-
Notifications
You must be signed in to change notification settings - Fork 201
/
plugin.go
34 lines (28 loc) · 1.39 KB
/
plugin.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package vulnerabilityreport
import (
"io"
"github.com/aquasecurity/trivy-operator/pkg/apis/aquasecurity/v1alpha1"
"github.com/aquasecurity/trivy-operator/pkg/docker"
"github.com/aquasecurity/trivy-operator/pkg/trivyoperator"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// Plugin defines the interface between Trivy-operator and static vulnerability
// scanners.
type Plugin interface {
// Init is a callback to initialize this plugin, e.g. ensure the default
// configuration.
Init(ctx trivyoperator.PluginContext) error
// GetScanJobSpec describes the pod that will be created by Trivy-operator when
// it schedules a Kubernetes job to scan the workload with the specified
// descriptor.
// The second argument maps container names to Docker registry credentials,
// which can be passed to the scanner as environment variables with values
// set from returned secrets.
GetScanJobSpec(ctx trivyoperator.PluginContext, workload client.Object, credentials map[string]docker.Auth,
securityContext *corev1.SecurityContext) (corev1.PodSpec, []*corev1.Secret, error)
// ParseReportData is a callback to parse and convert logs of
// the pod controlled by the scan job to v1alpha1.VulnerabilityScanResult.
ParseReportData(ctx trivyoperator.PluginContext, imageRef string, logsReader io.ReadCloser) (
v1alpha1.VulnerabilityReportData, v1alpha1.ExposedSecretReportData, error)
}