v1

package
v0.0.0-...-a548ab7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// HTTPAcceptHeader represents the HTTP accept header
	HTTPAcceptHeader = "Accept"
	// HTTPContentType represents the HTTP content-type header
	HTTPContentType = "Content-Type"
	// MimeTypeOCIArtifact defines the mime type for OCI artifact
	MimeTypeOCIArtifact = "application/vnd.oci.image.manifest.v1+json"
	// MimeTypeDockerArtifact defines the mime type for docker artifact
	MimeTypeDockerArtifact = "application/vnd.docker.distribution.manifest.v2+json"
	// MimeTypeNativeReport defines the mime type for native report
	MimeTypeNativeReport = "application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"
	// MimeTypeRawReport defines the mime type for raw report
	MimeTypeRawReport = "application/vnd.scanner.adapter.vuln.report.raw"
	// MimeTypeAdapterMeta defines the mime type for adapter metadata
	MimeTypeAdapterMeta = "application/vnd.scanner.adapter.metadata+json; version=1.0"
	// MimeTypeScanRequest defines the mime type for scan request
	MimeTypeScanRequest = "application/vnd.scanner.adapter.scan.request+json; version=1.0"
	// MimeTypeScanResponse defines the mime type for scan response
	MimeTypeScanResponse = "application/vnd.scanner.adapter.scan.response+json; version=1.0"
	// MimeTypeSBOMReport
	MimeTypeSBOMReport = "application/vnd.security.sbom.report+json; version=1.0"
	// MimeTypeGenericVulnerabilityReport defines the MIME type for the generic report with enhanced information
	MimeTypeGenericVulnerabilityReport = "application/vnd.security.vulnerability.report; version=1.1"

	ScanTypeVulnerability = "vulnerability"
	ScanTypeSbom          = "sbom"
)

Variables

View Source
var DefaultClientPool = NewClientPool(nil)

DefaultClientPool is a default client pool.

Functions

This section is empty.

Types

type Artifact

type Artifact struct {
	// ID of the namespace (project). It will not be sent to scanner adapter.
	NamespaceID int64 `json:"namespace_id,omitempty"`
	// The full name of a Harbor repository containing the artifact, including the namespace.
	// For example, `library/oracle/nosql`.
	Repository string `json:"repository"`
	// The info used to identify the version of the artifact,
	Tag string `json:"tag"`
	// The artifact's digest, consisting of an algorithm and hex portion.
	// For example, `sha256:6c3c624b58dbbcd3c0dd82b4c53f04194d1247c6eebdaab7c610cf7d66709b3b`,
	// represents sha256 based digest.
	Digest string `json:"digest"`
	// The mime type of the scanned artifact
	MimeType string `json:"mime_type"`
	// The size the scanned artifact
	Size int64 `json:"size"`
}

Artifact represents an artifact stored in Registry.

type Client

type Client interface {
	// GetMetadata gets the metadata of the given scanner
	//
	//   Returns:
	//     *ScannerAdapterMetadata : metadata of the given scanner
	//     error                   : non nil error if any errors occurred
	GetMetadata() (*ScannerAdapterMetadata, error)

	// SubmitScan initiates a scanning of the given artifact.
	// Returns `nil` if the request was accepted, a non `nil` error otherwise.
	//
	//   Arguments:
	//     req *ScanRequest : request including the registry and artifact data
	//
	//   Returns:
	//     *ScanResponse : response with UUID for tracking the scan results
	//     error         : non nil error if any errors occurred
	SubmitScan(req *ScanRequest) (*ScanResponse, error)

	// GetScanReport gets the scan result for the corresponding ScanRequest identifier.
	// Note that this is a blocking method which either returns a non `nil` scan report or error.
	// A caller is supposed to cast the returned interface{} to a structure that corresponds
	// to the specified MIME type.
	//
	//   Arguments:
	//     scanRequestID string  : the ID of the scan submitted before
	//     reportMIMEType string : the report mime type
	//   Returns:
	//     string : the scan report of the given artifact
	//     error  : non nil error if any errors occurred
	GetScanReport(scanRequestID, reportMIMEType string, urlParameter string) (string, error)
}

Client defines the methods to access the adapter services that implement the REST API specs

func NewClient

func NewClient(url, authType, accessCredential string, skipCertVerify bool) (Client, error)

NewClient news a basic client

type ClientPool

type ClientPool interface {
	// Get a v1 client interface for the specified registration.
	//
	//  Arguments:
	//   r *scanner.Registration : registration for client connecting to
	//
	//  Returns:
	//   Client : v1 client
	//   error  : non nil error if any errors occurred
	Get(url, authType, accessCredential string, skipCertVerify bool) (Client, error)
}

ClientPool defines operations for the client pool which provides v1 client cache.

func NewClientPool

func NewClientPool(config *PoolConfig) ClientPool

NewClientPool news a basic client pool.

type Definition

type Definition struct {
	// URL of the API
	URL string
	// Resolver fro the request
	Resolver RequestResolver
}

Definition for API

type Error

type Error struct {
	// Message of the error
	Message string `json:"message"`
}

Error message

type ErrorResponse

type ErrorResponse struct {
	// Error object
	Err *Error `json:"error"`
}

ErrorResponse contains error message when requests are not correctly handled.

func (*ErrorResponse) Error

func (er *ErrorResponse) Error() string

Error for ErrorResponse

type PoolConfig

type PoolConfig struct {
	// Interval for checking dead instance.
	DeadCheckInterval time.Duration
	// Expire time for the instance to be marked as dead.
	ExpireTime time.Duration
}

PoolConfig provides configurations for the client pool.

type Registry

type Registry struct {
	// A base URL of the Docker Registry v2 API exposed by Harbor.
	URL string `json:"url"`
	// An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token.
	// For example, `Basic: Base64(username:password)`.
	Authorization string `json:"authorization"`
	// Insecure is an indicator of https or http.
	Insecure bool `json:"insecure"`
}

Registry represents Registry connection settings.

type ReportNotReadyError

type ReportNotReadyError struct {
	// Seconds for next retry with seconds
	RetryAfter int
}

ReportNotReadyError is an error to indicate the scan report is not ready

func (*ReportNotReadyError) Error

func (rnr *ReportNotReadyError) Error() string

Error for ReportNotReadyError

type RequestResolver

type RequestResolver func(req *http.Request)

RequestResolver is a function template to modify the API request, e.g: add headers

type ScanRequest

type ScanRequest struct {
	// Connection settings for the Docker Registry v2 API exposed by Harbor.
	Registry *Registry `json:"registry"`
	// Artifact to be scanned.
	Artifact *Artifact `json:"artifact"`
	// RequestType
	RequestType []*ScanType `json:"enabled_capabilities"`
}

ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning. Conducts all the details required to pull the artifact from a Harbor registry.

func (*ScanRequest) FromJSON

func (s *ScanRequest) FromJSON(jsonData string) error

FromJSON parses ScanRequest from json data

func (*ScanRequest) ToJSON

func (s *ScanRequest) ToJSON() (string, error)

ToJSON marshals ScanRequest to JSON data

func (*ScanRequest) Validate

func (s *ScanRequest) Validate() error

Validate ScanRequest

type ScanResponse

type ScanResponse struct {
	// e.g: 3fa85f64-5717-4562-b3fc-2c963f66afa6
	ID string `json:"id"`
}

ScanResponse represents the response returned by the scanner adapter after scan request successfully submitted.

type ScanType

type ScanType struct {
	// Type sets the type of the scan, it could be sbom or vulnerability, default is vulnerability
	Type string `json:"type"`
	// ProducesMimeTypes defines scanreport should be
	ProducesMimeTypes []string `json:"produces_mime_types"`
	// Parameters extra parameters
	Parameters map[string]interface{} `json:"parameters"`
}

ScanType represent the type of the scan request

type Scanner

type Scanner struct {
	// The name of the scanner.
	Name string `json:"name"`
	// The name of the scanner's provider.
	Vendor string `json:"vendor"`
	// The version of the scanner.
	Version string `json:"version"`
}

Scanner represents metadata of a Scanner Adapter which allow Harbor to lookup a scanner capable of scanning a given Artifact stored in its registry and making sure that it can interpret a returned result.

type ScannerAdapterMetadata

type ScannerAdapterMetadata struct {
	Scanner      *Scanner             `json:"scanner"`
	Capabilities []*ScannerCapability `json:"capabilities"`
	Properties   ScannerProperties    `json:"properties"`
}

ScannerAdapterMetadata represents metadata of a Scanner Adapter which allows Harbor to lookup a scanner capable of scanning a given Artifact stored in its registry and making sure that it can interpret a returned result.

func (*ScannerAdapterMetadata) ConvertCapability

func (md *ScannerAdapterMetadata) ConvertCapability() map[string]interface{}

ConvertCapability converts the capability to map, used in get scanner API

func (*ScannerAdapterMetadata) GetCapability

func (md *ScannerAdapterMetadata) GetCapability(mimeType string) *ScannerCapability

GetCapability returns capability for the mime type

func (*ScannerAdapterMetadata) HasCapability

func (md *ScannerAdapterMetadata) HasCapability(mimeType string) bool

HasCapability returns true when mine type of the artifact support by the scanner

func (*ScannerAdapterMetadata) Validate

func (md *ScannerAdapterMetadata) Validate() error

Validate validate the metadata

type ScannerCapability

type ScannerCapability struct {
	// The type of the scanner capability, vulnerability or sbom
	Type string `json:"type"`
	// The set of MIME types of the artifacts supported by the scanner to produce the reports
	// specified in the "produces_mime_types". A given mime type should only be present in one
	// capability item.
	ConsumesMimeTypes []string `json:"consumes_mime_types"`
	// The set of MIME types of reports generated by the scanner for the consumes_mime_types of
	// the same capability record.
	ProducesMimeTypes []string `json:"produces_mime_types"`
}

ScannerCapability consists of the set of recognized artifact MIME types and the set of scanner report MIME types. For example, a scanner capable of analyzing Docker images and producing a vulnerabilities report recognizable by Harbor web console might be represented with the following capability:

  • type: vulnerability
  • consumes MIME types: -- application/vnd.oci.image.manifest.v1+json -- application/vnd.docker.distribution.manifest.v2+json
  • produces MIME types -- application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0 -- application/vnd.scanner.adapter.vuln.report.raw

type ScannerProperties

type ScannerProperties map[string]string

ScannerProperties is a set of custom properties that can further describe capabilities of a given scanner.

type Spec

type Spec struct {
	// contains filtered or unexported fields
}

Spec of the API Contains URL and possible headers.

func NewSpec

func NewSpec(base string) *Spec

NewSpec news V1 spec

func (*Spec) GetScanReport

func (s *Spec) GetScanReport(scanReqID string, mimeType string) Definition

GetScanReport API

func (*Spec) Metadata

func (s *Spec) Metadata() Definition

Metadata API

func (*Spec) SubmitScan

func (s *Spec) SubmitScan() Definition

SubmitScan API

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL