Documentation
¶
Index ¶
Constants ¶
View Source
const ( MinTypeNumber = AvoidRootDefault // CIS-DI AvoidRootDefault = iota UseContentTrust AddHealthcheck UseAptGetUpdateNoCache // TODO: change fanal FileMap structure RemoveSetuidSetgid UseCOPY AvoidEnvKeySecret AvoidCredentialFile // DG-DI AvoidSudo AvoidSensitiveDirectoryMounting AvoidDistUpgrade UseApkAddNoCache MinimizeAptGet AvoidLatestTag // DG-LI AvoidEmptyPassword AvoidDuplicateUser AvoidDuplicateGroup MaxTypeNumber = AvoidDuplicateGroup )
View Source
const ( PassLevel = iota + 1 IgnoreLevel SkipLevel InfoLevel WarnLevel FatalLevel )
Variables ¶
View Source
var AlertDetails = map[int]AlertDetail{ AvoidRootDefault: { DefaultLevel: WarnLevel, Title: "Create a user for the container", Code: "CIS-DI-0001", }, UseContentTrust: { DefaultLevel: InfoLevel, Title: "Enable Content trust for Docker", Code: "CIS-DI-0005", }, AddHealthcheck: { DefaultLevel: WarnLevel, Title: "Add HEALTHCHECK instruction to the container image", Code: "CIS-DI-0006", }, UseAptGetUpdateNoCache: { DefaultLevel: FatalLevel, Title: "Do not use update instructions alone in the Dockerfile", Code: "CIS-DI-0007", }, RemoveSetuidSetgid: { DefaultLevel: InfoLevel, Title: "Remove setuid and setgid permissions in the images", Code: "CIS-DI-0008", }, UseCOPY: { DefaultLevel: FatalLevel, Title: "Use COPY instead of ADD in Dockerfile", Code: "CIS-DI-0009", }, AvoidEnvKeySecret: { DefaultLevel: FatalLevel, Title: "Do not store secrets in ENVIRONMENT variables", Code: "CIS-DI-0010", }, AvoidCredentialFile: { DefaultLevel: FatalLevel, Title: "Do not store secret files", Code: "CIS-DI-0010", }, AvoidSudo: { DefaultLevel: FatalLevel, Title: "Avoid sudo command", Code: "DKL-DI-0001", }, AvoidSensitiveDirectoryMounting: { DefaultLevel: FatalLevel, Title: "Avoid sensitive directory mounting", Code: "DKL-DI-0002", }, AvoidDistUpgrade: { DefaultLevel: FatalLevel, Title: "Avoid apt-get/apk/dist-upgrade", Code: "DKL-DI-0003", }, UseApkAddNoCache: { DefaultLevel: FatalLevel, Title: "Use apk add with --no-cache", Code: "DKL-DI-0004", }, MinimizeAptGet: { DefaultLevel: FatalLevel, Title: "Clear apt-get caches", Code: "DKL-DI-0005", }, AvoidLatestTag: { DefaultLevel: WarnLevel, Title: "Avoid latest tag", Code: "DKL-DI-0006", }, AvoidEmptyPassword: { DefaultLevel: FatalLevel, Title: "Avoid empty password", Code: "DKL-LI-0001", }, AvoidDuplicateUser: { DefaultLevel: FatalLevel, Title: "Be unique UID", Code: "DKL-LI-0002", }, AvoidDuplicateGroup: { DefaultLevel: FatalLevel, Title: "Be unique GROUP", Code: "DKL-LI-0002", }, }
Functions ¶
func GetDockerOption ¶
func GetDockerOption() (types.DockerOption, error)
Types ¶
type AlertDetail ¶
type Config ¶
type Config struct {
Hostname string // Hostname
Domainname string // Domainname
User string // User that will run the command(s) inside the container, also support user:group
AttachStdin bool // Attach the standard input, makes possible user interaction
AttachStdout bool // Attach the standard output
AttachStderr bool // Attach the standard error
ExposedPorts nat.PortSet `json:",omitempty"` // List of exposed ports
Tty bool // Attach standard streams to a tty, including stdin if it is not closed.
OpenStdin bool // Open stdin
StdinOnce bool // If true, close stdin after the 1 attached client disconnects.
Env []string // List of environment variable to set in the container
Cmd []string // Command to run when starting the container
Healthcheck *HealthConfig `json:",omitempty"` // Healthcheck describes how to check the container is healthy
ArgsEscaped bool `json:",omitempty"` // True if command is already escaped (Windows specific)
Image string // Name of the image as it was passed by the operator (e.g. could be symbolic)
Volumes map[string]struct{} // List of volumes (mounts) used for the container
WorkingDir string // Current directory (PWD) in the command will be launched
Entrypoint []string // Entrypoint to run when starting the container
NetworkDisabled bool `json:",omitempty"` // Is network disabled
MacAddress string `json:",omitempty"` // Mac Address of the container
OnBuild []string // ONBUILD metadata that were defined on the image Dockerfile
Labels map[string]string // List of labels set to this container
StopSignal string `json:",omitempty"` // Signal to stop a container
StopTimeout *int `json:",omitempty"` // Timeout (in seconds) to stop a container
Shell []string `json:",omitempty"` // Shell for shell-form of RUN, CMD, ENTRYPOINT
}
type DockerConfig ¶
type DockerConfig struct {
AuthURL string `env:"DOCKLE_AUTH_URL"`
UserName string `env:"DOCKLE_USERNAME"`
Password string `env:"DOCKLE_PASSWORD"`
Timeout time.Duration `env:"DOCKLE_TIMEOUT_SEC" envDefault:"60s"`
Insecure bool `env:"DOCKLE_INSECURE" envDefault:"true"`
NonSSL bool `env:"DOCKLE_NON_SSL" envDefault:"false"`
}
type HealthConfig ¶
type HealthConfig struct {
Test []string `json:",omitempty"`
Interval time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
Timeout time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
StartPeriod time.Duration `json:",omitempty"` // The start period for the container to initialize before the retries starts to count down.
Retries int `json:",omitempty"`
}
HealthConfig holds configuration settings for the HEALTHCHECK feature.
type History ¶
type History struct {
Created time.Time `json:"created"`
Author string `json:"author,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
Comment string `json:"comment,omitempty"`
EmptyLayer bool `json:"empty_layer,omitempty"`
}
History stores build commands that were used to create an image
type Image ¶
type Image struct {
V1Image
History []History `json:"history,omitempty"`
OSVersion string `json:"os.version,omitempty"`
OSFeatures []string `json:"os.features,omitempty"`
}
Image stores the image configuration
type V1Image ¶
type V1Image struct {
ID string `json:"id,omitempty"`
Parent string `json:"parent,omitempty"`
Comment string `json:"comment,omitempty"`
Created time.Time `json:"created"`
Container string `json:"container,omitempty"`
ContainerConfig Config `json:"container_config,omitempty"`
DockerVersion string `json:"docker_version,omitempty"`
Author string `json:"author,omitempty"`
Config Config `json:"config,omitempty"`
Architecture string `json:"architecture,omitempty"`
OS string `json:"os,omitempty"`
Size int64 `json:",omitempty"`
}
V1Image stores the V1 image configuration.
Source Files
Click to show internal directories.
Click to hide internal directories.