v1alpha1

package
v0.6.35 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 19, 2024 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the system v1alpha1 API group FIXME: https://github.com/kubernetes/code-generator/issues/150 This was the only setup I could make work. Somehow the file location matters. +groupName=stas.statnett.no

Package v1alpha1 contains API Schema definitions for the stas v1alpha1 API group +kubebuilder:object:generate=true

Index

Constants

View Source
const (
	ReasonVulnerabilityOverflow        = "VulnerabilityOverflow"
	ReasonScanReportDecodeError        = "ScanReportDecodeError"
	WorkloadAnnotationKeyIgnoreUnfixed = "image-scanner.statnett.no/ignore-unfixed"
)
View Source
const (
	LabelK8sAppName                  = "app.kubernetes.io/name"
	LabelK8SAppManagedBy             = "app.kubernetes.io/managed-by"
	LabelStatnettControllerNamespace = "controller.statnett.no/namespace"
	LabelStatnettControllerUID       = "controller.statnett.no/uid"
	LabelStatnettWorkloadKind        = "workload.statnett.no/kind"
	LabelStatnettWorkloadName        = "workload.statnett.no/name"
	LabelStatnettWorkloadNamespace   = "workload.statnett.no/namespace"

	AppNameImageScanner = "image-scanner"
	AppNameTrivy        = "trivy"
)
View Source
const (
	MinSeverity = SeverityUnknown
	MaxSeverity = SeverityCritical
)

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: "stas.statnett.no", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var (
	SeverityNames = []string{
		"UNKNOWN",
		"LOW",
		"MEDIUM",
		"HIGH",
		"CRITICAL",
	}
)

Functions

func CompareSeverityString

func CompareSeverityString(sev1, sev2 string) int

Types

type BySeverity

type BySeverity []Vulnerability

BySeverity implements sort.Interface based on the Severity field.

func (BySeverity) DeepCopy

func (in BySeverity) DeepCopy() BySeverity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BySeverity.

func (BySeverity) DeepCopyInto

func (in BySeverity) DeepCopyInto(out *BySeverity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (BySeverity) Len

func (v BySeverity) Len() int

Len returns the length of DetectedVulnerabilities.

func (BySeverity) Less

func (v BySeverity) Less(i, j int) bool

Less compares 2 DetectedVulnerabilities based on severity, package name, installed version and vulnerabilityID.

func (BySeverity) Swap

func (v BySeverity) Swap(i, j int)

Swap swaps 2 vulnerability.

type ContainerImageScan

type ContainerImageScan struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ContainerImageScanSpec   `json:"spec,omitempty"`
	Status ContainerImageScanStatus `json:"status,omitempty"`
}

ContainerImageScan is the Schema for the containerImageScans API.

func (*ContainerImageScan) DeepCopy

func (in *ContainerImageScan) DeepCopy() *ContainerImageScan

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImageScan.

func (*ContainerImageScan) DeepCopyInto

func (in *ContainerImageScan) DeepCopyInto(out *ContainerImageScan)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ContainerImageScan) DeepCopyObject

func (in *ContainerImageScan) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (ContainerImageScan) HasVulnerabilityOverflow

func (cis ContainerImageScan) HasVulnerabilityOverflow() bool

type ContainerImageScanList

type ContainerImageScanList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ContainerImageScan `json:"items"`
}

ContainerImageScanList contains a list of ContainerImageScan.

func (*ContainerImageScanList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImageScanList.

func (*ContainerImageScanList) DeepCopyInto

func (in *ContainerImageScanList) DeepCopyInto(out *ContainerImageScanList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ContainerImageScanList) DeepCopyObject

func (in *ContainerImageScanList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ContainerImageScanSpec

type ContainerImageScanSpec struct {
	ImageScanSpec `json:",inline"`
	Tag           string   `json:"tag,omitempty"`
	Workload      Workload `json:"workload"`
}

ContainerImageScanSpec contains a resolved container image in use by owning workload.

func (*ContainerImageScanSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImageScanSpec.

func (*ContainerImageScanSpec) DeepCopyInto

func (in *ContainerImageScanSpec) DeepCopyInto(out *ContainerImageScanSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ContainerImageScanStatus

type ContainerImageScanStatus struct {
	// ObservedGeneration is the generation observed by the image scanner operator.
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// LastScanJobUID is the UID of the scan job that last updated the status.
	LastScanJobUID types.UID `json:"lastScanJobUID,omitempty"`
	// LastScanTime is the timestamp for the last attempt to scan the image.
	LastScanTime *metav1.Time `json:"lastScanTime,omitempty"`
	// LastSuccessfulScanTime is the timestamp for the last successful scan of the image.
	LastSuccessfulScanTime *metav1.Time `json:"lastSuccessfulScanTime,omitempty"`
	// Conditions represent the latest available observations of an object's state.
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// Vulnerabilities contains the image scan result.
	// NOTE: This is currently in an experimental state, and is subject to breaking changes.
	// +listType=atomic
	Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"`

	// VulnerabilitySummary is a summary of detected vulnerabilities.
	VulnerabilitySummary *VulnerabilitySummary `json:"vulnerabilitySummary,omitempty"`
}

ContainerImageScanStatus defines the observed state of ContainerImageScan.

func (*ContainerImageScanStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerImageScanStatus.

func (*ContainerImageScanStatus) DeepCopyInto

func (in *ContainerImageScanStatus) DeepCopyInto(out *ContainerImageScanStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Image

type Image struct {
	Name   string        `json:"name"`
	Digest digest.Digest `json:"digest"`
}

func (*Image) Canonical

func (in *Image) Canonical() (reference.Canonical, error)

func (*Image) DeepCopy

func (in *Image) DeepCopy() *Image

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Image.

func (*Image) DeepCopyInto

func (in *Image) DeepCopyInto(out *Image)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImageScanSpec

type ImageScanSpec struct {
	Image      `json:",inline"`
	ScanConfig `json:",inline"`
}

ImageScanSpec represents the specification for the container image scan.

func (*ImageScanSpec) DeepCopy

func (in *ImageScanSpec) DeepCopy() *ImageScanSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageScanSpec.

func (*ImageScanSpec) DeepCopyInto

func (in *ImageScanSpec) DeepCopyInto(out *ImageScanSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ScanConfig

type ScanConfig struct {
	// MinSeverity sets the minimum vulnerability severity included when scanning the image.
	//+kubebuilder:validation:Enum={UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL}
	MinSeverity *string `json:"minSeverity,omitempty"`
	// IgnoreUnfixed set to true will report only fixed vulnerabilities when scanning the image.
	IgnoreUnfixed *bool `json:"ignoreUnfixed,omitempty"`
}

func (*ScanConfig) DeepCopy

func (in *ScanConfig) DeepCopy() *ScanConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScanConfig.

func (*ScanConfig) DeepCopyInto

func (in *ScanConfig) DeepCopyInto(out *ScanConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Severity

type Severity int
const (
	SeverityUnknown Severity = iota
	SeverityLow
	SeverityMedium
	SeverityHigh
	SeverityCritical
)

func NewSeverity

func NewSeverity(severity string) (Severity, error)

func (Severity) String

func (s Severity) String() string

type Vulnerability

type Vulnerability struct {
	VulnerabilityID  string `json:"vulnerabilityID"`
	PkgName          string `json:"pkgName"`
	InstalledVersion string `json:"installedVersion"`
	Severity         string `json:"severity"`

	PkgPath      string `json:"pkgPath,omitempty"`
	FixedVersion string `json:"fixedVersion,omitempty"`
	Title        string `json:"title,omitempty"`
	PrimaryURL   string `json:"primaryURL,omitempty"`
}

Vulnerability contains details for a detected vulnerability.

func (*Vulnerability) DeepCopy

func (in *Vulnerability) DeepCopy() *Vulnerability

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Vulnerability.

func (*Vulnerability) DeepCopyInto

func (in *Vulnerability) DeepCopyInto(out *Vulnerability)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VulnerabilitySummary

type VulnerabilitySummary struct {
	// VulnerabilitySummary is a summary of vulnerability counts grouped by Severity.
	// +mapType=atomic
	SeverityCount map[string]int32 `json:"severityCount,omitempty"`
	// FixedCount is the total number of fixed vulnerabilities where a patch is available.
	FixedCount int32 `json:"fixedCount"`
	// UnfixedCount is the total number of vulnerabilities where no patch is yet available.
	UnfixedCount int32 `json:"unfixedCount"`
}

func (*VulnerabilitySummary) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VulnerabilitySummary.

func (*VulnerabilitySummary) DeepCopyInto

func (in *VulnerabilitySummary) DeepCopyInto(out *VulnerabilitySummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VulnerabilitySummary) GetSeverityCount

func (vs *VulnerabilitySummary) GetSeverityCount() map[string]int32

type Workload

type Workload struct {
	Group         string `json:"group"`
	Kind          string `json:"kind"`
	Name          string `json:"name"`
	ContainerName string `json:"containerName"`
}

func (*Workload) DeepCopy

func (in *Workload) DeepCopy() *Workload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workload.

func (*Workload) DeepCopyInto

func (in *Workload) DeepCopyInto(out *Workload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL