scan

package

v1.8.1 Latest Latest Go to latest Published: May 7, 2024 License: Apache-2.0 Imports: 38 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cnrancher/hangar

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func InitScanner(o ScannerOption) error
func InitTrivyDatabase(ctx context.Context, o DBOptions) error
func InitTrivyLogOutput(debug, disable bool)
type DBOptions
type ImageResult
- func NewImageResult(ctx context.Context, report *types.Report, format string, opt *ScanOption) (*ImageResult, error)
- func Scan(ctx context.Context, o *ScanOption) (*ImageResult, error)
type Platform
type Report
- func NewReport() *Report
- func (r *Report) Append(result *Result)
- func (r *Report) WriteCSV(f io.Writer) error
type Result
- func NewResult(ref string, images []*ImageResult) *Result
- func (r *Result) Append(image *ImageResult)
- func (r *Result) Pass() bool
type ScanOption
type Scanner
- func NewScanner(o ScannerOption) (Scanner, error)
type ScannerOption
type Severity
- func NewSeverity(s string) Severity
type Vulnerability

Constants ¶

View Source

const (
	DefaultDBRepository     = "ghcr.io/aquasecurity/trivy-db"
	DefaultJavaDBRepository = "ghcr.io/aquasecurity/trivy-java-db"
)

Variables ¶

View Source

var (
	ErrDBNotInitialized = errors.New("trivy db not initialized")
)

View Source

var (
	ErrScannerNotInitialized = errors.New("scanner not initialized")
)

Functions ¶

func InitScanner ¶

func InitScanner(o ScannerOption) error

func InitTrivyDatabase ¶

func InitTrivyDatabase(ctx context.Context, o DBOptions) error

func InitTrivyLogOutput ¶

func InitTrivyLogOutput(debug, disable bool)

Types ¶

type DBOptions ¶

type DBOptions struct {
	TrivyServerURL        string
	CacheDirectory        string
	DBRepository          string
	JavaDBRepository      string
	SkipUpdateDB          bool
	SkipUpdateJavaDB      bool
	InsecureSkipTLSVerify bool
}

type ImageResult ¶

type ImageResult struct {
	Digest          digest.Digest    `json:"digest,omitempty" yaml:"digest,omitempty"`
	Platform        Platform         `json:"platform,omitempty" yaml:"platform,omitempty"`
	SBOM_SPDX       *gospdx.Document `json:"spdx,omitempty" yaml:"spdx,omitempty"`
	Vulnerabilities []Vulnerability  `json:"vulnerabilities,omitempty" yaml:"vulnerabilities,omitempty"`
}

func NewImageResult ¶

func NewImageResult(
	ctx context.Context, report *types.Report, format string, opt *ScanOption,
) (*ImageResult, error)

func Scan ¶

func Scan(ctx context.Context, o *ScanOption) (*ImageResult, error)

type Platform ¶

type Platform struct {
	Arch       string   `json:"arch,omitempty" yaml:"arch,omitempty"`
	OS         string   `json:"os,omitempty" yaml:"os,omitempty"`
	OSVersion  string   `json:"osVersion,omitempty" yaml:"osVersion,omitempty"`
	OSFeatures []string `json:"osFeatures,omitempty" yaml:"osFeatures,omitempty"`
	Variant    string   `json:"variant,omitempty" yaml:"variant,omitempty"`
}

type Report ¶

type Report struct {
	Time    time.Time `json:"time,omitempty" yaml:"time,omitempty"`
	Results []*Result `json:"results,omitempty" yaml:"result,omitempty"`
}

func NewReport ¶

func NewReport() *Report

func (*Report) Append ¶

func (r *Report) Append(result *Result)

func (*Report) WriteCSV ¶

func (r *Report) WriteCSV(f io.Writer) error

type Result ¶

type Result struct {
	Reference string         `json:"reference,omitempty" yaml:"reference,omitempty"`
	Images    []*ImageResult `json:"images,omitempty" yaml:"images,omitempty"`
}

func NewResult ¶

func NewResult(ref string, images []*ImageResult) *Result

func (*Result) Append ¶

func (r *Result) Append(image *ImageResult)

func (*Result) Pass ¶

func (r *Result) Pass() bool

Pass detects if the image results have vulnerabilities

type ScanOption ¶

type ScanOption struct {
	ReferenceName string
	Digest        digest.Digest
	Platform      Platform
}

ScanOption is the option when scanning container image

type Scanner ¶

type Scanner interface {
	Scan(context.Context, *ScanOption) (*ImageResult, error)
}

func NewScanner ¶

func NewScanner(o ScannerOption) (Scanner, error)

type ScannerOption ¶

type ScannerOption struct {
	TrivyServerURL        string
	Offline               bool
	InsecureSkipTLSVerify bool
	CacheDirectory        string

	// Output format: json, yaml, csv, spdx-json
	Format string
	// Scanners: vuln, misconfig, secret, rbac, license, none
	Scanners []string
}

ScannerOption is the option for creating the global image scanner

type Severity ¶

type Severity int

const (
	SeverityUnknown Severity = iota
	SeverityLow
	SeverityMedium
	SeverityHigh
	SeverityCritical
)

func NewSeverity ¶

func NewSeverity(s string) Severity

type Vulnerability ¶

type Vulnerability struct {
	Title            string   `json:"title" yaml:"title"`
	ID               string   `json:"id" yaml:"id"`
	Severity         Severity `json:"-" yaml:"-"`
	SeverityString   string   `json:"severity" yaml:"severity"`
	PkgName          string   `json:"package" yaml:"package"`
	InstalledVersion string   `json:"installed" yaml:"installed"`
	FixedVersion     string   `json:"fixed" yaml:"fixed"`
	PrimaryURL       string   `json:"url" yaml:"url"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL