Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Details ¶
type Details struct { Name string `json:"name"` // Fixed package version string mapped to an array of CVE ids affecting the // package. Secfixes map[string][]string `json:"secfixes"` }
Details define a package's name and relevant security fixes included in a given version.
type DistributionScanner ¶ added in v0.0.14
type DistributionScanner struct{}
DistributionScanner attempts to discover if a layer displays characteristics of a alpine distribution
func (*DistributionScanner) Kind ¶ added in v0.0.14
func (*DistributionScanner) Kind() string
Kind implements scanner.VersionedScanner.
func (*DistributionScanner) Name ¶ added in v0.0.14
func (*DistributionScanner) Name() string
Name implements scanner.VersionedScanner.
func (*DistributionScanner) Scan ¶ added in v0.0.14
func (s *DistributionScanner) Scan(ctx context.Context, l *claircore.Layer) ([]*claircore.Distribution, error)
Scan will inspect the layer for an os-release or issue file and perform a regex match for keywords indicating the associated alpine release
If neither file is found a (nil, nil) is returned. If the files are found but all regexp fail to match an empty slice is returned.
func (*DistributionScanner) Version ¶ added in v0.0.14
func (*DistributionScanner) Version() string
Version implements scanner.VersionedScanner.
type Factory ¶ added in v1.4.3
type Factory struct {
// contains filtered or unexported fields
}
Factory is an UpdaterSetFactory for ingesting an Alpine SecDB.
Factory expects to be able to discover a directory layout like the one at [https://secdb.alpinelinux.org/] at the configured URL. More explicitly, it expects: - a "last-update" file with opaque contents that change when any constituent database changes - contiguously numbered directories with the name "v$maj.$min" starting with "maj" as "3" and "min" as at most "3" - JSON files inside those directories named "main.json" or "community.json"
The [Configure] method must be called before the [UpdaterSet] method.
func NewFactory ¶ added in v1.4.3
NewFactory returns a constructed Factory.
[Configure] must still be called before [UpdaterSet].
func (*Factory) UpdaterSet ¶ added in v1.4.3
UpdaterSet implements driver.UpdaterSetFactory.
type FactoryConfig ¶ added in v1.4.3
type FactoryConfig struct { // URL indicates the base URL for the SecDB layout. It should have a trailing slash. URL string `json:"url" yaml:"url"` }
FactoryConfig is the configuration accepted by the Factory.
By convention, this is keyed by the string "alpine".
type Matcher ¶
type Matcher struct{}
Matcher implements driver.Matcher for Alpine containers.
func (*Matcher) Filter ¶
func (*Matcher) Filter(record *claircore.IndexRecord) bool
Filter implements driver.Matcher.
func (*Matcher) Query ¶
func (*Matcher) Query() []driver.MatchConstraint
Query implements driver.Matcher.
func (*Matcher) Vulnerable ¶
func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)
Vulnerable implements driver.Matcher.
type SecurityDB ¶
type SecurityDB struct { Distroversion string `json:"distroversion"` Reponame string `json:"reponame"` Urlprefix string `json:"urlprefix"` Apkurl string `json:"apkurl"` Packages []Package `json:"packages"` }
SecurityDB is the security database structure.
type UpdaterConfig ¶ added in v0.4.2
type UpdaterConfig struct { // URL overrides any discovered URL for the JSON file. URL string `json:"url" yaml:"url"` }
UpdaterConfig is the configuration accepted by Alpine updaters.
By convention, this should be in a map called "alpine-${REPO}-${RELEASE}-updater". For example, "alpine-main-v3.12-updater".
If a SecDB JSON file is not found at the proper place by Factory.UpdaterSet, this configuration will not be consulted.
Notes ¶
Bugs ¶
The current version omit the VERSION_ID data. Need to investigate why. Probably because it's not in the etc/issue file. VersionID: vid,