types

Documentation

Index

• Constants
• Variables
• func GetDockerOption(insecureTlsSkip bool) (types.DockerOption, error)
• type BySeverity
  • func (v BySeverity) Len() int
  • func (v BySeverity) Less(i, j int) bool
  • func (v BySeverity) Swap(i, j int)
• type DetectedMisconfiguration
• type DetectedVulnerability
• type DockerConfig
• type Library
• type Metadata
• type MisconfStatus
• type MisconfSummary
  • func (s MisconfSummary) Empty() bool
• type Report
• type Result
  • func (r *Result) MarshalJSON() ([]byte, error)
• type ResultClass
• type Results
  • func (results Results) Failed() bool
• type ScanOptions
• type SecurityCheck
• type VulnType

Constants

const (
	ClassOSPkg   = "os-pkgs"
	ClassLangPkg = "lang-pkgs"
	ClassConfig  = "config"
	ClassSecret  = "secret"
	ClassCustom  = "custom"
)

const (
	// VulnTypeUnknown is a vulnerability type of unknown
	VulnTypeUnknown = VulnType("unknown")

	// VulnTypeOS is a vulnerability type of OS packages
	VulnTypeOS = VulnType("os")

	// VulnTypeLibrary is a vulnerability type of programming language dependencies
	VulnTypeLibrary = VulnType("library")

	// SecurityCheckUnknown is a security check of unknown
	SecurityCheckUnknown = SecurityCheck("unknown")

	// SecurityCheckVulnerability is a security check of vulnerabilities
	SecurityCheckVulnerability = SecurityCheck("vuln")

	// SecurityCheckConfig is a security check of misconfigurations
	SecurityCheckConfig = SecurityCheck("config")

	// SecurityCheckSecret is a security check of secrets
	SecurityCheckSecret = SecurityCheck("secret")
)

Variables

var (
	VulnTypes      = []string{VulnTypeOS, VulnTypeLibrary}
	SecurityChecks = []string{SecurityCheckVulnerability, SecurityCheckConfig, SecurityCheckSecret}
)

Functions

func GetDockerOption

func GetDockerOption(insecureTlsSkip bool) (types.DockerOption, error)

GetDockerOption returns the Docker scanning options using DockerConfig

Types

type BySeverity

type BySeverity []DetectedVulnerability

BySeverity implements sort.Interface based on the Severity field.

func (BySeverity) Len

func (v BySeverity) Len() int

Len returns the length of DetectedVulnerabilities

func (BySeverity) Less

func (v BySeverity) Less(i, j int) bool

Less compares 2 DetectedVulnerabilities based on package name, severity and vulnerabilityID

func (BySeverity) Swap

func (v BySeverity) Swap(i, j int)

Swap swaps 2 vulnerability

type DetectedMisconfiguration

type DetectedMisconfiguration struct {
	Type          string               `json:",omitempty"`
	ID            string               `json:",omitempty"`
	Title         string               `json:",omitempty"`
	Description   string               `json:",omitempty"`
	Message       string               `json:",omitempty"`
	Namespace     string               `json:",omitempty"`
	Query         string               `json:",omitempty"`
	Resolution    string               `json:",omitempty"`
	Severity      string               `json:",omitempty"`
	PrimaryURL    string               `json:",omitempty"`
	References    []string             `json:",omitempty"`
	Status        MisconfStatus        `json:",omitempty"`
	Layer         ftypes.Layer         `json:",omitempty"`
	CauseMetadata ftypes.CauseMetadata `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

DetectedMisconfiguration holds detected misconfigurations

type DetectedVulnerability

type DetectedVulnerability struct {
	VulnerabilityID  string         `json:",omitempty"`
	VendorIDs        []string       `json:",omitempty"`
	PkgID            string         `json:",omitempty"` // It is used to construct dependency graph.
	PkgName          string         `json:",omitempty"`
	PkgPath          string         `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec
	InstalledVersion string         `json:",omitempty"`
	FixedVersion     string         `json:",omitempty"`
	Layer            ftypes.Layer   `json:",omitempty"`
	SeveritySource   types.SourceID `json:",omitempty"`
	PrimaryURL       string         `json:",omitempty"`

	// DataSource holds where the advisory comes from
	DataSource *types.DataSource `json:",omitempty"`

	// Custom is for extensibility and not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`

	// Embed vulnerability details
	types.Vulnerability
}

DetectedVulnerability holds the information of detected vulnerabilities

type DockerConfig

type DockerConfig struct {
	UserName      string `env:"TRIVY_USERNAME"`
	Password      string `env:"TRIVY_PASSWORD"`
	RegistryToken string `env:"TRIVY_REGISTRY_TOKEN"`
	NonSSL        bool   `env:"TRIVY_NON_SSL" envDefault:"false"`
}

DockerConfig holds the config of Docker

type Library

type Library struct {
	Name    string
	Version string
}

Library holds the attribute of a package library

type Metadata

type Metadata struct {
	Size int64      `json:",omitempty"`
	OS   *ftypes.OS `json:",omitempty"`

	// Container image
	ImageID     string        `json:",omitempty"`
	DiffIDs     []string      `json:",omitempty"`
	RepoTags    []string      `json:",omitempty"`
	RepoDigests []string      `json:",omitempty"`
	ImageConfig v1.ConfigFile `json:",omitempty"`
}

Metadata represents a metadata of artifact

type MisconfStatus

type MisconfStatus string

MisconfStatus represents a status of misconfiguration

const (
	// StatusPassed represents successful status
	StatusPassed MisconfStatus = "PASS"

	// StatusFailure represents failure status
	StatusFailure MisconfStatus = "FAIL"

	// StatusException Passed represents the status of exception
	StatusException MisconfStatus = "EXCEPTION"
)

type MisconfSummary

type MisconfSummary struct {
	Successes  int
	Failures   int
	Exceptions int
}

func (MisconfSummary) Empty

func (s MisconfSummary) Empty() bool

type Report

type Report struct {
	SchemaVersion int                 `json:",omitempty"`
	ArtifactName  string              `json:",omitempty"`
	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
	Metadata      Metadata            `json:",omitempty"`
	Results       Results             `json:",omitempty"`
}

Report represents a scan result

type Result

type Result struct {
	Target            string                     `json:"Target"`
	Class             ResultClass                `json:"Class,omitempty"`
	Type              string                     `json:"Type,omitempty"`
	Packages          []ftypes.Package           `json:"Packages,omitempty"`
	Vulnerabilities   []DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
	MisconfSummary    *MisconfSummary            `json:"MisconfSummary,omitempty"`
	Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
	Secrets           []ftypes.SecretFinding     `json:"Secrets,omitempty"`
	CustomResources   []ftypes.CustomResource    `json:"CustomResources,omitempty"`
}

Result holds a target and detected vulnerabilities

func (*Result) MarshalJSON

func (r *Result) MarshalJSON() ([]byte, error)

type ResultClass

type ResultClass string

type Results

type Results []Result

Results to hold list of Result

func (Results) Failed

func (results Results) Failed() bool

Failed returns whether the result includes any vulnerabilities or misconfigurations

type ScanOptions

type ScanOptions struct {
	VulnType            []string
	SecurityChecks      []string
	ScanRemovedPackages bool
	ListAllPackages     bool
}

ScanOptions holds the attributes for scanning vulnerabilities

type SecurityCheck

type SecurityCheck = string

SecurityCheck represents the type of security check

type VulnType

type VulnType = string

VulnType represents vulnerability type