cautils

package
v2.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2023 License: Apache-2.0 Imports: 72 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ScanCommand                OperatorSubCommand = "scan"
	ScanConfigCommand          OperatorSubCommand = "config"
	ScanVulnerabilitiesCommand OperatorSubCommand = "vulnerabilities"
	KubescapeScanV1            string             = "scanV1"
)
View Source 
const (
	DefaultPortForwardPortEnv   string = "DEFAULT_PORT_FORWARDER_PORT"
	DefaultPortForwardPortValue string = "4444"
)
View Source 
const (
	ScopeCluster = "cluster"
	ScopeYAML    = "yaml"
)
View Source 
const (
	LocalExceptionsFilename   string = "exceptions.json"
	LocalAttackTracksFilename string = "attack-tracks.json"
)
View Source 
const CLIENT_ENV = "KS_CLIENT"
View Source 
const SKIP_VERSION_CHECK_DEPRECATED_ENV = "KUBESCAPE_SKIP_UPDATE_CHECK"
View Source 
const SKIP_VERSION_CHECK_ENV = "KS_SKIP_UPDATE_CHECK"
View Source 
const UnknownBuildNumber = "unknown"

Variables

View Source 
var (
	YAML_PREFIX = []string{"yaml", "yml"}
	JSON_PREFIX = []string{"json"}
)
View Source 
var (
	ImageVulnResources  = []string{"ImageVulnerabilities"}
	HostSensorResources = []string{"KubeletConfiguration",
		"KubeletCommandLine",
		"OsReleaseFile",
		"KernelVersion",
		"LinuxSecurityHardeningStatus",
		"OpenPortsList",
		"LinuxKernelVariables",
		"KubeletInfo",
		"KubeProxyInfo",
		"ControlPlaneInfo",
		"CloudProviderInfo",
		"CNIInfo",
	}
	CloudResources = []string{
		cloudapis.CloudProviderDescribeKind,
		cloudapis.CloudProviderDescribeRepositoriesKind,
		cloudapis.CloudProviderListEntitiesForPoliciesKind,
		cloudapis.CloudProviderPolicyVersionKind,
		string(cloudsupport.TypeApiServerInfo),
	}
)
View Source 
var BuildNumber string
View Source 
var Client string
View Source 
var ErrWarnNotSupportedByBuild = errors.New(`git commits retrieval not supported by this build. Build with tag "gitenabled" to enable the full git scan feature`)
View Source 
var LatestReleaseVersion string

Functions

func AdoptClusterName 

func AdoptClusterName(clusterName string) string

func BoldDisplay added in v2.9.0 

func BoldDisplay(w io.Writer, format string, a ...interface{})

func ConfigFileFullPath 

func ConfigFileFullPath() string

func ConvertLabelsToString 

func ConvertLabelsToString(labels map[string]string) string

func ConvertStringToLabels 

func ConvertStringToLabels(labelsStr string) map[string]string

ConvertStringToLabels convert a string "a=b;c=d" to map: {"a":"b", "c":"d"}

func DeleteConfigFile 

func DeleteConfigFile() error

func DescriptionDisplay 

func DescriptionDisplay(w io.Writer, format string, a ...interface{})

func ExecName 

func ExecName() string

ExecName returns the correct name to use in examples depending on how kubescape is invoked

func FailureDisplay 

func FailureDisplay(w io.Writer, format string, a ...interface{})

func FailureTextDisplay 

func FailureTextDisplay(w io.Writer, format string, a ...interface{})

func Float16ToInt 

func Float16ToInt(x float32) int

Float16ToInt convert float16 to int

func Float32ToInt 

func Float32ToInt(x float32) int

Float32ToInt convert float32 to int

func Float64ToInt 

func Float64ToInt(x float64) int

Float64ToInt convert float64 to int

func GetConfigMapNamespace added in v2.3.7 

func GetConfigMapNamespace() string

GetConfigMapNamespace returns the namespace of the cluster config, which is the same for all in-cluster components 

func GetControlLink(controlID string) string

func GetKustomizeDirectoryName 

func GetKustomizeDirectoryName(path string) string

func GetScanningScope added in v2.9.0 

func GetScanningScope(scanInfo *ScanInfo) reporthandling.ScanningScopeType

func InfoDisplay 

func InfoDisplay(w io.Writer, format string, a ...interface{})

func InfoTextDisplay 

func InfoTextDisplay(w io.Writer, format string, a ...interface{})

func IsDir 

func IsDir(name string) bool

IsDir checks if a given path is a directory

func IsFile 

func IsFile(name string) bool

IsFile checks if a given path is a file

func IsHelmDirectory 

func IsHelmDirectory(path string) (bool, error)

func IsJson 

func IsJson(filePath string) bool

func IsKrewPlugin 

func IsKrewPlugin() bool

func IsKustomizeDirectory 

func IsKustomizeDirectory(path string) bool

func IsKustomizeFile 

func IsKustomizeFile(path string) bool

Used for checking if the path is Kustomization file.

func IsYaml 

func IsYaml(filePath string) bool

func LoadResourcesFromFiles 

func LoadResourcesFromFiles(ctx context.Context, input, rootPath string) map[string][]workloadinterface.IMetadata

func LoadResourcesFromHelmCharts 

func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, map[string]Chart)

LoadResourcesFromHelmCharts scans a given path (recursively) for helm charts, renders the templates and returns a map of workloads and a map of chart names

func LoadResourcesFromKustomizeDirectory 

func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, string)

If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will generate yaml files using "Kustomize" & renders a map of workloads from those yaml files

func MapCloudResources 

func MapCloudResources(externalResourceMap ExternalResources) []string

func MapExternalResource added in v2.9.0 

func MapExternalResource(externalResourceMap ExternalResources, resources []string) []string

func MapHostResources 

func MapHostResources(externalResourceMap ExternalResources) []string

func MapImageVulnResources 

func MapImageVulnResources(externalResourceMap ExternalResources) []string

func ParseBoolEnvVar added in v2.9.2 

func ParseBoolEnvVar(varName string, defaultValue bool) (bool, error)

func ParseIntEnvVar added in v2.3.8 

func ParseIntEnvVar(varName string, defaultValue int) (int, error)

func PrettyJson 

func PrettyJson(data interface{}) ([]byte, error)

func ReadFile 

func ReadFile(fileContent []byte, fileFormat FileFormat) ([]workloadinterface.IMetadata, error)

func ReportV2ToV1 

func ReportV2ToV1(opaSessionObj *OPASessionObj) *reporthandling.PostureReport

func ScanningContextToScanningScope 

func ScanningContextToScanningScope(scanningContext ScanningContext) string

ScanningContextToScanningScope convert the context to the deprecated scope

func SetInfoMapForResources 

func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)

func SimpleDisplay 

func SimpleDisplay(w io.Writer, format string, a ...interface{})

func StartSpinner 

func StartSpinner()

func StopSpinner 

func StopSpinner()

func StringSlicesAreEqual added in v2.3.8 

func StringSlicesAreEqual(a, b []string) bool

func SuccessDisplay 

func SuccessDisplay(w io.Writer, format string, a ...interface{})

func ValidateAccountID added in v2.9.1 

func ValidateAccountID(accountID string) error

To check if the provided account ID is valid

func WarningDisplay 

func WarningDisplay(w io.Writer, format string, a ...interface{})

Types

type BoolPtrFlag 

type BoolPtrFlag struct {
	// contains filtered or unexported fields
}

func NewBoolPtr 

func NewBoolPtr(b *bool) BoolPtrFlag

func (*BoolPtrFlag) Get 

func (bpf *BoolPtrFlag) Get() *bool

func (*BoolPtrFlag) GetBool 

func (bpf *BoolPtrFlag) GetBool() bool

func (*BoolPtrFlag) Set 

func (bpf *BoolPtrFlag) Set(val string) error

func (*BoolPtrFlag) SetBool 

func (bpf *BoolPtrFlag) SetBool(val bool)

func (*BoolPtrFlag) String 

func (bpf *BoolPtrFlag) String() string

func (*BoolPtrFlag) Type 

func (bpf *BoolPtrFlag) Type() string

type Chart added in v2.9.0 

type Chart struct {
	Name string
	Path string
}

type CloudURLs 

type CloudURLs struct {
	CloudReportURL string
	CloudAPIURL    string
}

type ClusterConfig 

type ClusterConfig struct {
	// contains filtered or unexported fields
}

func NewClusterConfig 

func NewClusterConfig(k8s *k8sinterface.KubernetesApi, accountID, clusterName string, customClusterName string) *ClusterConfig

func (*ClusterConfig) DeleteAccountID added in v2.9.1 

func (c *ClusterConfig) DeleteAccountID() error

func (*ClusterConfig) DeleteCachedConfig 

func (c *ClusterConfig) DeleteCachedConfig(ctx context.Context) error

func (*ClusterConfig) GenerateAccountID added in v2.9.1 

func (c *ClusterConfig) GenerateAccountID() (string, error)

func (*ClusterConfig) GetAccountID 

func (c *ClusterConfig) GetAccountID() string

func (*ClusterConfig) GetCloudAPIURL 

func (c *ClusterConfig) GetCloudAPIURL() string

func (*ClusterConfig) GetCloudReportURL 

func (c *ClusterConfig) GetCloudReportURL() string

func (*ClusterConfig) GetConfigObj 

func (c *ClusterConfig) GetConfigObj() *ConfigObj

func (*ClusterConfig) GetContextName 

func (c *ClusterConfig) GetContextName() string

func (*ClusterConfig) GetDefaultNS 

func (c *ClusterConfig) GetDefaultNS() string

func (*ClusterConfig) IsStorageEnabled added in v2.9.2 

func (c *ClusterConfig) IsStorageEnabled() bool

func (*ClusterConfig) ToMapString 

func (c *ClusterConfig) ToMapString() map[string]interface{}

func (*ClusterConfig) UpdateCachedConfig 

func (c *ClusterConfig) UpdateCachedConfig() error

type ComponentConfig 

type ComponentConfig struct {
	Exceptions Exception `json:"exceptions"`
}

type ConfigObj 

type ConfigObj struct {
	AccountID      string `json:"accountID,omitempty"`
	ClusterName    string `json:"clusterName,omitempty"`
	CloudReportURL string `json:"cloudReportURL,omitempty"`
	CloudAPIURL    string `json:"cloudAPIURL,omitempty"`
	StorageEnabled bool   `json:"storageEnabled,omitempty"`
}

func (*ConfigObj) Config 

func (co *ConfigObj) Config() []byte

Config - convert ConfigObj to config file

type ConfigScanInfo added in v2.9.2 

type ConfigScanInfo struct {
	ExcludedNamespaces []string
	IncludedNamespaces []string
	HostScanner        bool
	Frameworks         []string // Load frameworks for config scan
}

func (*ConfigScanInfo) GetRequestPayload added in v2.9.2 

func (c *ConfigScanInfo) GetRequestPayload() *apis.Commands

func (*ConfigScanInfo) ValidatePayload added in v2.9.2 

func (c *ConfigScanInfo) ValidatePayload(commands *apis.Commands) error

type EnvScopeTypes added in v2.9.0 

type EnvScopeTypes string

type Exception 

type Exception struct {
	Ignore        *bool                      `json:"ignore"`        // ignore test results
	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
	Namespaces    []string                   `json:"namespaces"`
	Regex         string                     `json:"regex"` // not supported
}

type ExternalResources added in v2.9.0 

type ExternalResources map[string][]string

type FileFormat 

type FileFormat string
const (
	YAML_FILE_FORMAT FileFormat = "yaml"
	JSON_FILE_FORMAT FileFormat = "json"
)

func GetFileFormat 

func GetFileFormat(filePath string) FileFormat

type Getters 

type Getters struct {
	ExceptionsGetter     getter.IExceptionsGetter
	ControlsInputsGetter getter.IControlsInputsGetter
	PolicyGetter         getter.IPolicyGetter
	AttackTracksGetter   getter.IAttackTracksGetter
}

type HelmChart 

type HelmChart struct {
	// contains filtered or unexported fields
}

func NewHelmChart 

func NewHelmChart(path string) (*HelmChart, error)

func (*HelmChart) GetDefaultValues 

func (hc *HelmChart) GetDefaultValues() map[string]interface{}

func (*HelmChart) GetName 

func (hc *HelmChart) GetName() string

func (*HelmChart) GetWorkloads 

func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error)

GetWorkloads renders chart template using the provided values and returns a map of source (absolute) file path to its workloads

func (*HelmChart) GetWorkloadsWithDefaultValues 

func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error)

GetWorkloads renders chart template using the default values and returns a map of source file to its workloads

type ITenantConfig 

type ITenantConfig interface {
	UpdateCachedConfig() error
	DeleteCachedConfig(ctx context.Context) error
	GenerateAccountID() (string, error)
	DeleteAccountID() error

	// getters
	GetContextName() string
	GetAccountID() string
	GetConfigObj() *ConfigObj
	GetCloudReportURL() string
	GetCloudAPIURL() string
	IsStorageEnabled() bool
}

====================================================================================== =============================== interface ============================================ ======================================================================================

func GetTenantConfig added in v2.9.1 

func GetTenantConfig(accountID, clusterName, customClusterName string, k8s *k8sinterface.KubernetesApi) ITenantConfig

type IVersionCheckHandler 

type IVersionCheckHandler interface {
	CheckLatestVersion(context.Context, *VersionCheckRequest) error
}

func NewIVersionCheckHandler 

func NewIVersionCheckHandler(ctx context.Context) IVersionCheckHandler

type ImageScanData added in v2.9.0 

type ImageScanData struct {
	PresenterConfig *models.PresenterConfig
	Image           string
}

type K8SResources 

type K8SResources map[string][]string

K8SResources map[<api group>/<api version>/<resource>][]<resourceID>

type KustomizeDirectory 

type KustomizeDirectory struct {
	// contains filtered or unexported fields
}

func NewKustomizeDirectory 

func NewKustomizeDirectory(path string) *KustomizeDirectory

func (*KustomizeDirectory) GetWorkloads 

func (kd *KustomizeDirectory) GetWorkloads(kustomizeDirectoryPath string) (map[string][]workloadinterface.IMetadata, []error)

Get Workloads, creates the yaml files(K8s resources) using Kustomize and renders the workloads from the yaml files (k8s resources)

type LocalConfig 

type LocalConfig struct {
	// contains filtered or unexported fields
}

func NewLocalConfig 

func NewLocalConfig(accountID, clusterName string, customClusterName string) *LocalConfig

func (*LocalConfig) DeleteAccountID added in v2.9.1 

func (lc *LocalConfig) DeleteAccountID() error

func (*LocalConfig) DeleteCachedConfig 

func (lc *LocalConfig) DeleteCachedConfig(ctx context.Context) error

func (*LocalConfig) GenerateAccountID added in v2.9.1 

func (lc *LocalConfig) GenerateAccountID() (string, error)

func (*LocalConfig) GetAccountID 

func (lc *LocalConfig) GetAccountID() string

func (*LocalConfig) GetCloudAPIURL 

func (lc *LocalConfig) GetCloudAPIURL() string

func (*LocalConfig) GetCloudReportURL 

func (lc *LocalConfig) GetCloudReportURL() string

func (*LocalConfig) GetConfigObj 

func (lc *LocalConfig) GetConfigObj() *ConfigObj

func (*LocalConfig) GetContextName 

func (lc *LocalConfig) GetContextName() string

func (*LocalConfig) IsStorageEnabled added in v2.9.2 

func (lc *LocalConfig) IsStorageEnabled() bool

func (*LocalConfig) UpdateCachedConfig 

func (lc *LocalConfig) UpdateCachedConfig() error

type LocalGitRepository 

type LocalGitRepository struct {
	// contains filtered or unexported fields
}

func NewLocalGitRepository 

func NewLocalGitRepository(path string) (*LocalGitRepository, error)

func (*LocalGitRepository) GetBranchName 

func (g *LocalGitRepository) GetBranchName() string

GetBranchName get current branch name

func (LocalGitRepository) GetFileLastCommit 

func (g LocalGitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error)

func (*LocalGitRepository) GetLastCommit 

func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error)

GetLastCommit get latest commit object

func (*LocalGitRepository) GetName 

func (g *LocalGitRepository) GetName() (string, error)

GetName get origin name without the .git suffix

func (*LocalGitRepository) GetRemoteUrl 

func (g *LocalGitRepository) GetRemoteUrl() (string, error)

GetRemoteUrl get default remote URL

func (*LocalGitRepository) GetRootDir 

func (g *LocalGitRepository) GetRootDir() (string, error)

type ManageClusterTypes added in v2.9.0 

type ManageClusterTypes string

type OPASessionObj 

type OPASessionObj struct {
	K8SResources          K8SResources                                  // input k8s objects
	ExternalResources     ExternalResources                             // input non-k8s objects (external resources)
	AllPolicies           *Policies                                     // list of all frameworks
	ExcludedRules         map[string]bool                               // rules to exclude map[rule name>]X
	AllResources          map[string]workloadinterface.IMetadata        // all scanned resources, map[<resource ID>]<resource>
	ResourcesResult       map[string]resourcesresults.Result            // resources scan results, map[<resource ID>]<resource result>
	ResourceSource        map[string]reporthandling.Source              // resources sources, map[<resource ID>]<resource result>
	ResourcesPrioritized  map[string]prioritization.PrioritizedResource // resources prioritization information, map[<resource ID>]<prioritized resource>
	ResourceAttackTracks  map[string]v1alpha1.IAttackTrack              // resources attack tracks, map[<resource ID>]<attack track>
	AttackTracks          map[string]v1alpha1.IAttackTrack
	Report                *reporthandlingv2.PostureReport // scan results v2 - Remove
	RegoInputData         RegoInputData                   // input passed to rego for scanning. map[<control name>][<input arguments>]
	Metadata              *reporthandlingv2.Metadata
	InfoMap               map[string]apis.StatusInfo         // Map errors of resources to StatusInfo
	ResourceToControlsMap map[string][]string                // map[<apigroup/apiversion/resource>] = [<control_IDs>]
	SessionID             string                             // SessionID
	Policies              []reporthandling.Framework         // list of frameworks to scan
	Exceptions            []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results
	OmitRawResources      bool                               // omit raw resources from output
	SingleResourceScan    workloadinterface.IWorkload        // single resource scan
	TopWorkloadsByScore   []reporthandling.IResource
}

func NewOPASessionObj 

func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework, k8sResources K8SResources, scanInfo *ScanInfo) *OPASessionObj

func NewOPASessionObjMock 

func NewOPASessionObjMock() *OPASessionObj

func (*OPASessionObj) SetMapNamespaceToNumberOfResources 

func (sessionObj *OPASessionObj) SetMapNamespaceToNumberOfResources(mapNamespaceToNumberOfResources map[string]int)

func (*OPASessionObj) SetNumberOfWorkerNodes 

func (sessionObj *OPASessionObj) SetNumberOfWorkerNodes(n int)

func (*OPASessionObj) SetTopWorkloads added in v2.9.0 

func (sessionObj *OPASessionObj) SetTopWorkloads()

SetTopWorkloads sets the top workloads by score

type OperatorConnector added in v2.9.2 

type OperatorConnector interface {
	StartPortForwarder() error
	StopPortForwarder()
	GetPortForwardLocalhost() string
}

func CreatePortForwarder added in v2.9.2 

func CreatePortForwarder(k8sClient *k8sinterface.KubernetesApi, pod *v1.Pod, forwardingPort, namespace string) (OperatorConnector, error)

type OperatorInfo added in v2.9.2 

type OperatorInfo struct {
	Subcommands []OperatorSubCommand
	OperatorScanInfo
}

type OperatorScanInfo added in v2.9.2 

type OperatorScanInfo interface {
	GetRequestPayload() *apis.Commands
	ValidatePayload(*apis.Commands) error
}

type OperatorSubCommand added in v2.9.2 

type OperatorSubCommand string

type Policies 

type Policies struct {
	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
	Frameworks []string
}

func NewPolicies 

func NewPolicies() *Policies

func (*Policies) Set 

func (policies *Policies) Set(frameworks []reporthandling.Framework, version string, excludedRules map[string]bool, scanningScope reporthandling.ScanningScopeType)

type PolicyIdentifier 

type PolicyIdentifier struct {
	Identifier string                        // policy Identifier e.g. c-0012 for control, nsa,mitre for frameworks
	Kind       apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule
}

type ProgressHandler added in v2.1.0 

type ProgressHandler struct {
	// contains filtered or unexported fields
}

func NewProgressHandler added in v2.1.0 

func NewProgressHandler(title string) *ProgressHandler

func (*ProgressHandler) ProgressJob added in v2.1.0 

func (p *ProgressHandler) ProgressJob(step int, message string)

func (*ProgressHandler) Start added in v2.1.0 

func (p *ProgressHandler) Start(allSteps int)

func (*ProgressHandler) Stop added in v2.1.0 

func (p *ProgressHandler) Stop()

type RBACObjects 

type RBACObjects struct {
	// contains filtered or unexported fields
}

func NewRBACObjects 

func NewRBACObjects(scanner *rbacscanner.RbacScannerFromK8sAPI) *RBACObjects

func (*RBACObjects) ListAllResources 

func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface.IMetadata, error)

func (*RBACObjects) SetResourcesReport 

func (rbacObjects *RBACObjects) SetResourcesReport() (*reporthandlingv2.PostureReport, error)

type RegoInputData 

type RegoInputData struct {
	PostureControlInputs map[string][]string `json:"postureControlInputs"`
	DataControlInputs    map[string]string   `json:"dataControlInputs"`
}

type RootInfo 

type RootInfo struct {
	Logger             string // logger level
	LoggerName         string // logger name ("pretty"/"zap"/"none")
	CacheDir           string // cached dir
	DisableColor       bool   // Disable Color
	EnableColor        bool   // Force enable Color
	DiscoveryServerURL string // Discovery Server URL  (See https://github.com/kubescape/backend/tree/main/pkg/servicediscovery)
	KubeContext        string //  context name
}

type ScanInfo 

type ScanInfo struct {
	Getters                                            // TODO - remove from object
	PolicyIdentifier      []PolicyIdentifier           // TODO - remove from object
	UseExceptions         string                       // Load file with exceptions configuration
	ControlsInputs        string                       // Load file with inputs for controls
	AttackTracks          string                       // Load file with attack tracks
	UseFrom               []string                     // Load framework from local file (instead of download). Use when running offline
	UseDefault            bool                         // Load framework from cached file (instead of download). Use when running offline
	UseArtifactsFrom      string                       // Load artifacts from local path. Use when running offline
	VerboseMode           bool                         // Display all of the input resources and not only failed resources
	View                  string                       // Display all of the input resources and not only failed resources
	Format                string                       // Format results (table, json, junit ...)
	Output                string                       // Store results in an output file, Output file name
	FormatVersion         string                       // Output object can be different between versions, this is for testing and backward compatibility
	CustomClusterName     string                       // Set the custom name of the cluster
	ExcludedNamespaces    string                       // used for host scanner namespace
	IncludeNamespaces     string                       //
	InputPatterns         []string                     // Yaml files input patterns
	Silent                bool                         // Silent mode - Do not print progress logs
	FailThreshold         float32                      // DEPRECATED - Failure score threshold
	ComplianceThreshold   float32                      // Compliance score threshold
	FailThresholdSeverity string                       // Severity at and above which the command should fail
	Submit                bool                         // Submit results to Kubescape Cloud BE
	ScanID                string                       // Report id of the current scan
	HostSensorEnabled     BoolPtrFlag                  // Deploy Kubescape K8s host scanner to collect data from certain controls
	HostSensorYamlPath    string                       // Path to hostsensor file
	Local                 bool                         // Do not submit results
	AccountID             string                       // account ID
	FrameworkScan         bool                         // false if scanning control
	ScanAll               bool                         // true if scan all frameworks
	OmitRawResources      bool                         // true if omit raw resources from the output
	PrintAttackTree       bool                         // true if print attack tree
	ScanObject            *objectsenvelopes.ScanObject // identifies a single resource (k8s object) to be scanned
	IsDeletedScanObject   bool                         // indicates whether the ScanObject is a deleted K8S resource
	ScanType              ScanTypes
	ScanImages            bool
	ChartPath             string
	FilePath              string
}

func (*ScanInfo) Formats 

func (scanInfo *ScanInfo) Formats() []string

Formats returns a slice of output formats that have been requested for a given scan

func (*ScanInfo) GetScanningContext 

func (scanInfo *ScanInfo) GetScanningContext() ScanningContext

func (*ScanInfo) Init 

func (scanInfo *ScanInfo) Init(ctx context.Context)

func (*ScanInfo) SetPolicyIdentifiers 

func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind)

func (*ScanInfo) SetScanType added in v2.9.0 

func (scanInfo *ScanInfo) SetScanType(scanType ScanTypes)

type ScanTypes added in v2.9.0 

type ScanTypes string
const (
	TopWorkloadsNumber           = 5
	ScanTypeCluster    ScanTypes = "cluster"
	ScanTypeRepo       ScanTypes = "repo"
	ScanTypeImage      ScanTypes = "image"
	ScanTypeWorkload   ScanTypes = "workload"
	ScanTypeFramework  ScanTypes = "framework"
	ScanTypeControl    ScanTypes = "control"
)

type ScanningContext 

type ScanningContext string
const (
	ContextCluster  ScanningContext = "cluster"
	ContextFile     ScanningContext = "single-file"
	ContextDir      ScanningContext = "local-dir"
	ContextGitURL   ScanningContext = "git-url"
	ContextGitLocal ScanningContext = "git-local"
)

func GetScanningContext 

func GetScanningContext(input string) ScanningContext

GetScanningContext get scanning context from the input param

type VersionCheckHandler 

type VersionCheckHandler struct {
	// contains filtered or unexported fields
}

func NewVersionCheckHandler 

func NewVersionCheckHandler() *VersionCheckHandler

func (*VersionCheckHandler) CheckLatestVersion 

func (v *VersionCheckHandler) CheckLatestVersion(ctx context.Context, versionData *VersionCheckRequest) error

type VersionCheckHandlerMock 

type VersionCheckHandlerMock struct {
}

func NewVersionCheckHandlerMock 

func NewVersionCheckHandlerMock() *VersionCheckHandlerMock

func (*VersionCheckHandlerMock) CheckLatestVersion 

func (v *VersionCheckHandlerMock) CheckLatestVersion(_ context.Context, _ *VersionCheckRequest) error

type VersionCheckRequest 

type VersionCheckRequest struct {
	Client           string `json:"client"`           // kubescape
	ClientBuild      string `json:"clientBuild"`      // client build environment
	ClientVersion    string `json:"clientVersion"`    // kubescape version
	Framework        string `json:"framework"`        // framework name
	FrameworkVersion string `json:"frameworkVersion"` // framework version
	ScanningTarget   string `json:"target"`           // Deprecated
	ScanningContext  string `json:"context"`          // scanning context- cluster/file/gitURL/localGit/dir
}

func NewVersionCheckRequest 

func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanningTarget string) *VersionCheckRequest

type VersionCheckResponse 

type VersionCheckResponse struct {
	Client          string `json:"client"`          // kubescape
	ClientUpdate    string `json:"clientUpdate"`    // kubescape latest version
	Framework       string `json:"framework"`       // framework name
	FrameworkUpdate string `json:"frameworkUpdate"` // framework latest version
	Message         string `json:"message"`         // alert message
}

type ViewTypes 

type ViewTypes string

TODO - UPDATE 

const (
	ResourceViewType ViewTypes = "resource"
	SecurityViewType ViewTypes = "security"
	ControlViewType  ViewTypes = "control"
)

type VulnerabilitiesScanInfo added in v2.9.2 

type VulnerabilitiesScanInfo struct {
	IncludeNamespaces []string
	ClusterName       string
}

func (*VulnerabilitiesScanInfo) GetRequestPayload added in v2.9.2 

func (v *VulnerabilitiesScanInfo) GetRequestPayload() *apis.Commands

func (*VulnerabilitiesScanInfo) ValidatePayload added in v2.9.2 

func (v *VulnerabilitiesScanInfo) ValidatePayload(commands *apis.Commands) error

Source Files

View all Source files

Directories

Path Synopsis
Package getter provides functionality to retrieve policy objects.
 Package getter provides functionality to retrieve policy objects.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.