trivy

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2022 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Overview

Package trivy provides primitives for working with Trivy.

Index

Constants

View Source 
const (
	AWSECR_Image_Regex        = "^\\d+\\.dkr\\.ecr\\.(\\w+-\\w+-\\d+)\\.amazonaws\\.com\\/"
	SupportedConfigAuditKinds = "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
)
View Source 
const (
	FsSharedVolumeName          = "trivyoperator"
	SharedVolumeLocationOfTrivy = "/var/trivyoperator/trivy"
)
View Source 
const (
	// Plugin the name of this plugin.
	Plugin = "Trivy"
)

Variables

This section is empty.

Functions

func CheckAwsEcrPrivateRegistry 

func CheckAwsEcrPrivateRegistry(ImageUrl string) string

func GetCvssV3 added in v0.3.0 

func GetCvssV3(findingCvss types.VendorCVSS) map[string]*CVSS

func GetMirroredImage 

func GetMirroredImage(image string, mirrors map[string]string) (string, error)

func GetScoreFromCVSS 

func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64

func NewPlugin 

func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) vulnerabilityreport.Plugin

NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an upstream Trivy container image to scan Kubernetes workloads.

The plugin supports Image and Filesystem commands. The Filesystem command may be used to scan workload images cached on cluster nodes by scheduling scan jobs on a particular node.

The Image command supports both Standalone and ClientServer modes depending on the settings returned by Config.GetMode. The ClientServer mode is usually more performant, however it requires a Trivy server accessible at the configurable Config.GetServerURL.

func NewTrivyConfigAuditPlugin 

func NewTrivyConfigAuditPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) configauditreport.PluginInMemory

NewTrivyConfigAuditPlugin constructs a new configAudit.Plugin, which is using an upstream Trivy config audit scanner lib.

Types

type AdditionalFields added in v0.2.0 

type AdditionalFields struct {
	Description bool
	Links       bool
	CVSS        bool
	Target      bool
}

type CVSS 

type CVSS struct {
	V3Score *float64 `json:"V3Score,omitempty"`
}

type Command 

type Command string

Command to scan image or filesystem. 

const (
	Filesystem Command = "filesystem"
	Image      Command = "image"
)

type Config 

type Config struct {
	trivyoperator.PluginConfig
}

Config defines configuration params for this plugin.

func (Config) GetAdditionalVulnerabilityReportFields added in v0.2.0 

func (c Config) GetAdditionalVulnerabilityReportFields() AdditionalFields

func (Config) GetCommand 

func (c Config) GetCommand() (Command, error)

func (Config) GetDBRepository 

func (c Config) GetDBRepository() (string, error)

func (Config) GetDBRepositoryInsecure 

func (c Config) GetDBRepositoryInsecure() bool

func (Config) GetImageRef 

func (c Config) GetImageRef() (string, error)

GetImageRef returns upstream Trivy container image reference.

func (Config) GetInsecureRegistries 

func (c Config) GetInsecureRegistries() map[string]bool

func (Config) GetMirrors 

func (c Config) GetMirrors() map[string]string

func (Config) GetMode 

func (c Config) GetMode() (Mode, error)

func (Config) GetNonSSLRegistries 

func (c Config) GetNonSSLRegistries() map[string]bool

func (Config) GetResourceRequirements 

func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)

GetResourceRequirements creates ResourceRequirements from the Config.

func (Config) GetServerInsecure 

func (c Config) GetServerInsecure() bool

func (Config) GetServerURL 

func (c Config) GetServerURL() (string, error)

func (Config) GetSupportedConfigAuditKinds 

func (c Config) GetSupportedConfigAuditKinds() []string

func (Config) GetUseBuiltinRegoPolicies 

func (c Config) GetUseBuiltinRegoPolicies() bool

func (Config) IgnoreFileExists 

func (c Config) IgnoreFileExists() bool

func (Config) IgnoreUnfixed 

func (c Config) IgnoreUnfixed() bool

type Layer 

type Layer struct {
	Digest string `json:"Digest"`
	DiffID string `json:"DiffID"`
}

type Mode 

type Mode string

Mode in which Trivy client operates. 

const (
	Standalone   Mode = "Standalone"
	ClientServer Mode = "ClientServer"
)

type ScanReport 

type ScanReport struct {
	Results []ScanResult `json:"Results"`
}

type ScanResult 

type ScanResult struct {
	Target          string          `json:"Target"`
	Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
	Secrets         []Secret        `json:"Secrets"`
}

type Secret 

type Secret struct {
	Target   string            `json:"Target"`
	RuleID   string            `json:"RuleID"`
	Category string            `json:"Category"`
	Severity v1alpha1.Severity `json:"Severity"`
	Title    string            `json:"Title"`
	Match    string            `json:"Match"`
}

type Vulnerability 

type Vulnerability struct {
	VulnerabilityID  string            `json:"VulnerabilityID"`
	PkgName          string            `json:"PkgName"`
	InstalledVersion string            `json:"InstalledVersion"`
	FixedVersion     string            `json:"FixedVersion"`
	Title            string            `json:"Title"`
	Description      string            `json:"Description"`
	Severity         v1alpha1.Severity `json:"Severity"`
	Layer            Layer             `json:"Layer"`
	PrimaryURL       string            `json:"PrimaryURL"`
	References       []string          `json:"References"`
	CVSS             types.VendorCVSS  `json:"CVSS"`
	Target           string            `json:"Target"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.