Documentation
¶
Index ¶
- Constants
- func GetDomain(image string) string
- func GetRepository(image string) (repository string)
- func RegisterContainerRegistry(registryType string, registry ContainerRegistry)
- type ACR
- type ContainerRegistry
- type ECR
- func (e *ECR) GetImageScanResult(ctx context.Context, client *ecr.ECR, image string, imageDetails ImageDetails) (*ecr.DescribeImageScanFindingsOutput, error)
- func (e *ECR) ScanImage(ctx context.Context, image string) (*ecr.DescribeImageScanFindingsOutput, error)
- func (e *ECR) StartImageScan(ctx context.Context, client *ecr.ECR, image string, imageDetails ImageDetails) error
- type Engine
- type EngineInput
- type EngineOutput
- type GCR
- type Harbor
- type ImageDetails
- type ServerCaller
- type VulEngine
Constants ¶
const (
//VulnerabilityCVSSSource hold type of cvss source
VulnerabilityCVSSSource = "nvd"
)
Variables ¶
This section is empty.
Functions ¶
func GetRepository ¶
GetRepository finds repository from image name
func RegisterContainerRegistry ¶
func RegisterContainerRegistry(registryType string, registry ContainerRegistry)
RegisterContainerRegistry register the container registry for vulnerability scanning
Types ¶
type ContainerRegistry ¶
type ContainerRegistry interface {
// contains filtered or unexported methods
}
ContainerRegistry vulnerability Container Registry
type ECR ¶
type ECR struct {
// contains filtered or unexported fields
}
ECR ecr container registry
func (*ECR) GetImageScanResult ¶
func (e *ECR) GetImageScanResult(ctx context.Context, client *ecr.ECR, image string, imageDetails ImageDetails) (*ecr.DescribeImageScanFindingsOutput, error)
GetImageScanResult get the scan result from ECR
func (*ECR) ScanImage ¶
func (e *ECR) ScanImage(ctx context.Context, image string) (*ecr.DescribeImageScanFindingsOutput, error)
ScanImage calles aws ecr api to get image scan details
func (*ECR) StartImageScan ¶
func (e *ECR) StartImageScan(ctx context.Context, client *ecr.ECR, image string, imageDetails ImageDetails) error
StartImageScan starts the scan of provided image
type Engine ¶
type Engine interface {
FetchVulnerabilities(output.AllResourceConfigs, map[string]interface{}) output.AllResourceConfigs
ReportVulnerability(EngineInput, map[string]interface{}) EngineOutput
}
Engine engine that holds methods for vulnerability operation
type EngineInput ¶
type EngineInput struct {
InputData *output.AllResourceConfigs
}
EngineInput holds input for vulnerability engine
type EngineOutput ¶
type EngineOutput struct {
XMLName xml.Name `json:"-" yaml:"-" xml:"results"`
*results.ViolationStore `json:"results" yaml:"results" xml:"results"`
}
EngineOutput Contains data output from the engine
type Harbor ¶
type Harbor struct {
// contains filtered or unexported fields
}
Harbor Harbor container registry
type ImageDetails ¶
type ImageDetails struct {
Tag string `json:"tag"`
Digest string `json:"digest"`
Name string `json:"name"`
Repository string `json:"repository"`
Registry string `json:"registry"`
}
ImageDetails will hold details about the image being scanned for vulnerabilities.
func GetImageDetails ¶
func GetImageDetails(image string, imageDetails ImageDetails) ImageDetails
GetImageDetails finds image component from image name
type ServerCaller ¶
ServerCaller interface with client methods
type VulEngine ¶
type VulEngine struct {
// contains filtered or unexported fields
}
VulEngine Implements the vulnerability engine interface
func NewVulEngine ¶
NewVulEngine returns a new vulnerability engine
func (*VulEngine) FetchVulnerabilities ¶
func (v *VulEngine) FetchVulnerabilities(resourceConfigs output.AllResourceConfigs, options map[string]interface{}) output.AllResourceConfigs
FetchVulnerabilities fetch vulnerabilities for images found in IaC files
func (*VulEngine) ReportVulnerability ¶
func (v *VulEngine) ReportVulnerability(engineInput EngineInput, options map[string]interface{}) EngineOutput
ReportVulnerability Add a vulnerability for a given resource in scan summary
Source Files