Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner verifies that existing resources don't violate any of the policies.
func NewScanner ¶
func NewScanner( policiesClient *policies.Client, k8sClient *k8s.Client, policyReportStore *report.PolicyReportStore, outputScan bool, disableStore bool, insecureClient bool, caCertFile string, parallelNamespacesAudits int, parallelResourcesAudits int, parallelPoliciesAudits int, ) (*Scanner, error)
NewScanner creates a new scanner If insecureClient is false, it will read the caCertFile and add it to the in-app cert trust store. This gets used by the httpClient when connection to PolicyServers endpoints.
func (*Scanner) ScanAllNamespaces ¶
ScanAllNamespaces scans resources for all namespaces, except the ones in the skipped list. Returns errors if there's any when fetching policies or resources, but only logs them if there's a problem auditing the resource of saving the Report or Result, so it can continue with the next audit, or next Result.
func (*Scanner) ScanClusterWideResources ¶
ScanClusterWideResources scans all cluster wide resources. Returns errors if there's any when fetching policies or resources, but only logs them if there's a problem auditing the resource of saving the Report or Result, so it can continue with the next audit, or next Result.
func (*Scanner) ScanNamespace ¶
ScanNamespace scans resources for a given namespace. Returns errors if there's any when fetching policies or resources, but only logs them if there's a problem auditing the resource of saving the Report or Result, so it can continue with the next audit, or next Result.
Source Files