types

package
v0.0.0-...-c5f19f0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ClassOSPkg       = "os-pkgs"      // For detected packages and vulnerabilities in OS packages
	ClassLangPkg     = "lang-pkgs"    // For detected packages and vulnerabilities in language-specific packages
	ClassConfig      = "config"       // For detected misconfigurations
	ClassSecret      = "secret"       // For detected secrets
	ClassLicense     = "license"      // For detected package licenses
	ClassLicenseFile = "license-file" // For detected licenses in files
	ClassCustom      = "custom"

	// ComplianceNsa is the compliance checks for nsa
	ComplianceNsa = Compliance("nsa")
)
View Source 
const (
	// VulnTypeUnknown is a vulnerability type of unknown
	VulnTypeUnknown = VulnType("unknown")

	// VulnTypeOS is a vulnerability type of OS packages
	VulnTypeOS = VulnType("os")

	// VulnTypeLibrary is a vulnerability type of programming language dependencies
	VulnTypeLibrary = VulnType("library")

	// SecurityCheckUnknown is a security check of unknown
	SecurityCheckUnknown = SecurityCheck("unknown")

	// SecurityCheckVulnerability is a security check of vulnerabilities
	SecurityCheckVulnerability = SecurityCheck("vuln")

	// SecurityCheckConfig is a security check of misconfigurations
	SecurityCheckConfig = SecurityCheck("config")

	// SecurityCheckSecret is a security check of secrets
	SecurityCheckSecret = SecurityCheck("secret")

	// SecurityCheckRbac is a security check of rbac assessment
	SecurityCheckRbac = SecurityCheck("rbac")

	// SecurityCheckLicense is the security check of licenses
	SecurityCheckLicense = SecurityCheck("license")
)
View Source 
const (
	SBOMSourceRekor = SBOMSource("rekor")
)

Variables

View Source 
var (
	VulnTypes      = []string{VulnTypeOS, VulnTypeLibrary}
	SecurityChecks = []string{
		SecurityCheckVulnerability, SecurityCheckConfig, SecurityCheckRbac,
		SecurityCheckSecret, SecurityCheckLicense,
	}
)
View Source 
var Compliances = []string{ComplianceNsa}
View Source 
var (
	SBOMSources = []string{
		SBOMSourceRekor,
	}
)

Functions

func GetDockerOption 

func GetDockerOption(insecureTlsSkip bool, Platform string) (types.DockerOption, error)

GetDockerOption returns the Docker scanning options using DockerConfig

Types

type BySeverity 

type BySeverity []DetectedVulnerability

BySeverity implements sort.Interface based on the Severity field.

func (BySeverity) Len 

func (v BySeverity) Len() int

Len returns the length of DetectedVulnerabilities

func (BySeverity) Less 

func (v BySeverity) Less(i, j int) bool

Less compares 2 DetectedVulnerabilities based on package name, severity and vulnerabilityID

func (BySeverity) Swap 

func (v BySeverity) Swap(i, j int)

Swap swaps 2 vulnerability

type Compliance 

type Compliance = string

type DetectedLicense 

type DetectedLicense struct {
	// Severity is the consistent parameter indicating how severe the issue is
	Severity string

	// Category holds the license category such as "forbidden"
	Category types.LicenseCategory

	// PkgName holds a package name of the license.
	// It will be empty if FilePath is filled.
	PkgName string

	// PkgName holds a file path of the license.
	// It will be empty if PkgName is filled.
	FilePath string // for file license

	// Name holds a detected license name
	Name string

	// Confidence is level of the match. The confidence level is between 0.0 and 1.0, with 1.0 indicating an
	// exact match and 0.0 indicating a complete mismatch
	Confidence float64

	// Link is a SPDX link of the license
	Link string
}

type DetectedMisconfiguration 

type DetectedMisconfiguration struct {
	Type          string               `json:",omitempty"`
	ID            string               `json:",omitempty"`
	AVDID         string               `json:",omitempty"`
	Title         string               `json:",omitempty"`
	Description   string               `json:",omitempty"`
	Message       string               `json:",omitempty"`
	Namespace     string               `json:",omitempty"`
	Query         string               `json:",omitempty"`
	Resolution    string               `json:",omitempty"`
	Severity      string               `json:",omitempty"`
	PrimaryURL    string               `json:",omitempty"`
	References    []string             `json:",omitempty"`
	Status        MisconfStatus        `json:",omitempty"`
	Layer         ftypes.Layer         `json:",omitempty"`
	CauseMetadata ftypes.CauseMetadata `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

DetectedMisconfiguration holds detected misconfigurations

func (*DetectedMisconfiguration) GetID 

func (mc *DetectedMisconfiguration) GetID() string

GetID retrun misconfig ID

type DetectedVulnerability 

type DetectedVulnerability struct {
	VulnerabilityID  string         `json:",omitempty"`
	VendorIDs        []string       `json:",omitempty"`
	PkgID            string         `json:",omitempty"` // It is used to construct dependency graph.
	PkgName          string         `json:",omitempty"`
	PkgPath          string         `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec
	InstalledVersion string         `json:",omitempty"`
	FixedVersion     string         `json:",omitempty"`
	Layer            ftypes.Layer   `json:",omitempty"`
	SeveritySource   types.SourceID `json:",omitempty"`
	PrimaryURL       string         `json:",omitempty"`
	Ref              string         `json:",omitempty"`

	// DataSource holds where the advisory comes from
	DataSource *types.DataSource `json:",omitempty"`

	// Custom is for extensibility and not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`

	// Embed vulnerability details
	types.Vulnerability
}

DetectedVulnerability holds the information of detected vulnerabilities

func (*DetectedVulnerability) GetID 

func (vuln *DetectedVulnerability) GetID() string

GetID retrun Vulnerability ID

type DockerConfig 

type DockerConfig struct {
	UserName      string `env:"TRIVY_USERNAME"`
	Password      string `env:"TRIVY_PASSWORD"`
	RegistryToken string `env:"TRIVY_REGISTRY_TOKEN"`
	NonSSL        bool   `env:"TRIVY_NON_SSL" envDefault:"false"`
}

DockerConfig holds the config of Docker

type Library 

type Library struct {
	Name    string
	Version string
}

Library holds the attribute of a package library

type Metadata 

type Metadata struct {
	Size int64      `json:",omitempty"`
	OS   *ftypes.OS `json:",omitempty"`

	// Container image
	ImageID     string        `json:",omitempty"`
	DiffIDs     []string      `json:",omitempty"`
	RepoTags    []string      `json:",omitempty"`
	RepoDigests []string      `json:",omitempty"`
	ImageConfig v1.ConfigFile `json:",omitempty"`
}

Metadata represents a metadata of artifact

type MisconfStatus 

type MisconfStatus string

MisconfStatus represents a status of misconfiguration 

const (
	// StatusPassed represents successful status
	StatusPassed MisconfStatus = "PASS"

	// StatusFailure represents failure status
	StatusFailure MisconfStatus = "FAIL"

	// StatusException Passed represents the status of exception
	StatusException MisconfStatus = "EXCEPTION"
)

type MisconfSummary 

type MisconfSummary struct {
	Successes  int
	Failures   int
	Exceptions int
}

func (MisconfSummary) Empty 

func (s MisconfSummary) Empty() bool

type Report 

type Report struct {
	SchemaVersion int                 `json:",omitempty"`
	ArtifactName  string              `json:",omitempty"`
	ArtifactType  ftypes.ArtifactType `json:",omitempty"`
	Metadata      Metadata            `json:",omitempty"`
	Results       Results             `json:",omitempty"`

	// SBOM
	CycloneDX *ftypes.CycloneDX `json:"-"` // Just for internal usage, not exported in JSON
}

Report represents a scan result

type Result 

type Result struct {
	Target            string                     `json:"Target"`
	Class             ResultClass                `json:"Class,omitempty"`
	Type              string                     `json:"Type,omitempty"`
	Packages          []ftypes.Package           `json:"Packages,omitempty"`
	Vulnerabilities   []DetectedVulnerability    `json:"Vulnerabilities,omitempty"`
	MisconfSummary    *MisconfSummary            `json:"MisconfSummary,omitempty"`
	Misconfigurations []DetectedMisconfiguration `json:"Misconfigurations,omitempty"`
	Secrets           []ftypes.SecretFinding     `json:"Secrets,omitempty"`
	Licenses          []DetectedLicense          `json:"Licenses,omitempty"`
	CustomResources   []ftypes.CustomResource    `json:"CustomResources,omitempty"`
}

Result holds a target and detected vulnerabilities

func (*Result) IsEmpty 

func (r *Result) IsEmpty() bool

func (*Result) MarshalJSON 

func (r *Result) MarshalJSON() ([]byte, error)

type ResultClass 

type ResultClass string

type Results 

type Results []Result

Results to hold list of Result

func (Results) Failed 

func (results Results) Failed() bool

Failed returns whether the result includes any vulnerabilities, misconfigurations or secrets

type SBOM 

type SBOM struct {
	OS           *types.OS
	Packages     []types.PackageInfo
	Applications []types.Application

	CycloneDX *types.CycloneDX
	SPDX      *stypes.Document2_2
}

type SBOMSource 

type SBOMSource = string

type ScanOptions 

type ScanOptions struct {
	VulnType            []string
	SecurityChecks      []string
	ScanRemovedPackages bool
	Platform            string
	ListAllPackages     bool
	LicenseCategories   map[types.LicenseCategory][]string
	FilePatterns        []string
}

ScanOptions holds the attributes for scanning vulnerabilities

type SecurityCheck 

type SecurityCheck = string

SecurityCheck represents the type of security check

type VulnType 

type VulnType = string

VulnType represents vulnerability type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.