modules

package
v0.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var QueryTemplates = map[string]map[string]string{
	"aws": {

		"ec2_running_count":   `SELECT COUNT(*) as count FROM aws_ec2_instance WHERE instance_state = 'running'`,
		"ec2_running_list":    `SELECT instance_id, instance_type, instance_state, region, vpc_id FROM aws_ec2_instance WHERE instance_state = 'running'`,
		"ec2_all_list":        `SELECT instance_id, instance_type, instance_state, region, vpc_id FROM aws_ec2_instance`,
		"ec2_by_type":         `SELECT instance_type, COUNT(*) as count FROM aws_ec2_instance GROUP BY instance_type`,
		"ec2_security_groups": `SELECT i.instance_id, sg->>'GroupId' as group_id, sg->>'GroupName' as group_name FROM aws_ec2_instance i, jsonb_array_elements(i.security_groups) as sg`,

		"s3_bucket_count":   `SELECT COUNT(*) as count FROM aws_s3_bucket`,
		"s3_bucket_list":    `SELECT name, region, creation_date FROM aws_s3_bucket`,
		"s3_public_buckets": `SELECT name FROM aws_s3_bucket WHERE bucket_policy_is_public = true`,

		"rds_instance_list":    `SELECT db_instance_identifier, engine, db_instance_class, publicly_accessible FROM aws_rds_db_instance`,
		"rds_public_instances": `SELECT db_instance_identifier FROM aws_rds_db_instance WHERE publicly_accessible = true`,

		"lambda_function_list": `SELECT name, runtime, timeout, memory_size FROM aws_lambda_function`,
		"lambda_by_runtime":    `SELECT runtime, COUNT(*) as count FROM aws_lambda_function GROUP BY runtime`,

		"iam_users_no_mfa": `SELECT name, create_date FROM aws_iam_user WHERE NOT mfa_enabled`,
		"iam_role_list":    `SELECT name, arn FROM aws_iam_role`,

		"vpc_list":            `SELECT vpc_id, cidr_block, is_default FROM aws_vpc`,
		"security_group_open": `SELECT group_id, group_name FROM aws_vpc_security_group WHERE jsonb_array_length(ingress_rules) > 0`,
	},
}

QueryTemplates provides tested, working Steampipe queries

Functions

func FixSteampipeQuery added in v0.4.0 

func FixSteampipeQuery(query string, provider string) string

FixSteampipeQuery attempts to fix common AI-generated query mistakes

func GetQueryForPrompt added in v0.4.0 

func GetQueryForPrompt(prompt string, provider string) []string

GetQueryForPrompt returns a appropriate query based on the prompt

func NewInfraMapService 

func NewInfraMapService(client *dagger.Client) *dagger.Service

InfraMapService exposes infrastructure diagram generation as a service

func NewOpenInfraQuoteService 

func NewOpenInfraQuoteService(client *dagger.Client) *dagger.Service

OpenInfraQuoteService exposes cost analysis as a service

func NewSteampipeService 

func NewSteampipeService(client *dagger.Client) *dagger.Service

SteampipeService exposes Steampipe as an HTTP API service

func NewTerraformDocsService 

func NewTerraformDocsService(client *dagger.Client) *dagger.Service

TerraformDocsService exposes documentation generation as a service

func NewToolRegistryService 

func NewToolRegistryService(client *dagger.Client, services map[string]*dagger.Service) *dagger.Service

ToolRegistryService provides a registry of all available tools for the LLM

func ValidateQuery added in v0.4.0 

func ValidateQuery(query string) error

ValidateQuery does basic validation

Types

type AWSIAMRotationModule added in v0.6.4 

type AWSIAMRotationModule struct {
	// contains filtered or unexported fields
}

AWSIAMRotationModule manages AWS IAM credential rotation

func NewAWSIAMRotationModule added in v0.6.4 

func NewAWSIAMRotationModule(client *dagger.Client) *AWSIAMRotationModule

NewAWSIAMRotationModule creates a new AWS IAM rotation module

func (*AWSIAMRotationModule) DeleteAccessKey added in v0.6.4 

func (m *AWSIAMRotationModule) DeleteAccessKey(ctx context.Context, username string, accessKeyId string, profile string) (string, error)

DeleteAccessKey deletes an access key

func (*AWSIAMRotationModule) ListAccessKeys added in v0.6.4 

func (m *AWSIAMRotationModule) ListAccessKeys(ctx context.Context, username string, profile string) (string, error)

ListAccessKeys lists access keys for a user

func (*AWSIAMRotationModule) RotateAccessKeys added in v0.6.4 

func (m *AWSIAMRotationModule) RotateAccessKeys(ctx context.Context, username string, profile string) (string, error)

RotateAccessKeys rotates AWS access keys for a user

type ActionlintModule added in v0.6.4 

type ActionlintModule struct {
	// contains filtered or unexported fields
}

ActionlintModule runs actionlint for GitHub Actions workflow validation

func NewActionlintModule added in v0.6.4 

func NewActionlintModule(client *dagger.Client) *ActionlintModule

NewActionlintModule creates a new actionlint module

func (*ActionlintModule) GetVersion added in v0.6.4 

func (m *ActionlintModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of actionlint

func (*ActionlintModule) ScanDirectory added in v0.6.4 

func (m *ActionlintModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for GitHub Actions workflow issues

func (*ActionlintModule) ScanFile added in v0.6.4 

func (m *ActionlintModule) ScanFile(ctx context.Context, filePath string) (string, error)

ScanFile scans a specific workflow file

type AllstarModule added in v0.6.4 

type AllstarModule struct {
	// contains filtered or unexported fields
}

AllstarModule runs Allstar for GitHub security policy enforcement

func NewAllstarModule added in v0.6.4 

func NewAllstarModule(client *dagger.Client) *AllstarModule

NewAllstarModule creates a new Allstar module

func (*AllstarModule) GetVersion added in v0.6.4 

func (m *AllstarModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Allstar

func (*AllstarModule) ScanRepository added in v0.6.4 

func (m *AllstarModule) ScanRepository(ctx context.Context, repoURL string, configPath string) (string, error)

ScanRepository scans a GitHub repository for security policies

func (*AllstarModule) ValidateConfig added in v0.6.4 

func (m *AllstarModule) ValidateConfig(ctx context.Context, configPath string) (string, error)

ValidateConfig validates Allstar configuration

type CertManagerModule added in v0.6.4 

type CertManagerModule struct {
	// contains filtered or unexported fields
}

CertManagerModule runs cert-manager for certificate management

func NewCertManagerModule added in v0.6.4 

func NewCertManagerModule(client *dagger.Client) *CertManagerModule

NewCertManagerModule creates a new cert-manager module

func (*CertManagerModule) CheckCertificate added in v0.6.4 

func (m *CertManagerModule) CheckCertificate(ctx context.Context, name string, namespace string, kubeconfig string) (string, error)

CheckCertificate checks certificate status

func (*CertManagerModule) GetCertificates added in v0.6.4 

func (m *CertManagerModule) GetCertificates(ctx context.Context, namespace string, kubeconfig string) (string, error)

GetCertificates lists certificates

func (*CertManagerModule) GetVersion added in v0.6.4 

func (m *CertManagerModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of cert-manager

func (*CertManagerModule) RenewCertificate added in v0.6.4 

func (m *CertManagerModule) RenewCertificate(ctx context.Context, name string, namespace string, kubeconfig string) (string, error)

RenewCertificate renews a certificate

type CfnNagModule added in v0.6.4 

type CfnNagModule struct {
	// contains filtered or unexported fields
}

CfnNagModule runs cfn-nag for CloudFormation security scanning

func NewCfnNagModule added in v0.6.4 

func NewCfnNagModule(client *dagger.Client) *CfnNagModule

NewCfnNagModule creates a new cfn-nag module

func (*CfnNagModule) GetVersion added in v0.6.4 

func (m *CfnNagModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of cfn-nag

func (*CfnNagModule) ScanDirectory added in v0.6.4 

func (m *CfnNagModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans all CloudFormation templates in a directory

func (*CfnNagModule) ScanTemplate added in v0.6.4 

func (m *CfnNagModule) ScanTemplate(ctx context.Context, templatePath string) (string, error)

ScanTemplate scans a CloudFormation template

func (*CfnNagModule) ScanWithRules added in v0.6.4 

func (m *CfnNagModule) ScanWithRules(ctx context.Context, templatePath string, rulesPath string) (string, error)

ScanWithRules scans with custom rules

type CheckSSLCertModule added in v0.6.4 

type CheckSSLCertModule struct {
	// contains filtered or unexported fields
}

CheckSSLCertModule runs SSL certificate checking

func NewCheckSSLCertModule added in v0.6.4 

func NewCheckSSLCertModule(client *dagger.Client) *CheckSSLCertModule

NewCheckSSLCertModule creates a new SSL certificate checker module

func (*CheckSSLCertModule) CheckCertificate added in v0.6.4 

func (m *CheckSSLCertModule) CheckCertificate(ctx context.Context, host string, port int) (string, error)

CheckCertificate checks SSL certificate for a host

func (*CheckSSLCertModule) CheckCertificateExpiry added in v0.6.4 

func (m *CheckSSLCertModule) CheckCertificateExpiry(ctx context.Context, host string, port int, warningDays int) (string, error)

CheckCertificateExpiry checks certificate expiry

func (*CheckSSLCertModule) ValidateCertificateChain added in v0.6.4 

func (m *CheckSSLCertModule) ValidateCertificateChain(ctx context.Context, host string, port int) (string, error)

ValidateCertificateChain validates certificate chain

type CheckovModule 

type CheckovModule struct {
	// contains filtered or unexported fields
}

CheckovModule runs Checkov for multi-cloud security scanning

func NewCheckovModule 

func NewCheckovModule(client *dagger.Client) *CheckovModule

NewCheckovModule creates a new Checkov module

func (*CheckovModule) GetVersion 

func (m *CheckovModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Checkov

func (*CheckovModule) ScanDirectory 

func (m *CheckovModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for security issues

func (*CheckovModule) ScanFile 

func (m *CheckovModule) ScanFile(ctx context.Context, filePath string) (string, error)

ScanFile scans a specific file for security issues

func (*CheckovModule) ScanMultiFramework 

func (m *CheckovModule) ScanMultiFramework(ctx context.Context, dir string, frameworks []string) (string, error)

ScanMultiFramework scans for multiple cloud frameworks

func (*CheckovModule) ScanWithPolicy 

func (m *CheckovModule) ScanWithPolicy(ctx context.Context, dir string, policyPath string) (string, error)

ScanWithPolicy scans using custom policies

func (*CheckovModule) ScanWithSeverity 

func (m *CheckovModule) ScanWithSeverity(ctx context.Context, dir string, severities []string) (string, error)

ScanWithSeverity scans filtering by severity levels

func (*CheckovModule) ScanWithSkips 

func (m *CheckovModule) ScanWithSkips(ctx context.Context, dir string, skipChecks []string) (string, error)

ScanWithSkips scans while skipping specific checks

type CloudQueryModule added in v0.6.4 

type CloudQueryModule struct {
	// contains filtered or unexported fields
}

CloudQueryModule runs CloudQuery for cloud asset inventory

func NewCloudQueryModule added in v0.6.4 

func NewCloudQueryModule(client *dagger.Client) *CloudQueryModule

NewCloudQueryModule creates a new CloudQuery module

func (*CloudQueryModule) GetVersion added in v0.6.4 

func (m *CloudQueryModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of CloudQuery

func (*CloudQueryModule) ListProviders added in v0.6.4 

func (m *CloudQueryModule) ListProviders(ctx context.Context) (string, error)

ListProviders lists available CloudQuery providers

func (*CloudQueryModule) SyncWithConfig added in v0.6.4 

func (m *CloudQueryModule) SyncWithConfig(ctx context.Context, configPath string) (string, error)

SyncWithConfig syncs cloud resources using configuration

func (*CloudQueryModule) ValidateConfig added in v0.6.4 

func (m *CloudQueryModule) ValidateConfig(ctx context.Context, configPath string) (string, error)

ValidateConfig validates CloudQuery configuration

type CloudsplainingModule added in v0.6.4 

type CloudsplainingModule struct {
	// contains filtered or unexported fields
}

CloudsplainingModule runs Cloudsplaining for AWS IAM security assessment

func NewCloudsplainingModule added in v0.6.4 

func NewCloudsplainingModule(client *dagger.Client) *CloudsplainingModule

NewCloudsplainingModule creates a new Cloudsplaining module

func (*CloudsplainingModule) CreateReportFromResults added in v0.6.4 

func (m *CloudsplainingModule) CreateReportFromResults(ctx context.Context, resultsPath string) (string, error)

CreateReportFromResults creates an HTML report from scan results

func (*CloudsplainingModule) ScanAccountAuthorization added in v0.6.4 

func (m *CloudsplainingModule) ScanAccountAuthorization(ctx context.Context, profile string) (string, error)

ScanAccountAuthorization scans account authorization details

func (*CloudsplainingModule) ScanPolicyFile added in v0.6.4 

func (m *CloudsplainingModule) ScanPolicyFile(ctx context.Context, policyPath string) (string, error)

ScanPolicyFile scans a specific IAM policy file

func (*CloudsplainingModule) ScanWithMinimization added in v0.6.4 

func (m *CloudsplainingModule) ScanWithMinimization(ctx context.Context, profile string, minimizeStatementId string) (string, error)

ScanWithMinimization scans with policy minimization recommendations

type ConftestModule added in v0.6.4 

type ConftestModule struct {
	// contains filtered or unexported fields
}

ConftestModule runs Conftest for OPA policy testing

func NewConftestModule added in v0.6.4 

func NewConftestModule(client *dagger.Client) *ConftestModule

NewConftestModule creates a new Conftest module

func (*ConftestModule) GetVersion added in v0.6.4 

func (m *ConftestModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Conftest

func (*ConftestModule) TestFile added in v0.6.4 

func (m *ConftestModule) TestFile(ctx context.Context, filePath string, policyPath string) (string, error)

TestFile tests a specific file against policies

func (*ConftestModule) TestWithPolicy added in v0.6.4 

func (m *ConftestModule) TestWithPolicy(ctx context.Context, dir string, policyPath string) (string, error)

TestWithPolicy tests files against OPA policies

type CosignGoldenModule added in v0.6.4 

type CosignGoldenModule struct {
	// contains filtered or unexported fields
}

CosignGoldenModule runs enhanced Cosign operations for golden image pipelines

func NewCosignGoldenModule added in v0.6.4 

func NewCosignGoldenModule(client *dagger.Client) *CosignGoldenModule

NewCosignGoldenModule creates a new Cosign Golden module

func (*CosignGoldenModule) CopySignatures added in v0.6.4 

func (m *CosignGoldenModule) CopySignatures(ctx context.Context, sourceRef string, destinationRef string, force bool) (string, error)

CopySignatures copies signatures and attestations from one image to another

func (*CosignGoldenModule) GenerateAttestation added in v0.6.4 

func (m *CosignGoldenModule) GenerateAttestation(ctx context.Context, imageRef string, attestationType string, predicateData string) (string, error)

GenerateAttestation generates and signs SLSA provenance or custom attestation

func (*CosignGoldenModule) GetVersion added in v0.6.4 

func (m *CosignGoldenModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Cosign

func (*CosignGoldenModule) SignGoldenPipeline added in v0.6.4 

func (m *CosignGoldenModule) SignGoldenPipeline(ctx context.Context, imageRef string, buildMetadata map[string]string, securityAttestations map[string]string) (string, error)

SignGoldenPipeline signs golden image with pipeline-specific metadata

func (*CosignGoldenModule) SignKeyless added in v0.6.4 

func (m *CosignGoldenModule) SignKeyless(ctx context.Context, imageRef string, identity string, issuer string) (string, error)

SignKeyless signs container image using keyless OIDC authentication

func (*CosignGoldenModule) TreeView added in v0.6.4 

func (m *CosignGoldenModule) TreeView(ctx context.Context, imageRef string, outputFormat string) (string, error)

TreeView displays signature and attestation tree for golden image

func (*CosignGoldenModule) VerifyAttestation added in v0.6.4 

func (m *CosignGoldenModule) VerifyAttestation(ctx context.Context, imageRef string, attestationType string, identity string, issuer string) (string, error)

VerifyAttestation verifies attestations attached to golden image

func (*CosignGoldenModule) VerifyKeyless added in v0.6.4 

func (m *CosignGoldenModule) VerifyKeyless(ctx context.Context, imageRef string, identity string, issuer string) (string, error)

VerifyKeyless verifies container image signature using keyless verification

type CosignModule added in v0.6.4 

type CosignModule struct {
	// contains filtered or unexported fields
}

CosignModule runs Cosign for container signing and verification

func NewCosignModule added in v0.6.4 

func NewCosignModule(client *dagger.Client) *CosignModule

NewCosignModule creates a new Cosign module

func (*CosignModule) AttestSBOM added in v0.6.4 

func (m *CosignModule) AttestSBOM(ctx context.Context, imageName string, sbomPath string, privateKeyPath string) (string, error)

AttestSBOM creates an SBOM attestation for an image

func (*CosignModule) GenerateKeyPair added in v0.6.4 

func (m *CosignModule) GenerateKeyPair(ctx context.Context, outputDir string) (string, error)

GenerateKeyPair generates a new signing key pair

func (*CosignModule) SignImage added in v0.6.4 

func (m *CosignModule) SignImage(ctx context.Context, imageName string, privateKeyPath string) (string, error)

SignImage signs a container image (requires authentication)

func (*CosignModule) SignImageKeyless added in v0.6.4 

func (m *CosignModule) SignImageKeyless(ctx context.Context, imageName string) (string, error)

SignImageKeyless signs an image using keyless signing (OIDC)

func (*CosignModule) VerifyAttestation added in v0.6.4 

func (m *CosignModule) VerifyAttestation(ctx context.Context, imageName string, attestationType string) (string, error)

VerifyAttestation verifies attestations for an image

func (*CosignModule) VerifyImage added in v0.6.4 

func (m *CosignModule) VerifyImage(ctx context.Context, imageName string) (string, error)

VerifyImage verifies a signed container image

func (*CosignModule) VerifyImageWithKey added in v0.6.4 

func (m *CosignModule) VerifyImageWithKey(ctx context.Context, imageName string, publicKeyPath string) (string, error)

VerifyImageWithKey verifies an image with a specific public key

type CustodianModule added in v0.6.4 

type CustodianModule struct {
	// contains filtered or unexported fields
}

CustodianModule runs Cloud Custodian for cloud governance

func NewCustodianModule added in v0.6.4 

func NewCustodianModule(client *dagger.Client) *CustodianModule

NewCustodianModule creates a new Cloud Custodian module

func (*CustodianModule) DryRun added in v0.6.4 

func (m *CustodianModule) DryRun(ctx context.Context, policyPath string) (string, error)

DryRun performs a dry run of a policy

func (*CustodianModule) RunPolicy added in v0.6.4 

func (m *CustodianModule) RunPolicy(ctx context.Context, policyPath string, outputDir string) (string, error)

RunPolicy runs a custodian policy

func (*CustodianModule) ValidatePolicy added in v0.6.4 

func (m *CustodianModule) ValidatePolicy(ctx context.Context, policyPath string) (string, error)

ValidatePolicy validates a custodian policy

type DependencyTrackModule added in v0.6.4 

type DependencyTrackModule struct {
	Client *dagger.Client
}

DependencyTrackModule provides OWASP Dependency-Track scanning capabilities

func NewDependencyTrackModule added in v0.6.4 

func NewDependencyTrackModule(client *dagger.Client) *DependencyTrackModule

NewDependencyTrackModule creates a new DependencyTrack module

func (*DependencyTrackModule) AnalyzeProject added in v0.6.4 

func (m *DependencyTrackModule) AnalyzeProject(ctx context.Context, projectPath string) (string, error)

AnalyzeProject analyzes a project directory for dependencies

func (*DependencyTrackModule) GenerateReport added in v0.6.4 

func (m *DependencyTrackModule) GenerateReport(ctx context.Context, projectPath string, format string) (string, error)

GenerateReport generates a vulnerability report

func (*DependencyTrackModule) ScanSBOM added in v0.6.4 

func (m *DependencyTrackModule) ScanSBOM(ctx context.Context, sbomPath string) (string, error)

ScanSBOM scans a Software Bill of Materials (SBOM) file

func (*DependencyTrackModule) TrackDependencies added in v0.6.4 

func (m *DependencyTrackModule) TrackDependencies(ctx context.Context, projectPath string) (string, error)

TrackDependencies tracks dependencies and their lineage

func (*DependencyTrackModule) ValidateComponents added in v0.6.4 

func (m *DependencyTrackModule) ValidateComponents(ctx context.Context, projectPath string) (string, error)

ValidateComponents validates components against policies

type DockleConfig added in v0.6.4 

type DockleConfig struct {
	DockleVersion string
	Format        string
	Output        string
	ExitLevel     string
	AcceptKey     []string
	AcceptFile    []string
	Ignore        []string
}

type DockleModule added in v0.6.4 

type DockleModule struct {
	// contains filtered or unexported fields
}

func NewDockleModule added in v0.6.4 

func NewDockleModule(client *dagger.Client) *DockleModule

func (*DockleModule) GenerateConfig added in v0.6.4 

func (m *DockleModule) GenerateConfig(ctx context.Context, opts ...DockleOption) (*dagger.Container, error)

GenerateConfig generates a Dockle configuration file

func (*DockleModule) ListChecks added in v0.6.4 

func (m *DockleModule) ListChecks(ctx context.Context, opts ...DockleOption) (*dagger.Container, error)

ListChecks lists all available Dockle security checks

func (*DockleModule) ScanDockerfile added in v0.6.4 

func (m *DockleModule) ScanDockerfile(ctx context.Context, dockerfilePath string, opts ...DockleOption) (*dagger.Container, error)

ScanDockerfile scans a Dockerfile for best practices

func (*DockleModule) ScanImage added in v0.6.4 

func (m *DockleModule) ScanImage(ctx context.Context, imageRef string, opts ...DockleOption) (*dagger.Container, error)

ScanImage scans a container image for security issues using Dockle

func (*DockleModule) ScanTarball added in v0.6.4 

func (m *DockleModule) ScanTarball(ctx context.Context, tarballPath string, opts ...DockleOption) (*dagger.Container, error)

ScanTarball scans a container image tarball

func (*DockleModule) ScanWithPolicy added in v0.6.4 

func (m *DockleModule) ScanWithPolicy(ctx context.Context, imageRef string, policyPath string, opts ...DockleOption) (*dagger.Container, error)

ScanWithPolicy scans using a custom policy file

type DockleOption added in v0.6.4 

type DockleOption func(*DockleConfig)

func WithAcceptFile added in v0.6.4 

func WithAcceptFile(files []string) DockleOption

func WithAcceptKey added in v0.6.4 

func WithAcceptKey(keys []string) DockleOption

func WithDockleFormat added in v0.6.4 

func WithDockleFormat(format string) DockleOption

func WithDockleIgnore added in v0.6.4 

func WithDockleIgnore(ignores []string) DockleOption

func WithDockleOutput added in v0.6.4 

func WithDockleOutput(output string) DockleOption

func WithDockleVersion added in v0.6.4 

func WithDockleVersion(version string) DockleOption

func WithExitLevel added in v0.6.4 

func WithExitLevel(level string) DockleOption

type FalcoModule added in v0.6.4 

type FalcoModule struct {
	// contains filtered or unexported fields
}

FalcoModule runs Falco for runtime security monitoring

func NewFalcoModule added in v0.6.4 

func NewFalcoModule(client *dagger.Client) *FalcoModule

NewFalcoModule creates a new Falco module

func (*FalcoModule) GetVersion added in v0.6.4 

func (m *FalcoModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Falco

func (*FalcoModule) RunWithCustomRules added in v0.6.4 

func (m *FalcoModule) RunWithCustomRules(ctx context.Context, rulesPath string, kubeconfig string) (string, error)

RunWithCustomRules runs Falco with custom rules

func (*FalcoModule) RunWithDefaultRules added in v0.6.4 

func (m *FalcoModule) RunWithDefaultRules(ctx context.Context, kubeconfig string) (string, error)

RunWithDefaultRules runs Falco with default rules

func (*FalcoModule) ValidateRules added in v0.6.4 

func (m *FalcoModule) ValidateRules(ctx context.Context, rulesPath string) (string, error)

ValidateRules validates Falco rules syntax

type FleetModule added in v0.6.4 

type FleetModule struct {
	// contains filtered or unexported fields
}

FleetModule runs Fleet for GitOps with Kubernetes

func NewFleetModule added in v0.6.4 

func NewFleetModule(client *dagger.Client) *FleetModule

NewFleetModule creates a new Fleet module

func (*FleetModule) CreateGitRepo added in v0.6.4 

func (m *FleetModule) CreateGitRepo(ctx context.Context, name string, repoURL string, branch string, path string, kubeconfig string) (string, error)

CreateGitRepo creates a new Git repository resource

func (*FleetModule) GetClusters added in v0.6.4 

func (m *FleetModule) GetClusters(ctx context.Context, kubeconfig string) (string, error)

GetClusters lists Fleet clusters

func (*FleetModule) GetGitRepos added in v0.6.4 

func (m *FleetModule) GetGitRepos(ctx context.Context, kubeconfig string) (string, error)

GetGitRepos lists Git repositories managed by Fleet

type GatekeeperConfig added in v0.6.4 

type GatekeeperConfig struct {
	GatekeeperVersion string
	RegoVersion       string
	ConstraintsDir    string
	TemplatesDir      string
	KubeconfigPath    string
	Namespace         string
	Format            string
	Output            string
	Query             string
	Verbose           bool
	Coverage          bool
}

type GatekeeperModule added in v0.6.4 

type GatekeeperModule struct {
	// contains filtered or unexported fields
}

func NewGatekeeperModule added in v0.6.4 

func NewGatekeeperModule(client *dagger.Client) *GatekeeperModule

func (*GatekeeperModule) AnalyzeViolations added in v0.6.4 

func (m *GatekeeperModule) AnalyzeViolations(ctx context.Context, opts ...GatekeeperOption) (*dagger.Container, error)

AnalyzeViolations analyzes constraint violations in the cluster

func (*GatekeeperModule) GenerateConstraintTemplate added in v0.6.4 

func (m *GatekeeperModule) GenerateConstraintTemplate(ctx context.Context, templateName string, opts ...GatekeeperOption) (*dagger.Container, error)

GenerateConstraintTemplate creates a new constraint template

func (*GatekeeperModule) SyncConstraints added in v0.6.4 

func (m *GatekeeperModule) SyncConstraints(ctx context.Context, opts ...GatekeeperOption) (*dagger.Container, error)

SyncConstraints syncs Gatekeeper constraints with cluster state

func (*GatekeeperModule) TestConstraints added in v0.6.4 

func (m *GatekeeperModule) TestConstraints(ctx context.Context, testsDir string, opts ...GatekeeperOption) (*dagger.Container, error)

TestConstraints runs tests for Gatekeeper constraints

func (*GatekeeperModule) ValidateConstraints added in v0.6.4 

func (m *GatekeeperModule) ValidateConstraints(ctx context.Context, resourcesDir string, opts ...GatekeeperOption) (*dagger.Container, error)

ValidateConstraints validates Kubernetes resources against OPA Gatekeeper constraints

type GatekeeperOption added in v0.6.4 

type GatekeeperOption func(*GatekeeperConfig)

func WithConstraintsDir added in v0.6.4 

func WithConstraintsDir(dir string) GatekeeperOption

func WithCoverage added in v0.6.4 

func WithCoverage(coverage bool) GatekeeperOption

func WithFormat added in v0.6.4 

func WithFormat(format string) GatekeeperOption

func WithGatekeeperVersion added in v0.6.4 

func WithGatekeeperVersion(version string) GatekeeperOption

func WithKubeconfigPath added in v0.6.4 

func WithKubeconfigPath(path string) GatekeeperOption

func WithNamespace added in v0.6.4 

func WithNamespace(namespace string) GatekeeperOption

func WithOutput added in v0.6.4 

func WithOutput(output string) GatekeeperOption

func WithQuery added in v0.6.4 

func WithQuery(query string) GatekeeperOption

func WithRegoVersion added in v0.6.4 

func WithRegoVersion(version string) GatekeeperOption

func WithTemplatesDir added in v0.6.4 

func WithTemplatesDir(dir string) GatekeeperOption

func WithVerbose added in v0.6.4 

func WithVerbose(verbose bool) GatekeeperOption

type GitHubAdminModule added in v0.6.4 

type GitHubAdminModule struct {
	// contains filtered or unexported fields
}

GitHubAdminModule provides GitHub administration tools

func NewGitHubAdminModule added in v0.6.4 

func NewGitHubAdminModule(client *dagger.Client) *GitHubAdminModule

NewGitHubAdminModule creates a new GitHub admin module

func (*GitHubAdminModule) AuditOrgSecurity added in v0.6.4 

func (m *GitHubAdminModule) AuditOrgSecurity(ctx context.Context, org string, token string) (string, error)

AuditOrgSecurity audits organization security settings

func (*GitHubAdminModule) GetOrgMembers added in v0.6.4 

func (m *GitHubAdminModule) GetOrgMembers(ctx context.Context, org string, token string) (string, error)

GetOrgMembers gets organization members

func (*GitHubAdminModule) GetRepoPermissions added in v0.6.4 

func (m *GitHubAdminModule) GetRepoPermissions(ctx context.Context, owner string, repo string, token string) (string, error)

GetRepoPermissions gets repository permissions

type GitHubPackagesModule added in v0.6.4 

type GitHubPackagesModule struct {
	// contains filtered or unexported fields
}

GitHubPackagesModule manages GitHub Packages security

func NewGitHubPackagesModule added in v0.6.4 

func NewGitHubPackagesModule(client *dagger.Client) *GitHubPackagesModule

NewGitHubPackagesModule creates a new GitHub Packages module

func (*GitHubPackagesModule) GetPackageVersions added in v0.6.4 

func (m *GitHubPackagesModule) GetPackageVersions(ctx context.Context, owner string, packageName string, token string) (string, error)

GetPackageVersions gets versions of a package

func (*GitHubPackagesModule) ListPackages added in v0.6.4 

func (m *GitHubPackagesModule) ListPackages(ctx context.Context, owner string, repo string, token string) (string, error)

ListPackages lists packages in a repository

func (*GitHubPackagesModule) ScanPackage added in v0.6.4 

func (m *GitHubPackagesModule) ScanPackage(ctx context.Context, packageName string, version string, token string) (string, error)

ScanPackage scans a GitHub package for vulnerabilities

type GitSecretsModule added in v0.6.4 

type GitSecretsModule struct {
	// contains filtered or unexported fields
}

GitSecretsModule runs git-secrets for scanning git repositories for secrets

func NewGitSecretsModule added in v0.6.4 

func NewGitSecretsModule(client *dagger.Client) *GitSecretsModule

NewGitSecretsModule creates a new git-secrets module

func (*GitSecretsModule) GetVersion added in v0.6.4 

func (m *GitSecretsModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of git-secrets

func (*GitSecretsModule) ScanRepository added in v0.6.4 

func (m *GitSecretsModule) ScanRepository(ctx context.Context, dir string) (string, error)

ScanRepository scans a git repository for secrets

func (*GitSecretsModule) ScanWithAwsProviders added in v0.6.4 

func (m *GitSecretsModule) ScanWithAwsProviders(ctx context.Context, dir string) (string, error)

ScanWithAwsProviders scans with AWS secret patterns

type GitleaksModule added in v0.6.4 

type GitleaksModule struct {
	// contains filtered or unexported fields
}

GitleaksModule runs Gitleaks for secret detection

func NewGitleaksModule added in v0.6.4 

func NewGitleaksModule(client *dagger.Client) *GitleaksModule

NewGitleaksModule creates a new Gitleaks module

func (*GitleaksModule) ScanDirectory added in v0.6.4 

func (m *GitleaksModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for secrets using Gitleaks

func (*GitleaksModule) ScanFile added in v0.6.4 

func (m *GitleaksModule) ScanFile(ctx context.Context, filePath string) (string, error)

ScanFile scans a specific file for secrets

func (*GitleaksModule) ScanGitRepo added in v0.6.4 

func (m *GitleaksModule) ScanGitRepo(ctx context.Context, repoDir string) (string, error)

ScanGitRepo scans a git repository for secrets

func (*GitleaksModule) ScanWithConfig added in v0.6.4 

func (m *GitleaksModule) ScanWithConfig(ctx context.Context, dir string, configFile string) (string, error)

ScanWithConfig scans using a custom Gitleaks configuration

type GoldilocksModule added in v0.6.4 

type GoldilocksModule struct {
	// contains filtered or unexported fields
}

GoldilocksModule runs Goldilocks for Kubernetes resource recommendations

func NewGoldilocksModule added in v0.6.4 

func NewGoldilocksModule(client *dagger.Client) *GoldilocksModule

NewGoldilocksModule creates a new Goldilocks module

func (*GoldilocksModule) CreateVPA added in v0.6.4 

func (m *GoldilocksModule) CreateVPA(ctx context.Context, namespace string, kubeconfig string) (string, error)

CreateVPA creates Vertical Pod Autoscaler resources

func (*GoldilocksModule) GetRecommendations added in v0.6.4 

func (m *GoldilocksModule) GetRecommendations(ctx context.Context, namespace string, kubeconfig string) (string, error)

GetRecommendations gets resource recommendations

func (*GoldilocksModule) GetVersion added in v0.6.4 

func (m *GoldilocksModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Goldilocks

type GrypeModule added in v0.6.4 

type GrypeModule struct {
	// contains filtered or unexported fields
}

GrypeModule runs Grype for vulnerability scanning

func NewGrypeModule added in v0.6.4 

func NewGrypeModule(client *dagger.Client) *GrypeModule

NewGrypeModule creates a new Grype module

func (*GrypeModule) ScanDirectory added in v0.6.4 

func (m *GrypeModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for vulnerabilities using Grype

func (*GrypeModule) ScanImage added in v0.6.4 

func (m *GrypeModule) ScanImage(ctx context.Context, imageName string) (string, error)

ScanImage scans a container image for vulnerabilities

func (*GrypeModule) ScanSBOM added in v0.6.4 

func (m *GrypeModule) ScanSBOM(ctx context.Context, sbomPath string) (string, error)

ScanSBOM scans an SBOM file for vulnerabilities

func (*GrypeModule) ScanWithSeverity added in v0.6.4 

func (m *GrypeModule) ScanWithSeverity(ctx context.Context, target string, severity string) (string, error)

ScanWithSeverity scans with a specific severity threshold

type GuacModule added in v0.6.4 

type GuacModule struct {
	Client *dagger.Client
}

GuacModule provides GUAC (Graph for Understanding Artifact Composition) capabilities

func NewGuacModule added in v0.6.4 

func NewGuacModule(client *dagger.Client) *GuacModule

NewGuacModule creates a new GUAC module

func (*GuacModule) AnalyzeArtifact added in v0.6.4 

func (m *GuacModule) AnalyzeArtifact(ctx context.Context, artifactPath string) (string, error)

AnalyzeArtifact analyzes an artifact and its dependencies

func (*GuacModule) AnalyzeImpact added in v0.6.4 

func (m *GuacModule) AnalyzeImpact(ctx context.Context, vulnID string) (string, error)

AnalyzeImpact analyzes the impact of a vulnerability across the dependency graph

func (*GuacModule) CollectFiles added in v0.6.4 

func (m *GuacModule) CollectFiles(ctx context.Context, projectPath string) (string, error)

CollectFiles collects and processes multiple files into the GUAC graph

func (*GuacModule) GenerateGraph added in v0.6.4 

func (m *GuacModule) GenerateGraph(ctx context.Context, projectPath string) (string, error)

GenerateGraph generates a dependency graph visualization

func (*GuacModule) IngestSBOM added in v0.6.4 

func (m *GuacModule) IngestSBOM(ctx context.Context, sbomPath string) (string, error)

IngestSBOM ingests an SBOM into the GUAC graph

func (*GuacModule) QueryDependencies added in v0.6.4 

func (m *GuacModule) QueryDependencies(ctx context.Context, packageName string) (string, error)

QueryDependencies queries the GUAC graph for dependency information

func (*GuacModule) QueryVulnerabilities added in v0.6.4 

func (m *GuacModule) QueryVulnerabilities(ctx context.Context, packageName string) (string, error)

QueryVulnerabilities queries vulnerabilities for a package

func (*GuacModule) ValidateAttestation added in v0.6.4 

func (m *GuacModule) ValidateAttestation(ctx context.Context, attestationPath string) (string, error)

ValidateAttestation validates software attestations

type HadolintModule added in v0.6.4 

type HadolintModule struct {
	// contains filtered or unexported fields
}

HadolintModule runs Hadolint for Dockerfile linting

func NewHadolintModule added in v0.6.4 

func NewHadolintModule(client *dagger.Client) *HadolintModule

NewHadolintModule creates a new Hadolint module

func (*HadolintModule) GetVersion added in v0.6.4 

func (m *HadolintModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Hadolint

func (*HadolintModule) ScanDirectory added in v0.6.4 

func (m *HadolintModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans all Dockerfiles in a directory

func (*HadolintModule) ScanDockerfile added in v0.6.4 

func (m *HadolintModule) ScanDockerfile(ctx context.Context, dockerfilePath string) (string, error)

ScanDockerfile scans a Dockerfile for best practices

type HistoryScrubModule added in v0.6.4 

type HistoryScrubModule struct {
	// contains filtered or unexported fields
}

HistoryScrubModule runs Git history cleaning tools

func NewHistoryScrubModule added in v0.6.4 

func NewHistoryScrubModule(client *dagger.Client) *HistoryScrubModule

NewHistoryScrubModule creates a new Git history scrub module

func (*HistoryScrubModule) AnalyzeRepoSize added in v0.6.4 

func (m *HistoryScrubModule) AnalyzeRepoSize(ctx context.Context, repoPath string) (string, error)

AnalyzeRepoSize analyzes repository size before and after cleaning

func (*HistoryScrubModule) CreateBareClone added in v0.6.4 

func (m *HistoryScrubModule) CreateBareClone(ctx context.Context, sourceRepo string, clonePath string) (string, error)

CreateBareClone creates a bare clone for safe history rewriting

func (*HistoryScrubModule) RemoveSecretsWithBFG added in v0.6.4 

func (m *HistoryScrubModule) RemoveSecretsWithBFG(ctx context.Context, repoPath string, secretsFile string, dryRun bool) (string, error)

RemoveSecretsWithBFG removes secrets using BFG Repo-Cleaner

func (*HistoryScrubModule) RemoveSecretsWithGitFilter added in v0.6.4 

func (m *HistoryScrubModule) RemoveSecretsWithGitFilter(ctx context.Context, repoPath string, patternsFile string, dryRun bool) (string, error)

RemoveSecretsWithGitFilter removes secrets using git-filter-repo

func (*HistoryScrubModule) VerifyHistoryClean added in v0.6.4 

func (m *HistoryScrubModule) VerifyHistoryClean(ctx context.Context, repoPath string, scanTool string) (string, error)

VerifyHistoryClean verifies secrets have been removed from history

type IacPlanModule added in v0.6.4 

type IacPlanModule struct {
	// contains filtered or unexported fields
}

IacPlanModule runs Terraform/OpenTofu plan operations

func NewIacPlanModule added in v0.6.4 

func NewIacPlanModule(client *dagger.Client) *IacPlanModule

NewIacPlanModule creates a new IaC plan module

func (*IacPlanModule) AnalyzePlan added in v0.6.4 

func (m *IacPlanModule) AnalyzePlan(ctx context.Context, planJsonContent string, analysisTypes []string) (string, error)

AnalyzePlan analyzes plan JSON for security and compliance insights

func (*IacPlanModule) ComparePlans added in v0.6.4 

func (m *IacPlanModule) ComparePlans(ctx context.Context, baselinePlan string, currentPlan string) (string, error)

ComparePlans compares two plan JSON files to show differences

func (*IacPlanModule) FormatConfiguration added in v0.6.4 

func (m *IacPlanModule) FormatConfiguration(ctx context.Context, workdir string, tool string, check bool) (string, error)

FormatConfiguration formats Terraform/OpenTofu configuration files

func (*IacPlanModule) GenerateGraph added in v0.6.4 

func (m *IacPlanModule) GenerateGraph(ctx context.Context, workdir string, tool string, graphType string) (string, error)

GenerateGraph generates dependency graph from Terraform configuration

func (*IacPlanModule) GeneratePlan added in v0.6.4 

func (m *IacPlanModule) GeneratePlan(ctx context.Context, workdir string, tool string, varFiles []string, destroy bool) (string, error)

GeneratePlan generates Terraform/OpenTofu plan and exports to JSON

func (*IacPlanModule) ManageWorkspace added in v0.6.4 

func (m *IacPlanModule) ManageWorkspace(ctx context.Context, workdir string, tool string, operation string, workspaceName string) (string, error)

ManageWorkspace manages Terraform workspaces

func (*IacPlanModule) ValidateConfiguration added in v0.6.4 

func (m *IacPlanModule) ValidateConfiguration(ctx context.Context, workdir string, tool string) (string, error)

ValidateConfiguration validates Terraform/OpenTofu configuration

type InTotoConfig added in v0.6.4 

type InTotoConfig struct {
	KeyPath     string
	MaterialDir string
	ProductDir  string
	LinkDir     string
	Materials   []string
	Products    []string
	PublicKeys  []string
}

type InTotoModule added in v0.6.4 

type InTotoModule struct {
	// contains filtered or unexported fields
}

func NewInTotoModule added in v0.6.4 

func NewInTotoModule(client *dagger.Client) *InTotoModule

func (*InTotoModule) GenerateLayout added in v0.6.4 

func (m *InTotoModule) GenerateLayout(ctx context.Context, opts ...InTotoOption) (*dagger.Container, error)

GenerateLayout creates an in-toto layout file

func (*InTotoModule) RecordMetadata added in v0.6.4 

func (m *InTotoModule) RecordMetadata(ctx context.Context, stepName string, opts ...InTotoOption) (*dagger.Container, error)

RecordMetadata records step metadata without executing commands

func (*InTotoModule) RunStep added in v0.6.4 

func (m *InTotoModule) RunStep(ctx context.Context, stepName string, command []string, opts ...InTotoOption) (*dagger.Container, error)

RunStep executes an in-toto step and records metadata

func (*InTotoModule) VerifySupplyChain added in v0.6.4 

func (m *InTotoModule) VerifySupplyChain(ctx context.Context, layoutPath string, opts ...InTotoOption) (*dagger.Container, error)

VerifySupplyChain verifies the entire supply chain

type InTotoOption added in v0.6.4 

type InTotoOption func(*InTotoConfig)

func WithKeyPath added in v0.6.4 

func WithKeyPath(path string) InTotoOption

func WithLinkDir added in v0.6.4 

func WithLinkDir(dir string) InTotoOption

func WithMaterialDir added in v0.6.4 

func WithMaterialDir(dir string) InTotoOption

func WithMaterials added in v0.6.4 

func WithMaterials(materials []string) InTotoOption

func WithProductDir added in v0.6.4 

func WithProductDir(dir string) InTotoOption

func WithProducts added in v0.6.4 

func WithProducts(products []string) InTotoOption

func WithPublicKeys added in v0.6.4 

func WithPublicKeys(keys []string) InTotoOption

type InfraMapModule 

type InfraMapModule struct {
	// contains filtered or unexported fields
}

InfraMapModule generates infrastructure diagrams from Terraform

func NewInfraMapModule 

func NewInfraMapModule(client *dagger.Client) *InfraMapModule

NewInfraMapModule creates a new InfraMap module instance

func (*InfraMapModule) GenerateFromHCL 

func (m *InfraMapModule) GenerateFromHCL(ctx context.Context, directory string, format string) (string, error)

GenerateFromHCL generates an infrastructure diagram from Terraform HCL files

func (*InfraMapModule) GenerateFromState 

func (m *InfraMapModule) GenerateFromState(ctx context.Context, stateFile string, format string) (string, error)

GenerateFromState generates an infrastructure diagram from a Terraform state file

func (*InfraMapModule) GenerateWithOptions 

func (m *InfraMapModule) GenerateWithOptions(ctx context.Context, input string, options InfraMapOptions) (string, error)

GenerateWithOptions generates a diagram with custom options

func (*InfraMapModule) PruneState 

func (m *InfraMapModule) PruneState(ctx context.Context, stateFile string) (string, error)

PruneState removes unnecessary information from Terraform state

type InfraMapOptions 

type InfraMapOptions struct {
	// Raw shows all resources without InfraMap logic
	Raw bool
	// Clean removes unconnected nodes (default: true)
	Clean bool
	// Provider filters by specific provider (aws, google, azurerm, etc.)
	Provider string
	// Format output format (png, svg, pdf, dot)
	Format string
}

InfraMapOptions contains options for diagram generation

type InfraScanModule 

type InfraScanModule struct {
	// contains filtered or unexported fields
}

InfraScanModule runs Trivy for security scanning of Terraform code Using Trivy instead of InfraScan as it provides better Terraform security scanning

func NewInfraScanModule 

func NewInfraScanModule(client *dagger.Client) *InfraScanModule

NewInfraScanModule creates a new InfraScan module (using Trivy)

func (*InfraScanModule) GetVersion 

func (m *InfraScanModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Trivy

func (*InfraScanModule) ScanDirectory 

func (m *InfraScanModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for security issues

func (*InfraScanModule) ScanFile 

func (m *InfraScanModule) ScanFile(ctx context.Context, filePath string) (string, error)

ScanFile scans a specific Terraform file

func (*InfraScanModule) ScanWithRules 

func (m *InfraScanModule) ScanWithRules(ctx context.Context, dir string, rulesFile string) (string, error)

ScanWithRules scans using custom rule set

type InfracostModule 

type InfracostModule struct {
	// contains filtered or unexported fields
}

InfracostModule runs Infracost for cloud cost estimation

func NewInfracostModule 

func NewInfracostModule(client *dagger.Client) *InfracostModule

NewInfracostModule creates a new Infracost module

func (*InfracostModule) BreakdownDirectory 

func (m *InfracostModule) BreakdownDirectory(ctx context.Context, dir string) (string, error)

BreakdownDirectory generates cost breakdown for a directory

func (*InfracostModule) BreakdownPlan 

func (m *InfracostModule) BreakdownPlan(ctx context.Context, planFile string) (string, error)

BreakdownPlan generates cost breakdown from a Terraform plan

func (*InfracostModule) BreakdownWithConfig 

func (m *InfracostModule) BreakdownWithConfig(ctx context.Context, configFile string) (string, error)

BreakdownWithConfig runs breakdown using a config file

func (*InfracostModule) Diff 

func (m *InfracostModule) Diff(ctx context.Context, dir string) (string, error)

Diff compares costs between current and planned state

func (*InfracostModule) GenerateHTMLReport 

func (m *InfracostModule) GenerateHTMLReport(ctx context.Context, dir string) (string, error)

GenerateHTMLReport generates an HTML cost report

func (*InfracostModule) GenerateTableReport 

func (m *InfracostModule) GenerateTableReport(ctx context.Context, dir string) (string, error)

GenerateTableReport generates a table format cost report

func (*InfracostModule) GetVersion 

func (m *InfracostModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Infracost

type K8sNetworkPolicyModule added in v0.6.4 

type K8sNetworkPolicyModule struct {
	// contains filtered or unexported fields
}

K8sNetworkPolicyModule runs Kubernetes network policy tools

func NewK8sNetworkPolicyModule added in v0.6.4 

func NewK8sNetworkPolicyModule(client *dagger.Client) *K8sNetworkPolicyModule

NewK8sNetworkPolicyModule creates a new Kubernetes network policy module

func (*K8sNetworkPolicyModule) AnalyzePolicies added in v0.6.4 

func (m *K8sNetworkPolicyModule) AnalyzePolicies(ctx context.Context, namespace string, kubeconfig string) (string, error)

AnalyzePolicies analyzes network policies in the cluster

func (*K8sNetworkPolicyModule) TestConnectivity added in v0.6.4 

func (m *K8sNetworkPolicyModule) TestConnectivity(ctx context.Context, sourceNamespace string, targetNamespace string, targetService string, kubeconfig string) (string, error)

TestConnectivity tests network connectivity between pods

func (*K8sNetworkPolicyModule) ValidatePolicy added in v0.6.4 

func (m *K8sNetworkPolicyModule) ValidatePolicy(ctx context.Context, policyPath string, kubeconfig string) (string, error)

ValidatePolicy validates a network policy

type KubeBenchModule added in v0.6.4 

type KubeBenchModule struct {
	// contains filtered or unexported fields
}

KubeBenchModule runs kube-bench for Kubernetes security benchmarks

func NewKubeBenchModule added in v0.6.4 

func NewKubeBenchModule(client *dagger.Client) *KubeBenchModule

NewKubeBenchModule creates a new kube-bench module

func (*KubeBenchModule) GetVersion added in v0.6.4 

func (m *KubeBenchModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of kube-bench

func (*KubeBenchModule) RunBenchmark added in v0.6.4 

func (m *KubeBenchModule) RunBenchmark(ctx context.Context, kubeconfig string) (string, error)

RunBenchmark runs CIS Kubernetes benchmark

func (*KubeBenchModule) RunMasterBenchmark added in v0.6.4 

func (m *KubeBenchModule) RunMasterBenchmark(ctx context.Context, kubeconfig string) (string, error)

RunMasterBenchmark runs benchmark for master node

func (*KubeBenchModule) RunNodeBenchmark added in v0.6.4 

func (m *KubeBenchModule) RunNodeBenchmark(ctx context.Context, kubeconfig string) (string, error)

RunNodeBenchmark runs benchmark for worker node

type KubeHunterModule added in v0.6.4 

type KubeHunterModule struct {
	// contains filtered or unexported fields
}

KubeHunterModule runs kube-hunter for Kubernetes penetration testing

func NewKubeHunterModule added in v0.6.4 

func NewKubeHunterModule(client *dagger.Client) *KubeHunterModule

NewKubeHunterModule creates a new kube-hunter module

func (*KubeHunterModule) GetVersion added in v0.6.4 

func (m *KubeHunterModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of kube-hunter

func (*KubeHunterModule) ScanCIDR added in v0.6.4 

func (m *KubeHunterModule) ScanCIDR(ctx context.Context, cidr string) (string, error)

ScanCIDR scans CIDR range for Kubernetes clusters

func (*KubeHunterModule) ScanInterface added in v0.6.4 

func (m *KubeHunterModule) ScanInterface(ctx context.Context, networkInterface string) (string, error)

ScanInterface scans network interface

func (*KubeHunterModule) ScanPod added in v0.6.4 

func (m *KubeHunterModule) ScanPod(ctx context.Context, kubeconfig string) (string, error)

ScanPod runs kube-hunter as pod in cluster

func (*KubeHunterModule) ScanRemote added in v0.6.4 

func (m *KubeHunterModule) ScanRemote(ctx context.Context, remote string) (string, error)

ScanRemote scans remote Kubernetes cluster

type KubescapeConfig added in v0.6.4 

type KubescapeConfig struct {
	KubescapeVersion    string
	Framework           string
	Format              string
	Output              string
	SeverityThreshold   string
	ComplianceThreshold float64
	Namespace           string
	IncludeResources    []string
	IncludeKubeSystem   bool
	KubeconfigPath      string
	Verbose             bool
}

type KubescapeModule added in v0.6.4 

type KubescapeModule struct {
	// contains filtered or unexported fields
}

func NewKubescapeModule added in v0.6.4 

func NewKubescapeModule(client *dagger.Client) *KubescapeModule

func (*KubescapeModule) GenerateReport added in v0.6.4 

func (m *KubescapeModule) GenerateReport(ctx context.Context, opts ...KubescapeOption) (*dagger.Container, error)

GenerateReport generates a comprehensive security report

func (*KubescapeModule) ScanCluster added in v0.6.4 

func (m *KubescapeModule) ScanCluster(ctx context.Context, opts ...KubescapeOption) (*dagger.Container, error)

ScanCluster scans a Kubernetes cluster for security issues

func (*KubescapeModule) ScanHelm added in v0.6.4 

func (m *KubescapeModule) ScanHelm(ctx context.Context, chartPath string, opts ...KubescapeOption) (*dagger.Container, error)

ScanHelm scans Helm charts for security issues

func (*KubescapeModule) ScanManifests added in v0.6.4 

func (m *KubescapeModule) ScanManifests(ctx context.Context, manifestsDir string, opts ...KubescapeOption) (*dagger.Container, error)

ScanManifests scans Kubernetes manifest files

func (*KubescapeModule) ScanRepository added in v0.6.4 

func (m *KubescapeModule) ScanRepository(ctx context.Context, repoPath string, opts ...KubescapeOption) (*dagger.Container, error)

ScanRepository scans a Git repository for security issues

type KubescapeOption added in v0.6.4 

type KubescapeOption func(*KubescapeConfig)

func WithComplianceThreshold added in v0.6.4 

func WithComplianceThreshold(threshold float64) KubescapeOption

func WithFramework added in v0.6.4 

func WithFramework(framework string) KubescapeOption

func WithIncludeKubeSystem added in v0.6.4 

func WithIncludeKubeSystem(include bool) KubescapeOption

func WithIncludeResources added in v0.6.4 

func WithIncludeResources(resources []string) KubescapeOption

func WithKubescapeFormat added in v0.6.4 

func WithKubescapeFormat(format string) KubescapeOption

func WithKubescapeKubeconfig added in v0.6.4 

func WithKubescapeKubeconfig(path string) KubescapeOption

func WithKubescapeNamespace added in v0.6.4 

func WithKubescapeNamespace(namespace string) KubescapeOption

func WithKubescapeOutput added in v0.6.4 

func WithKubescapeOutput(output string) KubescapeOption

func WithKubescapeVerbose added in v0.6.4 

func WithKubescapeVerbose(verbose bool) KubescapeOption

func WithKubescapeVersion added in v0.6.4 

func WithKubescapeVersion(version string) KubescapeOption

func WithSeverityThreshold added in v0.6.4 

func WithSeverityThreshold(threshold string) KubescapeOption

type KuttlModule added in v0.6.4 

type KuttlModule struct {
	// contains filtered or unexported fields
}

KuttlModule runs KUTTL for Kubernetes testing

func NewKuttlModule added in v0.6.4 

func NewKuttlModule(client *dagger.Client) *KuttlModule

NewKuttlModule creates a new KUTTL module

func (*KuttlModule) GetVersion added in v0.6.4 

func (m *KuttlModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of KUTTL

func (*KuttlModule) RunTest added in v0.6.4 

func (m *KuttlModule) RunTest(ctx context.Context, testPath string, kubeconfig string) (string, error)

RunTest runs KUTTL tests

func (*KuttlModule) ValidateTest added in v0.6.4 

func (m *KuttlModule) ValidateTest(ctx context.Context, testPath string) (string, error)

ValidateTest validates test configuration

type KyvernoModule added in v0.6.4 

type KyvernoModule struct {
	// contains filtered or unexported fields
}

KyvernoModule runs Kyverno for Kubernetes policy management

func NewKyvernoModule added in v0.6.4 

func NewKyvernoModule(client *dagger.Client) *KyvernoModule

NewKyvernoModule creates a new Kyverno module

func (*KyvernoModule) ApplyPolicies added in v0.6.4 

func (m *KyvernoModule) ApplyPolicies(ctx context.Context, policiesPath string, kubeconfig string) (string, error)

ApplyPolicies applies Kyverno policies to cluster

func (*KyvernoModule) GetVersion added in v0.6.4 

func (m *KyvernoModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Kyverno CLI

func (*KyvernoModule) TestPolicies added in v0.6.4 

func (m *KyvernoModule) TestPolicies(ctx context.Context, policiesPath string, resourcesPath string) (string, error)

TestPolicies tests policies against resources

func (*KyvernoModule) ValidatePolicies added in v0.6.4 

func (m *KyvernoModule) ValidatePolicies(ctx context.Context, policiesPath string) (string, error)

ValidatePolicies validates Kyverno policy syntax

type KyvernoMultitenantModule added in v0.6.4 

type KyvernoMultitenantModule struct {
	// contains filtered or unexported fields
}

KyvernoMultitenantModule runs Kyverno for multi-tenant environments

func NewKyvernoMultitenantModule added in v0.6.4 

func NewKyvernoMultitenantModule(client *dagger.Client) *KyvernoMultitenantModule

NewKyvernoMultitenantModule creates a new Kyverno multitenant module

func (*KyvernoMultitenantModule) CreateTenantPolicies added in v0.6.4 

func (m *KyvernoMultitenantModule) CreateTenantPolicies(ctx context.Context, tenantName string, kubeconfig string) (string, error)

CreateTenantPolicies creates tenant isolation policies

func (*KyvernoMultitenantModule) ValidateMultitenantSetup added in v0.6.4 

func (m *KyvernoMultitenantModule) ValidateMultitenantSetup(ctx context.Context, tenantsConfig string, kubeconfig string) (string, error)

ValidateMultitenantSetup validates multi-tenant setup

type LLMWithServiceTools 

type LLMWithServiceTools struct {
	// contains filtered or unexported fields
}

LLMWithServiceTools creates an LLM that can call services as tools

func NewLLMWithServiceTools 

func NewLLMWithServiceTools(client *dagger.Client, model string) *LLMWithServiceTools

NewLLMWithServiceTools creates an LLM with access to tool services

func (*LLMWithServiceTools) InvestigateWithServices 

func (m *LLMWithServiceTools) InvestigateWithServices(ctx context.Context, task string) (*ServiceInvestigationReport, error)

InvestigateWithServices performs investigation using service-based tools

type LicenseDetectorModule added in v0.6.4 

type LicenseDetectorModule struct {
	// contains filtered or unexported fields
}

LicenseDetectorModule detects and analyzes software licenses

func NewLicenseDetectorModule added in v0.6.4 

func NewLicenseDetectorModule(client *dagger.Client) *LicenseDetectorModule

NewLicenseDetectorModule creates a new license detector module

func (*LicenseDetectorModule) AnalyzeDependencyLicenses added in v0.6.4 

func (m *LicenseDetectorModule) AnalyzeDependencyLicenses(ctx context.Context, packageFile string) (string, error)

AnalyzeDependencyLicenses analyzes dependency licenses

func (*LicenseDetectorModule) DetectLicenses added in v0.6.4 

func (m *LicenseDetectorModule) DetectLicenses(ctx context.Context, dir string) (string, error)

DetectLicenses detects licenses in a directory

func (*LicenseDetectorModule) ValidateLicenseCompliance added in v0.6.4 

func (m *LicenseDetectorModule) ValidateLicenseCompliance(ctx context.Context, dir string, allowedLicenses []string) (string, error)

ValidateLicenseCompliance validates license compliance

type LitmusModule added in v0.6.4 

type LitmusModule struct {
	// contains filtered or unexported fields
}

LitmusModule runs Litmus for chaos engineering

func NewLitmusModule added in v0.6.4 

func NewLitmusModule(client *dagger.Client) *LitmusModule

NewLitmusModule creates a new Litmus module

func (*LitmusModule) CreateExperiment added in v0.6.4 

func (m *LitmusModule) CreateExperiment(ctx context.Context, experimentPath string, kubeconfig string) (string, error)

CreateExperiment creates a chaos experiment

func (*LitmusModule) GetChaosResults added in v0.6.4 

func (m *LitmusModule) GetChaosResults(ctx context.Context, experimentName string, kubeconfig string) (string, error)

GetChaosResults gets chaos experiment results

func (*LitmusModule) GetExperiments added in v0.6.4 

func (m *LitmusModule) GetExperiments(ctx context.Context, kubeconfig string) (string, error)

GetExperiments lists chaos experiments

func (*LitmusModule) GetVersion added in v0.6.4 

func (m *LitmusModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Litmus

type NiktoModule added in v0.6.4 

type NiktoModule struct {
	// contains filtered or unexported fields
}

NiktoModule runs Nikto for web vulnerability scanning

func NewNiktoModule added in v0.6.4 

func NewNiktoModule(client *dagger.Client) *NiktoModule

NewNiktoModule creates a new Nikto module

func (*NiktoModule) GetVersion added in v0.6.4 

func (m *NiktoModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Nikto

func (*NiktoModule) ScanHost added in v0.6.4 

func (m *NiktoModule) ScanHost(ctx context.Context, host string) (string, error)

ScanHost scans a web host for vulnerabilities

func (*NiktoModule) ScanWithSSL added in v0.6.4 

func (m *NiktoModule) ScanWithSSL(ctx context.Context, host string, port int) (string, error)

ScanWithSSL scans a host with SSL/TLS analysis

func (*NiktoModule) ScanWithTuning added in v0.6.4 

func (m *NiktoModule) ScanWithTuning(ctx context.Context, host string, tuning string) (string, error)

ScanWithTuning scans with specific tuning options

type OSSFScorecardModule added in v0.6.4 

type OSSFScorecardModule struct {
	// contains filtered or unexported fields
}

OSSFScorecardModule runs OSSF Scorecard for open source security scoring

func NewOSSFScorecardModule added in v0.6.4 

func NewOSSFScorecardModule(client *dagger.Client) *OSSFScorecardModule

NewOSSFScorecardModule creates a new OSSF Scorecard module

func (*OSSFScorecardModule) GetVersion added in v0.6.4 

func (m *OSSFScorecardModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of OSSF Scorecard

func (*OSSFScorecardModule) ListChecks added in v0.6.4 

func (m *OSSFScorecardModule) ListChecks(ctx context.Context) (string, error)

ListChecks lists available scorecard checks

func (*OSSFScorecardModule) ScoreRepository added in v0.6.4 

func (m *OSSFScorecardModule) ScoreRepository(ctx context.Context, repoURL string, githubToken string) (string, error)

ScoreRepository scores a repository's security posture

func (*OSSFScorecardModule) ScoreWithChecks added in v0.6.4 

func (m *OSSFScorecardModule) ScoreWithChecks(ctx context.Context, repoURL string, checks []string, githubToken string) (string, error)

ScoreWithChecks scores repository with specific checks

type OSVScannerModule added in v0.6.4 

type OSVScannerModule struct {
	// contains filtered or unexported fields
}

OSVScannerModule runs OSV Scanner for vulnerability detection

func NewOSVScannerModule added in v0.6.4 

func NewOSVScannerModule(client *dagger.Client) *OSVScannerModule

NewOSVScannerModule creates a new OSV Scanner module

func (*OSVScannerModule) GetVersion added in v0.6.4 

func (m *OSVScannerModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of OSV Scanner

func (*OSVScannerModule) ScanDirectory added in v0.6.4 

func (m *OSVScannerModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for vulnerabilities

func (*OSVScannerModule) ScanLockfile added in v0.6.4 

func (m *OSVScannerModule) ScanLockfile(ctx context.Context, lockfilePath string) (string, error)

ScanLockfile scans a specific lockfile

func (*OSVScannerModule) ScanSBOM added in v0.6.4 

func (m *OSVScannerModule) ScanSBOM(ctx context.Context, sbomPath string) (string, error)

ScanSBOM scans an SBOM file

type OpenInfraQuoteModule 

type OpenInfraQuoteModule struct {
	// contains filtered or unexported fields
}

OpenInfraQuoteModule runs OpenInfraQuote for Terraform cost analysis

func NewOpenInfraQuoteModule 

func NewOpenInfraQuoteModule(client *dagger.Client) *OpenInfraQuoteModule

NewOpenInfraQuoteModule creates a new OpenInfraQuote module

func (*OpenInfraQuoteModule) AnalyzeDirectory 

func (m *OpenInfraQuoteModule) AnalyzeDirectory(ctx context.Context, dir string, region string) (string, error)

AnalyzeDirectory analyzes all Terraform files in a directory

func (*OpenInfraQuoteModule) AnalyzePlan 

func (m *OpenInfraQuoteModule) AnalyzePlan(ctx context.Context, planFile string, region string) (string, error)

AnalyzePlan analyzes a Terraform plan JSON file for cost estimation

func (*OpenInfraQuoteModule) GetVersion 

func (m *OpenInfraQuoteModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of OpenInfraQuote

type OpenSCAPModule added in v0.6.4 

type OpenSCAPModule struct {
	// contains filtered or unexported fields
}

OpenSCAPModule runs OpenSCAP for security compliance scanning

func NewOpenSCAPModule added in v0.6.4 

func NewOpenSCAPModule(client *dagger.Client) *OpenSCAPModule

NewOpenSCAPModule creates a new OpenSCAP module

func (*OpenSCAPModule) EvaluateProfile added in v0.6.4 

func (m *OpenSCAPModule) EvaluateProfile(ctx context.Context, contentPath string, profile string) (string, error)

EvaluateProfile evaluates a system against SCAP content

func (*OpenSCAPModule) GenerateReport added in v0.6.4 

func (m *OpenSCAPModule) GenerateReport(ctx context.Context, resultsPath string) (string, error)

GenerateReport generates compliance report

func (*OpenSCAPModule) ScanImage added in v0.6.4 

func (m *OpenSCAPModule) ScanImage(ctx context.Context, imageName string, profile string) (string, error)

ScanImage scans a container image for compliance

type PMapperModule added in v0.6.4 

type PMapperModule struct {
	// contains filtered or unexported fields
}

PMapperModule runs PMapper for AWS IAM privilege mapping

func NewPMapperModule added in v0.6.4 

func NewPMapperModule(client *dagger.Client) *PMapperModule

NewPMapperModule creates a new PMapper module

func (*PMapperModule) CheckAdminAccess added in v0.6.4 

func (m *PMapperModule) CheckAdminAccess(ctx context.Context, profile string, principal string) (string, error)

CheckAdminAccess checks if a principal has admin access

func (*PMapperModule) CreateGraph added in v0.6.4 

func (m *PMapperModule) CreateGraph(ctx context.Context, profile string) (string, error)

CreateGraph creates a privilege graph for an AWS account

func (*PMapperModule) FindPrivilegeEscalation added in v0.6.4 

func (m *PMapperModule) FindPrivilegeEscalation(ctx context.Context, profile string, principal string) (string, error)

FindPrivilegeEscalation finds privilege escalation paths

func (*PMapperModule) ListPrincipals added in v0.6.4 

func (m *PMapperModule) ListPrincipals(ctx context.Context, profile string) (string, error)

ListPrincipals lists all principals in the AWS account

func (*PMapperModule) QueryAccess added in v0.6.4 

func (m *PMapperModule) QueryAccess(ctx context.Context, profile string, principal string, action string, resource string) (string, error)

QueryAccess queries if a principal can access a specific action/resource

func (*PMapperModule) VisualizeGraph added in v0.6.4 

func (m *PMapperModule) VisualizeGraph(ctx context.Context, profile string, outputFormat string) (string, error)

VisualizeGraph creates a visual representation of the privilege graph

type PackerModule added in v0.6.4 

type PackerModule struct {
	// contains filtered or unexported fields
}

PackerModule runs Packer for image building

func NewPackerModule added in v0.6.4 

func NewPackerModule(client *dagger.Client) *PackerModule

NewPackerModule creates a new Packer module

func (*PackerModule) BuildImage added in v0.6.4 

func (m *PackerModule) BuildImage(ctx context.Context, templatePath string, varsFile string) (string, error)

BuildImage builds an image using Packer

func (*PackerModule) FormatTemplate added in v0.6.4 

func (m *PackerModule) FormatTemplate(ctx context.Context, templatePath string) (string, error)

FormatTemplate formats a Packer template

func (*PackerModule) GetVersion added in v0.6.4 

func (m *PackerModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Packer

func (*PackerModule) ValidateTemplate added in v0.6.4 

func (m *PackerModule) ValidateTemplate(ctx context.Context, templatePath string) (string, error)

ValidateTemplate validates a Packer template

type ParliamentModule added in v0.6.4 

type ParliamentModule struct {
	// contains filtered or unexported fields
}

ParliamentModule runs Parliament for AWS IAM policy linting

func NewParliamentModule added in v0.6.4 

func NewParliamentModule(client *dagger.Client) *ParliamentModule

NewParliamentModule creates a new Parliament module

func (*ParliamentModule) LintPolicyDirectory added in v0.6.4 

func (m *ParliamentModule) LintPolicyDirectory(ctx context.Context, dir string) (string, error)

LintPolicyDirectory lints all policy files in a directory

func (*ParliamentModule) LintPolicyFile added in v0.6.4 

func (m *ParliamentModule) LintPolicyFile(ctx context.Context, policyPath string) (string, error)

LintPolicyFile lints a specific IAM policy file

func (*ParliamentModule) LintPolicyString added in v0.6.4 

func (m *ParliamentModule) LintPolicyString(ctx context.Context, policyJSON string) (string, error)

LintPolicyString lints a policy provided as a string

func (*ParliamentModule) LintWithCommunityAuditors added in v0.6.4 

func (m *ParliamentModule) LintWithCommunityAuditors(ctx context.Context, policyPath string) (string, error)

LintWithCommunityAuditors lints using community auditors

func (*ParliamentModule) LintWithPrivateAuditors added in v0.6.4 

func (m *ParliamentModule) LintWithPrivateAuditors(ctx context.Context, policyPath string, auditorsPath string) (string, error)

LintWithPrivateAuditors lints using private auditors

func (*ParliamentModule) LintWithSeverityFilter added in v0.6.4 

func (m *ParliamentModule) LintWithSeverityFilter(ctx context.Context, policyPath string, minSeverity string) (string, error)

LintWithSeverityFilter lints and filters by severity level

type PolicySentryModule added in v0.6.4 

type PolicySentryModule struct {
	// contains filtered or unexported fields
}

PolicySentryModule runs Policy Sentry for AWS IAM policy generation

func NewPolicySentryModule added in v0.6.4 

func NewPolicySentryModule(client *dagger.Client) *PolicySentryModule

NewPolicySentryModule creates a new Policy Sentry module

func (*PolicySentryModule) CreateTemplate added in v0.6.4 

func (m *PolicySentryModule) CreateTemplate(ctx context.Context, templateType string, outputFile string) (string, error)

CreateTemplate creates a policy template

func (*PolicySentryModule) QueryActionTable added in v0.6.4 

func (m *PolicySentryModule) QueryActionTable(ctx context.Context, service string) (string, error)

QueryActionTable queries the action table for service information

func (*PolicySentryModule) QueryConditionTable added in v0.6.4 

func (m *PolicySentryModule) QueryConditionTable(ctx context.Context, service string) (string, error)

QueryConditionTable queries the condition table for service information

func (*PolicySentryModule) WritePolicy added in v0.6.4 

func (m *PolicySentryModule) WritePolicy(ctx context.Context, inputFile string) (string, error)

WritePolicy writes an IAM policy from a YAML template

func (*PolicySentryModule) WritePolicyFromTemplate added in v0.6.4 

func (m *PolicySentryModule) WritePolicyFromTemplate(ctx context.Context, templateYAML string) (string, error)

WritePolicyFromTemplate writes a policy from an inline template

func (*PolicySentryModule) WritePolicyWithActions added in v0.6.4 

func (m *PolicySentryModule) WritePolicyWithActions(ctx context.Context, actions []string, resourceArns []string) (string, error)

WritePolicyWithActions writes a policy based on specific actions

func (*PolicySentryModule) WritePolicyWithCRUD added in v0.6.4 

func (m *PolicySentryModule) WritePolicyWithCRUD(ctx context.Context, resourceArns []string, accessLevels []string) (string, error)

WritePolicyWithCRUD writes a policy based on CRUD operations

type PowerpipeModule added in v0.6.4 

type PowerpipeModule struct {
	// contains filtered or unexported fields
}

PowerpipeModule runs Powerpipe for security dashboards

func NewPowerpipeModule added in v0.6.4 

func NewPowerpipeModule(client *dagger.Client) *PowerpipeModule

NewPowerpipeModule creates a new Powerpipe module

func (*PowerpipeModule) GetVersion added in v0.6.4 

func (m *PowerpipeModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Powerpipe

func (*PowerpipeModule) ListBenchmarks added in v0.6.4 

func (m *PowerpipeModule) ListBenchmarks(ctx context.Context, modPath string) (string, error)

ListBenchmarks lists available benchmarks

func (*PowerpipeModule) RunBenchmark added in v0.6.4 

func (m *PowerpipeModule) RunBenchmark(ctx context.Context, benchmark string, modPath string) (string, error)

RunBenchmark runs a security benchmark

func (*PowerpipeModule) RunControl added in v0.6.4 

func (m *PowerpipeModule) RunControl(ctx context.Context, control string, modPath string) (string, error)

RunControl runs a specific control

type ProwlerModule added in v0.6.4 

type ProwlerModule struct {
	// contains filtered or unexported fields
}

ProwlerModule runs Prowler for cloud security assessment

func NewProwlerModule added in v0.6.4 

func NewProwlerModule(client *dagger.Client) *ProwlerModule

NewProwlerModule creates a new Prowler module

func (*ProwlerModule) ScanAWS added in v0.6.4 

func (m *ProwlerModule) ScanAWS(ctx context.Context, provider string, region string) (string, error)

ScanAWS scans AWS infrastructure for security issues

func (*ProwlerModule) ScanAzure added in v0.6.4 

func (m *ProwlerModule) ScanAzure(ctx context.Context) (string, error)

ScanAzure scans Azure infrastructure for security issues

func (*ProwlerModule) ScanGCP added in v0.6.4 

func (m *ProwlerModule) ScanGCP(ctx context.Context, projectId string) (string, error)

ScanGCP scans Google Cloud Platform for security issues

func (*ProwlerModule) ScanKubernetes added in v0.6.4 

func (m *ProwlerModule) ScanKubernetes(ctx context.Context, kubeconfigPath string) (string, error)

ScanKubernetes scans Kubernetes cluster for security issues

func (*ProwlerModule) ScanSpecificServices added in v0.6.4 

func (m *ProwlerModule) ScanSpecificServices(ctx context.Context, provider string, services string, region string) (string, error)

ScanSpecificServices scans specific cloud services

func (*ProwlerModule) ScanWithCompliance added in v0.6.4 

func (m *ProwlerModule) ScanWithCompliance(ctx context.Context, provider string, compliance string, region string) (string, error)

ScanWithCompliance scans with specific compliance frameworks

type RegistryModule added in v0.6.4 

type RegistryModule struct {
	// contains filtered or unexported fields
}

RegistryModule runs container registry operations

func NewRegistryModule added in v0.6.4 

func NewRegistryModule(client *dagger.Client) *RegistryModule

NewRegistryModule creates a new registry module

func (*RegistryModule) CheckImageSecurity added in v0.6.4 

func (m *RegistryModule) CheckImageSecurity(ctx context.Context, imageName string) (string, error)

CheckImageSecurity checks image security properties

func (*RegistryModule) GetImageTags added in v0.6.4 

func (m *RegistryModule) GetImageTags(ctx context.Context, registryURL string, repository string, username string, password string) (string, error)

GetImageTags gets tags for an image

func (*RegistryModule) ListRepositories added in v0.6.4 

func (m *RegistryModule) ListRepositories(ctx context.Context, registryURL string, username string, password string) (string, error)

ListRepositories lists repositories in registry

func (*RegistryModule) ScanRegistry added in v0.6.4 

func (m *RegistryModule) ScanRegistry(ctx context.Context, registryURL string, repository string) (string, error)

ScanRegistry scans container registry for vulnerabilities

type RekorModule added in v0.6.4 

type RekorModule struct {
	// contains filtered or unexported fields
}

RekorModule runs Rekor for transparency log operations

func NewRekorModule added in v0.6.4 

func NewRekorModule(client *dagger.Client) *RekorModule

NewRekorModule creates a new Rekor module

func (*RekorModule) Get added in v0.6.4 

func (m *RekorModule) Get(ctx context.Context, logIndex string) (string, error)

Get retrieves an entry from the log

func (*RekorModule) Search added in v0.6.4 

func (m *RekorModule) Search(ctx context.Context, query string) (string, error)

Search searches the transparency log

func (*RekorModule) Upload added in v0.6.4 

func (m *RekorModule) Upload(ctx context.Context, artifactPath string, signaturePath string) (string, error)

Upload uploads an artifact to the transparency log

func (*RekorModule) Verify added in v0.6.4 

func (m *RekorModule) Verify(ctx context.Context, artifactPath string, signaturePath string) (string, error)

Verify verifies an entry in the log

type SLSAVerifierConfig added in v0.6.4 

type SLSAVerifierConfig struct {
	SourceURI       string
	SourceTag       string
	BuilderID       string
	PrintProvenance bool
	VerifierVersion string
}

type SLSAVerifierModule added in v0.6.4 

type SLSAVerifierModule struct {
	// contains filtered or unexported fields
}

func NewSLSAVerifierModule added in v0.6.4 

func NewSLSAVerifierModule(client *dagger.Client) *SLSAVerifierModule

func (*SLSAVerifierModule) GeneratePolicy added in v0.6.4 

func (m *SLSAVerifierModule) GeneratePolicy(ctx context.Context, opts ...SLSAVerifierOption) (*dagger.Container, error)

GeneratePolicy generates SLSA policy configuration

func (*SLSAVerifierModule) VerifyImage added in v0.6.4 

func (m *SLSAVerifierModule) VerifyImage(ctx context.Context, imageRef string, opts ...SLSAVerifierOption) (*dagger.Container, error)

VerifyImage verifies SLSA provenance for container images

func (*SLSAVerifierModule) VerifyProvenance added in v0.6.4 

func (m *SLSAVerifierModule) VerifyProvenance(ctx context.Context, artifactPath, provenancePath string, opts ...SLSAVerifierOption) (*dagger.Container, error)

VerifyProvenance verifies SLSA provenance for artifacts

type SLSAVerifierOption added in v0.6.4 

type SLSAVerifierOption func(*SLSAVerifierConfig)

func WithBuilderID added in v0.6.4 

func WithBuilderID(id string) SLSAVerifierOption

func WithPrintProvenance added in v0.6.4 

func WithPrintProvenance(print bool) SLSAVerifierOption

func WithSourceTag added in v0.6.4 

func WithSourceTag(tag string) SLSAVerifierOption

func WithSourceURI added in v0.6.4 

func WithSourceURI(uri string) SLSAVerifierOption

func WithVerifierVersion added in v0.6.4 

func WithVerifierVersion(version string) SLSAVerifierOption

type SOPSConfig added in v0.6.4 

type SOPSConfig struct {
	SOPSVersion    string
	Format         string
	Output         string
	KMSARN         string
	GPGFingerprint string
	AgePublicKey   string
	AgeKeyFile     string
	GPGKeyDir      string
	AzureKeyVault  string
	GCPKMS         string
	AWSProfile     string
	InPlace        bool
	RemoveKMS      []string
	RemovePGP      []string
	RemoveAge      []string
}

type SOPSModule added in v0.6.4 

type SOPSModule struct {
	// contains filtered or unexported fields
}

func NewSOPSModule added in v0.6.4 

func NewSOPSModule(client *dagger.Client) *SOPSModule

func (*SOPSModule) DecryptFile added in v0.6.4 

func (m *SOPSModule) DecryptFile(ctx context.Context, filePath string, opts ...SOPSOption) (*dagger.Container, error)

DecryptFile decrypts a SOPS-encrypted file

func (*SOPSModule) EditFile added in v0.6.4 

func (m *SOPSModule) EditFile(ctx context.Context, filePath string, opts ...SOPSOption) (*dagger.Container, error)

EditFile opens a SOPS file for editing

func (*SOPSModule) EncryptFile added in v0.6.4 

func (m *SOPSModule) EncryptFile(ctx context.Context, filePath string, opts ...SOPSOption) (*dagger.Container, error)

EncryptFile encrypts a file using SOPS

func (*SOPSModule) GenerateConfig added in v0.6.4 

func (m *SOPSModule) GenerateConfig(ctx context.Context, opts ...SOPSOption) (*dagger.Container, error)

GenerateConfig creates a SOPS configuration file

func (*SOPSModule) RotateKeys added in v0.6.4 

func (m *SOPSModule) RotateKeys(ctx context.Context, filePath string, opts ...SOPSOption) (*dagger.Container, error)

RotateKeys rotates encryption keys for SOPS files

func (*SOPSModule) ValidateFile added in v0.6.4 

func (m *SOPSModule) ValidateFile(ctx context.Context, filePath string, opts ...SOPSOption) (*dagger.Container, error)

ValidateFile validates a SOPS-encrypted file structure

type SOPSOption added in v0.6.4 

type SOPSOption func(*SOPSConfig)

func WithAWSProfile added in v0.6.4 

func WithAWSProfile(profile string) SOPSOption

func WithAgeKeyFile added in v0.6.4 

func WithAgeKeyFile(file string) SOPSOption

func WithAgePublicKey added in v0.6.4 

func WithAgePublicKey(key string) SOPSOption

func WithAzureKeyVault added in v0.6.4 

func WithAzureKeyVault(vault string) SOPSOption

func WithGCPKMS added in v0.6.4 

func WithGCPKMS(kms string) SOPSOption

func WithGPGFingerprint added in v0.6.4 

func WithGPGFingerprint(fingerprint string) SOPSOption

func WithGPGKeyDir added in v0.6.4 

func WithGPGKeyDir(dir string) SOPSOption

func WithInPlace added in v0.6.4 

func WithInPlace(inPlace bool) SOPSOption

func WithKMSARN added in v0.6.4 

func WithKMSARN(arn string) SOPSOption

func WithRemoveAge added in v0.6.4 

func WithRemoveAge(keys []string) SOPSOption

func WithRemoveKMS added in v0.6.4 

func WithRemoveKMS(arns []string) SOPSOption

func WithRemovePGP added in v0.6.4 

func WithRemovePGP(fingerprints []string) SOPSOption

func WithSOPSFormat added in v0.6.4 

func WithSOPSFormat(format string) SOPSOption

func WithSOPSOutput added in v0.6.4 

func WithSOPSOutput(output string) SOPSOption

func WithSOPSVersion added in v0.6.4 

func WithSOPSVersion(version string) SOPSOption

type ScoutSuiteModule added in v0.6.4 

type ScoutSuiteModule struct {
	// contains filtered or unexported fields
}

ScoutSuiteModule runs Scout Suite for multi-cloud security auditing

func NewScoutSuiteModule added in v0.6.4 

func NewScoutSuiteModule(client *dagger.Client) *ScoutSuiteModule

NewScoutSuiteModule creates a new Scout Suite module

func (*ScoutSuiteModule) GetVersion added in v0.6.4 

func (m *ScoutSuiteModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Scout Suite

func (*ScoutSuiteModule) ScanAWS added in v0.6.4 

func (m *ScoutSuiteModule) ScanAWS(ctx context.Context, profile string) (string, error)

ScanAWS scans AWS environment

func (*ScoutSuiteModule) ScanAzure added in v0.6.4 

func (m *ScoutSuiteModule) ScanAzure(ctx context.Context) (string, error)

ScanAzure scans Azure environment

func (*ScoutSuiteModule) ScanGCP added in v0.6.4 

func (m *ScoutSuiteModule) ScanGCP(ctx context.Context, projectID string) (string, error)

ScanGCP scans Google Cloud Platform environment

type SemgrepModule added in v0.6.4 

type SemgrepModule struct {
	// contains filtered or unexported fields
}

SemgrepModule runs Semgrep for static analysis

func NewSemgrepModule added in v0.6.4 

func NewSemgrepModule(client *dagger.Client) *SemgrepModule

NewSemgrepModule creates a new Semgrep module

func (*SemgrepModule) GetVersion added in v0.6.4 

func (m *SemgrepModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Semgrep

func (*SemgrepModule) ScanDirectory added in v0.6.4 

func (m *SemgrepModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory with Semgrep rules

func (*SemgrepModule) ScanFile added in v0.6.4 

func (m *SemgrepModule) ScanFile(ctx context.Context, filePath string) (string, error)

ScanFile scans a specific file

func (*SemgrepModule) ScanWithRuleset added in v0.6.4 

func (m *SemgrepModule) ScanWithRuleset(ctx context.Context, dir string, ruleset string) (string, error)

ScanWithRuleset scans with specific ruleset

type ServiceInvestigationReport 

type ServiceInvestigationReport struct {
	Task         string
	ServicesUsed []string
	Results      string
}

ServiceInvestigationReport contains results from service-based investigation

type SigstorePolicyControllerModule added in v0.6.4 

type SigstorePolicyControllerModule struct {
	Client *dagger.Client
}

SigstorePolicyControllerModule provides Sigstore Policy Controller capabilities

func NewSigstorePolicyControllerModule added in v0.6.4 

func NewSigstorePolicyControllerModule(client *dagger.Client) *SigstorePolicyControllerModule

NewSigstorePolicyControllerModule creates a new Sigstore Policy Controller module

func (*SigstorePolicyControllerModule) AuditImages added in v0.6.4 

func (m *SigstorePolicyControllerModule) AuditImages(ctx context.Context, namespace string, policyPath string) (string, error)

AuditImages audits images for signing compliance

func (*SigstorePolicyControllerModule) CheckCompliance added in v0.6.4 

func (m *SigstorePolicyControllerModule) CheckCompliance(ctx context.Context, manifestsPath string, policyPath string) (string, error)

CheckCompliance checks if images in a directory comply with policies

func (*SigstorePolicyControllerModule) GeneratePolicyTemplate added in v0.6.4 

func (m *SigstorePolicyControllerModule) GeneratePolicyTemplate(ctx context.Context, namespace string, keyRef string) (string, error)

GeneratePolicyTemplate generates a policy template

func (*SigstorePolicyControllerModule) ListPolicies added in v0.6.4 

func (m *SigstorePolicyControllerModule) ListPolicies(ctx context.Context, policiesPath string) (string, error)

ListPolicies lists all available policies in a directory

func (*SigstorePolicyControllerModule) TestPolicy added in v0.6.4 

func (m *SigstorePolicyControllerModule) TestPolicy(ctx context.Context, policyPath string, imageName string) (string, error)

TestPolicy tests a policy against an image

func (*SigstorePolicyControllerModule) ValidateManifest added in v0.6.4 

func (m *SigstorePolicyControllerModule) ValidateManifest(ctx context.Context, manifestPath string, policyPath string) (string, error)

ValidateManifest validates a Kubernetes manifest against signing policies

func (*SigstorePolicyControllerModule) ValidatePolicy added in v0.6.4 

func (m *SigstorePolicyControllerModule) ValidatePolicy(ctx context.Context, policyPath string) (string, error)

ValidatePolicy validates a ClusterImagePolicy

func (*SigstorePolicyControllerModule) VerifySignature added in v0.6.4 

func (m *SigstorePolicyControllerModule) VerifySignature(ctx context.Context, imageName string, publicKeyPath string) (string, error)

VerifySignature verifies an image signature against policies

type SteampipeModule 

type SteampipeModule struct {
	// contains filtered or unexported fields
}

SteampipeModule runs Steampipe for cloud asset querying

func NewSteampipeModule 

func NewSteampipeModule(client *dagger.Client) *SteampipeModule

NewSteampipeModule creates a new Steampipe module

func (*SteampipeModule) GetVersion 

func (m *SteampipeModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Steampipe

func (*SteampipeModule) ListPlugins added in v0.6.4 

func (m *SteampipeModule) ListPlugins(ctx context.Context) (string, error)

ListPlugins lists available plugins

func (*SteampipeModule) Query added in v0.6.4 

func (m *SteampipeModule) Query(ctx context.Context, query string, plugin string) (string, error)

Query executes a SQL query against cloud resources

func (*SteampipeModule) QueryFromFile added in v0.6.4 

func (m *SteampipeModule) QueryFromFile(ctx context.Context, queryFile string, plugin string) (string, error)

QueryFromFile executes queries from a file

type StepCAModule added in v0.6.4 

type StepCAModule struct {
	// contains filtered or unexported fields
}

StepCAModule runs Step CA for certificate authority operations

func NewStepCAModule added in v0.6.4 

func NewStepCAModule(client *dagger.Client) *StepCAModule

NewStepCAModule creates a new Step CA module

func (*StepCAModule) CreateCertificate added in v0.6.4 

func (m *StepCAModule) CreateCertificate(ctx context.Context, subject string, caURL string, rootCert string) (string, error)

CreateCertificate creates a certificate

func (*StepCAModule) GetVersion added in v0.6.4 

func (m *StepCAModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Step CA

func (*StepCAModule) InitCA added in v0.6.4 

func (m *StepCAModule) InitCA(ctx context.Context, name string, dnsName string) (string, error)

InitCA initializes a certificate authority

func (*StepCAModule) RenewCertificate added in v0.6.4 

func (m *StepCAModule) RenewCertificate(ctx context.Context, certPath string, keyPath string, caURL string) (string, error)

RenewCertificate renews a certificate

type SyftModule added in v0.6.4 

type SyftModule struct {
	// contains filtered or unexported fields
}

SyftModule runs Syft for SBOM generation

func NewSyftModule added in v0.6.4 

func NewSyftModule(client *dagger.Client) *SyftModule

NewSyftModule creates a new Syft module

func (*SyftModule) GenerateAttestations added in v0.6.4 

func (m *SyftModule) GenerateAttestations(ctx context.Context, target string, format string) (string, error)

GenerateAttestations generates SBOM with attestations

func (*SyftModule) GenerateSBOMFromDirectory added in v0.6.4 

func (m *SyftModule) GenerateSBOMFromDirectory(ctx context.Context, dir string, format string) (string, error)

GenerateSBOMFromDirectory generates SBOM from a directory

func (*SyftModule) GenerateSBOMFromImage added in v0.6.4 

func (m *SyftModule) GenerateSBOMFromImage(ctx context.Context, imageName string, format string) (string, error)

GenerateSBOMFromImage generates SBOM from a container image

func (*SyftModule) GenerateSBOMFromPackage added in v0.6.4 

func (m *SyftModule) GenerateSBOMFromPackage(ctx context.Context, dir string, packageType string, format string) (string, error)

GenerateSBOMFromPackage generates SBOM from a specific package manager

type TFLintModule 

type TFLintModule struct {
	// contains filtered or unexported fields
}

TFLintModule runs TFLint for Terraform linting

func NewTFLintModule 

func NewTFLintModule(client *dagger.Client) *TFLintModule

NewTFLintModule creates a new TFLint module

func (*TFLintModule) GetVersion 

func (m *TFLintModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of TFLint

func (*TFLintModule) InitPlugins 

func (m *TFLintModule) InitPlugins(ctx context.Context, dir string) error

InitPlugins initializes TFLint plugins

func (*TFLintModule) LintDirectory 

func (m *TFLintModule) LintDirectory(ctx context.Context, dir string) (string, error)

LintDirectory lints all Terraform files in a directory

func (*TFLintModule) LintFile 

func (m *TFLintModule) LintFile(ctx context.Context, filePath string) (string, error)

LintFile lints a specific Terraform file

func (*TFLintModule) LintWithConfig 

func (m *TFLintModule) LintWithConfig(ctx context.Context, dir string, configFile string) (string, error)

LintWithConfig lints using a custom configuration file

func (*TFLintModule) LintWithRules 

func (m *TFLintModule) LintWithRules(ctx context.Context, dir string, enableRules []string, disableRules []string) (string, error)

LintWithRules runs TFLint with specific rule sets enabled

type TerraformDocsModule 

type TerraformDocsModule struct {
	// contains filtered or unexported fields
}

TerraformDocsModule runs terraform-docs for documentation generation

func NewTerraformDocsModule 

func NewTerraformDocsModule(client *dagger.Client) *TerraformDocsModule

NewTerraformDocsModule creates a new terraform-docs module

func (*TerraformDocsModule) GenerateJSON 

func (m *TerraformDocsModule) GenerateJSON(ctx context.Context, dir string) (string, error)

GenerateJSON generates JSON documentation for Terraform modules

func (*TerraformDocsModule) GenerateMarkdown 

func (m *TerraformDocsModule) GenerateMarkdown(ctx context.Context, dir string) (string, error)

GenerateMarkdown generates markdown documentation for Terraform modules

func (*TerraformDocsModule) GenerateTable 

func (m *TerraformDocsModule) GenerateTable(ctx context.Context, dir string) (string, error)

GenerateTable generates a markdown table of inputs and outputs

func (*TerraformDocsModule) GenerateWithConfig 

func (m *TerraformDocsModule) GenerateWithConfig(ctx context.Context, dir string, configFile string) (string, error)

GenerateWithConfig generates documentation using a config file

func (*TerraformDocsModule) GetVersion 

func (m *TerraformDocsModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of terraform-docs

type TerraformerModule added in v0.6.4 

type TerraformerModule struct {
	// contains filtered or unexported fields
}

TerraformerModule runs Terraformer for infrastructure discovery

func NewTerraformerModule added in v0.6.4 

func NewTerraformerModule(client *dagger.Client) *TerraformerModule

NewTerraformerModule creates a new Terraformer module

func (*TerraformerModule) ImportAWS added in v0.6.4 

func (m *TerraformerModule) ImportAWS(ctx context.Context, region string, services []string) (string, error)

ImportAWS imports AWS resources

func (*TerraformerModule) ImportAzure added in v0.6.4 

func (m *TerraformerModule) ImportAzure(ctx context.Context, subscription string, services []string) (string, error)

ImportAzure imports Azure resources

func (*TerraformerModule) ImportGCP added in v0.6.4 

func (m *TerraformerModule) ImportGCP(ctx context.Context, project string, services []string) (string, error)

ImportGCP imports GCP resources

type TerrascanModule added in v0.6.4 

type TerrascanModule struct {
	// contains filtered or unexported fields
}

TerrascanModule runs Terrascan for IaC security scanning

func NewTerrascanModule added in v0.6.4 

func NewTerrascanModule(client *dagger.Client) *TerrascanModule

NewTerrascanModule creates a new Terrascan module

func (*TerrascanModule) ScanCloudFormation added in v0.6.4 

func (m *TerrascanModule) ScanCloudFormation(ctx context.Context, dir string) (string, error)

ScanCloudFormation scans CloudFormation templates

func (*TerrascanModule) ScanDirectory added in v0.6.4 

func (m *TerrascanModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for IaC security issues using Terrascan

func (*TerrascanModule) ScanDockerfiles added in v0.6.4 

func (m *TerrascanModule) ScanDockerfiles(ctx context.Context, dir string) (string, error)

ScanDockerfiles scans Dockerfile for security issues

func (*TerrascanModule) ScanKubernetes added in v0.6.4 

func (m *TerrascanModule) ScanKubernetes(ctx context.Context, dir string) (string, error)

ScanKubernetes scans Kubernetes manifests

func (*TerrascanModule) ScanTerraform added in v0.6.4 

func (m *TerrascanModule) ScanTerraform(ctx context.Context, dir string) (string, error)

ScanTerraform scans Terraform files specifically

func (*TerrascanModule) ScanWithSeverity added in v0.6.4 

func (m *TerrascanModule) ScanWithSeverity(ctx context.Context, dir string, severity string, iacType string) (string, error)

ScanWithSeverity scans with a specific severity threshold

type TfstateReaderModule added in v0.6.4 

type TfstateReaderModule struct {
	// contains filtered or unexported fields
}

TfstateReaderModule reads and analyzes Terraform state files

func NewTfstateReaderModule added in v0.6.4 

func NewTfstateReaderModule(client *dagger.Client) *TfstateReaderModule

NewTfstateReaderModule creates a new Terraform state reader module

func (*TfstateReaderModule) AnalyzeState added in v0.6.4 

func (m *TfstateReaderModule) AnalyzeState(ctx context.Context, statePath string) (string, error)

AnalyzeState analyzes a Terraform state file

func (*TfstateReaderModule) ExtractOutputs added in v0.6.4 

func (m *TfstateReaderModule) ExtractOutputs(ctx context.Context, statePath string) (string, error)

ExtractOutputs extracts outputs from state file

func (*TfstateReaderModule) GetResourceByType added in v0.6.4 

func (m *TfstateReaderModule) GetResourceByType(ctx context.Context, statePath string, resourceType string) (string, error)

GetResourceByType gets resources by type

func (*TfstateReaderModule) ListResources added in v0.6.4 

func (m *TfstateReaderModule) ListResources(ctx context.Context, statePath string) (string, error)

ListResources lists resources in state file

type ToolService 

type ToolService struct {
	// contains filtered or unexported fields
}

ToolService wraps a module as an HTTP service that the LLM can call

type TrivyGoldenModule added in v0.6.4 

type TrivyGoldenModule struct {
	// contains filtered or unexported fields
}

TrivyGoldenModule runs enhanced Trivy workflows for golden image scanning

func NewTrivyGoldenModule added in v0.6.4 

func NewTrivyGoldenModule(client *dagger.Client) *TrivyGoldenModule

NewTrivyGoldenModule creates a new Trivy Golden module

func (*TrivyGoldenModule) CompareImages added in v0.6.4 

func (m *TrivyGoldenModule) CompareImages(ctx context.Context, baseImage string, candidateImage string) (string, error)

CompareImages compares two images for golden image validation

func (*TrivyGoldenModule) GenerateImageAttestation added in v0.6.4 

func (m *TrivyGoldenModule) GenerateImageAttestation(ctx context.Context, imageName string) (string, error)

GenerateImageAttestation generates SLSA attestation for image

func (*TrivyGoldenModule) ScanGoldenImage added in v0.6.4 

func (m *TrivyGoldenModule) ScanGoldenImage(ctx context.Context, imageName string, maxCritical int, maxHigh int) (string, error)

ScanGoldenImage performs comprehensive golden image scanning

func (*TrivyGoldenModule) ValidateImagePolicy added in v0.6.4 

func (m *TrivyGoldenModule) ValidateImagePolicy(ctx context.Context, imageName string, policyPath string) (string, error)

ValidateImagePolicy validates image against policy

type TrivyModule added in v0.6.4 

type TrivyModule struct {
	// contains filtered or unexported fields
}

TrivyModule runs Trivy for comprehensive vulnerability scanning

func NewTrivyModule added in v0.6.4 

func NewTrivyModule(client *dagger.Client) *TrivyModule

NewTrivyModule creates a new Trivy module

func (*TrivyModule) GetVersion added in v0.6.4 

func (m *TrivyModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Trivy

func (*TrivyModule) ScanConfig added in v0.6.4 

func (m *TrivyModule) ScanConfig(ctx context.Context, dir string) (string, error)

ScanConfig scans configuration files for misconfigurations

func (*TrivyModule) ScanFilesystem added in v0.6.4 

func (m *TrivyModule) ScanFilesystem(ctx context.Context, dir string) (string, error)

ScanFilesystem scans a filesystem for vulnerabilities

func (*TrivyModule) ScanImage added in v0.6.4 

func (m *TrivyModule) ScanImage(ctx context.Context, imageName string) (string, error)

ScanImage scans a container image for vulnerabilities

func (*TrivyModule) ScanRepository added in v0.6.4 

func (m *TrivyModule) ScanRepository(ctx context.Context, repoURL string) (string, error)

ScanRepository scans a git repository

type TruffleHogModule added in v0.6.4 

type TruffleHogModule struct {
	// contains filtered or unexported fields
}

TruffleHogModule runs TruffleHog for verified secret detection

func NewTruffleHogModule added in v0.6.4 

func NewTruffleHogModule(client *dagger.Client) *TruffleHogModule

NewTruffleHogModule creates a new TruffleHog module

func (*TruffleHogModule) ScanDirectory added in v0.6.4 

func (m *TruffleHogModule) ScanDirectory(ctx context.Context, dir string) (string, error)

ScanDirectory scans a directory for secrets using TruffleHog

func (*TruffleHogModule) ScanDockerImage added in v0.6.4 

func (m *TruffleHogModule) ScanDockerImage(ctx context.Context, imageName string) (string, error)

ScanDockerImage scans a Docker image for secrets

func (*TruffleHogModule) ScanGitHub added in v0.6.4 

func (m *TruffleHogModule) ScanGitHub(ctx context.Context, repo string, token string) (string, error)

ScanGitHub scans a GitHub repository for secrets

func (*TruffleHogModule) ScanGitHubOrg added in v0.6.4 

func (m *TruffleHogModule) ScanGitHubOrg(ctx context.Context, org string, token string) (string, error)

ScanGitHubOrg scans an entire GitHub organization for secrets

func (*TruffleHogModule) ScanGitRepo added in v0.6.4 

func (m *TruffleHogModule) ScanGitRepo(ctx context.Context, repoURL string) (string, error)

ScanGitRepo scans a Git repository for secrets

func (*TruffleHogModule) ScanS3 added in v0.6.4 

func (m *TruffleHogModule) ScanS3(ctx context.Context, bucket string) (string, error)

ScanS3 scans an S3 bucket for secrets

func (*TruffleHogModule) ScanWithVerification added in v0.6.4 

func (m *TruffleHogModule) ScanWithVerification(ctx context.Context, target string, targetType string) (string, error)

ScanWithVerification scans with verification enabled for found secrets

type VeleroModule added in v0.6.4 

type VeleroModule struct {
	// contains filtered or unexported fields
}

VeleroModule runs Velero for Kubernetes backup and restore

func NewVeleroModule added in v0.6.4 

func NewVeleroModule(client *dagger.Client) *VeleroModule

NewVeleroModule creates a new Velero module

func (*VeleroModule) CreateBackup added in v0.6.4 

func (m *VeleroModule) CreateBackup(ctx context.Context, backupName string, kubeconfig string) (string, error)

CreateBackup creates a backup of Kubernetes resources

func (*VeleroModule) GetVersion added in v0.6.4 

func (m *VeleroModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of Velero

func (*VeleroModule) ListBackups added in v0.6.4 

func (m *VeleroModule) ListBackups(ctx context.Context, kubeconfig string) (string, error)

ListBackups lists all backups

func (*VeleroModule) RestoreBackup added in v0.6.4 

func (m *VeleroModule) RestoreBackup(ctx context.Context, backupName string, restoreName string, kubeconfig string) (string, error)

RestoreBackup restores from a backup

type ZapModule added in v0.6.4 

type ZapModule struct {
	// contains filtered or unexported fields
}

ZapModule runs OWASP ZAP for web application security testing

func NewZapModule added in v0.6.4 

func NewZapModule(client *dagger.Client) *ZapModule

NewZapModule creates a new ZAP module

func (*ZapModule) ApiScan added in v0.6.4 

func (m *ZapModule) ApiScan(ctx context.Context, target string, apiSpecPath string) (string, error)

ApiScan performs an API scan using OpenAPI/Swagger spec

func (*ZapModule) BaselineScan added in v0.6.4 

func (m *ZapModule) BaselineScan(ctx context.Context, target string) (string, error)

BaselineScan performs a baseline scan

func (*ZapModule) FullScan added in v0.6.4 

func (m *ZapModule) FullScan(ctx context.Context, target string, maxDuration int) (string, error)

FullScan performs a full scan

func (*ZapModule) GetVersion added in v0.6.4 

func (m *ZapModule) GetVersion(ctx context.Context) (string, error)

GetVersion returns the version of ZAP

func (*ZapModule) ScanWithContext added in v0.6.4 

func (m *ZapModule) ScanWithContext(ctx context.Context, target string, contextPath string) (string, error)

ScanWithContext performs a scan with context file

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.