types

package
v0.46.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2023 License: Apache-2.0 Imports: 7 Imported by: 138

Documentation

Index

Constants

View Source
const (
	ArtifactJSONSchemaVersion = 1
	BlobJSONSchemaVersion     = 2
)
View Source
const (
	NuGetPkgsLock   = "packages.lock.json"
	NuGetPkgsConfig = "packages.config"

	GoMod = "go.mod"
	GoSum = "go.sum"

	MavenPom = "pom.xml"

	NpmPkg     = "package.json"
	NpmPkgLock = "package-lock.json"
	YarnLock   = "yarn.lock"
	PnpmLock   = "pnpm-lock.yaml"

	ComposerLock = "composer.lock"
	ComposerJson = "composer.json"

	PyProject       = "pyproject.toml"
	PipRequirements = "requirements.txt"
	PipfileLock     = "Pipfile.lock"
	PoetryLock      = "poetry.lock"

	GemfileLock = "Gemfile.lock"

	CargoLock = "Cargo.lock"
	CargoToml = "Cargo.toml"

	ConanLock = "conan.lock"

	CocoaPodsLock = "Podfile.lock"
	SwiftResolved = "Package.resolved"

	PubSpecLock = "pubspec.lock"

	MixLock = "mix.lock"
)

Language-specific file names

View Source
const (
	SystemFileFilteringPostHandler HandlerType = "system-file-filter"
	UnpackagedPostHandler          HandlerType = "unpackaged"

	// SystemFileFilteringPostHandlerPriority should be higher than other handlers.
	// Otherwise, other handlers need to process unnecessary files.
	SystemFileFilteringPostHandlerPriority = 100

	UnpackagedPostHandlerPriority = 50
)

Variables

View Source
var (
	InvalidURLPattern = xerrors.New("invalid url pattern")
	ErrNoRpmCmd       = xerrors.New("no rpm command")
)

Functions

This section is empty.

Types

type Application

type Application struct {
	// e.g. bundler and pipenv
	Type LangType

	// Lock files have the file path here, while each package metadata do not have
	FilePath string `json:",omitempty"`

	// Libraries is a list of lang-specific packages
	Libraries Packages
}

type ArtifactDetail

type ArtifactDetail struct {
	OS                OS                 `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	Packages          Packages           `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// ImageConfig has information from container image config
	ImageConfig ImageConfigDetail

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

ArtifactDetail is generated by applying blobs

func (*ArtifactDetail) ToBlobInfo added in v0.32.0

func (a *ArtifactDetail) ToBlobInfo() BlobInfo

ToBlobInfo is used to store a merged layer in cache.

type ArtifactInfo

type ArtifactInfo struct {
	SchemaVersion int
	Architecture  string
	Created       time.Time
	DockerVersion string
	OS            string

	// Misconfiguration holds misconfiguration in container image config
	Misconfiguration *Misconfiguration `json:",omitempty"`

	// Secret holds secrets in container image config such as environment variables
	Secret *Secret `json:",omitempty"`

	// HistoryPackages are packages extracted from RUN instructions
	HistoryPackages Packages `json:",omitempty"`
}

ArtifactInfo is stored in cache

type ArtifactReference

type ArtifactReference struct {
	Name          string // image name, tar file name, directory or repository name
	Type          ArtifactType
	ID            string
	BlobIDs       []string
	ImageMetadata ImageMetadata

	// SBOM
	CycloneDX *CycloneDX
}

ArtifactReference represents a reference of container image, local filesystem and repository

type ArtifactType

type ArtifactType string

ArtifactType represents a type of artifact

const (
	ArtifactContainerImage ArtifactType = "container_image"
	ArtifactFilesystem     ArtifactType = "filesystem"
	ArtifactRepository     ArtifactType = "repository"
	ArtifactCycloneDX      ArtifactType = "cyclonedx"
	ArtifactSPDX           ArtifactType = "spdx"
	ArtifactAWSAccount     ArtifactType = "aws_account"
	ArtifactVM             ArtifactType = "vm"
)

type BlobInfo

type BlobInfo struct {
	SchemaVersion int

	// Layer information
	Digest        string   `json:",omitempty"`
	DiffID        string   `json:",omitempty"`
	CreatedBy     string   `json:",omitempty"`
	OpaqueDirs    []string `json:",omitempty"`
	WhiteoutFiles []string `json:",omitempty"`

	// Analysis result
	OS                OS                 `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	PackageInfos      []PackageInfo      `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// Red Hat distributions have build info per layer.
	// This information will be embedded into packages when applying layers.
	// ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe
	BuildInfo *BuildInfo `json:",omitempty"`

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

BlobInfo is stored in cache

type BuildInfo

type BuildInfo struct {
	ContentSets []string `json:",omitempty"`
	Nvr         string   `json:",omitempty"`
	Arch        string   `json:",omitempty"`
}

BuildInfo represents information under /root/buildinfo in RHEL

type CauseMetadata

type CauseMetadata struct {
	Resource    string       `json:",omitempty"`
	Provider    string       `json:",omitempty"`
	Service     string       `json:",omitempty"`
	StartLine   int          `json:",omitempty"`
	EndLine     int          `json:",omitempty"`
	Code        Code         `json:",omitempty"`
	Occurrences []Occurrence `json:",omitempty"`
}

type Code

type Code struct {
	Lines []Line
}

type Component added in v0.30.0

type Component struct {
	BOMRef     string        `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
	MIMEType   string        `json:"mime-type,omitempty" xml:"mime-type,attr,omitempty"`
	Type       ComponentType `json:"type" xml:"type,attr"`
	Name       string        `json:"name" xml:"name"`
	Version    string        `json:"version,omitempty" xml:"version,omitempty"`
	PackageURL string        `json:"purl,omitempty" xml:"purl,omitempty"`
}

type ComponentType added in v0.30.0

type ComponentType string

type ConfigType added in v0.46.0

type ConfigType = TargetType

ConfigType is an alias of TargetType for configuration files

const (
	JSON           ConfigType = "json"
	Dockerfile     ConfigType = "dockerfile"
	Terraform      ConfigType = "terraform"
	TerraformPlan  ConfigType = "terraformplan"
	CloudFormation ConfigType = "cloudformation"
	Kubernetes     ConfigType = "kubernetes"
	Helm           ConfigType = "helm"
	Cloud          ConfigType = "cloud"
	AzureARM       ConfigType = "azure-arm"
)

Config files

type ContainerdOptions added in v0.41.0

type ContainerdOptions struct {
}

type Credential added in v0.38.0

type Credential struct {
	Username string
	Password string
}

type CustomResource

type CustomResource struct {
	Type     string
	FilePath string
	Layer    Layer
	Data     interface{}
}

CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.

type CycloneDX added in v0.30.0

type CycloneDX struct {
	// JSON specific fields
	BOMFormat   string      `json:"bomFormat" xml:"-"`
	SpecVersion SpecVersion `json:"specVersion" xml:"-"`

	SerialNumber string      `json:"serialNumber,omitempty" xml:"serialNumber,attr,omitempty"`
	Version      int         `json:"version" xml:"version,attr"`
	Metadata     Metadata    `json:"metadata,omitempty" xml:"metadata,omitempty"`
	Components   []Component `json:"components,omitempty" xml:"components>component,omitempty"`
}

CycloneDX re-defines only necessary fields from cyclondx/cyclonedx-go cf. https://github.com/CycloneDX/cyclonedx-go/blob/de6bc07025d148badc8f6699ccb556744a5f4070/cyclonedx.go#L58-L77

The encoding/xml package that cyclondx-go depends on cannot be imported due to some limitations in TinyGo. cf. https://tinygo.org/docs/reference/lang-support/stdlib/

type DockerOptions added in v0.41.0

type DockerOptions struct {
	Host string
}

type File

type File struct {
	Type    string
	Path    string
	Content []byte
}

type HandlerType

type HandlerType string

type Image

type Image interface {
	v1.Image
	ImageExtension
}

type ImageConfigDetail added in v0.37.0

type ImageConfigDetail struct {
	// Packages are packages extracted from RUN instructions in history
	Packages []Package `json:",omitempty"`

	// Misconfiguration holds misconfigurations in container image config
	Misconfiguration *Misconfiguration `json:",omitempty"`

	// Secret holds secrets in container image config
	Secret *Secret `json:",omitempty"`
}

ImageConfigDetail has information from container image config

type ImageExtension

type ImageExtension interface {
	Name() string
	ID() (string, error)
	RepoTags() []string
	RepoDigests() []string
}

type ImageMetadata

type ImageMetadata struct {
	ID          string   // image ID
	DiffIDs     []string // uncompressed layer IDs
	RepoTags    []string
	RepoDigests []string
	ConfigFile  v1.ConfigFile
}

type ImageOptions added in v0.41.0

type ImageOptions struct {
	RegistryOptions   RegistryOptions
	DockerOptions     DockerOptions
	PodmanOptions     PodmanOptions
	ContainerdOptions ContainerdOptions
	ImageSources      ImageSources
}

type ImageSource added in v0.42.0

type ImageSource string

ImageSource represents the source of an image. It can be a string that identifies the container registry or a type of container runtime.

const (
	// DockerImageSource is the docker runtime
	DockerImageSource ImageSource = "docker"

	// ContainerdImageSource is the containerd runtime
	ContainerdImageSource ImageSource = "containerd"

	// PodmanImageSource is the podman runtime
	PodmanImageSource ImageSource = "podman"

	// RemoteImageSource represents a remote scan
	RemoteImageSource ImageSource = "remote"
)

type ImageSources added in v0.42.0

type ImageSources []ImageSource

ImageSources is a slice of image sources

type LangType added in v0.46.0

type LangType = TargetType

LangType is an alias of TargetType for programming languages

const (
	Bundler    LangType = "bundler"
	GemSpec    LangType = "gemspec"
	Cargo      LangType = "cargo"
	Composer   LangType = "composer"
	Npm        LangType = "npm"
	NuGet      LangType = "nuget"
	DotNetCore LangType = "dotnet-core"
	Pip        LangType = "pip"
	Pipenv     LangType = "pipenv"
	Poetry     LangType = "poetry"
	CondaPkg   LangType = "conda-pkg"
	PythonPkg  LangType = "python-pkg"
	NodePkg    LangType = "node-pkg"
	Yarn       LangType = "yarn"
	Pnpm       LangType = "pnpm"
	Jar        LangType = "jar"
	Pom        LangType = "pom"
	Gradle     LangType = "gradle"
	GoBinary   LangType = "gobinary"
	GoModule   LangType = "gomod"
	JavaScript LangType = "javascript"
	RustBinary LangType = "rustbinary"
	Conan      LangType = "conan"
	Cocoapods  LangType = "cocoapods"
	Swift      LangType = "swift"
	Pub        LangType = "pub"
	Hex        LangType = "hex"
	Bitnami    LangType = "bitnami"

	K8sUpstream LangType = "kubernetes"
	EKS         LangType = "eks" // Amazon Elastic Kubernetes Service
	GKE         LangType = "gke" // Google Kubernetes Engine
	AKS         LangType = "aks" // Azure Kubernetes Service
	RKE         LangType = "rke" // Rancher Kubernetes Engine
	OCP         LangType = "ocp" // Red Hat OpenShift Container Platform
)

Programming language dependencies

type Layer

type Layer struct {
	Digest    string `json:",omitempty"`
	DiffID    string `json:",omitempty"`
	CreatedBy string `json:",omitempty"`
}

type LicenseCategory added in v0.30.0

type LicenseCategory string
const (
	CategoryForbidden    LicenseCategory = "forbidden"
	CategoryRestricted   LicenseCategory = "restricted"
	CategoryReciprocal   LicenseCategory = "reciprocal"
	CategoryNotice       LicenseCategory = "notice"
	CategoryPermissive   LicenseCategory = "permissive"
	CategoryUnencumbered LicenseCategory = "unencumbered"
	CategoryUnknown      LicenseCategory = "unknown"
)

type LicenseFile added in v0.30.0

type LicenseFile struct {
	Type     LicenseType
	FilePath string
	PkgName  string
	Findings LicenseFindings
	Layer    Layer `json:",omitempty"`
}

type LicenseFinding added in v0.30.0

type LicenseFinding struct {
	Category   LicenseCategory // such as "forbidden"
	Name       string
	Confidence float64
	Link       string
}

type LicenseFindings added in v0.36.0

type LicenseFindings []LicenseFinding

func (LicenseFindings) Len added in v0.36.0

func (findings LicenseFindings) Len() int

func (LicenseFindings) Less added in v0.36.0

func (findings LicenseFindings) Less(i, j int) bool

func (LicenseFindings) Names added in v0.45.0

func (findings LicenseFindings) Names() []string

func (LicenseFindings) Swap added in v0.36.0

func (findings LicenseFindings) Swap(i, j int)

type LicenseType added in v0.30.0

type LicenseType string
const (
	LicenseTypeDpkg   LicenseType = "dpkg"         // From /usr/share/doc/*/copyright
	LicenseTypeHeader LicenseType = "header"       // From file headers
	LicenseTypeFile   LicenseType = "license-file" // From LICENSE, COPYRIGHT, etc.
)

type Line

type Line struct {
	Number      int    `json:"Number"`
	Content     string `json:"Content"`
	IsCause     bool   `json:"IsCause"`
	Annotation  string `json:"Annotation"`
	Truncated   bool   `json:"Truncated"`
	Highlighted string `json:"Highlighted,omitempty"`
	FirstCause  bool   `json:"FirstCause"`
	LastCause   bool   `json:"LastCause"`
}

type Location added in v0.33.0

type Location struct {
	StartLine int `json:",omitempty"`
	EndLine   int `json:",omitempty"`
}

type Metadata added in v0.30.0

type Metadata struct {
	Timestamp string    `json:"timestamp,omitempty" xml:"timestamp,omitempty"`
	Component Component `json:"component,omitempty" xml:"component,omitempty"`
}

type MisconfResult

type MisconfResult struct {
	Namespace      string `json:",omitempty"`
	Query          string `json:",omitempty"`
	Message        string `json:",omitempty"`
	PolicyMetadata `json:",omitempty"`
	CauseMetadata  `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

type MisconfResults

type MisconfResults []MisconfResult

func (MisconfResults) Len

func (r MisconfResults) Len() int

func (MisconfResults) Less

func (r MisconfResults) Less(i, j int) bool

func (MisconfResults) Swap

func (r MisconfResults) Swap(i, j int)

type Misconfiguration

type Misconfiguration struct {
	FileType   ConfigType     `json:",omitempty"`
	FilePath   string         `json:",omitempty"`
	Successes  MisconfResults `json:",omitempty"`
	Warnings   MisconfResults `json:",omitempty"`
	Failures   MisconfResults `json:",omitempty"`
	Exceptions MisconfResults `json:",omitempty"`
	Layer      Layer          `json:",omitempty"`
}

func ToMisconfigurations

func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration

type OS

type OS struct {
	Family OSType
	Name   string
	Eosl   bool `json:"EOSL,omitempty"`

	// This field is used for enhanced security maintenance programs such as Ubuntu ESM, Debian Extended LTS.
	Extended bool `json:"extended,omitempty"`
}

func (*OS) Detected added in v0.36.0

func (o *OS) Detected() bool

func (*OS) Merge added in v0.36.0

func (o *OS) Merge(newOS OS)

Merge merges OS version and enhanced security maintenance programs

type OSType added in v0.46.0

type OSType = TargetType

OSType is an alias of TargetType for operating systems

const (
	Alma               OSType = "alma"
	Alpine             OSType = "alpine"
	Amazon             OSType = "amazon"
	CBLMariner         OSType = "cbl-mariner"
	CentOS             OSType = "centos"
	Chainguard         OSType = "chainguard"
	Debian             OSType = "debian"
	Fedora             OSType = "fedora"
	OpenSUSE           OSType = "opensuse"
	OpenSUSELeap       OSType = "opensuse.leap"
	OpenSUSETumbleweed OSType = "opensuse.tumbleweed"
	Oracle             OSType = "oracle"
	Photon             OSType = "photon"
	RedHat             OSType = "redhat"
	Rocky              OSType = "rocky"
	SLES               OSType = "suse linux enterprise server"
	Ubuntu             OSType = "ubuntu"
	Wolfi              OSType = "wolfi"
)

Operating systems

type Occurrence added in v0.45.0

type Occurrence struct {
	Resource string `json:",omitempty"`
	Filename string `json:",omitempty"`
	Location Location
}

type Package

type Package struct {
	ID         string   `json:",omitempty"`
	Name       string   `json:",omitempty"`
	Version    string   `json:",omitempty"`
	Release    string   `json:",omitempty"`
	Epoch      int      `json:",omitempty"`
	Arch       string   `json:",omitempty"`
	Dev        bool     `json:",omitempty"`
	SrcName    string   `json:",omitempty"`
	SrcVersion string   `json:",omitempty"`
	SrcRelease string   `json:",omitempty"`
	SrcEpoch   int      `json:",omitempty"`
	Licenses   []string `json:",omitempty"`
	Maintainer string   `json:",omitempty"`

	Modularitylabel string     `json:",omitempty"` // only for Red Hat based distributions
	BuildInfo       *BuildInfo `json:",omitempty"` // only for Red Hat

	Ref      string `json:",omitempty"` // identifier which can be used to reference the component elsewhere
	Indirect bool   `json:",omitempty"` // this package is direct dependency of the project or not

	// Dependencies of this package
	// Note: it may have interdependencies, which may lead to infinite loops.
	DependsOn []string `json:",omitempty"`

	Layer Layer `json:",omitempty"`

	// Each package metadata have the file path, while the package from lock files does not have.
	FilePath string `json:",omitempty"`

	// This is required when using SPDX formats. Otherwise, it will be empty.
	Digest digest.Digest `json:",omitempty"`

	// lines from the lock file where the dependency is written
	Locations []Location `json:",omitempty"`
}

func (*Package) Empty

func (pkg *Package) Empty() bool

type PackageInfo

type PackageInfo struct {
	FilePath string
	Packages Packages
}

type Packages added in v0.36.0

type Packages []Package

func (Packages) Len added in v0.36.0

func (pkgs Packages) Len() int

func (Packages) Less added in v0.36.0

func (pkgs Packages) Less(i, j int) bool

func (Packages) ParentDeps added in v0.39.0

func (pkgs Packages) ParentDeps() map[string]Packages

ParentDeps returns a map where the keys are package IDs and the values are the packages that depend on the respective package ID (parent dependencies).

func (Packages) Swap added in v0.36.0

func (pkgs Packages) Swap(i, j int)

type Platform added in v0.42.0

type Platform struct {
	*v1.Platform

	// Force returns an error if the specified platform is not found.
	// This option is for Aqua, and cannot be configured via Trivy CLI.
	Force bool
}

type PodmanOptions added in v0.41.0

type PodmanOptions struct {
}

type PolicyInputOption

type PolicyInputOption struct {
	Combine   bool                  `mapstructure:"combine"`
	Selectors []PolicyInputSelector `mapstructure:"selector"`
}

type PolicyInputSelector

type PolicyInputSelector struct {
	Type string `mapstructure:"type"`
}

type PolicyMetadata

type PolicyMetadata struct {
	ID                 string   `json:",omitempty"`
	AVDID              string   `json:",omitempty"`
	Type               string   `json:",omitempty"`
	Title              string   `json:",omitempty"`
	Description        string   `json:",omitempty"`
	Severity           string   `json:",omitempty"`
	RecommendedActions string   `json:",omitempty" mapstructure:"recommended_actions"`
	References         []string `json:",omitempty"`
}

type RegistryOptions added in v0.41.0

type RegistryOptions struct {
	// Auth for registries
	Credentials []Credential

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string

	// SSL/TLS
	Insecure bool

	// For internal use. Needed for mTLS authentication.
	ClientCert []byte
	ClientKey  []byte

	// Architecture
	Platform Platform

	// ECR
	AWSAccessKey    string
	AWSSecretKey    string
	AWSSessionToken string
	AWSRegion       string

	// GCP
	GCPCredPath string
}

type Repository

type Repository struct {
	Family  OSType `json:",omitempty"`
	Release string `json:",omitempty"`
}

type Secret

type Secret struct {
	FilePath string
	Findings []SecretFinding
}

type SecretFinding

type SecretFinding struct {
	RuleID    string
	Category  SecretRuleCategory
	Severity  string
	Title     string
	StartLine int
	EndLine   int
	Code      Code
	Match     string
	Layer     Layer `json:",omitempty"`
}

type SecretRuleCategory

type SecretRuleCategory string

type SpecVersion added in v0.36.1

type SpecVersion int

type SrcPackage

type SrcPackage struct {
	Name        string   `json:"name"`
	Version     string   `json:"version"`
	BinaryNames []string `json:"binaryNames"`
}

type TargetType added in v0.46.0

type TargetType string

TargetType represents the type of target

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL