Documentation ¶
Index ¶
- Constants
- Variables
- func AdoptClusterName(clusterName string) string
- func BoldDisplay(w io.Writer, format string, a ...interface{})
- func ConfigFileFullPath() string
- func ConvertLabelsToString(labels map[string]string) string
- func ConvertStringToLabels(labelsStr string) map[string]string
- func DeleteConfigFile() error
- func DescriptionDisplay(w io.Writer, format string, a ...interface{})
- func ExecName() string
- func FailureDisplay(w io.Writer, format string, a ...interface{})
- func FailureTextDisplay(w io.Writer, format string, a ...interface{})
- func Float16ToInt(x float32) int
- func Float32ToInt(x float32) int
- func Float64ToInt(x float64) int
- func GetConfigMapNamespace() string
- func GetControlLink(controlID string) string
- func GetKustomizeDirectoryName(path string) string
- func GetScanningScope(scanInfo *ScanInfo) reporthandling.ScanningScopeType
- func InfoDisplay(w io.Writer, format string, a ...interface{})
- func InfoTextDisplay(w io.Writer, format string, a ...interface{})
- func IsDir(name string) bool
- func IsFile(name string) bool
- func IsHelmDirectory(path string) (bool, error)
- func IsJson(filePath string) bool
- func IsKrewPlugin() bool
- func IsKustomizeDirectory(path string) bool
- func IsKustomizeFile(path string) bool
- func IsYaml(filePath string) bool
- func LoadResourcesFromFiles(ctx context.Context, input, rootPath string) map[string][]workloadinterface.IMetadata
- func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, map[string]Chart)
- func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, string)
- func MapCloudResources(externalResourceMap ExternalResources) []string
- func MapExternalResource(externalResourceMap ExternalResources, resources []string) []string
- func MapHostResources(externalResourceMap ExternalResources) []string
- func MapImageVulnResources(externalResourceMap ExternalResources) []string
- func ParseBoolEnvVar(varName string, defaultValue bool) (bool, error)
- func ParseIntEnvVar(varName string, defaultValue int) (int, error)
- func PrettyJson(data interface{}) ([]byte, error)
- func ReadFile(fileContent []byte, fileFormat FileFormat) ([]workloadinterface.IMetadata, error)
- func ReportV2ToV1(opaSessionObj *OPASessionObj) *reporthandling.PostureReport
- func ScanningContextToScanningScope(scanningContext ScanningContext) string
- func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)
- func SimpleDisplay(w io.Writer, format string, a ...interface{})
- func StartSpinner()
- func StopSpinner()
- func StringSlicesAreEqual(a, b []string) bool
- func SuccessDisplay(w io.Writer, format string, a ...interface{})
- func ValidateAccountID(accountID string) error
- func WarningDisplay(w io.Writer, format string, a ...interface{})
- type BoolPtrFlag
- type Chart
- type CloudURLs
- type ClusterConfig
- func (c *ClusterConfig) DeleteAccountID() error
- func (c *ClusterConfig) DeleteCachedConfig(ctx context.Context) error
- func (c *ClusterConfig) GenerateAccountID() (string, error)
- func (c *ClusterConfig) GetAccountID() string
- func (c *ClusterConfig) GetCloudAPIURL() string
- func (c *ClusterConfig) GetCloudReportURL() string
- func (c *ClusterConfig) GetConfigObj() *ConfigObj
- func (c *ClusterConfig) GetContextName() string
- func (c *ClusterConfig) GetDefaultNS() string
- func (c *ClusterConfig) IsStorageEnabled() bool
- func (c *ClusterConfig) ToMapString() map[string]interface{}
- func (c *ClusterConfig) UpdateCachedConfig() error
- type ComponentConfig
- type ConfigObj
- type ConfigScanInfo
- type EnvScopeTypes
- type Exception
- type ExternalResources
- type FileFormat
- type Getters
- type HelmChart
- func (hc *HelmChart) GetDefaultValues() map[string]interface{}
- func (hc *HelmChart) GetName() string
- func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error)
- func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error)
- type ITenantConfig
- type IVersionCheckHandler
- type ImageScanData
- type K8SResources
- type KustomizeDirectory
- type LocalConfig
- func (lc *LocalConfig) DeleteAccountID() error
- func (lc *LocalConfig) DeleteCachedConfig(ctx context.Context) error
- func (lc *LocalConfig) GenerateAccountID() (string, error)
- func (lc *LocalConfig) GetAccountID() string
- func (lc *LocalConfig) GetCloudAPIURL() string
- func (lc *LocalConfig) GetCloudReportURL() string
- func (lc *LocalConfig) GetConfigObj() *ConfigObj
- func (lc *LocalConfig) GetContextName() string
- func (lc *LocalConfig) IsStorageEnabled() bool
- func (lc *LocalConfig) UpdateCachedConfig() error
- type LocalGitRepository
- func (g *LocalGitRepository) GetBranchName() string
- func (g LocalGitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error)
- func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error)
- func (g *LocalGitRepository) GetName() (string, error)
- func (g *LocalGitRepository) GetRemoteUrl() (string, error)
- func (g *LocalGitRepository) GetRootDir() (string, error)
- type ManageClusterTypes
- type OPASessionObj
- type OperatorConnector
- type OperatorInfo
- type OperatorScanInfo
- type OperatorSubCommand
- type Policies
- type PolicyIdentifier
- type ProgressHandler
- type RBACObjects
- type RegoInputData
- type RootInfo
- type ScanInfo
- func (scanInfo *ScanInfo) Formats() []string
- func (scanInfo *ScanInfo) GetScanningContext() ScanningContext
- func (scanInfo *ScanInfo) Init(ctx context.Context)
- func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind)
- func (scanInfo *ScanInfo) SetScanType(scanType ScanTypes)
- type ScanTypes
- type ScanningContext
- type VersionCheckHandler
- type VersionCheckHandlerMock
- type VersionCheckRequest
- type VersionCheckResponse
- type ViewTypes
- type VulnerabilitiesScanInfo
Constants ¶
const ( ScanCommand OperatorSubCommand = "scan" ScanConfigCommand OperatorSubCommand = "config" ScanVulnerabilitiesCommand OperatorSubCommand = "vulnerabilities" KubescapeScanV1 string = "scanV1" )
const ( DefaultPortForwardPortEnv string = "DEFAULT_PORT_FORWARDER_PORT" DefaultPortForwardPortValue string = "4444" )
const ( ScopeCluster = "cluster" ScopeYAML = "yaml" )
const ( LocalExceptionsFilename string = "exceptions.json" LocalAttackTracksFilename string = "attack-tracks.json" )
const CLIENT_ENV = "KS_CLIENT"
const SKIP_VERSION_CHECK_DEPRECATED_ENV = "KUBESCAPE_SKIP_UPDATE_CHECK"
const SKIP_VERSION_CHECK_ENV = "KS_SKIP_UPDATE_CHECK"
const UnknownBuildNumber = "unknown"
Variables ¶
var ( YAML_PREFIX = []string{"yaml", "yml"} JSON_PREFIX = []string{"json"} )
var ( ImageVulnResources = []string{"ImageVulnerabilities"} HostSensorResources = []string{"KubeletConfiguration", "KubeletCommandLine", "OsReleaseFile", "KernelVersion", "LinuxSecurityHardeningStatus", "OpenPortsList", "LinuxKernelVariables", "KubeletInfo", "KubeProxyInfo", "ControlPlaneInfo", "CloudProviderInfo", "CNIInfo", } CloudResources = []string{ cloudapis.CloudProviderDescribeKind, cloudapis.CloudProviderDescribeRepositoriesKind, cloudapis.CloudProviderListEntitiesForPoliciesKind, cloudapis.CloudProviderPolicyVersionKind, string(cloudsupport.TypeApiServerInfo), } )
var BuildNumber string
var Client string
var ErrWarnNotSupportedByBuild = errors.New(`git commits retrieval not supported by this build. Build with tag "gitenabled" to enable the full git scan feature`)
var LatestReleaseVersion string
Functions ¶
func AdoptClusterName ¶
func BoldDisplay ¶ added in v2.9.0
func ConfigFileFullPath ¶
func ConfigFileFullPath() string
func ConvertLabelsToString ¶
func ConvertStringToLabels ¶
ConvertStringToLabels convert a string "a=b;c=d" to map: {"a":"b", "c":"d"}
func DeleteConfigFile ¶
func DeleteConfigFile() error
func DescriptionDisplay ¶
func ExecName ¶
func ExecName() string
ExecName returns the correct name to use in examples depending on how kubescape is invoked
func FailureDisplay ¶
func FailureTextDisplay ¶
func GetConfigMapNamespace ¶ added in v2.3.7
func GetConfigMapNamespace() string
GetConfigMapNamespace returns the namespace of the cluster config, which is the same for all in-cluster components
func GetControlLink ¶
func GetScanningScope ¶ added in v2.9.0
func GetScanningScope(scanInfo *ScanInfo) reporthandling.ScanningScopeType
func InfoDisplay ¶
func InfoTextDisplay ¶
func IsHelmDirectory ¶
func IsKrewPlugin ¶
func IsKrewPlugin() bool
func IsKustomizeDirectory ¶
func IsKustomizeFile ¶
Used for checking if the path is Kustomization file.
func LoadResourcesFromFiles ¶
func LoadResourcesFromHelmCharts ¶
func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, map[string]Chart)
LoadResourcesFromHelmCharts scans a given path (recursively) for helm charts, renders the templates and returns a map of workloads and a map of chart names
func LoadResourcesFromKustomizeDirectory ¶
func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, string)
If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will generate yaml files using "Kustomize" & renders a map of workloads from those yaml files
func MapCloudResources ¶
func MapCloudResources(externalResourceMap ExternalResources) []string
func MapExternalResource ¶ added in v2.9.0
func MapExternalResource(externalResourceMap ExternalResources, resources []string) []string
func MapHostResources ¶
func MapHostResources(externalResourceMap ExternalResources) []string
func MapImageVulnResources ¶
func MapImageVulnResources(externalResourceMap ExternalResources) []string
func ParseBoolEnvVar ¶ added in v2.9.2
func ParseIntEnvVar ¶ added in v2.3.8
func PrettyJson ¶
func ReadFile ¶
func ReadFile(fileContent []byte, fileFormat FileFormat) ([]workloadinterface.IMetadata, error)
func ReportV2ToV1 ¶
func ReportV2ToV1(opaSessionObj *OPASessionObj) *reporthandling.PostureReport
func ScanningContextToScanningScope ¶
func ScanningContextToScanningScope(scanningContext ScanningContext) string
ScanningContextToScanningScope convert the context to the deprecated scope
func SetInfoMapForResources ¶
func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo)
func SimpleDisplay ¶
func StartSpinner ¶
func StartSpinner()
func StopSpinner ¶
func StopSpinner()
func StringSlicesAreEqual ¶ added in v2.3.8
func SuccessDisplay ¶
func ValidateAccountID ¶ added in v2.9.1
To check if the provided account ID is valid
func WarningDisplay ¶
Types ¶
type BoolPtrFlag ¶
type BoolPtrFlag struct {
// contains filtered or unexported fields
}
func NewBoolPtr ¶
func NewBoolPtr(b *bool) BoolPtrFlag
func (*BoolPtrFlag) Get ¶
func (bpf *BoolPtrFlag) Get() *bool
func (*BoolPtrFlag) GetBool ¶
func (bpf *BoolPtrFlag) GetBool() bool
func (*BoolPtrFlag) Set ¶
func (bpf *BoolPtrFlag) Set(val string) error
func (*BoolPtrFlag) SetBool ¶
func (bpf *BoolPtrFlag) SetBool(val bool)
func (*BoolPtrFlag) String ¶
func (bpf *BoolPtrFlag) String() string
func (*BoolPtrFlag) Type ¶
func (bpf *BoolPtrFlag) Type() string
type ClusterConfig ¶
type ClusterConfig struct {
// contains filtered or unexported fields
}
func NewClusterConfig ¶
func NewClusterConfig(k8s *k8sinterface.KubernetesApi, accountID, clusterName string, customClusterName string) *ClusterConfig
func (*ClusterConfig) DeleteAccountID ¶ added in v2.9.1
func (c *ClusterConfig) DeleteAccountID() error
func (*ClusterConfig) DeleteCachedConfig ¶
func (c *ClusterConfig) DeleteCachedConfig(ctx context.Context) error
func (*ClusterConfig) GenerateAccountID ¶ added in v2.9.1
func (c *ClusterConfig) GenerateAccountID() (string, error)
func (*ClusterConfig) GetAccountID ¶
func (c *ClusterConfig) GetAccountID() string
func (*ClusterConfig) GetCloudAPIURL ¶
func (c *ClusterConfig) GetCloudAPIURL() string
func (*ClusterConfig) GetCloudReportURL ¶
func (c *ClusterConfig) GetCloudReportURL() string
func (*ClusterConfig) GetConfigObj ¶
func (c *ClusterConfig) GetConfigObj() *ConfigObj
func (*ClusterConfig) GetContextName ¶
func (c *ClusterConfig) GetContextName() string
func (*ClusterConfig) GetDefaultNS ¶
func (c *ClusterConfig) GetDefaultNS() string
func (*ClusterConfig) IsStorageEnabled ¶ added in v2.9.2
func (c *ClusterConfig) IsStorageEnabled() bool
func (*ClusterConfig) ToMapString ¶
func (c *ClusterConfig) ToMapString() map[string]interface{}
func (*ClusterConfig) UpdateCachedConfig ¶
func (c *ClusterConfig) UpdateCachedConfig() error
type ComponentConfig ¶
type ComponentConfig struct {
Exceptions Exception `json:"exceptions"`
}
type ConfigObj ¶
type ConfigScanInfo ¶ added in v2.9.2
type ConfigScanInfo struct { ExcludedNamespaces []string IncludedNamespaces []string HostScanner bool Frameworks []string // Load frameworks for config scan }
func (*ConfigScanInfo) GetRequestPayload ¶ added in v2.9.2
func (c *ConfigScanInfo) GetRequestPayload() *apis.Commands
func (*ConfigScanInfo) ValidatePayload ¶ added in v2.9.2
func (c *ConfigScanInfo) ValidatePayload(commands *apis.Commands) error
type EnvScopeTypes ¶ added in v2.9.0
type EnvScopeTypes string
type Exception ¶
type Exception struct { Ignore *bool `json:"ignore"` // ignore test results MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32 Namespaces []string `json:"namespaces"` Regex string `json:"regex"` // not supported }
type ExternalResources ¶ added in v2.9.0
type FileFormat ¶
type FileFormat string
const ( YAML_FILE_FORMAT FileFormat = "yaml" JSON_FILE_FORMAT FileFormat = "json" )
func GetFileFormat ¶
func GetFileFormat(filePath string) FileFormat
type Getters ¶
type Getters struct { ExceptionsGetter getter.IExceptionsGetter ControlsInputsGetter getter.IControlsInputsGetter PolicyGetter getter.IPolicyGetter AttackTracksGetter getter.IAttackTracksGetter }
type HelmChart ¶
type HelmChart struct {
// contains filtered or unexported fields
}
func NewHelmChart ¶
func (*HelmChart) GetDefaultValues ¶
func (*HelmChart) GetWorkloads ¶
func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error)
GetWorkloads renders chart template using the provided values and returns a map of source (absolute) file path to its workloads
func (*HelmChart) GetWorkloadsWithDefaultValues ¶
func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error)
GetWorkloads renders chart template using the default values and returns a map of source file to its workloads
type ITenantConfig ¶
type ITenantConfig interface { UpdateCachedConfig() error DeleteCachedConfig(ctx context.Context) error GenerateAccountID() (string, error) DeleteAccountID() error // getters GetContextName() string GetAccountID() string GetConfigObj() *ConfigObj GetCloudReportURL() string GetCloudAPIURL() string IsStorageEnabled() bool }
====================================================================================== =============================== interface ============================================ ======================================================================================
func GetTenantConfig ¶ added in v2.9.1
func GetTenantConfig(accountID, clusterName, customClusterName string, k8s *k8sinterface.KubernetesApi) ITenantConfig
type IVersionCheckHandler ¶
type IVersionCheckHandler interface {
CheckLatestVersion(context.Context, *VersionCheckRequest) error
}
func NewIVersionCheckHandler ¶
func NewIVersionCheckHandler(ctx context.Context) IVersionCheckHandler
type ImageScanData ¶ added in v2.9.0
type ImageScanData struct { PresenterConfig *models.PresenterConfig Image string }
type K8SResources ¶
K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
type KustomizeDirectory ¶
type KustomizeDirectory struct {
// contains filtered or unexported fields
}
func NewKustomizeDirectory ¶
func NewKustomizeDirectory(path string) *KustomizeDirectory
func (*KustomizeDirectory) GetWorkloads ¶
func (kd *KustomizeDirectory) GetWorkloads(kustomizeDirectoryPath string) (map[string][]workloadinterface.IMetadata, []error)
Get Workloads, creates the yaml files(K8s resources) using Kustomize and renders the workloads from the yaml files (k8s resources)
type LocalConfig ¶
type LocalConfig struct {
// contains filtered or unexported fields
}
func NewLocalConfig ¶
func NewLocalConfig(accountID, clusterName string, customClusterName string) *LocalConfig
func (*LocalConfig) DeleteAccountID ¶ added in v2.9.1
func (lc *LocalConfig) DeleteAccountID() error
func (*LocalConfig) DeleteCachedConfig ¶
func (lc *LocalConfig) DeleteCachedConfig(ctx context.Context) error
func (*LocalConfig) GenerateAccountID ¶ added in v2.9.1
func (lc *LocalConfig) GenerateAccountID() (string, error)
func (*LocalConfig) GetAccountID ¶
func (lc *LocalConfig) GetAccountID() string
func (*LocalConfig) GetCloudAPIURL ¶
func (lc *LocalConfig) GetCloudAPIURL() string
func (*LocalConfig) GetCloudReportURL ¶
func (lc *LocalConfig) GetCloudReportURL() string
func (*LocalConfig) GetConfigObj ¶
func (lc *LocalConfig) GetConfigObj() *ConfigObj
func (*LocalConfig) GetContextName ¶
func (lc *LocalConfig) GetContextName() string
func (*LocalConfig) IsStorageEnabled ¶ added in v2.9.2
func (lc *LocalConfig) IsStorageEnabled() bool
func (*LocalConfig) UpdateCachedConfig ¶
func (lc *LocalConfig) UpdateCachedConfig() error
type LocalGitRepository ¶
type LocalGitRepository struct {
// contains filtered or unexported fields
}
func NewLocalGitRepository ¶
func NewLocalGitRepository(path string) (*LocalGitRepository, error)
func (*LocalGitRepository) GetBranchName ¶
func (g *LocalGitRepository) GetBranchName() string
GetBranchName get current branch name
func (LocalGitRepository) GetFileLastCommit ¶
func (*LocalGitRepository) GetLastCommit ¶
func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error)
GetLastCommit get latest commit object
func (*LocalGitRepository) GetName ¶
func (g *LocalGitRepository) GetName() (string, error)
GetName get origin name without the .git suffix
func (*LocalGitRepository) GetRemoteUrl ¶
func (g *LocalGitRepository) GetRemoteUrl() (string, error)
GetRemoteUrl get default remote URL
func (*LocalGitRepository) GetRootDir ¶
func (g *LocalGitRepository) GetRootDir() (string, error)
type ManageClusterTypes ¶ added in v2.9.0
type ManageClusterTypes string
type OPASessionObj ¶
type OPASessionObj struct { K8SResources K8SResources // input k8s objects ExternalResources ExternalResources // input non-k8s objects (external resources) AllPolicies *Policies // list of all frameworks ExcludedRules map[string]bool // rules to exclude map[rule name>]X AllResources map[string]workloadinterface.IMetadata // all scanned resources, map[<resource ID>]<resource> ResourcesResult map[string]resourcesresults.Result // resources scan results, map[<resource ID>]<resource result> ResourceSource map[string]reporthandling.Source // resources sources, map[<resource ID>]<resource result> ResourcesPrioritized map[string]prioritization.PrioritizedResource // resources prioritization information, map[<resource ID>]<prioritized resource> ResourceAttackTracks map[string]v1alpha1.IAttackTrack // resources attack tracks, map[<resource ID>]<attack track> AttackTracks map[string]v1alpha1.IAttackTrack Report *reporthandlingv2.PostureReport // scan results v2 - Remove RegoInputData RegoInputData // input passed to rego for scanning. map[<control name>][<input arguments>] Metadata *reporthandlingv2.Metadata InfoMap map[string]apis.StatusInfo // Map errors of resources to StatusInfo ResourceToControlsMap map[string][]string // map[<apigroup/apiversion/resource>] = [<control_IDs>] SessionID string // SessionID Policies []reporthandling.Framework // list of frameworks to scan Exceptions []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results OmitRawResources bool // omit raw resources from output SingleResourceScan workloadinterface.IWorkload // single resource scan TopWorkloadsByScore []reporthandling.IResource }
func NewOPASessionObj ¶
func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework, k8sResources K8SResources, scanInfo *ScanInfo) *OPASessionObj
func NewOPASessionObjMock ¶
func NewOPASessionObjMock() *OPASessionObj
func (*OPASessionObj) SetMapNamespaceToNumberOfResources ¶
func (sessionObj *OPASessionObj) SetMapNamespaceToNumberOfResources(mapNamespaceToNumberOfResources map[string]int)
func (*OPASessionObj) SetNumberOfWorkerNodes ¶
func (sessionObj *OPASessionObj) SetNumberOfWorkerNodes(n int)
func (*OPASessionObj) SetTopWorkloads ¶ added in v2.9.0
func (sessionObj *OPASessionObj) SetTopWorkloads()
SetTopWorkloads sets the top workloads by score
type OperatorConnector ¶ added in v2.9.2
type OperatorConnector interface { StartPortForwarder() error StopPortForwarder() GetPortForwardLocalhost() string }
func CreatePortForwarder ¶ added in v2.9.2
func CreatePortForwarder(k8sClient *k8sinterface.KubernetesApi, pod *v1.Pod, forwardingPort, namespace string) (OperatorConnector, error)
type OperatorInfo ¶ added in v2.9.2
type OperatorInfo struct { Subcommands []OperatorSubCommand OperatorScanInfo }
type OperatorScanInfo ¶ added in v2.9.2
type OperatorSubCommand ¶ added in v2.9.2
type OperatorSubCommand string
type Policies ¶
type Policies struct { Controls map[string]reporthandling.Control // map[<control ID>]<control> Frameworks []string }
func NewPolicies ¶
func NewPolicies() *Policies
func (*Policies) Set ¶
func (policies *Policies) Set(frameworks []reporthandling.Framework, version string, excludedRules map[string]bool, scanningScope reporthandling.ScanningScopeType)
type PolicyIdentifier ¶
type PolicyIdentifier struct { Identifier string // policy Identifier e.g. c-0012 for control, nsa,mitre for frameworks Kind apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule }
type ProgressHandler ¶ added in v2.1.0
type ProgressHandler struct {
// contains filtered or unexported fields
}
func NewProgressHandler ¶ added in v2.1.0
func NewProgressHandler(title string) *ProgressHandler
func (*ProgressHandler) ProgressJob ¶ added in v2.1.0
func (p *ProgressHandler) ProgressJob(step int, message string)
func (*ProgressHandler) Start ¶ added in v2.1.0
func (p *ProgressHandler) Start(allSteps int)
func (*ProgressHandler) Stop ¶ added in v2.1.0
func (p *ProgressHandler) Stop()
type RBACObjects ¶
type RBACObjects struct {
// contains filtered or unexported fields
}
func NewRBACObjects ¶
func NewRBACObjects(scanner *rbacscanner.RbacScannerFromK8sAPI) *RBACObjects
func (*RBACObjects) ListAllResources ¶
func (rbacObjects *RBACObjects) ListAllResources() (map[string]workloadinterface.IMetadata, error)
func (*RBACObjects) SetResourcesReport ¶
func (rbacObjects *RBACObjects) SetResourcesReport() (*reporthandlingv2.PostureReport, error)
type RegoInputData ¶
type RootInfo ¶
type RootInfo struct { Logger string // logger level LoggerName string // logger name ("pretty"/"zap"/"none") CacheDir string // cached dir DisableColor bool // Disable Color EnableColor bool // Force enable Color DiscoveryServerURL string // Discovery Server URL (See https://github.com/kubescape/backend/tree/main/pkg/servicediscovery) KubeContext string // context name }
type ScanInfo ¶
type ScanInfo struct { Getters // TODO - remove from object PolicyIdentifier []PolicyIdentifier // TODO - remove from object UseExceptions string // Load file with exceptions configuration ControlsInputs string // Load file with inputs for controls AttackTracks string // Load file with attack tracks UseFrom []string // Load framework from local file (instead of download). Use when running offline UseDefault bool // Load framework from cached file (instead of download). Use when running offline UseArtifactsFrom string // Load artifacts from local path. Use when running offline VerboseMode bool // Display all of the input resources and not only failed resources View string // Display all of the input resources and not only failed resources Format string // Format results (table, json, junit ...) Output string // Store results in an output file, Output file name FormatVersion string // Output object can be different between versions, this is for testing and backward compatibility CustomClusterName string // Set the custom name of the cluster ExcludedNamespaces string // used for host scanner namespace IncludeNamespaces string // InputPatterns []string // Yaml files input patterns Silent bool // Silent mode - Do not print progress logs FailThreshold float32 // DEPRECATED - Failure score threshold ComplianceThreshold float32 // Compliance score threshold FailThresholdSeverity string // Severity at and above which the command should fail Submit bool // Submit results to Kubescape Cloud BE ScanID string // Report id of the current scan HostSensorEnabled BoolPtrFlag // Deploy Kubescape K8s host scanner to collect data from certain controls HostSensorYamlPath string // Path to hostsensor file Local bool // Do not submit results AccountID string // account ID FrameworkScan bool // false if scanning control ScanAll bool // true if scan all frameworks OmitRawResources bool // true if omit raw resources from the output PrintAttackTree bool // true if print attack tree ScanObject *objectsenvelopes.ScanObject // identifies a single resource (k8s object) to be scanned IsDeletedScanObject bool // indicates whether the ScanObject is a deleted K8S resource ScanType ScanTypes ScanImages bool ChartPath string FilePath string }
func (*ScanInfo) Formats ¶
Formats returns a slice of output formats that have been requested for a given scan
func (*ScanInfo) GetScanningContext ¶
func (scanInfo *ScanInfo) GetScanningContext() ScanningContext
func (*ScanInfo) SetPolicyIdentifiers ¶
func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind)
func (*ScanInfo) SetScanType ¶ added in v2.9.0
type ScanningContext ¶
type ScanningContext string
const ( ContextCluster ScanningContext = "cluster" ContextFile ScanningContext = "single-file" ContextDir ScanningContext = "local-dir" ContextGitURL ScanningContext = "git-url" ContextGitLocal ScanningContext = "git-local" )
func GetScanningContext ¶
func GetScanningContext(input string) ScanningContext
GetScanningContext get scanning context from the input param
type VersionCheckHandler ¶
type VersionCheckHandler struct {
// contains filtered or unexported fields
}
func NewVersionCheckHandler ¶
func NewVersionCheckHandler() *VersionCheckHandler
func (*VersionCheckHandler) CheckLatestVersion ¶
func (v *VersionCheckHandler) CheckLatestVersion(ctx context.Context, versionData *VersionCheckRequest) error
type VersionCheckHandlerMock ¶
type VersionCheckHandlerMock struct { }
func NewVersionCheckHandlerMock ¶
func NewVersionCheckHandlerMock() *VersionCheckHandlerMock
func (*VersionCheckHandlerMock) CheckLatestVersion ¶
func (v *VersionCheckHandlerMock) CheckLatestVersion(_ context.Context, _ *VersionCheckRequest) error
type VersionCheckRequest ¶
type VersionCheckRequest struct { Client string `json:"client"` // kubescape ClientBuild string `json:"clientBuild"` // client build environment ClientVersion string `json:"clientVersion"` // kubescape version Framework string `json:"framework"` // framework name FrameworkVersion string `json:"frameworkVersion"` // framework version ScanningTarget string `json:"target"` // Deprecated ScanningContext string `json:"context"` // scanning context- cluster/file/gitURL/localGit/dir }
func NewVersionCheckRequest ¶
func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanningTarget string) *VersionCheckRequest
type VersionCheckResponse ¶
type VersionCheckResponse struct { Client string `json:"client"` // kubescape ClientUpdate string `json:"clientUpdate"` // kubescape latest version Framework string `json:"framework"` // framework name FrameworkUpdate string `json:"frameworkUpdate"` // framework latest version Message string `json:"message"` // alert message }
type VulnerabilitiesScanInfo ¶ added in v2.9.2
func (*VulnerabilitiesScanInfo) GetRequestPayload ¶ added in v2.9.2
func (v *VulnerabilitiesScanInfo) GetRequestPayload() *apis.Commands
func (*VulnerabilitiesScanInfo) ValidatePayload ¶ added in v2.9.2
func (v *VulnerabilitiesScanInfo) ValidatePayload(commands *apis.Commands) error
Source Files ¶
- controllink.go
- customerloader.go
- datastructures.go
- datastructuresmethods.go
- display.go
- fileutils.go
- floatutils.go
- git_native_disabled.go
- helmchart.go
- jsonutils.go
- krewutils.go
- kustomizedirectory.go
- localgitrepository.go
- operatorscaninfo.go
- portforwarder.go
- rbac.go
- reportv2tov1.go
- rootinfo.go
- scaninfo.go
- strutils.go
- versioncheck.go
- workloadmappingutils.go