assurance

package

v0.0.0-...-5ee5e5d Latest Latest Go to latest Published: Nov 24, 2020 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BryanKMorrow/aqua-sdk-go

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Image ¶

type Image struct {
	AssuranceType                    string        `json:"assurance_type"`
	Name                             string        `json:"name"`
	Description                      string        `json:"description,omitempty"`
	Author                           string        `json:"author"`
	Lastupdate                       time.Time     `json:"lastupdate,omitempty"`
	CvssSeverityEnabled              bool          `json:"cvss_severity_enabled,omitempty"`
	CvssSeverity                     string        `json:"cvss_severity,omitempty"`
	CvssSeverityExcludeNoFix         bool          `json:"cvss_severity_exclude_no_fix,omitempty"`
	MaximumScoreEnabled              bool          `json:"maximum_score_enabled,omitempty"`
	MaximumScore                     int           `json:"maximum_score,omitempty"`
	MaximumScoreExcludeNoFix         bool          `json:"maximum_score_exclude_no_fix,omitempty"`
	CustomChecksEnabled              bool          `json:"custom_checks_enabled,omitempty"`
	ScapEnabled                      bool          `json:"scap_enabled,omitempty"`
	CvesBlackListEnabled             bool          `json:"cves_black_list_enabled,omitempty"`
	CvesWhiteListEnabled             bool          `json:"cves_white_list_enabled,omitempty"`
	PackagesBlackListEnabled         bool          `json:"packages_black_list_enabled,omitempty"`
	PackagesWhiteListEnabled         bool          `json:"packages_white_list_enabled,omitempty"`
	OnlyNoneRootUsers                bool          `json:"only_none_root_users,omitempty"`
	TrustedBaseImagesEnabled         bool          `json:"trusted_base_images_enabled,omitempty"`
	ScanSensitiveData                bool          `json:"scan_sensitive_data,omitempty"`
	AuditOnFailure                   bool          `json:"audit_on_failure,omitempty"`
	FailCicd                         bool          `json:"fail_cicd,omitempty"`
	BlockFailed                      bool          `json:"block_failed,omitempty"`
	DisallowMalware                  bool          `json:"disallow_malware,omitempty"`
	BlacklistedLicensesEnabled       bool          `json:"blacklisted_licenses_enabled,omitempty"`
	BlacklistedLicenses              []interface{} `json:"blacklisted_licenses,omitempty"`
	WhitelistedLicensesEnabled       bool          `json:"whitelisted_licenses_enabled,omitempty"`
	WhitelistedLicenses              []interface{} `json:"whitelisted_licenses,omitempty"`
	CustomChecks                     []Scripts     `json:"custom_checks,omitempty"`
	ScapFiles                        []Scripts     `json:"scap_files,omitempty"`
	Scope                            Scope         `json:"scope"`
	Registries                       interface{}   `json:"registries,omitempty"`
	Labels                           interface{}   `json:"labels,omitempty"`
	Images                           interface{}   `json:"images,omitempty"`
	CvesBlackList                    []string      `json:"cves_black_list,omitempty"`
	CvesWhiteList                    []string      `json:"cves_white_list,omitempty"`
	PackagesBlackList                []Package     `json:"packages_black_list,omitempty"`
	PackagesWhiteList                []Package     `json:"packages_white_list,omitempty"`
	AllowedImages                    interface{}   `json:"allowed_images,omitempty"`
	TrustedBaseImages                []ImageID     `json:"trusted_base_images,omitempty"`
	ReadOnly                         bool          `json:"read_only,omitempty"`
	ForceMicroenforcer               bool          `json:"force_microenforcer,omitempty"`
	PartialResultsImageFail          bool          `json:"partial_results_image_fail,omitempty"`
	ControlExcludeNoFix              bool          `json:"control_exclude_no_fix,omitempty"`
	IgnoreRecentlyPublishedVln       bool          `json:"ignore_recently_published_vln,omitempty"`
	IgnoreRecentlyPublishedVlnPeriod int           `json:"ignore_recently_published_vln_period,omitempty"`
	IgnoreRiskResourcesEnabled       bool          `json:"ignore_risk_resources_enabled,omitempty"`
	IgnoredRiskResources             []string      `json:"ignored_risk_resources,omitempty"`
	DockerCisEnabled                 bool          `json:"docker_cis_enabled,omitempty"`
	KubeCisEnabled                   bool          `json:"kube_cis_enabled,omitempty"`
	EnforceExcessivePermissions      bool          `json:"enforce_excessive_permissions,omitempty"`
	LinuxCisEnabled                  bool          `json:"linux_cis_enabled,omitempty"`
	OpenshiftHardeningEnabled        bool          `json:"openshift_hardening_enabled,omitempty"`
	FunctionIntegrityEnabled         bool          `json:"function_integrity_enabled,omitempty"`
}

Image returns a single image struct

type ImageID ¶

type ImageID struct {
	ID          int64  `json:"imageID,omitempty"`
	ImageDigest string `json:"imageDigest,omitempty"`
	ImageName   string `json:"imagename"`
	Author      string `json:"author"`
	Registry    string `json:"registry"`
	LastUpdated int64  `json:"lastupdated,omitempty"`
}

type Images ¶

type Images struct {
	Count    int     `json:"count"`
	Page     int     `json:"page"`
	Pagesize int     `json:"pagesize"`
	Result   []Image `json:"result"`
}

Images - Assurance Policy list from v2/image_assurance

type Package ¶

type Package struct {
	Format       string `json:"format"`
	Name         string `json:"name"`
	Epoch        string `json:"epoch"`
	Version      string `json:"version"`
	VersionRange string `json:"version_range"`
	Release      string `json:"release"`
	Arch         string `json:"arch"`
	License      string `json:"license"`
}

Package is used for the package_black_list and package_white_list

type PermissionList ¶

type PermissionList struct {
	WhitelistedImages []struct {
		ImageName   string `json:"image_name"`
		Author      string `json:"author"`
		Registry    string `json:"registry"`
		Lastupdated int    `json:"lastupdated"`
		Whitelisted bool   `json:"whitelisted"`
		Blacklisted bool   `json:"blacklisted"`
		Disallowed  bool   `json:"disallowed"`
		Comment     string `json:"comment"`
		Reason      struct {
		} `json:"reason"`
		Pending bool `json:"pending"`
	} `json:"whitelisted_images"`
	BlacklistedImages []struct {
		ImageName   string `json:"image_name"`
		Author      string `json:"author"`
		Registry    string `json:"registry"`
		Lastupdated int    `json:"lastupdated"`
		Whitelisted bool   `json:"whitelisted"`
		Blacklisted bool   `json:"blacklisted"`
		Disallowed  bool   `json:"disallowed"`
		Comment     string `json:"comment"`
		Reason      struct {
		} `json:"reason"`
		Pending bool `json:"pending"`
	} `json:"blacklisted_images"`
}

PermissionList lists globally whitelisted and blacklisted images

type Policies ¶

type Policies struct {
	Count    int `json:"count"`
	Page     int `json:"page"`
	Pagesize int `json:"pagesize"`
	Result   []struct {
		AssuranceType              string      `json:"assurance_type"`
		Name                       string      `json:"name"`
		Description                string      `json:"description"`
		Author                     string      `json:"author"`
		Lastupdate                 time.Time   `json:"lastupdate"`
		CvssSeverityEnabled        bool        `json:"cvss_severity_enabled"`
		CvssSeverity               string      `json:"cvss_severity"`
		CvssSeverityExcludeNoFix   bool        `json:"cvss_severity_exclude_no_fix"`
		MaximumScoreEnabled        bool        `json:"maximum_score_enabled"`
		MaximumScore               int         `json:"maximum_score"`
		MaximumScoreExcludeNoFix   bool        `json:"maximum_score_exclude_no_fix"`
		CustomChecksEnabled        bool        `json:"custom_checks_enabled"`
		ScapEnabled                bool        `json:"scap_enabled"`
		CvesBlackListEnabled       bool        `json:"cves_black_list_enabled"`
		CvesWhiteListEnabled       bool        `json:"cves_white_list_enabled"`
		PackagesBlackListEnabled   bool        `json:"packages_black_list_enabled"`
		PackagesWhiteListEnabled   bool        `json:"packages_white_list_enabled"`
		OnlyNoneRootUsers          bool        `json:"only_none_root_users"`
		TrustedBaseImagesEnabled   bool        `json:"trusted_base_images_enabled"`
		ScanSensitiveData          bool        `json:"scan_sensitive_data"`
		AuditOnFailure             bool        `json:"audit_on_failure"`
		FailCicd                   bool        `json:"fail_cicd"`
		BlockFailed                bool        `json:"block_failed"`
		DisallowMalware            bool        `json:"disallow_malware"`
		BlacklistedLicensesEnabled bool        `json:"blacklisted_licenses_enabled"`
		BlacklistedLicenses        interface{} `json:"blacklisted_licenses"`
		WhitelistedLicensesEnabled bool        `json:"whitelisted_licenses_enabled"`
		WhitelistedLicenses        interface{} `json:"whitelisted_licenses"`
		CustomChecks               interface{} `json:"custom_checks"`
		ScapFiles                  interface{} `json:"scap_files"`
		Scope                      struct {
			Expression string `json:"expression"`
			Variables  []struct {
				Attribute string `json:"attribute"`
				Value     string `json:"value"`
			} `json:"variables"`
		} `json:"scope"`
		Registries                       interface{} `json:"registries"`
		Labels                           interface{} `json:"labels"`
		Images                           interface{} `json:"images"`
		CvesBlackList                    []string    `json:"cves_black_list"`
		CvesWhiteList                    []string    `json:"cves_white_list"`
		PackagesBlackList                interface{} `json:"packages_black_list"`
		PackagesWhiteList                interface{} `json:"packages_white_list"`
		AllowedImages                    interface{} `json:"allowed_images"`
		TrustedBaseImages                interface{} `json:"trusted_base_images"`
		ReadOnly                         bool        `json:"read_only"`
		ForceMicroenforcer               bool        `json:"force_microenforcer"`
		PartialResultsImageFail          bool        `json:"partial_results_image_fail"`
		ControlExcludeNoFix              bool        `json:"control_exclude_no_fix"`
		IgnoreRecentlyPublishedVln       bool        `json:"ignore_recently_published_vln"`
		IgnoreRecentlyPublishedVlnPeriod int         `json:"ignore_recently_published_vln_period"`
		IgnoreRiskResourcesEnabled       bool        `json:"ignore_risk_resources_enabled"`
		IgnoredRiskResources             []string    `json:"ignored_risk_resources"`
		DockerCisEnabled                 bool        `json:"docker_cis_enabled"`
		KubeCisEnabled                   bool        `json:"kube_cis_enabled"`
		EnforceExcessivePermissions      bool        `json:"enforce_excessive_permissions"`
		LinuxCisEnabled                  bool        `json:"linux_cis_enabled"`
		OpenshiftHardeningEnabled        bool        `json:"openshift_hardening_enabled"`
		FunctionIntegrityEnabled         bool        `json:"function_integrity_enabled"`
	} `json:"result"`
}

type Scope ¶

type Scope struct {
	Expression string          `json:"expression"` // v1 is variable 1, v2 is variable 2 etc. AND=&& OR=||
	Variables  []ScopeVariable `json:"variables"`
}

type ScopeVariable ¶

type ScopeVariable struct {
	Attribute string `json:"attribute"`
	Value     string `json:"value"`
}

type Script ¶

type Script struct {
	ScriptID     string `json:"script_id"`
	Name         string `json:"name"`
	Path         string `json:"path"`
	LastModified int    `json:"last_modified"`
	Description  string `json:"description"`
	Engine       string `json:"engine"`
	Snippet      string `json:"snippet"`
	ReadOnly     bool   `json:"read_only"`
}

Script is a single user created assurance check Just adds snippet field

type Scripts ¶

type Scripts []struct {
	ScriptID     string `json:"script_id"`
	Name         string `json:"name"`
	Path         string `json:"path"`
	LastModified int    `json:"last_modified"`
	Description  string `json:"description"`
	Engine       string `json:"engine"`
	ReadOnly     bool   `json:"read_only"`
}

Scripts are user created assurance checks

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL