imgvuln

package
v0.0.0-...-25056e1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 7, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// NamespaceName the name of the namespace in which imgvuln stores its
	// configuration and where it runs scan jobs.
	NamespaceName = "trivy-adapter"

	// ServiceAccountName the name of the service account used to provide
	// identity for scan jobs run by imgvuln.
	ServiceAccountName = "trivy-adapter"

	// ConfigMapName the name of the ConfigMap where imgvuln stores its
	// configuration.
	ConfigMapName = "trivy-adapter"

	// SecretName the name of the secret where imgvuln stores is sensitive
	// configuration.
	SecretName = "trivy-adapter"
)
View Source 
const (
	LabelResourceKind      = "trivy-adapter.resource.kind"
	LabelResourceName      = "trivy-adapter.resource.name"
	LabelResourceNamespace = "trivy-adapter.resource.namespace"
	LabelContainerName     = "trivy-adapter.container.name"
	LabelPodSpecHash       = "pod-spec-hash"
	LabelPluginConfigHash  = "plugin-config-hash"

	LabelVulnerabilityReportScanner = "vulnerabilityReport.scanner"

	LabelK8SAppManagedBy = "app.kubernetes.io/managed-by"
	Appimgvuln           = "trivy-adapter"
)
View Source 
const (
	AnnotationContainerImages    = "trivyadapter.container-images"
	AnnotationScanJobAnnotations = "scanJob.annotations"
)

Variables

This section is empty.

Functions

func GetPluginConfigMapName 

func GetPluginConfigMapName(pluginName string) string

GetPluginConfigMapName returns the name of a ConfigMap used to configure a plugin with the given name. TODO Rename to GetPluginConfigObjectName as this method is used to determine the name of ConfigMaps and Secrets.

func GetVersionFromImageRef 

func GetVersionFromImageRef(imageRef string) (string, error)

GetVersionFromImageRef returns the image identifier for the specified image reference.

func LinuxNodeAffinity 

func LinuxNodeAffinity() *corev1.Affinity

LinuxNodeAffinity constructs a new Affinity resource with linux supported nodes.

func NewScheme 

func NewScheme() *runtime.Scheme

Types

type BuildInfo 

type BuildInfo struct {
	Version    string
	Commit     string
	Date       string
	Executable string
}

BuildInfo holds build info such as Git revision, Git SHA-1, build datetime, and the name of the executable binary.

type ConfigData 

type ConfigData map[string]string

ConfigData holds trivy-adapter configuration settings as a set of key-value pairs.

func GetDefaultConfig 

func GetDefaultConfig() ConfigData

GetDefaultConfig returns the default configuration settings.

func (ConfigData) GetRequiredData 

func (c ConfigData) GetRequiredData(key string) (string, error)

func (ConfigData) GetScanJobAnnotations 

func (c ConfigData) GetScanJobAnnotations() (map[string]string, error)

func (ConfigData) GetScanJobTolerations 

func (c ConfigData) GetScanJobTolerations() ([]corev1.Toleration, error)

func (ConfigData) GetVulnerabilityReportsScanner 

func (c ConfigData) GetVulnerabilityReportsScanner() (Scanner, error)

type ConfigManager 

type ConfigManager interface {
	EnsureDefault(ctx context.Context) error
	Read(ctx context.Context) (ConfigData, error)
	Delete(ctx context.Context) error
}

ConfigManager defines methods for managing ConfigData.

func NewConfigManager 

func NewConfigManager(client kubernetes.Interface, namespace string) ConfigManager

NewConfigManager constructs a new ConfigManager that is using kubernetes.Interface to manage ConfigData backed by the ConfigMap stored in the specified namespace.

type PluginConfig 

type PluginConfig struct {
	Data       map[string]string
	SecretData map[string][]byte
}

PluginConfig holds plugin configuration settings.

func (PluginConfig) GetRequiredData 

func (c PluginConfig) GetRequiredData(key string) (string, error)

type PluginContext 

type PluginContext interface {
	// GetName returns the name of the plugin.
	GetName() string
	// GetConfig returns the PluginConfig object that holds configuration settings of the plugin.
	GetConfig() (PluginConfig, error)
	// EnsureConfig ensures the PluginConfig, typically when a plugin is initialized.
	EnsureConfig(config PluginConfig) error
	// GetNamespace return the name of the K8s Namespace where trivy-adapter creates Jobs
	// and other helper objects.aquasecurity
	GetNamespace() string
	// GetServiceAccountName return the name of the K8s Service Account used to run workloads
	// created by trivy-adapter.
	GetServiceAccountName() string
}

PluginContext is plugin's execution context within the trivy-adapter toolkit. The context is used to grant access to other methods so that this plugin can interact with the toolkit.

type PluginContextBuilder 

type PluginContextBuilder struct {
	// contains filtered or unexported fields
}

func NewPluginContext 

func NewPluginContext() *PluginContextBuilder

func (*PluginContextBuilder) Get 

func (b *PluginContextBuilder) Get() PluginContext

func (*PluginContextBuilder) WithClient 

func (b *PluginContextBuilder) WithClient(client client.Client) *PluginContextBuilder

func (*PluginContextBuilder) WithName 

func (b *PluginContextBuilder) WithName(name string) *PluginContextBuilder

func (*PluginContextBuilder) WithNamespace 

func (b *PluginContextBuilder) WithNamespace(namespace string) *PluginContextBuilder

func (*PluginContextBuilder) WithServiceAccountName 

func (b *PluginContextBuilder) WithServiceAccountName(name string) *PluginContextBuilder

type Scanner 

type Scanner string

Scanner represents unique, human readable identifier of a security scanner. 

const (
	Trivy Scanner = "Trivy"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.