types

package
v0.58.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 10 Imported by: 138

Documentation

Index

Constants

View Source
const (
	ArtifactJSONSchemaVersion = 1
	BlobJSONSchemaVersion     = 2
)
View Source
const (
	NuGetPkgsLock   = "packages.lock.json"
	NuGetPkgsConfig = "packages.config"

	GoMod = "go.mod"
	GoSum = "go.sum"

	MavenPom = "pom.xml"
	SbtLock  = "build.sbt.lock"

	NpmPkg     = "package.json"
	NpmPkgLock = "package-lock.json"
	YarnLock   = "yarn.lock"
	PnpmLock   = "pnpm-lock.yaml"

	ComposerLock          = "composer.lock"
	ComposerJson          = "composer.json"
	ComposerInstalledJson = "installed.json"

	PyProject       = "pyproject.toml"
	PipRequirements = "requirements.txt"
	PipfileLock     = "Pipfile.lock"
	PoetryLock      = "poetry.lock"

	GemfileLock = "Gemfile.lock"

	CargoLock = "Cargo.lock"
	CargoToml = "Cargo.toml"

	ConanLock = "conan.lock"

	CocoaPodsLock = "Podfile.lock"
	SwiftResolved = "Package.resolved"

	PubSpecLock = "pubspec.lock"

	MixLock = "mix.lock"

	CondaEnvYaml = "environment.yaml"
	CondaEnvYml  = "environment.yml"

	JuliaProject  = "Project.toml"
	JuliaManifest = "Manifest.toml"
)

Language-specific file names

View Source
const (
	SystemFileFilteringPostHandler HandlerType = "system-file-filter"
	UnpackagedPostHandler          HandlerType = "unpackaged"

	// SystemFileFilteringPostHandlerPriority should be higher than other handlers.
	// Otherwise, other handlers need to process unnecessary files.
	SystemFileFilteringPostHandlerPriority = 100
	UnpackagedPostHandlerPriority          = 50
)

Variables

View Source
var (
	InvalidURLPattern = xerrors.New("invalid url pattern")
	ErrNoRpmCmd       = xerrors.New("no rpm command")
)
View Source
var AggregatingTypes = []LangType{
	PythonPkg,
	CondaPkg,
	GemSpec,
	NodePkg,
	Jar,
}

Functions

This section is empty.

Types

type Application

type Application struct {
	// e.g. bundler and pipenv
	Type LangType

	// Lock files have the file path here, while each package metadata do not have
	FilePath string `json:",omitempty"`

	// Packages is a list of lang-specific packages
	Packages Packages
}

type ArtifactDetail

type ArtifactDetail struct {
	OS                OS                 `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	Packages          Packages           `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// ImageConfig has information from container image config
	ImageConfig ImageConfigDetail

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

ArtifactDetail represents the analysis result.

func (*ArtifactDetail) ToBlobInfo added in v0.32.0

func (a *ArtifactDetail) ToBlobInfo() BlobInfo

ToBlobInfo is used to store a merged layer in cache.

type ArtifactInfo

type ArtifactInfo struct {
	SchemaVersion int
	Architecture  string
	Created       time.Time
	DockerVersion string
	OS            string

	// Misconfiguration holds misconfiguration in container image config
	Misconfiguration *Misconfiguration `json:",omitempty"`

	// Secret holds secrets in container image config such as environment variables
	Secret *Secret `json:",omitempty"`

	// HistoryPackages are packages extracted from RUN instructions
	HistoryPackages Packages `json:",omitempty"`
}

ArtifactInfo is stored in cache

type BlobInfo

type BlobInfo struct {
	SchemaVersion int

	// Layer information
	Digest        string   `json:",omitempty"`
	DiffID        string   `json:",omitempty"`
	CreatedBy     string   `json:",omitempty"`
	OpaqueDirs    []string `json:",omitempty"`
	WhiteoutFiles []string `json:",omitempty"`

	// Analysis result
	OS                OS                 `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	PackageInfos      []PackageInfo      `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// Red Hat distributions have build info per layer.
	// This information will be embedded into packages when applying layers.
	// ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe
	BuildInfo *BuildInfo `json:",omitempty"`

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

BlobInfo is stored in cache

type BuildInfo

type BuildInfo struct {
	ContentSets []string `json:",omitempty"`
	Nvr         string   `json:",omitempty"`
	Arch        string   `json:",omitempty"`
}

BuildInfo represents information under /root/buildinfo in RHEL

type CauseMetadata

type CauseMetadata struct {
	Resource    string       `json:",omitempty"`
	Provider    string       `json:",omitempty"`
	Service     string       `json:",omitempty"`
	StartLine   int          `json:",omitempty"`
	EndLine     int          `json:",omitempty"`
	Code        Code         `json:",omitempty"`
	Occurrences []Occurrence `json:",omitempty"`
}

type Code

type Code struct {
	Lines []Line
}

type ConfigType added in v0.46.0

type ConfigType = TargetType

ConfigType is an alias of TargetType for configuration files

const (
	JSON                  ConfigType = "json"
	YAML                  ConfigType = "yaml"
	Dockerfile            ConfigType = "dockerfile"
	Terraform             ConfigType = "terraform"
	TerraformPlanJSON     ConfigType = "terraformplan"
	TerraformPlanSnapshot ConfigType = "terraformplan-snapshot"
	CloudFormation        ConfigType = "cloudformation"
	Kubernetes            ConfigType = "kubernetes"
	Helm                  ConfigType = "helm"
	Cloud                 ConfigType = "cloud"
	AzureARM              ConfigType = "azure-arm"
)

Config files

type ContainerdOptions added in v0.41.0

type ContainerdOptions struct {
}

type Credential added in v0.38.0

type Credential struct {
	Username string
	Password string
}

type CustomResource

type CustomResource struct {
	Type     string
	FilePath string
	Layer    Layer
	Data     any
}

CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.

type Dependencies added in v0.51.2

type Dependencies []Dependency

func (Dependencies) Len added in v0.51.2

func (deps Dependencies) Len() int

func (Dependencies) Less added in v0.51.2

func (deps Dependencies) Less(i, j int) bool

func (Dependencies) Swap added in v0.51.2

func (deps Dependencies) Swap(i, j int)

type Dependency added in v0.51.2

type Dependency struct {
	ID        string
	DependsOn []string
}

type DetectionPriority added in v0.55.0

type DetectionPriority string

DetectionPriority represents the priority of detection

const PriorityComprehensive DetectionPriority = "comprehensive"

PriorityComprehensive tries to minimize false negatives

const PriorityPrecise DetectionPriority = "precise"

PriorityPrecise tries to minimize false positives

type DockerOptions added in v0.41.0

type DockerOptions struct {
	Host string
}

type ExternalRef added in v0.51.2

type ExternalRef struct {
	Type RefType
	URL  string
}

type File

type File struct {
	Type    string
	Path    string
	Content []byte
}

type HandlerType

type HandlerType string

type Image

type Image interface {
	v1.Image
	ImageExtension
}

type ImageConfigDetail added in v0.37.0

type ImageConfigDetail struct {
	// Packages are packages extracted from RUN instructions in history
	Packages []Package `json:",omitempty"`

	// Misconfiguration holds misconfigurations in container image config
	Misconfiguration *Misconfiguration `json:",omitempty"`

	// Secret holds secrets in container image config
	Secret *Secret `json:",omitempty"`
}

ImageConfigDetail has information from container image config

type ImageExtension

type ImageExtension interface {
	Name() string
	ID() (string, error)
	RepoTags() []string
	RepoDigests() []string
}

type ImageOptions added in v0.41.0

type ImageOptions struct {
	RegistryOptions   RegistryOptions
	DockerOptions     DockerOptions
	PodmanOptions     PodmanOptions
	ContainerdOptions ContainerdOptions
	ImageSources      ImageSources
}

type ImageSource added in v0.42.0

type ImageSource string

ImageSource represents the source of an image. It can be a string that identifies the container registry or a type of container runtime.

const (
	// DockerImageSource is the docker runtime
	DockerImageSource ImageSource = "docker"

	// ContainerdImageSource is the containerd runtime
	ContainerdImageSource ImageSource = "containerd"

	// PodmanImageSource is the podman runtime
	PodmanImageSource ImageSource = "podman"

	// RemoteImageSource represents a remote scan
	RemoteImageSource ImageSource = "remote"
)

type ImageSources added in v0.42.0

type ImageSources []ImageSource

ImageSources is a slice of image sources

type LangType added in v0.46.0

type LangType = TargetType

LangType is an alias of TargetType for programming languages

const (
	Bundler        LangType = "bundler"
	GemSpec        LangType = "gemspec"
	Cargo          LangType = "cargo"
	Composer       LangType = "composer"
	ComposerVendor LangType = "composer-vendor"
	Npm            LangType = "npm"
	NuGet          LangType = "nuget"
	DotNetCore     LangType = "dotnet-core"
	PackagesProps  LangType = "packages-props"
	Pip            LangType = "pip"
	Pipenv         LangType = "pipenv"
	Poetry         LangType = "poetry"
	CondaPkg       LangType = "conda-pkg"
	CondaEnv       LangType = "conda-environment"
	PythonPkg      LangType = "python-pkg"
	NodePkg        LangType = "node-pkg"
	Yarn           LangType = "yarn"
	Pnpm           LangType = "pnpm"
	Jar            LangType = "jar"
	Pom            LangType = "pom"
	Gradle         LangType = "gradle"
	Sbt            LangType = "sbt"
	GoBinary       LangType = "gobinary"
	GoModule       LangType = "gomod"
	JavaScript     LangType = "javascript"
	RustBinary     LangType = "rustbinary"
	Conan          LangType = "conan"
	Cocoapods      LangType = "cocoapods"
	Swift          LangType = "swift"
	Pub            LangType = "pub"
	Hex            LangType = "hex"
	Bitnami        LangType = "bitnami"
	Julia          LangType = "julia"

	K8sUpstream LangType = "kubernetes"
	EKS         LangType = "eks" // Amazon Elastic Kubernetes Service
	GKE         LangType = "gke" // Google Kubernetes Engine
	AKS         LangType = "aks" // Azure Kubernetes Service
	RKE         LangType = "rke" // Rancher Kubernetes Engine
	OCP         LangType = "ocp" // Red Hat OpenShift Container Platform
)

Programming language dependencies

type Layer

type Layer struct {
	Digest    string `json:",omitempty"`
	DiffID    string `json:",omitempty"`
	CreatedBy string `json:",omitempty"`
}

type LicenseCategory added in v0.30.0

type LicenseCategory string
const (
	CategoryForbidden    LicenseCategory = "forbidden"
	CategoryRestricted   LicenseCategory = "restricted"
	CategoryReciprocal   LicenseCategory = "reciprocal"
	CategoryNotice       LicenseCategory = "notice"
	CategoryPermissive   LicenseCategory = "permissive"
	CategoryUnencumbered LicenseCategory = "unencumbered"
	CategoryUnknown      LicenseCategory = "unknown"
)

type LicenseFile added in v0.30.0

type LicenseFile struct {
	Type     LicenseType
	FilePath string
	PkgName  string
	Findings LicenseFindings
	Layer    Layer `json:",omitempty"`
}

type LicenseFinding added in v0.30.0

type LicenseFinding struct {
	Category   LicenseCategory // such as "forbidden"
	Name       string
	Confidence float64
	Link       string
}

type LicenseFindings added in v0.36.0

type LicenseFindings []LicenseFinding

func (LicenseFindings) Len added in v0.36.0

func (findings LicenseFindings) Len() int

func (LicenseFindings) Less added in v0.36.0

func (findings LicenseFindings) Less(i, j int) bool

func (LicenseFindings) Names added in v0.45.0

func (findings LicenseFindings) Names() []string

func (LicenseFindings) Swap added in v0.36.0

func (findings LicenseFindings) Swap(i, j int)

type LicenseType added in v0.30.0

type LicenseType string
const (
	LicenseTypeDpkg   LicenseType = "dpkg"         // From /usr/share/doc/*/copyright
	LicenseTypeHeader LicenseType = "header"       // From file headers
	LicenseTypeFile   LicenseType = "license-file" // From LICENSE, COPYRIGHT, etc.
)

type Line

type Line struct {
	Number      int    `json:"Number"`
	Content     string `json:"Content"`
	IsCause     bool   `json:"IsCause"`
	Annotation  string `json:"Annotation"`
	Truncated   bool   `json:"Truncated"`
	Highlighted string `json:"Highlighted,omitempty"`
	FirstCause  bool   `json:"FirstCause"`
	LastCause   bool   `json:"LastCause"`
}

type Location added in v0.33.0

type Location struct {
	StartLine int `json:",omitempty"`
	EndLine   int `json:",omitempty"`
}

type Locations added in v0.51.2

type Locations []Location

func (Locations) Len added in v0.51.2

func (locs Locations) Len() int

func (Locations) Less added in v0.51.2

func (locs Locations) Less(i, j int) bool

func (Locations) Swap added in v0.51.2

func (locs Locations) Swap(i, j int)

type MisconfResult

type MisconfResult struct {
	Namespace      string `json:",omitempty"`
	Query          string `json:",omitempty"`
	Message        string `json:",omitempty"`
	PolicyMetadata `json:",omitempty"`
	CauseMetadata  `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

type MisconfResults

type MisconfResults []MisconfResult

func (MisconfResults) Len

func (r MisconfResults) Len() int

func (MisconfResults) Less

func (r MisconfResults) Less(i, j int) bool

func (MisconfResults) Swap

func (r MisconfResults) Swap(i, j int)

type Misconfiguration

type Misconfiguration struct {
	FileType  ConfigType     `json:",omitempty"`
	FilePath  string         `json:",omitempty"`
	Successes MisconfResults `json:",omitempty"`
	Warnings  MisconfResults `json:",omitempty"`
	Failures  MisconfResults `json:",omitempty"`
	Layer     Layer          `json:",omitempty"`
}

func ToMisconfigurations

func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration

type OS

type OS struct {
	Family OSType
	Name   string
	Eosl   bool `json:"EOSL,omitempty"`

	// This field is used for enhanced security maintenance programs such as Ubuntu ESM, Debian Extended LTS.
	Extended bool `json:"extended,omitempty"`
}

func (*OS) Detected added in v0.36.0

func (o *OS) Detected() bool

func (*OS) Merge added in v0.36.0

func (o *OS) Merge(newOS OS)

Merge merges OS version and enhanced security maintenance programs

type OSType added in v0.46.0

type OSType = TargetType

OSType is an alias of TargetType for operating systems

const (
	Alma               OSType = "alma"
	Alpine             OSType = "alpine"
	Amazon             OSType = "amazon"
	Azure              OSType = "azurelinux"
	CBLMariner         OSType = "cbl-mariner"
	CentOS             OSType = "centos"
	Chainguard         OSType = "chainguard"
	Debian             OSType = "debian"
	Fedora             OSType = "fedora"
	OpenSUSE           OSType = "opensuse"
	OpenSUSELeap       OSType = "opensuse-leap"
	OpenSUSETumbleweed OSType = "opensuse-tumbleweed"
	Oracle             OSType = "oracle"
	Photon             OSType = "photon"
	RedHat             OSType = "redhat"
	Rocky              OSType = "rocky"
	SLEMicro           OSType = "slem"
	SLES               OSType = "sles"
	Ubuntu             OSType = "ubuntu"
	Wolfi              OSType = "wolfi"
)

Operating systems

type Occurrence added in v0.45.0

type Occurrence struct {
	Resource string `json:",omitempty"`
	Filename string `json:",omitempty"`
	Location Location
}

type Package

type Package struct {
	ID                 string        `json:",omitempty"`
	Name               string        `json:",omitempty"`
	Identifier         PkgIdentifier `json:",omitempty"`
	Version            string        `json:",omitempty"`
	Release            string        `json:",omitempty"`
	Epoch              int           `json:",omitempty"`
	Arch               string        `json:",omitempty"`
	Dev                bool          `json:",omitempty"`
	SrcName            string        `json:",omitempty"`
	SrcVersion         string        `json:",omitempty"`
	SrcRelease         string        `json:",omitempty"`
	SrcEpoch           int           `json:",omitempty"`
	Licenses           []string      `json:",omitempty"`
	Maintainer         string        `json:",omitempty"`
	ExternalReferences []ExternalRef `json:"-" hash:"ignore"`

	Modularitylabel string     `json:",omitempty"` // only for Red Hat based distributions
	BuildInfo       *BuildInfo `json:",omitempty"` // only for Red Hat

	Indirect     bool         `json:",omitempty"` // Deprecated: Use relationship. Kept for backward compatibility.
	Relationship Relationship `json:",omitempty"`

	// Dependencies of this package
	// Note: it may have interdependencies, which may lead to infinite loops.
	DependsOn []string `json:",omitempty"`

	Layer Layer `json:",omitempty"`

	// Each package metadata have the file path, while the package from lock files does not have.
	FilePath string `json:",omitempty"`

	// This is required when using SPDX formats. Otherwise, it will be empty.
	Digest digest.Digest `json:",omitempty"`

	// lines from the lock file where the dependency is written
	Locations Locations `json:",omitempty"`

	// Files installed by the package
	InstalledFiles []string `json:",omitempty"`
}

func (*Package) Empty

func (pkg *Package) Empty() bool

type PackageInfo

type PackageInfo struct {
	FilePath string
	Packages Packages
}

type Packages added in v0.36.0

type Packages []Package

func (Packages) Len added in v0.36.0

func (pkgs Packages) Len() int

func (Packages) Less added in v0.36.0

func (pkgs Packages) Less(i, j int) bool

func (Packages) ParentDeps added in v0.39.0

func (pkgs Packages) ParentDeps() map[string]Packages

ParentDeps returns a map where the keys are package IDs and the values are the packages that depend on the respective package ID (parent dependencies).

func (Packages) Swap added in v0.36.0

func (pkgs Packages) Swap(i, j int)

type PkgIdentifier added in v0.49.0

type PkgIdentifier struct {
	UID    string                 `json:",omitempty"` // Calculated by the package struct
	PURL   *packageurl.PackageURL `json:"-"`
	BOMRef string                 `json:",omitempty"` // For CycloneDX
}

PkgIdentifier represents a software identifiers in one of more of the supported formats.

func (*PkgIdentifier) Empty added in v0.49.0

func (id *PkgIdentifier) Empty() bool

func (PkgIdentifier) MarshalJSON added in v0.49.0

func (id PkgIdentifier) MarshalJSON() ([]byte, error)

MarshalJSON customizes the JSON encoding of PkgIdentifier.

func (*PkgIdentifier) Match added in v0.49.0

func (id *PkgIdentifier) Match(s string) bool

func (*PkgIdentifier) UnmarshalJSON added in v0.49.0

func (id *PkgIdentifier) UnmarshalJSON(data []byte) error

UnmarshalJSON customizes the JSON decoding of PkgIdentifier.

type Platform added in v0.42.0

type Platform struct {
	*v1.Platform

	// Force returns an error if the specified platform is not found.
	// This option is for Aqua, and cannot be configured via Trivy CLI.
	Force bool
}

type PodmanOptions added in v0.41.0

type PodmanOptions struct {
	Host string
}

type PolicyInputOption

type PolicyInputOption struct {
	Combine   bool                  `mapstructure:"combine"`
	Selectors []PolicyInputSelector `mapstructure:"selector"`
}

type PolicyInputSelector

type PolicyInputSelector struct {
	Type string `mapstructure:"type"`
}

type PolicyMetadata

type PolicyMetadata struct {
	ID                 string   `json:",omitempty"`
	AVDID              string   `json:",omitempty"`
	Type               string   `json:",omitempty"`
	Title              string   `json:",omitempty"`
	Description        string   `json:",omitempty"`
	Severity           string   `json:",omitempty"`
	RecommendedActions string   `json:",omitempty" mapstructure:"recommended_actions"`
	References         []string `json:",omitempty"`
}

type RefType added in v0.51.2

type RefType string
const (
	RefVCS   RefType = "vcs"
	RefOther RefType = "other"
)

type RegistryOptions added in v0.41.0

type RegistryOptions struct {
	// Auth for registries
	Credentials []Credential

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string

	// SSL/TLS
	Insecure bool

	// For internal use. Needed for mTLS authentication.
	ClientCert []byte
	ClientKey  []byte

	// Architecture
	Platform Platform

	// ECR
	AWSAccessKey    string
	AWSSecretKey    string
	AWSSessionToken string
	AWSRegion       string

	// GCP
	GCPCredPath string
}

type Relationship added in v0.51.0

type Relationship int
const (
	RelationshipUnknown Relationship = iota
	RelationshipRoot
	RelationshipWorkspace // For maven `modules`. TODO use it for cargo and npm workspaces
	RelationshipDirect
	RelationshipIndirect
)

func NewRelationship added in v0.54.0

func NewRelationship(s string) (Relationship, error)

func (Relationship) MarshalJSON added in v0.51.2

func (r Relationship) MarshalJSON() ([]byte, error)

func (Relationship) String added in v0.51.2

func (r Relationship) String() string

func (*Relationship) UnmarshalJSON added in v0.51.2

func (r *Relationship) UnmarshalJSON(data []byte) error

type Repository

type Repository struct {
	Family  OSType `json:",omitempty"`
	Release string `json:",omitempty"`
}

type Secret

type Secret struct {
	FilePath string
	Findings []SecretFinding
}

type SecretFinding

type SecretFinding struct {
	RuleID    string
	Category  SecretRuleCategory
	Severity  string
	Title     string
	StartLine int
	EndLine   int
	Code      Code
	Match     string
	Layer     Layer `json:",omitempty"`
}

type SecretRuleCategory

type SecretRuleCategory string

type TargetType added in v0.46.0

type TargetType string

TargetType represents the type of target

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL