trivy

package

v0.8.0-rc Latest Latest Go to latest Published: Nov 27, 2022 License: Apache-2.0 Imports: 23 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/trivy-operator

Documentation ¶

Overview ¶

Package trivy provides primitives for working with Trivy.

Index ¶

Constants
func CheckAwsEcrPrivateRegistry(ImageUrl string) string
func GetCvssV3(findingCvss types.VendorCVSS) map[string]*CVSS
func GetMirroredImage(image string, mirrors map[string]string) (string, error)
func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64
func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, ...) vulnerabilityreport.Plugin
func NewTrivyConfigAuditPlugin(clock ext.Clock, idGenerator ext.IDGenerator, ...) configauditreport.PluginInMemory
type AdditionalFields
type CVSS
type Command
type Config
type Layer
type Mode
type ScanReport
type ScanResult
type Secret
type Vulnerability

Constants ¶

View Source

const (
	AWSECR_Image_Regex        = "^\\d+\\.dkr\\.ecr\\.(\\w+-\\w+-\\d+)\\.amazonaws\\.com\\/"
	SupportedConfigAuditKinds = "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
)

View Source

const (
	FsSharedVolumeName          = "trivyoperator"
	SharedVolumeLocationOfTrivy = "/var/trivyoperator/trivy"
)

View Source

const (
	// Plugin the name of this plugin.
	Plugin = "Trivy"
)

Variables ¶

This section is empty.

Functions ¶

func CheckAwsEcrPrivateRegistry ¶

func CheckAwsEcrPrivateRegistry(ImageUrl string) string

func GetCvssV3 ¶ added in v0.3.0

func GetCvssV3(findingCvss types.VendorCVSS) map[string]*CVSS

func GetMirroredImage ¶

func GetMirroredImage(image string, mirrors map[string]string) (string, error)

func GetScoreFromCVSS ¶

func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64

func NewPlugin ¶

func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) vulnerabilityreport.Plugin

NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an upstream Trivy container image to scan Kubernetes workloads.

The plugin supports Image and Filesystem commands. The Filesystem command may be used to scan workload images cached on cluster nodes by scheduling scan jobs on a particular node.

The Image command supports both Standalone and ClientServer modes depending on the settings returned by Config.GetMode. The ClientServer mode is usually more performant, however it requires a Trivy server accessible at the configurable Config.GetServerURL.

func NewTrivyConfigAuditPlugin ¶

func NewTrivyConfigAuditPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) configauditreport.PluginInMemory

NewTrivyConfigAuditPlugin constructs a new configAudit.Plugin, which is using an upstream Trivy config audit scanner lib.

Types ¶

type AdditionalFields ¶ added in v0.2.0

type AdditionalFields struct {
	Description bool
	Links       bool
	CVSS        bool
	Target      bool
	Class       bool
	PackageType bool
}

type CVSS ¶

type CVSS struct {
	V3Score *float64 `json:"V3Score,omitempty"`
}

type Command ¶

type Command string

Command to scan image or filesystem.

const (
	Filesystem Command = "filesystem"
	Image      Command = "image"
)

type Config ¶

type Config struct {
	trivyoperator.PluginConfig
}

Config defines configuration params for this plugin.

func (Config) GetAdditionalVulnerabilityReportFields ¶ added in v0.2.0

func (c Config) GetAdditionalVulnerabilityReportFields() AdditionalFields

func (Config) GetCommand ¶

func (c Config) GetCommand() (Command, error)

func (Config) GetDBRepository ¶

func (c Config) GetDBRepository() (string, error)

func (Config) GetDBRepositoryInsecure ¶

func (c Config) GetDBRepositoryInsecure() bool

func (Config) GetImagePullSecret ¶ added in v0.6.0

func (c Config) GetImagePullSecret() []corev1.LocalObjectReference

func (Config) GetImageRef ¶

func (c Config) GetImageRef() (string, error)

GetImageRef returns upstream Trivy container image reference.

func (Config) GetInsecureRegistries ¶

func (c Config) GetInsecureRegistries() map[string]bool

func (Config) GetMirrors ¶

func (c Config) GetMirrors() map[string]string

func (Config) GetMode ¶

func (c Config) GetMode() (Mode, error)

func (Config) GetNonSSLRegistries ¶

func (c Config) GetNonSSLRegistries() map[string]bool

func (Config) GetResourceRequirements ¶

func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)

GetResourceRequirements creates ResourceRequirements from the Config.

func (Config) GetServerInsecure ¶

func (c Config) GetServerInsecure() bool

func (Config) GetServerURL ¶

func (c Config) GetServerURL() (string, error)

func (Config) GetSupportedConfigAuditKinds ¶

func (c Config) GetSupportedConfigAuditKinds() []string

func (Config) GetUseBuiltinRegoPolicies ¶

func (c Config) GetUseBuiltinRegoPolicies() bool

func (Config) IgnoreFileExists ¶

func (c Config) IgnoreFileExists() bool

func (Config) IgnoreUnfixed ¶

func (c Config) IgnoreUnfixed() bool

func (Config) OfflineScan ¶ added in v0.7.0

func (c Config) OfflineScan() bool

type Layer ¶

type Layer struct {
	Digest string `json:"Digest"`
	DiffID string `json:"DiffID"`
}

type Mode ¶

type Mode string

Mode in which Trivy client operates.

const (
	Standalone   Mode = "Standalone"
	ClientServer Mode = "ClientServer"
)

type ScanReport ¶

type ScanReport struct {
	Results []ScanResult `json:"Results"`
}

type ScanResult ¶

type ScanResult struct {
	Target          string          `json:"Target"`
	Class           string          `json:"Class"`
	Type            string          `json:"Type"`
	Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
	Secrets         []Secret        `json:"Secrets"`
}

type Secret ¶

type Secret struct {
	Target   string            `json:"Target"`
	RuleID   string            `json:"RuleID"`
	Category string            `json:"Category"`
	Severity v1alpha1.Severity `json:"Severity"`
	Title    string            `json:"Title"`
	Match    string            `json:"Match"`
}

type Vulnerability ¶

type Vulnerability struct {
	VulnerabilityID  string            `json:"VulnerabilityID"`
	PkgName          string            `json:"PkgName"`
	InstalledVersion string            `json:"InstalledVersion"`
	FixedVersion     string            `json:"FixedVersion"`
	Title            string            `json:"Title"`
	Description      string            `json:"Description"`
	Severity         v1alpha1.Severity `json:"Severity"`
	Layer            Layer             `json:"Layer"`
	PrimaryURL       string            `json:"PrimaryURL"`
	References       []string          `json:"References"`
	CVSS             types.VendorCVSS  `json:"CVSS"`
	Target           string            `json:"Target"`
	Class            string            `json:"Class"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL