v1

package

v0.3.58 Latest Latest Go to latest Published: Jan 28, 2025 License: Apache-2.0 Imports: 74 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubescape/kubevuln

Documentation ¶

Index ¶

Constants
func CleanDigestAlgorithmName(name string) string
func Hashers(names ...string) ([]crypto.Hash, error)
func NormalizeImageID(imageID, imageTag string) string
type ApplicationProfileAdapter
- func NewApplicationProfileAdapter(repository ports.ApplicationProfileRepository) *ApplicationProfileAdapter
- func (a *ApplicationProfileAdapter) GetContainerRelevancyScans(ctx context.Context, namespace, name string) ([]ports.ContainerRelevancyScan, error)
type BackendAdapter
- func NewBackendAdapter(accountID, apiServerRestURL, eventReceiverRestURL, accessKey string) *BackendAdapter
type GrypeAdapter
- func NewGrypeAdapter(listingURL string, useDefaultMatchers bool) *GrypeAdapter
- func NewGrypeAdapterFixedDB() *GrypeAdapter
type SyftAdapter
- func NewSyftAdapter(scanTimeout time.Duration, maxImageSize int64, maxSBOMSize int) *SyftAdapter
- func (s *SyftAdapter) CreateSBOM(ctx context.Context, name, imageID, imageTag string, ...) (domain.SBOM, error)
- func (s *SyftAdapter) Version() string

Constants ¶

View Source

const ActionName = "vuln scan"

View Source

const ReporterName = "ca-vuln-scan"

Variables ¶

This section is empty.

Functions ¶

func CleanDigestAlgorithmName ¶ added in v0.3.0

func CleanDigestAlgorithmName(name string) string

func Hashers ¶ added in v0.3.0

func Hashers(names ...string) ([]crypto.Hash, error)

func NormalizeImageID ¶ added in v0.3.52

func NormalizeImageID(imageID, imageTag string) string

Types ¶

type ApplicationProfileAdapter ¶ added in v0.3.48

type ApplicationProfileAdapter struct {
	// contains filtered or unexported fields
}

func NewApplicationProfileAdapter ¶ added in v0.3.48

func NewApplicationProfileAdapter(repository ports.ApplicationProfileRepository) *ApplicationProfileAdapter

func (*ApplicationProfileAdapter) GetContainerRelevancyScans ¶ added in v0.3.48

func (a *ApplicationProfileAdapter) GetContainerRelevancyScans(ctx context.Context, namespace, name string) ([]ports.ContainerRelevancyScan, error)

type BackendAdapter ¶ added in v0.3.0

type BackendAdapter struct {
	// contains filtered or unexported fields
}

func NewBackendAdapter ¶ added in v0.3.0

func NewBackendAdapter(accountID, apiServerRestURL, eventReceiverRestURL, accessKey string) *BackendAdapter

func (*BackendAdapter) GetCVEExceptions ¶ added in v0.3.0

func (a *BackendAdapter) GetCVEExceptions(ctx context.Context) (domain.CVEExceptions, error)

func (*BackendAdapter) ReportError ¶ added in v0.3.14

func (a *BackendAdapter) ReportError(ctx context.Context, err error) error

ReportError reports the given error to the platform

func (*BackendAdapter) SendStatus ¶ added in v0.3.0

func (a *BackendAdapter) SendStatus(ctx context.Context, step int) error

SendStatus sends the given status and details to the platform

func (*BackendAdapter) SubmitCVE ¶ added in v0.3.0

func (a *BackendAdapter) SubmitCVE(ctx context.Context, cve domain.CVEManifest, cvep domain.CVEManifest) error

SubmitCVE submits the given CVE to the platform

type GrypeAdapter ¶

type GrypeAdapter struct {
	// contains filtered or unexported fields
}

GrypeAdapter implements CVEScanner from ports using Grype's API

func NewGrypeAdapter ¶

func NewGrypeAdapter(listingURL string, useDefaultMatchers bool) *GrypeAdapter

NewGrypeAdapter initializes the GrypeAdapter structure DB loading is done via readiness probes

func NewGrypeAdapterFixedDB ¶ added in v0.2.99

func NewGrypeAdapterFixedDB() *GrypeAdapter

func (*GrypeAdapter) DBVersion ¶

func (g *GrypeAdapter) DBVersion(context.Context) string

DBVersion returns the vulnerabilities DB checksum which is used to tag CVE manifests

func (*GrypeAdapter) Ready ¶

func (g *GrypeAdapter) Ready(ctx context.Context) bool

Ready returns the status of the vulnerabilities DB

func (*GrypeAdapter) ScanSBOM ¶

func (g *GrypeAdapter) ScanSBOM(ctx context.Context, sbom domain.SBOM) (domain.CVEManifest, error)

ScanSBOM generates a CVE manifest by scanning an SBOM

func (*GrypeAdapter) Version ¶

func (g *GrypeAdapter) Version() string

Version returns Grype's version which is used to tag CVE manifests

type SyftAdapter ¶

type SyftAdapter struct {
	// contains filtered or unexported fields
}

SyftAdapter implements SBOMCreator from ports using Syft's API

func NewSyftAdapter ¶

func NewSyftAdapter(scanTimeout time.Duration, maxImageSize int64, maxSBOMSize int) *SyftAdapter

NewSyftAdapter initializes the SyftAdapter struct

func (*SyftAdapter) CreateSBOM ¶

func (s *SyftAdapter) CreateSBOM(ctx context.Context, name, imageID, imageTag string, options domain.RegistryOptions) (domain.SBOM, error)

CreateSBOM creates an SBOM for a given imageID, restrict parallelism to prevent disk space issues, a timeout prevents the process from hanging for too long. Format is syft JSON and the resulting SBOM is tagged with the Syft version.

func (*SyftAdapter) Version ¶

func (s *SyftAdapter) Version() string

Version returns Syft's version which is used to tag SBOMs

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL