-
Notifications
You must be signed in to change notification settings - Fork 197
/
vulnerability_types.go
147 lines (110 loc) · 5.06 KB
/
vulnerability_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
VulnerabilityReportsCRName = "vulnerabilityreports.aquasecurity.github.io"
VulnerabilityReportsCRVersion = "v1alpha1"
VulnerabilityReportKind = "VulnerabilityReport"
VulnerabilityReportListKind = "VulnerabilityReportList"
ClusterVulnerabilityReportsCRName = "clustervulnerabilityreports.aquasecurity.github.io"
)
// VulnerabilitySummary is a summary of Vulnerability counts grouped by Severity.
type VulnerabilitySummary struct {
// CriticalCount is the number of vulnerabilities with Critical Severity.
CriticalCount int `json:"criticalCount"`
// HighCount is the number of vulnerabilities with High Severity.
HighCount int `json:"highCount"`
// MediumCount is the number of vulnerabilities with Medium Severity.
MediumCount int `json:"mediumCount"`
// LowCount is the number of vulnerabilities with Low Severity.
LowCount int `json:"lowCount"`
// UnknownCount is the number of vulnerabilities with unknown severity.
UnknownCount int `json:"unknownCount"`
// NoneCount is the number of packages without any vulnerability.
NoneCount int `json:"noneCount"`
}
// Registry is a collection of repositories used to store Artifacts.
type Registry struct {
// Server the FQDN of registry server.
Server string `json:"server"`
}
// Artifact represents a standalone, executable package of software that
// includes everything needed to run an application.
type Artifact struct {
// Repository is the name of the repository in the Artifact registry.
Repository string `json:"repository"`
// Digest is a unique and immutable identifier of an Artifact.
Digest string `json:"digest,omitempty"`
// Tag is a mutable, human-readable string used to identify an Artifact.
Tag string `json:"tag,omitempty"`
// MimeType represents a type and format of an Artifact.
MimeType string `json:"mimeType,omitempty"`
}
// Vulnerability is the spec for a vulnerability record.
type Vulnerability struct {
// VulnerabilityID the vulnerability identifier.
VulnerabilityID string `json:"vulnerabilityID"`
// Resource is a vulnerable package, application, or library.
Resource string `json:"resource"`
// InstalledVersion indicates the installed version of the Resource.
InstalledVersion string `json:"installedVersion"`
// FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
FixedVersion string `json:"fixedVersion"`
Severity Severity `json:"severity"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
PrimaryLink string `json:"primaryLink,omitempty"`
Links []string `json:"links"`
Score *float64 `json:"score,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VulnerabilityReport is a specification for the VulnerabilityReport resource.
type VulnerabilityReport struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Report is the actual vulnerability report data.
Report VulnerabilityReportData `json:"report"`
}
// VulnerabilityReportData is the spec for the vulnerability scan result.
//
// The spec follows the Pluggable Scanners API defined for Harbor.
// @see https://github.com/goharbor/pluggable-scanner-spec/blob/master/api/spec/scanner-adapter-openapi-v1.0.yaml
type VulnerabilityReportData struct {
// UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
UpdateTimestamp metav1.Time `json:"updateTimestamp"`
// Scanner is the scanner that generated this report.
Scanner Scanner `json:"scanner"`
// Registry is the registry the Artifact was pulled from.
Registry Registry `json:"registry"`
// Artifact is a container image scanned for Vulnerabilities.
Artifact Artifact `json:"artifact"`
// Summary is a summary of Vulnerability counts grouped by Severity.
Summary VulnerabilitySummary `json:"summary"`
// Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// VulnerabilityReportList is a list of VulnerabilityReport resources.
type VulnerabilityReportList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []VulnerabilityReport `json:"items"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterVulnerabilityReport is a specification for the ClusterVulnerabilityReport resource.
type ClusterVulnerabilityReport struct {
metav1.TypeMeta `json:",incline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Report VulnerabilityReportData `json:"report"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterVulnerabilityReportList is a list of ClusterVulnerabilityReport resources.
type ClusterVulnerabilityReportList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterVulnerabilityReport `json:"items"`
}