Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Builder ¶
type Builder interface { Owner(owner metav1.Object) Builder Container(name string) Builder PodSpecHash(hash string) Builder Result(result v1alpha1.VulnerabilityScanResult) Builder Get() (v1alpha1.VulnerabilityReport, error) }
func NewBuilder ¶
type Plugin ¶ added in v0.8.0
type Plugin interface { // GetScanJobSpec describes the pod that will be created by Starboard when // it schedules a Kubernetes job to scan the workload with the specified // descriptor. // The second argument maps container names to Docker registry credentials, // which can be passed to the scanner as environment variables with values // set from returned secrets. GetScanJobSpec(spec corev1.PodSpec, credentials map[string]docker.Auth) ( corev1.PodSpec, []*corev1.Secret, error) // ParseVulnerabilityScanResult is a callback to parse and convert logs of // the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult. ParseVulnerabilityScanResult(imageRef string, logsReader io.ReadCloser) ( v1alpha1.VulnerabilityScanResult, error) }
Plugin defines the interface between Starboard and static vulnerability scanners.
type ReadWriter ¶
func NewReadWriter ¶
func NewReadWriter(client clientset.Interface) ReadWriter
type Scanner ¶
type Scanner struct { ext.IDGenerator Plugin kube.SecretsReader // contains filtered or unexported fields }
Scanner is a template for running static vulnerability scanners that implement the vulnerabilityreport.Plugin interface.
func NewScanner ¶ added in v0.8.0
func NewScanner( scheme *runtime.Scheme, clientset kubernetes.Interface, opts kube.ScannerOpts, plugin Plugin, ) *Scanner
NewScanner constructs a new static vulnerability Scanner with the specified vulnerabilityreport.Plugin that knows how to perform the actual scanning, which is performed by running a Kubernetes job, and knows how to convert logs to instances of v1alpha1.VulnerabilityReport.
func (*Scanner) Scan ¶ added in v0.8.0
func (s *Scanner) Scan(ctx context.Context, workload kube.Object) ([]v1alpha1.VulnerabilityReport, error)
Scan creates a Kubernetes job to scan the specified workload. The pod created by the scan job has template contributed by the vulnerabilityreport.Plugin. It is a blocking method that watches the status of the job until it succeeds or fails. When succeeded it parses container logs and coverts the output to instances of v1alpha1.VulnerabilityReport by delegating such transformation logic also to the vulnerabilityreport.Plugin.
type StoreInterface ¶
type StoreInterface interface { Save(context.Context, []starboardv1alpha1.VulnerabilityReport) error FindByOwner(context.Context, kube.Object) ([]starboardv1alpha1.VulnerabilityReport, error) }
type WorkloadVulnerabilities ¶
type WorkloadVulnerabilities map[string]starboard.VulnerabilityScanResult
WorkloadVulnerabilities holds VulnerabilityReports for each container of a Kubernetes workload. Deprecated use a slice of VulnerabilityReports instead