Documentation
¶
Index ¶
Constants ¶
View Source
const ( AdmCtrlActionAllow = iota AdmCtrlActionDeny )
View Source
const ( AuditLogPropMessage = "Message" AuditLogPropUser = "User" AuditLogPropImage = "Image" AuditLogPropImageID = "ImageID" AuditLogPropRegistry = "Registry" AuditLogPropRepository = "Repository" AuditLogPropTag = "Tag" AuditLogPropBaseOS = "BaseOS" AuditLogPropHighVulsCnt = "HighVulsCnt" AuditLogPropMedVulsCnt = "MedVulsCnt" AuditLogPropNamespace = "Namespace" AuditLogPropFirstLogAt = "FirstLogAt" AuditLogPropLastLogAt = "LastLogAt" )
View Source
const ( ReqAllowed = iota ReqDenied ReqErrored ReqIgnored )
View Source
const ( MatchedNone matchState = 0 MatchedAllow matchState = 1 MatchedDeny matchState = 2 )
Variables ¶
This section is empty.
Functions ¶
func GetAdmRuleTypeOptions ¶
func GetAdmRuleTypeOptions(ruleType string) *api.RESTAdmCatOptions
Types ¶
type AdmContainerInfo ¶
type AdmContainerInfo struct {
Name string `json:"name"`
Image string `json:"image"` // original spec.container.image value in the yaml file
ImageRegistry utils.Set `json:"image_registry"`
ImageRepo string `json:"image_repo"`
ImageTag string `json:"image_tag"`
Privileged bool `json:"privileged,omitempty"`
RunAsUser int64 `json:"run_as_user,omitempty"`
VolMounts utils.Set `json:"vol_mounts,omitempty"`
EnvVars map[string]string `json:"env_vars,omitempty"`
EnvSecrets []share.ScanSecretLog `json:"env_secrets,omitempty"`
HostNetwork bool `json:"host_network,omitempty"`
HostPID bool `json:"host_pid,omitempty"`
HostIPC bool `json:"host_ipc,omitempty"`
AllowPrivilegeEscalation bool `json:"allow_privilege_escalation,omitempty"`
CpuLimits float64 `json:"cpu_limits"`
CpuRequests float64 `json:"cpu_requests"`
MemoryLimits int64 `json:"memory_limits"`
MemoryRequests int64 `json:"memory_requests"`
}
func (AdmContainerInfo) MarshalJSON ¶
func (info AdmContainerInfo) MarshalJSON() ([]byte, error)
type AdmMatchData ¶
type AdmMatchData struct {
RootAvail bool
MatchState matchState
}
type AdmResObject ¶
type AdmResult ¶
type AdmResult struct {
MatchDeny bool
FinalDeny bool
ImageNotScanned bool
NoLogging bool
MatchFedRule bool
RuleID uint32
RuleCategory string
RuleCfgType share.TCfgType
User string
AdmRule string
Msg string
Image string // the image specified in yaml
ImageID string // starting from this field, the following fields are available when the scan result for the image is available
Registry string
Repository string
Tag string
BaseOS string
UnscannedImages string
MatchedSource string
HighVulsCnt int
MedVulsCnt int
}
type AdmUriState ¶
type JSONAdmContainerInfo ¶
type JSONAdmContainerInfo struct {
Name string `json:"name"`
Image string `json:"image"`
ImageRegistry []string `json:"image_registry"`
ImageRepo string `json:"image_repo"`
ImageTag string `json:"image_tag"`
Privileged bool `json:"privileged,omitempty"`
RunAsUser int64 `json:"run_as_user,omitempty"`
VolMounts []string `json:"vol_mounts,omitempty"`
EnvVars map[string]string `json:"env_vars,omitempty"`
HostNetwork bool `json:"host_network,omitempty"`
HostPID bool `json:"host_pid,omitempty"`
HostIPC bool `json:"host_ipc,omitempty"`
AllowPrivilegeEscalation bool `json:"allow_privilege_escalation,omitempty"`
}
type ScannedImageSummary ¶
type ScannedImageSummary struct {
ImageID string
BaseOS string
Registry string
RegName string
Digest string
Author string
ScannedAt time.Time
Result int32
HighVuls int
MedVuls int
HighVulsWithFix int
VulScore float32
VulNames utils.Set
Scanned bool
Signed bool
RunAsRoot bool
EnvVars map[string]string
Labels map[string]string
HighVulInfo map[string]share.CLUSScannedVulInfo // key is vul name
MediumVulInfo map[string]share.CLUSScannedVulInfo // key is vul name
LowVulInfo []share.CLUSScannedVulInfoSimple // only care about score
SetIDPermCnt int // setuid and set gid from image scan
SecretsCnt int // secrets from image scan
}
Source Files
Click to show internal directories.
Click to hide internal directories.