Documentation
¶
Overview ¶
Package rhcc implements an ecosystem for the Red Hat Container Catalog.
This ecosystem treats an entire container as a package and matches advisories against it.
Index ¶
Constants ¶
const DefaultName2ReposMappingURL = "https://security.access.redhat.com/data/metrics/container-name-repos-map.json"
DefaultName2ReposMappingURL is the default URL with a mapping file provided by Red Hat.
const (
// PURLType is the type of package URL for Red Hat Container Catalog packages.
PURLType = "oci"
)
const RepositoryKey = "rhcc-container-repository"
RepositoryKey should be used for every indexed repository coming from this package. It is used when persisting Red Hat VEX data pertaining to container images and referenced in the RHCC matching logic.
Variables ¶
var ( // GoldRepo is the claircore.Repository that RHCC index record are associated with when // the image has been build via the legacy Red Hat build system. With newer images, reliable // repository CPEs are available and can be used in lieu of the GoldRepo. GoldRepo = claircore.Repository{ Name: "Red Hat Container Catalog", URI: `https://catalog.redhat.com/software/containers/explore`, Key: RepositoryKey, } )
var Matcher driver.Matcher = &matcher{}
Matcher is an instance of the rhcc matcher. It's exported so it can be used in the "defaults" package.
This instance is safe for concurrent use.
Functions ¶
func GenerateOCIPURL ¶ added in v1.5.49
func GenerateOCIPURL(ctx context.Context, ir *claircore.IndexRecord) (packageurl.PackageURL, error)
GenerateOCIPURL generates an OCI PURL for a given claircore.IndexRecord. Example: pkg:oci/ubi@sha256:dbc1e98d14a022542e45b5f22e0206d3f86b5bdf237b58ee7170c9ddd1b3a283?repository_url=registry.access.redhat.com/ubi9/ubi
func NewEcosystem ¶
NewEcosystem returns an rhcc ecosystem.
func ParseOCIPURL ¶ added in v1.5.49
func ParseOCIPURL(ctx context.Context, purl packageurl.PackageURL) ([]*claircore.IndexRecord, error)
ParseOCIPURL parses an OCI PURL into a list of [claircore.IndexRecord]s. The matcher needs the NormalizedVersion to be set.
Types ¶
type ScannerConfig ¶
type ScannerConfig struct {
// Name2ReposMappingURL is a URL where a mapping file can be fetched.
//
// See also [DefaultName2ReposMappingURL]
Name2ReposMappingURL string `json:"name2repos_mapping_url" yaml:"name2repos_mapping_url"`
// Name2ReposMappingFile is a path to a local mapping file.
Name2ReposMappingFile string `json:"name2repos_mapping_file" yaml:"name2repos_mapping_file"`
// Timeout is a timeout for all network calls made to update the mapping
// file.
//
// The default is 10 seconds.
Timeout time.Duration `json:"timeout" yaml:"timeout"`
}
ScannerConfig is the configuration for the package scanner.
The interaction between the "URL" and "File" members is the same as described in the github.com/quay/claircore/rhel.RepositoryScannerConfig documentation.
By convention, it's in a "rhel_containerscanner" key.
Source Files