Documentation ¶
Index ¶
- Constants
- Variables
- type Application
- type ArtifactDetail
- type ArtifactInfo
- type BlobInfo
- type BuildInfo
- type CauseMetadata
- type Code
- type ConfigType
- type ContainerdOptions
- type Credential
- type CustomResource
- type Dependencies
- type Dependency
- type DetectionPriority
- type DockerOptions
- type ExternalRef
- type File
- type HandlerType
- type Image
- type ImageConfigDetail
- type ImageExtension
- type ImageOptions
- type ImageSource
- type ImageSources
- type LangType
- type Layer
- type LicenseCategory
- type LicenseFile
- type LicenseFinding
- type LicenseFindings
- type LicenseType
- type Line
- type Location
- type Locations
- type MisconfResult
- type MisconfResults
- type Misconfiguration
- type OS
- type OSType
- type Occurrence
- type Package
- type PackageInfo
- type Packages
- type PkgIdentifier
- type Platform
- type PodmanOptions
- type PolicyInputOption
- type PolicyInputSelector
- type PolicyMetadata
- type RefType
- type RegistryOptions
- type Relationship
- type Repository
- type Secret
- type SecretFinding
- type SecretRuleCategory
- type TargetType
Constants ¶
const ( ArtifactJSONSchemaVersion = 1 BlobJSONSchemaVersion = 2 )
const ( NuGetPkgsLock = "packages.lock.json" NuGetPkgsConfig = "packages.config" GoMod = "go.mod" GoSum = "go.sum" MavenPom = "pom.xml" SbtLock = "build.sbt.lock" NpmPkg = "package.json" NpmPkgLock = "package-lock.json" YarnLock = "yarn.lock" PnpmLock = "pnpm-lock.yaml" ComposerLock = "composer.lock" ComposerJson = "composer.json" ComposerInstalledJson = "installed.json" PyProject = "pyproject.toml" PipRequirements = "requirements.txt" PipfileLock = "Pipfile.lock" PoetryLock = "poetry.lock" GemfileLock = "Gemfile.lock" CargoLock = "Cargo.lock" CargoToml = "Cargo.toml" ConanLock = "conan.lock" CocoaPodsLock = "Podfile.lock" SwiftResolved = "Package.resolved" PubSpecLock = "pubspec.lock" MixLock = "mix.lock" CondaEnvYaml = "environment.yaml" CondaEnvYml = "environment.yml" JuliaProject = "Project.toml" JuliaManifest = "Manifest.toml" )
Language-specific file names
const ( SystemFileFilteringPostHandler HandlerType = "system-file-filter" UnpackagedPostHandler HandlerType = "unpackaged" // SystemFileFilteringPostHandlerPriority should be higher than other handlers. // Otherwise, other handlers need to process unnecessary files. SystemFileFilteringPostHandlerPriority = 100 UnpackagedPostHandlerPriority = 50 )
Variables ¶
var ( InvalidURLPattern = xerrors.New("invalid url pattern") ErrNoRpmCmd = xerrors.New("no rpm command") )
var ( AllImageSources = ImageSources{ DockerImageSource, ContainerdImageSource, PodmanImageSource, RemoteImageSource, } )
var ( Relationships = []Relationship{ RelationshipUnknown, RelationshipRoot, RelationshipWorkspace, RelationshipDirect, RelationshipIndirect, } )
Functions ¶
This section is empty.
Types ¶
type Application ¶
type ArtifactDetail ¶
type ArtifactDetail struct { OS OS `json:",omitempty"` Repository *Repository `json:",omitempty"` Packages Packages `json:",omitempty"` Applications []Application `json:",omitempty"` Misconfigurations []Misconfiguration `json:",omitempty"` Secrets []Secret `json:",omitempty"` Licenses []LicenseFile `json:",omitempty"` // ImageConfig has information from container image config ImageConfig ImageConfigDetail // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []CustomResource `json:",omitempty"` }
ArtifactDetail represents the analysis result.
func (*ArtifactDetail) ToBlobInfo ¶ added in v0.32.0
func (a *ArtifactDetail) ToBlobInfo() BlobInfo
ToBlobInfo is used to store a merged layer in cache.
type ArtifactInfo ¶
type ArtifactInfo struct { SchemaVersion int Architecture string Created time.Time DockerVersion string OS string // Misconfiguration holds misconfiguration in container image config Misconfiguration *Misconfiguration `json:",omitempty"` // Secret holds secrets in container image config such as environment variables Secret *Secret `json:",omitempty"` // HistoryPackages are packages extracted from RUN instructions HistoryPackages Packages `json:",omitempty"` }
ArtifactInfo is stored in cache
type BlobInfo ¶
type BlobInfo struct { SchemaVersion int // Layer information Digest string `json:",omitempty"` DiffID string `json:",omitempty"` CreatedBy string `json:",omitempty"` OpaqueDirs []string `json:",omitempty"` WhiteoutFiles []string `json:",omitempty"` // Analysis result OS OS `json:",omitempty"` Repository *Repository `json:",omitempty"` PackageInfos []PackageInfo `json:",omitempty"` Applications []Application `json:",omitempty"` Misconfigurations []Misconfiguration `json:",omitempty"` Secrets []Secret `json:",omitempty"` Licenses []LicenseFile `json:",omitempty"` // Red Hat distributions have build info per layer. // This information will be embedded into packages when applying layers. // ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe BuildInfo *BuildInfo `json:",omitempty"` // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []CustomResource `json:",omitempty"` }
BlobInfo is stored in cache
type BuildInfo ¶
type BuildInfo struct { ContentSets []string `json:",omitempty"` Nvr string `json:",omitempty"` Arch string `json:",omitempty"` }
BuildInfo represents information under /root/buildinfo in RHEL
type CauseMetadata ¶
type ConfigType ¶ added in v0.46.0
type ConfigType = TargetType
ConfigType is an alias of TargetType for configuration files
const ( JSON ConfigType = "json" YAML ConfigType = "yaml" Dockerfile ConfigType = "dockerfile" Terraform ConfigType = "terraform" TerraformPlanJSON ConfigType = "terraformplan" TerraformPlanSnapshot ConfigType = "terraformplan-snapshot" CloudFormation ConfigType = "cloudformation" Kubernetes ConfigType = "kubernetes" Helm ConfigType = "helm" Cloud ConfigType = "cloud" AzureARM ConfigType = "azure-arm" )
Config files
type ContainerdOptions ¶ added in v0.41.0
type ContainerdOptions struct { }
type Credential ¶ added in v0.38.0
type CustomResource ¶
CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.
type Dependencies ¶ added in v0.51.2
type Dependencies []Dependency
func (Dependencies) Len ¶ added in v0.51.2
func (deps Dependencies) Len() int
func (Dependencies) Less ¶ added in v0.51.2
func (deps Dependencies) Less(i, j int) bool
func (Dependencies) Swap ¶ added in v0.51.2
func (deps Dependencies) Swap(i, j int)
type Dependency ¶ added in v0.51.2
type DetectionPriority ¶ added in v0.55.0
type DetectionPriority string
DetectionPriority represents the priority of detection
const PriorityComprehensive DetectionPriority = "comprehensive"
PriorityComprehensive tries to minimize false negatives
const PriorityPrecise DetectionPriority = "precise"
PriorityPrecise tries to minimize false positives
type DockerOptions ¶ added in v0.41.0
type DockerOptions struct {
Host string
}
type ExternalRef ¶ added in v0.51.2
type HandlerType ¶
type HandlerType string
type Image ¶
type Image interface { v1.Image ImageExtension }
type ImageConfigDetail ¶ added in v0.37.0
type ImageConfigDetail struct { // Packages are packages extracted from RUN instructions in history Packages []Package `json:",omitempty"` // Misconfiguration holds misconfigurations in container image config Misconfiguration *Misconfiguration `json:",omitempty"` // Secret holds secrets in container image config Secret *Secret `json:",omitempty"` }
ImageConfigDetail has information from container image config
type ImageExtension ¶
type ImageOptions ¶ added in v0.41.0
type ImageOptions struct { RegistryOptions RegistryOptions DockerOptions DockerOptions PodmanOptions PodmanOptions ContainerdOptions ContainerdOptions ImageSources ImageSources }
type ImageSource ¶ added in v0.42.0
type ImageSource string
ImageSource represents the source of an image. It can be a string that identifies the container registry or a type of container runtime.
const ( // DockerImageSource is the docker runtime DockerImageSource ImageSource = "docker" // ContainerdImageSource is the containerd runtime ContainerdImageSource ImageSource = "containerd" // PodmanImageSource is the podman runtime PodmanImageSource ImageSource = "podman" // RemoteImageSource represents a remote scan RemoteImageSource ImageSource = "remote" )
type ImageSources ¶ added in v0.42.0
type ImageSources []ImageSource
ImageSources is a slice of image sources
type LangType ¶ added in v0.46.0
type LangType = TargetType
LangType is an alias of TargetType for programming languages
const ( Bundler LangType = "bundler" GemSpec LangType = "gemspec" Cargo LangType = "cargo" Composer LangType = "composer" ComposerVendor LangType = "composer-vendor" Npm LangType = "npm" NuGet LangType = "nuget" DotNetCore LangType = "dotnet-core" PackagesProps LangType = "packages-props" Pip LangType = "pip" Pipenv LangType = "pipenv" Poetry LangType = "poetry" CondaPkg LangType = "conda-pkg" CondaEnv LangType = "conda-environment" PythonPkg LangType = "python-pkg" NodePkg LangType = "node-pkg" Yarn LangType = "yarn" Pnpm LangType = "pnpm" Jar LangType = "jar" Pom LangType = "pom" Gradle LangType = "gradle" Sbt LangType = "sbt" GoBinary LangType = "gobinary" GoModule LangType = "gomod" JavaScript LangType = "javascript" RustBinary LangType = "rustbinary" Conan LangType = "conan" Cocoapods LangType = "cocoapods" Swift LangType = "swift" Pub LangType = "pub" Hex LangType = "hex" Bitnami LangType = "bitnami" Julia LangType = "julia" K8sUpstream LangType = "kubernetes" EKS LangType = "eks" // Amazon Elastic Kubernetes Service GKE LangType = "gke" // Google Kubernetes Engine AKS LangType = "aks" // Azure Kubernetes Service RKE LangType = "rke" // Rancher Kubernetes Engine OCP LangType = "ocp" // Red Hat OpenShift Container Platform )
Programming language dependencies
type LicenseCategory ¶ added in v0.30.0
type LicenseCategory string
const ( CategoryForbidden LicenseCategory = "forbidden" CategoryRestricted LicenseCategory = "restricted" CategoryReciprocal LicenseCategory = "reciprocal" CategoryNotice LicenseCategory = "notice" CategoryPermissive LicenseCategory = "permissive" CategoryUnencumbered LicenseCategory = "unencumbered" CategoryUnknown LicenseCategory = "unknown" )
type LicenseFile ¶ added in v0.30.0
type LicenseFile struct { Type LicenseType FilePath string PkgName string Findings LicenseFindings Layer Layer `json:",omitempty"` }
type LicenseFinding ¶ added in v0.30.0
type LicenseFinding struct { Category LicenseCategory // such as "forbidden" Name string Confidence float64 Link string }
type LicenseFindings ¶ added in v0.36.0
type LicenseFindings []LicenseFinding
func (LicenseFindings) Len ¶ added in v0.36.0
func (findings LicenseFindings) Len() int
func (LicenseFindings) Less ¶ added in v0.36.0
func (findings LicenseFindings) Less(i, j int) bool
func (LicenseFindings) Names ¶ added in v0.45.0
func (findings LicenseFindings) Names() []string
func (LicenseFindings) Swap ¶ added in v0.36.0
func (findings LicenseFindings) Swap(i, j int)
type LicenseType ¶ added in v0.30.0
type LicenseType string
const ( LicenseTypeDpkg LicenseType = "dpkg" // From /usr/share/doc/*/copyright LicenseTypeHeader LicenseType = "header" // From file headers LicenseTypeFile LicenseType = "license-file" // From LICENSE, COPYRIGHT, etc. )
type Line ¶
type Line struct { Number int `json:"Number"` Content string `json:"Content"` IsCause bool `json:"IsCause"` Annotation string `json:"Annotation"` Truncated bool `json:"Truncated"` Highlighted string `json:"Highlighted,omitempty"` FirstCause bool `json:"FirstCause"` LastCause bool `json:"LastCause"` }
type MisconfResult ¶
type MisconfResult struct { Namespace string `json:",omitempty"` Query string `json:",omitempty"` Message string `json:",omitempty"` PolicyMetadata `json:",omitempty"` CauseMetadata `json:",omitempty"` // For debugging Traces []string `json:",omitempty"` }
type MisconfResults ¶
type MisconfResults []MisconfResult
func (MisconfResults) Len ¶
func (r MisconfResults) Len() int
func (MisconfResults) Less ¶
func (r MisconfResults) Less(i, j int) bool
func (MisconfResults) Swap ¶
func (r MisconfResults) Swap(i, j int)
type Misconfiguration ¶
type Misconfiguration struct { FileType ConfigType `json:",omitempty"` FilePath string `json:",omitempty"` Successes MisconfResults `json:",omitempty"` Warnings MisconfResults `json:",omitempty"` Failures MisconfResults `json:",omitempty"` Layer Layer `json:",omitempty"` }
func ToMisconfigurations ¶
func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration
type OS ¶
type OSType ¶ added in v0.46.0
type OSType = TargetType
OSType is an alias of TargetType for operating systems
const ( Alma OSType = "alma" Alpine OSType = "alpine" Amazon OSType = "amazon" Azure OSType = "azurelinux" CBLMariner OSType = "cbl-mariner" CentOS OSType = "centos" Chainguard OSType = "chainguard" Debian OSType = "debian" Fedora OSType = "fedora" OpenSUSE OSType = "opensuse" OpenSUSELeap OSType = "opensuse-leap" OpenSUSETumbleweed OSType = "opensuse-tumbleweed" Oracle OSType = "oracle" Photon OSType = "photon" RedHat OSType = "redhat" Rocky OSType = "rocky" SLEMicro OSType = "slem" SLES OSType = "sles" Ubuntu OSType = "ubuntu" Wolfi OSType = "wolfi" )
Operating systems
type Occurrence ¶ added in v0.45.0
type Package ¶
type Package struct { ID string `json:",omitempty"` Name string `json:",omitempty"` Identifier PkgIdentifier `json:",omitempty"` Version string `json:",omitempty"` Release string `json:",omitempty"` Epoch int `json:",omitempty"` Arch string `json:",omitempty"` Dev bool `json:",omitempty"` SrcName string `json:",omitempty"` SrcVersion string `json:",omitempty"` SrcRelease string `json:",omitempty"` SrcEpoch int `json:",omitempty"` Licenses []string `json:",omitempty"` Maintainer string `json:",omitempty"` ExternalReferences []ExternalRef `json:"-" hash:"ignore"` Modularitylabel string `json:",omitempty"` // only for Red Hat based distributions BuildInfo *BuildInfo `json:",omitempty"` // only for Red Hat Indirect bool `json:",omitempty"` // Deprecated: Use relationship. Kept for backward compatibility. Relationship Relationship `json:",omitempty"` // Dependencies of this package // Note: it may have interdependencies, which may lead to infinite loops. DependsOn []string `json:",omitempty"` Layer Layer `json:",omitempty"` // Each package metadata have the file path, while the package from lock files does not have. FilePath string `json:",omitempty"` // This is required when using SPDX formats. Otherwise, it will be empty. Digest digest.Digest `json:",omitempty"` // lines from the lock file where the dependency is written Locations Locations `json:",omitempty"` // Files installed by the package InstalledFiles []string `json:",omitempty"` }
type PackageInfo ¶
type Packages ¶ added in v0.36.0
type Packages []Package
func (Packages) ParentDeps ¶ added in v0.39.0
ParentDeps returns a map where the keys are package IDs and the values are the packages that depend on the respective package ID (parent dependencies).
type PkgIdentifier ¶ added in v0.49.0
type PkgIdentifier struct { UID string `json:",omitempty"` // Calculated by the package struct PURL *packageurl.PackageURL `json:"-"` BOMRef string `json:",omitempty"` // For CycloneDX }
PkgIdentifier represents a software identifiers in one of more of the supported formats.
func (*PkgIdentifier) Empty ¶ added in v0.49.0
func (id *PkgIdentifier) Empty() bool
func (PkgIdentifier) MarshalJSON ¶ added in v0.49.0
func (id PkgIdentifier) MarshalJSON() ([]byte, error)
MarshalJSON customizes the JSON encoding of PkgIdentifier.
func (*PkgIdentifier) Match ¶ added in v0.49.0
func (id *PkgIdentifier) Match(s string) bool
func (*PkgIdentifier) UnmarshalJSON ¶ added in v0.49.0
func (id *PkgIdentifier) UnmarshalJSON(data []byte) error
UnmarshalJSON customizes the JSON decoding of PkgIdentifier.
type PodmanOptions ¶ added in v0.41.0
type PodmanOptions struct {
Host string
}
type PolicyInputOption ¶
type PolicyInputOption struct { Combine bool `mapstructure:"combine"` Selectors []PolicyInputSelector `mapstructure:"selector"` }
type PolicyInputSelector ¶
type PolicyInputSelector struct {
Type string `mapstructure:"type"`
}
type PolicyMetadata ¶
type PolicyMetadata struct { ID string `json:",omitempty"` AVDID string `json:",omitempty"` Type string `json:",omitempty"` Title string `json:",omitempty"` Description string `json:",omitempty"` Severity string `json:",omitempty"` RecommendedActions string `json:",omitempty" mapstructure:"recommended_actions"` References []string `json:",omitempty"` }
type RegistryOptions ¶ added in v0.41.0
type RegistryOptions struct { // Auth for registries Credentials []Credential // RegistryToken is a bearer token to be sent to a registry RegistryToken string // SSL/TLS Insecure bool // For internal use. Needed for mTLS authentication. ClientCert []byte ClientKey []byte // Architecture Platform Platform // ECR AWSAccessKey string AWSSecretKey string AWSSessionToken string AWSRegion string // GCP GCPCredPath string }
type Relationship ¶ added in v0.51.0
type Relationship int
const ( RelationshipUnknown Relationship = iota RelationshipRoot RelationshipWorkspace // For maven `modules`. TODO use it for cargo and npm workspaces RelationshipDirect RelationshipIndirect )
func NewRelationship ¶ added in v0.54.0
func NewRelationship(s string) (Relationship, error)
func (Relationship) MarshalJSON ¶ added in v0.51.2
func (r Relationship) MarshalJSON() ([]byte, error)
func (Relationship) String ¶ added in v0.51.2
func (r Relationship) String() string
func (*Relationship) UnmarshalJSON ¶ added in v0.51.2
func (r *Relationship) UnmarshalJSON(data []byte) error
type Repository ¶
type Secret ¶
type Secret struct { FilePath string Findings []SecretFinding }
type SecretFinding ¶
type SecretRuleCategory ¶
type SecretRuleCategory string