Documentation ¶
Index ¶
- Constants
- func EcosystemsToScanners(ctx context.Context, ecosystems []*Ecosystem) ([]PackageScanner, []DistributionScanner, []RepositoryScanner, error)
- type Coalescer
- type ConfigDeserializer
- type ConfigurableScanner
- type DistributionScanner
- type Ecosystem
- type FetchArena
- type Indexer
- type LayerArtifacts
- type LayerScanner
- type Opts
- type PackageScanner
- type Querier
- type RPCScanner
- type Realizer
- type RepositoryScanner
- type Setter
- type Store
- type VersionedScanner
- type VersionedScanners
- func (vs *VersionedScanners) DStoVS(scnrs []DistributionScanner)
- func (vs *VersionedScanners) PStoVS(scnrs []PackageScanner)
- func (vs *VersionedScanners) RStoVS(scnrs []RepositoryScanner)
- func (vs VersionedScanners) VStoDS() []DistributionScanner
- func (vs VersionedScanners) VStoPS() []PackageScanner
- func (vs VersionedScanners) VStoRS() []RepositoryScanner
Constants ¶
const (
Package = "package"
)
Variables ¶
This section is empty.
Functions ¶
func EcosystemsToScanners ¶
func EcosystemsToScanners(ctx context.Context, ecosystems []*Ecosystem) ([]PackageScanner, []DistributionScanner, []RepositoryScanner, error)
EcosystemsToScanners extracts and dedupes multiple ecosystems and returns their discrete scanners.
Types ¶
type Coalescer ¶
type Coalescer interface {
Coalesce(ctx context.Context, artifacts []*LayerArtifacts) (*claircore.IndexReport, error)
}
Coalescer takes a set of layers and creates coalesced IndexReport.
A coalesced IndexReport should provide only the packages present in the final container image once all layers were applied.
type ConfigDeserializer ¶
type ConfigDeserializer func(interface{}) error
ConfigDeserializer can be thought of as an Unmarshal function with the byte slice provided.
This will typically be something like (*json.Decoder).Decode.
type ConfigurableScanner ¶
type ConfigurableScanner interface {
Configure(context.Context, ConfigDeserializer) error
}
ConfigurableScanner is an interface scanners can implement to receive configuration.
type DistributionScanner ¶
type DistributionScanner interface { VersionedScanner Scan(context.Context, *claircore.Layer) ([]*claircore.Distribution, error) }
DistributionScanner reports the Distributions found in a given layer.
type Ecosystem ¶
type Ecosystem struct { PackageScanners func(ctx context.Context) ([]PackageScanner, error) DistributionScanners func(ctx context.Context) ([]DistributionScanner, error) RepositoryScanners func(ctx context.Context) ([]RepositoryScanner, error) Coalescer func(ctx context.Context) (Coalescer, error) Name string }
Ecosystems group together scanners and a Coalescer which are commonly used together.
A typical ecosystem is "dpkg" which will use the "dpkg" package indexer, the "os-release" distribution scanner and the "apt" repository scanner.
A Controller will scan layers with all scanners present in its configured ecosystems.
type FetchArena ¶ added in v1.4.22
FetchArena does coordination and global refcounting.
type Indexer ¶
type Indexer interface { // IndexPackages indexes a package into the persistence layer. IndexPackages(ctx context.Context, pkgs []*claircore.Package, layer *claircore.Layer, scnr VersionedScanner) error // IndexDistributions indexes distributions into the persistence layer. IndexDistributions(ctx context.Context, dists []*claircore.Distribution, layer *claircore.Layer, scnr VersionedScanner) error // IndexRepositories indexes repositories into the persistence layer. IndexRepositories(ctx context.Context, repos []*claircore.Repository, layer *claircore.Layer, scnr VersionedScanner) error // IndexManifest should index the coalesced manifest's content given an IndexReport. IndexManifest(ctx context.Context, ir *claircore.IndexReport) error }
Indexer interface provide the method set required for indexing layer and manifest contents into a persistent store.
type LayerArtifacts ¶
type LayerArtifacts struct { Hash claircore.Digest Pkgs []*claircore.Package Dist []*claircore.Distribution // each layer can only have a single distribution Repos []*claircore.Repository }
LayerArifact aggregates the artifacts found within a layer.
type LayerScanner ¶
type LayerScanner struct {
// contains filtered or unexported fields
}
func NewLayerScanner ¶ added in v1.4.22
NewLayerScanner is the constructor for a LayerScanner.
The provided Context is only used for the duration of the call.
func (*LayerScanner) Scan ¶
func (ls *LayerScanner) Scan(ctx context.Context, manifest claircore.Digest, layers []*claircore.Layer) error
Scan performs a concurrency controlled scan of each layer by each configured scanner, indexing the results on successful completion.
Scan will launch all layer scan goroutines immediately and then only allow the configured limit to proceed.
The provided Context controls cancellation for all scanners. The first error reported halts all work and is returned from Scan.
type Opts ¶
type Opts struct { Client *http.Client ScannerConfig struct { Package, Dist, Repo map[string]func(interface{}) error } Store Store LayerScanner *LayerScanner FetchArena FetchArena Ecosystems []*Ecosystem Vscnrs VersionedScanners }
Opts are options to instantiate a indexer
type PackageScanner ¶
type PackageScanner interface { VersionedScanner // Scan performs a package scan on the given layer and returns all // the found packages Scan(context.Context, *claircore.Layer) ([]*claircore.Package, error) }
PackageScanner provides an interface for unique identification or a PackageScanner and a Scan method for extracting installed packages from an individual container layer
func NewPackageScannerMock ¶
func NewPackageScannerMock(name, version, kind string) PackageScanner
type Querier ¶
type Querier interface { // ManifestScanned returns whether the given manifest was scanned by the provided scanners. ManifestScanned(ctx context.Context, hash claircore.Digest, scnrs VersionedScanners) (bool, error) // LayerScanned returns whether the given layer was scanned by the provided scanner. LayerScanned(ctx context.Context, hash claircore.Digest, scnr VersionedScanner) (bool, error) // PackagesByLayer gets all the packages found in a layer limited by the provided scanners. PackagesByLayer(ctx context.Context, hash claircore.Digest, scnrs VersionedScanners) ([]*claircore.Package, error) // DistributionsByLayer gets all the distributions found in a layer limited by the provided scanners. DistributionsByLayer(ctx context.Context, hash claircore.Digest, scnrs VersionedScanners) ([]*claircore.Distribution, error) // RepositoriesByLayer gets all the repositories found in a layer limited by the provided scanners. RepositoriesByLayer(ctx context.Context, hash claircore.Digest, scnrs VersionedScanners) ([]*claircore.Repository, error) // IndexReport attempts to retrieve a persisted IndexReport. IndexReport(ctx context.Context, hash claircore.Digest) (*claircore.IndexReport, bool, error) // AffectedManifests returns a list of manifest digests which the target vulnerability // affects. AffectedManifests(ctx context.Context, v claircore.Vulnerability, f claircore.CheckVulnernableFunc) ([]claircore.Digest, error) }
Querier interface provides the method set to ascertain indexed artifacts and query whether a layer or manifest has been scanned.
type RPCScanner ¶
RPCScanner is an interface scanners can implement to receive configuration and denote that they expect to be able to talk to the network at run time.
type Realizer ¶
Realizer is responsible for downloading a layer, uncompressing if necessary, and making the uncompressed tar contents available for reading.
type RepositoryScanner ¶
type RepositoryScanner interface { VersionedScanner Scan(context.Context, *claircore.Layer) ([]*claircore.Repository, error) }
type Setter ¶
type Setter interface { // PersistManifest must store the presence of a manifest and it's layers into the system. // // Typically this will write into identity tables so later methods have a foreign key // to reference and data integrity is applied. PersistManifest(ctx context.Context, manifest claircore.Manifest) error // DeleteManifests removes the manifests indicated by the passed digests // from the backing store. DeleteManifests(context.Context, ...claircore.Digest) ([]claircore.Digest, error) // SetLayerScanned marks the provided layer hash successfully scanned by the provided versioned scanner. // // After this method is returned a call to Querier.LayerScanned with the same arguments must return true. SetLayerScanned(ctx context.Context, hash claircore.Digest, scnr VersionedScanner) error // RegisterPackageScanners registers the provided scanners with the persistence layer. RegisterScanners(ctx context.Context, scnrs VersionedScanners) error // SetIndexReport persists the current state of the IndexReport. // // IndexReports maybe in intermediate states to provide feedback for clients. this method should be // used to communicate scanning state updates. to signal the scan has completely successfully // see SetIndexFinished. SetIndexReport(context.Context, *claircore.IndexReport) error // SetIndexFinished marks a scan successfully completed. // // After this method returns a call to Querier.ManifestScanned with the manifest hash represted in the provided IndexReport // must return true. // // Also a call to Querier.IndexReport with the manifest hash represted in the provided IndexReport must return the IndexReport // in finished state. SetIndexFinished(ctx context.Context, sr *claircore.IndexReport, scnrs VersionedScanners) error }
Setter interface provides the method set for required marking events, or registering components, associated with an Index operation.
type Store ¶
type Store interface { Setter Querier Indexer // Close frees any resources associated with the Store. Close(context.Context) error }
Store is an interface for dealing with objects libindex needs to persist. Stores may be implemented per storage backend.
type VersionedScanner ¶
type VersionedScanner interface { // unique name of the distribution scanner. Name() string // version of this scanner. this information will be persisted with the scan. Version() string // the kind of scanner. currently only package is implemented Kind() string }
VersionedScanner can be embedded into specific scanner types. This allows for methods and functions which only need to compare names and versions of scanners not to require each scanner type as an argument.
type VersionedScanners ¶
type VersionedScanners []VersionedScanner
VersionedScanners implements a list with construction methods not concurrency safe
func MergeVS ¶
func MergeVS(pscnr []PackageScanner, dscnr []DistributionScanner, rscnr []RepositoryScanner) VersionedScanners
MergeVS merges lists of scanners into a single list of VersionedScanner types
func (*VersionedScanners) DStoVS ¶
func (vs *VersionedScanners) DStoVS(scnrs []DistributionScanner)
DStoVS takes an array of DistributionScanners and appends VersionedScanners with VersionScanner types.
func (*VersionedScanners) PStoVS ¶
func (vs *VersionedScanners) PStoVS(scnrs []PackageScanner)
func (*VersionedScanners) RStoVS ¶
func (vs *VersionedScanners) RStoVS(scnrs []RepositoryScanner)
RStoVS takes an array of RepositoryScanners and appends VersionedScanners with VersionScanner types.
func (VersionedScanners) VStoDS ¶
func (vs VersionedScanners) VStoDS() []DistributionScanner
VStoDS returns an array of DistributionScanners
func (VersionedScanners) VStoPS ¶
func (vs VersionedScanners) VStoPS() []PackageScanner
VStoPS returns an array of PackageScanners
func (VersionedScanners) VStoRS ¶
func (vs VersionedScanners) VStoRS() []RepositoryScanner
VStoRS returns an array of RepositoryScanners