agent

package
v16.9.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2024 License: MIT Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SeverityCritical = "CRITICAL"
	SeverityHigh     = "HIGH"
	SeverityMedium   = "MEDIUM"
	SeverityLow      = "LOW"

	SeverityNone    = "NONE" // Kept for legacy reasons since starboard contains this severity level
	SeverityUnknown = "UNKNOWN"
)

Adapted from severityNames in Trivy-db https://gitlab.com/gitlab-org/security-products/dependencies/trivy-db/-/blob/2bd1364579ec652f8f595c4a61595fd9575e8496/pkg/types/types.go#L35

View Source 
const (

	// Trivy version 0.45.0 contains a feature to support scanning of private images. It is due to be released early Sep 2023.
	// I've opted to use the sha256 digest from the Trivy Canary build in lieu of version 0.45.0 so we can release the private image scanning fix earlier.
	// TODO, switch back to version tag once Trivy 0.45.0 or later has been released.
	TrivyScannerVersion = "@sha256:f7fe23c37e0545435e4b8cf3c8c1712ab5584677e119edfb749b0f50ca4de895" // nolint:gosec

)

Variables

View Source 
var TrivyScanner = report.ScannerDetails{
	ID:   "starboard_trivy",
	Name: "Trivy (via Starboard Operator)",
	Vendor: report.Vendor{
		Name: "GitLab",
	},
}

Functions

This section is empty.

Types

type ConsolidatedReport 

type ConsolidatedReport struct {
	Findings []Resource `json:"Findings"`
}

Type referenced from Trivy https://gitlab.com/gitlab-org/security-products/dependencies/trivy/-/blob/v0.38.3/pkg/k8s/report/report.go?ref_type=tags#L51

type CronScheduler 

type CronScheduler struct {
	// contains filtered or unexported fields
}

CronScheduler can run tasks on a cron schedule, with cancellation.

func NewCronScheduler 

func NewCronScheduler() *CronScheduler

func (*CronScheduler) Run 

func (s *CronScheduler) Run(ctx context.Context)

func (*CronScheduler) Schedule 

func (s *CronScheduler) Schedule(ctx context.Context, schedule cron.Schedule, job Job)

type DetectedVulnerability 

type DetectedVulnerability struct {
	VulnerabilityID  string `json:"VulnerabilityID"`
	PkgName          string `json:"PkgName"`
	InstalledVersion string `json:"InstalledVersion"`
	FixedVersion     string `json:"FixedVersion"`
	PrimaryURL       string `json:"PrimaryURL"`

	// Embed vulnerability details
	Vulnerability
}

Type referenced from Trivy https://gitlab.com/gitlab-org/security-products/dependencies/trivy/-/blob/v0.38.3/pkg/types/vulnerability.go#L9

type Factory 

type Factory struct{}

func (*Factory) IsProducingLeaderModules added in v16.3.0 

func (f *Factory) IsProducingLeaderModules() bool

func (*Factory) Name 

func (f *Factory) Name() string

func (*Factory) New 

func (f *Factory) New(cfg *modagent.Config) (modagent.Module, error)

func (*Factory) StartStopPhase 

func (f *Factory) StartStopPhase() modshared.ModuleStartStopPhase

type Job 

type Job interface {
	// Run executes the cron task. It should cancel whatever it
	// is doing upon receiving a signal from ctx.Done.
	Run(context.Context)
}

type LogParser 

type LogParser interface {
	ParsePodLogsToReport(logs []byte) (ConsolidatedReport, error)
}

type Payload 

type Payload struct {
	Vulnerability *report.Vulnerability `json:"vulnerability"`
	Scanner       report.ScannerDetails `json:"scanner"`
}

func Convert 

func Convert(findings []Resource, agentID int64) ([]*Payload, error)

Convert turns a Trivy k8s vulnerability report into a slice of payloads which can be sent to the internal vulnerability API

type Reporter 

type Reporter struct {
	// contains filtered or unexported fields
}

func NewReporter 

func NewReporter(log *zap.Logger, api modagent.API) *Reporter

func (*Reporter) ResolveVulnerabilities 

func (r *Reporter) ResolveVulnerabilities(ctx context.Context, uuids []string) (retError error)

func (*Reporter) Transmit 

func (r *Reporter) Transmit(ctx context.Context, payloads []*Payload) ([]string, error)

type Resource 

type Resource struct {
	Namespace string   `json:"Namespace"`
	Kind      string   `json:"Kind"`
	Name      string   `json:"Name"`
	Results   []Result `json:"Results"`
}

Type referenced from Trivy https://gitlab.com/gitlab-org/security-products/dependencies/trivy/-/blob/v0.38.3/pkg/k8s/report/report.go#L58

type Result 

type Result struct {
	Target          string                  `json:"Target"`
	Class           string                  `json:"Class"`
	Type            string                  `json:"Type"`
	Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities"`
}

Type referenced from Trivy https://gitlab.com/gitlab-org/security-products/dependencies/trivy/-/blob/v0.38.3/pkg/types/report.go#L71

type SecurityPolicyConfiguration 

type SecurityPolicyConfiguration struct {
	Cadence    string    `json:"cadence"`
	Namespaces []string  `json:"namespaces"`
	UpdatedAt  time.Time `json:"updated_at"`
}

type Vulnerability 

type Vulnerability struct {
	Title            string     `json:"Title"`
	Description      string     `json:"Description"`
	Severity         string     `json:"Severity"` // Selected from VendorSeverity, depending on a scan target
	References       []string   `json:"References"`
	PublishedDate    *time.Time `json:"PublishedDate"`    // Take from NVD
	LastModifiedDate *time.Time `json:"LastModifiedDate"` // Take from NVD
}

Type referenced from Trivy-db https://gitlab.com/gitlab-org/security-products/dependencies/trivy-db/-/blob/4bcdf1c414d0/pkg/types/types.go#L132 referenced by Trivy v0.38.3

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.