trivy

package

v0.0.0-...-c0573c7 Latest Latest Go to latest Published: Jan 20, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sapcc/keppel

Documentation ¶

Index ¶

Constants
Variables
func FixIsReleased(v serialize.DetectedVulnerability) bool
type Config
- func (tc *Config) ScanManifest(ctx context.Context, keppelToken string, manifestRef models.ImageReference, ...) (ReportPayload, error)
- func (tc *Config) ScanManifestAndParse(ctx context.Context, keppelToken string, manifestRef models.ImageReference) (Report, error)
type Metadata
type Report
type ReportPayload

Constants ¶

View Source

const (
	TokenHeader       = "Trivy-Token"
	KeppelTokenHeader = "Keppel-Token"
)

see https://github.com/aquasecurity/trivy/blob/main/pkg/flag/remote_flags.go#L11

Variables ¶

View Source

var MapToTrivySeverity = map[string]models.VulnerabilityStatus{
	"UNKNOWN":  models.UnknownSeverity,
	"LOW":      models.LowSeverity,
	"MEDIUM":   models.MediumSeverity,
	"HIGH":     models.HighSeverity,
	"CRITICAL": models.CriticalSeverity,
}

MapToTrivySeverity maps Trivy severity levels to ours see https://github.com/aquasecurity/trivy/blob/main/pkg/report/table/misconfig.go#L19-L24

Functions ¶

func FixIsReleased ¶

func FixIsReleased(v serialize.DetectedVulnerability) bool

FixIsReleased returns whether v.FixedVersion is non-empty. (This particular method name reads better in some situations than `v.FixedVersion != ""`.)

Types ¶

type Config ¶

type Config struct {
	AdditionalPullableRepos []string
	Token                   string
	URL                     url.URL
}

Config contains credentials for talking to a Trivy server through a trivy-proxy deployment.

func (*Config) ScanManifest ¶

func (tc *Config) ScanManifest(ctx context.Context, keppelToken string, manifestRef models.ImageReference, format string) (ReportPayload, error)

ScanManifest queries the Trivy server for a report on the given manifest.

func (*Config) ScanManifestAndParse ¶

func (tc *Config) ScanManifestAndParse(ctx context.Context, keppelToken string, manifestRef models.ImageReference) (Report, error)

ScanManifest is like ScanManifestAndParse, except that the result is parsed instead of being returned as a bytestring. The report format "json" is implied in order to match the return type.

type Metadata ¶

type Metadata struct {
	Size int64      `json:",omitempty"`
	OS   *ftypes.OS `json:",omitempty"`

	// Container image
	ImageID     string         `json:",omitempty"`
	DiffIDs     []string       `json:",omitempty"`
	RepoTags    []string       `json:",omitempty"`
	RepoDigests []string       `json:",omitempty"`
	ImageConfig map[string]any `json:",omitempty"`
}

Metadata is a generic replacement for type Metadata from github.com/aquasecurity/trivy/pkg/types, see documentation on type Report for details.

type Report ¶

type Report struct {
	SchemaVersion int            `json:",omitempty"`
	CreatedAt     time.Time      `json:",omitempty"`
	ArtifactName  string         `json:",omitempty"`
	ArtifactType  string         `json:",omitempty"` // generic replacement for original type `artifact.Type`
	Metadata      Metadata       `json:",omitempty"` // generic replacement for original type `types.Metadata`
	Results       stypes.Results `json:",omitempty"` // compatible replacement for original type `types.Results`
}

Report is mostly the same type as type Report from github.com/aquasecurity/trivy/pkg/types, but we explicitly copy this type here (and replace some fields with more generic types) to avoid importing a bazillion transitive dependencies.

type ReportPayload ¶

type ReportPayload struct {
	Format   string
	Contents []byte
}

ReportPayload contains a report that was returned by Trivy (and potentially enhanced by Keppel).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL