Documentation
¶
Overview ¶
Package trivy provides primitives for working with Trivy.
Index ¶
- Constants
- func CheckAwsEcrPrivateRegistry(ImageUrl string) string
- func GetMirroredImage(image string, mirrors map[string]string) (string, error)
- func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64
- func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, ...) vulnerabilityreport.Plugin
- type CVSS
- type Command
- type Config
- func (c Config) GetCommand() (Command, error)
- func (c Config) GetDBRepository() (string, error)
- func (c Config) GetImageRef() (string, error)
- func (c Config) GetInsecureRegistries() map[string]bool
- func (c Config) GetMirrors() map[string]string
- func (c Config) GetMode() (Mode, error)
- func (c Config) GetNonSSLRegistries() map[string]bool
- func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)
- func (c Config) GetServerInsecure() bool
- func (c Config) GetServerURL() (string, error)
- func (c Config) IgnoreFileExists() bool
- func (c Config) IgnoreUnfixed() bool
- type Layer
- type Mode
- type ScanReport
- type ScanResult
- type Vulnerability
Constants ¶
const ( )
const (
AWSECR_Image_Regex = "^\\d+\\.dkr\\.ecr\\.(\\w+-\\w+-\\d+)\\.amazonaws\\.com\\/"
)
const (
// Plugin the name of this plugin.
Plugin = "Trivy"
)
Variables ¶
This section is empty.
Functions ¶
func CheckAwsEcrPrivateRegistry ¶ added in v0.15.5
func GetMirroredImage ¶ added in v0.12.0
func GetScoreFromCVSS ¶ added in v0.11.0
func NewPlugin ¶
func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) vulnerabilityreport.Plugin
NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an upstream Trivy container image to scan Kubernetes workloads.
The plugin supports Image and Filesystem commands. The Filesystem command may be used to scan workload images cached on cluster nodes by scheduling scan jobs on a particular node.
The Image command supports both Standalone and ClientServer modes depending on the settings returned by Config.GetMode. The ClientServer mode is usually more performant, however it requires a Trivy server accessible at the configurable Config.GetServerURL.
Types ¶
type Config ¶
type Config struct {
starboard.PluginConfig
}
Config defines configuration params for this plugin.
func (Config) GetCommand ¶ added in v0.14.1
func (Config) GetDBRepository ¶ added in v0.15.4
func (Config) GetImageRef ¶ added in v0.11.0
GetImageRef returns upstream Trivy container image reference.
func (Config) GetInsecureRegistries ¶ added in v0.11.0
func (Config) GetMirrors ¶ added in v0.12.0
func (Config) GetNonSSLRegistries ¶ added in v0.15.0
func (Config) GetResourceRequirements ¶ added in v0.11.0
func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)
GetResourceRequirements creates ResourceRequirements from the Config.
func (Config) GetServerInsecure ¶ added in v0.15.0
func (Config) GetServerURL ¶ added in v0.11.0
func (Config) IgnoreFileExists ¶ added in v0.11.0
func (Config) IgnoreUnfixed ¶ added in v0.14.1
type ScanReport ¶
type ScanReport struct {
Results []ScanResult `json:"Results"`
}
type ScanResult ¶ added in v0.13.0
type ScanResult struct {
Target string `json:"Target"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
}
type Vulnerability ¶
type Vulnerability struct {
VulnerabilityID string `json:"VulnerabilityID"`
PkgName string `json:"PkgName"`
InstalledVersion string `json:"InstalledVersion"`
FixedVersion string `json:"FixedVersion"`
Title string `json:"Title"`
Description string `json:"Description"`
Severity v1alpha1.Severity `json:"Severity"`
Layer Layer `json:"Layer"`
PrimaryURL string `json:"PrimaryURL"`
References []string `json:"References"`
Cvss map[string]*CVSS `json:"CVSS"`
}
Source Files