scanner

package
v0.5.7-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package scanner provides an interface and primitives for implementing scanners that check Kubernetes resources for various issues, such as security vulnerabilities, misconfigurations, and best practices.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Issue

type Issue struct {
	// Scanner is the name of the scanner that discovered the issue.
	Scanner string `json:"scanner" yaml:"scanner"`
	// Severity indicates how critical the issue is, using the IssueSeverityLevel constants.
	Severity IssueSeverityLevel `json:"severity" yaml:"severity"`
	// Title is a brief summary of the issue.
	Title string `json:"title" yaml:"title"`
	// Message provides a detailed human-readable description of the issue.
	Message string `json:"message" yaml:"message"`
}

Issue represents a particular finding or problem discovered by a scanner. It encapsulates the details of the issue such as the scanner's name, its severity, and a human-readable title and message.

type IssueList

type IssueList []*Issue

IssueList is a slice of issues.

type IssueSeverityLevel

type IssueSeverityLevel int

IssueSeverityLevel represents the severity level of an issue.

const (
	Safe     IssueSeverityLevel = 0 // Safe indicates the absence of any security risk or an informational finding that does not require action.
	Low      IssueSeverityLevel = 1 // Low indicates a minor issue that should be addressed.
	Medium   IssueSeverityLevel = 2 // Medium indicates a potential issue that may have a moderate impact.
	High     IssueSeverityLevel = 3 // High indicates a serious issue that has a significant impact.
	Critical IssueSeverityLevel = 5 // Critical indicates an extremely serious issue that must be addressed immediately.
)

IssueSeverityLevel defines the severity levels for issues identified by scanners.

func (IssueSeverityLevel) MarshalJSON

func (s IssueSeverityLevel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for IssueSeverityLevel.

func (IssueSeverityLevel) String

func (s IssueSeverityLevel) String() string

String returns the string representation of the IssueSeverityLevel.

type KubeScanner

type KubeScanner interface {
	Name() string                                                                               // Name returns the name of the scanner.
	Scan(ctx context.Context, noCache bool, resources ...*storage.Resource) (ScanResult, error) // Scan accepts one or more Kubernetes resources and returns a slice of issues found.
}

KubeScanner is an interface for scanners that analyze Kubernetes resources. Each scanner should implement this interface to provide scanning functionality.

type ResourceList

type ResourceList []*storage.Resource

ResourceList is a slice of storage resources.

type ScanResult

type ScanResult interface {
	ByIssue() map[Issue]ResourceList
	ByResource() map[entity.ResourceGroupHash]IssueList
	IssueTotal() int
	MergeFrom(result ScanResult)
}

ScanResult defines the interface for the result of a scan.

Directories

Path Synopsis
Package kubeaudit wraps the kubeaudit library to provide a scanner.KubeScanner implementation for auditing Kubernetes resources against common security concerns.
Package kubeaudit wraps the kubeaudit library to provide a scanner.KubeScanner implementation for auditing Kubernetes resources against common security concerns.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL