Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseReportIDs ¶
ParseReportIDs returns report ids from s
Types ¶
type CVSS ¶
type CVSS struct {
// The CVSS-3 score for the vulnerability
// e.g. 2.5
ScoreV3 *float64 `json:"score_v3"`
// The CVSS-3 score for the vulnerability
// e.g. 2.5
ScoreV2 *float64 `json:"score_v2"`
// The CVSS-3 attack vector.
// e.g. CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
VectorV3 string `json:"vector_v3"`
// The CVSS-3 attack vector.
// e.g. AV:L/AC:M/Au:N/C:P/I:N/A:N
VectorV2 string `json:"vector_v2"`
}
CVSS holds the score and attack vector for the vulnerability based on the CVSS3 and CVSS2 standards
type NativeReportSummary ¶
type NativeReportSummary struct {
ReportID string `json:"report_id"`
ScanStatus string `json:"scan_status"`
Severity Severity `json:"severity"`
Duration int64 `json:"duration"`
Summary *VulnerabilitySummary `json:"summary"`
CVEBypassed []string `json:"-"`
StartTime time.Time `json:"start_time"`
EndTime time.Time `json:"end_time"`
Scanner *v1.Scanner `json:"scanner,omitempty"`
CompletePercent int `json:"complete_percent"`
TotalCount int `json:"-"`
CompleteCount int `json:"-"`
VulnerabilityItemList *VulnerabilityItemList `json:"-"`
}
NativeReportSummary is the default supported scan report summary model. Generated based on the report with v1.MimeTypeNativeReport or the v1.MimeTypeGenericVulnerabilityReport mime type.
func (*NativeReportSummary) Merge ¶
func (sum *NativeReportSummary) Merge(another *NativeReportSummary) *NativeReportSummary
Merge ...
func (*NativeReportSummary) UpdateSeveritySummary ¶
func (sum *NativeReportSummary) UpdateSeveritySummary(l *VulnerabilityItemList)
UpdateSeveritySummary update the Severity, Summary of the sum from l
type Report ¶
type Report struct {
// Time of generating this report
GeneratedAt string `json:"generated_at"`
// Scanner of generating this report
Scanner *v1.Scanner `json:"scanner"`
// A standard scale for measuring the severity of a vulnerability.
Severity Severity `json:"severity"`
// Vulnerability list
Vulnerabilities []*VulnerabilityItem `json:"vulnerabilities"`
// SBOM sbom content
SBOM map[string]interface{} `json:"sbom,omitempty"`
// contains filtered or unexported fields
}
Report model for vulnerability scan
func (*Report) GetVulnerabilityItemList ¶
func (report *Report) GetVulnerabilityItemList() *VulnerabilityItemList
GetVulnerabilityItemList returns VulnerabilityItemList from the Vulnerabilities of report
func (*Report) MarshalJSON ¶
MarshalJSON custom function to dump nil slice of Vulnerabilities as empty slice See https://github.com/goharbor/harbor/issues/11131 to get more details
func (*Report) WithArtifactDigest ¶
WithArtifactDigest set artifact digest for the report
type Severity ¶
type Severity string
Severity is a standard scale for measuring the severity of a vulnerability.
const ( // None - only used to mark the overall severity of the scanned artifacts, // means no vulnerabilities attached with the artifacts, // (might be bypassed by the CVE allowlist). None Severity = "None" // Unknown - either a security problem that has not been assigned to a priority yet or // a priority that the scanner did not recognize. Unknown Severity = "Unknown" // Negligible - technically a security problem, but is only theoretical in nature, requires // a very special situation, has almost no install base, or does no real damage. Negligible Severity = "Negligible" // Low - a security problem, but is hard to exploit due to environment, requires a // user-assisted attack, a small install base, or does very little damage. Low Severity = "Low" // Medium - a real security problem, and is exploitable for many people. Includes network // daemon denial of service attacks, cross-site scripting, and gaining user privileges. Medium Severity = "Medium" // High - a real problem, exploitable for many people in a default installation. Includes // serious remote denial of service, local root privilege escalations, or data loss. High Severity = "High" // Critical - a world-burning problem, exploitable for nearly all people in a default installation. // Includes remote root privilege escalations, or massive data loss. Critical Severity = "Critical" )
func ParseSeverityVersion3 ¶
ParseSeverityVersion3 returns severity of CVSS v3.0 Ratings
type VulnerabilityItem ¶
type VulnerabilityItem struct {
// The unique identifier of the vulnerability.
// e.g: CVE-2017-8283
ID string `json:"id"`
// An operating system or software dependency package containing the vulnerability.
// e.g: dpkg
Package string `json:"package"`
// The version of the package containing the vulnerability.
// e.g: 1.17.27
Version string `json:"version"`
// The version of the package containing the fix if available.
// e.g: 1.18.0
FixVersion string `json:"fix_version"`
// A standard scale for measuring the severity of a vulnerability.
Severity Severity `json:"severity"`
// example: dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program
// and does not offer a protection mechanism for blank-indented diff hunks, which allows remote
// attackers to conduct directory traversal attacks via a crafted Debian source package, as
// demonstrated by using of dpkg-source on NetBSD.
Description string `json:"description"`
// The list of link to the upstream database with the full description of the vulnerability.
// Format: URI
// e.g: List [ "https://security-tracker.debian.org/tracker/CVE-2017-8283" ]
Links []string `json:"links"`
// The artifact digests which the vulnerability belonged
// e.g: sha256@ee1d00c5250b5a886b09be2d5f9506add35dfb557f1ef37a7e4b8f0138f32956
ArtifactDigests []string `json:"artifact_digests"`
// The CVSS3 and CVSS2 based scores and attack vector for the vulnerability item
CVSSDetails CVSS `json:"preferred_cvss"`
// A separated list of CWE Ids associated with this vulnerability
// e.g. CWE-465,CWE-124
CWEIds []string `json:"cwe_ids"`
// A collection of vendor specific attributes for the vulnerability item
// with each attribute represented as a key-value pair.
VendorAttributes map[string]interface{} `json:"vendor_attributes"`
}
VulnerabilityItem represents one found vulnerability
func (*VulnerabilityItem) Key ¶
func (item *VulnerabilityItem) Key() string
Key returns the uniq key for the item
type VulnerabilityItemList ¶
type VulnerabilityItemList struct {
// contains filtered or unexported fields
}
VulnerabilityItemList the list can skip the VulnerabilityItem exists in the list when adding
func NewVulnerabilityItemList ¶
func NewVulnerabilityItemList(lists ...*VulnerabilityItemList) *VulnerabilityItemList
NewVulnerabilityItemList returns VulnerabilityItemList from lists
func (*VulnerabilityItemList) Add ¶
func (l *VulnerabilityItemList) Add(items ...*VulnerabilityItem)
Add add item to the list when the item not exists in list
func (*VulnerabilityItemList) GetItem ¶
func (l *VulnerabilityItemList) GetItem(key string) (*VulnerabilityItem, bool)
GetItem returns VulnerabilityItem by key
func (*VulnerabilityItemList) GetSeveritySummary ¶
func (l *VulnerabilityItemList) GetSeveritySummary() (Severity, *VulnerabilitySummary)
GetSeveritySummary returns the severity and summary of l
func (*VulnerabilityItemList) Items ¶
func (l *VulnerabilityItemList) Items() []*VulnerabilityItem
Items returns the vulnerabilities in the l
type VulnerabilitySummary ¶
type VulnerabilitySummary struct {
Total int `json:"total"`
Fixable int `json:"fixable"`
Summary SeveritySummary `json:"summary"`
}
VulnerabilitySummary contains the total number of the found vulnerabilities number and numbers of each severity level.
Source Files
Click to show internal directories.
Click to hide internal directories.