policy

package

v0.69.4 Latest Latest Go to latest Published: Mar 4, 2026 License: Apache-2.0 Imports: 15 Imported by: 13

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aquasecurity/trivy

Links

Documentation ¶

Index ¶

Constants
type Client
- func NewClient(cacheDir string, quiet bool, checkBundleRepo string, opts ...Option) (*Client, error)
type Metadata
- func (m Metadata) String() string
type Option
- func WithClock(c clock.Clock) Option
- func WithOCIArtifact(art *oci.Artifact) Option

Constants ¶

View Source

const (
	BundleVersion    = 2 // Latest released MAJOR version for trivy-checks
	BundleRepository = "mirror.gcr.io/aquasec/trivy-checks"

	VersionAnnotationKey = "org.opencontainers.image.version"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client implements check operations

func NewClient ¶

func NewClient(cacheDir string, quiet bool, checkBundleRepo string, opts ...Option) (*Client, error)

NewClient is the factory method for check client

func (*Client) BuiltinChecksPath ¶ added in v0.69.0

func (c *Client) BuiltinChecksPath() string

BuiltinChecksPath returns default policies

func (*Client) Clear ¶ added in v0.42.0

func (c *Client) Clear() error

func (*Client) DownloadBuiltinChecks ¶ added in v0.56.0

func (c *Client) DownloadBuiltinChecks(ctx context.Context, registryOpts types.RegistryOptions) error

DownloadBuiltinChecks download default policies from GitHub Pages

func (*Client) GetMetadata ¶ added in v0.38.1

func (c *Client) GetMetadata(ctx context.Context) (*Metadata, error)

func (*Client) NeedsUpdate ¶

func (c *Client) NeedsUpdate(ctx context.Context, registryOpts types.RegistryOptions) (bool, error)

NeedsUpdate returns if the default check should be updated

type Metadata ¶

type Metadata struct {
	Digest       string
	DownloadedAt time.Time

	// MajorVersion indicates the major version of the bundle.
	// Used to invalidate cache when the major version increases.
	// Nil for old cache entries. Set to 0 for custom builds.
	MajorVersion *int `json:",omitempty"`

	// CustomBuild is true if the bundle was built manually and did not go
	// through the official build process that enriches the manifest with additional data.
	// For custom builds, MajorVersion is not used for cache invalidation.
	CustomBuild bool `json:",omitempty"`
}

Metadata holds default check metadata

func (Metadata) String ¶ added in v0.45.0

func (m Metadata) String() string

type Option ¶

type Option func(*options)

Option is a functional option

func WithClock ¶

func WithClock(c clock.Clock) Option

WithClock takes a clock

func WithOCIArtifact ¶ added in v0.23.0

func WithOCIArtifact(art *oci.Artifact) Option

WithOCIArtifact takes an OCI artifact

Source Files ¶

View all Source files

policy.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL