Documentation
¶
Overview ¶
Package app provides core application support.
Index ¶
- func SaveSettings(settings *ScansSettings, path string) error
- type Defect
- type GrypeScanner
- type Scan
- type ScanReporter
- func (r ScanReporter) CachePath(filename string) string
- func (r ScanReporter) CacheScan(scan *Scan) error
- func (r ScanReporter) CacheSummary(summary Summary) error
- func (r ScanReporter) Report(scanTools map[string]ScanTool, scans []*Scan, timestamp time.Time) error
- func (r ScanReporter) S3Key(filename string) string
- func (r ScanReporter) UploadScan(scan *Scan) error
- func (r ScanReporter) UploadSummary() error
- type ScanReporterConfig
- type ScanRunner
- type ScanRunnerConfig
- type ScanSettings
- type ScanTool
- type ScansSettings
- type Summary
- type TrivyScanner
- type TrufflehogScanner
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SaveSettings ¶
func SaveSettings(settings *ScansSettings, path string) error
SaveSettings saves ScansSettings to a file.
Types ¶
type Defect ¶ added in v0.71.0
type Defect struct {
ID string `json:"id"`
Severity string `json:"severity"`
FixState string `json:"fix_state"`
}
Defect represents a defect found during a scan.
type GrypeScanner ¶
type GrypeScanner struct {
Settings *ScanSettings
}
GrypeScanner is a struct that represents a grype scanner.
func (GrypeScanner) Scan ¶
func (s GrypeScanner) Scan(target string, settings *ScanSettings) *Scan
Scan scans a target for a type of defect or vulnerability with grype.
func (GrypeScanner) Version ¶
func (s GrypeScanner) Version() string
Version returns the version of the grype scanner application.
type Scan ¶
type Scan struct {
Settings *ScanSettings `json:"settings"`
Target string `json:"target"`
Cmdline string `json:"cmdline"`
DurationSecs float64 `json:"duration_secs"`
Error string `json:"error"`
ExitCode int `json:"exit_code"`
Failed bool `json:"failed"`
NumCritical int `json:"num_critical"`
NumHigh int `json:"num_high"`
NumMedium int `json:"num_medium"`
NumLow int `json:"num_low"`
NumNegligible int `json:"num_negligible"`
NumUnknown int `json:"num_unknown"`
NumTotal int `json:"num_total"`
NumIgnored int `json:"num_ignored"`
S3URL string `json:"s3_url"`
// contains filtered or unexported fields
}
Scan represents the results of a scan.
type ScanReporter ¶
type ScanReporter struct {
// contains filtered or unexported fields
}
ScanReporter reports the results of scans.
func NewScanReporter ¶
func NewScanReporter(config ScanReporterConfig) *ScanReporter
NewScanReporter creates a new configured ScanReporter.
func (ScanReporter) CachePath ¶
func (r ScanReporter) CachePath(filename string) string
func (ScanReporter) CacheScan ¶
func (r ScanReporter) CacheScan(scan *Scan) error
CacheScan caches the scan output to a local file.
func (ScanReporter) CacheSummary ¶
func (r ScanReporter) CacheSummary(summary Summary) error
CacheSummary caches the scan summary to a local file.
func (ScanReporter) Report ¶
func (r ScanReporter) Report(scanTools map[string]ScanTool, scans []*Scan, timestamp time.Time) error
Report reports the results of scans.
func (ScanReporter) S3Key ¶
func (r ScanReporter) S3Key(filename string) string
S3Key returns the S3 key for the scan cache file.
func (ScanReporter) UploadScan ¶
func (r ScanReporter) UploadScan(scan *Scan) error
UploadScan uploads the scan cache file to S3.
func (ScanReporter) UploadSummary ¶
func (r ScanReporter) UploadSummary() error
UploadSummary uploads the scan summary cache file to S3.
type ScanReporterConfig ¶
type ScanReporterConfig struct {
Verbose bool `json:"verbose"`
RepoID string `json:"repo_id"`
BuildID string `json:"build_id"`
CacheDir string `json:"cache_dir"`
S3Bucket string `json:"s3_bucket"`
S3KeyPrefix string `json:"s3_key_prefix"`
}
ScanReporterConfig represents the configuration for a ScanReporter.
type ScanRunner ¶
type ScanRunner struct {
// contains filtered or unexported fields
}
ScanRunner runs scans.
func NewScanRunner ¶
func NewScanRunner(cfg ScanRunnerConfig) *ScanRunner
NewScanRunner creates a new configured ScanRunner.
func (ScanRunner) Scan ¶
func (r ScanRunner) Scan(image string) []*Scan
Scan runs the scans and returns their results.
func (ScanRunner) Tools ¶ added in v0.76.0
func (r ScanRunner) Tools() map[string]ScanTool
Tools returns the enabled scan tools used by the runner.
type ScanRunnerConfig ¶
type ScanRunnerConfig struct {
DryRun bool
Verbose bool
PipelineMode bool
Settings *ScansSettings
}
ScanRunnerConfig represents the configuration for a ScanRunner.
type ScanSettings ¶
type ScanSettings struct {
ScanTool string `json:"scan_tool"`
ScanType string `json:"scan_type"`
Disabled bool `json:"disabled"`
// contains filtered or unexported fields
}
ScanSettings represents the settings for a specific scan, some of which are not persisted to disk in JSON format, but are set at runtime from the command line options.
func (ScanSettings) IsIgnoredFixState ¶ added in v0.66.0
func (s ScanSettings) IsIgnoredFixState(state string) bool
IsIgnoredFixState tests if the fix state is ignored in settings.
func (ScanSettings) IsIgnoredID ¶
func (s ScanSettings) IsIgnoredID(id string) bool
IsIgnoredID tests if the CVE ID is ignored in settings.
type ScanTool ¶
type ScanTool interface {
// Scan scans a target for a type of defect or vulnerability.
Scan(target string, settings *ScanSettings) *Scan
// Version returns the version of the scanner application.
Version() string
}
ScanTool defines behaviors for a scanner application used to scan a target for a type of defect or vulnerability.
type ScansSettings ¶
type ScansSettings struct {
AppVersion string `json:"app_version"`
Disabled bool `json:"disabled"`
Severity string `json:"severity"`
IgnoreFailures bool `json:"ignore_failures"`
IgnoreIDs []string `json:"ignore_ids"`
IgnoreFixStates []string `json:"ignore_fix_states"`
ScansSettings []*ScanSettings `json:"scan_settings"`
// contains filtered or unexported fields
}
ScansSettings represents the initial version of application scan settings. Some fields are not persisted to disk in JSON format, but are set at runtime from the command line options or their corresponding environment variables.
func LoadSettings ¶
func LoadSettings(path string) (*ScansSettings, error)
LoadSettings loads ScansSettings from a file.
func NewScansSettings ¶
func NewScansSettings(appVersion, severity string, ignoreFailures bool, ignoreIDs, ignoreStates []string) *ScansSettings
NewScansSettings creates a new ScansSettings object.
func (ScansSettings) FindScanSetting ¶
func (s ScansSettings) FindScanSetting(scanTool, scanType string) *ScanSettings
FindScanSetting finds a specific scan setting by scan tool and scan type.
func (ScansSettings) ToJSON ¶
func (s ScansSettings) ToJSON() (string, error)
ToJSON returns the JSON representation of a ScansSettings object.
type Summary ¶
type Summary struct {
Version string `json:"version"`
Hostname string `json:"hostname"`
Username string `json:"username"`
Timestamp string `json:"timestamp"`
DurationSecs float64 `json:"duration_secs"`
ToolVersions map[string]string `json:"tool_versions"`
Scans []*Scan `json:"scans"`
}
Summary represents the report summarizing the results of scans.
type TrivyScanner ¶
type TrivyScanner struct {
Settings *ScanSettings
}
TrivyScanner is a struct that represents a trivy scanner.
func (TrivyScanner) Scan ¶
func (s TrivyScanner) Scan(target string, settings *ScanSettings) *Scan
Scan scans a target for a type of defect or vulnerability with trivy.
func (TrivyScanner) Version ¶
func (s TrivyScanner) Version() string
Version returns the version of the trivy scanner application.
type TrufflehogScanner ¶
type TrufflehogScanner struct {
Settings *ScanSettings
}
TrufflehogScanner is a struct that represents a trufflehog scanner.
func (TrufflehogScanner) Scan ¶
func (s TrufflehogScanner) Scan(target string, settings *ScanSettings) *Scan
Scan scans a target for a type of defect or vulnerability with trufflehog.
func (TrufflehogScanner) Version ¶
func (s TrufflehogScanner) Version() string
Version returns the version of the trufflehog scanner application.
Source Files