Skip to content

Commit

Permalink
feat: Explain VulnerabilityReport and ClusterVulnerabilityReport CRDs
Browse files Browse the repository at this point in the history
Resolves: #409

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
  • Loading branch information
danielpacak committed Oct 21, 2021
1 parent 74c6501 commit 540a389
Show file tree
Hide file tree
Showing 4 changed files with 182 additions and 27 deletions.
54 changes: 54 additions & 0 deletions deploy/crd/clustervulnerabilityreports.crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ spec:
metadata:
type: object
report:
description: |
Report is the actual vulnerability report data.
type: object
required:
- updateTimestamp
Expand All @@ -38,38 +40,65 @@ spec:
- vulnerabilities
properties:
updateTimestamp:
description: |
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
type: string
format: date-time
scanner:
description: |
Scanner is the scanner that generated this report.
type: object
required:
- name
- vendor
- version
properties:
name:
description: |
Name the name of the scanner.
type: string
vendor:
description: |
Vendor the name of the vendor providing the scanner.
type: string
version:
description: |
Version the version of the scanner.
type: string
registry:
description: |
Registry is the registry the Artifact was pulled from.
type: object
properties:
server:
description: |
Server the FQDN of registry server.
type: string
artifact:
description: |
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
type: object
properties:
repository:
description: |
Repository is the name of the repository in the Artifact registry.
type: string
digest:
description: |
Digest is a unique and immutable identifier of an Artifact.
type: string
tag:
description: |
Tag is a mutable, human-readable string used to identify an Artifact.
type: string
mimeType:
description: |
MimeType represents a type and format of an Artifact.
type: string
summary:
description: |
Summary is a summary of Vulnerability counts grouped by Severity.
type: object
required:
- criticalCount
Expand All @@ -79,21 +108,38 @@ spec:
- unknownCount
properties:
criticalCount:
description: |
CriticalCount is the number of vulnerabilities with Critical Severity.
type: integer
minimum: 0
highCount:
description: |
HighCount is the number of vulnerabilities with High Severity.
type: integer
minimum: 0
mediumCount:
description: |
MediumCount is the number of vulnerabilities with Medium Severity.
type: integer
minimum: 0
lowCount:
description: |
LowCount is the number of vulnerabilities with Low Severity.
type: integer
minimum: 0
unknownCount:
description: |
UnknownCount is the number of vulnerabilities with unknown severity.
type: integer
minimum: 0
noneCount:
description: |
NoneCount is the number of packages without any vulnerability.
type: integer
minimum: 0
vulnerabilities:
description: |
Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
type: array
items:
type: object
Expand All @@ -106,12 +152,20 @@ spec:
- title
properties:
vulnerabilityID:
description: |
VulnerabilityID the vulnerability identifier.
type: string
resource:
description: |
Resource is a vulnerable package, application, or library.
type: string
installedVersion:
description: |
InstalledVersion indicates the installed version of the Resource.
type: string
fixedVersion:
description: |
FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
type: string
score:
type: number
Expand Down
54 changes: 54 additions & 0 deletions deploy/crd/vulnerabilityreports.crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ spec:
metadata:
type: object
report:
description: |
Report is the actual vulnerability report data.
type: object
required:
- updateTimestamp
Expand All @@ -38,38 +40,65 @@ spec:
- vulnerabilities
properties:
updateTimestamp:
description: |
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
type: string
format: date-time
scanner:
description: |
Scanner is the scanner that generated this report.
type: object
required:
- name
- vendor
- version
properties:
name:
description: |
Name the name of the scanner.
type: string
vendor:
description: |
Vendor the name of the vendor providing the scanner.
type: string
version:
description: |
Version the version of the scanner.
type: string
registry:
description: |
Registry is the registry the Artifact was pulled from.
type: object
properties:
server:
description: |
Server the FQDN of registry server.
type: string
artifact:
description: |
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
type: object
properties:
repository:
description: |
Repository is the name of the repository in the Artifact registry.
type: string
digest:
description: |
Digest is a unique and immutable identifier of an Artifact.
type: string
tag:
description: |
Tag is a mutable, human-readable string used to identify an Artifact.
type: string
mimeType:
description: |
MimeType represents a type and format of an Artifact.
type: string
summary:
description: |
Summary is a summary of Vulnerability counts grouped by Severity.
type: object
required:
- criticalCount
Expand All @@ -79,21 +108,38 @@ spec:
- unknownCount
properties:
criticalCount:
description: |
CriticalCount is the number of vulnerabilities with Critical Severity.
type: integer
minimum: 0
highCount:
description: |
HighCount is the number of vulnerabilities with High Severity.
type: integer
minimum: 0
mediumCount:
description: |
MediumCount is the number of vulnerabilities with Medium Severity.
type: integer
minimum: 0
lowCount:
description: |
LowCount is the number of vulnerabilities with Low Severity.
type: integer
minimum: 0
unknownCount:
description: |
UnknownCount is the number of vulnerabilities with unknown severity.
type: integer
minimum: 0
noneCount:
description: |
NoneCount is the number of packages without any vulnerability.
type: integer
minimum: 0
vulnerabilities:
description: |
Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
type: array
items:
type: object
Expand All @@ -106,12 +152,20 @@ spec:
- title
properties:
vulnerabilityID:
description: |
VulnerabilityID the vulnerability identifier.
type: string
resource:
description: |
Resource is a vulnerable package, application, or library.
type: string
installedVersion:
description: |
InstalledVersion indicates the installed version of the Resource.
type: string
fixedVersion:
description: |
FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
type: string
score:
type: number
Expand Down
9 changes: 7 additions & 2 deletions pkg/apis/aquasecurity/v1alpha1/common_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,12 @@ package v1alpha1

// Scanner is the spec for a scanner generating a security assessment report.
type Scanner struct {
Name string `json:"name"`
Vendor string `json:"vendor"`
// Name the name of the scanner.
Name string `json:"name"`

// Vendor the name of the vendor providing the scanner.
Vendor string `json:"vendor"`

// Version the version of the scanner.
Version string `json:"version"`
}
Loading

0 comments on commit 540a389

Please sign in to comment.