applicationsnapshot

package
v0.8.32 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2025 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	JSON            = "json"
	YAML            = "yaml"
	Text            = "text"
	AppStudio       = "appstudio"
	Summary         = "summary"
	SummaryMarkdown = "summary-markdown"
	JUnit           = "junit"
	Attestation     = "attestation"
	PolicyInput     = "policy-input"
	VSA             = "vsa"
	// Deprecated old version of appstudio. Remove some day.
	HACBS = "hacbs"
)

Possible formats the report can be written as.

Variables

View Source 
var OutputFormats = []string{
	JSON,
	YAML,
	Text,
	AppStudio,
	Summary,
	SummaryMarkdown,
	JUnit,
	Attestation,
	PolicyInput,
	VSA,
}

Functions

func GetVSAPredicateDigest added in v0.7.117 

func GetVSAPredicateDigest(fs afero.Fs, path string) (string, error)

GetVSAPredicateDigest calculates the sha256 digest of the given file path.

func OutputAppstudioReport 

func OutputAppstudioReport(t TestReport)

Types

type AttestationResult 

type AttestationResult struct {
	Type               string                      `json:"type,omitempty"`
	PredicateType      string                      `json:"predicateType,omitempty"`
	PredicateBuildType string                      `json:"predicateBuildType,omitempty"`
	Signatures         []signature.EntitySignature `json:"signatures,omitempty"`
	Statement          []byte                      `json:"-"`
}

func NewAttestationResult 

func NewAttestationResult(att attestation.Attestation) AttestationResult

type Component 

type Component struct {
	app.SnapshotComponent
	Violations   []evaluator.Result          `json:"violations,omitempty"`
	Warnings     []evaluator.Result          `json:"warnings,omitempty"`
	Successes    []evaluator.Result          `json:"successes,omitempty"`
	Success      bool                        `json:"success"`
	SuccessCount int                         `json:"-"`
	Signatures   []signature.EntitySignature `json:"signatures,omitempty"`
	Attestations []AttestationResult         `json:"attestations,omitempty"`
}

type ExpansionInfo added in v0.8.9 

type ExpansionInfo struct {
	// contains filtered or unexported fields
}

ExpansionInfo tracks the relationships between image indexes and their child manifests that are created when expanding multi-arch images.

func DetermineInputSpec 

func DetermineInputSpec(ctx context.Context, input Input) (*app.SnapshotSpec, *ExpansionInfo, error)

func NewExpansionInfo added in v0.8.9 

func NewExpansionInfo() *ExpansionInfo

NewExpansionInfo creates a new ExpansionInfo instance

func (*ExpansionInfo) AddChildToIndex added in v0.8.18 

func (e *ExpansionInfo) AddChildToIndex(index, child string)

AddChildToIndex safely adds a child to the index

func (*ExpansionInfo) GetChildrenByIndex added in v0.8.18 

func (e *ExpansionInfo) GetChildrenByIndex(index string) ([]string, bool)

GetChildrenByIndex safely gets children for an index Caller gets own slice to avoid race conditions Example: 

go func() {
    e.AddChildToIndex("index1", "child3") // holds lock while writing
}()

children, _ := e.GetChildrenByIndex("index1") // holds lock while reading children = append(children, "child4") // modifies underlying slice WITHOUT lock

func (*ExpansionInfo) GetIndexAlias added in v0.8.18 

func (e *ExpansionInfo) GetIndexAlias(key string) (string, bool)

GetIndexAlias safely gets an index alias

func (*ExpansionInfo) GetParentByChild added in v0.8.18 

func (e *ExpansionInfo) GetParentByChild(child string) (string, bool)

GetParentByChild safely gets the parent for a child

func (*ExpansionInfo) SetIndexAlias added in v0.8.18 

func (e *ExpansionInfo) SetIndexAlias(key, value string)

SetIndexAlias safely sets an index alias

func (*ExpansionInfo) SetParentByChild added in v0.8.18 

func (e *ExpansionInfo) SetParentByChild(child, parent string)

SetParentByChild safely sets the parent for a child

type Input 

type Input struct {
	File     string // Deprecated: replaced by images
	JSON     string // Deprecated: replaced by images
	Image    string
	Snapshot string
	Images   string
}

type Report 

type Report struct {
	Success bool `json:"success"`

	Snapshot      string                           `json:"snapshot,omitempty"`
	Components    []Component                      `json:"components"`
	Key           string                           `json:"key"`
	Policy        ecc.EnterpriseContractPolicySpec `json:"policy"`
	EcVersion     string                           `json:"ec-version"`
	Data          any                              `json:"-"`
	EffectiveTime time.Time                        `json:"effective-time"`
	PolicyInput   [][]byte                         `json:"-"`
	ShowSuccesses bool                             `json:"-"`
	ShowWarnings  bool                             `json:"-"`
	Expansion     *ExpansionInfo                   `json:"-"`
	// contains filtered or unexported fields
}

func NewReport 

func NewReport(snapshot string, components []Component, policy policy.Policy, policyInput [][]byte, showSuccesses bool, showWarnings bool, expansion *ExpansionInfo) (Report, error)

WriteReport returns a new instance of Report representing the state of components from the snapshot.

func (Report) WriteAll 

func (r Report) WriteAll(targets []string, p format.TargetParser) (allErrors error)

WriteAll writes the report to all the given targets.

type SLSAProvenance 

type SLSAProvenance interface {
	attestation.Attestation
	PredicateBuildType() string
}

type SnapshotComponentDetail added in v0.8.25 

type SnapshotComponentDetail struct {
	Name           string `json:"name"`
	ContainerImage string `json:"containerImage"`
	Success        bool   `json:"success"`
	Violations     int    `json:"violations"`
	Warnings       int    `json:"warnings"`
	Successes      int    `json:"successes"`
}

SnapshotComponentDetail represents detailed information about a component in the snapshot summary

type SnapshotPredicate added in v0.8.25 

type SnapshotPredicate struct {
	Policy    ecc.EnterpriseContractPolicySpec `json:"policy"`
	ImageRefs []string                         `json:"imageRefs"`
	Timestamp string                           `json:"timestamp"`
	Status    string                           `json:"status"`
	Verifier  string                           `json:"verifier"`
	Summary   SnapshotSummary                  `json:"summary"`
}

SnapshotPredicate represents a predicate for an entire application snapshot

type SnapshotPredicateGenerator added in v0.8.25 

type SnapshotPredicateGenerator struct {
	Report Report
}

SnapshotPredicateGenerator generates predicates for application snapshots

func NewSnapshotPredicateGenerator added in v0.8.25 

func NewSnapshotPredicateGenerator(report Report) *SnapshotPredicateGenerator

NewSnapshotPredicateGenerator creates a new predicate generator for application snapshots

func (*SnapshotPredicateGenerator) GeneratePredicate added in v0.8.25 

func (s *SnapshotPredicateGenerator) GeneratePredicate(ctx context.Context) (*SnapshotPredicate, error)

GeneratePredicate creates a predicate for the entire application snapshot

type SnapshotPredicateWriter added in v0.8.25 

type SnapshotPredicateWriter struct {
	FS            afero.Fs    // defaults to afero.NewOsFs()
	TempDirPrefix string      // defaults to "snapshot-predicate-"
	FilePerm      os.FileMode // defaults to 0600
}

SnapshotPredicateWriter handles writing application snapshot predicates to files

func NewSnapshotPredicateWriter added in v0.8.25 

func NewSnapshotPredicateWriter() *SnapshotPredicateWriter

NewSnapshotPredicateWriter creates a new application snapshot predicate file writer

func (*SnapshotPredicateWriter) WritePredicate added in v0.8.25 

func (s *SnapshotPredicateWriter) WritePredicate(predicate *SnapshotPredicate) (string, error)

WritePredicate writes the SnapshotPredicate as a JSON file to a temp directory and returns the path

type SnapshotSummary added in v0.8.25 

type SnapshotSummary struct {
	Snapshot         string                    `json:"snapshot"`
	Components       int                       `json:"components"`
	Success          bool                      `json:"success"`
	Key              string                    `json:"key"`
	EcVersion        string                    `json:"ec_version"`
	ComponentDetails []SnapshotComponentDetail `json:"component_details"`
	Violations       int                       `json:"Violations"`
	Warnings         int                       `json:"Warnings"`
}

SnapshotSummary represents the summary information for a snapshot predicate

type TestReport 

type TestReport struct {
	Timestamp string `json:"timestamp"`
	Namespace string `json:"namespace"`
	Successes int    `json:"successes"`
	Failures  int    `json:"failures"`
	Warnings  int    `json:"warnings"`
	Result    string `json:"result"`
	Note      string `json:"note,omitempty"`
}

TestReport represents the standardized TEST_OUTPUT format. The `Namespace` attribute is required for the appstudio results API. However, it is always an empty string from the cli as a way to indicate all namespaces were used.

func AppstudioReportForError 

func AppstudioReportForError(prefix string, err error) TestReport

func (*TestReport) DeriveNote 

func (r *TestReport) DeriveNote()

It's redundant and perhaps not very useful, but let's produce some kind of a human readable note. We could perhaps make this more sophisticated in future, e.g. by including an abbreviated list of failure or warning messages.

func (*TestReport) DeriveResult 

func (r *TestReport) DeriveResult(hasFailures bool)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.