forked from aquasecurity/trivy-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
clustervulnerabilityreports.crd.yaml
242 lines (242 loc) · 8.99 KB
/
clustervulnerabilityreports.crd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clustervulnerabilityreports.aquasecurity.github.io
labels:
app.kubernetes.io/managed-by: trivy-operator
app.kubernetes.io/version: "0.0.5"
spec:
group: aquasecurity.github.io
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
description: |
ClusterVulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
built into container images.
type: object
required:
- apiVersion
- kind
- metadata
- report
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
report:
description: |
Report is the actual vulnerability report data.
type: object
required:
- updateTimestamp
- scanner
- artifact
- summary
- vulnerabilities
properties:
updateTimestamp:
description: |
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
type: string
format: date-time
scanner:
description: |
Scanner is the scanner that generated this report.
type: object
required:
- name
- vendor
- version
properties:
name:
description: |
Name the name of the scanner.
type: string
vendor:
description: |
Vendor the name of the vendor providing the scanner.
type: string
version:
description: |
Version the version of the scanner.
type: string
registry:
description: |
Registry is the registry the Artifact was pulled from.
type: object
properties:
server:
description: |
Server the FQDN of registry server.
type: string
artifact:
description: |
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
type: object
properties:
repository:
description: |
Repository is the name of the repository in the Artifact registry.
type: string
digest:
description: |
Digest is a unique and immutable identifier of an Artifact.
type: string
tag:
description: |
Tag is a mutable, human-readable string used to identify an Artifact.
type: string
mimeType:
description: |
MimeType represents a type and format of an Artifact.
type: string
summary:
description: |
Summary is a summary of Vulnerability counts grouped by Severity.
type: object
required:
- criticalCount
- highCount
- mediumCount
- lowCount
- unknownCount
properties:
criticalCount:
description: |
CriticalCount is the number of vulnerabilities with Critical Severity.
type: integer
minimum: 0
highCount:
description: |
HighCount is the number of vulnerabilities with High Severity.
type: integer
minimum: 0
mediumCount:
description: |
MediumCount is the number of vulnerabilities with Medium Severity.
type: integer
minimum: 0
lowCount:
description: |
LowCount is the number of vulnerabilities with Low Severity.
type: integer
minimum: 0
unknownCount:
description: |
UnknownCount is the number of vulnerabilities with unknown severity.
type: integer
minimum: 0
noneCount:
description: |
NoneCount is the number of packages without any vulnerability.
type: integer
minimum: 0
vulnerabilities:
description: |
Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
type: array
items:
type: object
required:
- vulnerabilityID
- resource
- installedVersion
- fixedVersion
- severity
- title
properties:
vulnerabilityID:
description: |
VulnerabilityID the vulnerability identifier.
type: string
resource:
description: |
Resource is a vulnerable package, application, or library.
type: string
installedVersion:
description: |
InstalledVersion indicates the installed version of the Resource.
type: string
fixedVersion:
description: |
FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
type: string
score:
type: number
severity:
type: string
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
title:
type: string
description:
type: string
primaryLink:
type: string
links:
type: array
items:
type: string
additionalPrinterColumns:
- jsonPath: .report.artifact.repository
type: string
name: Repository
description: The name of image repository
- jsonPath: .report.artifact.tag
type: string
name: Tag
description: The name of image tag
- jsonPath: .report.scanner.name
type: string
name: Scanner
description: The name of the vulnerability scanner
- jsonPath: .metadata.creationTimestamp
type: date
name: Age
description: The age of the report
- jsonPath: .report.summary.criticalCount
type: integer
name: Critical
description: The number of critical vulnerabilities
priority: 1
- jsonPath: .report.summary.highCount
type: integer
name: High
description: The number of high vulnerabilities
priority: 1
- jsonPath: .report.summary.mediumCount
type: integer
name: Medium
description: The number of medium vulnerabilities
priority: 1
- jsonPath: .report.summary.lowCount
type: integer
name: Low
description: The number of low vulnerabilities
priority: 1
- jsonPath: .report.summary.unknownCount
type: integer
name: Unknown
description: The number of unknown vulnerabilities
priority: 1
scope: Cluster
names:
singular: clustervulnerabilityreport
plural: clustervulnerabilityreports
kind: ClusterVulnerabilityReport
listKind: ClusterVulnerabilityReportList
shortNames:
- clustervuln
- clustervulns