Documentation
¶
Overview ¶
Package rhcc implements an ecosystem for the Red Hat Container Catalog.
This ecosystem treats an entire container as a package and matches advisories against it.
Index ¶
Constants ¶
const DefaultName2ReposMappingURL = "https://security.access.redhat.com/data/metrics/container-name-repos-map.json"
DefaultName2ReposMappingURL is the default URL with a mapping file provided by Red Hat.
Variables ¶
var GoldRepo = claircore.Repository{
Name: "Red Hat Container Catalog",
URI: `https://catalog.redhat.com/software/containers/explore`,
}
GoldRepo is the claircore.Repository that every RHCC index record is associated with. It is also the claircore.Repository that is associated with OCI VEX vulnerabilities.
var Matcher driver.Matcher = &matcher{}
Matcher is an instance of the rhcc matcher. It's exported so it can be used in the "defaults" package.
This instance is safe for concurrent use.
Functions ¶
Types ¶
type ScannerConfig ¶
type ScannerConfig struct {
// Name2ReposMappingURL is a URL where a mapping file can be fetched.
//
// See also [DefaultName2ReposMappingURL]
Name2ReposMappingURL string `json:"name2repos_mapping_url" yaml:"name2repos_mapping_url"`
// Name2ReposMappingFile is a path to a local mapping file.
Name2ReposMappingFile string `json:"name2repos_mapping_file" yaml:"name2repos_mapping_file"`
// Timeout is a timeout for all network calls made to update the mapping
// file.
//
// The default is 10 seconds.
Timeout time.Duration `json:"timeout" yaml:"timeout"`
}
ScannerConfig is the configuration for the package scanner.
The interaction between the "URL" and "File" members is the same as described in the github.com/quay/claircore/rhel.RepositoryScannerConfig documentation.
By convention, it's in a "rhel_containerscanner" key.
Source Files