Documentation ¶
Index ¶
- Variables
- func DeregisterAnalyzer(t Type)
- func DeregisterConfigAnalyzer(t Type)
- func RegisterAnalyzer(analyzer analyzer)
- func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)
- func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)
- type AnalysisInput
- type AnalysisOptions
- type AnalysisResult
- type AnalyzerGroup
- func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, ...) error
- func (ag AnalyzerGroup) AnalyzerVersions() Versions
- func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, compositeFS *CompositeFS, result *AnalysisResult, ...) error
- func (ag AnalyzerGroup) PostAnalyzerFS() (*CompositeFS, error)
- func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type
- type AnalyzerOptions
- type CompositeFS
- func (c *CompositeFS) Cleanup() error
- func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, error)
- func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error
- func (c *CompositeFS) Get(t Type) (*mapfs.FS, bool)
- func (c *CompositeFS) Set(t Type, mfs *mapfs.FS)
- type ConfigAnalysisInput
- type ConfigAnalysisResult
- type ConfigAnalyzer
- type ConfigAnalyzerGroup
- type ConfigAnalyzerOptions
- type CustomGroup
- type Group
- type Initializer
- type LicenseScannerOption
- type Opener
- type PostAnalysisInput
- type PostAnalyzer
- type SecretScannerOption
- type Type
- type Versions
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUnknownOS occurs when unknown OS is analyzed. ErrUnknownOS = xerrors.New("unknown OS") // ErrPkgAnalysis occurs when the analysis of packages is failed. ErrPkgAnalysis = xerrors.New("failed to analyze packages") // ErrNoPkgsDetected occurs when the required files for an OS package manager are not detected ErrNoPkgsDetected = xerrors.New("no packages detected") )
var ( // TypeOSes has all OS-related analyzers TypeOSes = []Type{ TypeOSRelease, TypeAlpine, TypeAmazon, TypeCBLMariner, TypeDebian, TypePhoton, TypeCentOS, TypeRocky, TypeAlma, TypeFedora, TypeOracle, TypeRedHatBase, TypeSUSE, TypeUbuntu, TypeApk, TypeDpkg, TypeDpkgLicense, TypeRpm, TypeRpmqa, TypeApkRepo, } // TypeLanguages has all language analyzers TypeLanguages = []Type{ TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom, TypeGradleLock, TypeSbtLock, TypeNpmPkgLock, TypeNodePkg, TypeYarn, TypePnpm, TypeNuget, TypeDotNetCore, TypePackagesProps, TypeCondaPkg, TypeCondaEnv, TypePythonPkg, TypePip, TypePipenv, TypePoetry, TypeGoBinary, TypeGoMod, TypeRustBinary, TypeConanLock, TypeCocoaPods, TypeSwift, TypePubSpecLock, TypeMixLock, TypeJulia, } // TypeLockfiles has all lock file analyzers TypeLockfiles = []Type{ TypeBundler, TypeNpmPkgLock, TypeYarn, TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom, TypeConanLock, TypeGradleLock, TypeSbtLock, TypeCocoaPods, TypeSwift, TypePubSpecLock, TypeMixLock, TypeCondaEnv, TypeComposer, } // TypeIndividualPkgs has all analyzers for individual packages TypeIndividualPkgs = []Type{ TypeGemSpec, TypeNodePkg, TypeCondaPkg, TypePythonPkg, TypeGoBinary, TypeJar, TypeRustBinary, TypeComposerVendor, } // TypeConfigFiles has all config file analyzers TypeConfigFiles = []Type{ TypeAzureARM, TypeCloudFormation, TypeDockerfile, TypeHelm, TypeKubernetes, TypeTerraform, TypeTerraformPlanJSON, TypeTerraformPlanSnapshot, TypeYAML, TypeJSON, } )
Functions ¶
func DeregisterConfigAnalyzer ¶
func DeregisterConfigAnalyzer(t Type)
DeregisterConfigAnalyzer is mainly for testing
func RegisterAnalyzer ¶
func RegisterAnalyzer(analyzer analyzer)
func RegisterConfigAnalyzer ¶
func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)
RegisterConfigAnalyzer adds a constructor of config analyzer
func RegisterPostAnalyzer ¶ added in v0.38.0
func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)
Types ¶
type AnalysisInput ¶
type AnalysisInput struct { Dir string FilePath string Info os.FileInfo Content xio.ReadSeekerAt Options AnalysisOptions }
type AnalysisOptions ¶
type AnalysisResult ¶
type AnalysisResult struct { OS types.OS Repository *types.Repository PackageInfos []types.PackageInfo Applications []types.Application Misconfigurations []types.Misconfiguration Secrets []types.Secret Licenses []types.LicenseFile SystemInstalledFiles []string // A list of files installed by OS package manager // Digests contains SHA-256 digests of unpackaged files // used to search for SBOM attestation. Digests map[string]string // For Red Hat BuildInfo *types.BuildInfo // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []types.CustomResource // contains filtered or unexported fields }
func NewAnalysisResult ¶
func NewAnalysisResult() *AnalysisResult
func (*AnalysisResult) Merge ¶
func (r *AnalysisResult) Merge(newResult *AnalysisResult)
func (*AnalysisResult) Sort ¶
func (r *AnalysisResult) Sort()
type AnalyzerGroup ¶
type AnalyzerGroup struct {
// contains filtered or unexported fields
}
func NewAnalyzerGroup ¶
func NewAnalyzerGroup(opts AnalyzerOptions) (AnalyzerGroup, error)
func (AnalyzerGroup) AnalyzeFile ¶
func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, result *AnalysisResult, dir, filePath string, info os.FileInfo, opener Opener, disabled []Type, opts AnalysisOptions) error
AnalyzeFile determines which files are required by the analyzers based on the file name and attributes, and passes only those files to the analyzer for analysis. This function may be called concurrently and must be thread-safe.
func (AnalyzerGroup) AnalyzerVersions ¶
func (ag AnalyzerGroup) AnalyzerVersions() Versions
AnalyzerVersions returns analyzer version identifier used for cache keys.
func (AnalyzerGroup) PostAnalyze ¶ added in v0.38.0
func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, compositeFS *CompositeFS, result *AnalysisResult, opts AnalysisOptions) error
PostAnalyze passes a virtual filesystem containing only required files and passes it to the respective post-analyzer. The obtained results are merged into the "result". This function may be called concurrently and must be thread-safe.
func (AnalyzerGroup) PostAnalyzerFS ¶ added in v0.42.1
func (ag AnalyzerGroup) PostAnalyzerFS() (*CompositeFS, error)
PostAnalyzerFS returns a composite filesystem that contains multiple filesystems for each post-analyzer
func (AnalyzerGroup) RequiredPostAnalyzers ¶ added in v0.38.0
func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type
RequiredPostAnalyzers returns a list of analyzer types that require the given file.
type AnalyzerOptions ¶ added in v0.32.0
type AnalyzerOptions struct { Group Group Parallel int FilePatterns []string DisabledAnalyzers []Type DetectionPriority types.DetectionPriority MisconfScannerOption misconf.ScannerOption SecretScannerOption SecretScannerOption LicenseScannerOption LicenseScannerOption }
AnalyzerOptions is used to initialize analyzers
type CompositeFS ¶ added in v0.42.1
type CompositeFS struct {
// contains filtered or unexported fields
}
CompositeFS contains multiple filesystems for post-analyzers
func NewCompositeFS ¶ added in v0.42.1
func NewCompositeFS() (*CompositeFS, error)
func (*CompositeFS) Cleanup ¶ added in v0.42.1
func (c *CompositeFS) Cleanup() error
Cleanup removes the temporary directory
func (*CompositeFS) CopyFileToTemp ¶ added in v0.42.1
CopyFileToTemp takes a file path and information, opens the file, copies its contents to a temporary file
func (*CompositeFS) CreateLink ¶ added in v0.42.1
func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error
CreateLink creates a link in the virtual filesystem that corresponds to a real file. The linked virtual file will have the same path as the real file path provided.
type ConfigAnalysisInput ¶ added in v0.37.0
type ConfigAnalysisInput struct { OS types.OS Config *v1.ConfigFile }
type ConfigAnalysisResult ¶ added in v0.37.0
type ConfigAnalysisResult struct { Misconfiguration *types.Misconfiguration Secret *types.Secret HistoryPackages types.Packages }
func (*ConfigAnalysisResult) Merge ¶ added in v0.37.0
func (r *ConfigAnalysisResult) Merge(newResult *ConfigAnalysisResult)
type ConfigAnalyzer ¶ added in v0.37.0
type ConfigAnalyzer interface { Type() Type Version() int Analyze(ctx context.Context, input ConfigAnalysisInput) (*ConfigAnalysisResult, error) Required(osFound types.OS) bool }
ConfigAnalyzer defines an interface for analyzer of container image config
type ConfigAnalyzerGroup ¶ added in v0.37.0
type ConfigAnalyzerGroup struct {
// contains filtered or unexported fields
}
func NewConfigAnalyzerGroup ¶ added in v0.37.0
func NewConfigAnalyzerGroup(opts ConfigAnalyzerOptions) (ConfigAnalyzerGroup, error)
func (*ConfigAnalyzerGroup) AnalyzeImageConfig ¶ added in v0.37.0
func (ag *ConfigAnalyzerGroup) AnalyzeImageConfig(ctx context.Context, targetOS types.OS, config *v1.ConfigFile) *ConfigAnalysisResult
func (*ConfigAnalyzerGroup) AnalyzerVersions ¶ added in v0.37.0
func (ag *ConfigAnalyzerGroup) AnalyzerVersions() Versions
AnalyzerVersions returns analyzer version identifier used for cache keys.
type ConfigAnalyzerOptions ¶ added in v0.37.0
type ConfigAnalyzerOptions struct { FilePatterns []string DisabledAnalyzers []Type MisconfScannerOption misconf.ScannerOption SecretScannerOption SecretScannerOption }
ConfigAnalyzerOptions is used to initialize config analyzers
type CustomGroup ¶
type CustomGroup interface {
Group() Group
}
CustomGroup returns a group name for custom analyzers This is mainly intended to be used in Aqua products.
type Initializer ¶ added in v0.32.0
type Initializer interface {
Init(AnalyzerOptions) error
}
Initializer represents analyzers that need to take parameters from users
type LicenseScannerOption ¶ added in v0.34.0
type Opener ¶
type Opener func() (xio.ReadSeekCloserAt, error)
type PostAnalysisInput ¶ added in v0.38.0
type PostAnalysisInput struct { FS fs.FS Options AnalysisOptions }
type PostAnalyzer ¶ added in v0.38.0
type SecretScannerOption ¶ added in v0.32.0
type SecretScannerOption struct {
ConfigPath string
}
type Type ¶
type Type string
const ( // ====== // OS // ====== TypeOSRelease Type = "os-release" TypeAlpine Type = "alpine" TypeAmazon Type = "amazon" TypeAzure Type = "azurelinux" TypeCBLMariner Type = "cbl-mariner" TypeDebian Type = "debian" TypePhoton Type = "photon" TypeCentOS Type = "centos" TypeRocky Type = "rocky" TypeAlma Type = "alma" TypeFedora Type = "fedora" TypeOracle Type = "oracle" TypeRedHatBase Type = "redhat" TypeSUSE Type = "suse" TypeUbuntu Type = "ubuntu" TypeUbuntuESM Type = "ubuntu-esm" // OS Package TypeApk Type = "apk" TypeDpkg Type = "dpkg" TypeDpkgLicense Type = "dpkg-license" // For analyzing licenses TypeRpm Type = "rpm" TypeRpmqa Type = "rpmqa" // OS Package Repository TypeApkRepo Type = "apk-repo" // Ruby TypeBundler Type = "bundler" TypeGemSpec Type = "gemspec" // Rust TypeRustBinary Type = "rustbinary" TypeCargo Type = "cargo" // PHP TypeComposer Type = "composer" TypeComposerVendor Type = "composer-vendor" // Java TypeJar Type = "jar" TypePom Type = "pom" TypeGradleLock Type = "gradle-lockfile" TypeSbtLock Type = "sbt-lockfile" // Node.js TypeNpmPkgLock Type = "npm" TypeNodePkg Type = "node-pkg" TypeYarn Type = "yarn" TypePnpm Type = "pnpm" // .NET TypeNuget Type = "nuget" TypeDotNetCore Type = "dotnet-core" TypePackagesProps Type = "packages-props" // Conda TypeCondaPkg Type = "conda-pkg" TypeCondaEnv Type = "conda-environment" // Python TypePythonPkg Type = "python-pkg" TypePip Type = "pip" TypePipenv Type = "pipenv" TypePoetry Type = "poetry" // Go TypeGoBinary Type = "gobinary" TypeGoMod Type = "gomod" // C/C++ TypeConanLock Type = "conan-lock" // Elixir TypeMixLock Type = "mix-lock" // Swift TypeSwift Type = "swift" TypeCocoaPods Type = "cocoapods" // Dart TypePubSpecLock Type = "pubspec-lock" // Julia TypeJulia Type = "julia" // ============ // Non-packaged // ============ TypeExecutable Type = "executable" TypeSBOM Type = "sbom" // ============ // Image Config // ============ TypeApkCommand Type = "apk-command" TypeHistoryDockerfile Type = "history-dockerfile" TypeImageConfigSecret Type = "image-config-secret" // ================= // Structured Config // ================= TypeAzureARM Type = Type(detection.FileTypeAzureARM) TypeCloudFormation Type = Type(detection.FileTypeCloudFormation) TypeDockerfile Type = Type(detection.FileTypeDockerfile) TypeHelm Type = Type(detection.FileTypeHelm) TypeKubernetes Type = Type(detection.FileTypeKubernetes) TypeTerraform Type = Type(detection.FileTypeTerraform) TypeTerraformPlanJSON Type = Type(detection.FileTypeTerraformPlanJSON) TypeTerraformPlanSnapshot Type = Type(detection.FileTypeTerraformPlanSnapshot) TypeYAML Type = Type(detection.FileTypeYAML) TypeJSON Type = Type(detection.FileTypeJSON) // ======== // License // ======== TypeLicenseFile Type = "license-file" // ======== // Secrets // ======== TypeSecret Type = "secret" // ======= // Red Hat // ======= TypeRedHatContentManifestType Type = "redhat-content-manifest" TypeRedHatDockerfileType Type = "redhat-dockerfile" )