Documentation
¶
Overview ¶
Package config implements parsing of Lava configurations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrInvalidLavaVersion means that the Lava version does not // have a valid format according to the Semantic Versioning // Specification. ErrInvalidLavaVersion = errors.New("invalid Lava version") // ErrNoChecktypeURLs means that no checktypes URLs were // specified. ErrNoChecktypeURLs = errors.New("no checktype catalogs") // ErrNoTargets means that no targets were specified. ErrNoTargets = errors.New("no targets") // ErrNoTargetIdentifier means that the target does not have // an identifier. ErrNoTargetIdentifier = errors.New("no target identifier") // ErrNoTargetAssetType means that the target does not have an // asset type. ErrNoTargetAssetType = errors.New("no target asset type") // ErrInvalidAssetType means that the asset type is invalid. ErrInvalidAssetType = errors.New("invalid asset type") // ErrInvalidSeverity means that the severity is invalid. ErrInvalidSeverity = errors.New("invalid severity") // ErrInvalidOutputFormat means that the output format is // invalid. ErrInvalidOutputFormat = errors.New("invalid output format") )
Functions ¶
This section is empty.
Types ¶
type AgentConfig ¶
type AgentConfig struct {
// PullPolicy is the pull policy passed to vulcan-agent.
PullPolicy agentconfig.PullPolicy `yaml:"pullPolicy"`
// Parallel is the maximum number of checks that can run in
// parallel.
Parallel int `yaml:"parallel"`
// Vars is the environment variables required by the Vulcan
// checktypes.
Vars map[string]string `yaml:"vars"`
// RegistryAuths contains the credentials for a set of
// container registries.
RegistryAuths []RegistryAuth `yaml:"registries"`
}
AgentConfig is the configuration passed to the vulcan-agent.
type Config ¶
type Config struct {
// LavaVersion is the minimum required version of Lava.
LavaVersion string `yaml:"lava"`
// AgentConfig is the configuration of the vulcan-agent.
AgentConfig AgentConfig `yaml:"agent"`
// ReportConfig is the configuration of the report.
ReportConfig ReportConfig `yaml:"report"`
// ChecktypeURLs is a list of URLs pointing to checktype
// catalogs.
ChecktypeURLs []string `yaml:"checktypes"`
// Targets is the list of targets.
Targets []Target `yaml:"targets"`
// LogLevel is the logging level.
LogLevel slog.Level `yaml:"log"`
}
Config represents a Lava configuration.
type Exclusion ¶
type Exclusion struct {
// Target is a regular expression that matches the name of the
// affected target.
Target string `yaml:"target"`
// Resource is a regular expression that matches the name of
// the affected resource.
Resource string `yaml:"resource"`
// Fingerprint defines the context in where the vulnerability
// has been found. It includes the checktype image, the
// affected target, the asset type and the checktype options.
Fingerprint string `yaml:"fingerprint"`
// Summary is a regular expression that matches the summary of
// the vulnerability.
Summary string `yaml:"summary"`
// Description describes the exclusion.
Description string `yaml:"description"`
}
Exclusion represents the criteria to exclude a given finding.
type OutputFormat ¶
type OutputFormat int
OutputFormat is the format of the generated report.
const ( OutputFormatHuman OutputFormat = iota OutputFormatJSON )
Output formats available for the report.
func (*OutputFormat) UnmarshalYAML ¶
func (f *OutputFormat) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML decodes an OutputFormat yaml node containing a string into an OutputFormat value. It returns error if the provided string does not match any known output format.
type RegistryAuth ¶
type RegistryAuth struct {
// Server is the URL of the registry.
Server string `yaml:"server"`
// Username is the username used to log into the registry.
Username string `yaml:"username"`
// Password is the password used to log into the registry.
Password string `yaml:"password"`
}
RegistryAuth contains the credentials for a container registry.
type ReportConfig ¶
type ReportConfig struct {
// Severity is the minimum severity required to report a
// finding.
Severity Severity `yaml:"severity"`
// Format is the output format.
Format OutputFormat `yaml:"format"`
// OutputFile is the path of the output file.
OutputFile string `yaml:"output"`
// Exclusions is a list of findings that will be ignored. For
// instance, accepted risks, false positives, etc.
Exclusions []Exclusion `yaml:"exclusions"`
// Metrics is the file where the metrics will be written.
// If Metrics is an empty string or not specified in the yaml file, then
// the metrics report is not saved.
Metrics string `yaml:"metrics"`
}
ReportConfig is the configuration of the report.
type Severity ¶
type Severity int
Severity is the severity of a given finding.
const ( SeverityCritical Severity = 1 SeverityHigh Severity = 0 SeverityMedium Severity = -1 SeverityLow Severity = -2 SeverityInfo Severity = -3 )
Severity levels.
func (Severity) MarshalText ¶
MarshalText encode a Severity as a text.
type Target ¶
type Target struct {
// Identifier is a string that identifies the target. For
// instance, a path, a URL, a container image, etc.
Identifier string `yaml:"identifier"`
// AssetType is the asset type of the target.
AssetType types.AssetType `yaml:"type"`
// Options is a list of specific options for the target.
Options map[string]any `yaml:"options"`
}
Target represents the target of a scan.
Source Files
Click to show internal directories.
Click to hide internal directories.