security

package

v0.7.3 Latest Latest Go to latest Published: Oct 2, 2024 License: Apache-2.0 Imports: 26 Imported by: 7

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/devtron-labs/devtron

Links

Open Source Insights

Documentation ¶

Index ¶

type ImageScanService
type ImageScanServiceImpl
- func NewImageScanServiceImpl(Logger *zap.SugaredLogger, ...) *ImageScanServiceImpl
type PolicyService
type PolicyServiceImpl
- func NewPolicyServiceImpl(environmentService cluster.EnvironmentService, logger *zap.SugaredLogger, ...) *PolicyServiceImpl
type ScanEvent
type VerifyImageRequest
type VerifyImageResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ImageScanService ¶

type ImageScanService interface {
	FetchAllDeployInfo(request *bean3.ImageScanRequest) ([]*security.ImageScanDeployInfo, error)
	FetchScanExecutionListing(request *bean3.ImageScanRequest, ids []int) (*bean3.ImageScanHistoryListingResponse, error)
	FetchExecutionDetailResult(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
	FetchMinScanResultByAppIdAndEnvId(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
	VulnerabilityExposure(request *security.VulnerabilityRequest) (*security.VulnerabilityExposureListingResponse, error)
	GetArtifactVulnerabilityStatus(ctx context.Context, request *bean2.VulnerabilityCheckRequest) (bool, error)
}

type ImageScanServiceImpl ¶

type ImageScanServiceImpl struct {
	Logger *zap.SugaredLogger
	// contains filtered or unexported fields
}

func NewImageScanServiceImpl ¶

func NewImageScanServiceImpl(Logger *zap.SugaredLogger, scanHistoryRepository security.ImageScanHistoryRepository,
	scanResultRepository security.ImageScanResultRepository, scanObjectMetaRepository security.ImageScanObjectMetaRepository,
	cveStoreRepository security.CveStoreRepository, imageScanDeployInfoRepository security.ImageScanDeployInfoRepository,
	userService user.UserService, teamRepository repository2.TeamRepository,
	appRepository repository1.AppRepository,
	envService cluster.EnvironmentService, ciArtifactRepository repository.CiArtifactRepository, policyService PolicyService,
	pipelineRepository pipelineConfig.PipelineRepository, ciPipelineRepository pipelineConfig.CiPipelineRepository, scanToolMetaDataRepository security.ScanToolMetadataRepository, scanToolExecutionHistoryMappingRepository security.ScanToolExecutionHistoryMappingRepository,
	cvePolicyRepository security.CvePolicyRepository) *ImageScanServiceImpl

func (*ImageScanServiceImpl) CalculateSeverityCountInfo ¶ added in v0.7.3

func (impl *ImageScanServiceImpl) CalculateSeverityCountInfo(vulnerabilities []*bean3.Vulnerabilities) *bean3.SeverityCount

func (ImageScanServiceImpl) FetchAllDeployInfo ¶

func (impl ImageScanServiceImpl) FetchAllDeployInfo(request *bean3.ImageScanRequest) ([]*security.ImageScanDeployInfo, error)

func (ImageScanServiceImpl) FetchExecutionDetailResult ¶

func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)

func (*ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId ¶

func (impl *ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)

func (ImageScanServiceImpl) FetchScanExecutionListing ¶

func (impl ImageScanServiceImpl) FetchScanExecutionListing(request *bean3.ImageScanRequest, deployInfoIds []int) (*bean3.ImageScanHistoryListingResponse, error)

func (*ImageScanServiceImpl) GetArtifactVulnerabilityStatus ¶ added in v0.7.0

func (impl *ImageScanServiceImpl) GetArtifactVulnerabilityStatus(ctx context.Context, request *bean2.VulnerabilityCheckRequest) (bool, error)

func (*ImageScanServiceImpl) VulnerabilityExposure ¶

func (impl *ImageScanServiceImpl) VulnerabilityExposure(request *security.VulnerabilityRequest) (*security.VulnerabilityExposureListingResponse, error)

type PolicyService ¶

type PolicyService interface {
	SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	GetPolicies(policyLevel securityBean.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)
	GetBlockedCVEList(cves []*security.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*security.CveStore, error)
	VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)
	GetCvePolicy(id int, userId int32) (*security.CvePolicy, error)
	GetApplicablePolicy(clusterId, envId, appId int, isAppstore bool) (map[string]*security.CvePolicy, map[securityBean.Severity]*security.CvePolicy, error)
	HasBlockedCVE(cves []*security.CveStore, cvePolicy map[string]*security.CvePolicy, severityPolicy map[securityBean.Severity]*security.CvePolicy) bool
}

type PolicyServiceImpl ¶

type PolicyServiceImpl struct {
	PipelineRepository pipelineConfig.PipelineRepository
	// contains filtered or unexported fields
}

func NewPolicyServiceImpl ¶

func NewPolicyServiceImpl(environmentService cluster.EnvironmentService,
	logger *zap.SugaredLogger,
	apRepository repository1.AppRepository,
	pipelineOverride chartConfig.PipelineOverrideRepository,
	cvePolicyRepository security.CvePolicyRepository,
	clusterService cluster.ClusterService,
	PipelineRepository pipelineConfig.PipelineRepository,
	scanResultRepository security.ImageScanResultRepository,
	imageScanDeployInfoRepository security.ImageScanDeployInfoRepository,
	imageScanObjectMetaRepository security.ImageScanObjectMetaRepository, client *http.Client,
	ciArtifactRepository repository.CiArtifactRepository, ciConfig *types.CiCdConfig,
	scanHistoryRepository security.ImageScanHistoryRepository, cveStoreRepository security.CveStoreRepository,
	ciTemplateRepository pipelineConfig.CiTemplateRepository) *PolicyServiceImpl

func (*PolicyServiceImpl) DeletePolicy ¶

func (impl *PolicyServiceImpl) DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

input : policyId output: id

func (*PolicyServiceImpl) GetApplicablePolicy ¶ added in v0.4.1

func (impl *PolicyServiceImpl) GetApplicablePolicy(clusterId, envId, appId int, isAppstore bool) (map[string]*security.CvePolicy, map[securityBean.Severity]*security.CvePolicy, error)

func (*PolicyServiceImpl) GetBlockedCVEList ¶

func (impl *PolicyServiceImpl) GetBlockedCVEList(cves []*security.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*security.CveStore, error)

func (*PolicyServiceImpl) GetCvePolicy ¶

func (impl *PolicyServiceImpl) GetCvePolicy(id int, userId int32) (*security.CvePolicy, error)

func (*PolicyServiceImpl) GetPolicies ¶

func (impl *PolicyServiceImpl) GetPolicies(policyLevel securityBean.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)

global: na
cluster: clusterId
environment: environmentId
application : appId, envId

res:

func (*PolicyServiceImpl) HasBlockedCVE ¶ added in v0.4.1

func (impl *PolicyServiceImpl) HasBlockedCVE(cves []*security.CveStore, cvePolicy map[string]*security.CvePolicy, severityPolicy map[securityBean.Severity]*security.CvePolicy) bool

func (*PolicyServiceImpl) SavePolicy ¶

func (impl *PolicyServiceImpl) SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

func (*PolicyServiceImpl) SendEventToClairUtility ¶

func (impl *PolicyServiceImpl) SendEventToClairUtility(event *ScanEvent) error

func (*PolicyServiceImpl) UpdatePolicy ¶

func (impl *PolicyServiceImpl) UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

1. policy id 2. action

func (*PolicyServiceImpl) VerifyImage ¶

func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)

type ScanEvent ¶

type ScanEvent struct {
	Image            string `json:"image"`
	ImageDigest      string `json:"imageDigest"`
	AppId            int    `json:"appId"`
	EnvId            int    `json:"envId"`
	PipelineId       int    `json:"pipelineId"`
	CiArtifactId     int    `json:"ciArtifactId"`
	UserId           int    `json:"userId"`
	AccessKey        string `json:"accessKey"`
	SecretKey        string `json:"secretKey"`
	Token            string `json:"token"`
	AwsRegion        string `json:"awsRegion"`
	DockerRegistryId string `json:"dockerRegistryId"`
}

type VerifyImageRequest ¶

type VerifyImageRequest struct {
	Images      []string
	ReleaseName string
	Namespace   string
	ClusterName string
	PodName     string
}

type VerifyImageResponse ¶

type VerifyImageResponse struct {
	Name         string
	Severity     string
	Package      string
	Version      string
	FixedVersion string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bean

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL