score

package
v0.0.243 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2023 License: Apache-2.0 Imports: 16 Imported by: 2

Documentation

Overview

Package score compute a security risk score based on a given framework.

This package supports reporthandling models v1 and v2.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ControlScoreWeights 

type ControlScoreWeights struct {
	BaseScore                    float32 `json:"baseScore"`
	RuntimeImprovementMultiplier float32 `json:"improvementRatio"`
}

type ScoreUtil 

type ScoreUtil struct {
	K8SApoObj *k8sinterface.KubernetesApi
	// contains filtered or unexported fields
}

ScoreUtil knows how to compute vulnerability risk scores for frameworks and the controls they define.

func NewScore 

func NewScore(allResources map[string]workloadinterface.IMetadata) *ScoreUtil

NewScore build a new ScoreUtil computer.

func (*ScoreUtil) Calculate 

func (su *ScoreUtil) Calculate(frameworksReports []reporthandling.FrameworkReport) error

Calculate scores from a list of framework reports.

Each report is updated in place with the score.

func (*ScoreUtil) CalculateFrameworkScore 

func (su *ScoreUtil) CalculateFrameworkScore(framework *reporthandling.FrameworkReport) error

CalculateFrameworkScore computes the score according to a given framework report.

This method works against the data model v1.

The report is updated in place.

func (*ScoreUtil) CalculatePostureReportV2 

func (su *ScoreUtil) CalculatePostureReportV2(report *v2.PostureReport) error

CalculatePostureReportV2 calculates controls by framework score.

func (*ScoreUtil) ControlScore 

func (su *ScoreUtil) ControlScore(ctrlReport *reporthandling.ControlReport, _ string) (float32, float32)

ControlScore yields the unnormalized score contribution of a framework's control, as well as the weight used to normalize.

This method works against the data model v1.

ctrlReport: reporthandling.ControlReport object, must contain down the line the input resources as well as the output resources frameworkName: calculates this control according to a given framework weights (currently unused)

ctrl.score = baseScore * SUM_resource (resourceWeight*min(#replicas*replicaweight,1)(nodes if daemonset)

The input ctrlReport is updated with the new (normalized) score, that is the percentage: controlScore*100/wssscore.

Returns wcsscore,ctrlscore(unnormalized)

The wcsscore is evaluated over all resources, whereas the control score is evaluated only on resources that have failed this control.

func (*ScoreUtil) ControlV2Score 

func (su *ScoreUtil) ControlV2Score(ctrl reportsummary.IControlSummary, _ string) (ctrlScore float32, unormalizedScore float32, wcsScore float32)

ControlV2Score returns the score for a given control (as a percentage), the unnormalized score and the weight.

This method works against the data model v2.

IControlSummary: requires a fully populated set of controls (with resources, statuses and score factor hydrated). We assume that ListResourcesIDs() operates the same as when scanning controls declared by frameworks.

frameworkName - calculate this control according to a given framework weights (unused for now)

ctrl.score = baseScore * SUM_resource (resourceWeight*min(#replicas*replicaweight,1)(nodes if daemonset)

Returns: ctrlscore(normalized),ctrlscore(unnormalized),wcsscore,

func (*ScoreUtil) ControlsSummariesComplianceScore added in v0.0.243 

func (su *ScoreUtil) ControlsSummariesComplianceScore(ctrls *reportsummary.ControlSummaries, frameworkName string) (sumScore float32)

ControlsSummariesComplianceScore sets the controls compliance score and returns the sum of all controls scores

func (*ScoreUtil) ControlsSummariesScore 

func (su *ScoreUtil) ControlsSummariesScore(ctrls *reportsummary.ControlSummaries, frameworkName string) (totalUnormalizedScore float32, totalWcsScore float32)

func (*ScoreUtil) GetControlComplianceScore added in v0.0.243 

func (su *ScoreUtil) GetControlComplianceScore(ctrl reportsummary.IControlSummary, _ string) (ctrlScore float32)

GetControlComplianceScore returns the compliance score for a given control (as a percentage).

func (*ScoreUtil) GetFrameworkComplianceScore added in v0.0.243 

func (su *ScoreUtil) GetFrameworkComplianceScore(framework *reportsummary.FrameworkSummary) (frameworkScore float32)

GetFrameworkComplianceScore returns the compliance score for a given framework (as a percentage) The framework compliance score is the average of all controls scores in that framework

func (*ScoreUtil) GetScore 

func (su *ScoreUtil) GetScore(v map[string]interface{}) float32

GetScore decodes a workload from the input map and yields the associated score.

The default score is 1.00 for any object that is not recognized.

Special rules:

  • daemonset: daemonsetScore * #desired nodes
  • workloads with replicas: replicaFactor * workloadkindscore * #replicas

This method is used with all versions of the reporthandling model.

func (*ScoreUtil) SetPostureReportComplianceScores added in v0.0.243 

func (su *ScoreUtil) SetPostureReportComplianceScores(report *v2.PostureReport) error

SetPostureReportComplianceScores calculates and populates scores for all controls, frameworks and whole scan.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.