policy

package

v0.30.1 Latest Latest Go to latest Published: Mar 10, 2026 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aquasecurity/trivy-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetResultID(result scan.Result) string
func HasSeverity(resultSeverity severity.Severity, defaultSeverity string) bool
func LoadPoliciesData(policyPath []string) ([]string, error)
type Loader
- func NewPolicyLoader(pr string, cache gcache.Cache, registryOptions types.RegistryOptions, ...) Loader
type Policies
- func NewPolicies(data map[string]string, cac configauditreport.ConfigAuditConfig, ...) *Policies

Constants ¶

View Source

const (
	PoliciesNotFoundError = "failed to load rego policies from [externalPolicies]: stat externalPolicies: file does not exist"
)

Variables ¶

This section is empty.

Functions ¶

func GetResultID ¶ added in v0.27.0

func GetResultID(result scan.Result) string

GetResultID return the result id found in aliases (legacy) otherwise use ID

func HasSeverity ¶ added in v0.27.0

func HasSeverity(resultSeverity severity.Severity, defaultSeverity string) bool

HasSeverity checks if the result severity is in the default severity

func LoadPoliciesData ¶ added in v0.19.0

func LoadPoliciesData(policyPath []string) ([]string, error)

Types ¶

type Loader ¶ added in v0.19.0

type Loader interface {
	GetPoliciesAndBundlePath() ([]string, []string, error)
}

func NewPolicyLoader ¶ added in v0.19.0

func NewPolicyLoader(pr string, cache gcache.Cache, registryOptions types.RegistryOptions, opts ...mp.Option) Loader

type Policies ¶

type Policies struct {
	// contains filtered or unexported fields
}

func NewPolicies ¶

func NewPolicies(data map[string]string, cac configauditreport.ConfigAuditConfig, log logr.Logger, pl Loader, serverVersion string, exp *time.Duration) *Policies

func (*Policies) Applicable ¶

func (p *Policies) Applicable(resourceKind string) (bool, string, error)

Applicable check if policies exist either built in or via policies configmap

func (*Policies) Eval ¶

func (p *Policies) Eval(ctx context.Context, resource client.Object, inputs ...[]byte) (scan.Results, error)

Eval evaluates Rego policies with Kubernetes resource client.Object as input.

func (*Policies) ExternalPoliciesApplicable ¶ added in v0.11.0

func (p *Policies) ExternalPoliciesApplicable(resourceKind string) (bool, error)

func (*Policies) GetDefaultSeverity ¶ added in v0.27.0

func (p *Policies) GetDefaultSeverity() string

GetDefaultSeverity returns the default severity from ConfigAuditConfig

func (*Policies) Hash ¶

func (p *Policies) Hash(kind string) (string, error)

func (*Policies) InitScanner ¶ added in v0.24.1

func (p *Policies) InitScanner() error

func (*Policies) Libraries ¶

func (p *Policies) Libraries() map[string]string

func (*Policies) Load ¶ added in v0.24.1

func (p *Policies) Load() error

func (*Policies) ModulesByKind ¶

func (p *Policies) ModulesByKind(kind string) (map[string]string, error)

func (*Policies) PoliciesByKind ¶

func (p *Policies) PoliciesByKind(kind string) (map[string]string, error)

func (*Policies) SupportedKind ¶ added in v0.1.4

func (p *Policies) SupportedKind(resource client.Object, rbacDEnable bool) (bool, error)

SupportedKind scan policies supported for this kind

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL