vulnerability

package
v0.13.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 7, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrorUnauthorised is a typed error for unauthorised requests
	ErrorUnauthorised = errors.New("unauthorised")
)

Functions

This section is empty.

Types

type DefaultScannerFactory

type DefaultScannerFactory struct{}

DefaultScannerFactory is the defaul implementation of ScannerFactory

func NewScannerFactory

func NewScannerFactory() DefaultScannerFactory

NewScannerFactory returns a new DefaultScannerFactory

func (*DefaultScannerFactory) GetScanners

func (f *DefaultScannerFactory) GetScanners(img image.Reference, credentials credential.Credentials, policy policyv1.Policy) (scanners []Scanner)

GetScanners returns a slice of suitable Scanners based on the provided policy

type HTTPClient

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

HTTPClient makes testing ICCRVAScanner simpler

type ICCRVAScanner

type ICCRVAScanner struct {
	Timeout       int64
	AccountHeader string
	// contains filtered or unexported fields
}

ICCRVAScanner is a client wrapper for interacting with Vulnerability Advisor for IBM Cloud Container Registry API

func NewIBMVulnerabilityAdvisorScanner

func NewIBMVulnerabilityAdvisorScanner(credentials credential.Credentials, account string) *ICCRVAScanner

NewIBMVulnerabilityAdvisorScanner returns a new client for IBM's Vulnerability Advisor

func (*ICCRVAScanner) CanImageDeployBasedOnVulnerabilities

func (s *ICCRVAScanner) CanImageDeployBasedOnVulnerabilities(image image.Reference) (scan ScanResponse, err error)

CanImageDeployBasedOnVulnerabilities is an implementation of the Scanner interface for Vulnerability Advisor for IBM Cloud Container Registry

type ICCRVASummary

type ICCRVASummary struct {
	Status                        string `json:"status" description:"Overall vulnerability assessment status from: OK, WARN, BLOCK, UNSUPPORTED, INCOMPLETE, UNSCANNED"`
	ScanTime                      int64  `json:"scan_time" description:"The scan time of the report as a UNIX timestamp"`
	IssueCount                    int    `json:"issue_count" description:"The number of issues found"`
	ExemptIssueCount              int    `json:"exempt_issue_count" description:"The number of exempt issues found"`
	VulnerabilityCount            int    `json:"vulnerability_count" description:"The number of vulnerability issues found"`
	ExemptVulnerabilityCount      int    `json:"exempt_vulnerability_count" description:"The number of exempt vulnerability issues found"`
	ConfigurationIssueCount       int    `json:"configuration_issue_count" description:"The number of configuration issues found"`
	ExemptConfigurationIssueCount int    `json:"exempt_configuration_issue_count" description:"The number of exempt configuration issues found"`
}

ICCRVASummary represents the summary datatype returned by the VA API

type ScanResponse

type ScanResponse struct {
	CanDeploy  bool
	DenyReason string
}

ScanResponse is a struct for vulnerability scanners to return

type Scanner

type Scanner interface {
	CanImageDeployBasedOnVulnerabilities(image.Reference) (ScanResponse, error)
}

Scanner is an interface for vulnerability scanner implementations

type ScannerFactory

type ScannerFactory interface {
	GetScanners(image.Reference, credential.Credentials, policyv1.Policy) []Scanner
}

ScannerFactory is the interface for a ScannerFactory, supports testing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL