gitea-bot
7a96d06727
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2259 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
281 lines
11 KiB
YAML
281 lines
11 KiB
YAML
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
name: vulnerabilityreports.aquasecurity.github.io
|
|
spec:
|
|
group: aquasecurity.github.io
|
|
names:
|
|
kind: VulnerabilityReport
|
|
listKind: VulnerabilityReportList
|
|
plural: vulnerabilityreports
|
|
shortNames:
|
|
- vuln
|
|
- vulns
|
|
singular: vulnerabilityreport
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The name of image repository
|
|
jsonPath: .report.artifact.repository
|
|
name: Repository
|
|
type: string
|
|
- description: The name of image tag
|
|
jsonPath: .report.artifact.tag
|
|
name: Tag
|
|
type: string
|
|
- description: The name of the vulnerability scanner
|
|
jsonPath: .report.scanner.name
|
|
name: Scanner
|
|
type: string
|
|
- description: The age of the report
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- description: The number of critical vulnerabilities
|
|
jsonPath: .report.summary.criticalCount
|
|
name: Critical
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of high vulnerabilities
|
|
jsonPath: .report.summary.highCount
|
|
name: High
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of medium vulnerabilities
|
|
jsonPath: .report.summary.mediumCount
|
|
name: Medium
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of low vulnerabilities
|
|
jsonPath: .report.summary.lowCount
|
|
name: Low
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of unknown vulnerabilities
|
|
jsonPath: .report.summary.unknownCount
|
|
name: Unknown
|
|
priority: 1
|
|
type: integer
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: |-
|
|
VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
|
|
built into container images.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
report:
|
|
description: Report is the actual vulnerability report data.
|
|
properties:
|
|
artifact:
|
|
description: |-
|
|
Artifact represents a standalone, executable package of software that includes everything needed to
|
|
run an application.
|
|
properties:
|
|
digest:
|
|
description: Digest is a unique and immutable identifier of an Artifact.
|
|
type: string
|
|
mimeType:
|
|
description: MimeType represents a type and format of an Artifact.
|
|
type: string
|
|
repository:
|
|
description: Repository is the name of the repository in the Artifact registry.
|
|
type: string
|
|
tag:
|
|
description: Tag is a mutable, human-readable string used to identify an Artifact.
|
|
type: string
|
|
type: object
|
|
os:
|
|
description: OS information of the artifact
|
|
properties:
|
|
eosl:
|
|
description: Eosl is true if OS version has reached end of service life
|
|
type: boolean
|
|
family:
|
|
description: Operating System Family
|
|
type: string
|
|
name:
|
|
description: Name or version of the OS
|
|
type: string
|
|
type: object
|
|
registry:
|
|
description: Registry is the registry the Artifact was pulled from.
|
|
properties:
|
|
server:
|
|
description: Server the FQDN of registry server.
|
|
type: string
|
|
type: object
|
|
scanner:
|
|
description: Scanner is the scanner that generated this report.
|
|
properties:
|
|
name:
|
|
description: Name the name of the scanner.
|
|
type: string
|
|
vendor:
|
|
description: Vendor the name of the vendor providing the scanner.
|
|
type: string
|
|
version:
|
|
description: Version the version of the scanner.
|
|
type: string
|
|
required:
|
|
- name
|
|
- vendor
|
|
- version
|
|
type: object
|
|
summary:
|
|
description: Summary is a summary of Vulnerability counts grouped by Severity.
|
|
properties:
|
|
criticalCount:
|
|
description: CriticalCount is the number of vulnerabilities with Critical Severity.
|
|
minimum: 0
|
|
type: integer
|
|
highCount:
|
|
description: HighCount is the number of vulnerabilities with High Severity.
|
|
minimum: 0
|
|
type: integer
|
|
lowCount:
|
|
description: LowCount is the number of vulnerabilities with Low Severity.
|
|
minimum: 0
|
|
type: integer
|
|
mediumCount:
|
|
description: MediumCount is the number of vulnerabilities with Medium Severity.
|
|
minimum: 0
|
|
type: integer
|
|
noneCount:
|
|
description: NoneCount is the number of packages without any vulnerability.
|
|
minimum: 0
|
|
type: integer
|
|
unknownCount:
|
|
description: UnknownCount is the number of vulnerabilities with unknown severity.
|
|
minimum: 0
|
|
type: integer
|
|
required:
|
|
- criticalCount
|
|
- highCount
|
|
- lowCount
|
|
- mediumCount
|
|
- unknownCount
|
|
type: object
|
|
updateTimestamp:
|
|
description: UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
|
|
format: date-time
|
|
type: string
|
|
vulnerabilities:
|
|
description: Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
|
|
items:
|
|
description: Vulnerability is the spec for a vulnerability record.
|
|
properties:
|
|
class:
|
|
type: string
|
|
cvss:
|
|
additionalProperties:
|
|
properties:
|
|
V2Score:
|
|
type: number
|
|
V2Vector:
|
|
type: string
|
|
V3Score:
|
|
type: number
|
|
V3Vector:
|
|
type: string
|
|
V40Score:
|
|
type: number
|
|
V40Vector:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
cvsssource:
|
|
type: string
|
|
description:
|
|
type: string
|
|
fixedVersion:
|
|
description: FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
|
|
type: string
|
|
installedVersion:
|
|
description: InstalledVersion indicates the installed version of the Resource.
|
|
type: string
|
|
lastModifiedDate:
|
|
description: LastModifiedDate indicates the last date CVE has been modified.
|
|
type: string
|
|
links:
|
|
items:
|
|
type: string
|
|
type: array
|
|
packagePURL:
|
|
type: string
|
|
packagePath:
|
|
type: string
|
|
packageType:
|
|
type: string
|
|
primaryLink:
|
|
type: string
|
|
publishedDate:
|
|
description: PublishedDate indicates the date of published CVE.
|
|
type: string
|
|
resource:
|
|
description: Resource is a vulnerable package, application, or library.
|
|
type: string
|
|
score:
|
|
type: number
|
|
severity:
|
|
description: Severity level of a vulnerability or a configuration audit check.
|
|
enum:
|
|
- CRITICAL
|
|
- HIGH
|
|
- MEDIUM
|
|
- LOW
|
|
- UNKNOWN
|
|
type: string
|
|
target:
|
|
type: string
|
|
title:
|
|
type: string
|
|
vulnerabilityID:
|
|
description: VulnerabilityID the vulnerability identifier.
|
|
type: string
|
|
required:
|
|
- fixedVersion
|
|
- installedVersion
|
|
- lastModifiedDate
|
|
- publishedDate
|
|
- resource
|
|
- severity
|
|
- title
|
|
- vulnerabilityID
|
|
type: object
|
|
type: array
|
|
required:
|
|
- artifact
|
|
- os
|
|
- scanner
|
|
- summary
|
|
- updateTimestamp
|
|
- vulnerabilities
|
|
type: object
|
|
required:
|
|
- report
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
served: true
|
|
storage: true
|
|
subresources: {}
|