Documentation
¶
Index ¶
- func IsConfigPresent(resources []ResourceConfig, resourceConfig ResourceConfig) bool
- type ACRAdditionalData
- type ACRCicdData
- type ACRCve
- type ACRCvss
- type ACRCvssBase
- type ACRResourceDetails
- type ACRResponse
- type ACRStatus
- type ACRVendorInfo
- type ACRVulnerabilityConfig
- type AllResourceConfigs
- type CVSS
- type ContainerDetails
- type ResourceConfig
- type SkipRule
- type VendorCVSS
- type Vulnerability
- func (v *Vulnerability) PrepareFromACRImageScan(acrResponse ACRResponse)
- func (v *Vulnerability) PrepareFromECRImageScan(imageScanFinding *ecr.ImageScanFinding)
- func (v *Vulnerability) PrepareFromGCRImageScan(gcpVulnerability *grafeaspb.Occurrence)
- func (v *Vulnerability) PrepareFromHarborImageScan(vulnerability map[string]interface{})
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsConfigPresent ¶
func IsConfigPresent(resources []ResourceConfig, resourceConfig ResourceConfig) bool
IsConfigPresent checks whether a resource is already present in the list of configs or not. The equality of a resource is based on name, source and config of the resource.
Types ¶
type ACRAdditionalData ¶
type ACRAdditionalData struct {
AssessedResourceType string `json:"assessedResourceType"`
Type string `json:"type"`
VendorReferences []ACRVendorInfo `json:"vendorReferences"`
PublishedTime time.Time `json:"publishedTime"`
Patchable bool `json:"patchable"`
Cvss ACRCvss `json:"cvss"`
RepositoryName string `json:"repositoryName"`
Cve []ACRCve `json:"cve"`
RegistryHost string `json:"registryHost"`
ImageDigest string `json:"imageDigest"`
CicdData ACRCicdData `json:"cicdData"`
}
ACRAdditionalData holds ACR vulnerability's additional data
type ACRCicdData ¶
type ACRCicdData struct {
Status string `json:"status"`
}
ACRCicdData holds information about the cicd job completion
type ACRCvss ¶
type ACRCvss struct {
V2 ACRCvssBase `json:"2.0"`
V3 ACRCvssBase `json:"3.0"`
}
ACRCvss holds cvss score details in v2 and v3 vector
type ACRCvssBase ¶
type ACRCvssBase struct {
Base float64 `json:"base"`
}
ACRCvssBase base holds the actual cvss score of vulnerability eg. "base": 7.8
type ACRResourceDetails ¶
ACRResourceDetails holds ACR vulnerability resource details
type ACRResponse ¶
type ACRResponse struct {
Properties ACRVulnerabilityConfig `json:"properties"`
}
ACRResponse holds response from ACR api call
type ACRVendorInfo ¶
ACRVendorInfo holds vendor information
type ACRVulnerabilityConfig ¶
type ACRVulnerabilityConfig struct {
Description string `json:"description"`
DisplayName string `json:"displayName"`
ResourceDetails ACRResourceDetails `json:"resourceDetails"`
Status ACRStatus `json:"status"`
AdditionalData ACRAdditionalData `json:"additionalData"`
TimeGenerated time.Time `json:"timeGenerated"`
Remediation string `json:"remediation"`
ID string `json:"id"`
Category string `json:"category"`
Impact string `json:"impact"`
}
ACRVulnerabilityConfig holds ACR api vulnerability information
type AllResourceConfigs ¶
type AllResourceConfigs map[string][]ResourceConfig
AllResourceConfigs is a list/slice of resource configs present in IaC
func (AllResourceConfigs) FindAllResourcesByID ¶
func (a AllResourceConfigs) FindAllResourcesByID(resourceID string) ([]*ResourceConfig, error)
FindAllResourcesByID Finds all resources within the resource map
func (AllResourceConfigs) GetResourceCount ¶
func (a AllResourceConfigs) GetResourceCount() (count int)
GetResourceCount gives out the total number of resources present in a output.ResourceConfig object. Since the ResourceConfig mapping stores resources in lists which can be located resourceMapping[Type], `len(resourceMapping)` does not give the count of the resources but only gives out the total number of the type of resources inside the object.
func (AllResourceConfigs) UpdateResourceConfigs ¶
func (a AllResourceConfigs) UpdateResourceConfigs(resourceType string, resources []ResourceConfig)
UpdateResourceConfigs adds a resource of given type if it is not present in allResources
type CVSS ¶
type CVSS struct {
V2Vector string `json:"v2_vector,omitempty"`
V3Vector string `json:"v3_vector,omitempty"`
V2Score float64 `json:"v2_score,omitempty"`
V3Score float64 `json:"v3_score,omitempty"`
}
CVSS holds score and vector details
func (*CVSS) PrepareFromECRImageScanAttribute ¶
PrepareFromECRImageScanAttribute prepares cvss object from ECR image scan attribute
func (*CVSS) PrepareFromHarborImageScanAttribute ¶
PrepareFromHarborImageScanAttribute prepares cvss object from harbor image scan attribute
type ContainerDetails ¶
type ContainerDetails struct {
Name string `json:"name"`
Image string `json:"image"`
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}
ContainerDetails holds information about container name, image and vulnerabilities
type ResourceConfig ¶
type ResourceConfig struct {
ID string `json:"id"`
Name string `json:"name"`
ModuleName string `json:"module_name,omitempty" yaml:"module_name,omitempty"`
Source string `json:"source"`
PlanRoot string `json:"plan_root,omitempty" yaml:"plan_root,omitempty" `
Line int `json:"line"`
Type string `json:"type"`
Config interface{} `json:"config"`
LineConfig interface{} `json:"line_config,omitempty" yaml:"line_config,omitempty"`
// SkipRules will hold the rules to be skipped for the resource.
// Each iac provider should append the rules to be skipped for a resource,
// while extracting resource from the iac files
SkipRules []SkipRule `json:"skip_rules" yaml:"skip_rules"`
MaxSeverity string `json:"max_severity"`
MinSeverity string `json:"min_severity"`
ContainerImages []ContainerDetails `json:"container_images,omitempty"`
InitContainerImages []ContainerDetails `json:"init_container_images,omitempty"`
IsRemoteModule *bool `json:"is_remote_module,omitempty"`
TerraformVersion string `json:"terraform_version,omitempty"`
ProviderVersion string `json:"provider_version,omitempty"`
}
ResourceConfig describes a resource present in IaC
type VendorCVSS ¶
VendorCVSS holds cvss scoring vector for different vendors
type Vulnerability ¶
type Vulnerability struct {
Target string `json:"target"`
Type string `json:"type,omitempty"`
VulnerabilityID string `json:"vulnerability_id,omitempty"`
PkgName string `json:"pkg_name,omitempty"`
InstalledVersion string `json:"installed_version,omitempty"`
FixedVersion string `json:"fixed_version,omitempty"`
SeveritySource string `json:"severity_source,omitempty"`
PrimaryURL string `json:"primary_url,omitempty"`
Title string `json:"title,omitempty"`
Description string `json:"description,omitempty"`
Severity string `json:"severity,omitempty"`
CweIDs []string `json:"cwe_ids,omitempty"`
CVSS VendorCVSS `json:"cvss,omitempty"`
References []string `json:"references,omitempty"`
PublishedDate *time.Time `json:"published_date,omitempty"`
LastModifiedDate *time.Time `json:"lastModified_date,omitempty"`
}
Vulnerability holds vulnerability details of image
func (*Vulnerability) PrepareFromACRImageScan ¶
func (v *Vulnerability) PrepareFromACRImageScan(acrResponse ACRResponse)
PrepareFromACRImageScan - prepares vulnerability object from ACR image scan findings
func (*Vulnerability) PrepareFromECRImageScan ¶
func (v *Vulnerability) PrepareFromECRImageScan(imageScanFinding *ecr.ImageScanFinding)
PrepareFromECRImageScan prepares vulnerability object from ECR image scan findings
func (*Vulnerability) PrepareFromGCRImageScan ¶
func (v *Vulnerability) PrepareFromGCRImageScan(gcpVulnerability *grafeaspb.Occurrence)
PrepareFromGCRImageScan - prepares vulnerability object from GCP image scan findings
func (*Vulnerability) PrepareFromHarborImageScan ¶
func (v *Vulnerability) PrepareFromHarborImageScan(vulnerability map[string]interface{})
PrepareFromHarborImageScan - prepares vulnerability object from Harbor image scan findings
Source Files