scan

package

v1.6.3 Latest Latest Go to latest Published: Aug 30, 2022 License: Apache-2.0 Imports: 42 Imported by: 1

Documentation ¶

Overview ¶

Package scan manages the scan process to image scanning service

Index ¶

func GenerateLayers(manifestDigest string, tarPath string, configBytes []byte) ([]layers.Layer, error)
type Bom
- func GenerateSBOMFromInput(input, originalInput, forceFullTag string) (*Bom, error)
type Handler
- func NewScanHandler(saasTmpl, orgKey, apiID, apiKey string, bom *Bom, layers []layers.Layer) *Handler
type Option
type RegistryHandler
- func NewRegistryHandler() RegistryHandler
- func (h *RegistryHandler) GenerateLayers(input string, opts Option) ([]layers.Layer, error)
- func (h *RegistryHandler) GenerateSBOM(input string, opts Option) (*Bom, error)
type Status

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateLayers ¶ added in v1.6.3

func GenerateLayers(manifestDigest string, tarPath string, configBytes []byte) ([]layers.Layer, error)

Types ¶

type Bom ¶

type Bom struct {
	// FullTag is the full tag of the bom
	FullTag string
	// ManifestDigest is the sha256 of this image manifest json
	ManifestDigest string
	// Packages enumerates the packages in the bill of materials
	Packages bom.JSONDocument
}

Bom contains the full bill of materials for an image, along with some additional helpful metadata.

func GenerateSBOMFromInput ¶ added in v1.6.3

func GenerateSBOMFromInput(input, originalInput, forceFullTag string) (*Bom, error)

GenerateSBOMFromInput create bom struct after coping.

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler has all the fields for sending request to scanning service.

func NewScanHandler ¶

func NewScanHandler(saasTmpl, orgKey, apiID, apiKey string, bom *Bom, layers []layers.Layer) *Handler

NewScanHandler will create a handler for scan cmd.

func (*Handler) AttachData ¶ added in v1.6.3

func (h *Handler) AttachData(bom *Bom, layers []layers.Layer, buildStep, namespace string)

AttachData will attach sbom, layers & policy to the handler.

func (Handler) GetImageAnalysisStatus ¶

func (h Handler) GetImageAnalysisStatus(digest string) (Status, error)

GetImageAnalysisStatus will fetch the current analysis result of an image.

func (Handler) GetImageVulnerability ¶

func (h Handler) GetImageVulnerability(digest string) (*image.ScannedImage, error)

GetImageVulnerability will fetch the vulnerability result via image digest.

func (Handler) GetResponseFromScanAPI ¶

func (h Handler) GetResponseFromScanAPI(digest string) (*image.ScannedImage, error)

GetResponseFromScanAPI will call the status API from image scanning service periodically, once the status is "FINISHED", it will fetch the real result from vuln API.

func (Handler) HealthCheck ¶

func (h Handler) HealthCheck() error

HealthCheck will check the health of the service backend.

func (Handler) PutBomAndLayersToAnalysisAPI ¶ added in v1.6.3

func (h Handler) PutBomAndLayersToAnalysisAPI(opts Option) (Status, error)

PutBomAndLayersToAnalysisAPI will call the PUT API and upload sbom to image scanning service.

func (*Handler) Scan ¶

func (h *Handler) Scan(opts Option) (*image.ScannedImage, error)

Scan will send payload to image scanning service and fetch the result back.

func (Handler) SendCancelSignal ¶

func (h Handler) SendCancelSignal(digest string) error

SendCancelSignal will send a cancel signal to backend, will be called when timeout or manual interruption.

type Option ¶

type Option struct {
	// ForceScan is the option whether to force scan an image no matter it is scanned or not.
	ForceScan bool
	// BypassDockerDaemon is whether not to use docker daemon to pull the image
	BypassDockerDaemon bool
	// UseDockerDaemon deprecated.
	UseDockerDaemon bool
	// Credential is the auth string used for login to registry, format: USERNAME[:PASSWORD]
	Credential string
	// ShouldCleanup is whether to delete the docker image pulled by docker
	ShouldCleanup bool
	// FullTag is the tag set to override in the image
	FullTag string
	// Timeout is the duration (second) for the scan process
	Timeout int
}

Option is the option used for image related cmd.

type RegistryHandler ¶

type RegistryHandler struct {
	// contains filtered or unexported fields
}

RegistryHandler coordinates with OCI registry APIs in order to retrieve container images as needed.

func NewRegistryHandler ¶

func NewRegistryHandler() RegistryHandler

NewRegistryHandler constructs a new RegistryHandler instance.

func (*RegistryHandler) GenerateLayers ¶ added in v1.6.3

func (h *RegistryHandler) GenerateLayers(input string, opts Option) ([]layers.Layer, error)

func (*RegistryHandler) GenerateSBOM ¶ added in v1.6.3

func (h *RegistryHandler) GenerateSBOM(input string, opts Option) (*Bom, error)

GenerateSBOM leverages Syft and Stereoscope to generate a bill of materials for a given image tag.

type Status ¶

type Status string

Status is the status for the scanning.

const (
	UploadedStatus Status = "UPLOADED"
	FinishedStatus Status = "FINISHED"
	QueuedStatus   Status = "QUEUED"
	FailedStatus   Status = "FAILED"
)

Detailed statuses of the scanning result.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL