scanners

package
v0.0.0-...-44d2f18 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 16, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditData

type AuditData struct {
	PolarisOutputVersion string
	AuditTime            string
	SourceType           string
	SourceName           string
	DisplayName          string
	ClusterSummary       ClusterSummary
	NamespacedResults    NamespacedResults
	ScanResults          ScansSummary
}

AuditData contains all the data from a full Polaris audit

type CategorySummary

type CategorySummary map[string]*CountSummary

CategorySummary provides a map from category name to a CountSummary

type Check

type Check struct {
	Id               string      `json:"id"`
	GroupName        string      `json:"group"`
	ResourceCategory string      `json:"category"`
	ResourceFullName string      `json:"resourceName"`
	Description      string      `json:"description"`
	Result           CheckResult `json:"result"`
}

type CheckResult

type CheckResult string

type ClusterSum

type ClusterSum struct {
	Name       string `json:"name"`
	Version    string `json:"version"`
	Grade      string `json:"grade"`
	Score      int    `json:"score"`
	Nodes      int    `json:"nodes"`
	Namespaces int    `json:"namespaces"`
	Pods       int    `json:"pods"`
}

type ClusterSummary

type ClusterSummary struct {
	Results                ResultSummary
	Version                string
	Nodes                  int
	Pods                   int
	Namespaces             int
	Deployments            int
	StatefulSets           int
	DaemonSets             int
	Jobs                   int
	CronJobs               int
	ReplicationControllers int
	Score                  uint
}

ClusterSummary contains Polaris results as well as some high-level stats

type ContainerImageScanResult

type ContainerImageScanResult struct {
	Image       string                 `json:"image"`
	ScanResult  string                 `json:"scanResult"`
	Description string                 `json:"description"`
	Counters    []VulnerabilityCounter `json:"counters"`
	Attributes  []string               `json:"attributes"`
	Pods        []string               `json:"pods"`
}

ImageScanResult is a short description of a single container image vulnerabilities audit

type ContainerImageScansSummary

type ContainerImageScansSummary struct {
	Images []ContainerImageScanResult `json:"images"`
}

type ContainerResult

type ContainerResult struct {
	Name        string
	Image       string
	Messages    []*ResultMessage
	Summary     *ResultSummary
	ScanSummary ImageScanResultSummary
}

ContainerResult provides a list of validation messages for each container.

type ControllerResult

type ControllerResult struct {
	Name      string
	Type      string
	PodResult PodResult
}

ControllerResult provides a wrapper around a PodResult

type CountSummary

type CountSummary struct {
	Successes uint
	Warnings  uint
	Errors    uint
}

CountSummary provides a high level overview of success, warnings, and errors.

func (*CountSummary) GetScore

func (cs *CountSummary) GetScore() uint

GetScore returns an overall score in [0, 100] for the CountSummary

type ImageScanResult

type ImageScanResult struct {
	Image       string            `json:"image"`
	ScanResult  string            `json:"scanResult"`
	Description string            `json:"description"`
	Targets     []TrivyScanTarget `json:"targets"`
}

ImageScanResult contains details about all the found vulnerabilities

type ImageScanResultSummary

type ImageScanResultSummary struct {
	Image       string                 `json:"image"`
	ScanResult  string                 `json:"scanResult"`
	Description string                 `json:"description"`
	Counters    []VulnerabilityCounter `json:"counters"`
}

ImageScanResultSummary contains vulnerabilities summary

type KubeOverview

type KubeOverview struct {
	Cluster             ClusterSum  `json:"cluster"`
	CheckGroupSummary   []ResultSum `json:"checkGroupSummary"`
	NamespaceSummary    []ResultSum `json:"namespaceSummary"`
	CheckResultsSummary ResultSum   `json:"checkResultsSummary"`
	Checks              []Check     `json:"checks"`
}

type MessageType

type MessageType string

MessageType represents the type of Message

const (
	// MessageTypeNoData indicates no validation data
	MessageTypeNoData MessageType = "nodata"

	// MessageTypeSuccess indicates a validation success
	MessageTypeSuccess MessageType = "success"

	// MessageTypeWarning indicates a validation warning
	MessageTypeWarning MessageType = "warning"

	// MessageTypeError indicates a validation error
	MessageTypeError MessageType = "error"
)

type NamespaceResult

type NamespaceResult struct {
	Name    string
	Summary *ResultSummary

	// TODO: This struct could use some love to reorganize it as just having "results"
	//       and then having methods to return filtered results by type
	//       (deploy, daemonset, etc)
	//       The way this is structured right now makes it difficult to add
	//       additional result types and potentially miss things in the metrics
	//       summary.
	DeploymentResults            []ControllerResult
	StatefulSetResults           []ControllerResult
	DaemonSetResults             []ControllerResult
	JobResults                   []ControllerResult
	CronJobResults               []ControllerResult
	ReplicationControllerResults []ControllerResult
}

NamespaceResult groups container results by parent resource.

func (NamespaceResult) GetAllControllerResults

func (n NamespaceResult) GetAllControllerResults() []ControllerResult

GetAllControllerResults grabs all the different types of controller results from the namespaced result as a single list for easier iteration

type NamespacedResults

type NamespacedResults map[string]*NamespaceResult

NamespacedResults is a mapping of namespace name to the validation results.

type PodResult

type PodResult struct {
	Name             string
	Summary          *ResultSummary
	Messages         []*ResultMessage
	ContainerResults []ContainerResult
	// contains filtered or unexported fields
}

PodResult provides a list of validation messages for each pod.

type ResultMessage

type ResultMessage struct {
	ID       string
	Message  string
	Type     MessageType
	Category string
}

ResultMessage contains a message and a type indicator (success, warning, or error).

type ResultSum

type ResultSum struct {
	Name      string `json:"resultName"`
	Successes int    `json:"Successes"`
	Warnings  int    `json:"Warnings"`
	Errors    int    `json:"Errors"`
	NoDatas   int    `json:"NoDatas"`
}

type ResultSummary

type ResultSummary struct {
	Totals     CountSummary
	ByCategory CategorySummary
}

ResultSummary provides a high level overview of success, warnings, and errors.

type Scanners

type Scanners struct {
	ServiceURL string
}

Scanners base struct

func NewScanners

func NewScanners(url string) *Scanners

NewScanners returns a new scanner instance.

func (*Scanners) GetClusterOverviewSummary

func (s *Scanners) GetClusterOverviewSummary() (scanSummary KubeOverview, err error)

func (*Scanners) GetImageScanResult

func (s *Scanners) GetImageScanResult(image string) (scanResult ImageScanResult, err error)

GetImageScanResult returns detailed single image scan result

func (*Scanners) GetImageScansSummary

func (s *Scanners) GetImageScansSummary() (scanSummary ContainerImageScansSummary, err error)

returns container image scan summary

func (*Scanners) GetKubeObjectsAudit

func (s *Scanners) GetKubeObjectsAudit() (auditData AuditData, err error)

GetKubeObjectsAudit returns Kube Audit result

type ScansMap

type ScansMap map[string]ImageScanResultSummary

ScansMap provides a map from image name to a scan result

type ScansSummary

type ScansSummary struct {
	Scans     ScansMap
	NoData    uint
	Successes uint
	Warnings  uint
	Errors    uint
}

ScansSummary provides a high level overview of container images scan results.

func (*ScansSummary) GetScore

func (summary *ScansSummary) GetScore() uint

GetScore returns an overall score in [0, 100] for the ScansSummary

type TrivyScanTarget

type TrivyScanTarget struct {
	Target          string                     `json:"Target"`
	Vulnerabilities []VulnerabilityDescription `json:"Vulnerabilities"`
}

type VulnerabilityCounter

type VulnerabilityCounter struct {
	Severity string `json:"severity"`
	Count    int    `json:"count"`
}

VulnerabilityCounter represents amount of issues with specified severity

type VulnerabilityDescription

type VulnerabilityDescription struct {
	CVE              string   `json:"VulnerabilityID"`
	Package          string   `json:"PkgName"`
	InstalledVersion string   `json:"InstalledVersion"`
	FixedVersion     string   `json:"FixedVersion"`
	Title            string   `json:"Title"`
	Description      string   `json:"Description"`
	Severity         string   `json:"Severity"`
	References       []string `json:"References"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL