Documentation ¶
Index ¶
- Constants
- Variables
- type Application
- type ArtifactDetail
- type ArtifactInfo
- type ArtifactReference
- type ArtifactType
- type BlobInfo
- type BuildInfo
- type CauseMetadata
- type Code
- type CustomResource
- type DockerOption
- type File
- type HandlerType
- type Image
- type ImageExtension
- type ImageMetadata
- type Layer
- type LicenseFile
- type LicenseFinding
- type Line
- type MisconfResult
- type MisconfResults
- type Misconfiguration
- type OS
- type Package
- type PackageInfo
- type PolicyInputOption
- type PolicyInputSelector
- type PolicyMetadata
- type Repository
- type Secret
- type SecretFinding
- type SecretRuleCategory
- type SrcPackage
Constants ¶
View Source
const ( ArtifactJSONSchemaVersion = 1 BlobJSONSchemaVersion = 2 )
View Source
const ( // Programming language dependencies Bundler = "bundler" GemSpec = "gemspec" Cargo = "cargo" Composer = "composer" Npm = "npm" NuGet = "nuget" Pip = "pip" Pipenv = "pipenv" Poetry = "poetry" PythonPkg = "python-pkg" NodePkg = "node-pkg" Yarn = "yarn" Jar = "jar" Pom = "pom" GoBinary = "gobinary" GoModule = "gomod" JavaScript = "javascript" // Config files YAML = "yaml" JSON = "json" Dockerfile = "dockerfile" Terraform = "terraform" CloudFormation = "cloudformation" Kubernetes = "kubernetes" Ansible = "ansible" Helm = "helm" // Licensing License = "license" // Language-specific file names NuGetPkgsLock = "packages.lock.json" NuGetPkgsConfig = "packages.config" GoMod = "go.mod" GoSum = "go.sum" MavenPom = "pom.xml" NpmPkgLock = "package-lock.json" NpmPkg = "package.json" YarnLock = "yarn.lock" ComposerLock = "composer.lock" PipRequirements = "requirements.txt" PipfileLock = "Pipfile.lock" PoetryLock = "poetry.lock" GemfileLock = "Gemfile.lock" CargoLock = "Cargo.lock" )
View Source
const ( SystemFileFilteringPostHandler HandlerType = "system-file-filter" GoModMergePostHandler HandlerType = "go-mod-merge" MisconfPostHandler HandlerType = "misconf" LicensePostHandler HandlerType = "license" // SystemFileFilterPostHandlerPriority should be higher than other handlers. // Otherwise, other handlers need to process unnecessary files. SystemFileFilteringPostHandlerPriority = 100 GoModMergePostHandlerPriority = 50 MisconfPostHandlerPriority = 50 LicensePostHandlerPriority = 50 )
Variables ¶
View Source
var ( InvalidURLPattern = xerrors.New("invalid url pattern") ErrNoRpmCmd = xerrors.New("no rpm command") )
Functions ¶
This section is empty.
Types ¶
type Application ¶
type ArtifactDetail ¶
type ArtifactDetail struct { OS *OS `json:",omitempty"` Repository *Repository `json:",omitempty"` Packages []Package `json:",omitempty"` Applications []Application `json:",omitempty"` Misconfigurations []Misconfiguration `json:",omitempty"` Secrets []Secret `json:",omitempty"` Licenses []LicenseFile `json:",omitempty"` // HistoryPackages are packages extracted from RUN instructions HistoryPackages []Package `json:",omitempty"` // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []CustomResource `json:",omitempty"` }
ArtifactDetail is generated by applying blobs
type ArtifactInfo ¶
type ArtifactInfo struct { SchemaVersion int Architecture string Created time.Time DockerVersion string OS string // HistoryPackages are packages extracted from RUN instructions HistoryPackages []Package `json:",omitempty"` }
ArtifactInfo is stored in cache
type ArtifactReference ¶
type ArtifactReference struct { Name string // image name, tar file name, directory or repository name Type ArtifactType ID string BlobIDs []string ImageMetadata ImageMetadata }
ArtifactReference represents a reference of container image, local filesystem and repository
type ArtifactType ¶
type ArtifactType string
ArtifactType represents a type of artifact
const ( ArtifactContainerImage ArtifactType = "container_image" ArtifactFilesystem ArtifactType = "filesystem" ArtifactRemoteRepository ArtifactType = "repository" )
type BlobInfo ¶
type BlobInfo struct { SchemaVersion int Digest string `json:",omitempty"` DiffID string `json:",omitempty"` OS *OS `json:",omitempty"` Repository *Repository `json:",omitempty"` PackageInfos []PackageInfo `json:",omitempty"` Applications []Application `json:",omitempty"` Misconfigurations []Misconfiguration `json:",omitempty"` Secrets []Secret `json:",omitempty"` Licenses []LicenseFile `json:",omitempty"` OpaqueDirs []string `json:",omitempty"` WhiteoutFiles []string `json:",omitempty"` // Red Hat distributions have build info per layer. // This information will be embedded into packages when applying layers. // ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe BuildInfo *BuildInfo `json:",omitempty"` // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []CustomResource `json:",omitempty"` }
BlobInfo is stored in cache
type BuildInfo ¶
type BuildInfo struct { ContentSets []string `json:",omitempty"` Nvr string `json:",omitempty"` Arch string `json:",omitempty"` }
BuildInfo represents information under /root/buildinfo in RHEL
type CauseMetadata ¶
type CustomResource ¶
CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.
type DockerOption ¶
type DockerOption struct { // Auth UserName string Password string // RegistryToken is a bearer token to be sent to a registry RegistryToken string // ECR AwsAccessKey string AwsSecretKey string AwsSessionToken string AwsRegion string // GCP GcpCredPath string // SSL/TLS InsecureSkipTLSVerify bool NonSSL bool }
type HandlerType ¶
type HandlerType string
type Image ¶
type Image interface { v1.Image ImageExtension }
type ImageExtension ¶
type ImageMetadata ¶
type LicenseFile ¶
type LicenseFile struct { FilePath string Findings []LicenseFinding Layer Layer `json:",omitempty"` Package string `json:"package,omitempty"` PackageDir string `json:"package_dir,omitempty"` }
type LicenseFinding ¶
type LicenseFinding struct { License string `json:"license"` MatchType string `json:"match_type"` Confidence float64 `json:"match_confidence"` StartLine int `json:"start_line"` EndLine int `json:"end_line"` GoogleLicenseClassificationIndex int `json:"classification_index"` GoogleLicenseClassification string `json:"google_license_classification"` LicenseLink string `json:"license_link,omitempty"` }
type Line ¶
type Line struct { Number int `json:"Number"` Content string `json:"Content"` IsCause bool `json:"IsCause"` Annotation string `json:"Annotation"` Truncated bool `json:"Truncated"` Highlighted string `json:"Highlighted,omitempty"` FirstCause bool `json:"FirstCause"` LastCause bool `json:"LastCause"` }
type MisconfResult ¶
type MisconfResult struct { Namespace string `json:",omitempty"` Query string `json:",omitempty"` Message string `json:",omitempty"` PolicyMetadata `json:",omitempty"` CauseMetadata `json:",omitempty"` // For debugging Traces []string `json:",omitempty"` }
type MisconfResults ¶
type MisconfResults []MisconfResult
func (MisconfResults) Len ¶
func (r MisconfResults) Len() int
func (MisconfResults) Less ¶
func (r MisconfResults) Less(i, j int) bool
func (MisconfResults) Swap ¶
func (r MisconfResults) Swap(i, j int)
type Misconfiguration ¶
type Misconfiguration struct { FileType string `json:",omitempty"` FilePath string `json:",omitempty"` Successes MisconfResults `json:",omitempty"` Warnings MisconfResults `json:",omitempty"` Failures MisconfResults `json:",omitempty"` Exceptions MisconfResults `json:",omitempty"` Layer Layer `json:",omitempty"` }
func ToMisconfigurations ¶
func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration
type Package ¶
type Package struct { ID string `json:",omitempty"` Name string `json:",omitempty"` Version string `json:",omitempty"` Release string `json:",omitempty"` Epoch int `json:",omitempty"` Arch string `json:",omitempty"` SrcName string `json:",omitempty"` SrcVersion string `json:",omitempty"` SrcRelease string `json:",omitempty"` SrcEpoch int `json:",omitempty"` Modularitylabel string `json:",omitempty"` // only for Red Hat based distributions BuildInfo *BuildInfo `json:",omitempty"` // only for Red Hat Ref string `json:",omitempty"` // identifier which can be used to reference the component elsewhere Indirect bool `json:",omitempty"` // this package is direct dependency of the project or not DependsOn []string `json:",omitempty"` // dependencies of this package License string `json:",omitempty"` Layer Layer `json:",omitempty"` // Each package metadata have the file path, while the package from lock files does not have. FilePath string `json:",omitempty"` }
type PackageInfo ¶
type PolicyInputOption ¶
type PolicyInputOption struct { Combine bool `mapstructure:"combine"` Selectors []PolicyInputSelector `mapstructure:"selector"` }
type PolicyInputSelector ¶
type PolicyInputSelector struct {
Type string `mapstructure:"type"`
}
type PolicyMetadata ¶
type PolicyMetadata struct { ID string `json:",omitempty"` Type string `json:",omitempty"` Title string `json:",omitempty"` Description string `json:",omitempty"` Severity string `json:",omitempty"` RecommendedActions string `json:",omitempty" mapstructure:"recommended_actions"` References []string `json:",omitempty"` }
type Repository ¶
type Secret ¶
type Secret struct { FilePath string Findings []SecretFinding Layer Layer `json:",omitempty"` }
type SecretFinding ¶
type SecretRuleCategory ¶
type SecretRuleCategory string
type SrcPackage ¶
Click to show internal directories.
Click to hide internal directories.