Documentation
¶
Overview ¶
Package trivy provides primitives for working with Trivy.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetScoreFromCvss ¶
func NewPlugin ¶
func NewPlugin(idGenerator ext.IDGenerator, config Config) vulnerabilityreport.Plugin
NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an official Trivy container image to scan Kubernetes workloads.
This Plugin supports both starboard.Standalone and starboard.ClientServer client modes depending on the active mode returned by Config.GetTrivyMode.
The starboard.ClientServer mode is usually more performant, however it requires a Trivy server accessible at the configurable URL.
Types ¶
type Config ¶
type Config interface {
GetTrivyImageRef() (string, error)
GetTrivyMode() (starboard.TrivyMode, error)
GetTrivyServerURL() (string, error)
GetTrivyInsecureRegistries() map[string]bool
}
Config defines configuration params for the Trivy vulnerabilityreport.Plugin.
type Converter ¶
type Converter interface {
Convert(imageRef string, reader io.Reader) (v1alpha1.VulnerabilityScanResult, error)
}
Converter is the interface that wraps the Convert method.
Convert converts the vulnerabilities model used by Trivy to a generic model defined by the Custom Security Resource Specification.
func NewConverter ¶
type ScanReport ¶
type ScanReport struct {
Target string `json:"Target"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
}
type Vulnerability ¶
type Vulnerability struct {
VulnerabilityID string `json:"VulnerabilityID"`
PkgName string `json:"PkgName"`
InstalledVersion string `json:"InstalledVersion"`
FixedVersion string `json:"FixedVersion"`
Title string `json:"Title"`
Description string `json:"Description"`
Severity v1alpha1.Severity `json:"Severity"`
Layer Layer `json:"Layer"`
PrimaryURL string `json:"PrimaryURL"`
References []string `json:"References"`
Cvss map[string]*CVSS `json:"CVSS"`
}
Source Files