Documentation ¶
Index ¶
- func GetScanJobName(obj client.Object) string
- type Plugin
- type ReportBuilderPolicy
- func (b *ReportBuilderPolicy) ContainerPolicy(name string) *ReportBuilderPolicy
- func (b *ReportBuilderPolicy) ControllerPolicy(owner metav1.Object) *ReportBuilderPolicy
- func (b *ReportBuilderPolicy) DataPolicy(data policyreport.PolicyReport) *ReportBuilderPolicy
- func (b *ReportBuilderPolicy) GetPolicy() (policyreport.PolicyReport, error)
- func (b *ReportBuilderPolicy) PodSpecHashPolicy(hash string) *ReportBuilderPolicy
- type Scanner
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetScanJobName ¶
Types ¶
type Plugin ¶
type Plugin interface { // Init is a callback to initialize this plugin, e.g. ensure the default // configuration. Init(ctx imgvuln.PluginContext) error // GetScanJobSpec describes the pod that will be created by imgvuln when // it schedules a Kubernetes job to scan the workload with the specified // descriptor. // The second argument maps container names to Docker registry credentials, // which can be passed to the scanner as environment variables with values // set from returned secrets. GetScanJobSpec(ctx imgvuln.PluginContext, spec corev1.PodSpec, credentials map[string]docker.Auth) ( corev1.PodSpec, []*corev1.Secret, error) // ParsePolicyReportData is a callback to parse and convert logs of // the pod controlled by the scan job to PolicyReport. ParsePolicyReportData(logsReader io.ReadCloser, pod client.Object) ( policyreport.PolicyReport, error) }
Plugin defines the interface between imgvuln and static vulnerability scanners.
type ReportBuilderPolicy ¶
type ReportBuilderPolicy struct {
// contains filtered or unexported fields
}
func NewReportBuilderPolicy ¶
func NewReportBuilderPolicy(scheme *runtime.Scheme) *ReportBuilderPolicy
func (*ReportBuilderPolicy) ContainerPolicy ¶
func (b *ReportBuilderPolicy) ContainerPolicy(name string) *ReportBuilderPolicy
func (*ReportBuilderPolicy) ControllerPolicy ¶
func (b *ReportBuilderPolicy) ControllerPolicy(owner metav1.Object) *ReportBuilderPolicy
func (*ReportBuilderPolicy) DataPolicy ¶
func (b *ReportBuilderPolicy) DataPolicy(data policyreport.PolicyReport) *ReportBuilderPolicy
func (*ReportBuilderPolicy) GetPolicy ¶
func (b *ReportBuilderPolicy) GetPolicy() (policyreport.PolicyReport, error)
func (*ReportBuilderPolicy) PodSpecHashPolicy ¶
func (b *ReportBuilderPolicy) PodSpecHashPolicy(hash string) *ReportBuilderPolicy
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner is a template for running static vulnerability scanners that implement the Plugin interface.
func NewScanner ¶
func NewScanner( clientset kubernetes.Interface, client client.Client, plugin Plugin, pluginContext imgvuln.PluginContext, config imgvuln.ConfigData, opts kube.ScannerOpts, ) *Scanner
NewScanner constructs a new static vulnerability Scanner with the specified Plugin that knows how to perform the actual scanning, which is performed by running a Kubernetes job, and knows how to convert logs to instances of PolicyReport.
func (*Scanner) ScanPolicy ¶
func (s *Scanner) ScanPolicy(ctx context.Context, workload kube.Object) ([]policyreport.PolicyReport, error)
Click to show internal directories.
Click to hide internal directories.