Last active
May 7, 2024 12:37
-
-
Save henrysachs/948012d10b16234f0416fc4573b67abf to your computer and use it in GitHub Desktop.
trivy operator 0.14.0 crds
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: clustercompliancereports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ClusterComplianceReport | |
listKind: ClusterComplianceReportList | |
plural: clustercompliancereports | |
shortNames: | |
- compliance | |
singular: clustercompliancereport | |
scope: Cluster | |
versions: | |
- additionalPrinterColumns: | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of checks that failed | |
jsonPath: .status.summary.failCount | |
name: Fail | |
priority: 1 | |
type: integer | |
- description: The number of checks that passed | |
jsonPath: .status.summary.passCount | |
name: Pass | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ClusterComplianceReport is a specification for the ClusterComplianceReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
spec: | |
description: ReportSpec represent the compliance specification | |
properties: | |
compliance: | |
properties: | |
controls: | |
description: Control represent the cps controls data and mapping | |
checks | |
items: | |
description: Control represent the cps controls data and mapping | |
checks | |
properties: | |
checks: | |
items: | |
description: SpecCheck represent the scanner who perform | |
the control check | |
properties: | |
id: | |
description: id define the check id as produced by | |
scanner | |
type: string | |
required: | |
- id | |
type: object | |
type: array | |
defaultStatus: | |
description: define the default value for check status in | |
case resource not found | |
enum: | |
- PASS | |
- WARN | |
- FAIL | |
type: string | |
description: | |
type: string | |
id: | |
description: id define the control check id | |
type: string | |
name: | |
type: string | |
severity: | |
description: define the severity of the control | |
enum: | |
- CRITICAL | |
- HIGH | |
- MEDIUM | |
- LOW | |
- UNKNOWN | |
type: string | |
required: | |
- id | |
- name | |
- severity | |
type: object | |
type: array | |
description: | |
type: string | |
id: | |
type: string | |
relatedResources: | |
items: | |
type: string | |
type: array | |
title: | |
type: string | |
version: | |
type: string | |
required: | |
- controls | |
- description | |
- id | |
- relatedResources | |
- title | |
- version | |
type: object | |
cron: | |
description: cron define the intervals for report generation | |
pattern: ^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) | |
((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) | |
((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) | |
((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) | |
((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$ | |
type: string | |
reportType: | |
enum: | |
- summary | |
- all | |
type: string | |
required: | |
- compliance | |
- cron | |
- reportType | |
type: object | |
status: | |
properties: | |
detailReport: | |
description: ComplianceReport represents a kubernetes scan report | |
properties: | |
description: | |
type: string | |
id: | |
type: string | |
relatedVersion: | |
items: | |
type: string | |
type: array | |
results: | |
items: | |
properties: | |
checks: | |
items: | |
description: ComplianceCheck provides the result of conducting | |
a single compliance step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links | |
to external resources to remediate failing check. | |
type: string | |
severity: | |
description: Severity level of a vulnerability or | |
a configuration audit check. | |
type: string | |
success: | |
type: boolean | |
target: | |
type: string | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
description: | |
type: string | |
id: | |
type: string | |
name: | |
type: string | |
severity: | |
type: string | |
status: | |
type: string | |
required: | |
- checks | |
type: object | |
type: array | |
title: | |
type: string | |
version: | |
type: string | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
summary: | |
properties: | |
failCount: | |
type: integer | |
passCount: | |
type: integer | |
type: object | |
summaryReport: | |
description: SummaryReport represents a kubernetes scan report with | |
consolidated findings | |
properties: | |
controlCheck: | |
items: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
severity: | |
type: string | |
totalFail: | |
type: integer | |
type: object | |
type: array | |
id: | |
type: string | |
title: | |
type: string | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
updateTimestamp: | |
format: date-time | |
type: string | |
required: | |
- updateTimestamp | |
type: object | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: | |
status: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: clusterconfigauditreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ClusterConfigAuditReport | |
listKind: ClusterConfigAuditReportList | |
plural: clusterconfigauditreports | |
shortNames: | |
- clusterconfigaudit | |
singular: clusterconfigauditreport | |
scope: Cluster | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of the config audit scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of failed checks with critical severity | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with high severity | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with medium severity | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with low severity | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ClusterConfigAuditReport is a specification for the ClusterConfigAuditReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
properties: | |
checks: | |
description: Checks provides results of conducting audit steps. | |
items: | |
description: Check provides the result of conducting a single audit | |
step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links to external | |
resources to remediate failing check. | |
type: string | |
scope: | |
description: Scope indicates the section of config that was | |
audited. | |
properties: | |
type: | |
description: Type indicates type of this scope, e.g. Container, | |
ConfigMapKey or JSONPath. | |
type: string | |
value: | |
description: Value indicates value of this scope that depends | |
on Type, e.g. container name, ConfigMap key or JSONPath | |
expression | |
type: string | |
required: | |
- type | |
- value | |
type: object | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
type: string | |
success: | |
type: boolean | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
scanner: | |
description: Scanner is the spec for a scanner generating a security | |
assessment report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: ConfigAuditSummary counts failed checks by severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of failed checks with | |
critical severity. | |
type: integer | |
highCount: | |
description: HighCount is the number of failed checks with high | |
severity. | |
type: integer | |
lowCount: | |
description: LowCount is the number of failed check with low severity. | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of failed checks with medium | |
severity. | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
updateTimestamp: | |
format: date-time | |
type: string | |
required: | |
- checks | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: clusterinfraassessmentreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ClusterInfraAssessmentReport | |
listKind: ClusterInfraAssessmentReportList | |
plural: clusterinfraassessmentreports | |
shortNames: | |
- clusterinfraassessment | |
singular: clusterinfraassessmentreport | |
scope: Cluster | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of the infra assessement scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of failed checks with critical severity | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with high severity | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with medium severity | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with low severity | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ClusterInfraAssessmentReport is a specification for the ClusterInfraAssessmentReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
properties: | |
checks: | |
description: Checks provides results of conducting audit steps. | |
items: | |
description: Check provides the result of conducting a single audit | |
step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links to external | |
resources to remediate failing check. | |
type: string | |
scope: | |
description: Scope indicates the section of config that was | |
audited. | |
properties: | |
type: | |
description: Type indicates type of this scope, e.g. Container, | |
ConfigMapKey or JSONPath. | |
type: string | |
value: | |
description: Value indicates value of this scope that depends | |
on Type, e.g. container name, ConfigMap key or JSONPath | |
expression | |
type: string | |
required: | |
- type | |
- value | |
type: object | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
type: string | |
success: | |
type: boolean | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
scanner: | |
description: Scanner is the spec for a scanner generating a security | |
assessment report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: InfraAssessmentSummary counts failed checks by severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of failed checks with | |
critical severity. | |
type: integer | |
highCount: | |
description: HighCount is the number of failed checks with high | |
severity. | |
type: integer | |
lowCount: | |
description: LowCount is the number of failed check with low severity. | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of failed checks with medium | |
severity. | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
required: | |
- checks | |
- scanner | |
- summary | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: clusterrbacassessmentreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ClusterRbacAssessmentReport | |
listKind: ClusterRbacAssessmentReportList | |
plural: clusterrbacassessmentreports | |
shortNames: | |
- clusterrbacassessmentreport | |
singular: clusterrbacassessmentreport | |
scope: Cluster | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of the rbac assessment scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of failed checks with critical severity | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with high severity | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with medium severity | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with low severity | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ClusterRbacAssessmentReport is a specification for the ClusterRbacAssessmentReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
properties: | |
checks: | |
description: Checks provides results of conducting audit steps. | |
items: | |
description: Check provides the result of conducting a single audit | |
step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links to external | |
resources to remediate failing check. | |
type: string | |
scope: | |
description: Scope indicates the section of config that was | |
audited. | |
properties: | |
type: | |
description: Type indicates type of this scope, e.g. Container, | |
ConfigMapKey or JSONPath. | |
type: string | |
value: | |
description: Value indicates value of this scope that depends | |
on Type, e.g. container name, ConfigMap key or JSONPath | |
expression | |
type: string | |
required: | |
- type | |
- value | |
type: object | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
type: string | |
success: | |
type: boolean | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
scanner: | |
description: Scanner is the spec for a scanner generating a security | |
assessment report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: RbacAssessmentSummary counts failed checks by severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of failed checks with | |
critical severity. | |
type: integer | |
highCount: | |
description: HighCount is the number of failed checks with high | |
severity. | |
type: integer | |
lowCount: | |
description: LowCount is the number of failed check with low severity. | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of failed checks with medium | |
severity. | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
required: | |
- checks | |
- scanner | |
- summary | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: clustersbomreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ClusterSbomReport | |
listKind: ClusterSbomReportList | |
plural: clustersbomreports | |
shortNames: | |
- clustersbom | |
singular: clustersbomreport | |
scope: Cluster | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of image repository | |
jsonPath: .report.artifact.repository | |
name: Repository | |
type: string | |
- description: The name of image tag | |
jsonPath: .report.artifact.tag | |
name: Tag | |
type: string | |
- description: The name of the sbom generation scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of dependencies in bom | |
jsonPath: .report.summary.componentsCount | |
name: Components | |
priority: 1 | |
type: integer | |
- description: The the number of components in bom | |
jsonPath: .report.summary.dependenciesCount | |
name: Dependencies | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ClusterSbomReport summarizes components and dependencies found | |
in container image | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
description: Report is the actual sbom report data. | |
properties: | |
artifact: | |
description: |- | |
Artifact represents a standalone, executable package of software that includes everything needed to | |
run an application. | |
properties: | |
digest: | |
description: Digest is a unique and immutable identifier of an | |
Artifact. | |
type: string | |
mimeType: | |
description: MimeType represents a type and format of an Artifact. | |
type: string | |
repository: | |
description: Repository is the name of the repository in the Artifact | |
registry. | |
type: string | |
tag: | |
description: Tag is a mutable, human-readable string used to identify | |
an Artifact. | |
type: string | |
type: object | |
components: | |
description: Bom is artifact bill of materials. | |
properties: | |
bomFormat: | |
type: string | |
components: | |
items: | |
properties: | |
bom-ref: | |
type: string | |
group: | |
type: string | |
hashes: | |
items: | |
properties: | |
alg: | |
type: string | |
content: | |
type: string | |
type: object | |
type: array | |
licenses: | |
items: | |
properties: | |
expression: | |
type: string | |
license: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: object | |
type: array | |
name: | |
type: string | |
properties: | |
items: | |
properties: | |
name: | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
purl: | |
type: string | |
supplier: | |
properties: | |
contact: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
phone: | |
type: string | |
type: object | |
type: array | |
name: | |
type: string | |
url: | |
items: | |
type: string | |
type: array | |
type: object | |
type: | |
type: string | |
version: | |
type: string | |
type: object | |
type: array | |
dependencies: | |
items: | |
properties: | |
dependsOn: | |
items: | |
type: string | |
type: array | |
ref: | |
type: string | |
type: object | |
type: array | |
metadata: | |
properties: | |
component: | |
properties: | |
bom-ref: | |
type: string | |
group: | |
type: string | |
hashes: | |
items: | |
properties: | |
alg: | |
type: string | |
content: | |
type: string | |
type: object | |
type: array | |
licenses: | |
items: | |
properties: | |
expression: | |
type: string | |
license: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: object | |
type: array | |
name: | |
type: string | |
properties: | |
items: | |
properties: | |
name: | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
purl: | |
type: string | |
supplier: | |
properties: | |
contact: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
phone: | |
type: string | |
type: object | |
type: array | |
name: | |
type: string | |
url: | |
items: | |
type: string | |
type: array | |
type: object | |
type: | |
type: string | |
version: | |
type: string | |
type: object | |
timestamp: | |
type: string | |
tools: | |
properties: | |
components: | |
items: | |
properties: | |
bom-ref: | |
type: string | |
group: | |
type: string | |
hashes: | |
items: | |
properties: | |
alg: | |
type: string | |
content: | |
type: string | |
type: object | |
type: array | |
licenses: | |
items: | |
properties: | |
expression: | |
type: string | |
license: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: object | |
type: array | |
name: | |
type: string | |
properties: | |
items: | |
properties: | |
name: | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
purl: | |
type: string | |
supplier: | |
properties: | |
contact: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
phone: | |
type: string | |
type: object | |
type: array | |
name: | |
type: string | |
url: | |
items: | |
type: string | |
type: array | |
type: object | |
type: | |
type: string | |
version: | |
type: string | |
type: object | |
type: array | |
type: object | |
type: object | |
serialNumber: | |
type: string | |
specVersion: | |
type: string | |
version: | |
type: integer | |
required: | |
- bomFormat | |
- specVersion | |
type: object | |
registry: | |
description: Registry is the registry the Artifact was pulled from. | |
properties: | |
server: | |
description: Server the FQDN of registry server. | |
type: string | |
type: object | |
scanner: | |
description: Scanner is the scanner that generated this report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: Summary is a summary of sbom report. | |
properties: | |
componentsCount: | |
description: ComponentsCount is the number of components in bom. | |
minimum: 0 | |
type: integer | |
dependenciesCount: | |
description: DependenciesCount is the number of dependencies in | |
bom. | |
minimum: 0 | |
type: integer | |
required: | |
- componentsCount | |
- dependenciesCount | |
type: object | |
updateTimestamp: | |
description: UpdateTimestamp is a timestamp representing the server | |
time in UTC when this report was updated. | |
format: date-time | |
type: string | |
required: | |
- artifact | |
- components | |
- scanner | |
- summary | |
- updateTimestamp | |
type: object | |
required: | |
- report | |
type: object | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: clustervulnerabilityreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ClusterVulnerabilityReport | |
listKind: ClusterVulnerabilityReportList | |
plural: clustervulnerabilityreports | |
shortNames: | |
- clustervuln | |
singular: clustervulnerabilityreport | |
scope: Cluster | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of image repository | |
jsonPath: .report.artifact.repository | |
name: Repository | |
type: string | |
- description: The name of image tag | |
jsonPath: .report.artifact.tag | |
name: Tag | |
type: string | |
- description: The name of the vulnerability scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of critical vulnerabilities | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of high vulnerabilities | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of medium vulnerabilities | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of low vulnerabilities | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
- description: The number of unknown vulnerabilities | |
jsonPath: .report.summary.unknownCount | |
name: Unknown | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: |- | |
ClusterVulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages | |
built into container images. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
description: Report is the actual vulnerability report data. | |
properties: | |
artifact: | |
description: |- | |
Artifact represents a standalone, executable package of software that includes everything needed to | |
run an application. | |
properties: | |
digest: | |
description: Digest is a unique and immutable identifier of an | |
Artifact. | |
type: string | |
mimeType: | |
description: MimeType represents a type and format of an Artifact. | |
type: string | |
repository: | |
description: Repository is the name of the repository in the Artifact | |
registry. | |
type: string | |
tag: | |
description: Tag is a mutable, human-readable string used to identify | |
an Artifact. | |
type: string | |
type: object | |
os: | |
description: OS information of the artifact | |
properties: | |
eosl: | |
description: Eosl is true if OS version has reached end of service | |
life | |
type: boolean | |
family: | |
description: Operating System Family | |
type: string | |
name: | |
description: Name or version of the OS | |
type: string | |
type: object | |
registry: | |
description: Registry is the registry the Artifact was pulled from. | |
properties: | |
server: | |
description: Server the FQDN of registry server. | |
type: string | |
type: object | |
scanner: | |
description: Scanner is the scanner that generated this report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: Summary is a summary of Vulnerability counts grouped | |
by Severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of vulnerabilities with | |
Critical Severity. | |
minimum: 0 | |
type: integer | |
highCount: | |
description: HighCount is the number of vulnerabilities with High | |
Severity. | |
minimum: 0 | |
type: integer | |
lowCount: | |
description: LowCount is the number of vulnerabilities with Low | |
Severity. | |
minimum: 0 | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of vulnerabilities with | |
Medium Severity. | |
minimum: 0 | |
type: integer | |
noneCount: | |
description: NoneCount is the number of packages without any vulnerability. | |
minimum: 0 | |
type: integer | |
unknownCount: | |
description: UnknownCount is the number of vulnerabilities with | |
unknown severity. | |
minimum: 0 | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
- unknownCount | |
type: object | |
updateTimestamp: | |
description: UpdateTimestamp is a timestamp representing the server | |
time in UTC when this report was updated. | |
format: date-time | |
type: string | |
vulnerabilities: | |
description: Vulnerabilities is a list of operating system (OS) or | |
application software Vulnerability items found in the Artifact. | |
items: | |
description: Vulnerability is the spec for a vulnerability record. | |
properties: | |
class: | |
type: string | |
cvss: | |
additionalProperties: | |
properties: | |
V2Score: | |
type: number | |
V2Vector: | |
type: string | |
V3Score: | |
type: number | |
V3Vector: | |
type: string | |
type: object | |
type: object | |
cvsssource: | |
type: string | |
description: | |
type: string | |
fixedVersion: | |
description: FixedVersion indicates the version of the Resource | |
in which this vulnerability has been fixed. | |
type: string | |
installedVersion: | |
description: InstalledVersion indicates the installed version | |
of the Resource. | |
type: string | |
lastModifiedDate: | |
description: LastModifiedDate indicates the last date CVE has | |
been modified. | |
type: string | |
links: | |
items: | |
type: string | |
type: array | |
packagePath: | |
type: string | |
packageType: | |
type: string | |
primaryLink: | |
type: string | |
publishedDate: | |
description: PublishedDate indicates the date of published CVE. | |
type: string | |
resource: | |
description: Resource is a vulnerable package, application, | |
or library. | |
type: string | |
score: | |
type: number | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
enum: | |
- CRITICAL | |
- HIGH | |
- MEDIUM | |
- LOW | |
- UNKNOWN | |
type: string | |
target: | |
type: string | |
title: | |
type: string | |
vulnerabilityID: | |
description: VulnerabilityID the vulnerability identifier. | |
type: string | |
required: | |
- fixedVersion | |
- installedVersion | |
- lastModifiedDate | |
- publishedDate | |
- resource | |
- severity | |
- title | |
- vulnerabilityID | |
type: object | |
type: array | |
required: | |
- artifact | |
- os | |
- scanner | |
- summary | |
- updateTimestamp | |
- vulnerabilities | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: configauditreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ConfigAuditReport | |
listKind: ConfigAuditReportList | |
plural: configauditreports | |
shortNames: | |
- configaudit | |
- configaudits | |
singular: configauditreport | |
scope: Namespaced | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of the config audit scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of failed checks with critical severity | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with high severity | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with medium severity | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with low severity | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ConfigAuditReport is a specification for the ConfigAuditReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
properties: | |
checks: | |
description: Checks provides results of conducting audit steps. | |
items: | |
description: Check provides the result of conducting a single audit | |
step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links to external | |
resources to remediate failing check. | |
type: string | |
scope: | |
description: Scope indicates the section of config that was | |
audited. | |
properties: | |
type: | |
description: Type indicates type of this scope, e.g. Container, | |
ConfigMapKey or JSONPath. | |
type: string | |
value: | |
description: Value indicates value of this scope that depends | |
on Type, e.g. container name, ConfigMap key or JSONPath | |
expression | |
type: string | |
required: | |
- type | |
- value | |
type: object | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
type: string | |
success: | |
type: boolean | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
scanner: | |
description: Scanner is the spec for a scanner generating a security | |
assessment report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: ConfigAuditSummary counts failed checks by severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of failed checks with | |
critical severity. | |
type: integer | |
highCount: | |
description: HighCount is the number of failed checks with high | |
severity. | |
type: integer | |
lowCount: | |
description: LowCount is the number of failed check with low severity. | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of failed checks with medium | |
severity. | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
updateTimestamp: | |
format: date-time | |
type: string | |
required: | |
- checks | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: exposedsecretreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: ExposedSecretReport | |
listKind: ExposedSecretReportList | |
plural: exposedsecretreports | |
shortNames: | |
- exposedsecret | |
- exposedsecrets | |
singular: exposedsecretreport | |
scope: Namespaced | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of image repository | |
jsonPath: .report.artifact.repository | |
name: Repository | |
type: string | |
- description: The name of image tag | |
jsonPath: .report.artifact.tag | |
name: Tag | |
type: string | |
- description: The name of the exposed secret scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of critical exposed secrets | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of high exposed secrets | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of medium exposed secrets | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of low exposed secrets | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: ExposedSecretReport summarizes exposed secrets in plaintext files | |
built into container images. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
description: Report is the actual exposed secret report data. | |
properties: | |
artifact: | |
description: |- | |
Artifact represents a standalone, executable package of software that includes everything needed to | |
run an application. | |
properties: | |
digest: | |
description: Digest is a unique and immutable identifier of an | |
Artifact. | |
type: string | |
mimeType: | |
description: MimeType represents a type and format of an Artifact. | |
type: string | |
repository: | |
description: Repository is the name of the repository in the Artifact | |
registry. | |
type: string | |
tag: | |
description: Tag is a mutable, human-readable string used to identify | |
an Artifact. | |
type: string | |
type: object | |
registry: | |
description: Registry is the registry the Artifact was pulled from. | |
properties: | |
server: | |
description: Server the FQDN of registry server. | |
type: string | |
type: object | |
scanner: | |
description: Scanner is the scanner that generated this report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
secrets: | |
description: Exposed secrets is a list of passwords, api keys, tokens | |
and others items found in the Artifact. | |
items: | |
description: ExposedSecret is the spec for a exposed secret record. | |
properties: | |
category: | |
type: string | |
match: | |
description: Match where the exposed rule matched. | |
type: string | |
ruleID: | |
description: RuleID is rule the identifier. | |
type: string | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
enum: | |
- CRITICAL | |
- HIGH | |
- MEDIUM | |
- LOW | |
type: string | |
target: | |
description: Target is where the exposed secret was found. | |
type: string | |
title: | |
type: string | |
required: | |
- category | |
- match | |
- ruleID | |
- severity | |
- target | |
- title | |
type: object | |
type: array | |
summary: | |
description: Summary is the exposed secrets counts grouped by Severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of exposed secrets with | |
Critical Severity. | |
minimum: 0 | |
type: integer | |
highCount: | |
description: HighCount is the number of exposed secrets with High | |
Severity. | |
minimum: 0 | |
type: integer | |
lowCount: | |
description: LowCount is the number of exposed secrets with Low | |
Severity. | |
minimum: 0 | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of exposed secrets with | |
Medium Severity. | |
minimum: 0 | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
updateTimestamp: | |
description: UpdateTimestamp is a timestamp representing the server | |
time in UTC when this report was updated. | |
format: date-time | |
type: string | |
required: | |
- artifact | |
- scanner | |
- secrets | |
- summary | |
- updateTimestamp | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: infraassessmentreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: InfraAssessmentReport | |
listKind: InfraAssessmentReportList | |
plural: infraassessmentreports | |
shortNames: | |
- infraassessment | |
- infraassessments | |
singular: infraassessmentreport | |
scope: Namespaced | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of the infra assessment scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of failed checks with critical severity | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with high severity | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with medium severity | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with low severity | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: InfraAssessmentReport is a specification for the InfraAssessmentReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
properties: | |
checks: | |
description: Checks provides results of conducting audit steps. | |
items: | |
description: Check provides the result of conducting a single audit | |
step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links to external | |
resources to remediate failing check. | |
type: string | |
scope: | |
description: Scope indicates the section of config that was | |
audited. | |
properties: | |
type: | |
description: Type indicates type of this scope, e.g. Container, | |
ConfigMapKey or JSONPath. | |
type: string | |
value: | |
description: Value indicates value of this scope that depends | |
on Type, e.g. container name, ConfigMap key or JSONPath | |
expression | |
type: string | |
required: | |
- type | |
- value | |
type: object | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
type: string | |
success: | |
type: boolean | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
scanner: | |
description: Scanner is the spec for a scanner generating a security | |
assessment report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: InfraAssessmentSummary counts failed checks by severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of failed checks with | |
critical severity. | |
type: integer | |
highCount: | |
description: HighCount is the number of failed checks with high | |
severity. | |
type: integer | |
lowCount: | |
description: LowCount is the number of failed check with low severity. | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of failed checks with medium | |
severity. | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
required: | |
- checks | |
- scanner | |
- summary | |
type: object | |
required: | |
- report | |
type: object | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: rbacassessmentreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: RbacAssessmentReport | |
listKind: RbacAssessmentReportList | |
plural: rbacassessmentreports | |
shortNames: | |
- rbacassessment | |
- rbacassessments | |
singular: rbacassessmentreport | |
scope: Namespaced | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of the rbac assessment scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of failed checks with critical severity | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with high severity | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with medium severity | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of failed checks with low severity | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: RbacAssessmentReport is a specification for the RbacAssessmentReport | |
resource. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
properties: | |
checks: | |
description: Checks provides results of conducting audit steps. | |
items: | |
description: Check provides the result of conducting a single audit | |
step. | |
properties: | |
category: | |
type: string | |
checkID: | |
type: string | |
description: | |
type: string | |
messages: | |
items: | |
type: string | |
type: array | |
remediation: | |
description: Remediation provides description or links to external | |
resources to remediate failing check. | |
type: string | |
scope: | |
description: Scope indicates the section of config that was | |
audited. | |
properties: | |
type: | |
description: Type indicates type of this scope, e.g. Container, | |
ConfigMapKey or JSONPath. | |
type: string | |
value: | |
description: Value indicates value of this scope that depends | |
on Type, e.g. container name, ConfigMap key or JSONPath | |
expression | |
type: string | |
required: | |
- type | |
- value | |
type: object | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
type: string | |
success: | |
type: boolean | |
title: | |
type: string | |
required: | |
- checkID | |
- severity | |
- success | |
type: object | |
type: array | |
scanner: | |
description: Scanner is the spec for a scanner generating a security | |
assessment report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: RbacAssessmentSummary counts failed checks by severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of failed checks with | |
critical severity. | |
type: integer | |
highCount: | |
description: HighCount is the number of failed checks with high | |
severity. | |
type: integer | |
lowCount: | |
description: LowCount is the number of failed check with low severity. | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of failed checks with medium | |
severity. | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
type: object | |
required: | |
- checks | |
- scanner | |
- summary | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: sbomreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: SbomReport | |
listKind: SbomReportList | |
plural: sbomreports | |
shortNames: | |
- sbom | |
- sboms | |
singular: sbomreport | |
scope: Namespaced | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of image repository | |
jsonPath: .report.artifact.repository | |
name: Repository | |
type: string | |
- description: The name of image tag | |
jsonPath: .report.artifact.tag | |
name: Tag | |
type: string | |
- description: The name of the sbom generation scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of dependencies in bom | |
jsonPath: .report.summary.componentsCount | |
name: Components | |
priority: 1 | |
type: integer | |
- description: The the number of components in bom | |
jsonPath: .report.summary.dependenciesCount | |
name: Dependencies | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: SbomReport summarizes components and dependencies found in container | |
image | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
description: Report is the actual sbom report data. | |
properties: | |
artifact: | |
description: |- | |
Artifact represents a standalone, executable package of software that includes everything needed to | |
run an application. | |
properties: | |
digest: | |
description: Digest is a unique and immutable identifier of an | |
Artifact. | |
type: string | |
mimeType: | |
description: MimeType represents a type and format of an Artifact. | |
type: string | |
repository: | |
description: Repository is the name of the repository in the Artifact | |
registry. | |
type: string | |
tag: | |
description: Tag is a mutable, human-readable string used to identify | |
an Artifact. | |
type: string | |
type: object | |
components: | |
description: Bom is artifact bill of materials. | |
properties: | |
bomFormat: | |
type: string | |
components: | |
items: | |
properties: | |
bom-ref: | |
type: string | |
group: | |
type: string | |
hashes: | |
items: | |
properties: | |
alg: | |
type: string | |
content: | |
type: string | |
type: object | |
type: array | |
licenses: | |
items: | |
properties: | |
expression: | |
type: string | |
license: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: object | |
type: array | |
name: | |
type: string | |
properties: | |
items: | |
properties: | |
name: | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
purl: | |
type: string | |
supplier: | |
properties: | |
contact: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
phone: | |
type: string | |
type: object | |
type: array | |
name: | |
type: string | |
url: | |
items: | |
type: string | |
type: array | |
type: object | |
type: | |
type: string | |
version: | |
type: string | |
type: object | |
type: array | |
dependencies: | |
items: | |
properties: | |
dependsOn: | |
items: | |
type: string | |
type: array | |
ref: | |
type: string | |
type: object | |
type: array | |
metadata: | |
properties: | |
component: | |
properties: | |
bom-ref: | |
type: string | |
group: | |
type: string | |
hashes: | |
items: | |
properties: | |
alg: | |
type: string | |
content: | |
type: string | |
type: object | |
type: array | |
licenses: | |
items: | |
properties: | |
expression: | |
type: string | |
license: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: object | |
type: array | |
name: | |
type: string | |
properties: | |
items: | |
properties: | |
name: | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
purl: | |
type: string | |
supplier: | |
properties: | |
contact: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
phone: | |
type: string | |
type: object | |
type: array | |
name: | |
type: string | |
url: | |
items: | |
type: string | |
type: array | |
type: object | |
type: | |
type: string | |
version: | |
type: string | |
type: object | |
timestamp: | |
type: string | |
tools: | |
properties: | |
components: | |
items: | |
properties: | |
bom-ref: | |
type: string | |
group: | |
type: string | |
hashes: | |
items: | |
properties: | |
alg: | |
type: string | |
content: | |
type: string | |
type: object | |
type: array | |
licenses: | |
items: | |
properties: | |
expression: | |
type: string | |
license: | |
properties: | |
id: | |
type: string | |
name: | |
type: string | |
url: | |
type: string | |
type: object | |
type: object | |
type: array | |
name: | |
type: string | |
properties: | |
items: | |
properties: | |
name: | |
type: string | |
value: | |
type: string | |
type: object | |
type: array | |
purl: | |
type: string | |
supplier: | |
properties: | |
contact: | |
items: | |
properties: | |
email: | |
type: string | |
name: | |
type: string | |
phone: | |
type: string | |
type: object | |
type: array | |
name: | |
type: string | |
url: | |
items: | |
type: string | |
type: array | |
type: object | |
type: | |
type: string | |
version: | |
type: string | |
type: object | |
type: array | |
type: object | |
type: object | |
serialNumber: | |
type: string | |
specVersion: | |
type: string | |
version: | |
type: integer | |
required: | |
- bomFormat | |
- specVersion | |
type: object | |
registry: | |
description: Registry is the registry the Artifact was pulled from. | |
properties: | |
server: | |
description: Server the FQDN of registry server. | |
type: string | |
type: object | |
scanner: | |
description: Scanner is the scanner that generated this report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: Summary is a summary of sbom report. | |
properties: | |
componentsCount: | |
description: ComponentsCount is the number of components in bom. | |
minimum: 0 | |
type: integer | |
dependenciesCount: | |
description: DependenciesCount is the number of dependencies in | |
bom. | |
minimum: 0 | |
type: integer | |
required: | |
- componentsCount | |
- dependenciesCount | |
type: object | |
updateTimestamp: | |
description: UpdateTimestamp is a timestamp representing the server | |
time in UTC when this report was updated. | |
format: date-time | |
type: string | |
required: | |
- artifact | |
- components | |
- scanner | |
- summary | |
- updateTimestamp | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- | |
apiVersion: apiextensions.k8s.io/v1 | |
kind: CustomResourceDefinition | |
metadata: | |
annotations: | |
controller-gen.kubebuilder.io/version: v0.14.0 | |
name: vulnerabilityreports.aquasecurity.github.io | |
spec: | |
group: aquasecurity.github.io | |
names: | |
kind: VulnerabilityReport | |
listKind: VulnerabilityReportList | |
plural: vulnerabilityreports | |
shortNames: | |
- vuln | |
- vulns | |
singular: vulnerabilityreport | |
scope: Namespaced | |
versions: | |
- additionalPrinterColumns: | |
- description: The name of image repository | |
jsonPath: .report.artifact.repository | |
name: Repository | |
type: string | |
- description: The name of image tag | |
jsonPath: .report.artifact.tag | |
name: Tag | |
type: string | |
- description: The name of the vulnerability scanner | |
jsonPath: .report.scanner.name | |
name: Scanner | |
type: string | |
- description: The age of the report | |
jsonPath: .metadata.creationTimestamp | |
name: Age | |
type: date | |
- description: The number of critical vulnerabilities | |
jsonPath: .report.summary.criticalCount | |
name: Critical | |
priority: 1 | |
type: integer | |
- description: The number of high vulnerabilities | |
jsonPath: .report.summary.highCount | |
name: High | |
priority: 1 | |
type: integer | |
- description: The number of medium vulnerabilities | |
jsonPath: .report.summary.mediumCount | |
name: Medium | |
priority: 1 | |
type: integer | |
- description: The number of low vulnerabilities | |
jsonPath: .report.summary.lowCount | |
name: Low | |
priority: 1 | |
type: integer | |
- description: The number of unknown vulnerabilities | |
jsonPath: .report.summary.unknownCount | |
name: Unknown | |
priority: 1 | |
type: integer | |
name: v1alpha1 | |
schema: | |
openAPIV3Schema: | |
description: |- | |
VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages | |
built into container images. | |
properties: | |
apiVersion: | |
description: |- | |
APIVersion defines the versioned schema of this representation of an object. | |
Servers should convert recognized schemas to the latest internal value, and | |
may reject unrecognized values. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | |
type: string | |
kind: | |
description: |- | |
Kind is a string value representing the REST resource this object represents. | |
Servers may infer this from the endpoint the client submits requests to. | |
Cannot be updated. | |
In CamelCase. | |
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | |
type: string | |
metadata: | |
type: object | |
report: | |
description: Report is the actual vulnerability report data. | |
properties: | |
artifact: | |
description: |- | |
Artifact represents a standalone, executable package of software that includes everything needed to | |
run an application. | |
properties: | |
digest: | |
description: Digest is a unique and immutable identifier of an | |
Artifact. | |
type: string | |
mimeType: | |
description: MimeType represents a type and format of an Artifact. | |
type: string | |
repository: | |
description: Repository is the name of the repository in the Artifact | |
registry. | |
type: string | |
tag: | |
description: Tag is a mutable, human-readable string used to identify | |
an Artifact. | |
type: string | |
type: object | |
os: | |
description: OS information of the artifact | |
properties: | |
eosl: | |
description: Eosl is true if OS version has reached end of service | |
life | |
type: boolean | |
family: | |
description: Operating System Family | |
type: string | |
name: | |
description: Name or version of the OS | |
type: string | |
type: object | |
registry: | |
description: Registry is the registry the Artifact was pulled from. | |
properties: | |
server: | |
description: Server the FQDN of registry server. | |
type: string | |
type: object | |
scanner: | |
description: Scanner is the scanner that generated this report. | |
properties: | |
name: | |
description: Name the name of the scanner. | |
type: string | |
vendor: | |
description: Vendor the name of the vendor providing the scanner. | |
type: string | |
version: | |
description: Version the version of the scanner. | |
type: string | |
required: | |
- name | |
- vendor | |
- version | |
type: object | |
summary: | |
description: Summary is a summary of Vulnerability counts grouped | |
by Severity. | |
properties: | |
criticalCount: | |
description: CriticalCount is the number of vulnerabilities with | |
Critical Severity. | |
minimum: 0 | |
type: integer | |
highCount: | |
description: HighCount is the number of vulnerabilities with High | |
Severity. | |
minimum: 0 | |
type: integer | |
lowCount: | |
description: LowCount is the number of vulnerabilities with Low | |
Severity. | |
minimum: 0 | |
type: integer | |
mediumCount: | |
description: MediumCount is the number of vulnerabilities with | |
Medium Severity. | |
minimum: 0 | |
type: integer | |
noneCount: | |
description: NoneCount is the number of packages without any vulnerability. | |
minimum: 0 | |
type: integer | |
unknownCount: | |
description: UnknownCount is the number of vulnerabilities with | |
unknown severity. | |
minimum: 0 | |
type: integer | |
required: | |
- criticalCount | |
- highCount | |
- lowCount | |
- mediumCount | |
- unknownCount | |
type: object | |
updateTimestamp: | |
description: UpdateTimestamp is a timestamp representing the server | |
time in UTC when this report was updated. | |
format: date-time | |
type: string | |
vulnerabilities: | |
description: Vulnerabilities is a list of operating system (OS) or | |
application software Vulnerability items found in the Artifact. | |
items: | |
description: Vulnerability is the spec for a vulnerability record. | |
properties: | |
class: | |
type: string | |
cvss: | |
additionalProperties: | |
properties: | |
V2Score: | |
type: number | |
V2Vector: | |
type: string | |
V3Score: | |
type: number | |
V3Vector: | |
type: string | |
type: object | |
type: object | |
cvsssource: | |
type: string | |
description: | |
type: string | |
fixedVersion: | |
description: FixedVersion indicates the version of the Resource | |
in which this vulnerability has been fixed. | |
type: string | |
installedVersion: | |
description: InstalledVersion indicates the installed version | |
of the Resource. | |
type: string | |
lastModifiedDate: | |
description: LastModifiedDate indicates the last date CVE has | |
been modified. | |
type: string | |
links: | |
items: | |
type: string | |
type: array | |
packagePath: | |
type: string | |
packageType: | |
type: string | |
primaryLink: | |
type: string | |
publishedDate: | |
description: PublishedDate indicates the date of published CVE. | |
type: string | |
resource: | |
description: Resource is a vulnerable package, application, | |
or library. | |
type: string | |
score: | |
type: number | |
severity: | |
description: Severity level of a vulnerability or a configuration | |
audit check. | |
enum: | |
- CRITICAL | |
- HIGH | |
- MEDIUM | |
- LOW | |
- UNKNOWN | |
type: string | |
target: | |
type: string | |
title: | |
type: string | |
vulnerabilityID: | |
description: VulnerabilityID the vulnerability identifier. | |
type: string | |
required: | |
- fixedVersion | |
- installedVersion | |
- lastModifiedDate | |
- publishedDate | |
- resource | |
- severity | |
- title | |
- vulnerabilityID | |
type: object | |
type: array | |
required: | |
- artifact | |
- os | |
- scanner | |
- summary | |
- updateTimestamp | |
- vulnerabilities | |
type: object | |
required: | |
- report | |
type: object | |
x-kubernetes-preserve-unknown-fields: true | |
served: true | |
storage: true | |
subresources: {} | |
--- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment