Documentation
¶
Index ¶
Constants ¶
View Source
const (
// ScanAllCallback the scheduler callback name of the scan all
ScanAllCallback = "scanAll"
)
Variables ¶
View Source
var ( // DefaultController is a default singleton scan API controller. DefaultController = NewController() )
Functions ¶
func GetReportUUIDs ¶
GetReportUUIDs returns the report UUIDs from the extra attributes
Types ¶
type Checker ¶
type Checker interface {
// IsScannable returns true when the artifact is scannable
IsScannable(ctx context.Context, artifact *artifact.Artifact) (bool, error)
}
Checker checker which can check that the artifact is scannable
type Controller ¶
type Controller interface {
// Scan the given artifact
//
// Arguments:
// ctx context.Context : the context for this method
// artifact *artifact.Artifact : artifact to be scanned
// options ...Option : options for triggering a scan
//
// Returns:
// error : non nil error if any errors occurred
Scan(ctx context.Context, artifact *artifact.Artifact, options ...Option) error
// Stop scan job of the given artifact
//
// Arguments:
// ctx context.Context : the context for this method
// artifact *artifact.Artifact : the artifact whose scan job to be stopped
// capType string : the capability type of the scanner, vulnerability or SBOM.
//
// Returns:
// error : non nil error if any errors occurred
Stop(ctx context.Context, artifact *artifact.Artifact, capType string) error
// GetReport gets the reports for the given artifact identified by the digest
//
// Arguments:
// ctx context.Context : the context for this method
// artifact *v1.Artifact : the scanned artifact
// mimeTypes []string : the mime types of the reports
//
// Returns:
// []*scan.Report : scan results by different scanner vendors
// error : non nil error if any errors occurred
GetReport(ctx context.Context, artifact *artifact.Artifact, mimeTypes []string) ([]*scan.Report, error)
// GetSummary gets the summaries of the reports with given types.
//
// Arguments:
// ctx context.Context : the context for this method
// artifact *artifact.Artifact : the scanned artifact
// mimeTypes []string : the mime types of the reports
//
// Returns:
// map[string]interface{} : report summaries indexed by mime types
// error : non nil error if any errors occurred
GetSummary(ctx context.Context, artifact *artifact.Artifact, scanType string, mimeTypes []string) (map[string]interface{}, error)
// Get the scan log for the specified artifact with the given digest
//
// Arguments:
// ctx context.Context : the context for this method
// uuid string : the UUID of the scan report
//
// Returns:
// []byte : the log text stream
// error : non nil error if any errors occurred
GetScanLog(ctx context.Context, art *artifact.Artifact, uuid string) ([]byte, error)
// Scan all the artifacts
//
// Arguments:
// ctx context.Context : the context for this method
// trigger string : the trigger mode to start the scan all job
// async bool : scan all the artifacts in background
//
// Returns:
// error : non nil error if any errors occurred
ScanAll(ctx context.Context, trigger string, async bool) (int64, error)
// StopScanAll stops the scanAll
//
// Arguments:
// ctx context.Context : the context for this method
// executionID int64 : the id of scan all execution
// async bool : stop scan all in background
// Returns:
// error : non nil error if any errors occurred
StopScanAll(ctx context.Context, executionID int64, async bool) error
// GetVulnerable returns the vulnerable of the artifact for the allowlist
//
// Arguments:
// ctx context.Context : the context for this method
// artifact *artifact.Artifact : artifact to be scanned
// allowlist map[string]struct{} : the set of CVE id of the items in the allowlist
// allowlistIsExpired bool : whether the allowlist is expired
//
// Returns
// *Vulnerable : the vulnerable
// error : non nil error if any errors occurred
GetVulnerable(ctx context.Context, artifact *artifact.Artifact, allowlist allowlist.CVESet, allowlistIsExpired bool) (*Vulnerable, error)
}
Controller provides the related operations for triggering scan.
type Option ¶
Option represents an option item by func template. The validation result of the options are marked by nil/non-nil error. e.g: If the option is required and the input arg is empty, then a non nil error should be returned at then.
func WithExecutionID ¶
WithExecutionID sets the execution id option.
func WithFromEvent ¶
WithFromEvent set the caller's source
type Options ¶
type Options struct {
ExecutionID int64 // The execution id to scan artifact
Tag string // The tag of the artifact to scan
ScanType string // The scan type could be sbom or vulnerability
FromEvent bool // indicate the current call from event or not
}
Options keep the settings/configurations for scanning.
func (*Options) GetScanType ¶
GetScanType returns the scan type. for backward compatibility, the default type is vulnerability.
type Vulnerable ¶
type Vulnerable struct {
VulnerabilitiesCount int
ScanStatus string
Severity *vuln.Severity
CVEBypassed []string
}
Vulnerable ...
func (*Vulnerable) IsScanSuccess ¶
func (v *Vulnerable) IsScanSuccess() bool
IsScanSuccess returns true when the artifact scanned success
Source Files
Click to show internal directories.
Click to hide internal directories.