vulnerabilityreport

package
v0.23.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2024 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Overview

Package vulnerabilityreport provides primitives for working with vulnerability scanners.

Index

Constants

This section is empty.

Variables

View Source
var (
	SummaryCount = []LessFunc{
		func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.CriticalCount < r2.Report.Summary.CriticalCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.HighCount < r2.Report.Summary.HighCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.MediumCount < r2.Report.Summary.MediumCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.LowCount < r2.Report.Summary.LowCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.UnknownCount < r2.Report.Summary.UnknownCount
		}}
)

Functions

func BuildVulnerabilityReportData added in v0.17.0

func BuildVulnerabilityReportData(clock ext.Clock, registry v1alpha1.Registry, artifact v1alpha1.Artifact, os v1alpha1.OS, version string, vulnerabilities []v1alpha1.Vulnerability) v1alpha1.VulnerabilityReportData

func GetCvssV3 added in v0.17.0

func GetCvssV3(findingCvss types.VendorCVSS) map[string]*CVSS

func GetScanJobName

func GetScanJobName(obj client.Object) string

func GetScoreFromCVSS added in v0.17.0

func GetScoreFromCVSS(cvsss map[string]*CVSS) *float64

func GetVulnerabilitiesFromScanResult added in v0.17.0

func GetVulnerabilitiesFromScanResult(report ty.Result, addFields AdditionalFields) []v1alpha1.Vulnerability

func OrderedBy

func OrderedBy(less ...LessFunc) *multiSorter

OrderedBy returns a Sorter that sorts using the LessFunc functions, in order. Call its Sort method to sort the data.

func RegistryCredentialsSecretName

func RegistryCredentialsSecretName(obj client.Object) string

Types

type AdditionalFields added in v0.17.0

type AdditionalFields struct {
	Description bool
	Links       bool
	CVSS        bool
	Target      bool
	Class       bool
	PackageType bool
	PkgPath     bool
}

type BySeverity

type BySeverity struct{ Vulnerabilities }

BySeverity implements sort.Interface by providing Less and using the Vulnerabilities.Len and Vulnerabilities.Swap methods of the embedded Vulnerabilities value.

func (BySeverity) Less

func (s BySeverity) Less(i, j int) bool

type CVSS added in v0.17.0

type CVSS struct {
	V3Score *float64 `json:"V3Score,omitempty"`
}

type LessFunc

type LessFunc func(p1, p2 *v1alpha1.VulnerabilityReport) bool

type Plugin

type Plugin interface {

	// Init is a callback to initialize this plugin, e.g. ensure the default
	// configuration.
	Init(ctx trivyoperator.PluginContext) error

	// GetScanJobSpec describes the pod that will be created by Trivy-operator when
	// it schedules a Kubernetes job to scan the workload with the specified
	// descriptor.
	// The second argument maps container names to Docker registry credentials,
	// which can be passed to the scanner as environment variables with values
	// set from returned secrets.
	GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth,
		securityContext *corev1.SecurityContext, clusterSbomReport map[string]v1alpha1.SbomReportData) (corev1.PodSpec, []*corev1.Secret, error)

	// ParseReportData is a callback to parse and convert logs of
	// the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult.
	ParseReportData(ctx trivyoperator.PluginContext, imageRef string, logsReader io.ReadCloser) (
		v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, *v1alpha1.SbomReportData, error)
}

Plugin defines the interface between Trivy-operator and static vulnerability scanners.

type ReadWriter

type ReadWriter interface {
	Reader
	Writer
}

func NewReadWriter

func NewReadWriter(objectResolver *kube.ObjectResolver) ReadWriter

NewReadWriter constructs a new ReadWriter which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

type Reader

type Reader interface {
	FindByOwner(context.Context, kube.ObjectRef) ([]v1alpha1.VulnerabilityReport, error)
}

Reader is the interface that wraps methods for finding v1alpha1.VulnerabilityReport objects.

FindByOwner returns the slice of v1alpha1.VulnerabilityReport instances owned by the given kube.ObjectRef or an empty slice if the reports are not found.

type ReportBuilder

type ReportBuilder struct {
	// contains filtered or unexported fields
}

func NewReportBuilder

func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder

func (*ReportBuilder) AdditionalReportLabels added in v0.13.0

func (b *ReportBuilder) AdditionalReportLabels(additionalReportLabels map[string]string) *ReportBuilder

func (*ReportBuilder) Container

func (b *ReportBuilder) Container(name string) *ReportBuilder

func (*ReportBuilder) Controller

func (b *ReportBuilder) Controller(controller client.Object) *ReportBuilder

func (*ReportBuilder) Data

func (*ReportBuilder) PodSpecHash

func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder

func (*ReportBuilder) ReportTTL

func (b *ReportBuilder) ReportTTL(ttl *time.Duration) *ReportBuilder

func (*ReportBuilder) ResourceLabelsToInclude added in v0.5.0

func (b *ReportBuilder) ResourceLabelsToInclude(resourceLabelsToInclude []string) *ReportBuilder

type ScanJobBuilder

type ScanJobBuilder struct {
	// contains filtered or unexported fields
}

func NewScanJobBuilder

func NewScanJobBuilder() *ScanJobBuilder

func (*ScanJobBuilder) Get

func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error)

func (*ScanJobBuilder) WithAffinity added in v0.19.1

func (s *ScanJobBuilder) WithAffinity(affinity *corev1.Affinity) *ScanJobBuilder

func (*ScanJobBuilder) WithAnnotations

func (s *ScanJobBuilder) WithAnnotations(annotations map[string]string) *ScanJobBuilder

func (*ScanJobBuilder) WithCredentials

func (s *ScanJobBuilder) WithCredentials(credentials map[string]docker.Auth) *ScanJobBuilder

func (*ScanJobBuilder) WithCustomVolumes added in v0.20.0

func (s *ScanJobBuilder) WithCustomVolumes(customVolumes []corev1.Volume) *ScanJobBuilder

func (*ScanJobBuilder) WithCustomVolumesMount added in v0.20.0

func (s *ScanJobBuilder) WithCustomVolumesMount(customVolumesMount []corev1.VolumeMount) *ScanJobBuilder

func (*ScanJobBuilder) WithNodeSelector added in v0.2.0

func (s *ScanJobBuilder) WithNodeSelector(nodeSelector map[string]string) *ScanJobBuilder

func (*ScanJobBuilder) WithObject

func (s *ScanJobBuilder) WithObject(object client.Object) *ScanJobBuilder

func (*ScanJobBuilder) WithPlugin

func (s *ScanJobBuilder) WithPlugin(plugin Plugin) *ScanJobBuilder

func (*ScanJobBuilder) WithPluginContext

func (s *ScanJobBuilder) WithPluginContext(pluginContext trivyoperator.PluginContext) *ScanJobBuilder

func (*ScanJobBuilder) WithPodPriorityClassName added in v0.13.0

func (s *ScanJobBuilder) WithPodPriorityClassName(podPriorityClassName string) *ScanJobBuilder

func (*ScanJobBuilder) WithPodSecurityContext added in v0.1.6

func (s *ScanJobBuilder) WithPodSecurityContext(podSecurityContext *corev1.PodSecurityContext) *ScanJobBuilder

func (*ScanJobBuilder) WithPodTemplateLabels

func (s *ScanJobBuilder) WithPodTemplateLabels(podTemplateLabels map[string]string) *ScanJobBuilder

func (*ScanJobBuilder) WithSbomClusterReports added in v0.17.0

func (s *ScanJobBuilder) WithSbomClusterReports(sbomClusterReports map[string]v1alpha1.SbomReportData) *ScanJobBuilder

func (*ScanJobBuilder) WithScanSecretTTL added in v0.19.0

func (s *ScanJobBuilder) WithScanSecretTTL(ttl *time.Duration) *ScanJobBuilder

func (*ScanJobBuilder) WithSecurityContext added in v0.2.0

func (s *ScanJobBuilder) WithSecurityContext(securityContext *corev1.SecurityContext) *ScanJobBuilder

func (*ScanJobBuilder) WithSkipInitContainers added in v0.16.0

func (s *ScanJobBuilder) WithSkipInitContainers(skipInitContainers bool) *ScanJobBuilder

func (*ScanJobBuilder) WithTTL added in v0.12.0

func (s *ScanJobBuilder) WithTTL(ttl *time.Duration) *ScanJobBuilder

func (*ScanJobBuilder) WithTimeout

func (s *ScanJobBuilder) WithTimeout(timeout time.Duration) *ScanJobBuilder

func (*ScanJobBuilder) WithTolerations

func (s *ScanJobBuilder) WithTolerations(tolerations []corev1.Toleration) *ScanJobBuilder

type Vulnerabilities

type Vulnerabilities []v1alpha1.Vulnerability

func (Vulnerabilities) Len

func (s Vulnerabilities) Len() int

func (Vulnerabilities) Swap

func (s Vulnerabilities) Swap(i, j int)

type Writer

Writer is the interface that wraps the basic Write method.

Write creates or updates the given slice of v1alpha1.VulnerabilityReport instances.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL