Documentation ¶
Index ¶
- type ComplianceRiskItem
- type DefaultEvaluator
- type Evaluator
- type ExposureRiskItem
- type HostRiskItem
- type ImageItem
- type ResourceItem
- func (r *ResourceItem) GenerateReportItems(w *Workloads, report *vuln.Report, evaluator Evaluator) (rs []*RiskItem, e error)
- func (r *ResourceItem) GenerateUUID()
- func (r *ResourceItem) GetImages(ctx context.Context, adapter providers.Adapter, ...) (images []*ImageItem)
- func (r *ResourceItem) IsDeployment() bool
- func (r *ResourceItem) IsNode() bool
- func (r *ResourceItem) IsPod() bool
- func (r *ResourceItem) IsSecret() bool
- func (r *ResourceItem) IsService() bool
- func (r *ResourceItem) IsServiceAccount() bool
- func (r *ResourceItem) SetDeployment(deploy appsv1.Deployment)
- func (r *ResourceItem) SetNode(node *v1.Node)
- func (r *ResourceItem) SetPod(pod v1.Pod)
- func (r *ResourceItem) SetSecret(secret *v1.Secret)
- func (r *ResourceItem) SetService(service v1.Service)
- func (r *ResourceItem) SetServiceAccount(serviceAccount *v1.ServiceAccount)
- func (r *ResourceItem) UUID() string
- type ResourceSelector
- type RiskCollection
- type RiskItem
- type VulnerabilityRiskItem
- type Workload
- type Workloads
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ComplianceRiskItem ¶
type ComplianceRiskItem struct {
ComplianceRisks []string `json:"compliance_risks"`
}
ComplianceRiskItem risk item
type DefaultEvaluator ¶
type DefaultEvaluator struct {
// contains filtered or unexported fields
}
DefaultEvaluator the default evaluator for image risk evaluation
func NewDefaultEvaluator ¶
func NewDefaultEvaluator() *DefaultEvaluator
NewDefaultEvaluator the new evaluator
func (*DefaultEvaluator) Eval ¶
func (d *DefaultEvaluator) Eval(i *ResourceItem, w *Workloads, report *vuln.Report) (risks []*RiskItem)
Eval the default the eval function
type Evaluator ¶
type Evaluator interface {
Eval(*ResourceItem, *Workloads, *vuln.Report) []*RiskItem
}
Evaluator Interface
type ExposureRiskItem ¶
type ExposureRiskItem struct {
Addresses []string `json:"addresses"`
}
ExposureRiskItem exposure risk item
type HostRiskItem ¶
type HostRiskItem struct { Privileges []string `json:"privileges"` HostConfigurations []string `json:"host_configurations"` }
HostRiskItem risky host configuration and privilege misuses
type ImageItem ¶
type ImageItem struct { ID string `json:"uuid"` ImageName string `json:"image"` ArtifactID core.ArtifactID `json:"artifact_id"` Related []*ResourceItem `json:"related"` Reports []*vuln.Report }
ImageItem the image item get from the work load
func NewImageItem ¶
func NewImageItem(containerImage string, ArtifactID core.ArtifactID) *ImageItem
NewImageItem new image item
func (*ImageItem) AddRelatedResource ¶
func (i *ImageItem) AddRelatedResource(v *ResourceItem)
AddRelatedResource add resource
func (*ImageItem) FetchHarborReport ¶
FetchHarborReport fetch the harbor report
type ResourceItem ¶
type ResourceItem struct { ID string `json:"uuid"` Type string `json:"type"` Pod v1.Pod `json:"pod,omitempty"` Service v1.Service `json:"service,omitempty"` Node *v1.Node `json:"node,omitempty"` ServiceAccount *v1.ServiceAccount `json:"service_account,omitempty"` Secret *v1.Secret `json:"secret,omitempty"` Deployment appsv1.Deployment `json:"deployment,omitempty"` Selector map[string]string `json:"selector,omitempty"` metav1.ObjectMeta }
ResourceItem the resource item is to list all the resource is relating the ImageItem
func NewResourceItem ¶
func NewResourceItem(kind string) *ResourceItem
NewResourceItem create a new resource item given one of the source item
func (*ResourceItem) GenerateReportItems ¶
func (r *ResourceItem) GenerateReportItems(w *Workloads, report *vuln.Report, evaluator Evaluator) (rs []*RiskItem, e error)
GenerateReportItems generate report Item
func (*ResourceItem) GenerateUUID ¶
func (r *ResourceItem) GenerateUUID()
GenerateUUID generate uuid for all types of resource items
func (*ResourceItem) GetImages ¶
func (r *ResourceItem) GetImages(ctx context.Context, adapter providers.Adapter, baselines []*v1alpha1.ComplianceBaseline) (images []*ImageItem)
GetImages get images from a pod
func (*ResourceItem) IsDeployment ¶
func (r *ResourceItem) IsDeployment() bool
func (*ResourceItem) IsNode ¶
func (r *ResourceItem) IsNode() bool
func (*ResourceItem) IsPod ¶
func (r *ResourceItem) IsPod() bool
func (*ResourceItem) IsSecret ¶
func (r *ResourceItem) IsSecret() bool
func (*ResourceItem) IsService ¶
func (r *ResourceItem) IsService() bool
func (*ResourceItem) IsServiceAccount ¶
func (r *ResourceItem) IsServiceAccount() bool
func (*ResourceItem) SetDeployment ¶
func (r *ResourceItem) SetDeployment(deploy appsv1.Deployment)
func (*ResourceItem) SetNode ¶
func (r *ResourceItem) SetNode(node *v1.Node)
func (*ResourceItem) SetPod ¶
func (r *ResourceItem) SetPod(pod v1.Pod)
func (*ResourceItem) SetSecret ¶
func (r *ResourceItem) SetSecret(secret *v1.Secret)
func (*ResourceItem) SetService ¶
func (r *ResourceItem) SetService(service v1.Service)
func (*ResourceItem) SetServiceAccount ¶
func (r *ResourceItem) SetServiceAccount(serviceAccount *v1.ServiceAccount)
type ResourceSelector ¶
ResourceSelector resource selector
type RiskCollection ¶
RiskCollection generate all risk items summary for all workloads
type RiskItem ¶
type RiskItem struct { Score int `json:"score,omitempty"` //risk score Scale int `json:"scale,omitempty"` //risk scale(maximum) Reason string `json:"reason,omitempty"` //reason of the risk *HostRiskItem `json:"host,omitempty"` *VulnerabilityRiskItem `json:"vuln,omitempty"` *ExposureRiskItem `json:"exposure,omitempty"` *ComplianceRiskItem `json:"compliance,omitempty"` }
RiskItem the detail of the risk item
type VulnerabilityRiskItem ¶
type VulnerabilityRiskItem struct { POCReferences []string `json:"poc_references"` InfectionVectors string `json:"infection_vectors"` // An operating system or software dependency package containing the vulnerability. // e.g: dpkg Package string `json:"package"` // The version of the package containing the vulnerability. // e.g: 1.17.27 Version string `json:"version"` // The version of the package containing the fix if available. // e.g: 1.18.0 FixVersion string `json:"fix_version"` // example: dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program // and does not offer a protection mechanism for blank-indented diff hunks, which allows remote // attackers to conduct directory traversal attacks via a crafted Debian source package, as // demonstrated by using of dpkg-source on NetBSD. Description string `json:"description"` }
VulnerabilityRiskItem risky vulnerability items
type Workload ¶
type Workload interface { UUID() string GenerateReportItems() ([]*RiskItem, error) GetWorkload() ResourceItem }
Workload the workload
type Workloads ¶
type Workloads struct { Items map[string]*ResourceItem `json:"items"` Risks RiskCollection `json:"risks"` }
Workloads the workloads in the cluster
func NewWorkloads ¶
func NewWorkloads(risks RiskCollection, w map[string]*ResourceItem) *Workloads
NewWorkloads new workloads summary
func (*Workloads) AddResource ¶
func (w *Workloads) AddResource(r *ResourceItem)
AddResource add resource
func (*Workloads) AddRiskItem ¶
AddRiskItem add risk item for workload
func (*Workloads) GetWorkloads ¶
func (w *Workloads) GetWorkloads(selector *ResourceSelector, uuid string) (rs []*ResourceItem)
GetWorkloads given either a selector or uuid name