securityscanutils

package
v1.16.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2023 License: Apache-2.0 Imports: 4 Imported by: 0

README

Trivy Security Scanning

Trivy is a security scanning tool which we use to scan our images for vulnerabilities.

Scanning Images Locally

Scan a single image

You can run a trivy scan identical to CI on your own command line by installing Trivy and running

trivy image --severity HIGH,CRITICAL quay.io/solo-io/<IMAGE>:<VERSION>

Scan a single version

You can scan all Gloo Edge images for a specific version by running

VERSION=<VERSION> make scan-version

Generating Scan Result Documentation Locally

Scan open source images

Using our scanner, we can run scans against groups of images. To filter which version to scan, we use:

VERSION_CONSTRAINT=">v1.8.0, <v1.9.0" go run generate_docs.go run-security-scan -r gloo

Scanning enterprise images

If you want to run the enterprise security scanning locally, make sure to have your GITHUB_TOKEN environment variable set and run the command with -r set to the enterprise repository:

VERSION_CONSTRAINT=">v1.8.0, <v1.9.0" go run generate_docs.go run-security-scan -r glooe

Outputs

The outputs of a trivy scan are the following: _output/scans/gloo/markdown_results - a folder which has scans for each image of each version of gloo that was scanned. The scan results are in markdown format and are uploaded to a google cloud bucket, which we later pull from during docs generation (which happens on merges to main), to generate a human-readable markdown security scans document, which we display in our docs.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildSecurityScanReportGloo added in v1.7.0

func BuildSecurityScanReportGloo(tags []string) error

func BuildSecurityScanReportGlooE added in v1.7.0

func BuildSecurityScanReportGlooE(tags []string) error

func EnterpriseImages added in v1.9.0

func EnterpriseImages(semver *version.Version) []string

List of images only included in gloo edge enterprise In 1.7, we replaced the grpcserver images with gloo-fed images.

func GetSecurityScanReport

func GetSecurityScanReport(url string) (string, error)

func OpenSourceImages added in v1.9.0

func OpenSourceImages(semver *version.Version) []string

List of images included in gloo edge open source version 1.<version>.x

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL