vulnerabilityreport

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2022 License: Apache-2.0 Imports: 35 Imported by: 1

Documentation

Overview

Package vulnerabilityreport provides primitives for working with vulnerability scanners.

Index

Constants

This section is empty.

Variables

View Source 
var (
	SummaryCount = []LessFunc{
		func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.CriticalCount < r2.Report.Summary.CriticalCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.HighCount < r2.Report.Summary.HighCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.MediumCount < r2.Report.Summary.MediumCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.LowCount < r2.Report.Summary.LowCount
		}, func(r1, r2 *v1alpha1.VulnerabilityReport) bool {
			return r1.Report.Summary.UnknownCount < r2.Report.Summary.UnknownCount
		}}
)

Functions

func GetScanJobName 

func GetScanJobName(obj client.Object) string

func OrderedBy 

func OrderedBy(less ...LessFunc) *multiSorter

OrderedBy returns a Sorter that sorts using the LessFunc functions, in order. Call its Sort method to sort the data.

func RegistryCredentialsSecretName 

func RegistryCredentialsSecretName(obj client.Object) string

Types

type BySeverity 

type BySeverity struct{ Vulnerabilities }

BySeverity implements sort.Interface by providing Less and using the Vulnerabilities.Len and Vulnerabilities.Swap methods of the embedded Vulnerabilities value.

func (BySeverity) Less 

func (s BySeverity) Less(i, j int) bool

type LessFunc 

type LessFunc func(p1, p2 *v1alpha1.VulnerabilityReport) bool

type Plugin 

type Plugin interface {

	// Init is a callback to initialize this plugin, e.g. ensure the default
	// configuration.
	Init(ctx trivyoperator.PluginContext) error

	// GetScanJobSpec describes the pod that will be created by Trivy-operator when
	// it schedules a Kubernetes job to scan the workload with the specified
	// descriptor.
	// The second argument maps container names to Docker registry credentials,
	// which can be passed to the scanner as environment variables with values
	// set from returned secrets.
	GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth,
		securityContext *corev1.SecurityContext) (corev1.PodSpec, []*corev1.Secret, error)

	// ParseReportData is a callback to parse and convert logs of
	// the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult.
	ParseReportData(ctx trivyoperator.PluginContext, imageRef string, logsReader io.ReadCloser) (
		v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, error)
}

Plugin defines the interface between Trivy-operator and static vulnerability scanners.

type ReadWriter 

type ReadWriter interface {
	Reader
	Writer
}

func NewReadWriter 

func NewReadWriter(objectResolver *kube.ObjectResolver) ReadWriter

NewReadWriter constructs a new ReadWriter which is using the client package provided by the controller-runtime libraries for interacting with the Kubernetes API server.

type Reader 

type Reader interface {
	FindByOwner(context.Context, kube.ObjectRef) ([]v1alpha1.VulnerabilityReport, error)
}

Reader is the interface that wraps methods for finding v1alpha1.VulnerabilityReport objects.

FindByOwner returns the slice of v1alpha1.VulnerabilityReport instances owned by the given kube.ObjectRef or an empty slice if the reports are not found.

type ReportBuilder 

type ReportBuilder struct {
	// contains filtered or unexported fields
}

func NewReportBuilder 

func NewReportBuilder(scheme *runtime.Scheme) *ReportBuilder

func (*ReportBuilder) Container 

func (b *ReportBuilder) Container(name string) *ReportBuilder

func (*ReportBuilder) Controller 

func (b *ReportBuilder) Controller(controller client.Object) *ReportBuilder

func (*ReportBuilder) Data 

func (b *ReportBuilder) Data(data v1alpha1.VulnerabilityReportData) *ReportBuilder

func (*ReportBuilder) Get 

func (b *ReportBuilder) Get() (v1alpha1.VulnerabilityReport, error)

func (*ReportBuilder) PodSpecHash 

func (b *ReportBuilder) PodSpecHash(hash string) *ReportBuilder

func (*ReportBuilder) ReportTTL 

func (b *ReportBuilder) ReportTTL(ttl *time.Duration) *ReportBuilder

type ScanJobBuilder 

type ScanJobBuilder struct {
	// contains filtered or unexported fields
}

func NewScanJobBuilder 

func NewScanJobBuilder() *ScanJobBuilder

func (*ScanJobBuilder) Get 

func (s *ScanJobBuilder) Get() (*batchv1.Job, []*corev1.Secret, error)

func (*ScanJobBuilder) WithAnnotations 

func (s *ScanJobBuilder) WithAnnotations(annotations map[string]string) *ScanJobBuilder

func (*ScanJobBuilder) WithCredentials 

func (s *ScanJobBuilder) WithCredentials(credentials map[string]docker.Auth) *ScanJobBuilder

func (*ScanJobBuilder) WithNodeSelector added in v0.2.0 

func (s *ScanJobBuilder) WithNodeSelector(nodeSelector map[string]string) *ScanJobBuilder

func (*ScanJobBuilder) WithObject 

func (s *ScanJobBuilder) WithObject(object client.Object) *ScanJobBuilder

func (*ScanJobBuilder) WithPlugin 

func (s *ScanJobBuilder) WithPlugin(plugin Plugin) *ScanJobBuilder

func (*ScanJobBuilder) WithPluginContext 

func (s *ScanJobBuilder) WithPluginContext(pluginContext trivyoperator.PluginContext) *ScanJobBuilder

func (*ScanJobBuilder) WithPodSecurityContext added in v0.1.6 

func (s *ScanJobBuilder) WithPodSecurityContext(podSecurityContext *corev1.PodSecurityContext) *ScanJobBuilder

func (*ScanJobBuilder) WithPodTemplateLabels 

func (s *ScanJobBuilder) WithPodTemplateLabels(podTemplateLabels map[string]string) *ScanJobBuilder

func (*ScanJobBuilder) WithSecurityContext added in v0.2.0 

func (s *ScanJobBuilder) WithSecurityContext(securityContext *corev1.SecurityContext) *ScanJobBuilder

func (*ScanJobBuilder) WithTimeout 

func (s *ScanJobBuilder) WithTimeout(timeout time.Duration) *ScanJobBuilder

func (*ScanJobBuilder) WithTolerations 

func (s *ScanJobBuilder) WithTolerations(tolerations []corev1.Toleration) *ScanJobBuilder

type TTLReportReconciler added in v0.1.4 

type TTLReportReconciler struct {
	logr.Logger
	etc.Config
	client.Client
	ext.Clock
}

func (*TTLReportReconciler) DeleteReportIfExpired added in v0.1.4 

func (r *TTLReportReconciler) DeleteReportIfExpired(ctx context.Context, namespacedName types.NamespacedName) (ctrl.Result, error)

func (*TTLReportReconciler) SetupWithManager added in v0.1.4 

func (r *TTLReportReconciler) SetupWithManager(mgr ctrl.Manager) error

type Vulnerabilities 

type Vulnerabilities []v1alpha1.Vulnerability

func (Vulnerabilities) Len 

func (s Vulnerabilities) Len() int

func (Vulnerabilities) Swap 

func (s Vulnerabilities) Swap(i, j int)

type WorkloadController 

type WorkloadController struct {
	logr.Logger
	etc.Config
	client.Client
	kube.ObjectResolver
	jobs.LimitChecker
	kube.LogsReader
	kube.SecretsReader
	Plugin
	trivyoperator.PluginContext
	trivyoperator.ConfigData
	VulnerabilityReadWriter ReadWriter
	ExposedSecretReadWriter exposedsecretreport.ReadWriter
}

WorkloadController watches Kubernetes workloads and generates v1alpha1.VulnerabilityReport instances using vulnerability scanner that that implements the Plugin interface.

func (*WorkloadController) SetupWithManager 

func (r *WorkloadController) SetupWithManager(mgr ctrl.Manager) error

type Writer 

type Writer interface {
	Write(context.Context, []v1alpha1.VulnerabilityReport) error
}

Writer is the interface that wraps the basic Write method.

Write creates or updates the given slice of v1alpha1.VulnerabilityReport instances.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.