Documentation ¶
Index ¶
- Constants
- type ActionItem
- type CIRunnerVal
- type Configuration
- type Container
- type HelmConfig
- type K8sResource
- type ManifestConfig
- type RegistryCredential
- type RegistryCredentials
- type ReportInfo
- type Resource
- type ScanErrorsReport
- type ScanErrorsReportProperties
- type ScanErrorsReportResult
- type ScanResults
- type TFSecReportProperties
- type TFSecResult
- type TFSecResultLocation
- type TerraformConfig
Constants ¶
const ( ScanErrorsReportVersion = "0.0.1" ScanErrorsReportDefaultKind = "CIErrorWithoutContext" ScanErrorsReportDefaultResourceName = "unknown" ScanErrorsReportDefaultErrorContext = "performing an action in CI" )
const ScoreOutOfBoundsMessage = "score out of bounds"
ScoreOutOfBoundsMessage is the message for the error when the score returned by Insights is out of bounds.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActionItem ¶
type ActionItem struct { Remediation string Severity float64 Title string Description string Notes string Resource K8sResource }
ActionItem represents an ActionItem from Insights
func (ActionItem) GetReadableTitle ¶
func (ai ActionItem) GetReadableTitle() string
GetReadableTitle returns a human-readable title for the action item
type CIRunnerVal ¶
type CIRunnerVal string
const ( GithubActions CIRunnerVal = "github-actions" CircleCI CIRunnerVal = "circle-ci" Gitlab CIRunnerVal = "gitlab" Travis CIRunnerVal = "travis" AzureDevops CIRunnerVal = "azure-devops" )
type Configuration ¶
type Configuration struct { Images imageConfig `yaml:"images"` Manifests ManifestConfig `yaml:"manifests"` Terraform TerraformConfig `yaml:"terraform"` Options optionConfig `yaml:"options"` Reports reportsConfig `yaml:"reports"` }
Configuration is a struct representing the config options for Insights CI/CD
func (Configuration) CheckForErrors ¶
func (c Configuration) CheckForErrors() error
CheckForErrors checks to make sure the configuration is valid
func (*Configuration) SetDefaults ¶
func (c *Configuration) SetDefaults() error
SetDefaults sets configuration defaults
it should respect the order: - config. file content > env. variables > default
func (*Configuration) SetMountedPathDefaults ¶
func (c *Configuration) SetMountedPathDefaults(basePath, repoPath string) error
SetDefaults sets configuration defaults
func (*Configuration) SetPathDefaults ¶
func (c *Configuration) SetPathDefaults()
SetDefaults sets configuration defaults
type HelmConfig ¶
type HelmConfig struct { Name string `yaml:"name"` Path string `yaml:"path"` Repo string `yaml:"repo"` Chart string `yaml:"chart"` FluxFile string `yaml:"fluxFile"` Version string `yaml:"version"` ValuesFile string `yaml:"valuesFile"` // Deprecated ValuesFiles []string `yaml:"valuesFiles"` Values map[string]interface{} `yaml:"values"` }
HelmConfig is the configuration for helm.
func (*HelmConfig) IsFluxFile ¶
func (hc *HelmConfig) IsFluxFile() bool
func (*HelmConfig) IsLocal ¶
func (hc *HelmConfig) IsLocal() bool
func (*HelmConfig) IsRemote ¶
func (hc *HelmConfig) IsRemote() bool
type K8sResource ¶
K8sResource represents a resource in the cluster
type ManifestConfig ¶
type ManifestConfig struct { YamlPaths []string `yaml:"yaml"` Helm []HelmConfig `yaml:"helm"` }
ManifestConfig is a struct representing the config options for Manifests
type RegistryCredential ¶
type RegistryCredential struct { Domain string `yaml:"domain"` Username string `yaml:"username"` Password string `yaml:"password"` }
func (RegistryCredential) String ¶
func (rc RegistryCredential) String() string
type RegistryCredentials ¶
type RegistryCredentials []RegistryCredential
func (RegistryCredentials) FindCredentialForImage ¶
func (rc RegistryCredentials) FindCredentialForImage(imageName string) *RegistryCredential
func (RegistryCredentials) Validate ¶
func (rc RegistryCredentials) Validate() error
type ReportInfo ¶
ReportInfo is the information about a run of one of the reports.
type Resource ¶
type Resource struct { Kind string Name string Filename string Namespace string HelmName string Containers []string }
Resource represents a Kubernetes resource with information about what file it came from.
type ScanErrorsReport ¶
type ScanErrorsReport struct { Version string Report ScanErrorsReportProperties }
ScanErrorsReport contains ScanErrorsReportProperties and the report version.
type ScanErrorsReportProperties ¶
type ScanErrorsReportProperties struct {
Items []ScanErrorsReportResult `json:"results"`
}
ScanErrorsReportProperties contains multiple ScanErrorsReportResults.
func (*ScanErrorsReportProperties) AddScanErrorsReportResultFromError ¶
func (reportProperties *ScanErrorsReportProperties) AddScanErrorsReportResultFromError(e error, dataForMissingFields ...ScanErrorsReportResult)
AddScanErrorsReportResultFromError type-asserts an Error interface or multierror type into a ScanErrorsReportResult type, and adds it to the slice stored in the ScanErrorsReportProperties receiver. Any additional parameters of type ScanErrorsReportResult are used only to fill in empty fields of the first error parameter. For example: AddScanErrorsReportResultFromError(err, err2) will populate any missing fields from err, with values from err2, such as ErrorContext or Remediation.
type ScanErrorsReportResult ¶
type ScanErrorsReportResult struct { // IF adding a field to this struct, also update the FillUnsetFields // receiver below! Kind string `json:"kind"` ResourceName string `json:"resourceName"` ErrorMessage string `json:"errorMessage"` // error message returned during a scan ErrorContext string `json:"errorContext"` // where were we / what was happening when the error occurred Filename string `json:"filename"` // filename being scanned that relates to this error Remediation string `json:"remediation"` Severity float64 `json:"severity"` Category string `json:"category"` }
ScanErrorResult contains a single error encountered during a scan. This satisfies the GO Error interface, and provides additional error context to be included in scan-errors report action items.
func (ScanErrorsReportResult) Error ¶
func (r ScanErrorsReportResult) Error() string
The Error receiver satisfies the Go error interface, allowing the ScanErrorsReportResult type to be passed as an error, and type-casted back to a ScanErrorsReportResult type for inclusion in the ScanErrorsReport.
func (*ScanErrorsReportResult) FillUnsetFields ¶
func (r *ScanErrorsReportResult) FillUnsetFields(f ScanErrorsReportResult)
FillUnsetFields populates any unset ScanErrorsReportResult fields with those from the parameter. This is useful to provide context only when an upstream error does not already contain any.
func (*ScanErrorsReportResult) FillUnsetRequiredFieldsWithDefaults ¶
func (r *ScanErrorsReportResult) FillUnsetRequiredFieldsWithDefaults()
FillUnsetRequiredFieldsWithDefaults populates any unset ScanErrorsReportResult fields that are required by the Insights API, with defaults. This avoids HTTP 500s from the API.
type ScanResults ¶
type ScanResults struct { NewActionItems []ActionItem FixedActionItems []ActionItem Pass bool }
ScanResults is the value returned by the Insights API upon submitting a scan.
type TFSecReportProperties ¶
type TFSecReportProperties struct {
Items []TFSecResult `json:"results"`
}
TFSecReportProperties contains multiple TFSec results.
type TFSecResult ¶
type TFSecResult struct { RuleID string `json:"rule_id"` RuleDescription string `json:"rule_description"` Severity string `json:"severity"` Description string `json:"description"` Impact string `json:"impact"` Links []string `json:"links"` Resolution string `json:"resolution"` Resource string `json:"resource"` // TF resource E.G. aws_instance.bastion Location TFSecResultLocation `json:"location"` LongID string `json:"long_id"` }
TFSecResult contains a single TFSec finding.
type TFSecResultLocation ¶
type TFSecResultLocation struct { FileName string `json:"filename"` StartLine int64 `json:"start_line"` EndLine int64 `json:"end_line"` }
TFSecResultLocation contains the file name and line numbers where an issue was found.
type TerraformConfig ¶
type TerraformConfig struct {
Paths []string `yaml:"paths"`
}
TerraformConfig is a struct representing the config options for Terraform