vulnerabilityreport

package
v0.10.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 6, 2021 License: Apache-2.0 Imports: 22 Imported by: 1

Documentation

Overview

This package provides primitives for working with vulnerability scanners.

Index

Constants

This section is empty.

Variables

View Source 
var (
	SummaryCount = []LessFunc{
		func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.CriticalCount < r2.Report.Summary.CriticalCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.HighCount < r2.Report.Summary.HighCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.MediumCount < r2.Report.Summary.MediumCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.LowCount < r2.Report.Summary.LowCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.UnknownCount < r2.Report.Summary.UnknownCount
		}}
)

Functions

func OrderedBy added in v0.10.0 

func OrderedBy(less ...LessFunc) *multiSorter

OrderedBy returns a Sorter that sorts using the LessFunc functions, in order. Call its Sort method to sort the data.

Types

type Builder 

type Builder interface {
	Owner(owner metav1.Object) Builder
	Container(name string) Builder
	PodSpecHash(hash string) Builder
	Result(result v1alpha1.VulnerabilityScanResult) Builder
	Get() (v1alpha1.VulnerabilityReport, error)
}

func NewBuilder 

func NewBuilder(scheme *runtime.Scheme) Builder

type BySeverity added in v0.9.2 

type BySeverity struct{ Vulnerabilities }

BySeverity implements sort.Interface by providing Less and using the Vulnerabilities.Len and Vulnerabilities.Swap methods of the embedded Vulnerabilities value.

func (BySeverity) Less added in v0.9.2 

func (s BySeverity) Less(i, j int) bool

type LessFunc added in v0.10.0 

type LessFunc func(p1, p2 *v1alpha1.VulnerabilityReport) bool

type Plugin added in v0.8.0 

type Plugin interface {

	// GetScanJobSpec describes the pod that will be created by Starboard when
	// it schedules a Kubernetes job to scan the workload with the specified
	// descriptor.
	// The second argument maps container names to Docker registry credentials,
	// which can be passed to the scanner as environment variables with values
	// set from returned secrets.
	GetScanJobSpec(spec corev1.PodSpec, credentials map[string]docker.Auth) (
		corev1.PodSpec, []*corev1.Secret, error)

	// ParseVulnerabilityScanResult is a callback to parse and convert logs of
	// the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult.
	ParseVulnerabilityScanResult(imageRef string, logsReader io.ReadCloser) (
		v1alpha1.VulnerabilityScanResult, error)
}

Plugin defines the interface between Starboard and static vulnerability scanners.

type ReadWriter 

type ReadWriter interface {
	Reader
	Writer
}

func NewReadWriter 

func NewReadWriter(client client.Client) ReadWriter

NewReadWriter constructs a new ReadWriter which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

type Reader 

type Reader interface {
	FindByOwner(context.Context, kube.Object) ([]v1alpha1.VulnerabilityReport, error)
	FindByOwnerInHierarchy(ctx context.Context, object kube.Object) ([]v1alpha1.VulnerabilityReport, error)
}

Reader is the interface that wraps methods for finding v1alpha1.VulnerabilityReport objects.

FindByOwner returns the slice of v1alpha1.VulnerabilityReport instances owned by the given kube.Object or an empty slice if the reports are not found.

FindByOwnerInHierarchy is similar to FindByOwner except it tries to lookup v1alpha1.VulnerabilityReport objects owned by related Kubernetes objects. For example, if the given owner is a Deployment, but reports are owned by the active ReplicaSet (current revision) this method will return the reports.

type Scanner 

type Scanner struct {
	ext.IDGenerator
	kube.SecretsReader
	// contains filtered or unexported fields
}

Scanner is a template for running static vulnerability scanners that implement the Plugin interface.

func NewScanner added in v0.8.0 

func NewScanner(
	clientset kubernetes.Interface,
	client client.Client,
	opts kube.ScannerOpts,
	plugin Plugin,
) *Scanner

NewScanner constructs a new static vulnerability Scanner with the specified Plugin that knows how to perform the actual scanning, which is performed by running a Kubernetes job, and knows how to convert logs to instances of v1alpha1.VulnerabilityReport.

func (*Scanner) Scan added in v0.8.0 

func (s *Scanner) Scan(ctx context.Context, workload kube.Object) ([]v1alpha1.VulnerabilityReport, error)

Scan creates a Kubernetes job to scan the specified workload. The pod created by the scan job has template contributed by the Plugin. It is a blocking method that watches the status of the job until it succeeds or fails. When succeeded it parses container logs and coverts the output to instances of v1alpha1.VulnerabilityReport by delegating such transformation logic also to the Plugin.

type Vulnerabilities added in v0.9.2 

type Vulnerabilities []v1alpha1.Vulnerability

func (Vulnerabilities) Len added in v0.9.2 

func (s Vulnerabilities) Len() int

func (Vulnerabilities) Swap added in v0.9.2 

func (s Vulnerabilities) Swap(i, j int)

type Writer 

type Writer interface {
	Write(context.Context, []v1alpha1.VulnerabilityReport) error
}

Writer is the interface that wraps the basic Write method.

Write creates or updates the given slice of v1alpha1.VulnerabilityReport instances.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.