Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Details ¶
type Details struct {
Name string `json:"name"`
// Fixed package version string mapped to an array of CVE ids affecting the
// package.
Secfixes map[string][]string `json:"secfixes"`
}
Details define a package's name and relevant security fixes included in a given version.
type DistributionScanner ¶
type DistributionScanner struct{}
DistributionScanner attempts to discover if a layer displays characteristics of a alpine distribution
func (*DistributionScanner) Kind ¶
func (*DistributionScanner) Kind() string
Kind implements scanner.VersionedScanner.
func (*DistributionScanner) Name ¶
func (*DistributionScanner) Name() string
Name implements scanner.VersionedScanner.
func (*DistributionScanner) Scan ¶
func (s *DistributionScanner) Scan(ctx context.Context, l *claircore.Layer) ([]*claircore.Distribution, error)
Scan will inspect the layer for an os-release or lsb-release file and perform a regex match for keywords indicating the associated alpine release
If neither file is found a (nil, nil) is returned. If the files are found but all regexp fail to match an empty slice is returned.
func (*DistributionScanner) Version ¶
func (*DistributionScanner) Version() string
Version implements scanner.VersionedScanner.
type Factory ¶
type Factory struct {
// contains filtered or unexported fields
}
Factory is an UpdaterSetFactory for ingesting an Alpine SecDB.
Factory expects to be able to discover a directory layout like the one at [https://secdb.alpinelinux.org/] at the configured URL. More explictly, it expects: - a "last-update" file with opaque contents that change when any constituent database changes - contiguously numbered directories with the name "v$maj.$min" starting with "maj" as "3" and "min" as at most "3" - JSON files inside those directories named "main.json" or "community.json"
The [Configure] method must be called before the [UpdaterSet] method.
func NewFactory ¶
NewFactory returns a constructed Factory.
[Configure] must still be called before [UpdaterSet].
func (*Factory) UpdaterSet ¶
UpdaterSet implements driver.UpdaterSetFactory.
type FactoryConfig ¶
type FactoryConfig struct {
// URL indicates the base URL for the SecDB layout. It should have a trailing slash.
URL string `json:"url" yaml:"url"`
}
FactoryConfig is the configuration accepted by the Factory.
By convention, this is keyed by the string "alpine".
type Matcher ¶
type Matcher struct{}
Matcher implements driver.Matcher for Alpine containers.
func (*Matcher) Filter ¶
func (*Matcher) Filter(record *claircore.IndexRecord) bool
Filter implements driver.Matcher.
func (*Matcher) Query ¶
func (*Matcher) Query() []driver.MatchConstraint
Query implements driver.Matcher.
func (*Matcher) Vulnerable ¶
func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)
Vulnerable implements driver.Matcher.
type Scanner ¶
type Scanner struct{}
Scanner scans for packages in an apk database.
The zero value is ready to use.
type SecurityDB ¶
type SecurityDB struct {
Distroversion string `json:"distroversion"`
Reponame string `json:"reponame"`
Urlprefix string `json:"urlprefix"`
Apkurl string `json:"apkurl"`
Packages []Package `json:"packages"`
}
SecurityDB is the security database structure.
type UpdaterConfig ¶
type UpdaterConfig struct {
// URL overrides any discovered URL for the JSON file.
URL string `json:"url" yaml:"url"`
}
UpdaterConfig is the configuration accepted by Alpine updaters.
By convention, this should be in a map called "alpine-${REPO}-${RELEASE}-updater". For example, "alpine-main-v3.12-updater".
If a SecDB JSON file is not found at the proper place by Factory.UpdaterSet, this configuration will not be consulted.
Notes ¶
Bugs ¶
The current version omit the VERSION_ID data. Need to investigate why. Probably because it's not in the etc/issue file. VersionID: vid,
Source Files