Documentation
¶
Index ¶
- Constants
- Variables
- func BoolPtr(b bool) *bool
- func GetConn(ctx context.Context, socketPath string) (conn *grpc.ClientConn, err error)
- func GetNamespace() string
- func GetNonRunningImages(runningImages map[string]string, allImages []unversioned.Image, ...) map[string]string
- func GetRunningImages(containers []*v1.Container, idToImageMap map[string]unversioned.Image) map[string]string
- func IsExcluded(excluded map[string]struct{}, img string, ...) bool
- func ListContainers(ctx context.Context, runtime v1.RuntimeServiceClient) (list []*v1.Container, err error)
- func ListImages(ctx context.Context, images v1.ImageServiceClient) (list []*v1.Image, err error)
- func ParseEndpoint(endpoint string) (string, string, error)
- func ParseEndpointWithFallbackProtocol(endpoint string, fallbackProtocol string) (protocol string, addr string, err error)
- func ParseExcluded() (map[string]struct{}, error)
- func ParseImageList(path string) ([]string, error)
- func ProcessRepoDigests(repoDigests []string) ([]string, []error)
- func ReadCollectScanPipe(ctx context.Context) ([]unversioned.Image, error)
- func WriteScanErasePipe(vulnerableImages []unversioned.Image) error
- type ExclusionList
- type MultiFlag
Constants ¶
View Source
const ( PipeMode = 0o644 ScanErasePath = "/run/eraser.sh/shared-data/scanErase" CollectScanPath = "/run/eraser.sh/shared-data/collectScan" EraseCompleteCollectPath = "/run/eraser.sh/shared-data/eraseCompleteCollect" EraseCompleteMessage = "complete" EraseCompleteScanPath = "/run/eraser.sh/shared-data/eraseCompleteScan" CRIPath = "/run/cri/cri.sock" EnvEraserRuntimeName = "ERASER_RUNTIME_NAME" )
Variables ¶
View Source
var ( ErrProtocolNotSupported = errors.New("protocol not supported") ErrEndpointDeprecated = errors.New("endpoint is deprecated, please consider using full url format") ErrOnlySupportUnixSocket = errors.New("only support unix socket endpoint") )
View Source
Capabilities: &corev1.Capabilities{ Drop: []corev1.Capability{"ALL"}, }, ReadOnlyRootFilesystem: &trueval, SeccompProfile: &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, }, }
Functions ¶
func GetNamespace ¶
func GetNamespace() string
func GetNonRunningImages ¶
func GetNonRunningImages(runningImages map[string]string, allImages []unversioned.Image, idToImageMap map[string]unversioned.Image) map[string]string
func GetRunningImages ¶
func IsExcluded ¶
func ListContainers ¶
func ListImages ¶
func ParseExcluded ¶
func ParseImageList ¶
func ProcessRepoDigests ¶
func ReadCollectScanPipe ¶
func ReadCollectScanPipe(ctx context.Context) ([]unversioned.Image, error)
func WriteScanErasePipe ¶
func WriteScanErasePipe(vulnerableImages []unversioned.Image) error
Types ¶
type ExclusionList ¶
type ExclusionList struct {
Excluded []string `json:"excluded"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.