securityscanutils

package
v1.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 27, 2021 License: Apache-2.0 Imports: 4 Imported by: 0

README

Trivy Security Scanning

Trivy is a security scanning tool which we use to scan our images for vulnerabilities. You can run a trivy scan identical to CI on your own command line by installing trivy and running

trivy image --severity HIGH,CRITICAL quay.io/solo-io/<IMAGE>:<VERSION>

In CI, we do this for all versions above a certain version, specified by the MIN_SCANNED_VERSION environment variable. To run our trivy scan utils locally, make sure the _output dir exists and run

IMAGE_REPO=quay.io/solo-io SCAN_DIR=_output/scans MIN_SCANNED_VERSION="v1.6.0" go run generate_docs.go run-security-scan -r gloo 

If you want to run the enterprise security scanning locally, make sure to have your GITHUB_TOKEN environment variable set and run

IMAGE_REPO=quay.io/solo-io SCAN_DIR=_output/scans MIN_SCANNED_VERSION="v1.6.0" go run generate_docs.go run-security-scan -r glooe 

Outputs

The outputs of a trivy scan are the following: _output/scans/gloo/markdown_results - a folder which has scans for each image of each version of gloo that was scanned. The scan results are in markdown format and are uploaded to a google cloud bucket, which we later pull from during docs generation (which happens on merges to master), to generate a human-readable markdown security scans document, which we display in our docs.

_output/scans/gloo/sarif_results - a folder which has .sarif files containing scan results for each image of each version of gloo that was scanned. These .sarif files are then uploaded to github, and the scan results can be seen on the security tab of the gloo repo.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildSecurityScanReportGloo added in v1.7.0

func BuildSecurityScanReportGloo(tags []string) error

func BuildSecurityScanReportGlooE added in v1.7.0

func BuildSecurityScanReportGlooE(tags []string) error

func EnterpriseImages added in v1.9.0

func EnterpriseImages(before17 bool) []string

List of images only included in gloo edge enterprise In 1.7, we replaced the grpcserver images with gloo-fed images. For images before 1.7, set before17 to true.

func GetSecurityScanReport

func GetSecurityScanReport(url string) (string, error)

func OpenSourceImages added in v1.9.0

func OpenSourceImages() []string

List of images included in gloo edge open source

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL