Documentation
¶
Index ¶
- Constants
- Variables
- type Application
- type ArtifactDetail
- type ArtifactInfo
- type ArtifactReference
- type ArtifactType
- type BlobInfo
- type BuildInfo
- type CauseMetadata
- type Code
- type Component
- type ComponentType
- type ContainerdOptions
- type Credential
- type CustomResource
- type CycloneDX
- type DockerOptions
- type File
- type HandlerType
- type Image
- type ImageConfigDetail
- type ImageExtension
- type ImageMetadata
- type ImageOptions
- type ImageSource
- type ImageSources
- type Layer
- type LicenseCategory
- type LicenseFile
- type LicenseFinding
- type LicenseFindings
- type LicenseType
- type Line
- type Location
- type Metadata
- type MisconfResult
- type MisconfResults
- type Misconfiguration
- type OS
- type Occurrence
- type Package
- type PackageInfo
- type Packages
- type Platform
- type PodmanOptions
- type PolicyInputOption
- type PolicyInputSelector
- type PolicyMetadata
- type RegistryOptions
- type Repository
- type Secret
- type SecretFinding
- type SecretRuleCategory
- type SpecVersion
- type SrcPackage
Constants ¶
View Source
const ( ArtifactJSONSchemaVersion = 1 BlobJSONSchemaVersion = 2 )
View Source
const ( // Programming language dependencies Bundler = "bundler" GemSpec = "gemspec" Cargo = "cargo" Composer = "composer" Npm = "npm" NuGet = "nuget" DotNetCore = "dotnet-core" Pip = "pip" Pipenv = "pipenv" Poetry = "poetry" CondaPkg = "conda-pkg" PythonPkg = "python-pkg" NodePkg = "node-pkg" Yarn = "yarn" Pnpm = "pnpm" Jar = "jar" Pom = "pom" Gradle = "gradle" GoBinary = "gobinary" GoModule = "gomod" JavaScript = "javascript" RustBinary = "rustbinary" Conan = "conan" Cocoapods = "cocoapods" Swift = "swift" Pub = "pub" Hex = "hex" // Config files YAML = "yaml" JSON = "json" Dockerfile = "dockerfile" Terraform = "terraform" TerraformPlan = "terraformplan" CloudFormation = "cloudformation" Kubernetes = "kubernetes" Ansible = "ansible" Helm = "helm" Cloud = "cloud" AzureARM = "azure-arm" // Licensing License = "license" // Language-specific file names NuGetPkgsLock = "packages.lock.json" NuGetPkgsConfig = "packages.config" GoMod = "go.mod" GoSum = "go.sum" MavenPom = "pom.xml" NpmPkg = "package.json" NpmPkgLock = "package-lock.json" YarnLock = "yarn.lock" PnpmLock = "pnpm-lock.yaml" ComposerLock = "composer.lock" ComposerJson = "composer.json" PyProject = "pyproject.toml" PipRequirements = "requirements.txt" PipfileLock = "Pipfile.lock" PoetryLock = "poetry.lock" GemfileLock = "Gemfile.lock" CargoLock = "Cargo.lock" CargoToml = "Cargo.toml" ConanLock = "conan.lock" CocoaPodsLock = "Podfile.lock" SwiftResolved = "Package.resolved" PubSpecLock = "pubspec.lock" MixLock = "mix.lock" )
View Source
const ( SystemFileFilteringPostHandler HandlerType = "system-file-filter" UnpackagedPostHandler HandlerType = "unpackaged" // SystemFileFilteringPostHandlerPriority should be higher than other handlers. // Otherwise, other handlers need to process unnecessary files. SystemFileFilteringPostHandlerPriority = 100 UnpackagedPostHandlerPriority = 50 )
Variables ¶
View Source
var ( InvalidURLPattern = xerrors.New("invalid url pattern") ErrNoRpmCmd = xerrors.New("no rpm command") )
View Source
var ( AllImageSources = ImageSources{ DockerImageSource, ContainerdImageSource, PodmanImageSource, RemoteImageSource, } )
Functions ¶
This section is empty.
Types ¶
type Application ¶
type ArtifactDetail ¶
type ArtifactDetail struct {
OS OS `json:",omitempty"`
Repository *Repository `json:",omitempty"`
Packages Packages `json:",omitempty"`
Applications []Application `json:",omitempty"`
Misconfigurations []Misconfiguration `json:",omitempty"`
Secrets []Secret `json:",omitempty"`
Licenses []LicenseFile `json:",omitempty"`
// ImageConfig has information from container image config
ImageConfig ImageConfigDetail
// CustomResources hold analysis results from custom analyzers.
// It is for extensibility and not used in OSS.
CustomResources []CustomResource `json:",omitempty"`
}
ArtifactDetail is generated by applying blobs
func (*ArtifactDetail) ToBlobInfo ¶
func (a *ArtifactDetail) ToBlobInfo() BlobInfo
ToBlobInfo is used to store a merged layer in cache.
type ArtifactInfo ¶
type ArtifactInfo struct {
SchemaVersion int
Architecture string
Created time.Time
DockerVersion string
OS string
// Misconfiguration holds misconfiguration in container image config
Misconfiguration *Misconfiguration `json:",omitempty"`
// Secret holds secrets in container image config such as environment variables
Secret *Secret `json:",omitempty"`
// HistoryPackages are packages extracted from RUN instructions
HistoryPackages Packages `json:",omitempty"`
}
ArtifactInfo is stored in cache
type ArtifactReference ¶
type ArtifactReference struct {
Name string // image name, tar file name, directory or repository name
Type ArtifactType
ID string
BlobIDs []string
ImageMetadata ImageMetadata
// SBOM
CycloneDX *CycloneDX
}
ArtifactReference represents a reference of container image, local filesystem and repository
type ArtifactType ¶
type ArtifactType string
ArtifactType represents a type of artifact
const ( ArtifactContainerImage ArtifactType = "container_image" ArtifactFilesystem ArtifactType = "filesystem" ArtifactRepository ArtifactType = "repository" ArtifactCycloneDX ArtifactType = "cyclonedx" ArtifactSPDX ArtifactType = "spdx" ArtifactAWSAccount ArtifactType = "aws_account" ArtifactVM ArtifactType = "vm" )
type BlobInfo ¶
type BlobInfo struct {
SchemaVersion int
// Layer information
Digest string `json:",omitempty"`
DiffID string `json:",omitempty"`
CreatedBy string `json:",omitempty"`
OpaqueDirs []string `json:",omitempty"`
WhiteoutFiles []string `json:",omitempty"`
// Analysis result
OS OS `json:",omitempty"`
Repository *Repository `json:",omitempty"`
PackageInfos []PackageInfo `json:",omitempty"`
Applications []Application `json:",omitempty"`
Misconfigurations []Misconfiguration `json:",omitempty"`
Secrets []Secret `json:",omitempty"`
Licenses []LicenseFile `json:",omitempty"`
// Red Hat distributions have build info per layer.
// This information will be embedded into packages when applying layers.
// ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe
BuildInfo *BuildInfo `json:",omitempty"`
// CustomResources hold analysis results from custom analyzers.
// It is for extensibility and not used in OSS.
CustomResources []CustomResource `json:",omitempty"`
}
BlobInfo is stored in cache
type BuildInfo ¶
type BuildInfo struct {
ContentSets []string `json:",omitempty"`
Nvr string `json:",omitempty"`
Arch string `json:",omitempty"`
}
BuildInfo represents information under /root/buildinfo in RHEL
type CauseMetadata ¶
type Component ¶
type Component struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
MIMEType string `json:"mime-type,omitempty" xml:"mime-type,attr,omitempty"`
Type ComponentType `json:"type" xml:"type,attr"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
PackageURL string `json:"purl,omitempty" xml:"purl,omitempty"`
}
type ComponentType ¶
type ComponentType string
type ContainerdOptions ¶
type ContainerdOptions struct {
}
type Credential ¶
type CustomResource ¶
CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.
type CycloneDX ¶
type CycloneDX struct {
// JSON specific fields
BOMFormat string `json:"bomFormat" xml:"-"`
SpecVersion SpecVersion `json:"specVersion" xml:"-"`
SerialNumber string `json:"serialNumber,omitempty" xml:"serialNumber,attr,omitempty"`
Version int `json:"version" xml:"version,attr"`
Metadata Metadata `json:"metadata,omitempty" xml:"metadata,omitempty"`
Components []Component `json:"components,omitempty" xml:"components>component,omitempty"`
}
CycloneDX re-defines only necessary fields from cyclondx/cyclonedx-go cf. https://github.com/CycloneDX/cyclonedx-go/blob/de6bc07025d148badc8f6699ccb556744a5f4070/cyclonedx.go#L58-L77
The encoding/xml package that cyclondx-go depends on cannot be imported due to some limitations in TinyGo. cf. https://tinygo.org/docs/reference/lang-support/stdlib/
type DockerOptions ¶
type DockerOptions struct {
Host string
}
type HandlerType ¶
type HandlerType string
type Image ¶
type Image interface {
v1.Image
ImageExtension
}
type ImageConfigDetail ¶
type ImageConfigDetail struct {
// Packages are packages extracted from RUN instructions in history
Packages []Package `json:",omitempty"`
// Misconfiguration holds misconfigurations in container image config
Misconfiguration *Misconfiguration `json:",omitempty"`
// Secret holds secrets in container image config
Secret *Secret `json:",omitempty"`
}
ImageConfigDetail has information from container image config
type ImageExtension ¶
type ImageMetadata ¶
type ImageOptions ¶
type ImageOptions struct {
RegistryOptions RegistryOptions
DockerOptions DockerOptions
PodmanOptions PodmanOptions
ContainerdOptions ContainerdOptions
ImageSources ImageSources
}
type ImageSource ¶
type ImageSource string
ImageSource represents the source of an image. It can be a string that identifies the container registry or a type of container runtime.
const ( // DockerImageSource is the docker runtime DockerImageSource ImageSource = "docker" // ContainerdImageSource is the containerd runtime ContainerdImageSource ImageSource = "containerd" // PodmanImageSource is the podman runtime PodmanImageSource ImageSource = "podman" // RemoteImageSource represents a remote scan RemoteImageSource ImageSource = "remote" )
type LicenseCategory ¶
type LicenseCategory string
const ( CategoryForbidden LicenseCategory = "forbidden" CategoryRestricted LicenseCategory = "restricted" CategoryReciprocal LicenseCategory = "reciprocal" CategoryNotice LicenseCategory = "notice" CategoryPermissive LicenseCategory = "permissive" CategoryUnencumbered LicenseCategory = "unencumbered" CategoryUnknown LicenseCategory = "unknown" )
type LicenseFile ¶
type LicenseFile struct {
Type LicenseType
FilePath string
PkgName string
Findings LicenseFindings
Layer Layer `json:",omitempty"`
}
type LicenseFinding ¶
type LicenseFinding struct {
Category LicenseCategory // such as "forbidden"
Name string
Confidence float64
Link string
}
type LicenseFindings ¶
type LicenseFindings []LicenseFinding
func (LicenseFindings) Len ¶
func (findings LicenseFindings) Len() int
func (LicenseFindings) Less ¶
func (findings LicenseFindings) Less(i, j int) bool
func (LicenseFindings) Names ¶
func (findings LicenseFindings) Names() []string
func (LicenseFindings) Swap ¶
func (findings LicenseFindings) Swap(i, j int)
type LicenseType ¶
type LicenseType string
const ( LicenseTypeDpkg LicenseType = "dpkg" // From /usr/share/doc/*/copyright LicenseTypeHeader LicenseType = "header" // From file headers LicenseTypeFile LicenseType = "license-file" // From LICENSE, COPYRIGHT, etc. )
type Line ¶
type Line struct {
Number int `json:"Number"`
Content string `json:"Content"`
IsCause bool `json:"IsCause"`
Annotation string `json:"Annotation"`
Truncated bool `json:"Truncated"`
Highlighted string `json:"Highlighted,omitempty"`
FirstCause bool `json:"FirstCause"`
LastCause bool `json:"LastCause"`
}
type MisconfResult ¶
type MisconfResult struct {
Namespace string `json:",omitempty"`
Query string `json:",omitempty"`
Message string `json:",omitempty"`
PolicyMetadata `json:",omitempty"`
CauseMetadata `json:",omitempty"`
// For debugging
Traces []string `json:",omitempty"`
}
type MisconfResults ¶
type MisconfResults []MisconfResult
func (MisconfResults) Len ¶
func (r MisconfResults) Len() int
func (MisconfResults) Less ¶
func (r MisconfResults) Less(i, j int) bool
func (MisconfResults) Swap ¶
func (r MisconfResults) Swap(i, j int)
type Misconfiguration ¶
type Misconfiguration struct {
FileType string `json:",omitempty"`
FilePath string `json:",omitempty"`
Successes MisconfResults `json:",omitempty"`
Warnings MisconfResults `json:",omitempty"`
Failures MisconfResults `json:",omitempty"`
Exceptions MisconfResults `json:",omitempty"`
Layer Layer `json:",omitempty"`
}
func ToMisconfigurations ¶
func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration
type OS ¶
type Occurrence ¶
type Package ¶
type Package struct {
ID string `json:",omitempty"`
Name string `json:",omitempty"`
Version string `json:",omitempty"`
Release string `json:",omitempty"`
Epoch int `json:",omitempty"`
Arch string `json:",omitempty"`
Dev bool `json:",omitempty"`
SrcName string `json:",omitempty"`
SrcVersion string `json:",omitempty"`
SrcRelease string `json:",omitempty"`
SrcEpoch int `json:",omitempty"`
Licenses []string `json:",omitempty"`
Maintainer string `json:",omitempty"`
Modularitylabel string `json:",omitempty"` // only for Red Hat based distributions
BuildInfo *BuildInfo `json:",omitempty"` // only for Red Hat
Ref string `json:",omitempty"` // identifier which can be used to reference the component elsewhere
Indirect bool `json:",omitempty"` // this package is direct dependency of the project or not
// Dependencies of this package
// Note: it may have interdependencies, which may lead to infinite loops.
DependsOn []string `json:",omitempty"`
Layer Layer `json:",omitempty"`
// Each package metadata have the file path, while the package from lock files does not have.
FilePath string `json:",omitempty"`
// This is required when using SPDX formats. Otherwise, it will be empty.
Digest digest.Digest `json:",omitempty"`
// lines from the lock file where the dependency is written
Locations []Location `json:",omitempty"`
}
type PackageInfo ¶
type Packages ¶
type Packages []Package
func (Packages) ParentDeps ¶
ParentDeps returns a map where the keys are package IDs and the values are the packages that depend on the respective package ID (parent dependencies).
type PodmanOptions ¶
type PodmanOptions struct {
}
type PolicyInputOption ¶
type PolicyInputOption struct {
Combine bool `mapstructure:"combine"`
Selectors []PolicyInputSelector `mapstructure:"selector"`
}
type PolicyInputSelector ¶
type PolicyInputSelector struct {
Type string `mapstructure:"type"`
}
type PolicyMetadata ¶
type PolicyMetadata struct {
ID string `json:",omitempty"`
AVDID string `json:",omitempty"`
Type string `json:",omitempty"`
Title string `json:",omitempty"`
Description string `json:",omitempty"`
Severity string `json:",omitempty"`
RecommendedActions string `json:",omitempty" mapstructure:"recommended_actions"`
References []string `json:",omitempty"`
}
type RegistryOptions ¶
type RegistryOptions struct {
// Auth for registries
Credentials []Credential
// RegistryToken is a bearer token to be sent to a registry
RegistryToken string
// SSL/TLS
Insecure bool
// For internal use. Needed for mTLS authentication.
ClientCert []byte
ClientKey []byte
// Architecture
Platform Platform
// ECR
AWSAccessKey string
AWSSecretKey string
AWSSessionToken string
AWSRegion string
// GCP
GCPCredPath string
}
type Repository ¶
type Secret ¶
type Secret struct {
FilePath string
Findings []SecretFinding
}
type SecretFinding ¶
type SecretRuleCategory ¶
type SecretRuleCategory string
type SpecVersion ¶
type SpecVersion int
type SrcPackage ¶
Source Files
Click to show internal directories.
Click to hide internal directories.