Documentation
¶
Index ¶
- func ExtractGvrAndInstanceName(log logr.Logger, obj map[string]interface{}) (string, string, error)
- func Parse(log logr.Logger, fcont []byte) ([]*zorav1a1.ClusterIssueSpec, error)
- func PreprocessResources(r *PostureReport) (map[string]map[string]interface{}, error)
- func ScoreFactorSeverity(s float32) zorav1a1.ClusterIssueSeverity
- type ControlSummary
- type PostureReport
- type Resource
- type ResourceAssociatedControl
- type ResourceAssociatedRule
- type Result
- type ScanningStatus
- type SummaryDetails
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractGvrAndInstanceName ¶
ExtractGvrAndInstanceName returns the GVR and the instance namespaced name from a Kubescape <object> record. The record may lack some of the GVR fields, in such a case, it'll return only the ones present. For <object> records which have the <relatedObjects> field populated, data from the first element of the later will be returned instead.
This function uses the lowercased instance kind as k8s resource, given that Kubescape's <object> record doesn't store the resource type of the scanned components.
func Parse ¶
Parse transforms a Kubescape report into a slice of <ClusterIssueSpec>. This function is called by the <report> package when a Kubescape plugin is used.
func PreprocessResources ¶
func PreprocessResources(r *PostureReport) (map[string]map[string]interface{}, error)
PreprocessResources transforms a Kubescape report resource list into a map of type:
<resource_id>: <resource_object>
This is useful to prevent quadratic loops when iterating over results.
func ScoreFactorSeverity ¶
func ScoreFactorSeverity(s float32) zorav1a1.ClusterIssueSeverity
ScoreFactorSeverity converts a Kubescape Control <ScoreFactor> to Zora's <ClusterIssueSeverity>.
Types ¶
type ControlSummary ¶
type ControlSummary struct {
ScoreFactor float32 `json:"scoreFactor"`
}
ControlSummary contains the scan Control with the scorefactor.
type PostureReport ¶
type PostureReport struct {
SummaryDetails SummaryDetails `json:"summaryDetails,omitempty"`
Results []Result `json:"results,omitempty"`
Resources []Resource `json:"resources,omitempty"`
}
PostureReport represents a Kubescape scan result.
type Resource ¶
type Resource struct {
ResourceID string `json:"resourceID"`
Object interface{} `json:"object"`
}
Resource stores a Kubernetes resourcs and a full copy of it in Json. The resource is formatted as:
<api_group_version>/<namespace>/<kind>/<name>
type ResourceAssociatedControl ¶
type ResourceAssociatedControl struct {
ControlID string `json:"controlID"`
Name string `json:"name"`
ResourceAssociatedRules []ResourceAssociatedRule `json:"rules,omitempty"`
}
ResourceAssociatedControl holds the Control that is associated to a Kubernetes resource.
type ResourceAssociatedRule ¶
type ResourceAssociatedRule struct {
Status ScanningStatus `json:"status"`
}
ResourceAssociatedRule holds the REGO rule associated status.
type Result ¶
type Result struct {
ResourceID string `json:"resourceID"`
AssociatedControls []ResourceAssociatedControl `json:"controls,omitempty"`
}
Result holds a Kubernetes resource from scan results with the Controls that where tested against it. The resource is formatted as:
<api_group_version>/<namespace>/<kind>/<name>
type ScanningStatus ¶
type ScanningStatus string
const ( StatusExcluded ScanningStatus = "excluded" StatusIgnored ScanningStatus = "ignored" StatusPassed ScanningStatus = "passed" StatusSkipped ScanningStatus = "skipped" StatusFailed ScanningStatus = "failed" StatusUnknown ScanningStatus = "" StatusIrrelevant ScanningStatus = "irrelevant" StatusError ScanningStatus = "error" )
func ExtractStatus ¶
func ExtractStatus(con *ResourceAssociatedControl) ScanningStatus
ExtractStatus derives the scan status of a given Kubescape Control. The status Error, Unknown, Irrelevant and Failed have a higher priority over the others, given that these signal some caveat in the scan. In case no higher priority status is present, the most frequent is returned.
The high priority status follow the hierarchy:
Failed > Error > Unknown > Irrelevant
type SummaryDetails ¶
type SummaryDetails struct {
Status ScanningStatus `json:"status"`
Controls map[string]ControlSummary `json:"controls,omitempty"`
}
SummaryDetails contains a summary of the scan with the status and per Control summary.
Source Files