Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

validation

package

Go to main page

Versions in this module

v0

v0.1.0

Aug 5, 2025

Changes in this version

+ func CalculateRiskScore(scanResult *ScanResult) float64

+ func DefaultSecurityPolicies() map[string]Policy

+ func GenerateImageHash(image string) string

+ func HasCriticalVulnerabilities(scanResult *ScanResult) bool

+ func IsAllowedRegistry(registry string, allowedList []string) bool

+ func SanitizeImageReference(image string) string

+ func ValidateImageAge(createdAt time.Time, maxAge time.Duration) error

+ func ValidateImageForEnvironment(ctx context.Context, image, environment string) error

+ type ClairScanner struct

+ func NewClairScanner(endpoint, apiKey string) *ClairScanner

+ func (c *ClairScanner) Scan(ctx context.Context, image string) (*ScanResult, error)

+ type ComplianceCheck struct

+ Description string

+ Details string

+ ID string

+ Name string

+ Severity Severity

+ Status string

+ type CompositeVerifier struct

+ func NewCompositeVerifier(verifiers ...SignatureVerifier) *CompositeVerifier

+ func (c *CompositeVerifier) VerifySignature(ctx context.Context, image string, trustAnchors []string) error

+ type CosignVerifier struct

+ func NewCosignVerifier(binaryPath string) *CosignVerifier

+ func (c *CosignVerifier) VerifySignature(ctx context.Context, image string, trustAnchors []string) error

+ type DefaultImageValidator struct

+ func CreateValidatorWithDefaults() (*DefaultImageValidator, error)

+ func NewDefaultImageValidator(config *ValidationConfig) *DefaultImageValidator

+ func (v *DefaultImageValidator) CheckPolicy(ctx context.Context, image string, policy Policy) error

+ func (v *DefaultImageValidator) ClearCache()

+ func (v *DefaultImageValidator) ScanImage(ctx context.Context, image string) (*ScanResult, error)

+ func (v *DefaultImageValidator) SetSignatureVerifier(verifier SignatureVerifier)

+ func (v *DefaultImageValidator) SetVulnerabilityScanner(scanner VulnerabilityScanner)

+ func (v *DefaultImageValidator) ValidateImage(ctx context.Context, image string) error

+ type GrypeScanner struct

+ func NewGrypeScanner(binaryPath string) *GrypeScanner

+ func (g *GrypeScanner) Scan(ctx context.Context, image string) (*ScanResult, error)

+ type ImageInfo struct

+ Digest string

+ FullReference string

+ HasDigest bool

+ HasTag bool

+ IsOfficial bool

+ Namespace string

+ Registry string

+ Repository string

+ Tag string

+ func ParseImageReference(image string) (*ImageInfo, error)

+ type ImageValidator interface

+ CheckPolicy func(ctx context.Context, image string, policy Policy) error

+ ScanImage func(ctx context.Context, image string) (*ScanResult, error)

+ ValidateImage func(ctx context.Context, image string) error

+ type Layer struct

+ CreatedBy string

+ Digest string

+ MediaType string

+ Size int64

+ type NotaryVerifier struct

+ func NewNotaryVerifier(serverURL string) *NotaryVerifier

+ func (n *NotaryVerifier) VerifySignature(ctx context.Context, image string, trustAnchors []string) error

+ type OrchestratorIntegration struct

+ func NewOrchestratorIntegration(validator ImageValidator, logger *log.Logger) *OrchestratorIntegration

+ func (o *OrchestratorIntegration) AddPolicy(name string, policy Policy)

+ func (o *OrchestratorIntegration) GetPolicy(name string) (Policy, bool)

+ func (o *OrchestratorIntegration) RemovePolicy(name string)

+ func (o *OrchestratorIntegration) ScanAndValidateImage(ctx context.Context, image string) (*SecurityReport, error)

+ func (o *OrchestratorIntegration) ValidateAgentImage(ctx context.Context, agent *types.Agent) error

+ func (o *OrchestratorIntegration) ValidateWorkflowImages(ctx context.Context, workflow *types.Workflow) error

+ type Policy struct

+ AllowLatestTag bool

+ AllowedRegistries []string

+ BlockedRegistries []string

+ Description string

+ Enabled bool

+ EnforcementMode string

+ Exceptions []string

+ MaxCriticalCVEs int

+ MaxHighCVEs int

+ MaxImageAge time.Duration

+ MaxLowCVEs int

+ MaxMediumCVEs int

+ Name string

+ RequireDigest bool

+ RequireSignature bool

+ RequiredLabels map[string]string

+ TagPatternBlacklist []string

+ TagPatternWhitelist []string

+ type ScanResult struct

+ Architecture string

+ ComplianceChecks []ComplianceCheck

+ ComplianceStatus string

+ CreatedAt time.Time

+ CriticalCount int

+ HighCount int

+ ImageDigest string

+ ImageID string

+ ImageReference string

+ Layers []Layer

+ LowCount int

+ MediumCount int

+ Metadata map[string]interface{}

+ OS string

+ ScanTimestamp time.Time

+ Scanner string

+ ScannerVersion string

+ Size int64

+ TotalCount int

+ UnknownCount int

+ Vulnerabilities []Vulnerability

+ type SecurityReport struct

+ Image string

+ PolicyViolations []string

+ Recommendation string

+ RiskScore float64

+ ScanErrors []string

+ ScanResult *ScanResult

+ Status string

+ Timestamp time.Time

+ ValidationErrors []string

+ type Severity string

+ const SeverityCritical

+ const SeverityHigh

+ const SeverityLow

+ const SeverityMedium

+ const SeverityUnknown

+ type SignatureVerifier interface

+ VerifySignature func(ctx context.Context, image string, trustAnchors []string) error

+ type TrivyMetadata struct

+ DiffIDs []string

+ ImageConfig interface{}

+ ImageID string

+ OS TrivyOS

+ RepoDigests []string

+ RepoTags []string

+ type TrivyOS struct

+ Family string

+ Name string

+ Version string

+ type TrivyOutput struct

+ ArtifactName string

+ ArtifactType string

+ Metadata TrivyMetadata

+ Results []TrivyResult

+ SchemaVersion int

+ type TrivyResult struct

+ Class string

+ Target string

+ Type string

+ Vulnerabilities []TrivyVulnerability

+ type TrivyScanner struct

+ func NewTrivyScanner(binaryPath string) *TrivyScanner

+ func (t *TrivyScanner) Scan(ctx context.Context, image string) (*ScanResult, error)

+ type TrivyVulnerability struct

+ CVSS map[string]interface{}

+ Description string

+ FixedVersion string

+ InstalledVersion string

+ LastModifiedDate *time.Time

+ PkgName string

+ PublishedDate *time.Time

+ References []string

+ Severity string

+ Title string

+ VulnerabilityID string

+ type ValidationConfig struct

+ AllowLatestTag bool

+ AllowedRegistries []string

+ AllowedTagPatterns []string

+ AuditLog bool

+ BlockedRegistries []string

+ BlockedTagPatterns []string

+ ConcurrentScans int

+ EnableScanning bool

+ LogLevel string

+ MaxCriticalCVEs int

+ MaxHighCVEs int

+ MaxImageAge time.Duration

+ MaxLowCVEs int

+ MaxMediumCVEs int

+ RequireDigest bool

+ RequireHTTPS bool

+ RequireRecentBuild bool

+ RequireSignature bool

+ ScanCacheDuration time.Duration

+ ScanTimeout time.Duration

+ SignatureType string

+ TrustAnchors []string

+ func DefaultValidationConfig() *ValidationConfig

+ type Vulnerability struct

+ CVSS float64

+ CVSSVector string

+ CWE []string

+ Description string

+ ExploitAvailable bool

+ ExploitMaturity string

+ Exploitable bool

+ FixedVersion string

+ ID string

+ LastModified time.Time

+ Package string

+ PublishedDate time.Time

+ References []string

+ Severity Severity

+ Title string

+ Version string

+ func GetVulnerabilitiesBySeverity(scanResult *ScanResult, severity Severity) []Vulnerability

+ type VulnerabilityScanner interface

+ Scan func(ctx context.Context, image string) (*ScanResult, error)