Skip to content

Commit

Permalink
feat(crds): Define ClusterVulnerabilityReport resource (#723)
Browse files Browse the repository at this point in the history
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak authored Sep 29, 2021
1 parent f7c4b28 commit 2627cfe
Show file tree
Hide file tree
Showing 16 changed files with 686 additions and 3 deletions.
188 changes: 188 additions & 0 deletions deploy/crd/clustervulnerabilityreports.crd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clustervulnerabilityreports.aquasecurity.github.io
labels:
app.kubernetes.io/managed-by: starboard
spec:
group: aquasecurity.github.io
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
description: |
ClusterVulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
built into container images.
type: object
required:
- apiVersion
- kind
- metadata
- report
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
report:
type: object
required:
- updateTimestamp
- scanner
- artifact
- summary
- vulnerabilities
properties:
updateTimestamp:
type: string
format: date-time
scanner:
type: object
required:
- name
- vendor
- version
properties:
name:
type: string
vendor:
type: string
version:
type: string
registry:
type: object
properties:
server:
type: string
artifact:
type: object
properties:
repository:
type: string
digest:
type: string
tag:
type: string
mimeType:
type: string
summary:
type: object
required:
- criticalCount
- highCount
- mediumCount
- lowCount
- unknownCount
properties:
criticalCount:
type: integer
minimum: 0
highCount:
type: integer
minimum: 0
mediumCount:
type: integer
minimum: 0
lowCount:
type: integer
minimum: 0
unknownCount:
type: integer
minimum: 0
vulnerabilities:
type: array
items:
type: object
required:
- vulnerabilityID
- resource
- installedVersion
- fixedVersion
- severity
- title
properties:
vulnerabilityID:
type: string
resource:
type: string
installedVersion:
type: string
fixedVersion:
type: string
score:
type: number
severity:
type: string
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
title:
type: string
description:
type: string
primaryLink:
type: string
links:
type: array
items:
type: string
additionalPrinterColumns:
- jsonPath: .report.artifact.repository
type: string
name: Repository
description: The name of image repository
- jsonPath: .report.artifact.tag
type: string
name: Tag
description: The name of image tag
- jsonPath: .report.scanner.name
type: string
name: Scanner
description: The name of the vulnerability scanner
- jsonPath: .metadata.creationTimestamp
type: date
name: Age
description: The age of the report
- jsonPath: .report.summary.criticalCount
type: integer
name: Critical
description: The number of critical vulnerabilities
priority: 1
- jsonPath: .report.summary.highCount
type: integer
name: High
description: The number of high vulnerabilities
priority: 1
- jsonPath: .report.summary.mediumCount
type: integer
name: Medium
description: The number of medium vulnerabilities
priority: 1
- jsonPath: .report.summary.lowCount
type: integer
name: Low
description: The number of low vulnerabilities
priority: 1
- jsonPath: .report.summary.unknownCount
type: integer
name: Unknown
description: The number of unknown vulnerabilities
priority: 1
scope: Cluster
names:
singular: clustervulnerabilityreport
plural: clustervulnerabilityreports
kind: ClusterVulnerabilityReport
listKind: ClusterVulnerabilityReportList
categories:
- all
shortNames:
- clustervuln
- clustervulns
1 change: 1 addition & 0 deletions hack/tools.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
//go:build tools
// +build tools

// This package imports things required by build scripts, to force `go mod` to see them as dependencies.
Expand Down
5 changes: 3 additions & 2 deletions pkg/apis/aquasecurity/v1alpha1/register.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
package v1alpha1

import (
"github.com/aquasecurity/starboard/pkg/apis/aquasecurity"
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"

"github.com/aquasecurity/starboard/pkg/apis/aquasecurity"
)

// SchemeGroupVersion is group version used to register these objects
Expand Down Expand Up @@ -33,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&VulnerabilityReport{},
&VulnerabilityReportList{},
&ClusterVulnerabilityReport{},
&ClusterVulnerabilityReportList{},
&CISKubeBenchReport{},
&CISKubeBenchReportList{},
&KubeHunterReport{},
Expand Down
22 changes: 22 additions & 0 deletions pkg/apis/aquasecurity/v1alpha1/vulnerability_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,3 +90,25 @@ type VulnerabilityReportList struct {

Items []VulnerabilityReport `json:"items"`
}

// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// ClusterVulnerabilityReport is a specification for the ClusterVulnerabilityReport resource.
type ClusterVulnerabilityReport struct {
metav1.TypeMeta `json:",incline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Report VulnerabilityReportData `json:"report"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// ClusterVulnerabilityReportList is a list of ClusterVulnerabilityReport resources.
type ClusterVulnerabilityReportList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`

Items []ClusterVulnerabilityReport `json:"items"`
}
61 changes: 61 additions & 0 deletions pkg/apis/aquasecurity/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 2627cfe

Please sign in to comment.