vulnerability

package
v0.0.0-...-d9ab892 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 1, 2026 License: MIT Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TeamOrderFieldRiskScore                 team.TeamOrderField = "RISK_SCORE"
	TeamOrderFieldCriticalVulnerabilities   team.TeamOrderField = "CRITICAL_VULNERABILITIES"
	TeamOrderFieldHighVulnerabilities       team.TeamOrderField = "HIGH_VULNERABILITIES"
	TeamOrderFieldMediumVulnerabilities     team.TeamOrderField = "MEDIUM_VULNERABILITIES"
	TeamOrderFieldLowVulnerabilities        team.TeamOrderField = "LOW_VULNERABILITIES"
	TeamOrderFieldUnassignedVulnerabilities team.TeamOrderField = "UNASSIGNED_VULNERABILITIES"
	TeamOrderFieldSbomCoverage              team.TeamOrderField = "SBOM_COVERAGE"
)
View Source
const (
	VulnerabilitiesAPIAudience = "v13s"
	FakeVulnerabilitiesAPIURL  = "fake"
)

Variables

View Source
var SortFilterWorkloadSummaries = map[VulnerabilitySummaryOrderByField]vulnerabilities.OrderByField{
	"NAME":                              vulnerabilities.OrderByWorkload,
	"ENVIRONMENT":                       vulnerabilities.OrderByCluster,
	"VULNERABILITY_RISK_SCORE":          vulnerabilities.OrderByRiskScore,
	"VULNERABILITY_SEVERITY_CRITICAL":   vulnerabilities.OrderByCritical,
	"VULNERABILITY_SEVERITY_HIGH":       vulnerabilities.OrderByHigh,
	"VULNERABILITY_SEVERITY_MEDIUM":     vulnerabilities.OrderByMedium,
	"VULNERABILITY_SEVERITY_LOW":        vulnerabilities.OrderByLow,
	"VULNERABILITY_SEVERITY_UNASSIGNED": vulnerabilities.OrderByUnassigned,
}

Functions

func GetImageHasSBOM

func GetImageHasSBOM(ctx context.Context, imageRef string) (bool, error)

func GetSbomProcessingStartedAt

func GetSbomProcessingStartedAt(ctx context.Context, ref string) (*time.Time, error)

func NewLoaderContext

func NewLoaderContext(ctx context.Context, vulnMgr *Manager, logger logrus.FieldLogger) context.Context

Types

type CVE

type CVE struct {
	Identifier    string                     `json:"identifier"`
	Severity      ImageVulnerabilitySeverity `json:"severity"`
	Title         string                     `json:"title"`
	Description   string                     `json:"description"`
	SeveritySince *time.Time                 `json:"severitySince,omitempty"`
	DetailsLink   string                     `json:"detailsLink"`
	CVSSScore     *float64                   `json:"cvssScore,omitempty"`

	// AffectedWorkloads is used to short circuit counting affected workloads in resolvers,
	// if the only field requested of the workloads field is the total count.
	AffectedWorkloads *int `json:"-"`
}

func GetCVE

func GetCVE(ctx context.Context, cve string) (*CVE, error)

func (*CVE) ID

func (c *CVE) ID() ident.Ident

func (CVE) IsNode

func (CVE) IsNode()

type CVEConnection

type CVEConnection = pagination.Connection[*CVE]

func ListCVEs

func ListCVEs(ctx context.Context, page *pagination.Pagination, orderBy *CVEOrder) (*CVEConnection, error)

type CVEEdge

type CVEEdge = pagination.Edge[*CVE]

type CVEOrder

type CVEOrder struct {
	Field     CVEOrderField        `json:"field"`
	Direction model.OrderDirection `json:"direction"`
}

type CVEOrderField

type CVEOrderField string
const (
	CVEOrderFieldIdentifier             CVEOrderField = "IDENTIFIER"
	CVEOrderFieldSeverity               CVEOrderField = "SEVERITY"
	CVEOrderFieldCVSSScore              CVEOrderField = "CVSS_SCORE"
	CVEOrderFieldAffectedWorkloadsCount CVEOrderField = "AFFECTED_WORKLOADS_COUNT"
)

func (CVEOrderField) IsValid

func (e CVEOrderField) IsValid() bool

func (CVEOrderField) MarshalGQL

func (e CVEOrderField) MarshalGQL(w io.Writer)

func (CVEOrderField) MarshalJSON

func (e CVEOrderField) MarshalJSON() ([]byte, error)

func (CVEOrderField) String

func (e CVEOrderField) String() string

func (*CVEOrderField) UnmarshalGQL

func (e *CVEOrderField) UnmarshalGQL(v any) error

func (*CVEOrderField) UnmarshalJSON

func (e *CVEOrderField) UnmarshalJSON(b []byte) error

type CVEWorkloadsFilter

type CVEWorkloadsFilter struct {
	TeamSlugs []slug.Slug `json:"teamSlugs"`
}

type ContainerImageSBOM

type ContainerImageSBOM struct {
	ImageReference string
}

func (*ContainerImageSBOM) ID

func (c *ContainerImageSBOM) ID() ident.Ident

func (*ContainerImageSBOM) IsNode

func (c *ContainerImageSBOM) IsNode()

type ContainerImageWorkloadReference

type ContainerImageWorkloadReference struct {
	Reference       *workload.Reference `json:"-"`
	TeamSlug        slug.Slug           `json:"-"`
	EnvironmentName string              `json:"-"`
}

type ContainerImageWorkloadReferenceEdge

type ContainerImageWorkloadReferenceEdge = pagination.Edge[*ContainerImageWorkloadReference]

type ImageVulnerability

type ImageVulnerability struct {
	Identifier               string                         `json:"identifier"`
	Severity                 ImageVulnerabilitySeverity     `json:"severity"`
	CvssScore                *float64                       `json:"cvssScore"`
	Description              string                         `json:"description"`
	Package                  string                         `json:"package"`
	SeveritySince            *time.Time                     `json:"severitySince"`
	Suppression              *ImageVulnerabilitySuppression `json:"suppression"`
	VulnerabilityDetailsLink string                         `json:"vulnerabilityDetailsLink"`
	// contains filtered or unexported fields
}

func (*ImageVulnerability) ID

func (i *ImageVulnerability) ID() ident.Ident

func (ImageVulnerability) IsNode

func (ImageVulnerability) IsNode()

type ImageVulnerabilityEdge

type ImageVulnerabilityEdge = pagination.Edge[*ImageVulnerability]

type ImageVulnerabilityFilter

type ImageVulnerabilityFilter struct {
	Severity      ImageVulnerabilitySeverity `json:"severity,omitempty"`
	SeveritySince *time.Time                 `json:"severitySince,omitempty"`
}

type ImageVulnerabilityHistory

type ImageVulnerabilityHistory struct {
	Samples []*ImageVulnerabilitySample `json:"samples"`
}

func GetWorkloadVulnerabilityHistoryForTeam

func GetWorkloadVulnerabilityHistoryForTeam(ctx context.Context, slug slug.Slug, from time.Time) (*ImageVulnerabilityHistory, error)

func GetWorkloadVulnerabilityHistoryForTenant

func GetWorkloadVulnerabilityHistoryForTenant(ctx context.Context, from time.Time) (*ImageVulnerabilityHistory, error)

func GetWorkloadVulnerabilityHistoryForWorkload

func GetWorkloadVulnerabilityHistoryForWorkload(ctx context.Context, obj workload.Workload, from time.Time) (*ImageVulnerabilityHistory, error)

type ImageVulnerabilityOrder

type ImageVulnerabilityOrder struct {
	Field     ImageVulnerabilityOrderField `json:"field"`
	Direction model.OrderDirection         `json:"direction"`
}

type ImageVulnerabilityOrderField

type ImageVulnerabilityOrderField string

func (ImageVulnerabilityOrderField) IsValid

func (e ImageVulnerabilityOrderField) IsValid() bool

func (ImageVulnerabilityOrderField) MarshalGQL

func (e ImageVulnerabilityOrderField) MarshalGQL(w io.Writer)

func (ImageVulnerabilityOrderField) String

func (*ImageVulnerabilityOrderField) UnmarshalGQL

func (e *ImageVulnerabilityOrderField) UnmarshalGQL(v any) error

type ImageVulnerabilitySample

type ImageVulnerabilitySample struct {
	Summary *ImageVulnerabilitySummary `json:"summary"`
	Date    time.Time                  `json:"date"`
}

type ImageVulnerabilitySeverity

type ImageVulnerabilitySeverity string
const (
	ImageVulnerabilitySeverityLow        ImageVulnerabilitySeverity = "LOW"
	ImageVulnerabilitySeverityMedium     ImageVulnerabilitySeverity = "MEDIUM"
	ImageVulnerabilitySeverityHigh       ImageVulnerabilitySeverity = "HIGH"
	ImageVulnerabilitySeverityCritical   ImageVulnerabilitySeverity = "CRITICAL"
	ImageVulnerabilitySeverityUnassigned ImageVulnerabilitySeverity = "UNASSIGNED"
)

func (ImageVulnerabilitySeverity) IsValid

func (e ImageVulnerabilitySeverity) IsValid() bool

func (ImageVulnerabilitySeverity) MarshalGQL

func (e ImageVulnerabilitySeverity) MarshalGQL(w io.Writer)

func (ImageVulnerabilitySeverity) String

func (*ImageVulnerabilitySeverity) UnmarshalGQL

func (e *ImageVulnerabilitySeverity) UnmarshalGQL(v any) error

type ImageVulnerabilitySummary

type ImageVulnerabilitySummary struct {
	Total         int        `json:"total"`
	RiskScore     int        `json:"riskScore"`
	Low           int        `json:"low"`
	Medium        int        `json:"medium"`
	High          int        `json:"high"`
	Critical      int        `json:"critical"`
	Unassigned    int        `json:"unassigned"`
	LastUpdated   *time.Time `json:"lastUpdated"`
	StaleImageTag *string    `json:"staleImageTag"`
}

func GetImageVulnerabilitySummary

func GetImageVulnerabilitySummary(ctx context.Context, ref string) (*ImageVulnerabilitySummary, error)

type ImageVulnerabilitySuppression

type ImageVulnerabilitySuppression struct {
	State  ImageVulnerabilitySuppressionState `json:"state"`
	Reason string                             `json:"reason"`
}

type ImageVulnerabilitySuppressionState

type ImageVulnerabilitySuppressionState string
const (
	ImageVulnerabilitySuppressionStateInTriage      ImageVulnerabilitySuppressionState = "IN_TRIAGE"
	ImageVulnerabilitySuppressionStateResolved      ImageVulnerabilitySuppressionState = "RESOLVED"
	ImageVulnerabilitySuppressionStateFalsePositive ImageVulnerabilitySuppressionState = "FALSE_POSITIVE"
	ImageVulnerabilitySuppressionStateNotAffected   ImageVulnerabilitySuppressionState = "NOT_AFFECTED"
)

func (ImageVulnerabilitySuppressionState) IsValid

func (ImageVulnerabilitySuppressionState) MarshalGQL

func (ImageVulnerabilitySuppressionState) String

func (*ImageVulnerabilitySuppressionState) UnmarshalGQL

func (e *ImageVulnerabilitySuppressionState) UnmarshalGQL(v any) error

type Manager

type Manager struct {
	Client vulnerabilities.Client
	// contains filtered or unexported fields
}

func NewFakeManager

func NewFakeManager(_ context.Context, log *logrus.Entry) (*Manager, error)

func NewManager

func NewManager(ctx context.Context, url, serviceAccount string, log *logrus.Entry) (*Manager, error)

func (*Manager) Close

func (m *Manager) Close() error

type SBOMStatus

type SBOMStatus int32
const (
	SBOMStatusUnspecified SBOMStatus = 0
	SBOMStatusProcessing  SBOMStatus = 2
	SBOMStatusReady       SBOMStatus = 3
	SBOMStatusNoSbom      SBOMStatus = 4
	SBOMStatusFailed      SBOMStatus = 5
)

func GetSbomStatus

func GetSbomStatus(ctx context.Context, ref string) (SBOMStatus, error)

func (SBOMStatus) MarshalGQL

func (s SBOMStatus) MarshalGQL(w io.Writer)

func (SBOMStatus) String

func (s SBOMStatus) String() string

func (*SBOMStatus) UnmarshalGQL

func (s *SBOMStatus) UnmarshalGQL(v any) error

type TeamVulnerabilityRiskScoreTrend

type TeamVulnerabilityRiskScoreTrend string
const (
	TeamVulnerabilityRiskScoreTrendUp   TeamVulnerabilityRiskScoreTrend = "UP"
	TeamVulnerabilityRiskScoreTrendDown TeamVulnerabilityRiskScoreTrend = "DOWN"
	TeamVulnerabilityRiskScoreTrendFlat TeamVulnerabilityRiskScoreTrend = "FLAT"
)

func GetTeamRiskScoreTrend

func GetTeamRiskScoreTrend(ctx context.Context, teamSlug slug.Slug) (TeamVulnerabilityRiskScoreTrend, error)

func (TeamVulnerabilityRiskScoreTrend) IsValid

func (TeamVulnerabilityRiskScoreTrend) MarshalGQL

func (e TeamVulnerabilityRiskScoreTrend) MarshalGQL(w io.Writer)

func (TeamVulnerabilityRiskScoreTrend) String

func (*TeamVulnerabilityRiskScoreTrend) UnmarshalGQL

func (e *TeamVulnerabilityRiskScoreTrend) UnmarshalGQL(v any) error

type TeamVulnerabilitySummary

type TeamVulnerabilitySummary struct {
	RiskScore   int        `json:"riskScore"`
	Critical    int        `json:"critical"`
	High        int        `json:"high"`
	Medium      int        `json:"medium"`
	Low         int        `json:"low"`
	Unassigned  int        `json:"unassigned"`
	SBOMCount   int        `json:"sbomCount"`
	Coverage    float64    `json:"coverage"`
	LastUpdated *time.Time `json:"lastUpdated"`

	TeamSlug slug.Slug `json:"-"`
}

type TeamVulnerabilitySummaryFilter

type TeamVulnerabilitySummaryFilter struct {
	EnvironmentName *string `json:"environmentName,omitempty"`
}

type TenantVulnerabilitySummary

type TenantVulnerabilitySummary struct {
	RiskScore   int        `json:"riskScore"`
	Critical    int        `json:"critical"`
	High        int        `json:"high"`
	Medium      int        `json:"medium"`
	Low         int        `json:"low"`
	Unassigned  int        `json:"unassigned"`
	SbomCount   int        `json:"sbomCount"`
	Coverage    float64    `json:"coverage"`
	LastUpdated *time.Time `json:"lastUpdated"`
}

func GetTenantVulnerabilitySummary

func GetTenantVulnerabilitySummary(ctx context.Context) (*TenantVulnerabilitySummary, error)

type UpdateImageVulnerabilityInput

type UpdateImageVulnerabilityInput struct {
	VulnerabilityID ident.Ident                         `json:"vulnerabilityID"`
	Reason          string                              `json:"reason"`
	Suppress        bool                                `json:"suppress"`
	State           *ImageVulnerabilitySuppressionState `json:"state"`
}

type UpdateImageVulnerabilityPayload

type UpdateImageVulnerabilityPayload struct {
	Vulnerability *ImageVulnerability `json:"vulnerability"`
}

type VulnerabilityActivityLogEntryData

type VulnerabilityActivityLogEntryData struct {
	Identifier          string                         `json:"identifier"`
	Severity            ImageVulnerabilitySeverity     `json:"severity"`
	Package             string                         `json:"package"`
	PreviousSuppression *ImageVulnerabilitySuppression `json:"previousSuppression,omitempty"`
	NewSuppression      *ImageVulnerabilitySuppression `json:"newSuppression,omitempty"`
}

type VulnerabilityFixHistory

type VulnerabilityFixHistory struct {
	Samples []*VulnerabilityFixSample `json:"samples"`
}

func GetVulnerabilityMeanTimeToFixHistory

func GetVulnerabilityMeanTimeToFixHistory(ctx context.Context, from time.Time) (*VulnerabilityFixHistory, error)

func GetVulnerabilityMeanTimeToFixHistoryForTeam

func GetVulnerabilityMeanTimeToFixHistoryForTeam(ctx context.Context, slug slug.Slug, from time.Time) (*VulnerabilityFixHistory, error)

func GetVulnerabilityMeanTimeToFixHistoryForWorkload

func GetVulnerabilityMeanTimeToFixHistoryForWorkload(ctx context.Context, obj workload.Workload, from time.Time) (*VulnerabilityFixHistory, error)

type VulnerabilityFixSample

type VulnerabilityFixSample struct {
	Severity       ImageVulnerabilitySeverity `json:"severity"`
	Date           time.Time                  `json:"date"`
	Days           int                        `json:"days"`
	FixedCount     int                        `json:"fixedCount"`
	FirstFixedAt   *time.Time                 `json:"firstFixedAt,omitempty"`
	LastFixedAt    *time.Time                 `json:"lastFixedAt,omitempty"`
	TotalWorkloads int                        `json:"totalWorkloads"`
}

type VulnerabilitySummaryOrder

type VulnerabilitySummaryOrder struct {
	Field     VulnerabilitySummaryOrderByField `json:"field"`
	Direction model.OrderDirection             `json:"direction"`
}

type VulnerabilitySummaryOrderByField

type VulnerabilitySummaryOrderByField string
const (
	VulnerabilitySummaryOrderByFieldName                            VulnerabilitySummaryOrderByField = "NAME"
	VulnerabilitySummaryOrderByFieldEnvironment                     VulnerabilitySummaryOrderByField = "ENVIRONMENT"
	VulnerabilitySummaryOrderByFieldVulnerabilityRiskScore          VulnerabilitySummaryOrderByField = "VULNERABILITY_RISK_SCORE"
	VulnerabilitySummaryOrderByFieldVulnerabilitySeverityCritical   VulnerabilitySummaryOrderByField = "VULNERABILITY_SEVERITY_CRITICAL"
	VulnerabilitySummaryOrderByFieldVulnerabilitySeverityHigh       VulnerabilitySummaryOrderByField = "VULNERABILITY_SEVERITY_HIGH"
	VulnerabilitySummaryOrderByFieldVulnerabilitySeverityMedium     VulnerabilitySummaryOrderByField = "VULNERABILITY_SEVERITY_MEDIUM"
	VulnerabilitySummaryOrderByFieldVulnerabilitySeverityLow        VulnerabilitySummaryOrderByField = "VULNERABILITY_SEVERITY_LOW"
	VulnerabilitySummaryOrderByFieldVulnerabilitySeverityUnassigned VulnerabilitySummaryOrderByField = "VULNERABILITY_SEVERITY_UNASSIGNED"
	VulnerabilitySummaryOrderByFieldVulnerabilityLastScanned        VulnerabilitySummaryOrderByField = "VULNERABILITY_LAST_SCANNED"
)

func (VulnerabilitySummaryOrderByField) IsValid

func (VulnerabilitySummaryOrderByField) MarshalGQL

func (e VulnerabilitySummaryOrderByField) MarshalGQL(w io.Writer)

func (VulnerabilitySummaryOrderByField) String

func (*VulnerabilitySummaryOrderByField) UnmarshalGQL

func (e *VulnerabilitySummaryOrderByField) UnmarshalGQL(v any) error

type VulnerabilityUpdatedActivityLogEntry

type VulnerabilityUpdatedActivityLogEntry struct {
	activitylog.GenericActivityLogEntry
	Data *VulnerabilityActivityLogEntryData `json:"data"`
}

type WorkloadReference

type WorkloadReference struct {
	Environment  string `json:"environment"`
	Team         string `json:"team"`
	WorkloadType string `json:"workloadType"`
	Name         string `json:"name"`
}

func ListWorkloadsForVulnerabilityByID

func ListWorkloadsForVulnerabilityByID(ctx context.Context, id string) ([]*WorkloadReference, error)

type WorkloadVulnerabilitySummary

type WorkloadVulnerabilitySummary struct {
	HasSbom           bool                       `json:"hasSBOM"`
	Summary           *ImageVulnerabilitySummary `json:"summary"`
	TeamSlug          slug.Slug                  `json:"-"`
	EnvironmentName   string                     `json:"-"`
	WorkloadReference *workload.Reference        `json:"-"`
}

func (*WorkloadVulnerabilitySummary) ID

func (WorkloadVulnerabilitySummary) IsNode

func (w WorkloadVulnerabilitySummary) IsNode()

type WorkloadVulnerabilitySummaryEdge

type WorkloadVulnerabilitySummaryEdge = pagination.Edge[*WorkloadVulnerabilitySummary]

type WorkloadWithVulnerability

type WorkloadWithVulnerability struct {
	Vulnerability *ImageVulnerability `json:"vulnerability"`
	Workload      workload.Workload   `json:"workload"`
}

func (*WorkloadWithVulnerability) ID

func (WorkloadWithVulnerability) IsNode

func (WorkloadWithVulnerability) IsNode()

type WorkloadWithVulnerabilityEdge

type WorkloadWithVulnerabilityEdge = pagination.Edge[*WorkloadWithVulnerability]

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL