container

package

v0.54.0 Latest Latest Go to latest Published: Feb 10, 2026 License: AGPL-3.0 Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/CompassSecurity/pipeleek

Links

Open Source Insights

Documentation ¶

Index ¶

func IsMultistage(content string) bool
func ScanDockerfileContent(content string, patterns []Pattern) []string
func ScanDockerfileForPattern(content string, pattern Pattern) bool
type Finding
type Pattern
- func DefaultPatterns() []Pattern
type PatternMatch
- func ScanDockerfileForPatterns(content string, patterns []Pattern) []PatternMatch
type RegistryMetadata

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsMultistage ¶

func IsMultistage(content string) bool

IsMultistage checks if Dockerfile content uses multistage builds by counting FROM statements

func ScanDockerfileContent ¶

func ScanDockerfileContent(content string, patterns []Pattern) []string

ScanDockerfileContent checks a Dockerfile's content against patterns and returns matched lines Deprecated: Use ScanDockerfileForPatterns instead

func ScanDockerfileForPattern ¶

func ScanDockerfileForPattern(content string, pattern Pattern) bool

ScanDockerfileForPattern checks if a Dockerfile matches a specific pattern

Types ¶

type Finding ¶

type Finding struct {
	ProjectPath      string
	ProjectURL       string
	FilePath         string
	FileName         string
	MatchedPattern   string
	LineContent      string
	IsMultistage     bool
	RegistryMetadata *RegistryMetadata
}

Finding represents a dangerous pattern found in a Dockerfile/Containerfile

type Pattern ¶

type Pattern struct {
	Name        string
	Pattern     *regexp.Regexp
	Description string
}

Pattern represents a dangerous pattern to detect

func DefaultPatterns ¶

func DefaultPatterns() []Pattern

DefaultPatterns returns the default dangerous patterns to detect in Dockerfiles

type PatternMatch ¶

type PatternMatch struct {
	PatternName string
	MatchedLine string
}

PatternMatch represents a matched pattern with details

func ScanDockerfileForPatterns ¶

func ScanDockerfileForPatterns(content string, patterns []Pattern) []PatternMatch

ScanDockerfileForPatterns scans Dockerfile content and returns all pattern matches

type RegistryMetadata ¶

type RegistryMetadata struct {
	TagName    string
	LastUpdate string
}

RegistryMetadata contains information about the most recent container image in the registry

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL