scan

package
v1.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2023 License: Apache-2.0 Imports: 30 Imported by: 1

Documentation

Overview

Package scan manages the scan process to image scanning service

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Cleanup added in v1.7.2 

func Cleanup()

Cleanup performs a full cleanup of temporary files related to the image pull and scan process It should be called after all image processing is done since instances of stereoscope/pkg/image.Image will be broken afterwards

func GenerateLayersAndFileData added in v1.7.2 

func GenerateLayersAndFileData(image *image.Image) ([]layers.Layer, error)

GenerateLayersAndFileData reads the input image and calculates: - metadata for all layers (including empty ones) in the image - interesting files per layer with an flag whether they are in the squashed image or not

Types

type AnalysisPayload added in v1.7.2 

type AnalysisPayload struct {
	SBOM      *bom.JSONDocument `json:"sbom"`
	Layers    []layers.Layer    `json:"layers"`
	BuildStep string            `json:"build_step"`
	Namespace string            `json:"namespace"`
	ForceScan bool              `json:"force_scan"`
	ImageID   string            `json:"image_id"`
	Meta      struct {
		SyftVersion string `json:"syft_version"`
		CliVersion  string `json:"cli_version"`
	} `json:"metadata"`
}

AnalysisPayload is the payload used for uploading sbom to image scanning service.

func NewAnalysisPayload added in v1.7.2 

func NewAnalysisPayload(sbom *bom.JSONDocument, layers []layers.Layer, buildStep, namespace string, forceScan bool, syftVersion, cliVersion string) AnalysisPayload

func (AnalysisPayload) Footer added in v1.7.2 

func (payload AnalysisPayload) Footer() string

func (AnalysisPayload) Header added in v1.7.2 

func (payload AnalysisPayload) Header() []string

func (AnalysisPayload) Rows added in v1.7.2 

func (payload AnalysisPayload) Rows() [][]string

func (AnalysisPayload) Title added in v1.7.2 

func (payload AnalysisPayload) Title() string

type Bom 

type Bom struct {
	// FullTag is the full tag of the bom
	FullTag string
	// ManifestDigest is the sha256 of this image manifest json
	ManifestDigest string
	// Packages enumerates the packages in the bill of materials
	Packages bom.JSONDocument
}

Bom contains the full bill of materials for an image, along with some additional helpful metadata.

func GenerateSBOMFromImage added in v1.7.2 

func GenerateSBOMFromImage(img *image.Image, originalInput, forceFullTag string) (*Bom, error)

GenerateSBOMFromImage runs the image through syft's catalogers and returns a populated SBOM of the found packages

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler has all the fields for sending request to scanning service.

func NewScanHandler 

func NewScanHandler(saasTmpl, orgKey, apiID, apiKey string, bom *Bom, layers []layers.Layer) *Handler

NewScanHandler will create a handler for scan cmd.

func (*Handler) AttachData added in v1.6.3 

func (h *Handler) AttachData(bom *Bom, layers []layers.Layer, buildStep, namespace, imageID string)

AttachData will attach sbom, layers & policy to the handler.

func (Handler) GetImageAnalysisStatus 

func (h Handler) GetImageAnalysisStatus(digest, operationID string) (StatusResponse, error)

GetImageAnalysisStatus will fetch the current analysis result of an image.

func (Handler) GetImageVulnerability 

func (h Handler) GetImageVulnerability(digest, imageID, cliVersion string) (*image.ScannedImage, error)

GetImageVulnerability will fetch the vulnerability result via image digest.

func (Handler) GetImagesScanResultsFromBackendByImageID added in v1.7.2 

func (h Handler) GetImagesScanResultsFromBackendByImageID(imageId, cliVersion string) (*image.ScannedImage, error)

GetImagesScanResultsFromBackendByImageID return scan image data if existed.

func (Handler) GetResponseFromScanAPI 

func (h Handler) GetResponseFromScanAPI(digest, operationID string) (*image.ScannedImage, error)

GetResponseFromScanAPI will call the status API from image scanning service periodically, once the status is "FINISHED", it will fetch the real result from vuln API.

func (Handler) HealthCheck 

func (h Handler) HealthCheck() error

HealthCheck will check the health of the service backend.

func (Handler) PutBomAndLayersToAnalysisAPI added in v1.6.3 

func (h Handler) PutBomAndLayersToAnalysisAPI(operationID string, opts Option) (Status, error)

PutBomAndLayersToAnalysisAPI will call the PUT API and upload sbom to image scanning service.

func (*Handler) Scan 

func (h *Handler) Scan(operationID string, opts Option) (*image.ScannedImage, error)

Scan will send payload to image scanning service and fetch the result back.

type Option 

type Option struct {
	// ForceScan is the option whether to force scan an image no matter it is scanned or not.
	ForceScan bool
	// BypassDockerDaemon is whether not to use docker daemon to pull the image
	BypassDockerDaemon bool
	// UseDockerDaemon deprecated.
	UseDockerDaemon bool
	// Credential is the auth string used for login to registry, format: USERNAME[:PASSWORD]
	Credential string
	// ShouldCleanup is whether to delete the docker image pulled by docker
	ShouldCleanup bool
	// FullTag is the tag set to override in the image
	FullTag string
	// Timeout is the duration (second) for the scan process
	Timeout int

	DockerInsecureSkipTLSVerify bool
}

Option is the option used for image related cmd.

type RegistryHandler 

type RegistryHandler struct{}

RegistryHandler coordinates with OCI registry APIs in order to retrieve container images as needed.

func NewRegistryHandler 

func NewRegistryHandler() RegistryHandler

NewRegistryHandler constructs a new RegistryHandler instance.

func (*RegistryHandler) LoadImage added in v1.7.2 

func (h *RegistryHandler) LoadImage(input string, opts Option) (*image.Image, error)

LoadImage parses the provided input and attempts to load an image from it If successful, the first returned parameter will be populated and ready to use in scanning methods Sharing the returned image for reading is expected, shared writing is not supported

type Scanner added in v1.7.2 

type Scanner struct{}

func NewScanner added in v1.7.2 

func NewScanner() *Scanner

NewScanner creates a new Scanner that captures all supported scan operations under one interface

func (*Scanner) ExtractDataFromImage added in v1.7.2 

func (s *Scanner) ExtractDataFromImage(input string, opts Option) (*Bom, []layers.Layer, bool)

func (*Scanner) GenerateLayersAndFiles added in v1.7.2 

func (s *Scanner) GenerateLayersAndFiles(img *image.Image, _ string, _ Option) ([]layers.Layer, error)

GenerateLayersAndFiles is a wrapper around scan.GenerateLayersAndFileData

func (*Scanner) GenerateSBOM added in v1.7.2 

func (s *Scanner) GenerateSBOM(img *image.Image, userInput string, opts Option) (*Bom, error)

GenerateSBOM is a wrapper around scan.GenerateSBOMFromImage

type Status 

type Status string

Status is the status for the scanning. 

const (
	UploadedStatus Status = "UPLOADED"
	FinishedStatus Status = "FINISHED"
	QueuedStatus   Status = "QUEUED"
	FailedStatus   Status = "FAILED"
)

Detailed statuses of the scanning result.

type StatusResponse added in v1.7.2 

type StatusResponse struct {
	OperationStatus Status `json:"operation_status"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.