Documentation
¶
Overview ¶
Package vul provides primitives for working with Vul.
Index ¶
- Constants
- func CheckAwsEcrPrivateRegistry(ImageUrl string) string
- func GetMirroredImage(image string, mirrors map[string]string) (string, error)
- func GetScoreFromCVSS(CVSSs map[string]*CVSS) *float64
- func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, ...) vulnerabilityreport.Plugin
- type CVSS
- type Command
- type Config
- func (c Config) GetCommand() (Command, error)
- func (c Config) GetDBRepository() (string, error)
- func (c Config) GetImageRef() (string, error)
- func (c Config) GetInsecureRegistries() map[string]bool
- func (c Config) GetMirrors() map[string]string
- func (c Config) GetMode() (Mode, error)
- func (c Config) GetNonSSLRegistries() map[string]bool
- func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)
- func (c Config) GetServerInsecure() bool
- func (c Config) GetServerURL() (string, error)
- func (c Config) IgnoreFileExists() bool
- func (c Config) IgnoreUnfixed() bool
- type Layer
- type Mode
- type ScanReport
- type ScanResult
- type Vulnerability
Constants ¶
const ( )
const (
AWSECR_Image_Regex = "^\\d+\\.dkr\\.ecr\\.(\\w+-\\w+-\\d+)\\.amazonaws\\.com\\/"
)
const (
// Plugin the name of this plugin.
Plugin = "Vul"
)
Variables ¶
This section is empty.
Functions ¶
func GetMirroredImage ¶
func GetScoreFromCVSS ¶
func NewPlugin ¶
func NewPlugin(clock ext.Clock, idGenerator ext.IDGenerator, objectResolver *kube.ObjectResolver) vulnerabilityreport.Plugin
NewPlugin constructs a new vulnerabilityreport.Plugin, which is using an upstream Vul container image to scan Kubernetes workloads.
The plugin supports Image and Filesystem commands. The Filesystem command may be used to scan workload images cached on cluster nodes by scheduling scan jobs on a particular node.
The Image command supports both Standalone and ClientServer modes depending on the settings returned by Config.GetMode. The ClientServer mode is usually more performant, however it requires a Vul server accessible at the configurable Config.GetServerURL.
Types ¶
type Config ¶
type Config struct {
starboard.PluginConfig
}
Config defines configuration params for this plugin.
func (Config) GetCommand ¶
func (Config) GetDBRepository ¶
func (Config) GetImageRef ¶
GetImageRef returns upstream Vul container image reference.
func (Config) GetInsecureRegistries ¶
func (Config) GetMirrors ¶
func (Config) GetNonSSLRegistries ¶
func (Config) GetResourceRequirements ¶
func (c Config) GetResourceRequirements() (corev1.ResourceRequirements, error)
GetResourceRequirements creates ResourceRequirements from the Config.
func (Config) GetServerInsecure ¶
func (Config) GetServerURL ¶
func (Config) IgnoreFileExists ¶
func (Config) IgnoreUnfixed ¶
type ScanReport ¶
type ScanReport struct {
Results []ScanResult `json:"Results"`
}
type ScanResult ¶
type ScanResult struct {
Target string `json:"Target"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities"`
}
type Vulnerability ¶
type Vulnerability struct {
VulnerabilityID string `json:"VulnerabilityID"`
PkgName string `json:"PkgName"`
InstalledVersion string `json:"InstalledVersion"`
FixedVersion string `json:"FixedVersion"`
Title string `json:"Title"`
Description string `json:"Description"`
Severity v1alpha1.Severity `json:"Severity"`
Layer Layer `json:"Layer"`
PrimaryURL string `json:"PrimaryURL"`
References []string `json:"References"`
Cvss map[string]*CVSS `json:"CVSS"`
}
Source Files