerKey = "armo.host-scanner" CronJobTemplateAnnotationFrameworkKey = "armo.framework" CronJobTemplateLabelKey = "armo.tier" CronJobTemplateLabelValueKubescape = "kubescape-scan" CronJobTemplateLabelValueVulnScan = "vuln-scan" CronJobTemplateLabelValueRegistryScan = "registry-scan" )
View Source
const ( K8sKindCluster = "Cluster" K8sKindNode = "Node" K8sKindNamespace = "Namespace" K8sApiVersionV1 = "v1" K8sApiVersionRBAC = "rbac.authorization.k8s.io" K8sApiVersionRBACV1 = K8sApiVersionRBAC + "/" + K8sApiVersionV1 K8SApiVersionAppsV1 = "apps/v1" K8SApiVersionBatchV1 = "batch/v1" )
View Source
const ( CustomerGuidQuery = "customerGUID" ClusterNameQuery = "cluster" DatacenterNameQuery = "datacenter" NamespaceQuery = "namespace" ProjectQuery = "project" WlidQuery = "wlid" SidQuery = "sid" )
View Source
const ( SubscriptionStatusIncomplete = string(stripe.SubscriptionStatusIncomplete) SubscriptionStatusIncompleteExpired = string(stripe.SubscriptionStatusIncompleteExpired) SubscriptionStatusTrialing = string(stripe.SubscriptionStatusTrialing) SubscriptionStatusActive = string(stripe.SubscriptionStatusActive) SubscriptionStatusPastDue = string(stripe.SubscriptionStatusPastDue) SubscriptionStatusCanceled = string(stripe.SubscriptionStatusCanceled) SubscriptionStatusUnpaid = string(stripe.SubscriptionStatusUnpaid) )
View Source
const ( DesignatorsToken = "designators" AttributeCustomerGUID = "customerGUID" AttributeRegistryName = "registryName" AttributeRepository = "repository" AttributeTag = "tag" AttributeCluster = "cluster" AttributeNamespace = "namespace" AttributeKind = "kind" AttributeName = "name" AttributeContainerName = "containerName" AttributeApiVersion = "apiVersion" AttributeWorkloadHash = "workloadHash" AttributeIsIncomplete = "isIncomplete" AttributeSensor = "sensor" AttributePath = "path" AttributeResourceID = "resourceID" )
attributes
View Source
const ( AttributeRepoName = "repoName" AttributeRepoOwner = "repoOwner" AttributeRepoHash = "repoHash" AttributeBranchName = "branch" AttributeDefaultBranch = "defaultBranch" AttributeProvider = "provider" AttributeRemoteURL = "remoteURL" AttributeLastCommitHash = "lastCommitHash" AttributeLastCommitterName = "lastCommitterName" AttributeLastCommitterEmail = "lastCommitterEmail" AttributeLastCommitTime = "lastCommitTime" AttributeFilePath = "filePath" AttributeFileType = "fileType" AttributeFileDir = "fileDirectory" AttributeFileUrl = "fileUrl" AttributeFileHelmChartName = "fileHelmChartName" AttributeLastFileCommitHash = "lastFileCommitHash" AttributeLastFileCommitterName = "lastFileCommitterName" AttributeLastFileCommitterEmail = "LastFileCommitterEmail" AttributeLastFileCommitTime = "lastFileCommitTime" AttributeUseHTTP = "useHTTP" AttributeSkipTLSVerify = "skipTLSVerify" )
Repository scan related attributes
View Source
const ( AttributeImageScanRelated = "imageScanRelated" AttributeImageRelatedControls = "imageRelatedControls" AttributeHostSensorRule = "hostSensorRule" AttributeHostSensor = "hostSensor" )
rego-library attributes
View Source
const ( AttributeWorkerNodes = "workerNodes" WorkerNodesmax = "max" WorkerNodeslastReported = "lastReported" WorkerNodeslastReportDate = "lastReportDate" WorkerNodesmaxPerMonth = "maxPerMonth" WorkerNodesmaxReportGUID = "maxReportGUID" WorkerNodesmaxPerMonthReportGUID = "maxPerMonthReportGUID" WorkerNodeslastReportGUID = "lastReportGUID" )
Worker nodes attribute related consts
View Source
const ( PostureControlStatusUnknown = 0 PostureControlStatusPassed = 1 PostureControlStatusWarning = 2 // deprecated PostureControlStatusFailed = 3 PostureControlStatusSkipped = 4 PostureControlStatusIrrelevant = 5 // deprecated PostureControlStatusError = 6 PostureResourceMaxCtrls = 6 )
Variables ¶
View Source
var ActiveSubscriptionStatuses = []string{SubscriptionStatusIncomplete, SubscriptionStatusTrialing, SubscriptionStatusActive}
View Source
var IgnoreLabels = []string{AttributeCluster, AttributeNamespace}
Functions ¶
func DigestPortalDesignator ¶
func DigestPortalDesignator(designator *PortalDesignator) (string, string, map[string]string)
DigestPortalDesignator DEPRECATED. use designator.DigestPortalDesignator() - get cluster namespace and labels from designator
func GetInClusterSupportedNamespaces ¶ added in v0.0.114
func GetInClusterSupportedNamespaces() []string
func IsDesignatorsMatchContext ¶
func IsDesignatorsMatchContext(ctxSlice []ArmoContext, designator *PortalDesignator, designatorPrefix string) bool
checks if all the context values match in designators
func ValidateContainerScanID ¶ added in v0.0.193
Types ¶
type Alert2Channel ¶
type Alert2Channel struct {
Critical []SlackChannel `json:"criticalChannels,omitempty" bson:"criticalChannels,omitempty"`
Error []SlackChannel `json:"errorChannels,omitempty" bson:"errorChannels,omitempty"`
Info []SlackChannel `json:"infoChannels,omitempty" bson:"infoChannels,omitempty"`
}
type AlertLevel ¶
type AlertLevel string
const ( AlertInfo AlertLevel = "info" AlertCritical AlertLevel = "critical" AlertError AlertLevel = "error" )
type ApprovementState ¶
type ApprovementState struct {
UpdateAuditEntry `json:",inline"`
Status ApprovementStatus `json:"status"`
}
type ApprovementStatus ¶
type ApprovementStatus int
const ( ApprovementStatusApprove ApprovementStatus = iota + 1 ApprovementStatusDecline ApprovementStatusPending )
type ArmoContext ¶
type ArmoContext struct {
Attribute string `json:"attribute"`
Value string `json:"value"`
Source string `json:"source"`
}
context attributes based structure to get more flexible and searchable options
func DesignatorToArmoContext ¶
func DesignatorToArmoContext(designator *PortalDesignator, designatorPrefix string) []ArmoContext
type AssociationStatus ¶
type AssociationStatus int
const ( AssociationStatusAssigned AssociationStatus = iota + 1 AssociationStatusShown AssociationStatusDeclineByUser AssociationStatusHandled // the user took this recommendation into account AssociationStatusFixed // the user fixed the issue in some another way )
type AttributesDesignators ¶ added in v0.0.151
type AttributesDesignators struct {
// contains filtered or unexported fields
}
AttributeDesignators describe a kubernetes object, with its labels.
func (*AttributesDesignators) GetCluster ¶ added in v0.0.151
func (ad *AttributesDesignators) GetCluster() string
func (*AttributesDesignators) GetKind ¶ added in v0.0.151
func (ad *AttributesDesignators) GetKind() string
func (*AttributesDesignators) GetLabels ¶ added in v0.0.151
func (ad *AttributesDesignators) GetLabels() map[string]string
func (*AttributesDesignators) GetName ¶ added in v0.0.151
func (ad *AttributesDesignators) GetName() string
func (*AttributesDesignators) GetNamespace ¶ added in v0.0.151
func (ad *AttributesDesignators) GetNamespace() string
func (*AttributesDesignators) GetPath ¶ added in v0.0.151
func (ad *AttributesDesignators) GetPath() string
func (*AttributesDesignators) GetResourceID ¶ added in v0.0.173
func (ad *AttributesDesignators) GetResourceID() string
type AuthMethod ¶ added in v0.0.125
type Banner ¶ added in v0.0.194
type Banner struct {
CustomerGUID string `json:"customerGUID,omitempty" bson:"customerGUID,omitempty"` // customerGUID of the account which clicked the banner
ScanID string `json:"scanID,omitempty" bson:"scanID,omitempty"` // for detailed view, unique key for banner is combination of scanID and bannerID
}
type ClusterResourceScanned ¶ added in v0.0.142
type ClusterResourceScanned struct {
ShortName string `json:"shortName" bson:"shortName"`
Cluster ResourceScanned `json:"cluster" bson:"cluster"`
ReportGUID string `json:"reportGUID" bson:"reportGUID"`
FailedResources uint64 `json:"failedResources" bson:"failedResources"`
}
type CollabAssignee ¶
type CollabAssignee struct {
//example: can be channelID(slack) "C02HD5MU9G8" and etc.
AssgineeID string `json:"assigneeID"`
//example: #abuse(slack)
AssigneeName string `json:"assigneeName"`
//put here properties of the assignee, ad
AdditionalInfo []ArmoContext `json:"additionalInfo"`
}
type CollaborationConfig ¶
type CollaborationConfig struct {
PortalBase `json:",inline"`
// Provider name
// Example: jira
Provider string `json:"provider"`
// Host name for private hosting
// Example: http://example.com
HostName string `json:"hostName,omitempty"`
// The context of sharing (for example in jira it will be cloud, project, etc)
Context map[string]CollaborationConfigOption `json:"context"`
// Icon url for the option. Optional
// Example: https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png
IconURL string `json:"iconURL,omitempty"`
// Icon for the option encoded in base64. Optional
IconBase64 string `json:"iconBase64,omitempty"`
}
swagger:model CollaborationConfig
type CollaborationConfigOption ¶
type CollaborationConfigOption struct {
// Type of the option
// Example: Project
Type *CollaborationConfigOptionType `json:"type,omitempty"`
// Name of the option
// Example: jira-main-project
Name string `json:"name"`
// ID of the option
// Example: 8313c5a0-bee1-4a3c-8f4f-71ce698259876
ID string `json:"id"`
// Icon url for the option. Optional
// Example: https://site-admin-avatar-cdn.prod.public.atl-paas.net/avatars/240/triangle.png
IconURL string `json:"iconURL,omitempty"`
// Icon for the option encoded in base64. Optional
IconBase64 string `json:"iconBase64,omitempty"`
}
Collaboration provider config option swagger:model CollaborationConfigOption
type CollaborationConfigOptionType ¶
type CollaborationConfigOptionType struct {
// Name of the type
// Example: project
Name string `json:"name"`
// Indicates if this option is a mandatory for collaboration configuration
// Example: false
ConfigRequired bool `json:"required"`
// Example: true
ShareRequired bool `json:"-"`
// Custom input available or not
// Example: false
CustomInput bool `json:"customInput"`
}
Config option type swagger:model CollaborationConfigOptionType
type CommonContainerScanSummaryResult ¶ added in v0.0.142
type CommonContainerScanSummaryResult struct {
SeverityStats
Designators PortalDesignator `json:"designators" bson:"designators"`
Context []ArmoContext `json:"context" bson:"context"`
JobIDs []string `json:"jobIDs" bson:"jobIDs"`
CustomerGUID string `json:"customerGUID" bson:"customerGUID"`
ContainerScanID string `json:"containersScanID" bson:"containersScanID"`
Timestamp int64 `json:"timestamp" bson:"timestamp"`
WLID string `json:"wlid" bson:"wlid"`
ImgTag string `json:"imageTag" bson:"imageTag"`
ImgHash string `json:"imageHash" bson:"imageHash"`
Cluster string `json:"cluster" bson:"cluster"`
Namespace string `json:"namespace" bson:"namespace"`
ContainerName string `json:"containerName" bson:"containerName"`
PackagesName []string `json:"packages" bson:"packages"`
ListOfDangerousArtifcats []string `json:"listOfDangerousArtifcats" bson:"listOfDangerousArtifcats"`
Status string `json:"status" bson:"status"`
Registry string `json:"registry" bson:"registry"`
VersionImage string `json:"versionImage" bson:"versionImage"`
SeveritiesStats []SeverityStats `json:"severitiesStats" bson:"severitiesStats"`
ExcludedSeveritiesStats []SeverityStats `json:"excludedSeveritiesStats,omitempty" bson:"excludedSeveritiesStats,omitempty"`
Version string `json:"version" bson:"version"`
Vulnerabilities []ShortVulnerabilityResult `json:"vulnerabilities" bson:"vulnerabilities"`
}
type CommonSummaryFields ¶
type CommonSummaryFields struct {
// The unique id of the report this summary belongs to
ReportID GUID `json:"reportGUID"`
// The designators of this summary
Designators *PortalDesignator `json:"designators"`
// Time of the scan that produced this summary
Timestamp time.Time `json:"timestamp"`
// swagger:ignore
// Indication if this summary is marked for deletetion
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
swagger:model
type ControlInfo ¶
type ControlInfo struct {
// ID of the control
// Example: C-0034
ID string `json:"id"`
// How much this control is critical
// Example: 6
BaseScore float32 `json:"baseScore"`
// How many failed resources for this control
// Example: 3
FailedResources int `json:"failedResources"`
}
ControlInfo Basic information about a control
type ControlInputs ¶
type ControlInputs struct {
Rulename string
Inputs []PostureAttributesList // Attribute = input list name, Values = list values
}
type CustomerAccessStatus ¶ added in v0.0.170
type CustomerAccessStatus string
const ( PayingCustomer CustomerAccessStatus = "paying" FreeCustomer CustomerAccessStatus = "free" TrialCustomer CustomerAccessStatus = "trial" BlockedCustomer CustomerAccessStatus = "blocked" )
type CustomerConfig ¶
type CustomerConfig struct {
Name string `json:"name" bson:"name"`
Attributes map[string]interface{} `json:"attributes,omitempty" bson:"attributes,omitempty"` // could be string
Scope PortalDesignator `json:"scope" bson:"scope"`
Settings Settings `json:"settings" bson:"settings"`
}
func MockCustomerConfig ¶
func MockCustomerConfig() *CustomerConfig
type CustomerOnboarding ¶ added in v0.0.143
type CustomerOnboarding struct {
Completed *bool `json:"completed,omitempty" bson:"completed,omitempty"` // user completed the onboarding
CompanySize *string `json:"companySize,omitempty" bson:"companySize,omitempty"` // user company size
Role *string `json:"role,omitempty" bson:"role,omitempty"` // user role
OrgName *string `json:"orgName,omitempty" bson:"orgName,omitempty"` // user organization name
Interests []string `json:"interests,omitempty" bson:"interests,omitempty"` // user interests
}
type CustomerState ¶ added in v0.0.143
type CustomerState struct {
Onboarding *CustomerOnboarding `json:"onboarding,omitempty" bson:"onboarding,omitempty"`
GettingStarted *GettingStartedChecklist `json:"gettingStarted,omitempty" bson:"gettingStarted,omitempty"`
NodeUsage *NodeUsage `json:"nodeUsage,omitempty" bson:"nodeUsage,omitempty"`
}
CustomerState holds the state of the customer, used for UI purposes
type DesignatorType ¶
type DesignatorType string
Type of the designator
swagger:enum DesignatorType
const ( DesignatorAttributes DesignatorType = "Attributes" DesignatorAttribute DesignatorType = "Attribute" // Deprecated // WorkloadID format. // // Has two formats: // 1. Kubernetes format: wlid://cluster-<cluster>/namespace-<namespace>/<kind>-<name> // 2. Native format: wlid://datacenter-<datacenter>/project-<project>/native-<name> DesignatorWlid DesignatorType = "Wlid" // A WorkloadID wildcard expression. // // A wildcard expression that includes a cluster: // // wlid://cluster-<cluster>/ // // An expression that includes a cluster and namespace (filters out all other namespaces): // // wlid://cluster-<cluster>/namespace-<namespace>/ DesignatorWildWlid DesignatorType = "WildWlid" DesignatorWlidContainer DesignatorType = "WlidContainer" DesignatorWlidProcess DesignatorType = "WlidProcess" DesignatorSid DesignatorType = "Sid" // secret id )
Supported designators
func (DesignatorType) ToLower ¶
func (dt DesignatorType) ToLower() DesignatorType
type EnforcmentsRule ¶
type ExecutionPolicy ¶
type ExecutionPolicy struct {
PortalBase `json:",inline"`
Designators []PortalDesignator `json:"designators"`
PolicyType string `json:"policyType"`
CreationTime string `json:"creation_time"`
ExecutionEnforcmentsRules []EnforcmentsRule `json:"enforcementRules"`
}
type GettingStartedChecklist ¶ added in v0.0.143
type GettingStartedChecklist struct {
// indicates if the user has dismissed the checklist
GettingStartedDismissed *bool `json:"gettingStartedDismissed,omitempty" bson:"gettingStartedDismissed,omitempty"`
// checklist items
EverConnectedCluster *bool `json:"everConnectedCluster,omitempty" bson:"everConnectedCluster,omitempty"`
EverScannedRepository *bool `json:"everScannedRepository,omitempty" bson:"everScannedRepository,omitempty"`
EverScannedRegistry *bool `json:"everScannedRegistry,omitempty" bson:"everScannedRegistry,omitempty"`
EverCollaborated *bool `json:"everCollaborated,omitempty" bson:"everCollaborated,omitempty"`
EverInvitedTeammate *bool `json:"everInvitedTeammate,omitempty" bson:"everInvitedTeammate,omitempty"`
EverUsedRbacVisualizer *bool `json:"everUsedRbacVisualizer,omitempty" bson:"everUsedRbacVisualizer,omitempty"`
}
type HighlightsByControl ¶
type InstallationData ¶ added in v0.0.191
type InstallationData struct {
ClusterName string `json:"clusterName,omitempty" bson:"clusterName,omitempty"` // cluster name defined manually or from the cluster context
ClusterShortName string `json:"clusterShortName,omitempty" bson:"clusterShortName,omitempty"` // cluster short name enriched from the cluster name by BE
StorageEnabled *bool `json:"storage,omitempty" bson:"storage,omitempty"` // storage configuration (enabled/disabled)
RelevantImageVulnerabilitiesEnabled *bool `json:"relevantImageVulnerabilitiesEnabled,omitempty" bson:"relevantImageVulnerabilitiesEnabled,omitempty"` // relevancy actual state (enabled/disabled)
RelevantImageVulnerabilitiesConfiguration RelevantImageVulnerabilitiesConfiguration `json:"relevantImageVulnerabilitiesConfiguration,omitempty" bson:"relevantImageVulnerabilitiesConfiguration,omitempty"` // relevancy configuration defined user
Namespace string `json:"namespace,omitempty" bson:"namespace,omitempty"` // namespace to deploy the components
ImageVulnerabilitiesScanningEnabled *bool `json:"imageVulnerabilitiesScanningEnabled,omitempty" bson:"imageVulnerabilitiesScanningEnabled,omitempty"` // image scanning configuration (enabled/disabled)
PostureScanEnabled *bool `json:"postureScanEnabled,omitempty" bson:"postureScanEnabled,omitempty"` // posture configuration (enabled/disabled)
OtelCollectorEnabled *bool `json:"otelCollector,omitempty" bson:"otelCollector,omitempty"` // otel collector configuration (enabled/disabled)
ClusterProvider string `json:"clusterProvider,omitempty" bson:"clusterProvider,omitempty"` // cluster provider (aws/azure/gcp)
}
type KPIPostureScan ¶
type KPIPostureScan struct {
Client string `json:"client"`
ClientVersion string `json:"clientVersion"`
Framework string `json:"framework"`
FrameworkVersion string `json:"frameworkVersion"`
Timestamp time.Time `json:"timestamp"`
Target string `json:"target"` //yaml,helm,running - what we actually scanned
ClientIP string `json:"clientIP"`
}
type LicenseType ¶ added in v0.0.154
type LicenseType string
const ( LicenseTypeFree LicenseType = "Free" LicenseTypeTeam LicenseType = "Team" LicenseTypeEnterprise LicenseType = "Enterprise" )
type Misconfiguration ¶ added in v0.0.146
type Misconfigurations ¶ added in v0.0.158
type Misconfigurations []Misconfiguration
type NewClusterAdmin ¶ added in v0.0.158
type NewClusterAdmins ¶ added in v0.0.158
type NewClusterAdmins []NewClusterAdmin
type NotificationConfigIdentifier ¶ added in v0.0.141
type NotificationConfigIdentifier struct {
NotificationType NotificationType `json:"notificationType,omitempty" bson:"notificationType,omitempty"`
}
func (*NotificationConfigIdentifier) Validate ¶ added in v0.0.192
func (nci *NotificationConfigIdentifier) Validate() error
type NotificationType ¶ added in v0.0.141
type NotificationType string
const ( NotificationTypeAll NotificationType = "all" NotificationTypePush NotificationType = "push" NotificationTypeWeekly NotificationType = "weekly" )
type Notifications ¶
type Notifications struct {
PostureScan []string `json:"postureScan,omitempty" bson:"postureScan,omitempty"` // bad approach kept till i see if can do something with mongo and old data
PostureScoreAboveLastScan []string `json:"postureScoreAboveLastScan,omitempty" bson:"postureScoreAboveLastScan,omitempty"`
PostureScanV1 []SlackNotification `json:"postureScanV1" bson:"postureScanV1"`
PostureScanAboveLastScanV1 []SlackNotification `json:"postureScoreAboveLastScanV1" bson:"postureScoreAboveLastScanV1"`
}
type NotificationsConfig ¶ added in v0.0.141
type NotificationsConfig struct {
//Map of unsubscribed user id to notification config identifier
UnsubscribedUsers map[string][]NotificationConfigIdentifier `json:"unsubscribedUsers,omitempty" bson:"unsubscribedUsers,omitempty"`
LatestWeeklyReport *WeeklyReport `json:"latestWeeklyReport,omitempty" bson:"latestWeeklyReport,omitempty"`
LatestPushReports map[string]*PushReport `json:"latestPushReports,omitempty" bson:"latestPushReports,omitempty"`
}
func (*NotificationsConfig) AddLatestPushReport ¶ added in v0.0.146
func (nc *NotificationsConfig) AddLatestPushReport(report *PushReport)
func (*NotificationsConfig) GetLatestPushReport ¶ added in v0.0.146
func (nc *NotificationsConfig) GetLatestPushReport(cluster string, scanType ScanType) *PushReport
type PolicyType ¶ added in v0.0.172
type PolicyType string
const PostureExceptionPolicyType PolicyType = "postureExceptionPolicy"
const VulnerabilityExceptionPolicyType PolicyType = "vulnerabilityExceptionPolicy"
type PortalBase ¶
type PortalBase struct {
GUID string `json:"guid" bson:"guid"`
Name string `json:"name" bson:"name"`
Attributes map[string]interface{} `json:"attributes,omitempty" bson:"attributes,omitempty"` // could be string
UpdatedTime string `json:"updatedTime,omitempty" bson:"updatedTime,omitempty"`
}
PortalBase holds basic items data from portal BE
func MockPortalBase ¶
func MockPortalBase(customerGUID, name string, attributes map[string]interface{}) *PortalBase
func (*PortalBase) GetAttributes ¶ added in v0.0.128
func (p *PortalBase) GetAttributes() map[string]interface{}
func (*PortalBase) GetGUID ¶ added in v0.0.128
func (p *PortalBase) GetGUID() string
Getters & Setter used by derived types for interfaces implementation
func (*PortalBase) GetName ¶ added in v0.0.128
func (p *PortalBase) GetName() string
func (*PortalBase) GetUpdatedTime ¶ added in v0.0.141
func (p *PortalBase) GetUpdatedTime() *time.Time
func (*PortalBase) SetAttributes ¶ added in v0.0.128
func (p *PortalBase) SetAttributes(attributes map[string]interface{})
func (*PortalBase) SetGUID ¶ added in v0.0.128
func (p *PortalBase) SetGUID(guid string)
func (*PortalBase) SetName ¶ added in v0.0.128
func (p *PortalBase) SetName(name string)
func (*PortalBase) SetUpdatedTime ¶ added in v0.0.135
func (p *PortalBase) SetUpdatedTime(updatedTime *time.Time)
type PortalCluster ¶ added in v0.0.120
type PortalCluster struct {
PortalBase `json:",inline" bson:"inline"`
SubscriptionDate string `json:"subscription_date,omitempty" bson:"subscription_date,omitempty"`
LastLoginDate string `json:"last_login_date,omitempty" bson:"last_login_date,omitempty"`
InstallationData *InstallationData `json:"installationData" bson:"installationData,omitempty"`
}
PortalCluster holds cluster data from portal BE
type PortalCustomer ¶ added in v0.0.126
type PortalCustomer struct {
PortalBase `json:",inline" bson:"inline"`
Description string `json:"description,omitempty" bson:"description,omitempty,omitempty"`
SubscriptionDate string `json:"subscription_date,omitempty" bson:"subscription_date,omitempty"`
LastLoginDate string `json:"last_login_date,omitempty" bson:"last_login_date,omitempty"`
Email string `json:"email,omitempty" bson:"email,omitempty"`
// customizable field that overrides the default max
MaxFreeNodes int `json:"maxFreeNodes,omitempty" bson:"maxFreeNodes,omitempty"`
// DEPRECATED - moved to subscription
LicenseType string `json:"license_type,omitempty" bson:"license_type,omitempty"`
// DEPRECATED - moved to subscription
SubscriptionExpiration string `json:"subscription_expiration,omitempty" bson:"subscription_expiration,omitempty"`
// DEPRECATED
InitialLicenseType string `json:"initial_license_type,omitempty" bson:"initial_license_type,omitempty"`
NotificationsConfig *NotificationsConfig `json:"notifications_config,omitempty" bson:"notifications_config,omitempty"`
State *CustomerState `json:"state,omitempty" bson:"state,omitempty"`
OpenAiRequestCount int `json:"open_ai_request_count,omitempty" bson:"open_ai_request_count,omitempty"`
// Paid/free subscriptions information
ActiveSubscription *Subscription `json:"activeSubscription,omitempty" bson:"activeSubscription,omitempty"`
HistoricalSubscriptions []Subscription `json:"historicalSubscriptions,omitempty" bson:"historicalSubscriptions,omitempty"`
}
type PortalDesignator ¶
type PortalDesignator struct {
DesignatorType DesignatorType `json:"designatorType" bson:"designatorType"`
// A specific Workload ID
WLID string `json:"wlid,omitempty" bson:"wlid,omitempty"`
// An expression that describes applicable workload IDs
WildWLID string `json:"wildwlid,omitempty" bson:"wildwlid,omitempty"`
// A specific Secret ID
SID string `json:"sid,omitempty" bson:"sid,omitempty"`
// Attributes that describe the targets
Attributes map[string]string `json:"attributes" bson:"attributes"`
}
PortalDesignator represents a single designation option
func AttributesDesignatorsFromImageTag ¶
func AttributesDesignatorsFromImageTag(imageTag string) *PortalDesignator
func AttributesDesignatorsFromWLID ¶
func AttributesDesignatorsFromWLID(wlid string) *PortalDesignator
func MockPortalDesignator ¶
func MockPortalDesignator() *PortalDesignator
func (*PortalDesignator) DigestAttributesDesignator ¶
func (designator *PortalDesignator) DigestAttributesDesignator() AttributesDesignators
func (*PortalDesignator) DigestPortalDesignator ¶
func (designator *PortalDesignator) DigestPortalDesignator() AttributesDesignators
DigestPortalDesignator - get cluster namespace and labels from designator
func (*PortalDesignator) GetCluster ¶
func (designator *PortalDesignator) GetCluster() string
func (*PortalDesignator) GetKind ¶
func (designator *PortalDesignator) GetKind() string
func (*PortalDesignator) GetLabels ¶
func (designator *PortalDesignator) GetLabels() map[string]string
func (*PortalDesignator) GetName ¶
func (designator *PortalDesignator) GetName() string
func (*PortalDesignator) GetNamespace ¶
func (designator *PortalDesignator) GetNamespace() string
func (*PortalDesignator) GetPath ¶ added in v0.0.118
func (designator *PortalDesignator) GetPath() string
func (*PortalDesignator) GetResourceID ¶ added in v0.0.173
func (designator *PortalDesignator) GetResourceID() string
func (*PortalDesignator) NKeys ¶
func (designator *PortalDesignator) NKeys() int
func (*PortalDesignator) UnmarshalJSONObject ¶
func (designator *PortalDesignator) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
type PortalRegistryCronJob ¶ added in v0.0.132
type PortalRegistryCronJob struct {
PortalBase `json:",inline" bson:"inline"`
RegistryInfo `json:",inline" bson:"inline"`
CreationDate string `json:"creationDate,omitempty" bson:"creationDate,omitempty"`
ID string `json:"id,omitempty" bson:"id,omitempty"`
ClusterName string `json:"clusterName,omitempty" bson:"clusterName,omitempty"`
CronTabSchedule string `json:"cronTabSchedule,omitempty" bson:"cronTabSchedule,omitempty"`
Repositories []Repository `json:"repositories,omitempty" bson:"repositories,omitempty"`
}
type PortalRepository ¶ added in v0.0.128
type PortalRepository struct {
PortalBase `json:",inline" bson:"inline"`
CreationDate string `json:"creationDate,omitempty" bson:"creationDate,omitempty"`
Provider string `json:"provider,omitempty" bson:"provider,omitempty"`
Owner string `json:"owner,omitempty" bson:"owner,omitempty"`
RepoName string `json:"repoName,omitempty" bson:"repoName,omitempty"`
BranchName string `json:"branchName,omitempty" bson:"branchName,omitempty"`
}
type PostureAttributesList ¶
type PostureClusterOverTime ¶
type PostureClusterOverTime struct {
Designators PortalDesignator `json:"designators,omitempty"`
ClusterName string `json:"clusterName"`
Frameworks []PostureFrameworkOverTime `json:"frameworks"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
-------- /api/v1/posture/clustersOvertime response datastructures
type PostureClusterSummary ¶ added in v0.0.122
type PostureClusterSummary struct {
Score float32 `json:"score"`
TotalControls int `json:"totalControls"`
FailedControls int `json:"failedControls"`
SkippedControls int `json:"skippedControls,omitempty"`
WarningControls int `json:"warningControls,omitempty"` // Deprecated
ReportID string `json:"reportGUID"`
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
Frameworks []string `json:"frameworks"`
// Counters - Failed resources by severity
CriticalSeverityResources int `json:"criticalSeverityResources"`
HighSeverityResources int `json:"highSeverityResources"`
MediumSeverityResources int `json:"mediumSeverityResources"`
LowSeverityResources int `json:"lowSeverityResources"`
// Counters - Failed controls by severity
CriticalSeverityControls int `json:"criticalSeverityControls"`
HighSeverityControls int `json:"highSeverityControls"`
MediumSeverityControls int `json:"mediumSeverityControls"`
LowSeverityControls int `json:"lowSeverityControls"`
// Counters - Resources by status
PassedResources int `json:"passedResources"`
FailedResources int `json:"failedResources"`
SkippedResources int `jsons:"skippedResources,omitempty"`
ExcludedResources int `json:"excludedResources,omitempty"` // Deprecated
// Metadata
KubescapeVersion string `json:"kubescapeVersion"`
KubernetesVersion string `json:"kubernetesVersion"`
WorkerNodeCount int `json:"workerNodeCount"`
Location string `json:"location"`
CloudProvider string `json:"cloudProvider"`
// Information about the controls that were run on this entity
// The key is the status of the control (`failed`, `passed`, etc)
ControlsInfo map[string][]ControlInfo `json:"controlsInfo"`
// Names of the cluster
FullName string `json:"clusterFullName"`
ShortName string `json:"clusterShortName"`
PrefixName string `json:"clusterPrefixName"`
}
type PostureContainerSummary ¶
type PostureControlSummary ¶
type PostureControlSummary struct {
Designators PortalDesignator `json:"designators"`
ControlID string `json:"id"` // "C0001"
ControlGUID string `json:"guid"`
Name string `json:"name"`
AffectedResourcesCount int `json:"affectedResourcesCount"`
FailedResourcesCount int `json:"failedResourcesCount"`
SkippedResourcesCount int `json:"skippedResourcesCount"`
WarningResourcesCount int `json:"warningResourcesCount"` // Deprecated
TotalScannedResourcesCount *int `json:"totalScannedResourcesCount"`
PreviousAffectedResourcesCount int `json:"previousAffectedResourcesCount"`
PreviousFailedResourcesCount int `json:"previousFailedResourcesCount"`
PreviousSkippedResourcesCount int `json:"previousSkippedResourcesCount"`
PreviousWarningResourcesCount int `json:"previousWarningResourcesCount"` // Deprecated
Framework string `json:"frameworkName"`
FrameworkSubSectionID []string `json:"frameworkSubsectionID,omitempty"`
Remediation string `json:"remediation"`
Status int `json:"status"`
StatusText string `json:"statusText"`
SubStatusText string `json:"subStatusText,omitempty"`
Description string `json:"description"`
Section string `json:"section"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
Score float32 `json:"score"`
ComplianceScore *float32 `json:"complianceScore"`
ScoreFactor float32 `json:"baseScore"`
ScoreWeight float32 `json:"scoreWeight"`
ARMOImprovement float32 `json:"ARMOimprovement"`
RelevantCloudProvides []string `json:"relevantCloudProvides"`
ControlInputs []ControlInputs `json:"controlInputs"`
IsLastScan int `json:"isLastScan"`
HighlightPathsCount int64 `json:"highlightPathsCount"`
ClusterShortName string `json:"clusterShortName"`
}
----/api/v1/posture/controls
type PostureExceptionPolicy ¶
type PostureExceptionPolicy struct {
PortalBase `json:",inline" bson:"inline"`
PolicyType string `json:"policyType,omitempty" bson:"policyType,omitempty"`
CreationTime string `json:"creationTime,omitempty" bson:"creationTime,omitempty"`
Actions []PostureExceptionPolicyActions `json:"actions,omitempty" bson:"actions,omitempty"`
Resources []PortalDesignator `json:"resources" bson:"resources,omitempty"`
PosturePolicies []PosturePolicy `json:"posturePolicies,omitempty" bson:"posturePolicies,omitempty"`
Reason *string `json:"reason,omitempty" bson:"reason,omitempty"`
ExpirationDate *time.Time `json:"expirationDate,omitempty" bson:"expirationDate,omitempty"`
CreatedBy string `json:"createdBy,omitempty" bson:"createdBy,omitempty"`
}
func (*PostureExceptionPolicy) IsAlertOnly ¶
func (exceptionPolicy *PostureExceptionPolicy) IsAlertOnly() bool
func (*PostureExceptionPolicy) IsDisable ¶
func (exceptionPolicy *PostureExceptionPolicy) IsDisable() bool
type PostureExceptionPolicyActions ¶
type PostureExceptionPolicyActions string
const AlertOnly PostureExceptionPolicyActions = "alertOnly"
const Disable PostureExceptionPolicyActions = "disable"
type PostureFrameworkOverTime ¶
type PostureFrameworkOverTime struct {
// "frameworkName": "MITRE",
// "riskScore": 54,
RiskScore float32 `json:"riskScore,omitempty"`
ComplianceScore float32 `json:"complianceScore,omitempty"`
Framework string `json:"frameworkName"`
Coords []PostureFrameworkOverTimeCoord `json:"cords"`
}
PostureFrameworkOverTime - the response structure
type PostureFrameworkSubsectionSummary ¶
type PostureFrameworkSubsectionSummary struct {
// The name (title) of the subsection
// Example: General Policies
Name string `json:"name"`
// The name of the framework this subsection belongs to
// Example: CIS
Framework string `json:"framework"`
// Unique id of the subsection inside its framework
// Example: 5.7
ID string `json:"id"`
// Statistics about the controls that were run
// The key is the status of the control (`failed`, `passed`, etc).
// The value is the number of controls
// Example: {"failed": 3, "passed": 4}
ControlsStats map[string]uint `json:"controlsStats"`
}
type PostureFrameworkSummary ¶
type PostureFrameworkSummary struct {
Name string `json:"name"`
TypeTags []string `json:"typeTags"`
Score float32 `json:"value"`
ComplianceScore float32 `json:"complianceScorev1"`
ImprovementScore float32 `json:"improvementScore"`
TotalControls int `json:"totalControls"`
FailedControls int `json:"failedControls"`
SkippedControls int `json:"skippedControls,omitempty"`
WarningControls int `json:"warningControls,omitempty"` // Deprecated
ReportID string `json:"reportGUID"`
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
type PostureFrameworksOverTime ¶
type PostureFrameworksOverTime struct {
ClusterName string `json:"clusterName"`
ScoreValue float32 `json:"value"`
ReportID string `json:"reportGUID"`
Timestamp time.Time `json:"timestamp"`
Framework string `json:"frameworkName"`
}
Used for elastic
type PostureJobParams ¶
type PosturePaths ¶
type PosturePolicy ¶
type PosturePolicy struct {
FrameworkName string `json:"frameworkName" bson:"frameworkName"`
ControlName string `json:"controlName,omitempty" bson:"controlName,omitempty"`
ControlID string `json:"controlID,omitempty" bson:"controlID,omitempty"`
RuleName string `json:"ruleName,omitempty" bson:"ruleName,omitempty"`
}
type PostureReportResultRaw ¶
type PostureReportResultRaw struct {
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
ResourceID string `json:"resourceID"`
ControlID string `json:"controlID"`
ControlConfigurations []ControlInputs `json:"controlConfigurations,omitempty"`
HighlightsPaths []PosturePaths `json:"highlightsPaths"`
}
type PostureResource ¶
type PostureResource struct {
UniqueResourceResult string `json:"uniqueResourceResult"` // FNV(customerGUID + cluster+resourceID+frameworkName + resource.ReportID) to allow fast search for aggregation
Designators PortalDesignator `json:"designators"`
Name string `json:"name"` // wlid/sid and etc.
ResourceID string `json:"resourceID"` //as given by kscape
ControlName string `json:"controlName"`
HighlightPaths []string `json:"highlightPaths"` // specifies "failedPath" - where exactly in the raw resources the control failed
FixPaths []FixPath `json:"fixPaths"` // specifies "fixPaths" - what in the raw resources needs to be added by user
ControlID string `json:"controlID"`
FrameworkName string `json:"frameworkName"`
ControlStatus int `json:"controlStatus"` // it's rather resource status within the control, control might fail but on this specific resource it might be passed (exception)
ControlStatusText string `json:"controlStatusText"`
RelatedExceptions []PostureExceptionPolicy `json:"relatedExceptions"` // configured in portal
ExceptionApplied []PostureExceptionPolicy `json:"exceptionApplied"` //actual ruleResponse
ResourceKind string `json:"kind"`
ResourceNamespace string `json:"namespace"`
Remediation string `json:"remediation"`
Images []PostureContainerSummary `json:"containers,omitempty"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
Recommendations []RecommendationAssociation `json:"recommendations"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
}
1 resource per 1 control
type PostureResourceSummary ¶
type PostureResourceSummary struct {
Designators PortalDesignator `json:"designators"`
Name string `json:"name"` // wlid/sid and etc.
ResourceID string `json:"resourceID"` //as given by kscape
//gives upto PostureResourceMaxCtrls controls as an example
FailedControl []string `json:"failedControls"`
WarningControls []string `json:"warningControls"` // Deprecated
SkippedControls []string `json:"skippedControls"`
//maps statusText 2 list of controlIDs
StatusToControls map[string][]string `json:"statusToControls"`
HighlightsPerCtrl []HighlightsByControl `json:"highlightsPerControl"`
//totalcount (including the failed/warning controls slices)
FailedControlCount int `json:"failedControlsCount"`
SkippedControlCount int `json:"skippedControlsCount"`
WarningControlCount int `json:"warningControlsCount"` // Deprecated
Status int `json:"status"`
StatusText string `json:"statusText"`
SubStatusText string `json:"subStatusText,omitempty"`
Remediation []string `json:"remediation"`
ResourceKind string `json:"resourceKind"`
FrameworkName string `json:"frameworkName"`
ExceptionRecommendaion string `json:"exceptionRecommendaion"`
RelatedExceptions []PostureExceptionPolicy `json:"relatedExceptions"` // configured in portal
ExceptionApplied []PostureExceptionPolicy `json:"exceptionApplied"` //actual ruleResponse
Images []PostureContainerSummary `json:"containers,omitempty"`
Recommendations []RecommendationAssociation `json:"recommendations"`
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
ArmoBestScore int64 `json:"armoBestScore"`
// Information about the controls that were run on this entity
// The key is the status of the control (`failed`, `passed`, etc)
ControlsInfo map[string][]ControlInfo `json:"controlsInfo"`
// Counters - Failed controls by severity
CriticalSeverityControls int `json:"criticalSeverityControls"`
HighSeverityControls int `json:"highSeverityControls"`
MediumSeverityControls int `json:"mediumSeverityControls"`
LowSeverityControls int `json:"lowSeverityControls"`
ClusterShortName string `json:"clusterShortName"`
}
type PostureScanConfig ¶
type PostureScanConfig struct {
ScanFrequency ScanFrequency `json:"scanFrequency,omitempty" bson:"scanFrequency,omitempty"`
}
type PostureSummary ¶
type PostureSummary struct {
RuntimeImprovementPercentage float32 `json:"runtimeImprovementPercentage"`
LastRun time.Time `json:"lastRun"`
ReportID string `json:"reportGUID"`
Designators PortalDesignator `json:"designators"`
PostureAttributes PostureAttributesList `json:"postureAttributes"`
ClusterCloudProvider string `json:"clusterCloudProvider"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
--------/api/v1/posture/summary
type PushNotification ¶ added in v0.0.146
type PushNotification struct {
Misconfigurations Misconfigurations
NewClusterAdmins NewClusterAdmins
}
type PushReport ¶ added in v0.0.146
type PushReport struct {
Cluster string `json:"custer,omitempty" bson:"custer,omitempty"`
ReportGUID string `json:"reportGUID,omitempty" bson:"reportGUID,omitempty"`
ScanType ScanType `json:"scanType" bson:"scanType"`
Timestamp time.Time `json:"timestamp,omitempty" bson:"timestamp,omitempty"`
FailedResources uint64 `json:"failedResources,omitempty" bson:"failedResources,omitempty"`
FrameworksComplianceScore map[string]float32 `json:"frameworksComplianceScore,omitempty" bson:"frameworksComplianceScore,omitempty"`
}
type RawResource ¶
type RawResource struct {
Designators PortalDesignator `json:"designators"`
Timestamp time.Time `json:"timestamp"`
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
ResourceID string `json:"resourceID"`
PostureReportID string `json:"postureReportID,omitempty"`
SPIFFE string `json:"spiffe"`
Containers []PostureContainerSummary `json:"containers,omitempty"`
RelatedResourcesIDs []string `json:"relatedResourcesID,omitempty"`
RAW json.RawMessage `json:"object"`
}
type RecommendationAssociation ¶
type RecommendationAssociation struct {
PortalBase `json:",inline"`
// audit for user actions taken for this recommendation
UpdatesAudit []UpdateAuditEntry `json:"updatesAudit"`
// the context to show this recommendation to this customer
Context []ArmoContext `json:"context"`
// designator object as we have in current resources represntaion
// this is about to be useless
Designators PortalDesignator `json:"designators"`
// guid of the recommendation in recommendation DB
RecommendationPrototypeGUID string `json:"recommendationPrototypeGUID"`
RecommendationDetails RecommendationSkeletonV1 `json:"recommendationDetails"`
// current status of this recommendation for the given resource
Status AssociationStatus `json:"status"`
}
this structure is dedicated to connect between recommendation and specific resource and trace the user actions taken due to this recommendation
type RecommendationSkeletonV1 ¶
type RecommendationSkeletonV1 struct {
PortalBase `json:",inline"`
// audit for manual changes made in this recommendation
UpdatesAudit []UpdateAuditEntry `json:"updatesAudit"`
// the action the user should take
Action string `json:"action"`
Description string `json:"description"`
// link to some well explained description of this recommendation
DescriptionLink string `json:"descriptionLink"`
// the context to show this recommendation in
Context []ArmoContext `json:"context"`
// the approvement status. Do we should show this recommendation to users?
Approvement ApprovementState `json:"approvement"`
}
type RecordStatus ¶
type RecordStatus int
const ( RecordAlive RecordStatus = 0 RecordShouldDelete RecordStatus = 1 )
type RegistryInfo ¶ added in v0.0.125
type RegistryInfo struct {
RegistryName string `json:"registryName,omitempty" bson:"registryName"`
RegistryProvider string `json:"registryProvider,omitempty" bson:"registryProvider"`
RegistryToken string `json:"registryToken,omitempty" bson:"registryToken"`
Depth *int `json:"depth,omitempty" bson:"depth"`
Include []string `json:"include,omitempty" bson:"include"`
Exclude []string `json:"exclude,omitempty" bson:"exclude"`
Kind string `json:"kind,omitempty" bson:"kind"`
IsHTTPS *bool `json:"isHTTPS,omitempty" bson:"isHTTPS"`
SkipTLSVerify *bool `json:"skipTLSVerify,omitempty" bson:"skipTLSVerify"`
AuthMethod AuthMethod `json:"authMethod,omitempty" bson:"authMethod"`
SecretName string `json:"secretName,omitempty" bson:"secretName"`
}
type RegistryJobParams ¶
type RegistryScanned ¶ added in v0.0.142
type RegistryScanned struct {
Registry ResourceScanned `json:"registry" bson:"registry"`
}
type RelevantImageVulnerabilitiesConfiguration ¶ added in v0.0.198
type RelevantImageVulnerabilitiesConfiguration string
const ( RelevantImageVulnerabilitiesConfigurationEnable RelevantImageVulnerabilitiesConfiguration = "enable" RelevantImageVulnerabilitiesConfigurationDisable RelevantImageVulnerabilitiesConfiguration = "disable" RelevantImageVulnerabilitiesConfigurationDetect RelevantImageVulnerabilitiesConfiguration = "detect" )
type RepoEntityKind ¶
type RepoEntityKind string
Kind of an entity. Can only be one of the following: `file` or `repo` Example: repo
const ( RepoEntityFile RepoEntityKind = "file" RepoEntityRepo RepoEntityKind = "repo" )
type RepoEntitySummary ¶
type RepoEntitySummary struct {
Designators PortalDesignator `json:"designators"`
// Name of this entity
// Example: "my-repo"
Name string `json:"name"`
Kind RepoEntityKind `json:"kind"`
// Number of children of the entity. For `file`s entity it would be
// the amount of the resources inside this file, and for `repo`s -
// the amount of scanned files
// Example: 13
ChildCount uint64 `json:"childCount"`
// Status of the entity
// Example: failed
StatusText string `json:"statusText"`
// Information about the controls that were run on this entity
// The key is the status of the control (`failed`, `passed`, etc)
ControlsInfo map[string][]ControlInfo `json:"controlsInfo"`
// Statistics about the controls that were run
// The key is the status of the control (`failed`, `passed`, etc).
// The value is the number of controls
// Example: {"failed": 3, "passed": 4}
ControlsStats map[string]int `json:"controlsStats"`
// Frameworks that were run.
// In multi-frameworks-summary, this property is
// taking the place of the `framework` property
// Example: ["ArmoBest", "MITRE"]
Frameworks []string `json:"frameworks,omitempty"`
// Single framework this summary is for.
// Example: ArmoBest
Framework string `json:"framework,omitempty"`
// Time of the scan that produced this result
Timestamp time.Time `json:"timestamp"`
ReportID string `json:"reportGUID"`
// swagger:ignore
// This record is marked for deletion or not
DeleteStatus RecordStatus `json:"deletionStatus,omitempty"`
}
RepoEntitySummary summary of repo scanning entity.
type Repository ¶ added in v0.0.133
type Repository struct {
RepositoryName string `json:"repositoryName"`
}
type RepositoryScanned ¶ added in v0.0.142
type RepositoryScanned struct {
ReportGUID string `json:"reportGUID" bson:"reportGUID"`
Repository ResourceScanned `json:"repository" bson:"repository"`
}
type ResourceScanned ¶ added in v0.0.142
type ResourceScanned struct {
Kind string `json:"kind" bson:"kind"`
Name string `json:"name" bson:"name"`
MapSeverityToSeverityDetails map[string]SeverityDetails `json:"mapSeverityToSeverityDetails" bson:"mapSeverityToSeverityDetails"`
}
type ScanFrequency ¶
type ScanFrequency string
type Settings ¶
type Settings struct {
PostureControlInputs map[string][]string `json:"postureControlInputs" bson:"postureControlInputs"`
PostureScanConfig PostureScanConfig `json:"postureScanConfig" bson:"postureScanConfig"`
VulnerabilityScanConfig VulnerabilityScanConfig `json:"vulnerabilityScanConfig" bson:"vulnerabilityScanConfig"`
SlackConfigurations SlackSettings `json:"slackConfigurations,omitempty" bson:"slackConfigurations,omitempty"`
}
func MockSettings ¶
func MockSettings() *Settings
type SeverityDetails ¶ added in v0.0.142
type SeverityStats ¶ added in v0.0.142
type SeverityStats struct {
Severity string `json:"severity,omitempty" bson:"severity,omitempty"`
TotalCount int64 `json:"total" bson:"total"`
RCEFixCount int64 `json:"rceFixCount" bson:"rceFixCount"`
FixAvailableOfTotalCount int64 `json:"fixedTotal" bson:"fixedTotal"`
RelevantCount int64 `json:"totalRelevant" bson:"totalRelevant"`
FixAvailableForRelevantCount int64 `json:"fixedRelevant" bson:"fixedRelevant"`
RCECount int64 `json:"rceTotal" bson:"rceTotal"`
UrgentCount int64 `json:"urgent" bson:"urgent"`
NeglectedCount int64 `json:"neglected" bson:"neglected"`
HealthStatus string `json:"healthStatus" bson:"healthStatus"`
}
type ShortVulnerabilityResult ¶ added in v0.0.142
type ShortVulnerabilityResult struct {
Name string `json:"name" bson:"name"`
}
type SlackChannel ¶
type SlackChannel struct {
ChannelID string `json:"channelID" bson:"channelID"`
ChannelName string `json:"channelName" bson:"channelName"`
AlertLevel AlertLevel `json:"alertLevel" bson:"alertLevel"`
}
type SlackNotification ¶
type SlackNotification struct {
IsActive bool `json:"isActive" bson:"isActive"`
Channels []SlackChannel `json:"channels" bson:"channels"`
Attributes map[string]interface{} `json:"attributes" bson:"attributes"`
}
type SlackSettings ¶
type SlackSettings struct {
Token string `json:"token" bson:"token"`
Alert2Channel `json:",inline,omitempty" bson:"inline,omitempty"`
Notifications `json:"notifications,omitempty" bson:"notifications,omitempty"`
}
type Subscription ¶ added in v0.0.154
type Subscription struct {
// Stripe internal customer ID, usually generated on subscription creation.
StripeCustomerID string `json:"stripeCustomerID,omitempty" bson:"stripeCustomerID,omitempty"`
// Stripe subscription id.
StripeSubscriptionID string `json:"stripeSubscriptionID,omitempty" bson:"stripeSubscriptionID,omitempty"`
// Stripe subscription status, optional values: incomplete, incomplete_expired, trialing, active, past_due, canceled, or unpaid.
SubscriptionStatus string `json:"subscriptionStatus,omitempty" bson:"subscriptionStatus,omitempty"`
// Date when the subscription was first created. The date might differ from the created date due to backdating
StartDate int64 `json:"startDate,omitempty" bson:"startDate,omitempty"`
// Stripe The most recent invoice this subscription has generated.
LatestInvoice string `json:"latestInvoice,omitempty" bson:"latestInvoice,omitempty"`
// determine whether a subscription that has a status of active is scheduled to be canceled at the end of the current period.
CancelAtPeriodEnd *bool `json:"cancelAtPeriodEnd,omitempty" bson:"cancelAtPeriodEnd,omitempty"`
// End of the current period that the subscription has been invoiced for. At the end of this period, a new invoice will be created.
CurrentPeriodStart int64 `json:"currentPeriodStart,omitempty" bson:"currentPeriodStart,omitempty"`
// End of the current period that the subscription has been invoiced for. At the end of this period, a new invoice will be created.
CurrentPeriodEnd int64 `json:"currentPeriodEnd,omitempty" bson:"currentPeriodEnd,omitempty"`
// If the subscription has a trial, the end of that trial.
TrialEnd int64 `json:"trialEnd,omitempty" bson:"trialEnd,omitempty"`
// monthly average of daily sum of max scanned Worker Nodes per cluster per day
NumNodes int `json:"numNodes,omitempty" bson:"numNodes,omitempty"`
// can be "free", "team" or "enterprise"
LicenseType LicenseType `json:"licenseType,omitempty" bson:"licenseType,omitempty"`
}
hold information of a single subscription.
type TopCtrlCluster ¶ added in v0.0.142
type TopCtrlItem ¶ added in v0.0.142
type TopCtrlItem struct {
ControlID string `json:"id" bson:"id"`
ControlGUID string `json:"guid" bson:"guid"`
Name string `json:"name" bson:"name"`
Remediation string `json:"remediation" bson:"remediation"`
Description string `json:"description" bson:"description"`
ClustersCount int64 `json:"clustersCount" bson:"clustersCount"`
SeverityOverall int64 `json:"severityOverall" bson:"severityOverall"`
BaseScore int64 `json:"baseScore" bson:"baseScore"`
Clusters []TopCtrlCluster `json:"clusters" bson:"clusters"`
TotalFailedResources int64 `json:"-"`
}
func (*TopCtrlItem) GetTotalFailedResources ¶ added in v0.0.156
func (t *TopCtrlItem) GetTotalFailedResources() int64
type TopVulItem ¶ added in v0.0.142
type TopVulItem struct {
Vulnerability `json:",inline"`
WorkloadsCount int64 `json:"workloadsCount" bson:"workloadsCount"`
SeverityOverall int64 `json:"severityOverall" bson:"severityOverall"`
}
type UpdateAuditEntry ¶
type V2ListRequest ¶ added in v0.0.197
type V2ListRequest struct {
// properties of the requested next page
// Use ValidatePageProperties to set PageSize field
PageSize *int `json:"pageSize"`
// One can leave it empty for 0, then call ValidatePageProperties
PageNum *int `json:"pageNum"`
// The time window of the list to return. Default: since - begining og the time, until - now.
Since *time.Time `json:"since"`
Until *time.Time `json:"until"`
// Which elements of the list to return, each field can hold multiple values separated by comma
// An empty map means "return the complete list"
// Example: [{"severity": "High,Medium", "type": "61539,30303"}]
InnerFilters []map[string]string `json:"innerFilters"`
// How to order (sort) the list, field name + sort order (asc/desc), like https://www.w3schools.com/sql/sql_orderby.asp
// When empty, the default sort order is used. To disable the default sort order, set IgnoreDefaultSort to true
// Example: timestamp:asc,severity:desc
OrderBy string `json:"orderBy"`
// When true, the default sort order is ignored
// TODO: take it off, and use the default sort order when OrderBy is empty
IgnoreDefaultSort bool `json:"ignoreDefaultOrderBy,omitempty"`
// FieldsList allow us to return only subset of the source document fields
// Don't expose FieldsList outside without well designed decision
FieldsList []string `json:"includeFields"`
FieldsReverseKeywordMap map[string]string `json:"-"`
}
type Vulnerability ¶ added in v0.0.142
type Vulnerability struct {
Name string `json:"name" bson:"name"`
ImgHash string `json:"imageHash" bson:"imageHash"`
ImgTag string `json:"imageTag" bson:"imageTag"`
RelatedPackageName string `json:"packageName" bson:"packageName"`
PackageVersion string `json:"packageVersion" bson:"packageVersion"`
Link string `json:"link" bson:"link"`
Description string `json:"description" bson:"description"`
Severity string `json:"severity" bson:"severity"`
SeverityScore int `json:"severityScore" bson:"severityScore"`
Metadata interface{} `json:"metadata" bson:"metadata"`
Fixes VulFixes `json:"fixedIn" bson:"fixedIn"`
Relevancy string `json:"relevant" bson:"relevant"`
UrgentCount int `json:"urgent" bson:"urgent"`
NeglectedCount int `json:"neglected" bson:"neglected"`
HealthStatus string `json:"healthStatus" bson:"healthStatus"`
Categories VulnerabilityCategory `json:"categories" bson:"categories"`
ExceptionApplied []VulnerabilityExceptionPolicy `json:"exceptionApplied,omitempty" bson:"exceptionApplied,omitempty"`
}
type VulnerabilityCategory ¶ added in v0.0.142
type VulnerabilityCategory struct {
IsRCE bool `json:"isRce" bson:"isRce"`
}
type VulnerabilityExceptionPolicy ¶
type VulnerabilityExceptionPolicy struct {
PortalBase `json:",inline" bson:"inline"`
// Policy type. Must be 'vulnerabilityExceptionPolicy'
// required: true
// Example: vulnerabilityExceptionPolicy
PolicyType string `json:"policyType,omitempty" bson:"policyType,omitempty"`
// Creation time of the policy
// Example: 2022-03-31T08:57:58.048014
CreationTime string `json:"creationTime" bson:"creationTime"`
// Actions to apply (currently only 'ignore' is available)
// required: true
// min: 1
// Example: ["ignore"]
Actions []VulnerabilityExceptionPolicyActions `json:"actions" bson:"actions,omitempty"`
// Items to apply the actions on
// required: true
// min: 1
Designatores []PortalDesignator `json:"designators" bson:"designators,omitempty"`
// Vulnerabilities to take the actions on
// required: true
// min: 1
VulnerabilityPolicies []VulnerabilityPolicy `json:"vulnerabilities" bson:"vulnerabilities,omitempty"`
Reason string `json:"reason,omitempty" bson:"reason,omitempty"`
ExpirationDate *time.Time `json:"expirationDate,omitempty" bson:"expirationDate,omitempty"`
ExpiredOnFix *bool `json:"expiredOnFix,omitempty" bson:"expiredOnFix,omitempty"`
CreatedBy string `json:"createdBy,omitempty" bson:"createdBy,omitempty"`
}
func MockVulnerabilityException ¶
func MockVulnerabilityException() *VulnerabilityExceptionPolicy
func (*VulnerabilityExceptionPolicy) IsAlertOnly ¶
func (exceptionPolicy *VulnerabilityExceptionPolicy) IsAlertOnly() bool
type VulnerabilityExceptionPolicyActions ¶
type VulnerabilityExceptionPolicyActions string
const Ignore VulnerabilityExceptionPolicyActions = "ignore"
type VulnerabilityJobParams ¶
type VulnerabilityPolicy ¶
type VulnerabilityPolicy struct {
// The name of the vulnerability
// Example: CVE-2022-28128
Name string `json:"name" bson:"name"`
}
type VulnerabilityScanConfig ¶
type VulnerabilityScanConfig struct {
ScanFrequency ScanFrequency `json:"scanFrequency,omitempty" bson:"scanFrequency,omitempty"`
CriticalPriorityThreshold int `json:"criticalPriorityThreshold,omitempty" bson:"criticalPriorityThreshold,omitempty"`
HighPriorityThreshold int `json:"highPriorityThreshold,omitempty" bson:"highPriorityThreshold,omitempty"`
MediumPriorityThreshold int `json:"mediumPriorityThreshold,omitempty" bson:"mediumPriorityThreshold,omitempty"`
ScanNewDeployment bool `json:"scanNewDeployment,omitempty" bson:"scanNewDeployment,omitempty"`
AllowlistRegistries []string `json:"AllowlistRegistries,omitempty" bson:"AllowlistRegistries,omitempty"`
BlocklistRegistries []string `json:"BlocklistRegistries,omitempty" bson:"BlocklistRegistries,omitempty"`
}
type WeeklyReport ¶ added in v0.0.142
type WeeklyReport struct {
ClustersScannedThisWeek int `json:"clustersScannedThisWeek" bson:"clustersScannedThisWeek"`
ClustersScannedPrevWeek int `json:"clustersScannedPrevWeek" bson:"clustersScannedPrevWeek"`
LinkToConfigurationScanningFiltered string `json:"linkToConfigurationScanningFiltered" bson:"linkToConfigurationScanningFiltered"`
RepositoriesScannedThisWeek int `json:"repositoriesScannedThisWeek" bson:"repositoriesScannedThisWeek"`
RepositoriesScannedPrevWeek int `json:"repositoriesScannedPrevWeek" bson:"repositoriesScannedPrevWeek"`
LinkToRepositoriesScanningFiltered string `json:"linkToRepositoriesScanningFiltered" bson:"linkToRepositoriesScanningFiltered"`
RegistriesScannedThisWeek int `json:"registriesScannedThisWeek" bson:"registriesScannedThisWeek"`
RegistriesScannedPrevWeek int `json:"registriesScannedPrevWeek" bson:"registriesScannedPrevWeek"`
LinkToRegistriesScanningFiltered string `json:"linkToRegistriesScanningFiltered" bson:"linkToRegistriesScanningFiltered"`
Top5FailedControls []TopCtrlItem `json:"top5FailedControls" bson:"top5FailedControls"`
Top5FailedCVEs []TopVulItem `json:"top5FailedCVEs" bson:"top5FailedCVEs"`
ClustersScanned []ClusterResourceScanned `json:"clustersScanned" bson:"clustersScanned"`
RepositoriesScanned []RepositoryScanned `json:"repositoriesScanned" bson:"repositoriesScanned"`
RegistriesScanned []RegistryScanned `json:"registriesScanned" bson:"registriesScanned"`
}
Source Files
¶
- armocontext.go
- backendtypes.go
- collaborationconfig.go
- collaborations.go
- common.go
- configtypes.go
- configtypes_mock.go
- customerslackconfigurations.go
- executionpolicytypes.go
- helmconsts.go
- k8stypes.go
- kpitypes.go
- portaltypes.go
- portaltypes_mock.go
- portaltypesutils.go
- postureexceptionpolicytypes.go
- postureexceptionpolicytypes_mock.go
- postureexceptionpolicytypesutils.go
- posturerecommendations.go
- posturetypes.go
- recordstatus.go
- registrytypes.go
- reposcanning.go
- usernotificationreporttypes.go
- vulnerabilityexceptionpolicytypes.go
- vulnerabilityexceptionpolicytypes_mock.go
- vulnerabilitytypes.go
Click to show internal directories.
Click to hide internal directories.