metadata

package

v0.2.3-0...-3348562 Latest Latest Go to latest Published: Oct 20, 2022 License: Apache-2.0 Imports: 12 Imported by: 20

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grafeas/kritis

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateOccurrenceFromAttestation(att *attestlib.Attestation, containerImage string, noteName string, ...) (*grafeas.Occurrence, error)
func GetAttestationsFromOccurrence(occ *grafeas.Occurrence) ([]attestlib.Attestation, error)
func IsFixAvailable(pis []*vulnerability.PackageIssue) bool
func ParseNoteReference(ref string) (string, string, error)
type ReadOnlyClient
type ReadWriteClient
type SignatureType
- func (st SignatureType) String() string
type Vulnerability
- func GetVulnerabilityFromOccurrence(occ *grafeas.Occurrence) *Vulnerability

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateOccurrenceFromAttestation ¶

func CreateOccurrenceFromAttestation(att *attestlib.Attestation, containerImage string, noteName string, sType SignatureType) (*grafeas.Occurrence, error)

CreateOccurrenceFromAttestation creates an occurrence from an attestation by specified signature type. The created occurrence can either be a PgpSignedAttestation occurrence or a GenericSignedAttestation occurrence.

func GetAttestationsFromOccurrence ¶

func GetAttestationsFromOccurrence(occ *grafeas.Occurrence) ([]attestlib.Attestation, error)

GetAttestationsFromOccurrence parses Attestations from PgpSignedAttestation and GenericSignedAttestation Occurrences. A PgpSignedAttestation has one signature and is parsed into one Attestation. A GenericSignedAttestation may have multiple signatures, which are parsed into multiple Attestations.

func IsFixAvailable ¶

func IsFixAvailable(pis []*vulnerability.PackageIssue) bool

func ParseNoteReference ¶

func ParseNoteReference(ref string) (string, string, error)

ParseNoteReference extracts the project ID and the note ID from the NoteReference.

Types ¶

type ReadOnlyClient ¶ added in v0.2.1

type ReadOnlyClient interface {
	// Vulnerabilities returns package vulnerabilities for a given image.
	Vulnerabilities(containerImage string) ([]Vulnerability, error)
	//Attestations get Attestation Occurrences for given image.
	Attestations(containerImage string, aa *kritisv1beta1.AttestationAuthority) ([]attestlib.Attestation, error)
	// Wait vulnerability analysis for an image to finish, or times out.
	WaitForVulnzAnalysis(containerImage string, timeout time.Duration) error
	// Close closes client connections
	Close()
}

Read-only interface to access Occurrences and Notes using Grafeas API.

type ReadWriteClient ¶ added in v0.2.1

type ReadWriteClient interface {
	// Vulnerabilities returns package vulnerabilities for a given image.
	Vulnerabilities(containerImage string) ([]Vulnerability, error)
	// CreateAttestationOccurrence creates an Attestation occurrence for a given image, secret, and project.
	CreateAttestationOccurrence(noteName string,
		containerImage string, pgpSigningKey *secrets.PGPSigningSecret, proj string) (*grafeasv1beta1.Occurrence, error)
	// UploadAttestationOccurrence uploads an Attestation occurrence for a given note, image and project.
	UploadAttestationOccurrence(noteName string,
		containerImage string, att *attestlib.Attestation, proj string, sType SignatureType) (*grafeasv1beta1.Occurrence, error)
	//AttestationNote fetches an Attestation note for an Attestation Authority.
	AttestationNote(aa *kritisv1beta1.AttestationAuthority) (*grafeasv1beta1.Note, error)
	// Create Attestation Note for an Attestation Authority.
	CreateAttestationNote(aa *kritisv1beta1.AttestationAuthority) (*grafeasv1beta1.Note, error)
	// Attestations get Attestation Occurrences for given image.
	Attestations(containerImage string, aa *kritisv1beta1.AttestationAuthority) ([]attestlib.Attestation, error)
	// Wait vulnerability analysis for an image to finish, or times out.
	WaitForVulnzAnalysis(containerImage string, timeout time.Duration) error
	// Delete an attestation by image and attestation authority.
	DeleteAttestationOccurrence(containerImage string, aa *kritisv1beta1.AttestationAuthority) error
	// Close closes client connections
	Close()
}

Read/write interface to access Occurrences and Notes using Grafeas API.

type SignatureType ¶

type SignatureType int

const (
	UnknownSignatureType SignatureType = iota
	PgpSignatureType
	GenericSignatureType
)

func (SignatureType) String ¶

func (st SignatureType) String() string

type Vulnerability ¶

type Vulnerability struct {
	Severity        string
	HasFixAvailable bool
	CVE             string
}

func GetVulnerabilityFromOccurrence ¶

func GetVulnerabilityFromOccurrence(occ *grafeas.Occurrence) *Vulnerability

Source Files ¶

View all Source files

metadata.go

Directories ¶

Path	Synopsis
containeranalysis
grafeas

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL