imageScanning

package

v1.1.0 Latest Latest Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 29 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/devtron-labs/devtron

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type ImageScanDeployInfoService
type ImageScanDeployInfoServiceImpl
- func NewImageScanDeployInfoService(logger *zap.SugaredLogger, ...) *ImageScanDeployInfoServiceImpl
- func (impl *ImageScanDeployInfoServiceImpl) Save(model *repository.ImageScanDeployInfo) error
- func (impl *ImageScanDeployInfoServiceImpl) Update(model *repository.ImageScanDeployInfo) error
type ImageScanService
type ImageScanServiceImpl
- func NewImageScanServiceImpl(Logger *zap.SugaredLogger, ...) *ImageScanServiceImpl
- func (impl *ImageScanServiceImpl) CalculateSeverityCountInfo(vulnerabilities []*bean3.Vulnerabilities) *bean3.SeverityCount
- func (impl ImageScanServiceImpl) FetchAllDeployInfo(request *bean3.ImageScanRequest) ([]*repository3.ImageScanDeployInfo, error)
- func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
- func (impl *ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
- func (impl ImageScanServiceImpl) FetchScanExecutionListing(request *bean3.ImageScanRequest, deployInfoIds []int) (*bean3.ImageScanHistoryListingResponse, error)
- func (impl *ImageScanServiceImpl) GetArtifactVulnerabilityStatus(ctx context.Context, request *bean2.VulnerabilityCheckRequest) (bool, error)
- func (impl ImageScanServiceImpl) IsImageScanExecutionCompleted(image, imageDigest string) (bool, error)
- func (impl *ImageScanServiceImpl) VulnerabilityExposure(request *repository3.VulnerabilityRequest) (*repository3.VulnerabilityExposureListingResponse, error)
type PolicyService
type PolicyServiceImpl
- func NewPolicyServiceImpl(environmentService environment.EnvironmentService, logger *zap.SugaredLogger, ...) *PolicyServiceImpl
- func (impl *PolicyServiceImpl) DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
- func (impl *PolicyServiceImpl) GetApplicablePolicy(clusterId, envId, appId int, isAppstore bool) (map[string]*repository3.CvePolicy, ...)
- func (impl *PolicyServiceImpl) GetBlockedCVEList(cves []*repository3.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*repository3.CveStore, error)
- func (impl *PolicyServiceImpl) GetCvePolicy(id int, userId int32) (*repository3.CvePolicy, error)
- func (impl *PolicyServiceImpl) GetPolicies(policyLevel securityBean.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)
- func (impl *PolicyServiceImpl) HasBlockedCVE(cves []*repository3.CveStore, cvePolicy map[string]*repository3.CvePolicy, ...) bool
- func (impl *PolicyServiceImpl) SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
- func (impl *PolicyServiceImpl) SendEventToClairUtility(event *ScanEvent) error
- func (impl *PolicyServiceImpl) UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
- func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)
type ScanEvent
type ScanToolMetadataService
type ScanToolMetadataServiceImpl
- func NewScanToolMetadataServiceImpl(logger *zap.SugaredLogger, ...) *ScanToolMetadataServiceImpl
- func (impl *ScanToolMetadataServiceImpl) MarkOtherToolsInActive(toolName string, tx *pg.Tx, version string) error
- func (impl *ScanToolMetadataServiceImpl) MarkToolAsActive(toolName, version string, tx *pg.Tx) error
type VerifyImageRequest
type VerifyImageResponse

Constants ¶

This section is empty.

Variables ¶

View Source

var ImageScanningWireSet = wire.NewSet(
	NewPolicyServiceImpl,
	wire.Bind(new(PolicyService), new(*PolicyServiceImpl)),

	NewImageScanServiceImpl,
	wire.Bind(new(ImageScanService), new(*ImageScanServiceImpl)),

	read.NewImageScanHistoryReadService,
	wire.Bind(new(read.ImageScanHistoryReadService), new(*read.ImageScanHistoryReadServiceImpl)),

	read.NewImageScanDeployInfoReadService,
	wire.Bind(new(read.ImageScanDeployInfoReadService), new(*read.ImageScanDeployInfoReadServiceImpl)),

	NewImageScanDeployInfoService,
	wire.Bind(new(ImageScanDeployInfoService), new(*ImageScanDeployInfoServiceImpl)),

	read.NewImageScanResultReadServiceImpl,
	wire.Bind(new(read.ImageScanResultReadService), new(*read.ImageScanResultReadServiceImpl)),

	NewScanToolMetadataServiceImpl,
	wire.Bind(new(ScanToolMetadataService), new(*ScanToolMetadataServiceImpl)),

	repository.NewImageScanHistoryRepositoryImpl,
	wire.Bind(new(repository.ImageScanHistoryRepository), new(*repository.ImageScanHistoryRepositoryImpl)),
	repository.NewImageScanResultRepositoryImpl,
	wire.Bind(new(repository.ImageScanResultRepository), new(*repository.ImageScanResultRepositoryImpl)),
	repository.NewImageScanObjectMetaRepositoryImpl,
	wire.Bind(new(repository.ImageScanObjectMetaRepository), new(*repository.ImageScanObjectMetaRepositoryImpl)),
	repository.NewCveStoreRepositoryImpl,
	wire.Bind(new(repository.CveStoreRepository), new(*repository.CveStoreRepositoryImpl)),
	repository.NewImageScanDeployInfoRepositoryImpl,
	wire.Bind(new(repository.ImageScanDeployInfoRepository), new(*repository.ImageScanDeployInfoRepositoryImpl)),
	repository.NewScanToolMetadataRepositoryImpl,
	wire.Bind(new(repository.ScanToolMetadataRepository), new(*repository.ScanToolMetadataRepositoryImpl)),

	repository.NewPolicyRepositoryImpl,
	wire.Bind(new(repository.CvePolicyRepository), new(*repository.CvePolicyRepositoryImpl)),
	repository.NewScanToolExecutionHistoryMappingRepositoryImpl,
	wire.Bind(new(repository.ScanToolExecutionHistoryMappingRepository), new(*repository.ScanToolExecutionHistoryMappingRepositoryImpl)),
)

Functions ¶

This section is empty.

Types ¶

type ImageScanDeployInfoService ¶

type ImageScanDeployInfoService interface {
	Save(model *repository.ImageScanDeployInfo) error
	Update(model *repository.ImageScanDeployInfo) error
}

type ImageScanDeployInfoServiceImpl ¶

type ImageScanDeployInfoServiceImpl struct {
	// contains filtered or unexported fields
}

func NewImageScanDeployInfoService ¶

func NewImageScanDeployInfoService(logger *zap.SugaredLogger,
	imageScanDeployInfoRepository repository.ImageScanDeployInfoRepository) *ImageScanDeployInfoServiceImpl

func (*ImageScanDeployInfoServiceImpl) Save ¶

func (impl *ImageScanDeployInfoServiceImpl) Save(model *repository.ImageScanDeployInfo) error

func (*ImageScanDeployInfoServiceImpl) Update ¶

func (impl *ImageScanDeployInfoServiceImpl) Update(model *repository.ImageScanDeployInfo) error

type ImageScanService ¶

type ImageScanService interface {
	FetchAllDeployInfo(request *bean3.ImageScanRequest) ([]*repository3.ImageScanDeployInfo, error)
	FetchScanExecutionListing(request *bean3.ImageScanRequest, ids []int) (*bean3.ImageScanHistoryListingResponse, error)
	FetchExecutionDetailResult(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
	FetchMinScanResultByAppIdAndEnvId(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
	VulnerabilityExposure(request *repository3.VulnerabilityRequest) (*repository3.VulnerabilityExposureListingResponse, error)
	GetArtifactVulnerabilityStatus(ctx context.Context, request *bean2.VulnerabilityCheckRequest) (bool, error)
	IsImageScanExecutionCompleted(image, imageDigest string) (bool, error)
}

type ImageScanServiceImpl ¶

type ImageScanServiceImpl struct {
	Logger *zap.SugaredLogger
	// contains filtered or unexported fields
}

func NewImageScanServiceImpl ¶

func NewImageScanServiceImpl(Logger *zap.SugaredLogger, scanHistoryRepository repository3.ImageScanHistoryRepository,
	scanResultRepository repository3.ImageScanResultRepository, scanObjectMetaRepository repository3.ImageScanObjectMetaRepository,
	cveStoreRepository repository3.CveStoreRepository, imageScanDeployInfoRepository repository3.ImageScanDeployInfoRepository,
	userService user.UserService,
	appRepository repository1.AppRepository,
	envService environment.EnvironmentService, ciArtifactRepository repository.CiArtifactRepository, policyService PolicyService,
	pipelineRepository pipelineConfig.PipelineRepository, ciPipelineRepository pipelineConfig.CiPipelineRepository, scanToolMetaDataRepository repository3.ScanToolMetadataRepository, scanToolExecutionHistoryMappingRepository repository3.ScanToolExecutionHistoryMappingRepository,
	cvePolicyRepository repository3.CvePolicyRepository) *ImageScanServiceImpl

func (*ImageScanServiceImpl) CalculateSeverityCountInfo ¶

func (impl *ImageScanServiceImpl) CalculateSeverityCountInfo(vulnerabilities []*bean3.Vulnerabilities) *bean3.SeverityCount

func (ImageScanServiceImpl) FetchAllDeployInfo ¶

func (impl ImageScanServiceImpl) FetchAllDeployInfo(request *bean3.ImageScanRequest) ([]*repository3.ImageScanDeployInfo, error)

func (ImageScanServiceImpl) FetchExecutionDetailResult ¶

func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)

func (*ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId ¶

func (impl *ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)

func (ImageScanServiceImpl) FetchScanExecutionListing ¶

func (impl ImageScanServiceImpl) FetchScanExecutionListing(request *bean3.ImageScanRequest, deployInfoIds []int) (*bean3.ImageScanHistoryListingResponse, error)

func (*ImageScanServiceImpl) GetArtifactVulnerabilityStatus ¶

func (impl *ImageScanServiceImpl) GetArtifactVulnerabilityStatus(ctx context.Context, request *bean2.VulnerabilityCheckRequest) (bool, error)

func (ImageScanServiceImpl) IsImageScanExecutionCompleted ¶

func (impl ImageScanServiceImpl) IsImageScanExecutionCompleted(image, imageDigest string) (bool, error)

func (*ImageScanServiceImpl) VulnerabilityExposure ¶

func (impl *ImageScanServiceImpl) VulnerabilityExposure(request *repository3.VulnerabilityRequest) (*repository3.VulnerabilityExposureListingResponse, error)

type PolicyService ¶

type PolicyService interface {
	SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	GetPolicies(policyLevel securityBean.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)
	GetBlockedCVEList(cves []*repository3.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*repository3.CveStore, error)
	VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)
	GetCvePolicy(id int, userId int32) (*repository3.CvePolicy, error)
	GetApplicablePolicy(clusterId, envId, appId int, isAppstore bool) (map[string]*repository3.CvePolicy, map[securityBean.Severity]*repository3.CvePolicy, error)
	HasBlockedCVE(cves []*repository3.CveStore, cvePolicy map[string]*repository3.CvePolicy, severityPolicy map[securityBean.Severity]*repository3.CvePolicy) bool
}

type PolicyServiceImpl ¶

type PolicyServiceImpl struct {
	PipelineRepository pipelineConfig.PipelineRepository
	// contains filtered or unexported fields
}

func NewPolicyServiceImpl ¶

func NewPolicyServiceImpl(environmentService environment.EnvironmentService,
	logger *zap.SugaredLogger,
	apRepository repository1.AppRepository,
	pipelineOverride chartConfig.PipelineOverrideRepository,
	cvePolicyRepository repository3.CvePolicyRepository,
	clusterService cluster.ClusterService,
	PipelineRepository pipelineConfig.PipelineRepository,
	scanResultRepository repository3.ImageScanResultRepository,
	imageScanDeployInfoRepository repository3.ImageScanDeployInfoRepository,
	imageScanObjectMetaRepository repository3.ImageScanObjectMetaRepository, client *http.Client,
	ciArtifactRepository repository.CiArtifactRepository, ciConfig *types.CiCdConfig,
	imageScanHistoryReadService read.ImageScanHistoryReadService,
	cveStoreRepository repository3.CveStoreRepository,
	ciTemplateRepository pipelineConfig.CiTemplateRepository) *PolicyServiceImpl

func (*PolicyServiceImpl) DeletePolicy ¶

func (impl *PolicyServiceImpl) DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

input : policyId output: id

func (*PolicyServiceImpl) GetApplicablePolicy ¶

func (impl *PolicyServiceImpl) GetApplicablePolicy(clusterId, envId, appId int, isAppstore bool) (map[string]*repository3.CvePolicy, map[securityBean.Severity]*repository3.CvePolicy, error)

func (*PolicyServiceImpl) GetBlockedCVEList ¶

func (impl *PolicyServiceImpl) GetBlockedCVEList(cves []*repository3.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*repository3.CveStore, error)

func (*PolicyServiceImpl) GetCvePolicy ¶

func (impl *PolicyServiceImpl) GetCvePolicy(id int, userId int32) (*repository3.CvePolicy, error)

func (*PolicyServiceImpl) GetPolicies ¶

func (impl *PolicyServiceImpl) GetPolicies(policyLevel securityBean.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)

global: na
cluster: clusterId
environment: environmentId
application : appId, envId

res:

func (*PolicyServiceImpl) HasBlockedCVE ¶

func (impl *PolicyServiceImpl) HasBlockedCVE(cves []*repository3.CveStore, cvePolicy map[string]*repository3.CvePolicy, severityPolicy map[securityBean.Severity]*repository3.CvePolicy) bool

func (*PolicyServiceImpl) SavePolicy ¶

func (impl *PolicyServiceImpl) SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

func (*PolicyServiceImpl) SendEventToClairUtility ¶

func (impl *PolicyServiceImpl) SendEventToClairUtility(event *ScanEvent) error

func (*PolicyServiceImpl) UpdatePolicy ¶

func (impl *PolicyServiceImpl) UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

1. policy id 2. action

func (*PolicyServiceImpl) VerifyImage ¶

func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)

type ScanEvent ¶

type ScanEvent struct {
	Image            string `json:"image"`
	ImageDigest      string `json:"imageDigest"`
	AppId            int    `json:"appId"`
	EnvId            int    `json:"envId"`
	PipelineId       int    `json:"pipelineId"`
	CiArtifactId     int    `json:"ciArtifactId"`
	UserId           int    `json:"userId"`
	AccessKey        string `json:"accessKey"`
	SecretKey        string `json:"secretKey"`
	Token            string `json:"token"`
	AwsRegion        string `json:"awsRegion"`
	DockerRegistryId string `json:"dockerRegistryId"`
}

type ScanToolMetadataService ¶

type ScanToolMetadataService interface {
	MarkToolAsActive(toolName, version string, tx *pg.Tx) error
	MarkOtherToolsInActive(toolName string, tx *pg.Tx, version string) error
}

type ScanToolMetadataServiceImpl ¶

type ScanToolMetadataServiceImpl struct {
	// contains filtered or unexported fields
}

func NewScanToolMetadataServiceImpl ¶

func NewScanToolMetadataServiceImpl(logger *zap.SugaredLogger,
	scanToolMetadataRepository repository.ScanToolMetadataRepository) *ScanToolMetadataServiceImpl

func (*ScanToolMetadataServiceImpl) MarkOtherToolsInActive ¶

func (impl *ScanToolMetadataServiceImpl) MarkOtherToolsInActive(toolName string, tx *pg.Tx, version string) error

func (*ScanToolMetadataServiceImpl) MarkToolAsActive ¶

func (impl *ScanToolMetadataServiceImpl) MarkToolAsActive(toolName, version string, tx *pg.Tx) error

type VerifyImageRequest ¶

type VerifyImageRequest struct {
	Images      []string
	ReleaseName string
	Namespace   string
	ClusterName string
	PodName     string
}

type VerifyImageResponse ¶

type VerifyImageResponse struct {
	Name         string
	Severity     string
	Package      string
	Version      string
	FixedVersion string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bean
read
repository
bean

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL