vulnerabilityreport

package

v0.0.0-...-0fc2ddc Latest Latest Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/wg-policy-prototypes

Links

Open Source Insights

Documentation ¶

Index ¶

func GetScanJobName(obj client.Object) string
type Plugin
type ReportBuilderPolicy
- func NewReportBuilderPolicy(scheme *runtime.Scheme) *ReportBuilderPolicy
type Scanner
- func NewScanner(clientset kubernetes.Interface, client client.Client, plugin Plugin, ...) *Scanner
- func (s *Scanner) ScanPolicy(ctx context.Context, workload kube.Object) ([]policyreport.PolicyReport, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetScanJobName ¶

func GetScanJobName(obj client.Object) string

Types ¶

type Plugin ¶

type Plugin interface {

	// Init is a callback to initialize this plugin, e.g. ensure the default
	// configuration.
	Init(ctx imgvuln.PluginContext) error

	// GetScanJobSpec describes the pod that will be created by imgvuln when
	// it schedules a Kubernetes job to scan the workload with the specified
	// descriptor.
	// The second argument maps container names to Docker registry credentials,
	// which can be passed to the scanner as environment variables with values
	// set from returned secrets.
	GetScanJobSpec(ctx imgvuln.PluginContext, spec corev1.PodSpec, credentials map[string]docker.Auth) (
		corev1.PodSpec, []*corev1.Secret, error)

	// ParsePolicyReportData is a callback to parse and convert logs of
	// the pod controlled by the scan job to PolicyReport.
	ParsePolicyReportData(logsReader io.ReadCloser, pod client.Object) (
		policyreport.PolicyReport, error)
}

Plugin defines the interface between imgvuln and static vulnerability scanners.

type ReportBuilderPolicy ¶

type ReportBuilderPolicy struct {
	// contains filtered or unexported fields
}

func NewReportBuilderPolicy ¶

func NewReportBuilderPolicy(scheme *runtime.Scheme) *ReportBuilderPolicy

func (*ReportBuilderPolicy) ContainerPolicy ¶

func (b *ReportBuilderPolicy) ContainerPolicy(name string) *ReportBuilderPolicy

func (*ReportBuilderPolicy) ControllerPolicy ¶

func (b *ReportBuilderPolicy) ControllerPolicy(owner metav1.Object) *ReportBuilderPolicy

func (*ReportBuilderPolicy) DataPolicy ¶

func (b *ReportBuilderPolicy) DataPolicy(data policyreport.PolicyReport) *ReportBuilderPolicy

func (*ReportBuilderPolicy) GetPolicy ¶

func (b *ReportBuilderPolicy) GetPolicy() (policyreport.PolicyReport, error)

func (*ReportBuilderPolicy) PodSpecHashPolicy ¶

func (b *ReportBuilderPolicy) PodSpecHashPolicy(hash string) *ReportBuilderPolicy

type Scanner ¶

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner is a template for running static vulnerability scanners that implement the Plugin interface.

func NewScanner ¶

func NewScanner(
	clientset kubernetes.Interface,
	client client.Client,
	plugin Plugin,
	pluginContext imgvuln.PluginContext,
	config imgvuln.ConfigData,
	opts kube.ScannerOpts,
) *Scanner

NewScanner constructs a new static vulnerability Scanner with the specified Plugin that knows how to perform the actual scanning, which is performed by running a Kubernetes job, and knows how to convert logs to instances of PolicyReport.

func (*Scanner) ScanPolicy ¶

func (s *Scanner) ScanPolicy(ctx context.Context, workload kube.Object) ([]policyreport.PolicyReport, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL