scan

package
v0.0.0-...-e417875 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ScanAllCallback the scheduler callback name of the scan all
	ScanAllCallback = "scanAll"
)

Variables

View Source
var (
	// DefaultController is a default singleton scan API controller.
	DefaultController = NewController()
)

Functions

func GetReportUUIDs

func GetReportUUIDs(extraAttrs map[string]interface{}) []string

GetReportUUIDs returns the report UUIDs from the extra attributes

Types

type Checker

type Checker interface {
	// IsScannable returns true when the artifact is scannable
	IsScannable(ctx context.Context, artifact *artifact.Artifact) (bool, error)
}

Checker checker which can check that the artifact is scannable

func NewChecker

func NewChecker() Checker

NewChecker returns checker

type Controller

type Controller interface {
	// Scan the given artifact
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     artifact *artifact.Artifact : artifact to be scanned
	//     options ...Option     : options for triggering a scan
	//
	//   Returns:
	//     error  : non nil error if any errors occurred
	Scan(ctx context.Context, artifact *artifact.Artifact, options ...Option) error

	// Stop scan job of the given artifact
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     artifact *artifact.Artifact : the artifact whose scan job to be stopped
	//     capType string : the capability type of the scanner, vulnerability or SBOM.
	//
	//   Returns:
	//     error  : non nil error if any errors occurred
	Stop(ctx context.Context, artifact *artifact.Artifact, capType string) error

	// GetReport gets the reports for the given artifact identified by the digest
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     artifact *v1.Artifact : the scanned artifact
	//     mimeTypes []string    : the mime types of the reports
	//
	//   Returns:
	//     []*scan.Report : scan results by different scanner vendors
	//     error          : non nil error if any errors occurred
	GetReport(ctx context.Context, artifact *artifact.Artifact, mimeTypes []string) ([]*scan.Report, error)

	// GetSummary gets the summaries of the reports with given types.
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     artifact *artifact.Artifact    : the scanned artifact
	//     mimeTypes []string       : the mime types of the reports
	//
	//   Returns:
	//     map[string]interface{} : report summaries indexed by mime types
	//     error                  : non nil error if any errors occurred
	GetSummary(ctx context.Context, artifact *artifact.Artifact, scanType string, mimeTypes []string) (map[string]interface{}, error)

	// Get the scan log for the specified artifact with the given digest
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     uuid string : the UUID of the scan report
	//
	//   Returns:
	//     []byte : the log text stream
	//     error  : non nil error if any errors occurred
	GetScanLog(ctx context.Context, art *artifact.Artifact, uuid string) ([]byte, error)

	// Scan all the artifacts
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     trigger string      : the trigger mode to start the scan all job
	//     async bool          : scan all the artifacts in background
	//
	//   Returns:
	//     error  : non nil error if any errors occurred
	ScanAll(ctx context.Context, trigger string, async bool) (int64, error)

	// StopScanAll stops the scanAll
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     executionID int64   : the id of scan all execution
	//     async bool          : stop scan all in background
	//   Returns:
	//     error  : non nil error if any errors occurred
	StopScanAll(ctx context.Context, executionID int64, async bool) error

	// GetVulnerable returns the vulnerable of the artifact for the allowlist
	//
	//   Arguments:
	//     ctx context.Context : the context for this method
	//     artifact *artifact.Artifact : artifact to be scanned
	//     allowlist map[string]struct{} : the set of CVE id of the items in the allowlist
	//     allowlistIsExpired bool : whether the allowlist is expired
	//
	//   Returns
	//      *Vulnerable : the vulnerable
	//     error        : non nil error if any errors occurred
	GetVulnerable(ctx context.Context, artifact *artifact.Artifact, allowlist allowlist.CVESet, allowlistIsExpired bool) (*Vulnerable, error)
}

Controller provides the related operations for triggering scan.

func NewController

func NewController() Controller

NewController news a scan API controller

type Option

type Option func(options *Options) error

Option represents an option item by func template. The validation result of the options are marked by nil/non-nil error. e.g: If the option is required and the input arg is empty, then a non nil error should be returned at then.

func WithExecutionID

func WithExecutionID(executionID int64) Option

WithExecutionID sets the execution id option.

func WithFromEvent

func WithFromEvent(fromEvent bool) Option

WithFromEvent set the caller's source

func WithScanType

func WithScanType(scanType string) Option

WithScanType set the scanType

func WithTag

func WithTag(tag string) Option

WithTag sets the tag option.

type Options

type Options struct {
	ExecutionID int64  // The execution id to scan artifact
	Tag         string // The tag of the artifact to scan
	ScanType    string // The scan type could be sbom or vulnerability
	FromEvent   bool   // indicate the current call from event or not
}

Options keep the settings/configurations for scanning.

func (*Options) GetScanType

func (o *Options) GetScanType() string

GetScanType returns the scan type. for backward compatibility, the default type is vulnerability.

type Vulnerable

type Vulnerable struct {
	VulnerabilitiesCount int
	ScanStatus           string
	Severity             *vuln.Severity
	CVEBypassed          []string
}

Vulnerable ...

func (*Vulnerable) IsScanSuccess

func (v *Vulnerable) IsScanSuccess() bool

IsScanSuccess returns true when the artifact scanned success

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL