types

package
v0.37.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 14, 2023 License: Apache-2.0 Imports: 9 Imported by: 128

Documentation

Index

Constants

View Source
const (
	ClassOSPkg       = "os-pkgs"      // For detected packages and vulnerabilities in OS packages
	ClassLangPkg     = "lang-pkgs"    // For detected packages and vulnerabilities in language-specific packages
	ClassConfig      = "config"       // For detected misconfigurations
	ClassSecret      = "secret"       // For detected secrets
	ClassLicense     = "license"      // For detected package licenses
	ClassLicenseFile = "license-file" // For detected licenses in files
	ClassCustom      = "custom"

	// ComplianceNsa is the compliance checks for nsa
	ComplianceK8sNsa    = Compliance("k8s-nsa")
	ComplianceK8sCIS    = Compliance("k8s-cis")
	ComplianceAWSCIS12  = Compliance("aws-cis-1.2")
	ComplianceAWSCIS14  = Compliance("aws-cis-1.4")
	ComplianceDockerCIS = Compliance("docker-cis")
)
View Source
const (
	// VulnTypeUnknown is a vulnerability type of unknown
	VulnTypeUnknown = VulnType("unknown")

	// VulnTypeOS is a vulnerability type of OS packages
	VulnTypeOS = VulnType("os")

	// VulnTypeLibrary is a vulnerability type of programming language dependencies
	VulnTypeLibrary = VulnType("library")

	// UnknownScanner is the scanner of unknown
	UnknownScanner = Scanner("unknown")

	// NoneScanner is the scanner of none
	NoneScanner = Scanner("none")

	// VulnerabilityScanner is the scanner of vulnerabilities
	VulnerabilityScanner = Scanner("vuln")

	// MisconfigScanner is the scanner of misconfigurations
	MisconfigScanner = Scanner("config")

	// SecretScanner is the scanner of secrets
	SecretScanner = Scanner("secret")

	// RBACScanner is the scanner of rbac assessment
	RBACScanner = Scanner("rbac")

	// LicenseScanner is the scanner of licenses
	LicenseScanner = Scanner("license")
)
View Source
const (
	SBOMSourceRekor = SBOMSource("rekor")
)

Variables

View Source
var (
	VulnTypes = []string{
		VulnTypeOS,
		VulnTypeLibrary,
	}

	AllScanners = Scanners{
		VulnerabilityScanner,
		MisconfigScanner,
		RBACScanner,
		SecretScanner,
		LicenseScanner,
		NoneScanner,
	}

	// AllImageConfigScanners has a list of available scanners on container image config.
	// The container image in container registries consists of manifest, config and layers.
	// Trivy is also able to detect security issues on the image config.
	AllImageConfigScanners = Scanners{
		MisconfigScanner,
		SecretScanner,
		NoneScanner,
	}
)
View Source
var (
	SBOMSources = []string{
		SBOMSourceRekor,
	}
)

Functions

func GetDockerOption

func GetDockerOption(insecureTlsSkip bool, Platform string) (types.DockerOption, error)

GetDockerOption returns the Docker scanning options using DockerConfig

Types

type BySeverity added in v0.13.0

type BySeverity []DetectedVulnerability

BySeverity implements sort.Interface based on the Severity field.

func (BySeverity) Len added in v0.13.0

func (v BySeverity) Len() int

Len returns the length of DetectedVulnerabilities

func (BySeverity) Less added in v0.13.0

func (v BySeverity) Less(i, j int) bool

Less compares 2 DetectedVulnerabilities based on package name, severity, vulnerabilityID and package path

func (BySeverity) Swap added in v0.13.0

func (v BySeverity) Swap(i, j int)

Swap swaps 2 vulnerability

type Compliance added in v0.33.0

type Compliance = string

type DetectedLicense added in v0.30.0

type DetectedLicense struct {
	// Severity is the consistent parameter indicating how severe the issue is
	Severity string

	// Category holds the license category such as "forbidden"
	Category types.LicenseCategory

	// PkgName holds a package name of the license.
	// It will be empty if FilePath is filled.
	PkgName string

	// PkgName holds a file path of the license.
	// It will be empty if PkgName is filled.
	FilePath string // for file license

	// Name holds a detected license name
	Name string

	// Confidence is level of the match. The confidence level is between 0.0 and 1.0, with 1.0 indicating an
	// exact match and 0.0 indicating a complete mismatch
	Confidence float64

	// Link is a SPDX link of the license
	Link string
}

type DetectedMisconfiguration added in v0.19.0

type DetectedMisconfiguration struct {
	Type          string               `json:",omitempty"`
	ID            string               `json:",omitempty"`
	AVDID         string               `json:",omitempty"`
	Title         string               `json:",omitempty"`
	Description   string               `json:",omitempty"`
	Message       string               `json:",omitempty"`
	Namespace     string               `json:",omitempty"`
	Query         string               `json:",omitempty"`
	Resolution    string               `json:",omitempty"`
	Severity      string               `json:",omitempty"`
	PrimaryURL    string               `json:",omitempty"`
	References    []string             `json:",omitempty"`
	Status        MisconfStatus        `json:",omitempty"`
	Layer         ftypes.Layer         `json:",omitempty"`
	CauseMetadata ftypes.CauseMetadata `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

DetectedMisconfiguration holds detected misconfigurations

func (*DetectedMisconfiguration) GetID added in v0.33.0

func (mc *DetectedMisconfiguration) GetID() string

GetID retrun misconfig ID

type DetectedVulnerability added in v0.2.0

type DetectedVulnerability struct {
	VulnerabilityID  string         `json:",omitempty"`
	VendorIDs        []string       `json:",omitempty"`
	PkgID            string         `json:",omitempty"` // It is used to construct dependency graph.
	PkgName          string         `json:",omitempty"`
	PkgPath          string         `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec
	InstalledVersion string         `json:",omitempty"`
	FixedVersion     string         `json:",omitempty"`
	Layer            ftypes.Layer   `json:",omitempty"`
	SeveritySource   types.SourceID `json:",omitempty"`
	PrimaryURL       string         `json:",omitempty"`
	Ref              string         `json:",omitempty"`

	// DataSource holds where the advisory comes from
	DataSource *types.DataSource `json:",omitempty"`

	// Custom is for extensibility and not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`

	// Embed vulnerability details
	types.Vulnerability
}

DetectedVulnerability holds the information of detected vulnerabilities

func (*DetectedVulnerability) GetID added in v0.33.0

func (vuln *DetectedVulnerability) GetID() string

GetID retrun Vulnerability ID

type DockerConfig

type DockerConfig struct {
	UserName      string `env:"TRIVY_USERNAME"`
	Password      string `env:"TRIVY_PASSWORD"`
	RegistryToken string `env:"TRIVY_REGISTRY_TOKEN"`
	NonSSL        bool   `env:"TRIVY_NON_SSL" envDefault:"false"`
}

DockerConfig holds the config of Docker

type Library

type Library struct {
	Name    string
	Version string
}

Library holds the attribute of a package library

type Metadata added in v0.24.0

type Metadata struct {
	Size int64      `json:",omitempty"`
	OS   *ftypes.OS `json:",omitempty"`

	// Container image
	ImageID     string        `json:",omitempty"`
	DiffIDs     []string      `json:",omitempty"`
	RepoTags    []string      `json:",omitempty"`
	RepoDigests []string      `json:",omitempty"`
	ImageConfig v1.ConfigFile `json:",omitempty"`
}

Metadata represents a metadata of artifact

type MisconfStatus added in v0.19.0

type MisconfStatus string

MisconfStatus represents a status of misconfiguration

const (
	// StatusPassed represents successful status
	StatusPassed MisconfStatus = "PASS"

	// StatusFailure represents failure status
	StatusFailure MisconfStatus = "FAIL"

	// StatusException Passed represents the status of exception
	StatusException MisconfStatus = "EXCEPTION"
)

type MisconfSummary added in v0.24.0

type MisconfSummary struct {
	Successes  int
	Failures   int
	Exceptions int
}

func (MisconfSummary) Empty added in v0.24.0

func (s MisconfSummary) Empty() bool

type Report added in v0.24.0

type Report struct {
	SchemaVersion int                 `json:",omitempty"`
	ArtifactName  string              `json:",omitempty"`
	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
	Metadata      Metadata            `json:",omitempty"`
	Results       Results             `json:",omitempty"`

	// SBOM
	CycloneDX *ftypes.CycloneDX `json:"-"` // Just for internal usage, not exported in JSON
}

Report represents a scan result

type Result added in v0.24.0

type Result struct {
	Target            string                     `json:"Target"`
	Class             ResultClass                `json:"Class,omitempty"`
	Type              string                     `json:"Type,omitempty"`
	Packages          []ftypes.Package           `json:"Packages,omitempty"`
	Vulnerabilities   []DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
	MisconfSummary    *MisconfSummary            `json:"MisconfSummary,omitempty"`
	Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
	Secrets           []ftypes.SecretFinding     `json:"Secrets,omitempty"`
	Licenses          []DetectedLicense          `json:"Licenses,omitempty"`
	CustomResources   []ftypes.CustomResource    `json:"CustomResources,omitempty"`
}

Result holds a target and detected vulnerabilities

func (*Result) IsEmpty added in v0.30.0

func (r *Result) IsEmpty() bool

func (*Result) MarshalJSON added in v0.28.0

func (r *Result) MarshalJSON() ([]byte, error)

type ResultClass added in v0.24.0

type ResultClass string

type Results added in v0.24.0

type Results []Result

Results to hold list of Result

func (Results) Failed added in v0.24.0

func (results Results) Failed() bool

Failed returns whether the result includes any vulnerabilities, misconfigurations or secrets

type SBOM added in v0.33.0

type SBOM struct {
	OS           types.OS
	Packages     []types.PackageInfo
	Applications []types.Application

	CycloneDX *types.CycloneDX
	SPDX      *stypes.Document2_2
}

type SBOMSource added in v0.32.0

type SBOMSource = string

type ScanOptions

type ScanOptions struct {
	VulnType            []string
	Scanners            Scanners
	ImageConfigScanners Scanners // Scanners for container image configuration
	ScanRemovedPackages bool
	Platform            string
	ListAllPackages     bool
	LicenseCategories   map[types.LicenseCategory][]string
	FilePatterns        []string
}

ScanOptions holds the attributes for scanning vulnerabilities

type Scanner added in v0.37.0

type Scanner string

Scanner represents the type of security scanning

type Scanners added in v0.37.0

type Scanners []Scanner

Scanners is a slice of scanners

func (Scanners) AnyEnabled added in v0.37.0

func (scanners Scanners) AnyEnabled(ss ...Scanner) bool

AnyEnabled returns true if any of the passed scanners is included.

func (Scanners) Enabled added in v0.37.0

func (scanners Scanners) Enabled(s Scanner) bool

func (Scanners) StringSlice added in v0.37.0

func (scanners Scanners) StringSlice() []string

type VulnType added in v0.18.2

type VulnType = string

VulnType represents vulnerability type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL