Documentation ¶
Index ¶
- Variables
- func DeregisterAnalyzer(t Type)
- func DeregisterConfigAnalyzer(t Type)
- func RegisterAnalyzer(analyzer analyzer)
- func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)
- func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)
- type AnalysisInput
- type AnalysisOptions
- type AnalysisResult
- type AnalyzerGroup
- func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, ...) error
- func (ag AnalyzerGroup) AnalyzerVersions() Versions
- func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, files *syncx.Map[Type, *mapfs.FS], result *AnalysisResult, ...) error
- func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type
- type AnalyzerOptions
- type ConfigAnalysisInput
- type ConfigAnalysisResult
- type ConfigAnalyzer
- type ConfigAnalyzerGroup
- type ConfigAnalyzerOptions
- type CustomGroup
- type Group
- type Initializer
- type LicenseScannerOption
- type Opener
- type PostAnalysisInput
- type PostAnalyzer
- type SecretScannerOption
- type Type
- type Versions
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrUnknownOS occurs when unknown OS is analyzed. ErrUnknownOS = xerrors.New("unknown OS") // ErrPkgAnalysis occurs when the analysis of packages is failed. ErrPkgAnalysis = xerrors.New("failed to analyze packages") // ErrNoPkgsDetected occurs when the required files for an OS package manager are not detected ErrNoPkgsDetected = xerrors.New("no packages detected") )
View Source
var ( // TypeOSes has all OS-related analyzers TypeOSes = []Type{ TypeOSRelease, TypeAlpine, TypeAmazon, TypeCBLMariner, TypeDebian, TypePhoton, TypeCentOS, TypeRocky, TypeAlma, TypeFedora, TypeOracle, TypeRedHatBase, TypeSUSE, TypeUbuntu, TypeApk, TypeDpkg, TypeDpkgLicense, TypeRpm, TypeRpmqa, TypeApkRepo, } // TypeLanguages has all language analyzers TypeLanguages = []Type{ TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom, TypeGradleLock, TypeNpmPkgLock, TypeNodePkg, TypeYarn, TypePnpm, TypeNuget, TypeDotNetCore, TypeCondaPkg, TypePythonPkg, TypePip, TypePipenv, TypePoetry, TypeGoBinary, TypeGoMod, TypeRustBinary, TypeConanLock, TypeCocoaPods, TypePubSpecLock, TypeMixLock, } // TypeLockfiles has all lock file analyzers TypeLockfiles = []Type{ TypeBundler, TypeNpmPkgLock, TypeYarn, TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom, TypeConanLock, TypeGradleLock, TypeCocoaPods, TypePubSpecLock, TypeMixLock, } // TypeIndividualPkgs has all analyzers for individual packages TypeIndividualPkgs = []Type{ TypeGemSpec, TypeNodePkg, TypeCondaPkg, TypePythonPkg, TypeGoBinary, TypeJar, TypeRustBinary, } // TypeConfigFiles has all config file analyzers TypeConfigFiles = []Type{ TypeYaml, TypeJSON, TypeDockerfile, TypeTerraform, TypeCloudFormation, TypeHelm, } )
Functions ¶
func DeregisterConfigAnalyzer ¶
func DeregisterConfigAnalyzer(t Type)
DeregisterConfigAnalyzer is mainly for testing
func RegisterAnalyzer ¶
func RegisterAnalyzer(analyzer analyzer)
func RegisterConfigAnalyzer ¶
func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)
RegisterConfigAnalyzer adds a constructor of config analyzer
func RegisterPostAnalyzer ¶
func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)
Types ¶
type AnalysisInput ¶
type AnalysisInput struct { Dir string FilePath string Info os.FileInfo Content dio.ReadSeekerAt Options AnalysisOptions }
type AnalysisOptions ¶
type AnalysisOptions struct {
Offline bool
}
type AnalysisResult ¶
type AnalysisResult struct { OS types.OS Repository *types.Repository PackageInfos []types.PackageInfo Applications []types.Application Secrets []types.Secret Licenses []types.LicenseFile SystemInstalledFiles []string // A list of files installed by OS package manager // Files holds necessary file contents for the respective post-handler Files map[types.HandlerType][]types.File // Digests contains SHA-256 digests of unpackaged files // used to search for SBOM attestation. Digests map[string]string // For Red Hat BuildInfo *types.BuildInfo // CustomResources hold analysis results from custom analyzers. // It is for extensibility and not used in OSS. CustomResources []types.CustomResource // contains filtered or unexported fields }
func NewAnalysisResult ¶
func NewAnalysisResult() *AnalysisResult
func (*AnalysisResult) Merge ¶
func (r *AnalysisResult) Merge(new *AnalysisResult)
func (*AnalysisResult) Sort ¶
func (r *AnalysisResult) Sort()
type AnalyzerGroup ¶
type AnalyzerGroup struct {
// contains filtered or unexported fields
}
func NewAnalyzerGroup ¶
func NewAnalyzerGroup(opt AnalyzerOptions) (AnalyzerGroup, error)
func (AnalyzerGroup) AnalyzeFile ¶
func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, result *AnalysisResult, dir, filePath string, info os.FileInfo, opener Opener, disabled []Type, opts AnalysisOptions) error
func (AnalyzerGroup) AnalyzerVersions ¶
func (ag AnalyzerGroup) AnalyzerVersions() Versions
AnalyzerVersions returns analyzer version identifier used for cache keys.
func (AnalyzerGroup) PostAnalyze ¶
func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, files *syncx.Map[Type, *mapfs.FS], result *AnalysisResult, opts AnalysisOptions) error
func (AnalyzerGroup) RequiredPostAnalyzers ¶
func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type
type AnalyzerOptions ¶
type AnalyzerOptions struct { Group Group Slow bool FilePatterns []string DisabledAnalyzers []Type SecretScannerOption SecretScannerOption LicenseScannerOption LicenseScannerOption }
AnalyzerOptions is used to initialize analyzers
type ConfigAnalysisInput ¶
type ConfigAnalysisInput struct { OS types.OS Config *v1.ConfigFile }
type ConfigAnalysisResult ¶
type ConfigAnalysisResult struct { Misconfiguration *types.Misconfiguration Secret *types.Secret HistoryPackages types.Packages }
func (*ConfigAnalysisResult) Merge ¶
func (r *ConfigAnalysisResult) Merge(new *ConfigAnalysisResult)
type ConfigAnalyzer ¶
type ConfigAnalyzer interface { Type() Type Version() int Analyze(ctx context.Context, input ConfigAnalysisInput) (*ConfigAnalysisResult, error) Required(osFound types.OS) bool }
ConfigAnalyzer defines an interface for analyzer of container image config
type ConfigAnalyzerGroup ¶
type ConfigAnalyzerGroup struct {
// contains filtered or unexported fields
}
func NewConfigAnalyzerGroup ¶
func NewConfigAnalyzerGroup(opts ConfigAnalyzerOptions) (ConfigAnalyzerGroup, error)
func (*ConfigAnalyzerGroup) AnalyzeImageConfig ¶
func (ag *ConfigAnalyzerGroup) AnalyzeImageConfig(ctx context.Context, targetOS types.OS, config *v1.ConfigFile) *ConfigAnalysisResult
func (*ConfigAnalyzerGroup) AnalyzerVersions ¶
func (ag *ConfigAnalyzerGroup) AnalyzerVersions() Versions
AnalyzerVersions returns analyzer version identifier used for cache keys.
type ConfigAnalyzerOptions ¶
type ConfigAnalyzerOptions struct { FilePatterns []string DisabledAnalyzers []Type MisconfScannerOption misconf.ScannerOption SecretScannerOption SecretScannerOption }
ConfigAnalyzerOptions is used to initialize config analyzers
type CustomGroup ¶
type CustomGroup interface {
Group() Group
}
CustomGroup returns a group name for custom analyzers This is mainly intended to be used in Aqua products.
type Initializer ¶
type Initializer interface {
Init(AnalyzerOptions) error
}
Initializer represents analyzers that need to take parameters from users
type LicenseScannerOption ¶
type LicenseScannerOption struct { // Use license classifier to get better results though the classification is expensive. Full bool }
type Opener ¶
type Opener func() (dio.ReadSeekCloserAt, error)
type PostAnalysisInput ¶
type PostAnalysisInput struct { FS fs.FS Options AnalysisOptions }
type PostAnalyzer ¶
type SecretScannerOption ¶
type SecretScannerOption struct {
ConfigPath string
}
type Type ¶
type Type string
const ( // ====== // OS // ====== TypeOSRelease Type = "os-release" TypeAlpine Type = "alpine" TypeAmazon Type = "amazon" TypeCBLMariner Type = "cbl-mariner" TypeDebian Type = "debian" TypePhoton Type = "photon" TypeCentOS Type = "centos" TypeRocky Type = "rocky" TypeAlma Type = "alma" TypeFedora Type = "fedora" TypeOracle Type = "oracle" TypeRedHatBase Type = "redhat" TypeSUSE Type = "suse" TypeUbuntu Type = "ubuntu" TypeUbuntuESM Type = "ubuntu-esm" // OS Package TypeApk Type = "apk" TypeDpkg Type = "dpkg" TypeDpkgLicense Type = "dpkg-license" // For analyzing licenses TypeRpm Type = "rpm" TypeRpmqa Type = "rpmqa" // OS Package Repository TypeApkRepo Type = "apk-repo" // Ruby TypeBundler Type = "bundler" TypeGemSpec Type = "gemspec" // Rust TypeRustBinary Type = "rustbinary" TypeCargo Type = "cargo" // PHP TypeComposer Type = "composer" // Java TypeJar Type = "jar" TypePom Type = "pom" TypeGradleLock Type = "gradle-lockfile" // Node.js TypeNpmPkgLock Type = "npm" TypeNodePkg Type = "node-pkg" TypeYarn Type = "yarn" TypePnpm Type = "pnpm" // .NET TypeNuget Type = "nuget" TypeDotNetCore Type = "dotnet-core" // Conda TypeCondaPkg Type = "conda-pkg" // Python TypePythonPkg Type = "python-pkg" TypePip Type = "pip" TypePipenv Type = "pipenv" TypePoetry Type = "poetry" // Go TypeGoBinary Type = "gobinary" TypeGoMod Type = "gomod" // C/C++ TypeConanLock Type = "conan-lock" // Elixir TypeMixLock Type = "mix-lock" // Swift TypeCocoaPods Type = "cocoapods" // Dart TypePubSpecLock Type = "pubspec-lock" // ============ // Non-packaged // ============ TypeExecutable Type = "executable" // ============ // Image Config // ============ TypeApkCommand Type = "apk-command" TypeHistoryDockerfile Type = "history-dockerfile" TypeImageConfigSecret Type = "image-config-secret" // ================= // Structured Config // ================= TypeYaml Type = "yaml" TypeJSON Type = "json" TypeDockerfile Type = "dockerfile" TypeTerraform Type = "terraform" TypeCloudFormation Type = "cloudFormation" TypeHelm Type = "helm" // ======== // License // ======== TypeLicenseFile Type = "license-file" // ======== // Secrets // ======== TypeSecret Type = "secret" // ======= // Red Hat // ======= TypeRedHatContentManifestType Type = "redhat-content-manifest" TypeRedHatDockerfileType Type = "redhat-dockerfile" )
Click to show internal directories.
Click to hide internal directories.