Documentation
¶
Overview ¶
* © 2023 Snyk Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
Index ¶
Constants ¶
View Source
const ( // KubernetesRestDefaultTimeout is the default timeout for requests made to the Kubernetes Rest API. KubernetesRestDefaultTimeout = 5 * time.Second // HTTPClientDefaultTimeout is the default value for the HTTPClientTimeout setting. HTTPClientDefaultTimeout = 5 * time.Second // SnykAPIDefaultBaseURL is the default endpoint that the scanner will talk to. SnykAPIDefaultBaseURL = "https://api.snyk.io" )
default values for config settings
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Scanning Scan `json:"scanning"`
MetricsAddress string `json:"metricsAddress"`
// MetricsNamespace defines the namespace that will be used for the prometheus metrics.
MetricsNamespace string `json:"metricsNamespace"`
ProbeAddress string `json:"probeAddress"`
// Routes contain configuration resources from which namespaces are routed for which organization
Routes []Route `json:"routes"`
// Egress contains configuration for everything that's related to sending data to Snyk's
// backend.
Egress *Egress `json:"egress"`
// ClusterName should be the "friendly" name of the cluster where the scanner is running in.
// For example, "prod-us" or "dev-eu."
ClusterName string `json:"clusterName"`
Logging Logging `json:"logging"`
Scheme *runtime.Scheme `json:"-"`
RestConfig *rest.Config `json:"-"`
}
func Read ¶
Read reads the config file from the specificied flag "-config" and returns a struct that contains all options, including other flags.
func (*Config) Organizations ¶ added in v0.20.5
Organizations retrieves a list of unique Snyk Organization IDs present in this configuration.
type Egress ¶
type Egress struct {
// HTTPClientTimeout sets the timeout for the HTTP client that is being used for connections to
// the Snyk backend.
HTTPClientTimeout metav1.Duration `json:"httpClientTimeout"`
// SnykAPIBaseURL defines the endpoint where the scanner will send data to.
SnykAPIBaseURL string `json:"snykAPIBaseURL"`
// SnykServiceAccountToken is the token of the Snyk Service Account. Is not read from the config
// file, can only be set through the environment variable.
SnykServiceAccountToken string `json:"-" env:"SNYK_SERVICE_ACCOUNT_TOKEN"`
// Batching contains the settings we use to batch calls to our backend.
Batching Batching `json:"batching"`
}
type GroupVersionKind ¶ added in v0.6.0
type GroupVersionKind struct {
schema.GroupVersionKind
PreferredVersion string
}
type Route ¶ added in v0.16.0
type Route struct {
// OrganizationID is the snyk organization ID where data should be routed to.
OrganizationID string `json:"organizationID"`
// ClusterScopedResources defines if cluster-scoped resources should be sent to the API.
ClusterScopedResources bool `json:"clusterScopedResources"`
// Namespaces from which resources will be sent to the API.
// If empty, namespaced resources will not be sent at all.
// Supports "*" to match all namespaces
Namespaces []string `json:"namespaces"`
}
type Scan ¶
type Scan struct {
Types []ScanType `json:"types"`
// RequeueAfter defines the duration after which an object is requeued when we've visited it.
// Note that due to the event handlers, objects that are being changed will be requeued earlier
// in such cases.
RequeueAfter metav1.Duration `json:"requeueAfter"`
}
type ScanType ¶
type ScanType struct {
// TODO: The "*" group / resource specifier isn't implemented yet (and maybe never will).
APIGroups []string `json:"apiGroups"`
Resources []string `json:"resources"`
// Versions is an optional field to specify which exact versions should be scanned. If unset,
// the scanner will use the API Server's preferred version.
Versions []string `json:"versions"`
// Namespaces allows to restrict scanning to specific namespaces. An empty list means no
// namespaces. Omit to scan resources in all namespaces. Does not affect the scanning of
// cluster-scoped resources.
Namespaces []string `json:"namespaces,omitempty"`
// These are dot-separated address for nested values, in the same format as
// arguments to `kubectl explain`.
// For example, the expr "spec.containers.env" will cause Kubernetes Pod
// container environment variables to be removed. "containers" is an array,
// and each element of this array is removed.
PathsToRemove []string `json:"attributeRemovals"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.