Documentation ¶
Overview ¶
Package scalibr provides an interface for running software inventory extraction and security finding detection on a machine.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ScanConfig ¶
type ScanConfig struct { FilesystemExtractors []filesystem.Extractor StandaloneExtractors []standalone.Extractor Detectors []detector.Detector // ScanRoot is the root dir used by file walking during extraction. // All extractors and detectors will assume files are relative to this dir. // Example use case: Scanning a container image or source code repo that is // mounted to a local dir. ScanRoot string // Optional: Individual files to extract inventory from. If specified, the // extractors will only look at these files during the filesystem traversal. // Note that these are not relative to ScanRoot and thus need to be in // sub-directories of ScanRoot. FilesToExtract []string // Optional: Directories that the file system walk should ignore. // Note that these are not relative to ScanRoot and thus need to be // sub-directories of ScanRoot. // TODO(b/279413691): Also skip local paths, e.g. "Skip all .git dirs" DirsToSkip []string // Optional: If the regex matches a directory, it will be skipped. SkipDirRegex *regexp.Regexp // Optional: stats allows to enter a metric hook. If left nil, no metrics will be recorded. Stats stats.Collector // Optional: Whether to read symlinks. ReadSymlinks bool // Optional: Limit for visited inodes. If 0, no limit is applied. MaxInodes int }
ScanConfig stores the config settings of a scan run such as the plugins to use and the dir to consider the root of the scanned system.
func (*ScanConfig) EnableRequiredExtractors ¶ added in v0.1.1
func (cfg *ScanConfig) EnableRequiredExtractors() error
EnableRequiredExtractors adds those extractors to the config that are required by enabled detectors but have not been explicitly enabled.
type ScanResult ¶
type ScanResult struct { Version string StartTime time.Time EndTime time.Time // Status of the overall scan. Status *plugin.ScanStatus // Status and versions of the inventory+vuln plugins that ran. PluginStatus []*plugin.Status Inventories []*extractor.Inventory Findings []*detector.Finding }
ScanResult stores the software inventory and security findings that a scan run found.
type Scanner ¶
type Scanner struct{}
Scanner is the main entry point of the scanner.
func (Scanner) Scan ¶
func (Scanner) Scan(ctx context.Context, config *ScanConfig) (sr *ScanResult)
Scan executes the extraction and detection using the provided scan config.
Directories ¶
Path | Synopsis |
---|---|
The scalibr command wraps around the SCALIBR library to create a standalone CLI for extraction + detection with direct access to the local machine's filesystem.
|
The scalibr command wraps around the SCALIBR library to create a standalone CLI for extraction + detection with direct access to the local machine's filesystem. |
cli
Package cli defines the structures to store the CLI flags used by the scanner binary.
|
Package cli defines the structures to store the CLI flags used by the scanner binary. |
proto
Package proto provides protobuf related utilities for the SCALIBR binary.
|
Package proto provides protobuf related utilities for the SCALIBR binary. |
scanrunner
Package scanrunner provides the main function for running a scan with the SCALIBR binary.
|
Package scanrunner provides the main function for running a scan with the SCALIBR binary. |
spdx
Package spdx provides utilities for writing SPDX documents to the filesystem.
|
Package spdx provides utilities for writing SPDX documents to the filesystem. |
Package converter provides utility functions for converting SCALIBR's scan results to standardized inventory formats.
|
Package converter provides utility functions for converting SCALIBR's scan results to standardized inventory formats. |
Package detector provides the interface for security-related detection plugins.
|
Package detector provides the interface for security-related detection plugins. |
cis/generic_linux/etcpasswdpermissions
Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check.
|
Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check. |
cve/cve202338408
Package cve202338408 implements a detector for CVE-2023-38408.
|
Package cve202338408 implements a detector for CVE-2023-38408. |
cve/cve202338408/semantic
Package semantic provides version comparison.
|
Package semantic provides version comparison. |
govulncheck/binary
Package binary implements a detector that uses govulncheck to scan for vulns on Go binaries found on the filesystem.
|
Package binary implements a detector that uses govulncheck to scan for vulns on Go binaries found on the filesystem. |
list
Package list provides a public list of SCALIBR-internal detection plugins.
|
Package list provides a public list of SCALIBR-internal detection plugins. |
weakcredentials/etcshadow
Package etcshadow implements a detector for weak/guessable passwords stored in /etc/shadow.
|
Package etcshadow implements a detector for weak/guessable passwords stored in /etc/shadow. |
Package extractor provides the common interface for standalone and filesystem extractors.
|
Package extractor provides the common interface for standalone and filesystem extractors. |
filesystem
Package filesystem provides the interface for inventory extraction plugins.
|
Package filesystem provides the interface for inventory extraction plugins. |
filesystem/internal
Package internal contains miscellaneous functions and objects useful within Scalibr
|
Package internal contains miscellaneous functions and objects useful within Scalibr |
filesystem/internal/units
Package units provides constants for common units.
|
Package units provides constants for common units. |
filesystem/language/dotnet/packageslockjson
Package packageslockjson extracts packages.lock.json files.
|
Package packageslockjson extracts packages.lock.json files. |
filesystem/language/golang/gobinary
Package gobinary extracts packages from buildinfo inside go binaries files.
|
Package gobinary extracts packages from buildinfo inside go binaries files. |
filesystem/language/java/archive
Package archive extracts Java archive files.
|
Package archive extracts Java archive files. |
filesystem/language/javascript/packagejson
Package packagejson extracts package.json files.
|
Package packagejson extracts package.json files. |
filesystem/language/javascript/packagelockjson
Package packagelockjson extracts package-lock.json files.
|
Package packagelockjson extracts package-lock.json files. |
filesystem/language/python/requirements
Package requirements extracts requirements files.
|
Package requirements extracts requirements files. |
filesystem/language/python/wheelegg
Package wheelegg extracts wheel and egg files.
|
Package wheelegg extracts wheel and egg files. |
filesystem/language/ruby/gemspec
Package gemspec extracts *.gemspec files.
|
Package gemspec extracts *.gemspec files. |
filesystem/list
Package list provides a public list of SCALIBR-internal extraction plugins.
|
Package list provides a public list of SCALIBR-internal extraction plugins. |
filesystem/os/apk
Package apk extracts packages from the APK database.
|
Package apk extracts packages from the APK database. |
filesystem/os/cos
Package cos extracts OS packages from Container Optimized OSes (go/cos).
|
Package cos extracts OS packages from Container Optimized OSes (go/cos). |
filesystem/os/dpkg
Package dpkg extracts packages from dpkg database.
|
Package dpkg extracts packages from dpkg database. |
filesystem/os/osrelease
Package osrelease parses the os-release file.
|
Package osrelease parses the os-release file. |
filesystem/os/rpm
Package rpm extracts packages from rpm database.
|
Package rpm extracts packages from rpm database. |
filesystem/osv
Package osv provides a Wrapper for osv plugins.
|
Package osv provides a Wrapper for osv plugins. |
filesystem/sbom/spdx
Package spdx extracts software dependencies from an SPDX SBOM.
|
Package spdx extracts software dependencies from an SPDX SBOM. |
standalone
Package standalone provides a way to extract in a standalone mode (e.g.
|
Package standalone provides a way to extract in a standalone mode (e.g. |
standalone/list
Package list contains the list of all standalone extractors.
|
Package list contains the list of all standalone extractors. |
standalone/windows/common/winproducts
Package winproducts contains information about Windows products.
|
Package winproducts contains information about Windows products. |
standalone/windows/dismpatch/dismparser
Package dismparser has methods that can be used to parse DISM output
|
Package dismparser has methods that can be used to parse DISM output |
Package inventoryindex is a wrapper around the collected inventory, which provides methods for fast lookup of identified software.
|
Package inventoryindex is a wrapper around the collected inventory, which provides methods for fast lookup of identified software. |
Package log defines SCALIBR's logger interface.
|
Package log defines SCALIBR's logger interface. |
Package plugin collects the common code used by extractor and detector plugins.
|
Package plugin collects the common code used by extractor and detector plugins. |
Package purl provides functions to code and decode package url according to the spec: https://github.com/package-url/purl-spec This package is a convenience wrapper and abstraction layer around an existing open source implementation.
|
Package purl provides functions to code and decode package url according to the spec: https://github.com/package-url/purl-spec This package is a convenience wrapper and abstraction layer around an existing open source implementation. |
Package stats contains interfaces and utilities relating to the collection of statistics from Scalibr.
|
Package stats contains interfaces and utilities relating to the collection of statistics from Scalibr. |
testing
|
|
fakedetector
Package fakedetector provides a Detector implementation to be used in tests.
|
Package fakedetector provides a Detector implementation to be used in tests. |
fakeextractor
Package fakeextractor provides a Extractor implementation to be used in tests.
|
Package fakeextractor provides a Extractor implementation to be used in tests. |
Click to show internal directories.
Click to hide internal directories.