Documentation
¶
Overview ¶
Package config implements parsing of Lava configurations.
Index ¶
Constants ¶
const ExpirationDateLayout = "2006/01/02"
ExpirationDateLayout is the input format for the ExpirationDate.
Variables ¶
var ( // ErrInvalidLavaVersion means that the Lava version does not // have a valid format according to the Semantic Versioning // Specification. ErrInvalidLavaVersion = errors.New("invalid Lava version") // ErrNoChecktypeURLs means that no checktypes URLs were // specified. ErrNoChecktypeURLs = errors.New("no checktype catalogs") // ErrNoTargets means that no targets were specified. ErrNoTargets = errors.New("no targets") // ErrNoTargetIdentifier means that the target does not have // an identifier. ErrNoTargetIdentifier = errors.New("no target identifier") // ErrNoTargetAssetType means that the target does not have an // asset type. ErrNoTargetAssetType = errors.New("no target asset type") // ErrInvalidAssetType means that the asset type is invalid. ErrInvalidAssetType = errors.New("invalid asset type") // ErrInvalidSeverity means that the severity is invalid. ErrInvalidSeverity = errors.New("invalid severity") // ErrInvalidOutputFormat means that the output format is // invalid. ErrInvalidOutputFormat = errors.New("invalid output format") // ErrInvalidExpirationDate means that the expiration date is // invalid. ErrInvalidExpirationDate = errors.New("invalid expiration date") )
Functions ¶
This section is empty.
Types ¶
type AgentConfig ¶
type AgentConfig struct {
// PullPolicy is the pull policy passed to vulcan-agent.
PullPolicy agentconfig.PullPolicy `yaml:"pullPolicy"`
// Parallel is the maximum number of checks that can run in
// parallel.
Parallel int `yaml:"parallel"`
// Vars is the environment variables required by the Vulcan
// checktypes.
Vars map[string]string `yaml:"vars"`
// RegistryAuths contains the credentials for a set of
// container registries.
RegistryAuths []RegistryAuth `yaml:"registries"`
}
AgentConfig is the configuration passed to the vulcan-agent.
type Config ¶
type Config struct {
// LavaVersion is the minimum required version of Lava.
LavaVersion string `yaml:"lava"`
// AgentConfig is the configuration of the vulcan-agent.
AgentConfig AgentConfig `yaml:"agent"`
// ReportConfig is the configuration of the report.
ReportConfig ReportConfig `yaml:"report"`
// ChecktypeURLs is a list of URLs pointing to checktype
// catalogs.
ChecktypeURLs []string `yaml:"checktypes"`
// Targets is the list of targets.
Targets []Target `yaml:"targets"`
// LogLevel is the logging level.
LogLevel slog.Level `yaml:"log"`
}
Config represents a Lava configuration.
func (Config) IsCompatible ¶ added in v0.2.0
IsCompatible reports whether the configuration is compatible with the specified version. An invalid semantic version string is considered incompatible.
type Exclusion ¶
type Exclusion struct {
// Target is a regular expression that matches the name of the
// affected target.
Target string `yaml:"target"`
// Resource is a regular expression that matches the name of
// the affected resource.
Resource string `yaml:"resource"`
// Fingerprint defines the context in where the vulnerability
// has been found. It includes the checktype image, the
// affected target, the asset type and the checktype options.
Fingerprint string `yaml:"fingerprint"`
// Summary is a regular expression that matches the summary of
// the vulnerability.
Summary string `yaml:"summary"`
// ExpirationDate is the date on which the exclusion becomes inactive.
// The format is YYYY/MM/DD.
ExpirationDate ExpirationDate `yaml:"expiration"`
// Description describes the exclusion.
Description string `yaml:"description"`
}
Exclusion represents the criteria to exclude a given finding.
type ExpirationDate ¶ added in v0.9.0
ExpirationDate represents when an exclusion is not valid any more.
func (ExpirationDate) MarshalText ¶ added in v0.9.0
func (ed ExpirationDate) MarshalText() (text []byte, err error)
MarshalText encodes an ExpirationDate value as text.
func (ExpirationDate) String ¶ added in v0.9.0
func (ed ExpirationDate) String() string
String returns the string representation of the expiration date.
func (*ExpirationDate) UnmarshalText ¶ added in v0.9.0
func (ed *ExpirationDate) UnmarshalText(text []byte) error
UnmarshalText decodes an ExpirationDate text into an ExpirationDate value. It returns error if the provided string does not match the date format.
type OutputFormat ¶
type OutputFormat int
OutputFormat is the format of the generated report.
const ( OutputFormatHuman OutputFormat = iota OutputFormatJSON )
Output formats available for the report.
func (OutputFormat) IsValid ¶ added in v0.6.0
func (f OutputFormat) IsValid() bool
IsValid reports whether the output format is known.
func (OutputFormat) MarshalText ¶ added in v0.6.0
func (f OutputFormat) MarshalText() (text []byte, err error)
MarshalText encodes an OutputFormat as text. It returns error if the output format is not valid.
func (OutputFormat) String ¶ added in v0.6.0
func (f OutputFormat) String() string
String returns the string representation of the output format.
func (*OutputFormat) UnmarshalText ¶ added in v0.6.0
func (f *OutputFormat) UnmarshalText(text []byte) error
UnmarshalText decodes an OutputFormat text into an OutputFormat value. It returns error if the provided string does not match any known output format.
type RegistryAuth ¶
type RegistryAuth struct {
// Server is the URL of the registry.
Server string `yaml:"server"`
// Username is the username used to log into the registry.
Username string `yaml:"username"`
// Password is the password used to log into the registry.
Password string `yaml:"password"`
}
RegistryAuth contains the credentials for a container registry.
func (RegistryAuth) String ¶ added in v0.6.0
func (auth RegistryAuth) String() string
String returns the string representation of the RegistryAuth masking the password.
type ReportConfig ¶
type ReportConfig struct {
// Severity is the minimum severity required to exit with
// error.
Severity Severity `yaml:"severity"`
// ShowSeverity is the minimum severity required to show a
// finding.
ShowSeverity *Severity `yaml:"show"`
// Format is the output format.
Format OutputFormat `yaml:"format"`
// OutputFile is the path of the output file.
OutputFile string `yaml:"output"`
// Exclusions is a list of findings that will be ignored. For
// instance, accepted risks, false positives, etc.
Exclusions []Exclusion `yaml:"exclusions"`
// ErrorOnStaleExclusions specifies whether Lava should exit
// with error when stale exclusions are detected.
ErrorOnStaleExclusions bool `yaml:"errorOnStaleExclusions"`
// Metrics is the file where the metrics will be written.
// If Metrics is an empty string or not specified in the yaml file, then
// the metrics report is not saved.
Metrics string `yaml:"metrics"`
}
ReportConfig is the configuration of the report.
type Severity ¶
type Severity int
Severity is the severity of a given finding.
const ( SeverityCritical Severity = 1 SeverityHigh Severity = 0 SeverityMedium Severity = -1 SeverityLow Severity = -2 SeverityInfo Severity = -3 )
Severity levels.
func (Severity) MarshalText ¶
MarshalText encodes a Severity as text. It returns error is the severity is not valid.
type Target ¶
type Target struct {
// Identifier is a string that identifies the target. For
// instance, a path, a URL, a container image, etc.
Identifier string `yaml:"identifier"`
// AssetType is the asset type of the target.
AssetType types.AssetType `yaml:"type"`
// Options is a list of specific options for the target.
Options map[string]any `yaml:"options"`
}
Target represents the target of a scan.
Source Files