scan

package

v1.9.0 Latest Latest Go to latest Published: Feb 18, 2025 License: Apache-2.0 Imports: 40 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cnrancher/hangar

Documentation ¶

Index ¶

Constants
Variables
func InitScanner(o ScannerOption) error
func InitTrivyDatabase(ctx context.Context, o DBOptions) error
func InitTrivyLogOutput(debug, disable bool)
type DBOptions
type ImageResult
- func NewImageResult(ctx context.Context, report *types.Report, format string, opt *Option) (*ImageResult, error)
- func Scan(ctx context.Context, o *Option) (*ImageResult, error)
type Option
type OutputFormat
type Platform
type Report
- func NewReport() *Report
- func (r *Report) Append(result *Result)
- func (r *Report) WriteCSV(f io.Writer) error
- func (r *Report) WriteSPDXCSV(f io.Writer) error
type Result
- func NewResult(ref string, images []*ImageResult) *Result
- func (r *Result) Append(image *ImageResult)
- func (r *Result) Pass() bool
type Scanner
- func NewScanner(o ScannerOption) (Scanner, error)
type ScannerOption
type Severity
- func NewSeverity(s string) Severity
type Vulnerability

Constants ¶

View Source

const (
	FormatJSON     string = "json"
	FormatYAML     string = "yaml"
	FormatCSV      string = "csv"
	FormatSPDXCSV  string = "spdx-csv"
	FormatSPDXJSON string = "spdx-json"
)

Variables ¶

View Source

var (
	DefaultECRRepository = fmt.Sprintf("%s:%d",
		"public.ecr.aws/aquasecurity/trivy-db", db.SchemaVersion)
	DefaultJavaECRRepository = fmt.Sprintf("%s:%d",
		"public.ecr.aws/aquasecurity/trivy-java-db", javadb.SchemaVersion)

	DefaultGHCRRepository     = db.DefaultGHCRRepository
	DefaultJavaGHCRRepository = javadb.DefaultGHCRRepository
)

View Source

var AvailableFormats = []string{
	FormatJSON,
	FormatYAML,
	FormatCSV,
	FormatSPDXCSV,
	FormatSPDXJSON,
}

View Source

var (
	ErrDBNotInitialized = errors.New("trivy db not initialized")
)

View Source

var (
	ErrScannerNotInitialized = errors.New("scanner not initialized")
)

Functions ¶

func InitScanner ¶

func InitScanner(o ScannerOption) error

func InitTrivyDatabase ¶

func InitTrivyDatabase(ctx context.Context, o DBOptions) error

func InitTrivyLogOutput ¶

func InitTrivyLogOutput(debug, disable bool)

Types ¶

type DBOptions ¶

type DBOptions struct {
	TrivyServerURL        string
	CacheDirectory        string
	DBRepositories        []string
	JavaDBRepositories    []string
	SkipUpdateDB          bool
	SkipUpdateJavaDB      bool
	InsecureSkipTLSVerify bool
}

type ImageResult ¶

type ImageResult struct {
	Digest          digest.Digest    `json:"digest,omitempty" yaml:"digest,omitempty"`
	Platform        Platform         `json:"platform,omitempty" yaml:"platform,omitempty"`
	SBOM_SPDX       *gospdx.Document `json:"spdx,omitempty" yaml:"spdx,omitempty"`
	Vulnerabilities []Vulnerability  `json:"vulnerabilities,omitempty" yaml:"vulnerabilities,omitempty"`
}

func NewImageResult ¶

func NewImageResult(
	ctx context.Context, report *types.Report, format string, opt *Option,
) (*ImageResult, error)

func Scan ¶

func Scan(ctx context.Context, o *Option) (*ImageResult, error)

type Option ¶ added in v1.8.4

type Option struct {
	ReferenceName string
	Digest        digest.Digest
	Platform      Platform
}

Option is the option when scanning container image

type OutputFormat ¶ added in v1.8.4

type OutputFormat string

type Platform ¶

type Platform struct {
	Arch       string   `json:"arch,omitempty" yaml:"arch,omitempty"`
	OS         string   `json:"os,omitempty" yaml:"os,omitempty"`
	OSVersion  string   `json:"osVersion,omitempty" yaml:"osVersion,omitempty"`
	OSFeatures []string `json:"osFeatures,omitempty" yaml:"osFeatures,omitempty"`
	Variant    string   `json:"variant,omitempty" yaml:"variant,omitempty"`
}

type Report ¶

type Report struct {
	Time    time.Time `json:"time,omitempty" yaml:"time,omitempty"`
	Results []*Result `json:"results,omitempty" yaml:"result,omitempty"`
}

func NewReport ¶

func NewReport() *Report

func (*Report) Append ¶

func (r *Report) Append(result *Result)

func (*Report) WriteCSV ¶

func (r *Report) WriteCSV(f io.Writer) error

func (*Report) WriteSPDXCSV ¶ added in v1.8.4

func (r *Report) WriteSPDXCSV(f io.Writer) error

type Result ¶

type Result struct {
	Reference string         `json:"reference,omitempty" yaml:"reference,omitempty"`
	Images    []*ImageResult `json:"images,omitempty" yaml:"images,omitempty"`
}

func NewResult ¶

func NewResult(ref string, images []*ImageResult) *Result

func (*Result) Append ¶

func (r *Result) Append(image *ImageResult)

func (*Result) Pass ¶

func (r *Result) Pass() bool

Pass detects if the image results have vulnerabilities

type Scanner ¶

type Scanner interface {
	Scan(context.Context, *Option) (*ImageResult, error)
}

func NewScanner ¶

func NewScanner(o ScannerOption) (Scanner, error)

type ScannerOption ¶

type ScannerOption struct {
	TrivyServerURL        string
	Offline               bool
	InsecureSkipTLSVerify bool
	CacheDirectory        string

	// Output format: json, yaml, csv, spdx-json
	Format string
	// Scanners: vuln, misconfig, secret, rbac, license, none
	Scanners []string
}

ScannerOption is the option for creating the global image scanner

type Severity ¶

type Severity int

const (
	SeverityUnknown Severity = iota
	SeverityLow
	SeverityMedium
	SeverityHigh
	SeverityCritical
)

func NewSeverity ¶

func NewSeverity(s string) Severity

type Vulnerability ¶

type Vulnerability struct {
	Title            string   `json:"title" yaml:"title"`
	ID               string   `json:"id" yaml:"id"`
	Severity         Severity `json:"-" yaml:"-"`
	SeverityString   string   `json:"severity" yaml:"severity"`
	PkgName          string   `json:"package" yaml:"package"`
	InstalledVersion string   `json:"installed" yaml:"installed"`
	FixedVersion     string   `json:"fixed" yaml:"fixed"`
	PrimaryURL       string   `json:"url" yaml:"url"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL