trivy

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ArtifactType 

type ArtifactType string

type BuildInfo 

type BuildInfo struct {
	ContentSets []string `json:",omitempty"`
	Nvr         string   `json:",omitempty"`
	Arch        string   `json:",omitempty"`
}

BuildInfo represents information under /root/buildinfo in RHEL

type CVSS 

type CVSS struct {
	V2Vector string  `json:"V2Vector,omitempty"`
	V3Vector string  `json:"V3Vector,omitempty"`
	V2Score  float64 `json:"V2Score,omitempty"`
	V3Score  float64 `json:"V3Score,omitempty"`
}

type CVSSVector 

type CVSSVector struct {
	V2 string `json:"v2,omitempty"`
	V3 string `json:"v3,omitempty"`
}

type CauseMetadata 

type CauseMetadata struct {
	Resource    string       `json:",omitempty"`
	Provider    string       `json:",omitempty"`
	Service     string       `json:",omitempty"`
	StartLine   int          `json:",omitempty"`
	EndLine     int          `json:",omitempty"`
	Code        Code         `json:",omitempty"`
	Occurrences []Occurrence `json:",omitempty"`
}

type Code 

type Code struct {
	Lines []Line
}

type Compliance 

type Compliance = string

type Config 

type Config struct {
	AttachStderr    bool                `json:"AttachStderr,omitempty"`
	AttachStdin     bool                `json:"AttachStdin,omitempty"`
	AttachStdout    bool                `json:"AttachStdout,omitempty"`
	Cmd             []string            `json:"Cmd,omitempty"`
	Healthcheck     *HealthConfig       `json:"Healthcheck,omitempty"`
	Domainname      string              `json:"Domainname,omitempty"`
	Entrypoint      []string            `json:"Entrypoint,omitempty"`
	Env             []string            `json:"Env,omitempty"`
	Hostname        string              `json:"Hostname,omitempty"`
	Image           string              `json:"Image,omitempty"`
	Labels          map[string]string   `json:"Labels,omitempty"`
	OnBuild         []string            `json:"OnBuild,omitempty"`
	OpenStdin       bool                `json:"OpenStdin,omitempty"`
	StdinOnce       bool                `json:"StdinOnce,omitempty"`
	Tty             bool                `json:"Tty,omitempty"`
	User            string              `json:"User,omitempty"`
	Volumes         map[string]struct{} `json:"Volumes,omitempty"`
	WorkingDir      string              `json:"WorkingDir,omitempty"`
	ExposedPorts    map[string]struct{} `json:"ExposedPorts,omitempty"`
	ArgsEscaped     bool                `json:"ArgsEscaped,omitempty"`
	NetworkDisabled bool                `json:"NetworkDisabled,omitempty"`
	MacAddress      string              `json:"MacAddress,omitempty"`
	StopSignal      string              `json:"StopSignal,omitempty"`
	Shell           []string            `json:"Shell,omitempty"`
}

type ConfigFile 

type ConfigFile struct {
	Architecture string `json:"architecture"`
	Author       string `json:"author,omitempty"`
	Container    string `json:"container,omitempty"`
	// Created       Time    `json:"created,omitempty"`
	Created       string    `json:"created,omitempty"`
	DockerVersion string    `json:"docker_version,omitempty"`
	History       []History `json:"history,omitempty"`
	OS            string    `json:"os"`
	RootFS        RootFS    `json:"rootfs"`
	Config        Config    `json:"config"`

	Variant string `json:"variant,omitempty"`
}

type DataSource 

type DataSource struct {
	ID   SourceID `json:",omitempty"`
	Name string   `json:",omitempty"`
	URL  string   `json:",omitempty"`
}

type DetectedLicense 

type DetectedLicense struct {
	// Severity is the consistent parameter indicating how severe the issue is
	Severity string

	// Category holds the license category such as "forbidden"
	Category LicenseCategory

	// PkgName holds a package name of the license.
	// It will be empty if FilePath is filled.
	PkgName string

	// PkgName holds a file path of the license.
	// It will be empty if PkgName is filled.
	FilePath string // for file license

	// Name holds a detected license name
	Name string

	// Confidence is level of the match. The confidence level is between 0.0 and 1.0, with 1.0 indicating an
	// exact match and 0.0 indicating a complete mismatch
	Confidence float64

	// Link is a SPDX link of the license
	Link string
}

type DetectedMisconfiguration 

type DetectedMisconfiguration struct {
	Type          string        `json:",omitempty"`
	ID            string        `json:",omitempty"`
	AVDID         string        `json:",omitempty"`
	Title         string        `json:",omitempty"`
	Description   string        `json:",omitempty"`
	Message       string        `json:",omitempty"`
	Namespace     string        `json:",omitempty"`
	Query         string        `json:",omitempty"`
	Resolution    string        `json:",omitempty"`
	Severity      string        `json:",omitempty"`
	PrimaryURL    string        `json:",omitempty"`
	References    []string      `json:",omitempty"`
	Status        MisconfStatus `json:",omitempty"`
	Layer         Layer         `json:",omitempty"`
	CauseMetadata CauseMetadata `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

DetectedMisconfiguration holds detected misconfigurations

type DetectedVulnerability 

type DetectedVulnerability struct {
	VulnerabilityID  string   `json:",omitempty"`
	VendorIDs        []string `json:",omitempty"`
	PkgID            string   `json:",omitempty"` // It is used to construct dependency graph.
	PkgName          string   `json:",omitempty"`
	PkgPath          string   `json:",omitempty"` // This field is populated in the case of language-specific packages such as egg/wheel and gemspec
	InstalledVersion string   `json:",omitempty"`
	FixedVersion     string   `json:",omitempty"`
	Status           string   `json:",omitempty"`
	Layer            Layer    `json:",omitempty"`
	SeveritySource   SourceID `json:",omitempty"`
	PrimaryURL       string   `json:",omitempty"`

	// PkgRef is populated only when scanning SBOM and contains the reference ID used in the SBOM.
	// It could be PURL, UUID, etc.
	// e.g.
	//    - pkg:npm/acme/component@1.0.0
	//    - b2a46a4b-8367-4bae-9820-95557cfe03a8
	PkgRef string `json:",omitempty"`

	// DataSource holds where the advisory comes from
	DataSource *DataSource `json:",omitempty"`

	// Custom is for extensibility and not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`

	// Embed vulnerability details
	Vulnerability
}

DetectedVulnerability holds the information of detected vulnerabilities

func (*DetectedVulnerability) ID 

func (x *DetectedVulnerability) ID() string

type Digest 

type Digest string

type Format 

type Format string

type Hash 

type Hash struct {
	// Algorithm holds the algorithm used to compute the hash.
	Algorithm string

	// Hex holds the hex portion of the content hash.
	Hex string
}

type HealthConfig 

type HealthConfig struct {
	// Test is the test to perform to check that the container is healthy.
	// An empty slice means to inherit the default.
	// The options are:
	// {} : inherit healthcheck
	// {"NONE"} : disable healthcheck
	// {"CMD", args...} : exec arguments directly
	// {"CMD-SHELL", command} : run command with system's default shell
	Test []string `json:",omitempty"`

	// Zero means to inherit. Durations are expressed as integer nanoseconds.
	Interval    time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
	Timeout     time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
	StartPeriod time.Duration `json:",omitempty"` // The start period for the container to initialize before the retries starts to count down.

	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
	// Zero means inherit.
	Retries int `json:",omitempty"`
}

type History 

type History struct {
	Author     string `json:"author,omitempty"`
	Created    string `json:"created,omitempty"`
	CreatedBy  string `json:"created_by,omitempty"`
	Comment    string `json:"comment,omitempty"`
	EmptyLayer bool   `json:"empty_layer,omitempty"`
}

type Layer 

type Layer struct {
	Digest    string `json:",omitempty"`
	DiffID    string `json:",omitempty"`
	CreatedBy string `json:",omitempty"`
}

type LicenseCategory 

type LicenseCategory string

type Line 

type Line struct {
	Number      int    `json:"Number"`
	Content     string `json:"Content"`
	IsCause     bool   `json:"IsCause"`
	Annotation  string `json:"Annotation"`
	Truncated   bool   `json:"Truncated"`
	Highlighted string `json:"Highlighted,omitempty"`
	FirstCause  bool   `json:"FirstCause"`
	LastCause   bool   `json:"LastCause"`
}

type Location 

type Location struct {
	StartLine int `json:",omitempty"`
	EndLine   int `json:",omitempty"`
}

type Metadata 

type Metadata struct {
	Size int64 `json:",omitempty"`
	OS   *OS   `json:",omitempty"`

	// Container image
	ImageID     string     `json:",omitempty"`
	DiffIDs     []string   `json:",omitempty"`
	RepoTags    []string   `json:",omitempty"`
	RepoDigests []string   `json:",omitempty"`
	ImageConfig ConfigFile `json:",omitempty"`
}

Metadata represents a metadata of artifact

type MisconfStatus 

type MisconfStatus string

type MisconfSummary 

type MisconfSummary struct {
	Successes  int
	Failures   int
	Exceptions int
}

type OS 

type OS struct {
	Family string
	Name   string
	Eosl   bool `json:"EOSL,omitempty"`

	// This field is used for enhanced security maintenance programs such as Ubuntu ESM, Debian Extended LTS.
	Extended bool `json:"extended,omitempty"`
}

type Occurrence 

type Occurrence struct {
	Resource string `json:",omitempty"`
	Filename string `json:",omitempty"`
	Location Location
}

type Package 

type Package struct {
	ID         string   `json:",omitempty"`
	Name       string   `json:",omitempty"`
	Version    string   `json:",omitempty"`
	Release    string   `json:",omitempty"`
	Epoch      int      `json:",omitempty"`
	Arch       string   `json:",omitempty"`
	Dev        bool     `json:",omitempty"`
	SrcName    string   `json:",omitempty"`
	SrcVersion string   `json:",omitempty"`
	SrcRelease string   `json:",omitempty"`
	SrcEpoch   int      `json:",omitempty"`
	Licenses   []string `json:",omitempty"`
	Maintainer string   `json:",omitempty"`

	Modularitylabel string     `json:",omitempty"` // only for Red Hat based distributions
	BuildInfo       *BuildInfo `json:",omitempty"` // only for Red Hat

	Ref      string `json:",omitempty"` // identifier which can be used to reference the component elsewhere
	Indirect bool   `json:",omitempty"` // this package is direct dependency of the project or not

	// Dependencies of this package
	// Note: it may have interdependencies, which may lead to infinite loops.
	DependsOn []string `json:",omitempty"`

	Layer Layer `json:",omitempty"`

	// Each package metadata have the file path, while the package from lock files does not have.
	FilePath string `json:",omitempty"`

	// This is required when using SPDX formats. Otherwise, it will be empty.
	Digest Digest `json:",omitempty"`

	// lines from the lock file where the dependency is written
	Locations []Location `json:",omitempty"`
}

type Report 

type Report struct {
	SchemaVersion int          `json:",omitempty"`
	ArtifactName  string       `json:",omitempty"`
	ArtifactType  ArtifactType `json:",omitempty"`
	Metadata      Metadata     `json:",omitempty"`
	Results       Results      `json:",omitempty"`
}

func (*Report) Validate 

func (x *Report) Validate() error

Validate checks the required fields are filled. Currently, it checks only schema version.

type Repository 

type Repository struct {
	Family  string `json:",omitempty"`
	Release string `json:",omitempty"`
}

type Result 

type Result struct {
	Target            string                     `json:"Target"`
	Class             ResultClass                `json:"Class,omitempty"`
	Type              string                     `json:"Type,omitempty"`
	Packages          []Package                  `json:"Packages,omitempty"`
	Vulnerabilities   []DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
	MisconfSummary    *MisconfSummary            `json:"MisconfSummary,omitempty"`
	Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
	Secrets           []SecretFinding            `json:"Secrets,omitempty"`
	Licenses          []DetectedLicense          `json:"Licenses,omitempty"`
}

type ResultClass 

type ResultClass string

type Results 

type Results []Result

type RootFS 

type RootFS struct {
	Type    string `json:"type"`
	DiffIDs []Hash `json:"diff_ids"`
}

type Secret 

type Secret struct {
	FilePath string
	Findings []SecretFinding
}

type SecretFinding 

type SecretFinding struct {
	RuleID    string
	Category  SecretRuleCategory
	Severity  string
	Title     string
	StartLine int
	EndLine   int
	Code      Code
	Match     string
	Layer     Layer `json:",omitempty"`
}

type SecretRuleCategory 

type SecretRuleCategory string

type Severity 

type Severity int

type SourceID 

type SourceID string

type Status 

type Status int

type VendorCVSS 

type VendorCVSS map[SourceID]CVSS

type Vulnerability 

type Vulnerability struct {
	Title       string   `json:",omitempty"`
	Description string   `json:",omitempty"`
	Severity    string   `json:",omitempty"` // Selected from VendorSeverity, depending on a scan target
	CweIDs      []string `json:",omitempty"` // e.g. CWE-78, CWE-89

	CVSS             VendorCVSS `json:",omitempty"`
	References       []string   `json:",omitempty"`
	PublishedDate    string     `json:",omitempty"` // Take from NVD
	LastModifiedDate string     `json:",omitempty"` // Take from NVD

	// Custom is basically for extensibility and is not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.