Documentation ¶
Index ¶
- Variables
- func DeregisterAnalyzer(t Type)
- func DeregisterConfigAnalyzer(t Type)
- func RegisterAnalyzer(analyzer analyzer)
- func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)
- func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)
- type AnalysisInput
- type AnalysisOptions
- type AnalysisResult
- type AnalyzerGroup
- func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, ...) error
- func (ag AnalyzerGroup) AnalyzerVersions() Versions
- func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, compositeFS *CompositeFS, result *AnalysisResult, ...) error
- func (ag AnalyzerGroup) PostAnalyzerFS() (*CompositeFS, error)
- func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type
- type AnalyzerOptions
- type CompositeFS
- func (c *CompositeFS) Cleanup() error
- func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, error)
- func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error
- func (c *CompositeFS) Get(t Type) (*mapfs.FS, bool)
- func (c *CompositeFS) Set(t Type, fs *mapfs.FS)
- type ConfigAnalysisInput
- type ConfigAnalysisResult
- type ConfigAnalyzer
- type ConfigAnalyzerGroup
- type ConfigAnalyzerOptions
- type CustomGroup
- type Group
- type Initializer
- type LicenseScannerOption
- type Opener
- type PostAnalysisInput
- type PostAnalyzer
- type SecretScannerOption
- type Type
- type Versions
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUnknownOS occurs when unknown OS is analyzed. ErrUnknownOS = xerrors.New("unknown OS") // ErrPkgAnalysis occurs when the analysis of packages is failed. ErrPkgAnalysis = xerrors.New("failed to analyze packages") // ErrNoPkgsDetected occurs when the required files for an OS package manager are not detected ErrNoPkgsDetected = xerrors.New("no packages detected") )
var ( // TypeOSes has all OS-related analyzers TypeOSes = []Type{ TypeOSRelease, TypeAlpine, TypeAmazon, TypeCBLMariner, TypeDebian, TypePhoton, TypeCentOS, TypeRocky, TypeAlma, TypeFedora, TypeOracle, TypeRedHatBase, TypeSUSE, TypeUbuntu, TypeApk, TypeDpkg, TypeDpkgLicense, TypeRpm, TypeRpmqa, TypeApkRepo, } // TypeLanguages has all language analyzers TypeLanguages = []Type{ TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom, TypeGradleLock, TypeNpmPkgLock, TypeNodePkg, TypeYarn, TypePnpm, TypeNuget, TypeDotNetCore, TypeCondaPkg, TypePythonPkg, TypePip, TypePipenv, TypePoetry, TypeGoBinary, TypeGoMod, TypeRustBinary, TypeConanLock, TypeCocoaPods, TypePubSpecLock, TypeMixLock, } // TypeLockfiles has all lock file analyzers TypeLockfiles = []Type{ TypeBundler, TypeNpmPkgLock, TypeYarn, TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom, TypeConanLock, TypeGradleLock, TypeCocoaPods, TypePubSpecLock, TypeMixLock, } // TypeIndividualPkgs has all analyzers for individual packages TypeIndividualPkgs = []Type{ TypeGemSpec, TypeNodePkg, TypeCondaPkg, TypePythonPkg, TypeGoBinary, TypeJar, TypeRustBinary, } // TypeConfigFiles has all config file analyzers TypeConfigFiles = []Type{ TypeAzureARM, TypeCloudFormation, TypeDockerfile, TypeHelm, TypeKubernetes, TypeTerraform, TypeTerraformPlan, } )
Functions ¶
func DeregisterConfigAnalyzer ¶
func DeregisterConfigAnalyzer(t Type)
DeregisterConfigAnalyzer is mainly for testing
func RegisterAnalyzer ¶
func RegisterAnalyzer(analyzer analyzer)
func RegisterConfigAnalyzer ¶
func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)
RegisterConfigAnalyzer adds a constructor of config analyzer
func RegisterPostAnalyzer ¶
func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)
Types ¶
type AnalysisInput ¶
type AnalysisInput struct { Dir string FilePath string Info os.FileInfo Content dio.ReadSeekerAt Options AnalysisOptions }
type AnalysisOptions ¶
type AnalysisResult ¶
type AnalysisResult struct { OS types.OS Repository *types.Repository PackageInfos []types.PackageInfo Applications []types.Application Misconfigurations []types.Misconfiguration Secrets []types.Secret Licenses []types.LicenseFile SystemInstalledFiles []string // A list of files installed by OS package manager // Digests contains SHA-256 digests of unpackaged files // used to search for SBOM attestation. Digests map[string]string // For Red Hat BuildInfo *types.BuildInfo // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []types.CustomResource // contains filtered or unexported fields }
func NewAnalysisResult ¶
func NewAnalysisResult() *AnalysisResult
func (*AnalysisResult) Merge ¶
func (r *AnalysisResult) Merge(new *AnalysisResult)
func (*AnalysisResult) Sort ¶
func (r *AnalysisResult) Sort()
type AnalyzerGroup ¶
type AnalyzerGroup struct {
// contains filtered or unexported fields
}
func NewAnalyzerGroup ¶
func NewAnalyzerGroup(opt AnalyzerOptions) (AnalyzerGroup, error)
func (AnalyzerGroup) AnalyzeFile ¶
func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, result *AnalysisResult, dir, filePath string, info os.FileInfo, opener Opener, disabled []Type, opts AnalysisOptions) error
AnalyzeFile determines which files are required by the analyzers based on the file name and attributes, and passes only those files to the analyzer for analysis. This function may be called concurrently and must be thread-safe.
func (AnalyzerGroup) AnalyzerVersions ¶
func (ag AnalyzerGroup) AnalyzerVersions() Versions
AnalyzerVersions returns analyzer version identifier used for cache keys.
func (AnalyzerGroup) PostAnalyze ¶
func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, compositeFS *CompositeFS, result *AnalysisResult, opts AnalysisOptions) error
PostAnalyze passes a virtual filesystem containing only required files and passes it to the respective post-analyzer. The obtained results are merged into the "result". This function may be called concurrently and must be thread-safe.
func (AnalyzerGroup) PostAnalyzerFS ¶
func (ag AnalyzerGroup) PostAnalyzerFS() (*CompositeFS, error)
PostAnalyzerFS returns a composite filesystem that contains multiple filesystems for each post-analyzer
func (AnalyzerGroup) RequiredPostAnalyzers ¶
func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type
RequiredPostAnalyzers returns a list of analyzer types that require the given file.
type AnalyzerOptions ¶
type AnalyzerOptions struct { Group Group Slow bool FilePatterns []string DisabledAnalyzers []Type MisconfScannerOption misconf.ScannerOption SecretScannerOption SecretScannerOption LicenseScannerOption LicenseScannerOption }
AnalyzerOptions is used to initialize analyzers
type CompositeFS ¶
type CompositeFS struct {
// contains filtered or unexported fields
}
CompositeFS contains multiple filesystems for post-analyzers
func NewCompositeFS ¶
func NewCompositeFS(group AnalyzerGroup) (*CompositeFS, error)
func (*CompositeFS) Cleanup ¶
func (c *CompositeFS) Cleanup() error
Cleanup removes the temporary directory
func (*CompositeFS) CopyFileToTemp ¶
CopyFileToTemp takes a file path and information, opens the file, copies its contents to a temporary file
func (*CompositeFS) CreateLink ¶
func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error
CreateLink creates a link in the virtual filesystem that corresponds to a real file. The linked virtual file will have the same path as the real file path provided.
type ConfigAnalysisInput ¶
type ConfigAnalysisInput struct { OS types.OS Config *v1.ConfigFile }
type ConfigAnalysisResult ¶
type ConfigAnalysisResult struct { Misconfiguration *types.Misconfiguration Secret *types.Secret HistoryPackages types.Packages }
func (*ConfigAnalysisResult) Merge ¶
func (r *ConfigAnalysisResult) Merge(new *ConfigAnalysisResult)
type ConfigAnalyzer ¶
type ConfigAnalyzer interface { Type() Type Version() int Analyze(ctx context.Context, input ConfigAnalysisInput) (*ConfigAnalysisResult, error) Required(osFound types.OS) bool }
ConfigAnalyzer defines an interface for analyzer of container image config
type ConfigAnalyzerGroup ¶
type ConfigAnalyzerGroup struct {
// contains filtered or unexported fields
}
func NewConfigAnalyzerGroup ¶
func NewConfigAnalyzerGroup(opts ConfigAnalyzerOptions) (ConfigAnalyzerGroup, error)
func (*ConfigAnalyzerGroup) AnalyzeImageConfig ¶
func (ag *ConfigAnalyzerGroup) AnalyzeImageConfig(ctx context.Context, targetOS types.OS, config *v1.ConfigFile) *ConfigAnalysisResult
func (*ConfigAnalyzerGroup) AnalyzerVersions ¶
func (ag *ConfigAnalyzerGroup) AnalyzerVersions() Versions
AnalyzerVersions returns analyzer version identifier used for cache keys.
type ConfigAnalyzerOptions ¶
type ConfigAnalyzerOptions struct { FilePatterns []string DisabledAnalyzers []Type MisconfScannerOption misconf.ScannerOption SecretScannerOption SecretScannerOption }
ConfigAnalyzerOptions is used to initialize config analyzers
type CustomGroup ¶
type CustomGroup interface {
Group() Group
}
CustomGroup returns a group name for custom analyzers This is mainly intended to be used in KhulnaSoft products.
type Initializer ¶
type Initializer interface {
Init(AnalyzerOptions) error
}
Initializer represents analyzers that need to take parameters from users
type LicenseScannerOption ¶
type Opener ¶
type Opener func() (dio.ReadSeekCloserAt, error)
type PostAnalysisInput ¶
type PostAnalysisInput struct { FS fs.FS Options AnalysisOptions }
type PostAnalyzer ¶
type SecretScannerOption ¶
type SecretScannerOption struct {
ConfigPath string
}
type Type ¶
type Type string
const ( // ====== // OS // ====== TypeOSRelease Type = "os-release" TypeAlpine Type = "alpine" TypeAmazon Type = "amazon" TypeCBLMariner Type = "cbl-mariner" TypeDebian Type = "debian" TypePhoton Type = "photon" TypeCentOS Type = "centos" TypeRocky Type = "rocky" TypeAlma Type = "alma" TypeFedora Type = "fedora" TypeOracle Type = "oracle" TypeRedHatBase Type = "redhat" TypeSUSE Type = "suse" TypeUbuntu Type = "ubuntu" TypeUbuntuESM Type = "ubuntu-esm" // OS Package TypeApk Type = "apk" TypeDpkg Type = "dpkg" TypeDpkgLicense Type = "dpkg-license" // For analyzing licenses TypeRpm Type = "rpm" TypeRpmqa Type = "rpmqa" // OS Package Repository TypeApkRepo Type = "apk-repo" // Ruby TypeBundler Type = "bundler" TypeGemSpec Type = "gemspec" // Rust TypeRustBinary Type = "rustbinary" TypeCargo Type = "cargo" // PHP TypeComposer Type = "composer" // Java TypeJar Type = "jar" TypePom Type = "pom" TypeGradleLock Type = "gradle-lockfile" // Node.js TypeNpmPkgLock Type = "npm" TypeNodePkg Type = "node-pkg" TypeYarn Type = "yarn" TypePnpm Type = "pnpm" // .NET TypeNuget Type = "nuget" TypeDotNetCore Type = "dotnet-core" // Conda TypeCondaPkg Type = "conda-pkg" // Python TypePythonPkg Type = "python-pkg" TypePip Type = "pip" TypePipenv Type = "pipenv" TypePoetry Type = "poetry" // Go TypeGoBinary Type = "gobinary" TypeGoMod Type = "gomod" // C/C++ TypeConanLock Type = "conan-lock" // Elixir TypeMixLock Type = "mix-lock" // Swift TypeCocoaPods Type = "cocoapods" // Dart TypePubSpecLock Type = "pubspec-lock" // ============ // Non-packaged // ============ TypeExecutable Type = "executable" TypeSBOM Type = "sbom" // ============ // Image Config // ============ TypeApkCommand Type = "apk-command" TypeHistoryDockerfile Type = "history-dockerfile" TypeImageConfigSecret Type = "image-config-secret" // ================= // Structured Config // ================= TypeAzureARM Type = Type(detection.FileTypeAzureARM) TypeCloudFormation Type = Type(detection.FileTypeCloudFormation) TypeDockerfile Type = Type(detection.FileTypeDockerfile) TypeHelm Type = Type(detection.FileTypeHelm) TypeKubernetes Type = Type(detection.FileTypeKubernetes) TypeTerraform Type = Type(detection.FileTypeTerraform) TypeTerraformPlan Type = Type(detection.FileTypeTerraformPlan) // ======== // License // ======== TypeLicenseFile Type = "license-file" // ======== // Secrets // ======== TypeSecret Type = "secret" // ======= // Red Hat // ======= TypeRedHatContentManifestType Type = "redhat-content-manifest" TypeRedHatDockerfileType Type = "redhat-dockerfile" )