@kwirthmagnify/kwirth-plugin-trivy 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/back.js +1366 -0
- package/front.js +12587 -0
- package/package.json +8 -0
package/back.js
ADDED
|
@@ -0,0 +1,1366 @@
|
|
|
1
|
+
var __create = Object.create;
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
6
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
var __commonJS = (cb, mod) => function __require() {
|
|
8
|
+
return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
|
|
9
|
+
};
|
|
10
|
+
var __export = (target, all) => {
|
|
11
|
+
for (var name in all)
|
|
12
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
13
|
+
};
|
|
14
|
+
var __copyProps = (to, from, except, desc) => {
|
|
15
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
16
|
+
for (let key of __getOwnPropNames(from))
|
|
17
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
18
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
19
|
+
}
|
|
20
|
+
return to;
|
|
21
|
+
};
|
|
22
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
23
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
24
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
25
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
26
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
27
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
28
|
+
mod
|
|
29
|
+
));
|
|
30
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
31
|
+
|
|
32
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/Channel.js
|
|
33
|
+
var require_Channel = __commonJS({
|
|
34
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/Channel.js"(exports2) {
|
|
35
|
+
"use strict";
|
|
36
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
37
|
+
exports2.EClusterType = exports2.ClusterTypeEnum = void 0;
|
|
38
|
+
var ClusterTypeEnum;
|
|
39
|
+
(function(ClusterTypeEnum2) {
|
|
40
|
+
ClusterTypeEnum2["KUBERNETES"] = "kubernetes";
|
|
41
|
+
ClusterTypeEnum2["DOCKER"] = "docker";
|
|
42
|
+
})(ClusterTypeEnum || (exports2.ClusterTypeEnum = ClusterTypeEnum = {}));
|
|
43
|
+
var EClusterType2;
|
|
44
|
+
(function(EClusterType3) {
|
|
45
|
+
EClusterType3["KUBERNETES"] = "kubernetes";
|
|
46
|
+
EClusterType3["DOCKER"] = "docker";
|
|
47
|
+
})(EClusterType2 || (exports2.EClusterType = EClusterType2 = {}));
|
|
48
|
+
}
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/Sender.js
|
|
52
|
+
var require_Sender = __commonJS({
|
|
53
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/Sender.js"(exports2) {
|
|
54
|
+
"use strict";
|
|
55
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/InstanceMessage.js
|
|
60
|
+
var require_InstanceMessage = __commonJS({
|
|
61
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/InstanceMessage.js"(exports2) {
|
|
62
|
+
"use strict";
|
|
63
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
64
|
+
exports2.EInstanceMessageFlow = exports2.InstanceMessageFlowEnum = exports2.EInstanceMessageAction = exports2.InstanceMessageActionEnum = exports2.EInstanceMessageType = exports2.InstanceMessageTypeEnum = exports2.EInstanceMessageChannel = exports2.InstanceMessageChannelEnum = void 0;
|
|
65
|
+
var InstanceMessageChannelEnum;
|
|
66
|
+
(function(InstanceMessageChannelEnum2) {
|
|
67
|
+
InstanceMessageChannelEnum2["NONE"] = "none";
|
|
68
|
+
InstanceMessageChannelEnum2["LOG"] = "log";
|
|
69
|
+
InstanceMessageChannelEnum2["METRICS"] = "metrics";
|
|
70
|
+
InstanceMessageChannelEnum2["AUDIT"] = "audit";
|
|
71
|
+
InstanceMessageChannelEnum2["OPS"] = "ops";
|
|
72
|
+
InstanceMessageChannelEnum2["ALERT"] = "alert";
|
|
73
|
+
InstanceMessageChannelEnum2["TRIVY"] = "trivy";
|
|
74
|
+
})(InstanceMessageChannelEnum || (exports2.InstanceMessageChannelEnum = InstanceMessageChannelEnum = {}));
|
|
75
|
+
var EInstanceMessageChannel2;
|
|
76
|
+
(function(EInstanceMessageChannel3) {
|
|
77
|
+
EInstanceMessageChannel3["NONE"] = "none";
|
|
78
|
+
EInstanceMessageChannel3["LOG"] = "log";
|
|
79
|
+
EInstanceMessageChannel3["METRICS"] = "metrics";
|
|
80
|
+
EInstanceMessageChannel3["AUDIT"] = "audit";
|
|
81
|
+
EInstanceMessageChannel3["OPS"] = "ops";
|
|
82
|
+
EInstanceMessageChannel3["ALERT"] = "alert";
|
|
83
|
+
EInstanceMessageChannel3["TRIVY"] = "trivy";
|
|
84
|
+
EInstanceMessageChannel3["MAGNIFY"] = "magnify";
|
|
85
|
+
})(EInstanceMessageChannel2 || (exports2.EInstanceMessageChannel = EInstanceMessageChannel2 = {}));
|
|
86
|
+
var InstanceMessageTypeEnum;
|
|
87
|
+
(function(InstanceMessageTypeEnum2) {
|
|
88
|
+
InstanceMessageTypeEnum2["DATA"] = "data";
|
|
89
|
+
InstanceMessageTypeEnum2["SIGNAL"] = "signal";
|
|
90
|
+
})(InstanceMessageTypeEnum || (exports2.InstanceMessageTypeEnum = InstanceMessageTypeEnum = {}));
|
|
91
|
+
var EInstanceMessageType2;
|
|
92
|
+
(function(EInstanceMessageType3) {
|
|
93
|
+
EInstanceMessageType3["DATA"] = "data";
|
|
94
|
+
EInstanceMessageType3["SIGNAL"] = "signal";
|
|
95
|
+
})(EInstanceMessageType2 || (exports2.EInstanceMessageType = EInstanceMessageType2 = {}));
|
|
96
|
+
var InstanceMessageActionEnum;
|
|
97
|
+
(function(InstanceMessageActionEnum2) {
|
|
98
|
+
InstanceMessageActionEnum2["NONE"] = "none";
|
|
99
|
+
InstanceMessageActionEnum2["ROUTE"] = "route";
|
|
100
|
+
InstanceMessageActionEnum2["START"] = "start";
|
|
101
|
+
InstanceMessageActionEnum2["STOP"] = "stop";
|
|
102
|
+
InstanceMessageActionEnum2["PAUSE"] = "pause";
|
|
103
|
+
InstanceMessageActionEnum2["CONTINUE"] = "continue";
|
|
104
|
+
InstanceMessageActionEnum2["MODIFY"] = "modify";
|
|
105
|
+
InstanceMessageActionEnum2["PING"] = "ping";
|
|
106
|
+
InstanceMessageActionEnum2["RECONNECT"] = "reconnect";
|
|
107
|
+
InstanceMessageActionEnum2["COMMAND"] = "command";
|
|
108
|
+
InstanceMessageActionEnum2["WEBSOCKET"] = "websocket";
|
|
109
|
+
})(InstanceMessageActionEnum || (exports2.InstanceMessageActionEnum = InstanceMessageActionEnum = {}));
|
|
110
|
+
var EInstanceMessageAction2;
|
|
111
|
+
(function(EInstanceMessageAction3) {
|
|
112
|
+
EInstanceMessageAction3["NONE"] = "none";
|
|
113
|
+
EInstanceMessageAction3["RI"] = "ri";
|
|
114
|
+
EInstanceMessageAction3["ROUTE"] = "route";
|
|
115
|
+
EInstanceMessageAction3["START"] = "start";
|
|
116
|
+
EInstanceMessageAction3["STOP"] = "stop";
|
|
117
|
+
EInstanceMessageAction3["PAUSE"] = "pause";
|
|
118
|
+
EInstanceMessageAction3["CONTINUE"] = "continue";
|
|
119
|
+
EInstanceMessageAction3["MODIFY"] = "modify";
|
|
120
|
+
EInstanceMessageAction3["PING"] = "ping";
|
|
121
|
+
EInstanceMessageAction3["RECONNECT"] = "reconnect";
|
|
122
|
+
EInstanceMessageAction3["COMMAND"] = "command";
|
|
123
|
+
EInstanceMessageAction3["WEBSOCKET"] = "websocket";
|
|
124
|
+
})(EInstanceMessageAction2 || (exports2.EInstanceMessageAction = EInstanceMessageAction2 = {}));
|
|
125
|
+
var InstanceMessageFlowEnum;
|
|
126
|
+
(function(InstanceMessageFlowEnum2) {
|
|
127
|
+
InstanceMessageFlowEnum2["IMMEDIATE"] = "immediate";
|
|
128
|
+
InstanceMessageFlowEnum2["REQUEST"] = "request";
|
|
129
|
+
InstanceMessageFlowEnum2["RESPONSE"] = "response";
|
|
130
|
+
InstanceMessageFlowEnum2["UNSOLICITED"] = "unsolicited";
|
|
131
|
+
})(InstanceMessageFlowEnum || (exports2.InstanceMessageFlowEnum = InstanceMessageFlowEnum = {}));
|
|
132
|
+
var EInstanceMessageFlow2;
|
|
133
|
+
(function(EInstanceMessageFlow3) {
|
|
134
|
+
EInstanceMessageFlow3["IMMEDIATE"] = "immediate";
|
|
135
|
+
EInstanceMessageFlow3["REQUEST"] = "request";
|
|
136
|
+
EInstanceMessageFlow3["RESPONSE"] = "response";
|
|
137
|
+
EInstanceMessageFlow3["UNSOLICITED"] = "unsolicited";
|
|
138
|
+
})(EInstanceMessageFlow2 || (exports2.EInstanceMessageFlow = EInstanceMessageFlow2 = {}));
|
|
139
|
+
}
|
|
140
|
+
});
|
|
141
|
+
|
|
142
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/InstanceConfig.js
|
|
143
|
+
var require_InstanceConfig = __commonJS({
|
|
144
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/InstanceConfig.js"(exports2) {
|
|
145
|
+
"use strict";
|
|
146
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
147
|
+
exports2.EInstanceConfigScope = exports2.EInstanceConfigView = exports2.EInstanceConfigObject = exports2.InstanceConfigScopeEnum = exports2.InstanceConfigViewEnum = exports2.InstanceConfigObjectEnum = void 0;
|
|
148
|
+
var InstanceConfigObjectEnum;
|
|
149
|
+
(function(InstanceConfigObjectEnum2) {
|
|
150
|
+
InstanceConfigObjectEnum2["PODS"] = "pods";
|
|
151
|
+
InstanceConfigObjectEnum2["EVENTS"] = "events";
|
|
152
|
+
})(InstanceConfigObjectEnum || (exports2.InstanceConfigObjectEnum = InstanceConfigObjectEnum = {}));
|
|
153
|
+
var InstanceConfigViewEnum;
|
|
154
|
+
(function(InstanceConfigViewEnum2) {
|
|
155
|
+
InstanceConfigViewEnum2["NONE"] = "none";
|
|
156
|
+
InstanceConfigViewEnum2["CLUSTER"] = "cluster";
|
|
157
|
+
InstanceConfigViewEnum2["NAMESPACE"] = "namespace";
|
|
158
|
+
InstanceConfigViewEnum2["GROUP"] = "group";
|
|
159
|
+
InstanceConfigViewEnum2["POD"] = "pod";
|
|
160
|
+
InstanceConfigViewEnum2["CONTAINER"] = "container";
|
|
161
|
+
})(InstanceConfigViewEnum || (exports2.InstanceConfigViewEnum = InstanceConfigViewEnum = {}));
|
|
162
|
+
var InstanceConfigScopeEnum;
|
|
163
|
+
(function(InstanceConfigScopeEnum2) {
|
|
164
|
+
InstanceConfigScopeEnum2["NONE"] = "none";
|
|
165
|
+
InstanceConfigScopeEnum2["API"] = "api";
|
|
166
|
+
InstanceConfigScopeEnum2["CLUSTER"] = "cluster";
|
|
167
|
+
InstanceConfigScopeEnum2["FILTER"] = "filter";
|
|
168
|
+
InstanceConfigScopeEnum2["VIEW"] = "view";
|
|
169
|
+
InstanceConfigScopeEnum2["SNAPSHOT"] = "snapshot";
|
|
170
|
+
InstanceConfigScopeEnum2["STREAM"] = "stream";
|
|
171
|
+
InstanceConfigScopeEnum2["CREATE"] = "create";
|
|
172
|
+
InstanceConfigScopeEnum2["SUBSCRIBE"] = "subscribe";
|
|
173
|
+
InstanceConfigScopeEnum2["GET"] = "get";
|
|
174
|
+
InstanceConfigScopeEnum2["EXECUTE"] = "execute";
|
|
175
|
+
InstanceConfigScopeEnum2["RESTART"] = "restart";
|
|
176
|
+
InstanceConfigScopeEnum2["WORKLOAD"] = "workload";
|
|
177
|
+
InstanceConfigScopeEnum2["KUBERNETES"] = "kubernetes";
|
|
178
|
+
})(InstanceConfigScopeEnum || (exports2.InstanceConfigScopeEnum = InstanceConfigScopeEnum = {}));
|
|
179
|
+
var EInstanceConfigObject;
|
|
180
|
+
(function(EInstanceConfigObject2) {
|
|
181
|
+
EInstanceConfigObject2["PODS"] = "pods";
|
|
182
|
+
EInstanceConfigObject2["EVENTS"] = "events";
|
|
183
|
+
})(EInstanceConfigObject || (exports2.EInstanceConfigObject = EInstanceConfigObject = {}));
|
|
184
|
+
var EInstanceConfigView;
|
|
185
|
+
(function(EInstanceConfigView2) {
|
|
186
|
+
EInstanceConfigView2["NONE"] = "none";
|
|
187
|
+
EInstanceConfigView2["CLUSTER"] = "cluster";
|
|
188
|
+
EInstanceConfigView2["NAMESPACE"] = "namespace";
|
|
189
|
+
EInstanceConfigView2["GROUP"] = "group";
|
|
190
|
+
EInstanceConfigView2["POD"] = "pod";
|
|
191
|
+
EInstanceConfigView2["CONTAINER"] = "container";
|
|
192
|
+
})(EInstanceConfigView || (exports2.EInstanceConfigView = EInstanceConfigView = {}));
|
|
193
|
+
var EInstanceConfigScope;
|
|
194
|
+
(function(EInstanceConfigScope2) {
|
|
195
|
+
EInstanceConfigScope2["NONE"] = "none";
|
|
196
|
+
EInstanceConfigScope2["API"] = "api";
|
|
197
|
+
EInstanceConfigScope2["CLUSTER"] = "cluster";
|
|
198
|
+
EInstanceConfigScope2["FILTER"] = "filter";
|
|
199
|
+
EInstanceConfigScope2["VIEW"] = "view";
|
|
200
|
+
EInstanceConfigScope2["SNAPSHOT"] = "snapshot";
|
|
201
|
+
EInstanceConfigScope2["STREAM"] = "stream";
|
|
202
|
+
EInstanceConfigScope2["CREATE"] = "create";
|
|
203
|
+
EInstanceConfigScope2["SUBSCRIBE"] = "subscribe";
|
|
204
|
+
EInstanceConfigScope2["GET"] = "get";
|
|
205
|
+
EInstanceConfigScope2["EXECUTE"] = "execute";
|
|
206
|
+
EInstanceConfigScope2["RESTART"] = "restart";
|
|
207
|
+
EInstanceConfigScope2["WORKLOAD"] = "workload";
|
|
208
|
+
EInstanceConfigScope2["KUBERNETES"] = "kubernetes";
|
|
209
|
+
})(EInstanceConfigScope || (exports2.EInstanceConfigScope = EInstanceConfigScope = {}));
|
|
210
|
+
}
|
|
211
|
+
});
|
|
212
|
+
|
|
213
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/RouteMessage.js
|
|
214
|
+
var require_RouteMessage = __commonJS({
|
|
215
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/RouteMessage.js"(exports2) {
|
|
216
|
+
"use strict";
|
|
217
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
218
|
+
}
|
|
219
|
+
});
|
|
220
|
+
|
|
221
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/SignalMessage.js
|
|
222
|
+
var require_SignalMessage = __commonJS({
|
|
223
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/SignalMessage.js"(exports2) {
|
|
224
|
+
"use strict";
|
|
225
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
226
|
+
exports2.ESignalMessageEvent = exports2.ESignalMessageLevel = exports2.SignalMessageEventEnum = exports2.SignalMessageLevelEnum = void 0;
|
|
227
|
+
var SignalMessageLevelEnum;
|
|
228
|
+
(function(SignalMessageLevelEnum2) {
|
|
229
|
+
SignalMessageLevelEnum2["INFO"] = "info";
|
|
230
|
+
SignalMessageLevelEnum2["WARNING"] = "warning";
|
|
231
|
+
SignalMessageLevelEnum2["ERROR"] = "error";
|
|
232
|
+
})(SignalMessageLevelEnum || (exports2.SignalMessageLevelEnum = SignalMessageLevelEnum = {}));
|
|
233
|
+
var SignalMessageEventEnum;
|
|
234
|
+
(function(SignalMessageEventEnum2) {
|
|
235
|
+
SignalMessageEventEnum2["ADD"] = "add";
|
|
236
|
+
SignalMessageEventEnum2["DELETE"] = "delete";
|
|
237
|
+
SignalMessageEventEnum2["OTHER"] = "other";
|
|
238
|
+
})(SignalMessageEventEnum || (exports2.SignalMessageEventEnum = SignalMessageEventEnum = {}));
|
|
239
|
+
var ESignalMessageLevel2;
|
|
240
|
+
(function(ESignalMessageLevel3) {
|
|
241
|
+
ESignalMessageLevel3["INFO"] = "info";
|
|
242
|
+
ESignalMessageLevel3["WARNING"] = "warning";
|
|
243
|
+
ESignalMessageLevel3["ERROR"] = "error";
|
|
244
|
+
})(ESignalMessageLevel2 || (exports2.ESignalMessageLevel = ESignalMessageLevel2 = {}));
|
|
245
|
+
var ESignalMessageEvent;
|
|
246
|
+
(function(ESignalMessageEvent2) {
|
|
247
|
+
ESignalMessageEvent2["ADD"] = "add";
|
|
248
|
+
ESignalMessageEvent2["DELETE"] = "delete";
|
|
249
|
+
ESignalMessageEvent2["OTHER"] = "other";
|
|
250
|
+
})(ESignalMessageEvent || (exports2.ESignalMessageEvent = ESignalMessageEvent = {}));
|
|
251
|
+
}
|
|
252
|
+
});
|
|
253
|
+
|
|
254
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/ApiKey.js
|
|
255
|
+
var require_ApiKey = __commonJS({
|
|
256
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/ApiKey.js"(exports2) {
|
|
257
|
+
"use strict";
|
|
258
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
259
|
+
}
|
|
260
|
+
});
|
|
261
|
+
|
|
262
|
+
// node_modules/uuid/dist/cjs/max.js
|
|
263
|
+
var require_max = __commonJS({
|
|
264
|
+
"node_modules/uuid/dist/cjs/max.js"(exports2) {
|
|
265
|
+
"use strict";
|
|
266
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
267
|
+
exports2.default = "ffffffff-ffff-ffff-ffff-ffffffffffff";
|
|
268
|
+
}
|
|
269
|
+
});
|
|
270
|
+
|
|
271
|
+
// node_modules/uuid/dist/cjs/nil.js
|
|
272
|
+
var require_nil = __commonJS({
|
|
273
|
+
"node_modules/uuid/dist/cjs/nil.js"(exports2) {
|
|
274
|
+
"use strict";
|
|
275
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
276
|
+
exports2.default = "00000000-0000-0000-0000-000000000000";
|
|
277
|
+
}
|
|
278
|
+
});
|
|
279
|
+
|
|
280
|
+
// node_modules/uuid/dist/cjs/regex.js
|
|
281
|
+
var require_regex = __commonJS({
|
|
282
|
+
"node_modules/uuid/dist/cjs/regex.js"(exports2) {
|
|
283
|
+
"use strict";
|
|
284
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
285
|
+
exports2.default = /^(?:[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$/i;
|
|
286
|
+
}
|
|
287
|
+
});
|
|
288
|
+
|
|
289
|
+
// node_modules/uuid/dist/cjs/validate.js
|
|
290
|
+
var require_validate = __commonJS({
|
|
291
|
+
"node_modules/uuid/dist/cjs/validate.js"(exports2) {
|
|
292
|
+
"use strict";
|
|
293
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
294
|
+
var regex_js_1 = require_regex();
|
|
295
|
+
function validate(uuid) {
|
|
296
|
+
return typeof uuid === "string" && regex_js_1.default.test(uuid);
|
|
297
|
+
}
|
|
298
|
+
exports2.default = validate;
|
|
299
|
+
}
|
|
300
|
+
});
|
|
301
|
+
|
|
302
|
+
// node_modules/uuid/dist/cjs/parse.js
|
|
303
|
+
var require_parse = __commonJS({
|
|
304
|
+
"node_modules/uuid/dist/cjs/parse.js"(exports2) {
|
|
305
|
+
"use strict";
|
|
306
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
307
|
+
var validate_js_1 = require_validate();
|
|
308
|
+
function parse(uuid) {
|
|
309
|
+
if (!(0, validate_js_1.default)(uuid)) {
|
|
310
|
+
throw TypeError("Invalid UUID");
|
|
311
|
+
}
|
|
312
|
+
let v;
|
|
313
|
+
return Uint8Array.of((v = parseInt(uuid.slice(0, 8), 16)) >>> 24, v >>> 16 & 255, v >>> 8 & 255, v & 255, (v = parseInt(uuid.slice(9, 13), 16)) >>> 8, v & 255, (v = parseInt(uuid.slice(14, 18), 16)) >>> 8, v & 255, (v = parseInt(uuid.slice(19, 23), 16)) >>> 8, v & 255, (v = parseInt(uuid.slice(24, 36), 16)) / 1099511627776 & 255, v / 4294967296 & 255, v >>> 24 & 255, v >>> 16 & 255, v >>> 8 & 255, v & 255);
|
|
314
|
+
}
|
|
315
|
+
exports2.default = parse;
|
|
316
|
+
}
|
|
317
|
+
});
|
|
318
|
+
|
|
319
|
+
// node_modules/uuid/dist/cjs/stringify.js
|
|
320
|
+
var require_stringify = __commonJS({
|
|
321
|
+
"node_modules/uuid/dist/cjs/stringify.js"(exports2) {
|
|
322
|
+
"use strict";
|
|
323
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
324
|
+
exports2.unsafeStringify = void 0;
|
|
325
|
+
var validate_js_1 = require_validate();
|
|
326
|
+
var byteToHex = [];
|
|
327
|
+
for (let i = 0; i < 256; ++i) {
|
|
328
|
+
byteToHex.push((i + 256).toString(16).slice(1));
|
|
329
|
+
}
|
|
330
|
+
function unsafeStringify(arr, offset = 0) {
|
|
331
|
+
return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();
|
|
332
|
+
}
|
|
333
|
+
exports2.unsafeStringify = unsafeStringify;
|
|
334
|
+
function stringify(arr, offset = 0) {
|
|
335
|
+
const uuid = unsafeStringify(arr, offset);
|
|
336
|
+
if (!(0, validate_js_1.default)(uuid)) {
|
|
337
|
+
throw TypeError("Stringified UUID is invalid");
|
|
338
|
+
}
|
|
339
|
+
return uuid;
|
|
340
|
+
}
|
|
341
|
+
exports2.default = stringify;
|
|
342
|
+
}
|
|
343
|
+
});
|
|
344
|
+
|
|
345
|
+
// node_modules/uuid/dist/cjs/rng.js
|
|
346
|
+
var require_rng = __commonJS({
|
|
347
|
+
"node_modules/uuid/dist/cjs/rng.js"(exports2) {
|
|
348
|
+
"use strict";
|
|
349
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
350
|
+
var crypto_1 = require("crypto");
|
|
351
|
+
var rnds8Pool = new Uint8Array(256);
|
|
352
|
+
var poolPtr = rnds8Pool.length;
|
|
353
|
+
function rng() {
|
|
354
|
+
if (poolPtr > rnds8Pool.length - 16) {
|
|
355
|
+
(0, crypto_1.randomFillSync)(rnds8Pool);
|
|
356
|
+
poolPtr = 0;
|
|
357
|
+
}
|
|
358
|
+
return rnds8Pool.slice(poolPtr, poolPtr += 16);
|
|
359
|
+
}
|
|
360
|
+
exports2.default = rng;
|
|
361
|
+
}
|
|
362
|
+
});
|
|
363
|
+
|
|
364
|
+
// node_modules/uuid/dist/cjs/v1.js
|
|
365
|
+
var require_v1 = __commonJS({
|
|
366
|
+
"node_modules/uuid/dist/cjs/v1.js"(exports2) {
|
|
367
|
+
"use strict";
|
|
368
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
369
|
+
exports2.updateV1State = void 0;
|
|
370
|
+
var rng_js_1 = require_rng();
|
|
371
|
+
var stringify_js_1 = require_stringify();
|
|
372
|
+
var _state = {};
|
|
373
|
+
function v1(options, buf, offset) {
|
|
374
|
+
let bytes;
|
|
375
|
+
const isV6 = options?._v6 ?? false;
|
|
376
|
+
if (options) {
|
|
377
|
+
const optionsKeys = Object.keys(options);
|
|
378
|
+
if (optionsKeys.length === 1 && optionsKeys[0] === "_v6") {
|
|
379
|
+
options = void 0;
|
|
380
|
+
}
|
|
381
|
+
}
|
|
382
|
+
if (options) {
|
|
383
|
+
bytes = v1Bytes(options.random ?? options.rng?.() ?? (0, rng_js_1.default)(), options.msecs, options.nsecs, options.clockseq, options.node, buf, offset);
|
|
384
|
+
} else {
|
|
385
|
+
const now = Date.now();
|
|
386
|
+
const rnds = (0, rng_js_1.default)();
|
|
387
|
+
updateV1State(_state, now, rnds);
|
|
388
|
+
bytes = v1Bytes(rnds, _state.msecs, _state.nsecs, isV6 ? void 0 : _state.clockseq, isV6 ? void 0 : _state.node, buf, offset);
|
|
389
|
+
}
|
|
390
|
+
return buf ?? (0, stringify_js_1.unsafeStringify)(bytes);
|
|
391
|
+
}
|
|
392
|
+
function updateV1State(state, now, rnds) {
|
|
393
|
+
state.msecs ??= -Infinity;
|
|
394
|
+
state.nsecs ??= 0;
|
|
395
|
+
if (now === state.msecs) {
|
|
396
|
+
state.nsecs++;
|
|
397
|
+
if (state.nsecs >= 1e4) {
|
|
398
|
+
state.node = void 0;
|
|
399
|
+
state.nsecs = 0;
|
|
400
|
+
}
|
|
401
|
+
} else if (now > state.msecs) {
|
|
402
|
+
state.nsecs = 0;
|
|
403
|
+
} else if (now < state.msecs) {
|
|
404
|
+
state.node = void 0;
|
|
405
|
+
}
|
|
406
|
+
if (!state.node) {
|
|
407
|
+
state.node = rnds.slice(10, 16);
|
|
408
|
+
state.node[0] |= 1;
|
|
409
|
+
state.clockseq = (rnds[8] << 8 | rnds[9]) & 16383;
|
|
410
|
+
}
|
|
411
|
+
state.msecs = now;
|
|
412
|
+
return state;
|
|
413
|
+
}
|
|
414
|
+
exports2.updateV1State = updateV1State;
|
|
415
|
+
function v1Bytes(rnds, msecs, nsecs, clockseq, node, buf, offset = 0) {
|
|
416
|
+
if (rnds.length < 16) {
|
|
417
|
+
throw new Error("Random bytes length must be >= 16");
|
|
418
|
+
}
|
|
419
|
+
if (!buf) {
|
|
420
|
+
buf = new Uint8Array(16);
|
|
421
|
+
offset = 0;
|
|
422
|
+
} else {
|
|
423
|
+
if (offset < 0 || offset + 16 > buf.length) {
|
|
424
|
+
throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);
|
|
425
|
+
}
|
|
426
|
+
}
|
|
427
|
+
msecs ??= Date.now();
|
|
428
|
+
nsecs ??= 0;
|
|
429
|
+
clockseq ??= (rnds[8] << 8 | rnds[9]) & 16383;
|
|
430
|
+
node ??= rnds.slice(10, 16);
|
|
431
|
+
msecs += 122192928e5;
|
|
432
|
+
const tl = ((msecs & 268435455) * 1e4 + nsecs) % 4294967296;
|
|
433
|
+
buf[offset++] = tl >>> 24 & 255;
|
|
434
|
+
buf[offset++] = tl >>> 16 & 255;
|
|
435
|
+
buf[offset++] = tl >>> 8 & 255;
|
|
436
|
+
buf[offset++] = tl & 255;
|
|
437
|
+
const tmh = msecs / 4294967296 * 1e4 & 268435455;
|
|
438
|
+
buf[offset++] = tmh >>> 8 & 255;
|
|
439
|
+
buf[offset++] = tmh & 255;
|
|
440
|
+
buf[offset++] = tmh >>> 24 & 15 | 16;
|
|
441
|
+
buf[offset++] = tmh >>> 16 & 255;
|
|
442
|
+
buf[offset++] = clockseq >>> 8 | 128;
|
|
443
|
+
buf[offset++] = clockseq & 255;
|
|
444
|
+
for (let n = 0; n < 6; ++n) {
|
|
445
|
+
buf[offset++] = node[n];
|
|
446
|
+
}
|
|
447
|
+
return buf;
|
|
448
|
+
}
|
|
449
|
+
exports2.default = v1;
|
|
450
|
+
}
|
|
451
|
+
});
|
|
452
|
+
|
|
453
|
+
// node_modules/uuid/dist/cjs/v1ToV6.js
|
|
454
|
+
var require_v1ToV6 = __commonJS({
|
|
455
|
+
"node_modules/uuid/dist/cjs/v1ToV6.js"(exports2) {
|
|
456
|
+
"use strict";
|
|
457
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
458
|
+
var parse_js_1 = require_parse();
|
|
459
|
+
var stringify_js_1 = require_stringify();
|
|
460
|
+
function v1ToV6(uuid) {
|
|
461
|
+
const v1Bytes = typeof uuid === "string" ? (0, parse_js_1.default)(uuid) : uuid;
|
|
462
|
+
const v6Bytes = _v1ToV6(v1Bytes);
|
|
463
|
+
return typeof uuid === "string" ? (0, stringify_js_1.unsafeStringify)(v6Bytes) : v6Bytes;
|
|
464
|
+
}
|
|
465
|
+
exports2.default = v1ToV6;
|
|
466
|
+
function _v1ToV6(v1Bytes) {
|
|
467
|
+
return Uint8Array.of((v1Bytes[6] & 15) << 4 | v1Bytes[7] >> 4 & 15, (v1Bytes[7] & 15) << 4 | (v1Bytes[4] & 240) >> 4, (v1Bytes[4] & 15) << 4 | (v1Bytes[5] & 240) >> 4, (v1Bytes[5] & 15) << 4 | (v1Bytes[0] & 240) >> 4, (v1Bytes[0] & 15) << 4 | (v1Bytes[1] & 240) >> 4, (v1Bytes[1] & 15) << 4 | (v1Bytes[2] & 240) >> 4, 96 | v1Bytes[2] & 15, v1Bytes[3], v1Bytes[8], v1Bytes[9], v1Bytes[10], v1Bytes[11], v1Bytes[12], v1Bytes[13], v1Bytes[14], v1Bytes[15]);
|
|
468
|
+
}
|
|
469
|
+
}
|
|
470
|
+
});
|
|
471
|
+
|
|
472
|
+
// node_modules/uuid/dist/cjs/md5.js
|
|
473
|
+
var require_md5 = __commonJS({
|
|
474
|
+
"node_modules/uuid/dist/cjs/md5.js"(exports2) {
|
|
475
|
+
"use strict";
|
|
476
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
477
|
+
var crypto_1 = require("crypto");
|
|
478
|
+
function md5(bytes) {
|
|
479
|
+
if (Array.isArray(bytes)) {
|
|
480
|
+
bytes = Buffer.from(bytes);
|
|
481
|
+
} else if (typeof bytes === "string") {
|
|
482
|
+
bytes = Buffer.from(bytes, "utf8");
|
|
483
|
+
}
|
|
484
|
+
return (0, crypto_1.createHash)("md5").update(bytes).digest();
|
|
485
|
+
}
|
|
486
|
+
exports2.default = md5;
|
|
487
|
+
}
|
|
488
|
+
});
|
|
489
|
+
|
|
490
|
+
// node_modules/uuid/dist/cjs/v35.js
|
|
491
|
+
var require_v35 = __commonJS({
|
|
492
|
+
"node_modules/uuid/dist/cjs/v35.js"(exports2) {
|
|
493
|
+
"use strict";
|
|
494
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
495
|
+
exports2.URL = exports2.DNS = exports2.stringToBytes = void 0;
|
|
496
|
+
var parse_js_1 = require_parse();
|
|
497
|
+
var stringify_js_1 = require_stringify();
|
|
498
|
+
function stringToBytes(str) {
|
|
499
|
+
str = unescape(encodeURIComponent(str));
|
|
500
|
+
const bytes = new Uint8Array(str.length);
|
|
501
|
+
for (let i = 0; i < str.length; ++i) {
|
|
502
|
+
bytes[i] = str.charCodeAt(i);
|
|
503
|
+
}
|
|
504
|
+
return bytes;
|
|
505
|
+
}
|
|
506
|
+
exports2.stringToBytes = stringToBytes;
|
|
507
|
+
exports2.DNS = "6ba7b810-9dad-11d1-80b4-00c04fd430c8";
|
|
508
|
+
exports2.URL = "6ba7b811-9dad-11d1-80b4-00c04fd430c8";
|
|
509
|
+
function v35(version, hash, value, namespace, buf, offset) {
|
|
510
|
+
const valueBytes = typeof value === "string" ? stringToBytes(value) : value;
|
|
511
|
+
const namespaceBytes = typeof namespace === "string" ? (0, parse_js_1.default)(namespace) : namespace;
|
|
512
|
+
if (typeof namespace === "string") {
|
|
513
|
+
namespace = (0, parse_js_1.default)(namespace);
|
|
514
|
+
}
|
|
515
|
+
if (namespace?.length !== 16) {
|
|
516
|
+
throw TypeError("Namespace must be array-like (16 iterable integer values, 0-255)");
|
|
517
|
+
}
|
|
518
|
+
let bytes = new Uint8Array(16 + valueBytes.length);
|
|
519
|
+
bytes.set(namespaceBytes);
|
|
520
|
+
bytes.set(valueBytes, namespaceBytes.length);
|
|
521
|
+
bytes = hash(bytes);
|
|
522
|
+
bytes[6] = bytes[6] & 15 | version;
|
|
523
|
+
bytes[8] = bytes[8] & 63 | 128;
|
|
524
|
+
if (buf) {
|
|
525
|
+
offset = offset || 0;
|
|
526
|
+
if (offset < 0 || offset + 16 > buf.length) {
|
|
527
|
+
throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);
|
|
528
|
+
}
|
|
529
|
+
for (let i = 0; i < 16; ++i) {
|
|
530
|
+
buf[offset + i] = bytes[i];
|
|
531
|
+
}
|
|
532
|
+
return buf;
|
|
533
|
+
}
|
|
534
|
+
return (0, stringify_js_1.unsafeStringify)(bytes);
|
|
535
|
+
}
|
|
536
|
+
exports2.default = v35;
|
|
537
|
+
}
|
|
538
|
+
});
|
|
539
|
+
|
|
540
|
+
// node_modules/uuid/dist/cjs/v3.js
|
|
541
|
+
var require_v3 = __commonJS({
|
|
542
|
+
"node_modules/uuid/dist/cjs/v3.js"(exports2) {
|
|
543
|
+
"use strict";
|
|
544
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
545
|
+
exports2.URL = exports2.DNS = void 0;
|
|
546
|
+
var md5_js_1 = require_md5();
|
|
547
|
+
var v35_js_1 = require_v35();
|
|
548
|
+
var v35_js_2 = require_v35();
|
|
549
|
+
Object.defineProperty(exports2, "DNS", { enumerable: true, get: function() {
|
|
550
|
+
return v35_js_2.DNS;
|
|
551
|
+
} });
|
|
552
|
+
Object.defineProperty(exports2, "URL", { enumerable: true, get: function() {
|
|
553
|
+
return v35_js_2.URL;
|
|
554
|
+
} });
|
|
555
|
+
function v3(value, namespace, buf, offset) {
|
|
556
|
+
return (0, v35_js_1.default)(48, md5_js_1.default, value, namespace, buf, offset);
|
|
557
|
+
}
|
|
558
|
+
v3.DNS = v35_js_1.DNS;
|
|
559
|
+
v3.URL = v35_js_1.URL;
|
|
560
|
+
exports2.default = v3;
|
|
561
|
+
}
|
|
562
|
+
});
|
|
563
|
+
|
|
564
|
+
// node_modules/uuid/dist/cjs/native.js
|
|
565
|
+
var require_native = __commonJS({
|
|
566
|
+
"node_modules/uuid/dist/cjs/native.js"(exports2) {
|
|
567
|
+
"use strict";
|
|
568
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
569
|
+
var crypto_1 = require("crypto");
|
|
570
|
+
exports2.default = { randomUUID: crypto_1.randomUUID };
|
|
571
|
+
}
|
|
572
|
+
});
|
|
573
|
+
|
|
574
|
+
// node_modules/uuid/dist/cjs/v4.js
|
|
575
|
+
var require_v4 = __commonJS({
|
|
576
|
+
"node_modules/uuid/dist/cjs/v4.js"(exports2) {
|
|
577
|
+
"use strict";
|
|
578
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
579
|
+
var native_js_1 = require_native();
|
|
580
|
+
var rng_js_1 = require_rng();
|
|
581
|
+
var stringify_js_1 = require_stringify();
|
|
582
|
+
function v4(options, buf, offset) {
|
|
583
|
+
if (native_js_1.default.randomUUID && !buf && !options) {
|
|
584
|
+
return native_js_1.default.randomUUID();
|
|
585
|
+
}
|
|
586
|
+
options = options || {};
|
|
587
|
+
const rnds = options.random ?? options.rng?.() ?? (0, rng_js_1.default)();
|
|
588
|
+
if (rnds.length < 16) {
|
|
589
|
+
throw new Error("Random bytes length must be >= 16");
|
|
590
|
+
}
|
|
591
|
+
rnds[6] = rnds[6] & 15 | 64;
|
|
592
|
+
rnds[8] = rnds[8] & 63 | 128;
|
|
593
|
+
if (buf) {
|
|
594
|
+
offset = offset || 0;
|
|
595
|
+
if (offset < 0 || offset + 16 > buf.length) {
|
|
596
|
+
throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);
|
|
597
|
+
}
|
|
598
|
+
for (let i = 0; i < 16; ++i) {
|
|
599
|
+
buf[offset + i] = rnds[i];
|
|
600
|
+
}
|
|
601
|
+
return buf;
|
|
602
|
+
}
|
|
603
|
+
return (0, stringify_js_1.unsafeStringify)(rnds);
|
|
604
|
+
}
|
|
605
|
+
exports2.default = v4;
|
|
606
|
+
}
|
|
607
|
+
});
|
|
608
|
+
|
|
609
|
+
// node_modules/uuid/dist/cjs/sha1.js
|
|
610
|
+
var require_sha1 = __commonJS({
|
|
611
|
+
"node_modules/uuid/dist/cjs/sha1.js"(exports2) {
|
|
612
|
+
"use strict";
|
|
613
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
614
|
+
var crypto_1 = require("crypto");
|
|
615
|
+
function sha1(bytes) {
|
|
616
|
+
if (Array.isArray(bytes)) {
|
|
617
|
+
bytes = Buffer.from(bytes);
|
|
618
|
+
} else if (typeof bytes === "string") {
|
|
619
|
+
bytes = Buffer.from(bytes, "utf8");
|
|
620
|
+
}
|
|
621
|
+
return (0, crypto_1.createHash)("sha1").update(bytes).digest();
|
|
622
|
+
}
|
|
623
|
+
exports2.default = sha1;
|
|
624
|
+
}
|
|
625
|
+
});
|
|
626
|
+
|
|
627
|
+
// node_modules/uuid/dist/cjs/v5.js
|
|
628
|
+
var require_v5 = __commonJS({
|
|
629
|
+
"node_modules/uuid/dist/cjs/v5.js"(exports2) {
|
|
630
|
+
"use strict";
|
|
631
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
632
|
+
exports2.URL = exports2.DNS = void 0;
|
|
633
|
+
var sha1_js_1 = require_sha1();
|
|
634
|
+
var v35_js_1 = require_v35();
|
|
635
|
+
var v35_js_2 = require_v35();
|
|
636
|
+
Object.defineProperty(exports2, "DNS", { enumerable: true, get: function() {
|
|
637
|
+
return v35_js_2.DNS;
|
|
638
|
+
} });
|
|
639
|
+
Object.defineProperty(exports2, "URL", { enumerable: true, get: function() {
|
|
640
|
+
return v35_js_2.URL;
|
|
641
|
+
} });
|
|
642
|
+
function v5(value, namespace, buf, offset) {
|
|
643
|
+
return (0, v35_js_1.default)(80, sha1_js_1.default, value, namespace, buf, offset);
|
|
644
|
+
}
|
|
645
|
+
v5.DNS = v35_js_1.DNS;
|
|
646
|
+
v5.URL = v35_js_1.URL;
|
|
647
|
+
exports2.default = v5;
|
|
648
|
+
}
|
|
649
|
+
});
|
|
650
|
+
|
|
651
|
+
// node_modules/uuid/dist/cjs/v6.js
|
|
652
|
+
var require_v6 = __commonJS({
|
|
653
|
+
"node_modules/uuid/dist/cjs/v6.js"(exports2) {
|
|
654
|
+
"use strict";
|
|
655
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
656
|
+
var stringify_js_1 = require_stringify();
|
|
657
|
+
var v1_js_1 = require_v1();
|
|
658
|
+
var v1ToV6_js_1 = require_v1ToV6();
|
|
659
|
+
function v6(options, buf, offset) {
|
|
660
|
+
options ??= {};
|
|
661
|
+
offset ??= 0;
|
|
662
|
+
let bytes = (0, v1_js_1.default)({ ...options, _v6: true }, new Uint8Array(16));
|
|
663
|
+
bytes = (0, v1ToV6_js_1.default)(bytes);
|
|
664
|
+
if (buf) {
|
|
665
|
+
if (offset < 0 || offset + 16 > buf.length) {
|
|
666
|
+
throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);
|
|
667
|
+
}
|
|
668
|
+
for (let i = 0; i < 16; i++) {
|
|
669
|
+
buf[offset + i] = bytes[i];
|
|
670
|
+
}
|
|
671
|
+
return buf;
|
|
672
|
+
}
|
|
673
|
+
return (0, stringify_js_1.unsafeStringify)(bytes);
|
|
674
|
+
}
|
|
675
|
+
exports2.default = v6;
|
|
676
|
+
}
|
|
677
|
+
});
|
|
678
|
+
|
|
679
|
+
// node_modules/uuid/dist/cjs/v6ToV1.js
|
|
680
|
+
var require_v6ToV1 = __commonJS({
|
|
681
|
+
"node_modules/uuid/dist/cjs/v6ToV1.js"(exports2) {
|
|
682
|
+
"use strict";
|
|
683
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
684
|
+
var parse_js_1 = require_parse();
|
|
685
|
+
var stringify_js_1 = require_stringify();
|
|
686
|
+
function v6ToV1(uuid) {
|
|
687
|
+
const v6Bytes = typeof uuid === "string" ? (0, parse_js_1.default)(uuid) : uuid;
|
|
688
|
+
const v1Bytes = _v6ToV1(v6Bytes);
|
|
689
|
+
return typeof uuid === "string" ? (0, stringify_js_1.unsafeStringify)(v1Bytes) : v1Bytes;
|
|
690
|
+
}
|
|
691
|
+
exports2.default = v6ToV1;
|
|
692
|
+
function _v6ToV1(v6Bytes) {
|
|
693
|
+
return Uint8Array.of((v6Bytes[3] & 15) << 4 | v6Bytes[4] >> 4 & 15, (v6Bytes[4] & 15) << 4 | (v6Bytes[5] & 240) >> 4, (v6Bytes[5] & 15) << 4 | v6Bytes[6] & 15, v6Bytes[7], (v6Bytes[1] & 15) << 4 | (v6Bytes[2] & 240) >> 4, (v6Bytes[2] & 15) << 4 | (v6Bytes[3] & 240) >> 4, 16 | (v6Bytes[0] & 240) >> 4, (v6Bytes[0] & 15) << 4 | (v6Bytes[1] & 240) >> 4, v6Bytes[8], v6Bytes[9], v6Bytes[10], v6Bytes[11], v6Bytes[12], v6Bytes[13], v6Bytes[14], v6Bytes[15]);
|
|
694
|
+
}
|
|
695
|
+
}
|
|
696
|
+
});
|
|
697
|
+
|
|
698
|
+
// node_modules/uuid/dist/cjs/v7.js
|
|
699
|
+
var require_v7 = __commonJS({
|
|
700
|
+
"node_modules/uuid/dist/cjs/v7.js"(exports2) {
|
|
701
|
+
"use strict";
|
|
702
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
703
|
+
exports2.updateV7State = void 0;
|
|
704
|
+
var rng_js_1 = require_rng();
|
|
705
|
+
var stringify_js_1 = require_stringify();
|
|
706
|
+
var _state = {};
|
|
707
|
+
function v7(options, buf, offset) {
|
|
708
|
+
let bytes;
|
|
709
|
+
if (options) {
|
|
710
|
+
bytes = v7Bytes(options.random ?? options.rng?.() ?? (0, rng_js_1.default)(), options.msecs, options.seq, buf, offset);
|
|
711
|
+
} else {
|
|
712
|
+
const now = Date.now();
|
|
713
|
+
const rnds = (0, rng_js_1.default)();
|
|
714
|
+
updateV7State(_state, now, rnds);
|
|
715
|
+
bytes = v7Bytes(rnds, _state.msecs, _state.seq, buf, offset);
|
|
716
|
+
}
|
|
717
|
+
return buf ?? (0, stringify_js_1.unsafeStringify)(bytes);
|
|
718
|
+
}
|
|
719
|
+
function updateV7State(state, now, rnds) {
|
|
720
|
+
state.msecs ??= -Infinity;
|
|
721
|
+
state.seq ??= 0;
|
|
722
|
+
if (now > state.msecs) {
|
|
723
|
+
state.seq = rnds[6] << 23 | rnds[7] << 16 | rnds[8] << 8 | rnds[9];
|
|
724
|
+
state.msecs = now;
|
|
725
|
+
} else {
|
|
726
|
+
state.seq = state.seq + 1 | 0;
|
|
727
|
+
if (state.seq === 0) {
|
|
728
|
+
state.msecs++;
|
|
729
|
+
}
|
|
730
|
+
}
|
|
731
|
+
return state;
|
|
732
|
+
}
|
|
733
|
+
exports2.updateV7State = updateV7State;
|
|
734
|
+
function v7Bytes(rnds, msecs, seq, buf, offset = 0) {
|
|
735
|
+
if (rnds.length < 16) {
|
|
736
|
+
throw new Error("Random bytes length must be >= 16");
|
|
737
|
+
}
|
|
738
|
+
if (!buf) {
|
|
739
|
+
buf = new Uint8Array(16);
|
|
740
|
+
offset = 0;
|
|
741
|
+
} else {
|
|
742
|
+
if (offset < 0 || offset + 16 > buf.length) {
|
|
743
|
+
throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);
|
|
744
|
+
}
|
|
745
|
+
}
|
|
746
|
+
msecs ??= Date.now();
|
|
747
|
+
seq ??= rnds[6] * 127 << 24 | rnds[7] << 16 | rnds[8] << 8 | rnds[9];
|
|
748
|
+
buf[offset++] = msecs / 1099511627776 & 255;
|
|
749
|
+
buf[offset++] = msecs / 4294967296 & 255;
|
|
750
|
+
buf[offset++] = msecs / 16777216 & 255;
|
|
751
|
+
buf[offset++] = msecs / 65536 & 255;
|
|
752
|
+
buf[offset++] = msecs / 256 & 255;
|
|
753
|
+
buf[offset++] = msecs & 255;
|
|
754
|
+
buf[offset++] = 112 | seq >>> 28 & 15;
|
|
755
|
+
buf[offset++] = seq >>> 20 & 255;
|
|
756
|
+
buf[offset++] = 128 | seq >>> 14 & 63;
|
|
757
|
+
buf[offset++] = seq >>> 6 & 255;
|
|
758
|
+
buf[offset++] = seq << 2 & 255 | rnds[10] & 3;
|
|
759
|
+
buf[offset++] = rnds[11];
|
|
760
|
+
buf[offset++] = rnds[12];
|
|
761
|
+
buf[offset++] = rnds[13];
|
|
762
|
+
buf[offset++] = rnds[14];
|
|
763
|
+
buf[offset++] = rnds[15];
|
|
764
|
+
return buf;
|
|
765
|
+
}
|
|
766
|
+
exports2.default = v7;
|
|
767
|
+
}
|
|
768
|
+
});
|
|
769
|
+
|
|
770
|
+
// node_modules/uuid/dist/cjs/version.js
|
|
771
|
+
var require_version = __commonJS({
|
|
772
|
+
"node_modules/uuid/dist/cjs/version.js"(exports2) {
|
|
773
|
+
"use strict";
|
|
774
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
775
|
+
var validate_js_1 = require_validate();
|
|
776
|
+
function version(uuid) {
|
|
777
|
+
if (!(0, validate_js_1.default)(uuid)) {
|
|
778
|
+
throw TypeError("Invalid UUID");
|
|
779
|
+
}
|
|
780
|
+
return parseInt(uuid.slice(14, 15), 16);
|
|
781
|
+
}
|
|
782
|
+
exports2.default = version;
|
|
783
|
+
}
|
|
784
|
+
});
|
|
785
|
+
|
|
786
|
+
// node_modules/uuid/dist/cjs/index.js
|
|
787
|
+
var require_cjs = __commonJS({
|
|
788
|
+
"node_modules/uuid/dist/cjs/index.js"(exports2) {
|
|
789
|
+
"use strict";
|
|
790
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
791
|
+
exports2.version = exports2.validate = exports2.v7 = exports2.v6ToV1 = exports2.v6 = exports2.v5 = exports2.v4 = exports2.v3 = exports2.v1ToV6 = exports2.v1 = exports2.stringify = exports2.parse = exports2.NIL = exports2.MAX = void 0;
|
|
792
|
+
var max_js_1 = require_max();
|
|
793
|
+
Object.defineProperty(exports2, "MAX", { enumerable: true, get: function() {
|
|
794
|
+
return max_js_1.default;
|
|
795
|
+
} });
|
|
796
|
+
var nil_js_1 = require_nil();
|
|
797
|
+
Object.defineProperty(exports2, "NIL", { enumerable: true, get: function() {
|
|
798
|
+
return nil_js_1.default;
|
|
799
|
+
} });
|
|
800
|
+
var parse_js_1 = require_parse();
|
|
801
|
+
Object.defineProperty(exports2, "parse", { enumerable: true, get: function() {
|
|
802
|
+
return parse_js_1.default;
|
|
803
|
+
} });
|
|
804
|
+
var stringify_js_1 = require_stringify();
|
|
805
|
+
Object.defineProperty(exports2, "stringify", { enumerable: true, get: function() {
|
|
806
|
+
return stringify_js_1.default;
|
|
807
|
+
} });
|
|
808
|
+
var v1_js_1 = require_v1();
|
|
809
|
+
Object.defineProperty(exports2, "v1", { enumerable: true, get: function() {
|
|
810
|
+
return v1_js_1.default;
|
|
811
|
+
} });
|
|
812
|
+
var v1ToV6_js_1 = require_v1ToV6();
|
|
813
|
+
Object.defineProperty(exports2, "v1ToV6", { enumerable: true, get: function() {
|
|
814
|
+
return v1ToV6_js_1.default;
|
|
815
|
+
} });
|
|
816
|
+
var v3_js_1 = require_v3();
|
|
817
|
+
Object.defineProperty(exports2, "v3", { enumerable: true, get: function() {
|
|
818
|
+
return v3_js_1.default;
|
|
819
|
+
} });
|
|
820
|
+
var v4_js_1 = require_v4();
|
|
821
|
+
Object.defineProperty(exports2, "v4", { enumerable: true, get: function() {
|
|
822
|
+
return v4_js_1.default;
|
|
823
|
+
} });
|
|
824
|
+
var v5_js_1 = require_v5();
|
|
825
|
+
Object.defineProperty(exports2, "v5", { enumerable: true, get: function() {
|
|
826
|
+
return v5_js_1.default;
|
|
827
|
+
} });
|
|
828
|
+
var v6_js_1 = require_v6();
|
|
829
|
+
Object.defineProperty(exports2, "v6", { enumerable: true, get: function() {
|
|
830
|
+
return v6_js_1.default;
|
|
831
|
+
} });
|
|
832
|
+
var v6ToV1_js_1 = require_v6ToV1();
|
|
833
|
+
Object.defineProperty(exports2, "v6ToV1", { enumerable: true, get: function() {
|
|
834
|
+
return v6ToV1_js_1.default;
|
|
835
|
+
} });
|
|
836
|
+
var v7_js_1 = require_v7();
|
|
837
|
+
Object.defineProperty(exports2, "v7", { enumerable: true, get: function() {
|
|
838
|
+
return v7_js_1.default;
|
|
839
|
+
} });
|
|
840
|
+
var validate_js_1 = require_validate();
|
|
841
|
+
Object.defineProperty(exports2, "validate", { enumerable: true, get: function() {
|
|
842
|
+
return validate_js_1.default;
|
|
843
|
+
} });
|
|
844
|
+
var version_js_1 = require_version();
|
|
845
|
+
Object.defineProperty(exports2, "version", { enumerable: true, get: function() {
|
|
846
|
+
return version_js_1.default;
|
|
847
|
+
} });
|
|
848
|
+
}
|
|
849
|
+
});
|
|
850
|
+
|
|
851
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/AccessKey.js
|
|
852
|
+
var require_AccessKey = __commonJS({
|
|
853
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/AccessKey.js"(exports2) {
|
|
854
|
+
"use strict";
|
|
855
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
856
|
+
exports2.AccessKey = void 0;
|
|
857
|
+
exports2.accessKeyBuild = accessKeyBuild;
|
|
858
|
+
exports2.accessKeyCreate = accessKeyCreate;
|
|
859
|
+
exports2.accessKeyDeserialize = accessKeyDeserialize2;
|
|
860
|
+
exports2.accessKeySerialize = accessKeySerialize;
|
|
861
|
+
exports2.parseResource = parseResource;
|
|
862
|
+
exports2.parseResources = parseResources2;
|
|
863
|
+
exports2.buildResource = buildResource;
|
|
864
|
+
var uuid_1 = require_cjs();
|
|
865
|
+
var AccessKey2 = class {
|
|
866
|
+
constructor() {
|
|
867
|
+
this.id = "";
|
|
868
|
+
this.type = "volatile";
|
|
869
|
+
this.resources = "";
|
|
870
|
+
}
|
|
871
|
+
};
|
|
872
|
+
exports2.AccessKey = AccessKey2;
|
|
873
|
+
function accessKeyCreate(type, resources) {
|
|
874
|
+
let accessKey = new AccessKey2();
|
|
875
|
+
accessKey.id = (0, uuid_1.v4)();
|
|
876
|
+
accessKey.type = type;
|
|
877
|
+
accessKey.resources = resources;
|
|
878
|
+
return accessKey;
|
|
879
|
+
}
|
|
880
|
+
function accessKeyBuild(id, type, resources) {
|
|
881
|
+
let accessKey = new AccessKey2();
|
|
882
|
+
accessKey.id = id;
|
|
883
|
+
accessKey.type = type;
|
|
884
|
+
accessKey.resources = resources;
|
|
885
|
+
return accessKey;
|
|
886
|
+
}
|
|
887
|
+
function accessKeySerialize(accessKey) {
|
|
888
|
+
return `${accessKey.id}|${accessKey.type}|${accessKey.resources}`;
|
|
889
|
+
}
|
|
890
|
+
function accessKeyDeserialize2(key) {
|
|
891
|
+
var parts = key.split("|");
|
|
892
|
+
return accessKeyBuild(parts[0], parts[1], parts[2]);
|
|
893
|
+
}
|
|
894
|
+
function parseResource(key) {
|
|
895
|
+
var parts = key.split(":");
|
|
896
|
+
return {
|
|
897
|
+
scopes: parts[0],
|
|
898
|
+
namespaces: parts[1],
|
|
899
|
+
groups: parts[2],
|
|
900
|
+
pods: parts[3],
|
|
901
|
+
containers: parts[4]
|
|
902
|
+
};
|
|
903
|
+
}
|
|
904
|
+
function parseResources2(key) {
|
|
905
|
+
if (!key)
|
|
906
|
+
return [];
|
|
907
|
+
let ress = key.split(";");
|
|
908
|
+
let result = [];
|
|
909
|
+
for (var res of ress) {
|
|
910
|
+
result.push(parseResource(res));
|
|
911
|
+
}
|
|
912
|
+
return result;
|
|
913
|
+
}
|
|
914
|
+
function buildResource(scopes, namespaces, groups, pods, containers) {
|
|
915
|
+
return `${scopes.join(",")}:${namespaces.join(",")}:${groups.join(",")}:${pods.join(",")}:${containers.join(",")}`;
|
|
916
|
+
}
|
|
917
|
+
}
|
|
918
|
+
});
|
|
919
|
+
|
|
920
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/Global.js
|
|
921
|
+
var require_Global = __commonJS({
|
|
922
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/Global.js"(exports2) {
|
|
923
|
+
"use strict";
|
|
924
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
925
|
+
}
|
|
926
|
+
});
|
|
927
|
+
|
|
928
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/Version.js
|
|
929
|
+
var require_Version = __commonJS({
|
|
930
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/Version.js"(exports2) {
|
|
931
|
+
"use strict";
|
|
932
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
933
|
+
exports2.versionGreaterThan = exports2.versionGreatOrEqualThan = void 0;
|
|
934
|
+
var versionGreatOrEqualThan = (version1, version2) => {
|
|
935
|
+
return versionGreaterThan(version1, version2) || version1 === version2;
|
|
936
|
+
};
|
|
937
|
+
exports2.versionGreatOrEqualThan = versionGreatOrEqualThan;
|
|
938
|
+
var versionGreaterThan = (version1, version2) => {
|
|
939
|
+
const v1 = version1.split(".").map(Number);
|
|
940
|
+
const v2 = version2.split(".").map(Number);
|
|
941
|
+
for (let i = 0; i < Math.max(v1.length, v2.length); i++) {
|
|
942
|
+
const num1 = v1[i] || 0;
|
|
943
|
+
const num2 = v2[i] || 0;
|
|
944
|
+
if (num1 > num2)
|
|
945
|
+
return true;
|
|
946
|
+
else if (num1 < num2)
|
|
947
|
+
return false;
|
|
948
|
+
}
|
|
949
|
+
return false;
|
|
950
|
+
};
|
|
951
|
+
exports2.versionGreaterThan = versionGreaterThan;
|
|
952
|
+
}
|
|
953
|
+
});
|
|
954
|
+
|
|
955
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/FrontChannel.js
|
|
956
|
+
var require_FrontChannel = __commonJS({
|
|
957
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/FrontChannel.js"(exports2) {
|
|
958
|
+
"use strict";
|
|
959
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
960
|
+
exports2.EChannelRefreshAction = exports2.ENotifyLevel = void 0;
|
|
961
|
+
var ENotifyLevel;
|
|
962
|
+
(function(ENotifyLevel2) {
|
|
963
|
+
ENotifyLevel2["INFO"] = "info";
|
|
964
|
+
ENotifyLevel2["ERROR"] = "error";
|
|
965
|
+
ENotifyLevel2["WARNING"] = "warning";
|
|
966
|
+
ENotifyLevel2["SUCCESS"] = "success";
|
|
967
|
+
})(ENotifyLevel || (exports2.ENotifyLevel = ENotifyLevel = {}));
|
|
968
|
+
var EChannelRefreshAction;
|
|
969
|
+
(function(EChannelRefreshAction2) {
|
|
970
|
+
EChannelRefreshAction2[EChannelRefreshAction2["NONE"] = 0] = "NONE";
|
|
971
|
+
EChannelRefreshAction2[EChannelRefreshAction2["REFRESH"] = 1] = "REFRESH";
|
|
972
|
+
EChannelRefreshAction2[EChannelRefreshAction2["STOP"] = 2] = "STOP";
|
|
973
|
+
})(EChannelRefreshAction || (exports2.EChannelRefreshAction = EChannelRefreshAction = {}));
|
|
974
|
+
}
|
|
975
|
+
});
|
|
976
|
+
|
|
977
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/Daemon.js
|
|
978
|
+
var require_Daemon = __commonJS({
|
|
979
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/Daemon.js"(exports2) {
|
|
980
|
+
"use strict";
|
|
981
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
982
|
+
}
|
|
983
|
+
});
|
|
984
|
+
|
|
985
|
+
// node_modules/@kwirthmagnify/kwirth-common/dist/index.js
|
|
986
|
+
var require_dist = __commonJS({
|
|
987
|
+
"node_modules/@kwirthmagnify/kwirth-common/dist/index.js"(exports2) {
|
|
988
|
+
"use strict";
|
|
989
|
+
var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
|
|
990
|
+
if (k2 === void 0) k2 = k;
|
|
991
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
992
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
993
|
+
desc = { enumerable: true, get: function() {
|
|
994
|
+
return m[k];
|
|
995
|
+
} };
|
|
996
|
+
}
|
|
997
|
+
Object.defineProperty(o, k2, desc);
|
|
998
|
+
}) : (function(o, m, k, k2) {
|
|
999
|
+
if (k2 === void 0) k2 = k;
|
|
1000
|
+
o[k2] = m[k];
|
|
1001
|
+
}));
|
|
1002
|
+
var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
|
|
1003
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
|
|
1004
|
+
};
|
|
1005
|
+
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
1006
|
+
__exportStar(require_Channel(), exports2);
|
|
1007
|
+
__exportStar(require_Sender(), exports2);
|
|
1008
|
+
__exportStar(require_InstanceMessage(), exports2);
|
|
1009
|
+
__exportStar(require_InstanceConfig(), exports2);
|
|
1010
|
+
__exportStar(require_RouteMessage(), exports2);
|
|
1011
|
+
__exportStar(require_SignalMessage(), exports2);
|
|
1012
|
+
__exportStar(require_ApiKey(), exports2);
|
|
1013
|
+
__exportStar(require_AccessKey(), exports2);
|
|
1014
|
+
__exportStar(require_Global(), exports2);
|
|
1015
|
+
__exportStar(require_Version(), exports2);
|
|
1016
|
+
__exportStar(require_FrontChannel(), exports2);
|
|
1017
|
+
__exportStar(require_Daemon(), exports2);
|
|
1018
|
+
}
|
|
1019
|
+
});
|
|
1020
|
+
|
|
1021
|
+
// src/back/index.ts
|
|
1022
|
+
var index_exports = {};
|
|
1023
|
+
__export(index_exports, {
|
|
1024
|
+
TrivyChannel: () => TrivyChannel
|
|
1025
|
+
});
|
|
1026
|
+
module.exports = __toCommonJS(index_exports);
|
|
1027
|
+
var import_kwirth_common = __toESM(require_dist(), 1);
|
|
1028
|
+
var import_client_node = require("@kubernetes/client-node");
|
|
1029
|
+
var import_kwirth_common_back = require("@kwirthmagnify/kwirth-common-back");
|
|
1030
|
+
|
|
1031
|
+
// src/back/trivy-operator-0.30.1.yaml
|
|
1032
|
+
var trivy_operator_0_30_1_default = '---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: clustercompliancereports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ClusterComplianceReport\r\n listKind: ClusterComplianceReportList\r\n plural: clustercompliancereports\r\n shortNames:\r\n - compliance\r\n singular: clustercompliancereport\r\n scope: Cluster\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of checks that failed\r\n jsonPath: .status.summary.failCount\r\n name: Fail\r\n priority: 1\r\n type: integer\r\n - description: The number of checks that passed\r\n jsonPath: .status.summary.passCount\r\n name: Pass\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ClusterComplianceReport is a specification for the ClusterComplianceReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n spec:\r\n description: ReportSpec represent the compliance specification\r\n properties:\r\n compliance:\r\n properties:\r\n controls:\r\n description: Control represent the cps controls data and mapping\r\n checks\r\n items:\r\n description: Control represent the cps controls data and mapping\r\n checks\r\n properties:\r\n checks:\r\n items:\r\n description: SpecCheck represent the scanner who perform\r\n the control check\r\n properties:\r\n id:\r\n description: id define the check id as produced by\r\n scanner\r\n type: string\r\n required:\r\n - id\r\n type: object\r\n type: array\r\n commands:\r\n items:\r\n description: Commands represent the commands to be executed\r\n by the node-collector\r\n properties:\r\n id:\r\n description: id define the commands id\r\n type: string\r\n required:\r\n - id\r\n type: object\r\n type: array\r\n defaultStatus:\r\n description: define the default value for check status in\r\n case resource not found\r\n enum:\r\n - PASS\r\n - WARN\r\n - FAIL\r\n type: string\r\n description:\r\n type: string\r\n id:\r\n description: id define the control check id\r\n type: string\r\n name:\r\n type: string\r\n severity:\r\n description: define the severity of the control\r\n enum:\r\n - CRITICAL\r\n - HIGH\r\n - MEDIUM\r\n - LOW\r\n - UNKNOWN\r\n type: string\r\n required:\r\n - id\r\n - name\r\n - severity\r\n type: object\r\n type: array\r\n description:\r\n type: string\r\n id:\r\n type: string\r\n platform:\r\n type: string\r\n relatedResources:\r\n items:\r\n type: string\r\n type: array\r\n title:\r\n type: string\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n required:\r\n - controls\r\n - description\r\n - id\r\n - platform\r\n - relatedResources\r\n - title\r\n - type\r\n - version\r\n type: object\r\n cron:\r\n description: cron define the intervals for report generation\r\n pattern: ^(((([\\*]{1}){1})|((\\*\\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1})))\r\n ((([\\*]{1}){1})|((\\*\\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1})))\r\n ((([\\*]{1}){1})|((\\*\\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1})))\r\n ((([\\*]{1}){1})|((\\*\\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec))\r\n ((([\\*]{1}){1})|((\\*\\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$\r\n type: string\r\n reportType:\r\n enum:\r\n - summary\r\n - all\r\n type: string\r\n required:\r\n - compliance\r\n - cron\r\n - reportType\r\n type: object\r\n status:\r\n properties:\r\n detailReport:\r\n description: ComplianceReport represents a kubernetes scan report\r\n properties:\r\n description:\r\n type: string\r\n id:\r\n type: string\r\n relatedVersion:\r\n items:\r\n type: string\r\n type: array\r\n results:\r\n items:\r\n properties:\r\n checks:\r\n items:\r\n description: ComplianceCheck provides the result of conducting\r\n a single compliance step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links\r\n to external resources to remediate failing check.\r\n type: string\r\n severity:\r\n description: Severity level of a vulnerability or\r\n a configuration audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n target:\r\n type: string\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n description:\r\n type: string\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n severity:\r\n type: string\r\n status:\r\n type: string\r\n required:\r\n - checks\r\n type: object\r\n type: array\r\n title:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n summary:\r\n properties:\r\n failCount:\r\n type: integer\r\n passCount:\r\n type: integer\r\n type: object\r\n summaryReport:\r\n description: SummaryReport represents a kubernetes scan report with\r\n consolidated findings\r\n properties:\r\n controlCheck:\r\n items:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n severity:\r\n type: string\r\n totalFail:\r\n type: integer\r\n type: object\r\n type: array\r\n id:\r\n type: string\r\n title:\r\n type: string\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n updateTimestamp:\r\n format: date-time\r\n type: string\r\n required:\r\n - updateTimestamp\r\n type: object\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources:\r\n status: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: clusterconfigauditreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ClusterConfigAuditReport\r\n listKind: ClusterConfigAuditReportList\r\n plural: clusterconfigauditreports\r\n shortNames:\r\n - clusterconfigaudit\r\n singular: clusterconfigauditreport\r\n scope: Cluster\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of the config audit scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of failed checks with critical severity\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with high severity\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with medium severity\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with low severity\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ClusterConfigAuditReport is a specification for the ClusterConfigAuditReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n properties:\r\n checks:\r\n description: Checks provides results of conducting audit steps.\r\n items:\r\n description: Check provides the result of conducting a single audit\r\n step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links to external\r\n resources to remediate failing check.\r\n type: string\r\n scope:\r\n description: Scope indicates the section of config that was\r\n audited.\r\n properties:\r\n type:\r\n description: Type indicates type of this scope, e.g. Container,\r\n ConfigMapKey or JSONPath.\r\n type: string\r\n value:\r\n description: Value indicates value of this scope that depends\r\n on Type, e.g. container name, ConfigMap key or JSONPath\r\n expression\r\n type: string\r\n required:\r\n - type\r\n - value\r\n type: object\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n scanner:\r\n description: Scanner is the spec for a scanner generating a security\r\n assessment report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: ConfigAuditSummary counts failed checks by severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of failed checks with\r\n critical severity.\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of failed checks with high\r\n severity.\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of failed check with low severity.\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of failed checks with medium\r\n severity.\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n updateTimestamp:\r\n format: date-time\r\n type: string\r\n required:\r\n - checks\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: clusterinfraassessmentreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ClusterInfraAssessmentReport\r\n listKind: ClusterInfraAssessmentReportList\r\n plural: clusterinfraassessmentreports\r\n shortNames:\r\n - clusterinfraassessment\r\n singular: clusterinfraassessmentreport\r\n scope: Cluster\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of the infra assessement scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of failed checks with critical severity\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with high severity\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with medium severity\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with low severity\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ClusterInfraAssessmentReport is a specification for the ClusterInfraAssessmentReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n properties:\r\n checks:\r\n description: Checks provides results of conducting audit steps.\r\n items:\r\n description: Check provides the result of conducting a single audit\r\n step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links to external\r\n resources to remediate failing check.\r\n type: string\r\n scope:\r\n description: Scope indicates the section of config that was\r\n audited.\r\n properties:\r\n type:\r\n description: Type indicates type of this scope, e.g. Container,\r\n ConfigMapKey or JSONPath.\r\n type: string\r\n value:\r\n description: Value indicates value of this scope that depends\r\n on Type, e.g. container name, ConfigMap key or JSONPath\r\n expression\r\n type: string\r\n required:\r\n - type\r\n - value\r\n type: object\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n scanner:\r\n description: Scanner is the spec for a scanner generating a security\r\n assessment report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: InfraAssessmentSummary counts failed checks by severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of failed checks with\r\n critical severity.\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of failed checks with high\r\n severity.\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of failed check with low severity.\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of failed checks with medium\r\n severity.\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n required:\r\n - checks\r\n - scanner\r\n - summary\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: clusterrbacassessmentreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ClusterRbacAssessmentReport\r\n listKind: ClusterRbacAssessmentReportList\r\n plural: clusterrbacassessmentreports\r\n shortNames:\r\n - clusterrbacassessmentreport\r\n singular: clusterrbacassessmentreport\r\n scope: Cluster\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of the rbac assessment scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of failed checks with critical severity\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with high severity\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with medium severity\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with low severity\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ClusterRbacAssessmentReport is a specification for the ClusterRbacAssessmentReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n properties:\r\n checks:\r\n description: Checks provides results of conducting audit steps.\r\n items:\r\n description: Check provides the result of conducting a single audit\r\n step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links to external\r\n resources to remediate failing check.\r\n type: string\r\n scope:\r\n description: Scope indicates the section of config that was\r\n audited.\r\n properties:\r\n type:\r\n description: Type indicates type of this scope, e.g. Container,\r\n ConfigMapKey or JSONPath.\r\n type: string\r\n value:\r\n description: Value indicates value of this scope that depends\r\n on Type, e.g. container name, ConfigMap key or JSONPath\r\n expression\r\n type: string\r\n required:\r\n - type\r\n - value\r\n type: object\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n scanner:\r\n description: Scanner is the spec for a scanner generating a security\r\n assessment report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: RbacAssessmentSummary counts failed checks by severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of failed checks with\r\n critical severity.\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of failed checks with high\r\n severity.\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of failed check with low severity.\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of failed checks with medium\r\n severity.\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n required:\r\n - checks\r\n - scanner\r\n - summary\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: clustersbomreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ClusterSbomReport\r\n listKind: ClusterSbomReportList\r\n plural: clustersbomreports\r\n shortNames:\r\n - clustersbom\r\n singular: clustersbomreport\r\n scope: Cluster\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of image repository\r\n jsonPath: .report.artifact.repository\r\n name: Repository\r\n type: string\r\n - description: The name of image tag\r\n jsonPath: .report.artifact.tag\r\n name: Tag\r\n type: string\r\n - description: The name of the sbom generation scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of dependencies in bom\r\n jsonPath: .report.summary.componentsCount\r\n name: Components\r\n priority: 1\r\n type: integer\r\n - description: The the number of components in bom\r\n jsonPath: .report.summary.dependenciesCount\r\n name: Dependencies\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ClusterSbomReport summarizes components and dependencies found\r\n in container image\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n description: Report is the actual sbom report data.\r\n properties:\r\n artifact:\r\n description: |-\r\n Artifact represents a standalone, executable package of software that includes everything needed to\r\n run an application.\r\n properties:\r\n digest:\r\n description: Digest is a unique and immutable identifier of an\r\n Artifact.\r\n type: string\r\n mimeType:\r\n description: MimeType represents a type and format of an Artifact.\r\n type: string\r\n repository:\r\n description: Repository is the name of the repository in the Artifact\r\n registry.\r\n type: string\r\n tag:\r\n description: Tag is a mutable, human-readable string used to identify\r\n an Artifact.\r\n type: string\r\n type: object\r\n components:\r\n description: Bom is artifact bill of materials.\r\n properties:\r\n bomFormat:\r\n type: string\r\n components:\r\n items:\r\n properties:\r\n bom-ref:\r\n type: string\r\n group:\r\n type: string\r\n hashes:\r\n items:\r\n properties:\r\n alg:\r\n type: string\r\n content:\r\n type: string\r\n type: object\r\n type: array\r\n licenses:\r\n items:\r\n properties:\r\n expression:\r\n type: string\r\n license:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n url:\r\n type: string\r\n type: object\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n properties:\r\n items:\r\n properties:\r\n name:\r\n type: string\r\n value:\r\n type: string\r\n type: object\r\n type: array\r\n purl:\r\n type: string\r\n supplier:\r\n properties:\r\n contact:\r\n items:\r\n properties:\r\n email:\r\n type: string\r\n name:\r\n type: string\r\n phone:\r\n type: string\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n url:\r\n items:\r\n type: string\r\n type: array\r\n type: object\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n type: array\r\n dependencies:\r\n items:\r\n properties:\r\n dependsOn:\r\n items:\r\n type: string\r\n type: array\r\n ref:\r\n type: string\r\n type: object\r\n type: array\r\n metadata:\r\n properties:\r\n component:\r\n properties:\r\n bom-ref:\r\n type: string\r\n group:\r\n type: string\r\n hashes:\r\n items:\r\n properties:\r\n alg:\r\n type: string\r\n content:\r\n type: string\r\n type: object\r\n type: array\r\n licenses:\r\n items:\r\n properties:\r\n expression:\r\n type: string\r\n license:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n url:\r\n type: string\r\n type: object\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n properties:\r\n items:\r\n properties:\r\n name:\r\n type: string\r\n value:\r\n type: string\r\n type: object\r\n type: array\r\n purl:\r\n type: string\r\n supplier:\r\n properties:\r\n contact:\r\n items:\r\n properties:\r\n email:\r\n type: string\r\n name:\r\n type: string\r\n phone:\r\n type: string\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n url:\r\n items:\r\n type: string\r\n type: array\r\n type: object\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n timestamp:\r\n type: string\r\n tools:\r\n properties:\r\n components:\r\n items:\r\n properties:\r\n bom-ref:\r\n type: string\r\n group:\r\n type: string\r\n hashes:\r\n items:\r\n properties:\r\n alg:\r\n type: string\r\n content:\r\n type: string\r\n type: object\r\n type: array\r\n licenses:\r\n items:\r\n properties:\r\n expression:\r\n type: string\r\n license:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n url:\r\n type: string\r\n type: object\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n properties:\r\n items:\r\n properties:\r\n name:\r\n type: string\r\n value:\r\n type: string\r\n type: object\r\n type: array\r\n purl:\r\n type: string\r\n supplier:\r\n properties:\r\n contact:\r\n items:\r\n properties:\r\n email:\r\n type: string\r\n name:\r\n type: string\r\n phone:\r\n type: string\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n url:\r\n items:\r\n type: string\r\n type: array\r\n type: object\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n type: array\r\n type: object\r\n type: object\r\n serialNumber:\r\n type: string\r\n specVersion:\r\n type: string\r\n version:\r\n type: integer\r\n required:\r\n - bomFormat\r\n - specVersion\r\n type: object\r\n registry:\r\n description: Registry is the registry the Artifact was pulled from.\r\n properties:\r\n server:\r\n description: Server the FQDN of registry server.\r\n type: string\r\n type: object\r\n scanner:\r\n description: Scanner is the scanner that generated this report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: Summary is a summary of sbom report.\r\n properties:\r\n componentsCount:\r\n description: ComponentsCount is the number of components in bom.\r\n minimum: 0\r\n type: integer\r\n dependenciesCount:\r\n description: DependenciesCount is the number of dependencies in\r\n bom.\r\n minimum: 0\r\n type: integer\r\n required:\r\n - componentsCount\r\n - dependenciesCount\r\n type: object\r\n updateTimestamp:\r\n description: UpdateTimestamp is a timestamp representing the server\r\n time in UTC when this report was updated.\r\n format: date-time\r\n type: string\r\n required:\r\n - artifact\r\n - components\r\n - scanner\r\n - summary\r\n - updateTimestamp\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: clustervulnerabilityreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ClusterVulnerabilityReport\r\n listKind: ClusterVulnerabilityReportList\r\n plural: clustervulnerabilityreports\r\n shortNames:\r\n - clustervuln\r\n singular: clustervulnerabilityreport\r\n scope: Cluster\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of image repository\r\n jsonPath: .report.artifact.repository\r\n name: Repository\r\n type: string\r\n - description: The name of image tag\r\n jsonPath: .report.artifact.tag\r\n name: Tag\r\n type: string\r\n - description: The name of the vulnerability scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of critical vulnerabilities\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of high vulnerabilities\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of medium vulnerabilities\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of low vulnerabilities\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n - description: The number of unknown vulnerabilities\r\n jsonPath: .report.summary.unknownCount\r\n name: Unknown\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: |-\r\n ClusterVulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages\r\n built into container images.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n description: Report is the actual vulnerability report data.\r\n properties:\r\n artifact:\r\n description: |-\r\n Artifact represents a standalone, executable package of software that includes everything needed to\r\n run an application.\r\n properties:\r\n digest:\r\n description: Digest is a unique and immutable identifier of an\r\n Artifact.\r\n type: string\r\n mimeType:\r\n description: MimeType represents a type and format of an Artifact.\r\n type: string\r\n repository:\r\n description: Repository is the name of the repository in the Artifact\r\n registry.\r\n type: string\r\n tag:\r\n description: Tag is a mutable, human-readable string used to identify\r\n an Artifact.\r\n type: string\r\n type: object\r\n os:\r\n description: OS information of the artifact\r\n properties:\r\n eosl:\r\n description: Eosl is true if OS version has reached end of service\r\n life\r\n type: boolean\r\n family:\r\n description: Operating System Family\r\n type: string\r\n name:\r\n description: Name or version of the OS\r\n type: string\r\n type: object\r\n registry:\r\n description: Registry is the registry the Artifact was pulled from.\r\n properties:\r\n server:\r\n description: Server the FQDN of registry server.\r\n type: string\r\n type: object\r\n scanner:\r\n description: Scanner is the scanner that generated this report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: Summary is a summary of Vulnerability counts grouped\r\n by Severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of vulnerabilities with\r\n Critical Severity.\r\n minimum: 0\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of vulnerabilities with High\r\n Severity.\r\n minimum: 0\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of vulnerabilities with Low\r\n Severity.\r\n minimum: 0\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of vulnerabilities with\r\n Medium Severity.\r\n minimum: 0\r\n type: integer\r\n noneCount:\r\n description: NoneCount is the number of packages without any vulnerability.\r\n minimum: 0\r\n type: integer\r\n unknownCount:\r\n description: UnknownCount is the number of vulnerabilities with\r\n unknown severity.\r\n minimum: 0\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n - unknownCount\r\n type: object\r\n updateTimestamp:\r\n description: UpdateTimestamp is a timestamp representing the server\r\n time in UTC when this report was updated.\r\n format: date-time\r\n type: string\r\n vulnerabilities:\r\n description: Vulnerabilities is a list of operating system (OS) or\r\n application software Vulnerability items found in the Artifact.\r\n items:\r\n description: Vulnerability is the spec for a vulnerability record.\r\n properties:\r\n class:\r\n type: string\r\n cvss:\r\n additionalProperties:\r\n properties:\r\n V2Score:\r\n type: number\r\n V2Vector:\r\n type: string\r\n V3Score:\r\n type: number\r\n V3Vector:\r\n type: string\r\n V40Score:\r\n type: number\r\n V40Vector:\r\n type: string\r\n type: object\r\n type: object\r\n cvsssource:\r\n type: string\r\n description:\r\n type: string\r\n fixedVersion:\r\n description: FixedVersion indicates the version of the Resource\r\n in which this vulnerability has been fixed.\r\n type: string\r\n installedVersion:\r\n description: InstalledVersion indicates the installed version\r\n of the Resource.\r\n type: string\r\n lastModifiedDate:\r\n description: LastModifiedDate indicates the last date CVE has\r\n been modified.\r\n type: string\r\n links:\r\n items:\r\n type: string\r\n type: array\r\n packagePURL:\r\n type: string\r\n packagePath:\r\n type: string\r\n packageType:\r\n type: string\r\n primaryLink:\r\n type: string\r\n publishedDate:\r\n description: PublishedDate indicates the date of published CVE.\r\n type: string\r\n resource:\r\n description: Resource is a vulnerable package, application,\r\n or library.\r\n type: string\r\n score:\r\n type: number\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n enum:\r\n - CRITICAL\r\n - HIGH\r\n - MEDIUM\r\n - LOW\r\n - UNKNOWN\r\n type: string\r\n target:\r\n type: string\r\n title:\r\n type: string\r\n vulnerabilityID:\r\n description: VulnerabilityID the vulnerability identifier.\r\n type: string\r\n required:\r\n - fixedVersion\r\n - installedVersion\r\n - lastModifiedDate\r\n - publishedDate\r\n - resource\r\n - severity\r\n - title\r\n - vulnerabilityID\r\n type: object\r\n type: array\r\n required:\r\n - artifact\r\n - os\r\n - scanner\r\n - summary\r\n - updateTimestamp\r\n - vulnerabilities\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: configauditreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ConfigAuditReport\r\n listKind: ConfigAuditReportList\r\n plural: configauditreports\r\n shortNames:\r\n - configaudit\r\n - configaudits\r\n singular: configauditreport\r\n scope: Namespaced\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of the config audit scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of failed checks with critical severity\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with high severity\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with medium severity\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with low severity\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ConfigAuditReport is a specification for the ConfigAuditReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n properties:\r\n checks:\r\n description: Checks provides results of conducting audit steps.\r\n items:\r\n description: Check provides the result of conducting a single audit\r\n step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links to external\r\n resources to remediate failing check.\r\n type: string\r\n scope:\r\n description: Scope indicates the section of config that was\r\n audited.\r\n properties:\r\n type:\r\n description: Type indicates type of this scope, e.g. Container,\r\n ConfigMapKey or JSONPath.\r\n type: string\r\n value:\r\n description: Value indicates value of this scope that depends\r\n on Type, e.g. container name, ConfigMap key or JSONPath\r\n expression\r\n type: string\r\n required:\r\n - type\r\n - value\r\n type: object\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n scanner:\r\n description: Scanner is the spec for a scanner generating a security\r\n assessment report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: ConfigAuditSummary counts failed checks by severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of failed checks with\r\n critical severity.\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of failed checks with high\r\n severity.\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of failed check with low severity.\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of failed checks with medium\r\n severity.\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n updateTimestamp:\r\n format: date-time\r\n type: string\r\n required:\r\n - checks\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: exposedsecretreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: ExposedSecretReport\r\n listKind: ExposedSecretReportList\r\n plural: exposedsecretreports\r\n shortNames:\r\n - exposedsecret\r\n - exposedsecrets\r\n singular: exposedsecretreport\r\n scope: Namespaced\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of image repository\r\n jsonPath: .report.artifact.repository\r\n name: Repository\r\n type: string\r\n - description: The name of image tag\r\n jsonPath: .report.artifact.tag\r\n name: Tag\r\n type: string\r\n - description: The name of the exposed secret scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of critical exposed secrets\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of high exposed secrets\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of medium exposed secrets\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of low exposed secrets\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: ExposedSecretReport summarizes exposed secrets in plaintext files\r\n built into container images.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n description: Report is the actual exposed secret report data.\r\n properties:\r\n artifact:\r\n description: |-\r\n Artifact represents a standalone, executable package of software that includes everything needed to\r\n run an application.\r\n properties:\r\n digest:\r\n description: Digest is a unique and immutable identifier of an\r\n Artifact.\r\n type: string\r\n mimeType:\r\n description: MimeType represents a type and format of an Artifact.\r\n type: string\r\n repository:\r\n description: Repository is the name of the repository in the Artifact\r\n registry.\r\n type: string\r\n tag:\r\n description: Tag is a mutable, human-readable string used to identify\r\n an Artifact.\r\n type: string\r\n type: object\r\n registry:\r\n description: Registry is the registry the Artifact was pulled from.\r\n properties:\r\n server:\r\n description: Server the FQDN of registry server.\r\n type: string\r\n type: object\r\n scanner:\r\n description: Scanner is the scanner that generated this report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n secrets:\r\n description: Exposed secrets is a list of passwords, api keys, tokens\r\n and others items found in the Artifact.\r\n items:\r\n description: ExposedSecret is the spec for a exposed secret record.\r\n properties:\r\n category:\r\n type: string\r\n match:\r\n description: Match where the exposed rule matched.\r\n type: string\r\n ruleID:\r\n description: RuleID is rule the identifier.\r\n type: string\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n enum:\r\n - CRITICAL\r\n - HIGH\r\n - MEDIUM\r\n - LOW\r\n type: string\r\n target:\r\n description: Target is where the exposed secret was found.\r\n type: string\r\n title:\r\n type: string\r\n required:\r\n - category\r\n - match\r\n - ruleID\r\n - severity\r\n - target\r\n - title\r\n type: object\r\n type: array\r\n summary:\r\n description: Summary is the exposed secrets counts grouped by Severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of exposed secrets with\r\n Critical Severity.\r\n minimum: 0\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of exposed secrets with High\r\n Severity.\r\n minimum: 0\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of exposed secrets with Low\r\n Severity.\r\n minimum: 0\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of exposed secrets with\r\n Medium Severity.\r\n minimum: 0\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n updateTimestamp:\r\n description: UpdateTimestamp is a timestamp representing the server\r\n time in UTC when this report was updated.\r\n format: date-time\r\n type: string\r\n required:\r\n - artifact\r\n - scanner\r\n - secrets\r\n - summary\r\n - updateTimestamp\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: infraassessmentreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: InfraAssessmentReport\r\n listKind: InfraAssessmentReportList\r\n plural: infraassessmentreports\r\n shortNames:\r\n - infraassessment\r\n - infraassessments\r\n singular: infraassessmentreport\r\n scope: Namespaced\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of the infra assessment scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of failed checks with critical severity\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with high severity\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with medium severity\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with low severity\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: InfraAssessmentReport is a specification for the InfraAssessmentReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n properties:\r\n checks:\r\n description: Checks provides results of conducting audit steps.\r\n items:\r\n description: Check provides the result of conducting a single audit\r\n step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links to external\r\n resources to remediate failing check.\r\n type: string\r\n scope:\r\n description: Scope indicates the section of config that was\r\n audited.\r\n properties:\r\n type:\r\n description: Type indicates type of this scope, e.g. Container,\r\n ConfigMapKey or JSONPath.\r\n type: string\r\n value:\r\n description: Value indicates value of this scope that depends\r\n on Type, e.g. container name, ConfigMap key or JSONPath\r\n expression\r\n type: string\r\n required:\r\n - type\r\n - value\r\n type: object\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n scanner:\r\n description: Scanner is the spec for a scanner generating a security\r\n assessment report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: InfraAssessmentSummary counts failed checks by severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of failed checks with\r\n critical severity.\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of failed checks with high\r\n severity.\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of failed check with low severity.\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of failed checks with medium\r\n severity.\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n required:\r\n - checks\r\n - scanner\r\n - summary\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: rbacassessmentreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: RbacAssessmentReport\r\n listKind: RbacAssessmentReportList\r\n plural: rbacassessmentreports\r\n shortNames:\r\n - rbacassessment\r\n - rbacassessments\r\n singular: rbacassessmentreport\r\n scope: Namespaced\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of the rbac assessment scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of failed checks with critical severity\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with high severity\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with medium severity\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of failed checks with low severity\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: RbacAssessmentReport is a specification for the RbacAssessmentReport\r\n resource.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n properties:\r\n checks:\r\n description: Checks provides results of conducting audit steps.\r\n items:\r\n description: Check provides the result of conducting a single audit\r\n step.\r\n properties:\r\n category:\r\n type: string\r\n checkID:\r\n type: string\r\n description:\r\n type: string\r\n messages:\r\n items:\r\n type: string\r\n type: array\r\n remediation:\r\n description: Remediation provides description or links to external\r\n resources to remediate failing check.\r\n type: string\r\n scope:\r\n description: Scope indicates the section of config that was\r\n audited.\r\n properties:\r\n type:\r\n description: Type indicates type of this scope, e.g. Container,\r\n ConfigMapKey or JSONPath.\r\n type: string\r\n value:\r\n description: Value indicates value of this scope that depends\r\n on Type, e.g. container name, ConfigMap key or JSONPath\r\n expression\r\n type: string\r\n required:\r\n - type\r\n - value\r\n type: object\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n type: string\r\n success:\r\n type: boolean\r\n title:\r\n type: string\r\n required:\r\n - checkID\r\n - severity\r\n - success\r\n type: object\r\n type: array\r\n scanner:\r\n description: Scanner is the spec for a scanner generating a security\r\n assessment report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: RbacAssessmentSummary counts failed checks by severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of failed checks with\r\n critical severity.\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of failed checks with high\r\n severity.\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of failed check with low severity.\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of failed checks with medium\r\n severity.\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n type: object\r\n required:\r\n - checks\r\n - scanner\r\n - summary\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: sbomreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: SbomReport\r\n listKind: SbomReportList\r\n plural: sbomreports\r\n shortNames:\r\n - sbom\r\n - sboms\r\n singular: sbomreport\r\n scope: Namespaced\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of image repository\r\n jsonPath: .report.artifact.repository\r\n name: Repository\r\n type: string\r\n - description: The name of image tag\r\n jsonPath: .report.artifact.tag\r\n name: Tag\r\n type: string\r\n - description: The name of the sbom generation scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of dependencies in bom\r\n jsonPath: .report.summary.componentsCount\r\n name: Components\r\n priority: 1\r\n type: integer\r\n - description: The the number of components in bom\r\n jsonPath: .report.summary.dependenciesCount\r\n name: Dependencies\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: SbomReport summarizes components and dependencies found in container\r\n image\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n description: Report is the actual sbom report data.\r\n properties:\r\n artifact:\r\n description: |-\r\n Artifact represents a standalone, executable package of software that includes everything needed to\r\n run an application.\r\n properties:\r\n digest:\r\n description: Digest is a unique and immutable identifier of an\r\n Artifact.\r\n type: string\r\n mimeType:\r\n description: MimeType represents a type and format of an Artifact.\r\n type: string\r\n repository:\r\n description: Repository is the name of the repository in the Artifact\r\n registry.\r\n type: string\r\n tag:\r\n description: Tag is a mutable, human-readable string used to identify\r\n an Artifact.\r\n type: string\r\n type: object\r\n components:\r\n description: Bom is artifact bill of materials.\r\n properties:\r\n bomFormat:\r\n type: string\r\n components:\r\n items:\r\n properties:\r\n bom-ref:\r\n type: string\r\n group:\r\n type: string\r\n hashes:\r\n items:\r\n properties:\r\n alg:\r\n type: string\r\n content:\r\n type: string\r\n type: object\r\n type: array\r\n licenses:\r\n items:\r\n properties:\r\n expression:\r\n type: string\r\n license:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n url:\r\n type: string\r\n type: object\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n properties:\r\n items:\r\n properties:\r\n name:\r\n type: string\r\n value:\r\n type: string\r\n type: object\r\n type: array\r\n purl:\r\n type: string\r\n supplier:\r\n properties:\r\n contact:\r\n items:\r\n properties:\r\n email:\r\n type: string\r\n name:\r\n type: string\r\n phone:\r\n type: string\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n url:\r\n items:\r\n type: string\r\n type: array\r\n type: object\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n type: array\r\n dependencies:\r\n items:\r\n properties:\r\n dependsOn:\r\n items:\r\n type: string\r\n type: array\r\n ref:\r\n type: string\r\n type: object\r\n type: array\r\n metadata:\r\n properties:\r\n component:\r\n properties:\r\n bom-ref:\r\n type: string\r\n group:\r\n type: string\r\n hashes:\r\n items:\r\n properties:\r\n alg:\r\n type: string\r\n content:\r\n type: string\r\n type: object\r\n type: array\r\n licenses:\r\n items:\r\n properties:\r\n expression:\r\n type: string\r\n license:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n url:\r\n type: string\r\n type: object\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n properties:\r\n items:\r\n properties:\r\n name:\r\n type: string\r\n value:\r\n type: string\r\n type: object\r\n type: array\r\n purl:\r\n type: string\r\n supplier:\r\n properties:\r\n contact:\r\n items:\r\n properties:\r\n email:\r\n type: string\r\n name:\r\n type: string\r\n phone:\r\n type: string\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n url:\r\n items:\r\n type: string\r\n type: array\r\n type: object\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n timestamp:\r\n type: string\r\n tools:\r\n properties:\r\n components:\r\n items:\r\n properties:\r\n bom-ref:\r\n type: string\r\n group:\r\n type: string\r\n hashes:\r\n items:\r\n properties:\r\n alg:\r\n type: string\r\n content:\r\n type: string\r\n type: object\r\n type: array\r\n licenses:\r\n items:\r\n properties:\r\n expression:\r\n type: string\r\n license:\r\n properties:\r\n id:\r\n type: string\r\n name:\r\n type: string\r\n url:\r\n type: string\r\n type: object\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n properties:\r\n items:\r\n properties:\r\n name:\r\n type: string\r\n value:\r\n type: string\r\n type: object\r\n type: array\r\n purl:\r\n type: string\r\n supplier:\r\n properties:\r\n contact:\r\n items:\r\n properties:\r\n email:\r\n type: string\r\n name:\r\n type: string\r\n phone:\r\n type: string\r\n type: object\r\n type: array\r\n name:\r\n type: string\r\n url:\r\n items:\r\n type: string\r\n type: array\r\n type: object\r\n type:\r\n type: string\r\n version:\r\n type: string\r\n type: object\r\n type: array\r\n type: object\r\n type: object\r\n serialNumber:\r\n type: string\r\n specVersion:\r\n type: string\r\n version:\r\n type: integer\r\n required:\r\n - bomFormat\r\n - specVersion\r\n type: object\r\n registry:\r\n description: Registry is the registry the Artifact was pulled from.\r\n properties:\r\n server:\r\n description: Server the FQDN of registry server.\r\n type: string\r\n type: object\r\n scanner:\r\n description: Scanner is the scanner that generated this report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: Summary is a summary of sbom report.\r\n properties:\r\n componentsCount:\r\n description: ComponentsCount is the number of components in bom.\r\n minimum: 0\r\n type: integer\r\n dependenciesCount:\r\n description: DependenciesCount is the number of dependencies in\r\n bom.\r\n minimum: 0\r\n type: integer\r\n required:\r\n - componentsCount\r\n - dependenciesCount\r\n type: object\r\n updateTimestamp:\r\n description: UpdateTimestamp is a timestamp representing the server\r\n time in UTC when this report was updated.\r\n format: date-time\r\n type: string\r\n required:\r\n - artifact\r\n - components\r\n - scanner\r\n - summary\r\n - updateTimestamp\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: apiextensions.k8s.io/v1\r\nkind: CustomResourceDefinition\r\nmetadata:\r\n annotations:\r\n controller-gen.kubebuilder.io/version: v0.18.0\r\n name: vulnerabilityreports.aquasecurity.github.io\r\nspec:\r\n group: aquasecurity.github.io\r\n names:\r\n kind: VulnerabilityReport\r\n listKind: VulnerabilityReportList\r\n plural: vulnerabilityreports\r\n shortNames:\r\n - vuln\r\n - vulns\r\n singular: vulnerabilityreport\r\n scope: Namespaced\r\n versions:\r\n - additionalPrinterColumns:\r\n - description: The name of image repository\r\n jsonPath: .report.artifact.repository\r\n name: Repository\r\n type: string\r\n - description: The name of image tag\r\n jsonPath: .report.artifact.tag\r\n name: Tag\r\n type: string\r\n - description: The name of the vulnerability scanner\r\n jsonPath: .report.scanner.name\r\n name: Scanner\r\n type: string\r\n - description: The age of the report\r\n jsonPath: .metadata.creationTimestamp\r\n name: Age\r\n type: date\r\n - description: The number of critical vulnerabilities\r\n jsonPath: .report.summary.criticalCount\r\n name: Critical\r\n priority: 1\r\n type: integer\r\n - description: The number of high vulnerabilities\r\n jsonPath: .report.summary.highCount\r\n name: High\r\n priority: 1\r\n type: integer\r\n - description: The number of medium vulnerabilities\r\n jsonPath: .report.summary.mediumCount\r\n name: Medium\r\n priority: 1\r\n type: integer\r\n - description: The number of low vulnerabilities\r\n jsonPath: .report.summary.lowCount\r\n name: Low\r\n priority: 1\r\n type: integer\r\n - description: The number of unknown vulnerabilities\r\n jsonPath: .report.summary.unknownCount\r\n name: Unknown\r\n priority: 1\r\n type: integer\r\n name: v1alpha1\r\n schema:\r\n openAPIV3Schema:\r\n description: |-\r\n VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages\r\n built into container images.\r\n properties:\r\n apiVersion:\r\n description: |-\r\n APIVersion defines the versioned schema of this representation of an object.\r\n Servers should convert recognized schemas to the latest internal value, and\r\n may reject unrecognized values.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources\r\n type: string\r\n kind:\r\n description: |-\r\n Kind is a string value representing the REST resource this object represents.\r\n Servers may infer this from the endpoint the client submits requests to.\r\n Cannot be updated.\r\n In CamelCase.\r\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\r\n type: string\r\n metadata:\r\n type: object\r\n report:\r\n description: Report is the actual vulnerability report data.\r\n properties:\r\n artifact:\r\n description: |-\r\n Artifact represents a standalone, executable package of software that includes everything needed to\r\n run an application.\r\n properties:\r\n digest:\r\n description: Digest is a unique and immutable identifier of an\r\n Artifact.\r\n type: string\r\n mimeType:\r\n description: MimeType represents a type and format of an Artifact.\r\n type: string\r\n repository:\r\n description: Repository is the name of the repository in the Artifact\r\n registry.\r\n type: string\r\n tag:\r\n description: Tag is a mutable, human-readable string used to identify\r\n an Artifact.\r\n type: string\r\n type: object\r\n os:\r\n description: OS information of the artifact\r\n properties:\r\n eosl:\r\n description: Eosl is true if OS version has reached end of service\r\n life\r\n type: boolean\r\n family:\r\n description: Operating System Family\r\n type: string\r\n name:\r\n description: Name or version of the OS\r\n type: string\r\n type: object\r\n registry:\r\n description: Registry is the registry the Artifact was pulled from.\r\n properties:\r\n server:\r\n description: Server the FQDN of registry server.\r\n type: string\r\n type: object\r\n scanner:\r\n description: Scanner is the scanner that generated this report.\r\n properties:\r\n name:\r\n description: Name the name of the scanner.\r\n type: string\r\n vendor:\r\n description: Vendor the name of the vendor providing the scanner.\r\n type: string\r\n version:\r\n description: Version the version of the scanner.\r\n type: string\r\n required:\r\n - name\r\n - vendor\r\n - version\r\n type: object\r\n summary:\r\n description: Summary is a summary of Vulnerability counts grouped\r\n by Severity.\r\n properties:\r\n criticalCount:\r\n description: CriticalCount is the number of vulnerabilities with\r\n Critical Severity.\r\n minimum: 0\r\n type: integer\r\n highCount:\r\n description: HighCount is the number of vulnerabilities with High\r\n Severity.\r\n minimum: 0\r\n type: integer\r\n lowCount:\r\n description: LowCount is the number of vulnerabilities with Low\r\n Severity.\r\n minimum: 0\r\n type: integer\r\n mediumCount:\r\n description: MediumCount is the number of vulnerabilities with\r\n Medium Severity.\r\n minimum: 0\r\n type: integer\r\n noneCount:\r\n description: NoneCount is the number of packages without any vulnerability.\r\n minimum: 0\r\n type: integer\r\n unknownCount:\r\n description: UnknownCount is the number of vulnerabilities with\r\n unknown severity.\r\n minimum: 0\r\n type: integer\r\n required:\r\n - criticalCount\r\n - highCount\r\n - lowCount\r\n - mediumCount\r\n - unknownCount\r\n type: object\r\n updateTimestamp:\r\n description: UpdateTimestamp is a timestamp representing the server\r\n time in UTC when this report was updated.\r\n format: date-time\r\n type: string\r\n vulnerabilities:\r\n description: Vulnerabilities is a list of operating system (OS) or\r\n application software Vulnerability items found in the Artifact.\r\n items:\r\n description: Vulnerability is the spec for a vulnerability record.\r\n properties:\r\n class:\r\n type: string\r\n cvss:\r\n additionalProperties:\r\n properties:\r\n V2Score:\r\n type: number\r\n V2Vector:\r\n type: string\r\n V3Score:\r\n type: number\r\n V3Vector:\r\n type: string\r\n V40Score:\r\n type: number\r\n V40Vector:\r\n type: string\r\n type: object\r\n type: object\r\n cvsssource:\r\n type: string\r\n description:\r\n type: string\r\n fixedVersion:\r\n description: FixedVersion indicates the version of the Resource\r\n in which this vulnerability has been fixed.\r\n type: string\r\n installedVersion:\r\n description: InstalledVersion indicates the installed version\r\n of the Resource.\r\n type: string\r\n lastModifiedDate:\r\n description: LastModifiedDate indicates the last date CVE has\r\n been modified.\r\n type: string\r\n links:\r\n items:\r\n type: string\r\n type: array\r\n packagePURL:\r\n type: string\r\n packagePath:\r\n type: string\r\n packageType:\r\n type: string\r\n primaryLink:\r\n type: string\r\n publishedDate:\r\n description: PublishedDate indicates the date of published CVE.\r\n type: string\r\n resource:\r\n description: Resource is a vulnerable package, application,\r\n or library.\r\n type: string\r\n score:\r\n type: number\r\n severity:\r\n description: Severity level of a vulnerability or a configuration\r\n audit check.\r\n enum:\r\n - CRITICAL\r\n - HIGH\r\n - MEDIUM\r\n - LOW\r\n - UNKNOWN\r\n type: string\r\n target:\r\n type: string\r\n title:\r\n type: string\r\n vulnerabilityID:\r\n description: VulnerabilityID the vulnerability identifier.\r\n type: string\r\n required:\r\n - fixedVersion\r\n - installedVersion\r\n - lastModifiedDate\r\n - publishedDate\r\n - resource\r\n - severity\r\n - title\r\n - vulnerabilityID\r\n type: object\r\n type: array\r\n required:\r\n - artifact\r\n - os\r\n - scanner\r\n - summary\r\n - updateTimestamp\r\n - vulnerabilities\r\n type: object\r\n required:\r\n - report\r\n type: object\r\n x-kubernetes-preserve-unknown-fields: true\r\n served: true\r\n storage: true\r\n subresources: {}\r\n---\r\napiVersion: v1\r\nkind: Namespace\r\nmetadata:\r\n name: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\n---\r\n# Source: trivy-operator/templates/configmaps/operator.yaml\r\napiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\ndata:\r\n nodeCollector.volumes: "[{\\"hostPath\\":{\\"path\\":\\"/var/lib/etcd\\"},\\"name\\":\\"var-lib-etcd\\"},{\\"hostPath\\":{\\"path\\":\\"/var/lib/kubelet\\"},\\"name\\":\\"var-lib-kubelet\\"},{\\"hostPath\\":{\\"path\\":\\"/var/lib/kube-scheduler\\"},\\"name\\":\\"var-lib-kube-scheduler\\"},{\\"hostPath\\":{\\"path\\":\\"/var/lib/kube-controller-manager\\"},\\"name\\":\\"var-lib-kube-controller-manager\\"},{\\"hostPath\\":{\\"path\\":\\"/etc/systemd\\"},\\"name\\":\\"etc-systemd\\"},{\\"hostPath\\":{\\"path\\":\\"/lib/systemd\\"},\\"name\\":\\"lib-systemd\\"},{\\"hostPath\\":{\\"path\\":\\"/etc/kubernetes\\"},\\"name\\":\\"etc-kubernetes\\"},{\\"hostPath\\":{\\"path\\":\\"/etc/cni/net.d/\\"},\\"name\\":\\"etc-cni-netd\\"}]"\r\n nodeCollector.volumeMounts: "[{\\"mountPath\\":\\"/var/lib/etcd\\",\\"name\\":\\"var-lib-etcd\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/var/lib/kubelet\\",\\"name\\":\\"var-lib-kubelet\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/var/lib/kube-scheduler\\",\\"name\\":\\"var-lib-kube-scheduler\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/var/lib/kube-controller-manager\\",\\"name\\":\\"var-lib-kube-controller-manager\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/etc/systemd\\",\\"name\\":\\"etc-systemd\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/lib/systemd/\\",\\"name\\":\\"lib-systemd\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/etc/kubernetes\\",\\"name\\":\\"etc-kubernetes\\",\\"readOnly\\":true},{\\"mountPath\\":\\"/etc/cni/net.d/\\",\\"name\\":\\"etc-cni-netd\\",\\"readOnly\\":true}]"\r\n scanJob.useGCRServiceAccount: "true"\r\n scanJob.podTemplateContainerSecurityContext: "{\\"allowPrivilegeEscalation\\":false,\\"capabilities\\":{\\"drop\\":[\\"ALL\\"]},\\"privileged\\":false,\\"readOnlyRootFilesystem\\":true,\\"runAsUser\\":0}"\r\n scanJob.compressLogs: "true"\r\n vulnerabilityReports.scanner: "Trivy"\r\n vulnerabilityReports.scanJobsInSameNamespace: "false"\r\n configAuditReports.scanner: "Trivy"\r\n compliance.failEntriesLimit: "10"\r\n report.recordFailedChecksOnly: "true"\r\n node.collector.imageRef: "ghcr.io/aquasecurity/node-collector:0.3.1"\r\n policies.bundle.oci.ref: "mirror.gcr.io/aquasec/trivy-checks:1"\r\n policies.bundle.insecure: "false"\r\n\r\n node.collector.nodeSelector: "true"\r\n---\r\n# Source: trivy-operator/templates/configmaps/trivy-operator-config.yaml\r\nkind: ConfigMap\r\napiVersion: v1\r\nmetadata:\r\n name: trivy-operator-config\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\ndata:\r\n OPERATOR_LOG_DEV_MODE: "false"\r\n OPERATOR_SCAN_JOB_TTL: ""\r\n OPERATOR_SCAN_JOB_TIMEOUT: "5m"\r\n OPERATOR_CONCURRENT_SCAN_JOBS_LIMIT: "5"\r\n OPERATOR_CONCURRENT_NODE_COLLECTOR_LIMIT: "1"\r\n OPERATOR_SCAN_JOB_RETRY_AFTER: "30s"\r\n OPERATOR_BATCH_DELETE_LIMIT: "10"\r\n OPERATOR_BATCH_DELETE_DELAY: "10s"\r\n OPERATOR_METRICS_BIND_ADDRESS: ":8080"\r\n OPERATOR_METRICS_FINDINGS_ENABLED: "true"\r\n OPERATOR_METRICS_VULN_ID_ENABLED: "false"\r\n OPERATOR_HEALTH_PROBE_BIND_ADDRESS: ":9090"\r\n OPERATOR_PPROF_BIND_ADDRESS: ""\r\n OPERATOR_VULNERABILITY_SCANNER_ENABLED: "true"\r\n OPERATOR_SBOM_GENERATION_ENABLED: "true"\r\n OPERATOR_CLUSTER_SBOM_CACHE_ENABLED: "false"\r\n OPERATOR_VULNERABILITY_SCANNER_SCAN_ONLY_CURRENT_REVISIONS: "true"\r\n OPERATOR_SCANNER_REPORT_TTL: "24h"\r\n OPERATOR_CACHE_REPORT_TTL: "120h"\r\n CONTROLLER_CACHE_SYNC_TIMEOUT: "5m"\r\n OPERATOR_CONFIG_AUDIT_SCANNER_ENABLED: "true"\r\n OPERATOR_RBAC_ASSESSMENT_SCANNER_ENABLED: "true"\r\n OPERATOR_INFRA_ASSESSMENT_SCANNER_ENABLED: "true"\r\n OPERATOR_CONFIG_AUDIT_SCANNER_SCAN_ONLY_CURRENT_REVISIONS: "true"\r\n OPERATOR_EXPOSED_SECRET_SCANNER_ENABLED: "true"\r\n OPERATOR_METRICS_EXPOSED_SECRET_INFO_ENABLED: "false"\r\n OPERATOR_METRICS_CONFIG_AUDIT_INFO_ENABLED: "false"\r\n OPERATOR_METRICS_RBAC_ASSESSMENT_INFO_ENABLED: "false"\r\n OPERATOR_METRICS_INFRA_ASSESSMENT_INFO_ENABLED: "false"\r\n OPERATOR_METRICS_IMAGE_INFO_ENABLED: "false"\r\n OPERATOR_METRICS_CLUSTER_COMPLIANCE_INFO_ENABLED: "false"\r\n OPERATOR_WEBHOOK_BROADCAST_URL: ""\r\n OPERATOR_WEBHOOK_BROADCAST_TIMEOUT: "30s"\r\n OPERATOR_WEBHOOK_BROADCAST_CUSTOM_HEADERS: ""\r\n OPERATOR_SEND_DELETED_REPORTS: "false"\r\n OPERATOR_PRIVATE_REGISTRY_SCAN_SECRETS_NAMES: "{}"\r\n OPERATOR_ACCESS_GLOBAL_SECRETS_SERVICE_ACCOUNTS: "true"\r\n OPERATOR_BUILT_IN_TRIVY_SERVER: "false"\r\n TRIVY_SERVER_HEALTH_CHECK_CACHE_EXPIRATION: "10h"\r\n OPERATOR_MERGE_RBAC_FINDING_WITH_CONFIG_AUDIT: "false"\r\n OPERATOR_CLUSTER_COMPLIANCE_ENABLED: "true"\r\n---\r\n# Source: trivy-operator/templates/configmaps/trivy.yaml\r\napiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n name: trivy-operator-trivy-config\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\ndata:\r\n trivy.repository: "mirror.gcr.io/aquasec/trivy"\r\n trivy.tag: "0.69.3"\r\n trivy.imagePullPolicy: "IfNotPresent"\r\n trivy.additionalVulnerabilityReportFields: ""\r\n trivy.severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"\r\n trivy.slow: "true"\r\n trivy.skipJavaDBUpdate: "false"\r\n trivy.includeDevDeps: "false"\r\n trivy.imageScanCacheDir: "/tmp/trivy/.cache"\r\n trivy.filesystemScanCacheDir: "/var/trivyoperator/trivy-db"\r\n trivy.dbRepository: "mirror.gcr.io/aquasec/trivy-db"\r\n trivy.javaDbRepository: "mirror.gcr.io/aquasec/trivy-java-db"\r\n trivy.command: "filesystem"\r\n trivy.ignoreUnfixed: "true"\r\n trivy.sbomSources: ""\r\n trivy.dbRepositoryInsecure: "false"\r\n trivy.useBuiltinRegoPolicies: "false"\r\n trivy.useEmbeddedRegoPolicies: "true"\r\n trivy.supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"\r\n trivy.timeout: "5m0s"\r\n trivy.mode: "Standalone"\r\n trivy.resources.requests.cpu: "100m"\r\n trivy.resources.requests.memory: "100M"\r\n trivy.resources.limits.cpu: "500m"\r\n trivy.resources.limits.memory: "500M"\r\n---\r\n# Source: trivy-operator/templates/secrets/operator.yaml\r\napiVersion: v1\r\nkind: Secret\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\ndata:\r\n---\r\n# Source: trivy-operator/templates/secrets/trivy.yaml\r\napiVersion: v1\r\nkind: Secret\r\nmetadata:\r\n name: trivy-operator-trivy-config\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\ndata:\r\n---\r\n# Source: trivy-operator/templates/deployment.yaml\r\napiVersion: apps/v1\r\nkind: Deployment\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nspec:\r\n replicas: 1\r\n strategy:\r\n type: Recreate\r\n selector:\r\n matchLabels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n template:\r\n metadata:\r\n annotations:\r\n checksum/config: 31d4af34c2224d1fca88bd22b862d4a01ff98f99897807ca53944b3115c34420\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n spec:\r\n serviceAccountName: trivy-operator\r\n automountServiceAccountToken: true\r\n containers:\r\n - name: "trivy-operator"\r\n image: "mirror.gcr.io/aquasec/trivy-operator:0.30.1"\r\n imagePullPolicy: IfNotPresent\r\n env:\r\n - name: OPERATOR_NAMESPACE\r\n value: trivy-system\r\n - name: OPERATOR_TARGET_NAMESPACES\r\n value: ""\r\n - name: OPERATOR_EXCLUDE_NAMESPACES\r\n value: ""\r\n - name: OPERATOR_TARGET_WORKLOADS\r\n value: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"\r\n - name: OPERATOR_SERVICE_ACCOUNT\r\n value: "trivy-operator"\r\n envFrom:\r\n - configMapRef:\r\n name: trivy-operator-config\r\n ports:\r\n - name: metrics\r\n containerPort: 8080\r\n - name: probes\r\n containerPort: 9090\r\n readinessProbe:\r\n httpGet:\r\n path: /readyz/\r\n port: probes\r\n initialDelaySeconds: 5\r\n periodSeconds: 10\r\n successThreshold: 1\r\n failureThreshold: 3\r\n livenessProbe:\r\n httpGet:\r\n path: /healthz/\r\n port: probes\r\n initialDelaySeconds: 5\r\n periodSeconds: 10\r\n successThreshold: 1\r\n failureThreshold: 10\r\n securityContext:\r\n allowPrivilegeEscalation: false\r\n capabilities:\r\n drop:\r\n - ALL\r\n privileged: false\r\n readOnlyRootFilesystem: true\r\n volumeMounts:\r\n - mountPath: /tmp\r\n name: cache-policies\r\n readOnly: false\r\n volumes:\r\n - emptyDir: {}\r\n name: cache-policies\r\n---\r\n# Source: trivy-operator/templates/monitor/service.yaml\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nspec:\r\n clusterIP: None\r\n ports:\r\n - name: metrics\r\n port: 80\r\n targetPort: metrics\r\n protocol: TCP\r\n appProtocol: TCP\r\n selector:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n type: ClusterIP\r\n---\r\n# Source: trivy-operator/templates/rbac/clusterrole.yaml\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: ClusterRole\r\nmetadata:\r\n name: trivy-operator\r\nrules:\r\n- apiGroups:\r\n - ""\r\n resources:\r\n - configmaps\r\n - limitranges\r\n - nodes\r\n - pods\r\n - replicationcontrollers\r\n - resourcequotas\r\n - services\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - ""\r\n resources:\r\n - namespaces\r\n verbs:\r\n - get\r\n- apiGroups:\r\n - ""\r\n resources:\r\n - pods/log\r\n verbs:\r\n - get\r\n - list\r\n- apiGroups:\r\n - apiextensions.k8s.io\r\n resources:\r\n - customresourcedefinitions\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - apps\r\n resources:\r\n - daemonsets\r\n - deployments\r\n - replicasets\r\n - statefulsets\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - apps.openshift.io\r\n resources:\r\n - deploymentconfigs\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - aquasecurity.github.io\r\n resources:\r\n - clustercompliancedetailreports\r\n - clustercompliancereports\r\n - clusterconfigauditreports\r\n - clusterinfraassessmentreports\r\n - clusterrbacassessmentreports\r\n - clustersbomreports\r\n - clustervulnerabilityreports\r\n - configauditreports\r\n - exposedsecretreports\r\n - infraassessmentreports\r\n - rbacassessmentreports\r\n - sbomreports\r\n - vulnerabilityreports\r\n verbs:\r\n - create\r\n - delete\r\n - get\r\n - list\r\n - patch\r\n - update\r\n - watch\r\n- apiGroups:\r\n - aquasecurity.github.io\r\n resources:\r\n - clustercompliancereports/status\r\n verbs:\r\n - get\r\n - patch\r\n - update\r\n- apiGroups:\r\n - batch\r\n resources:\r\n - cronjobs\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - batch\r\n resources:\r\n - jobs\r\n verbs:\r\n - create\r\n - delete\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - networking.k8s.io\r\n resources:\r\n - ingresses\r\n - networkpolicies\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - rbac.authorization.k8s.io\r\n resources:\r\n - clusterrolebindings\r\n - clusterroles\r\n - rolebindings\r\n - roles\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n- apiGroups:\r\n - ""\r\n resources:\r\n - secrets\r\n verbs:\r\n - create\r\n - get\r\n - update\r\n- apiGroups:\r\n - ""\r\n resources:\r\n - serviceaccounts\r\n verbs:\r\n - get\r\n- apiGroups:\r\n - ""\r\n resources:\r\n - nodes/proxy\r\n verbs:\r\n - get\r\n---\r\n# Source: trivy-operator/templates/rbac/clusterrolebinding.yaml\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: ClusterRoleBinding\r\nmetadata:\r\n name: trivy-operator\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nroleRef:\r\n apiGroup: rbac.authorization.k8s.io\r\n kind: ClusterRole\r\n name: trivy-operator\r\nsubjects:\r\n - kind: ServiceAccount\r\n name: trivy-operator\r\n namespace: trivy-system\r\n---\r\n# Source: trivy-operator/templates/rbac/leader-election-role.yaml\r\n# permissions to do leader election.\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: Role\r\nmetadata:\r\n name: trivy-operator-leader-election\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nrules:\r\n - apiGroups:\r\n - coordination.k8s.io\r\n resources:\r\n - leases\r\n verbs:\r\n - create\r\n - get\r\n - update\r\n - apiGroups:\r\n - ""\r\n resources:\r\n - events\r\n verbs:\r\n - create\r\n---\r\n# Source: trivy-operator/templates/rbac/leader-election-rolebinding.yaml\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: RoleBinding\r\nmetadata:\r\n name: trivy-operator-leader-election\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nroleRef:\r\n apiGroup: rbac.authorization.k8s.io\r\n kind: Role\r\n name: trivy-operator-leader-election\r\nsubjects:\r\n - kind: ServiceAccount\r\n name: trivy-operator\r\n namespace: trivy-system\r\n---\r\n# Source: trivy-operator/templates/rbac/role.yaml\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: Role\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nrules:\r\n - apiGroups:\r\n - ""\r\n resources:\r\n - configmaps\r\n verbs:\r\n - create\r\n - get\r\n - list\r\n - watch\r\n - apiGroups:\r\n - ""\r\n resources:\r\n - secrets\r\n verbs:\r\n - create\r\n - get\r\n - delete\r\n - update\r\n---\r\n# Source: trivy-operator/templates/rbac/rolebinding.yaml\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: RoleBinding\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\nroleRef:\r\n apiGroup: rbac.authorization.k8s.io\r\n kind: Role\r\n name: trivy-operator\r\nsubjects:\r\n - kind: ServiceAccount\r\n name: trivy-operator\r\n namespace: trivy-system\r\n---\r\n# Source: trivy-operator/templates/rbac/view-configauditreports-clusterrole.yaml\r\n# permissions for end users to view configauditreports\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: ClusterRole\r\nmetadata:\r\n name: aggregate-config-audit-reports-view\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\n rbac.authorization.k8s.io/aggregate-to-view: "true"\r\n rbac.authorization.k8s.io/aggregate-to-edit: "true"\r\n rbac.authorization.k8s.io/aggregate-to-admin: "true"\r\n rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"\r\nrules:\r\n - apiGroups:\r\n - aquasecurity.github.io\r\n resources:\r\n - configauditreports\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n---\r\n# Source: trivy-operator/templates/rbac/view-exposedsecretreports-clusterrole.yaml\r\n# permissions for end users to view exposedsecretreports\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: ClusterRole\r\nmetadata:\r\n name: aggregate-exposed-secret-reports-view\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\n rbac.authorization.k8s.io/aggregate-to-view: "true"\r\n rbac.authorization.k8s.io/aggregate-to-edit: "true"\r\n rbac.authorization.k8s.io/aggregate-to-admin: "true"\r\n rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"\r\nrules:\r\n - apiGroups:\r\n - aquasecurity.github.io\r\n resources:\r\n - exposedsecretreports\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n---\r\n# Source: trivy-operator/templates/rbac/view-vulnerabilityreports-clusterrole.yaml\r\n# permissions for end users to view vulnerabilityreports\r\napiVersion: rbac.authorization.k8s.io/v1\r\nkind: ClusterRole\r\nmetadata:\r\n name: aggregate-vulnerability-reports-view\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl\r\n rbac.authorization.k8s.io/aggregate-to-view: "true"\r\n rbac.authorization.k8s.io/aggregate-to-edit: "true"\r\n rbac.authorization.k8s.io/aggregate-to-admin: "true"\r\n rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"\r\nrules:\r\n - apiGroups:\r\n - aquasecurity.github.io\r\n resources:\r\n - vulnerabilityreports\r\n verbs:\r\n - get\r\n - list\r\n - watch\r\n---\r\n# Source: trivy-operator/templates/serviceaccount.yaml\r\napiVersion: v1\r\nkind: ServiceAccount\r\nmetadata:\r\n name: trivy-operator\r\n namespace: trivy-system\r\n labels:\r\n app.kubernetes.io/name: trivy-operator\r\n app.kubernetes.io/instance: trivy-operator\r\n app.kubernetes.io/version: "0.30.1"\r\n app.kubernetes.io/managed-by: kubectl';
|
|
1033
|
+
|
|
1034
|
+
// src/back/index.ts
|
|
1035
|
+
var TRIVY_API_VERSION = "v1alpha1";
|
|
1036
|
+
var TRIVY_API_GROUP = "aquasecurity.github.io";
|
|
1037
|
+
var TRIVY_API_VULN_PLURAL = "vulnerabilityreports";
|
|
1038
|
+
var TRIVY_API_AUDIT_PLURAL = "configauditreports";
|
|
1039
|
+
var TRIVY_API_SBOM_PLURAL = "sbomreports";
|
|
1040
|
+
var TRIVY_API_EXPOSED_PLURAL = "exposedsecretreports";
|
|
1041
|
+
var TrivyChannel = class {
|
|
1042
|
+
channelId = "trivy";
|
|
1043
|
+
requirements = { storage: false, providers: [] };
|
|
1044
|
+
clusterInfo;
|
|
1045
|
+
backChannelObject;
|
|
1046
|
+
informers = /* @__PURE__ */ new Map();
|
|
1047
|
+
webSockets = [];
|
|
1048
|
+
constructor(clusterInfo, backChannelObject) {
|
|
1049
|
+
this.clusterInfo = clusterInfo;
|
|
1050
|
+
this.backChannelObject = backChannelObject;
|
|
1051
|
+
}
|
|
1052
|
+
getChannelData = () => ({
|
|
1053
|
+
id: this.channelId,
|
|
1054
|
+
routable: false,
|
|
1055
|
+
pauseable: false,
|
|
1056
|
+
modifiable: false,
|
|
1057
|
+
reconnectable: false,
|
|
1058
|
+
metrics: false,
|
|
1059
|
+
sources: [import_kwirth_common.EClusterType.KUBERNETES],
|
|
1060
|
+
endpoints: [{ name: "operator", methods: ["GET"], requiresAccessKey: true }],
|
|
1061
|
+
websocket: false,
|
|
1062
|
+
cluster: false,
|
|
1063
|
+
resourced: true
|
|
1064
|
+
});
|
|
1065
|
+
getChannelScopeLevel = (scope) => ["", "trivy$workload", "trivy$kubernetes", "cluster"].indexOf(scope);
|
|
1066
|
+
startChannel = async () => {
|
|
1067
|
+
};
|
|
1068
|
+
processProviderEvent(_providerId, _obj) {
|
|
1069
|
+
}
|
|
1070
|
+
async endpointRequest(endpoint, req, res) {
|
|
1071
|
+
console.log(`[trivy] endpointRequest: ${endpoint} ${req.method} ${req.url}`);
|
|
1072
|
+
const action = req.query["action"];
|
|
1073
|
+
switch (action) {
|
|
1074
|
+
case "install":
|
|
1075
|
+
try {
|
|
1076
|
+
await (0, import_kwirth_common_back.applyAllResources)(trivy_operator_0_30_1_default, this.clusterInfo);
|
|
1077
|
+
res.status(200).send("ok");
|
|
1078
|
+
} catch (err) {
|
|
1079
|
+
res.status(500).send(err);
|
|
1080
|
+
}
|
|
1081
|
+
break;
|
|
1082
|
+
case "remove":
|
|
1083
|
+
try {
|
|
1084
|
+
await (0, import_kwirth_common_back.deleteAllResources)(trivy_operator_0_30_1_default, this.clusterInfo);
|
|
1085
|
+
res.status(200).send();
|
|
1086
|
+
} catch (err) {
|
|
1087
|
+
res.status(500).send(err);
|
|
1088
|
+
}
|
|
1089
|
+
break;
|
|
1090
|
+
case "status":
|
|
1091
|
+
try {
|
|
1092
|
+
const cm = await this.clusterInfo.coreApi?.readNamespacedConfigMap({ name: "trivy-operator-trivy-config", namespace: "trivy-system" });
|
|
1093
|
+
if (!cm.data) {
|
|
1094
|
+
res.status(404).send(`No Trivy config map exist on namespace 'trivy-system', Trivy seems not to be installed.`);
|
|
1095
|
+
} else {
|
|
1096
|
+
res.status(200).send(`Installed [${cm.data["trivy.command"]}, 0.30.1]`);
|
|
1097
|
+
}
|
|
1098
|
+
} catch (err) {
|
|
1099
|
+
res.status(200).send(`Not installed (Trivy configMap not found in 'trivy-system')`);
|
|
1100
|
+
}
|
|
1101
|
+
break;
|
|
1102
|
+
default:
|
|
1103
|
+
res.status(500).send("Invalid action " + action);
|
|
1104
|
+
}
|
|
1105
|
+
}
|
|
1106
|
+
async websocketRequest(_newWebSocket) {
|
|
1107
|
+
}
|
|
1108
|
+
containsAsset = (webSocket, podNamespace, podName, containerName) => {
|
|
1109
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1110
|
+
return socket?.instances.some((i) => i.assets.some((a) => a.podNamespace === podNamespace && a.podName === podName && a.containerName === containerName)) ?? false;
|
|
1111
|
+
};
|
|
1112
|
+
containsInstance = (instanceId) => this.webSockets.some((s) => s.instances.find((i) => i.instanceId === instanceId));
|
|
1113
|
+
processCommand = async (webSocket, instanceMessage) => {
|
|
1114
|
+
if (instanceMessage.flow === import_kwirth_common.EInstanceMessageFlow.IMMEDIATE) return false;
|
|
1115
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1116
|
+
if (!socket) return false;
|
|
1117
|
+
const instance = socket.instances.find((i) => i.instanceId === instanceMessage.instance);
|
|
1118
|
+
if (!instance) {
|
|
1119
|
+
this.sendSignalMessage(webSocket, instanceMessage.action, import_kwirth_common.EInstanceMessageFlow.RESPONSE, import_kwirth_common.ESignalMessageLevel.ERROR, instanceMessage.instance, `Instance not found`);
|
|
1120
|
+
return false;
|
|
1121
|
+
}
|
|
1122
|
+
const resp = await this.executeCommand(instanceMessage, instance);
|
|
1123
|
+
if (resp) webSocket.send(JSON.stringify(resp));
|
|
1124
|
+
return Boolean(resp);
|
|
1125
|
+
};
|
|
1126
|
+
addObject = async (webSocket, instanceConfig, podNamespace, podName, containerName) => {
|
|
1127
|
+
let socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1128
|
+
if (!socket) {
|
|
1129
|
+
const len = this.webSockets.push({ ws: webSocket, lastRefresh: Date.now(), instances: [] });
|
|
1130
|
+
socket = this.webSockets[len - 1];
|
|
1131
|
+
}
|
|
1132
|
+
let instance = socket.instances.find((i) => i.instanceId === instanceConfig.instance);
|
|
1133
|
+
if (!instance) {
|
|
1134
|
+
instance = { accessKey: (0, import_kwirth_common.accessKeyDeserialize)(instanceConfig.accessKey), instanceId: instanceConfig.instance, assets: [], maxCritical: 0, maxHigh: 0, maxMedium: 0, maxLow: 0 };
|
|
1135
|
+
socket.instances.push(instance);
|
|
1136
|
+
}
|
|
1137
|
+
const ic = instanceConfig.data;
|
|
1138
|
+
if (ic) {
|
|
1139
|
+
instance.maxCritical = ic.maxCritical;
|
|
1140
|
+
instance.maxHigh = ic.maxHigh;
|
|
1141
|
+
instance.maxMedium = ic.maxMedium;
|
|
1142
|
+
instance.maxLow = ic.maxLow;
|
|
1143
|
+
}
|
|
1144
|
+
const asset = { podNamespace, podName, containerName };
|
|
1145
|
+
const sendIfKnown = (result) => {
|
|
1146
|
+
if (!result.known) return;
|
|
1147
|
+
const payload = {
|
|
1148
|
+
msgtype: "trivymessageresponse",
|
|
1149
|
+
msgsubtype: "add",
|
|
1150
|
+
id: "",
|
|
1151
|
+
namespace: asset.podNamespace,
|
|
1152
|
+
group: "",
|
|
1153
|
+
pod: asset.podName,
|
|
1154
|
+
container: asset.containerName,
|
|
1155
|
+
action: import_kwirth_common.EInstanceMessageAction.NONE,
|
|
1156
|
+
flow: import_kwirth_common.EInstanceMessageFlow.UNSOLICITED,
|
|
1157
|
+
type: import_kwirth_common.EInstanceMessageType.DATA,
|
|
1158
|
+
channel: import_kwirth_common.EInstanceMessageChannel.TRIVY,
|
|
1159
|
+
instance: instance.instanceId
|
|
1160
|
+
};
|
|
1161
|
+
payload.data = result;
|
|
1162
|
+
webSocket.send(JSON.stringify(payload));
|
|
1163
|
+
};
|
|
1164
|
+
sendIfKnown(await this.getAssetVulnReport(instance, asset));
|
|
1165
|
+
sendIfKnown(await this.getAssetAuditReport(instance, asset));
|
|
1166
|
+
sendIfKnown(await this.getAssetSbomReport(instance, asset));
|
|
1167
|
+
sendIfKnown(await this.getAssetExposedReport(instance, asset));
|
|
1168
|
+
instance.assets.push(asset);
|
|
1169
|
+
for (const plural of [TRIVY_API_VULN_PLURAL, TRIVY_API_AUDIT_PLURAL, TRIVY_API_SBOM_PLURAL, TRIVY_API_EXPOSED_PLURAL]) {
|
|
1170
|
+
if (!this.informers.has(plural)) {
|
|
1171
|
+
const informer = this.createInformer(webSocket, instance, plural);
|
|
1172
|
+
this.informers.set(plural, informer);
|
|
1173
|
+
informer.start();
|
|
1174
|
+
}
|
|
1175
|
+
}
|
|
1176
|
+
return true;
|
|
1177
|
+
};
|
|
1178
|
+
deleteObject = async (webSocket, instanceConfig, podNamespace, podName, containerName) => {
|
|
1179
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1180
|
+
const instance = socket?.instances.find((i) => i.instanceId === instanceConfig.instance);
|
|
1181
|
+
if (instance) instance.assets = instance.assets.filter((a) => !(a.podNamespace === podNamespace && a.podName === podName && (containerName === "" || a.containerName === containerName)));
|
|
1182
|
+
return true;
|
|
1183
|
+
};
|
|
1184
|
+
pauseContinueInstance(_webSocket, _instanceConfig, _action) {
|
|
1185
|
+
}
|
|
1186
|
+
modifyInstance(_webSocket, _instanceConfig) {
|
|
1187
|
+
}
|
|
1188
|
+
stopInstance = (webSocket, instanceConfig) => {
|
|
1189
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1190
|
+
if (socket?.instances.find((i) => i.instanceId === instanceConfig.instance)) {
|
|
1191
|
+
this.removeInstance(webSocket, instanceConfig.instance);
|
|
1192
|
+
this.sendSignalMessage(webSocket, import_kwirth_common.EInstanceMessageAction.STOP, import_kwirth_common.EInstanceMessageFlow.RESPONSE, import_kwirth_common.ESignalMessageLevel.INFO, instanceConfig.instance, "Trivy instance stopped");
|
|
1193
|
+
} else {
|
|
1194
|
+
this.sendSignalMessage(webSocket, import_kwirth_common.EInstanceMessageAction.STOP, import_kwirth_common.EInstanceMessageFlow.RESPONSE, import_kwirth_common.ESignalMessageLevel.ERROR, instanceConfig.instance, `Trivy instance not found`);
|
|
1195
|
+
}
|
|
1196
|
+
};
|
|
1197
|
+
removeInstance = (webSocket, instanceId) => {
|
|
1198
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1199
|
+
if (socket) {
|
|
1200
|
+
const pos = socket.instances.findIndex((t) => t.instanceId === instanceId);
|
|
1201
|
+
if (pos >= 0) socket.instances.splice(pos, 1);
|
|
1202
|
+
}
|
|
1203
|
+
};
|
|
1204
|
+
containsConnection = (webSocket) => Boolean(this.webSockets.find((s) => s.ws === webSocket));
|
|
1205
|
+
removeConnection = (webSocket) => {
|
|
1206
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1207
|
+
if (socket) {
|
|
1208
|
+
for (const id of socket.instances.map((i) => i.instanceId)) this.removeInstance(webSocket, id);
|
|
1209
|
+
const pos = this.webSockets.findIndex((s) => s.ws === webSocket);
|
|
1210
|
+
this.webSockets.splice(pos, 1);
|
|
1211
|
+
}
|
|
1212
|
+
};
|
|
1213
|
+
refreshConnection = (webSocket) => {
|
|
1214
|
+
const socket = this.webSockets.find((s) => s.ws === webSocket);
|
|
1215
|
+
if (socket) {
|
|
1216
|
+
socket.lastRefresh = Date.now();
|
|
1217
|
+
return true;
|
|
1218
|
+
}
|
|
1219
|
+
return false;
|
|
1220
|
+
};
|
|
1221
|
+
updateConnection = (_newWebSocket, _instanceId) => false;
|
|
1222
|
+
// ─── PRIVATE ────────────────────────────────────────────────────────────────
|
|
1223
|
+
sendSignalMessage = (ws, action, flow, level, instanceId, text) => {
|
|
1224
|
+
ws.send(JSON.stringify({ action, flow, channel: import_kwirth_common.EInstanceMessageChannel.TRIVY, instance: instanceId, type: import_kwirth_common.EInstanceMessageType.SIGNAL, text, level }));
|
|
1225
|
+
};
|
|
1226
|
+
checkScopes = (instance, scope) => {
|
|
1227
|
+
const resources = (0, import_kwirth_common.parseResources)(instance.accessKey.resources);
|
|
1228
|
+
const requiredLevel = this.getChannelScopeLevel(scope);
|
|
1229
|
+
return resources.some((r) => r.scopes.split(",").some((sc) => this.getChannelScopeLevel(sc) >= requiredLevel));
|
|
1230
|
+
};
|
|
1231
|
+
createInformer = (webSocket, instance, plural) => {
|
|
1232
|
+
const path = `/apis/${TRIVY_API_GROUP}/${TRIVY_API_VERSION}/${plural}`;
|
|
1233
|
+
const listFunction = () => this.clusterInfo.crdApi.listCustomObjectForAllNamespaces({ group: TRIVY_API_GROUP, version: TRIVY_API_VERSION, plural }).then((res) => {
|
|
1234
|
+
const typedBody = res;
|
|
1235
|
+
return typedBody;
|
|
1236
|
+
});
|
|
1237
|
+
const informer = (0, import_client_node.makeInformer)(this.clusterInfo.kubeConfig, path, listFunction);
|
|
1238
|
+
informer.on("add", (obj) => this.processInformerEvent(webSocket, instance, plural, "add", obj));
|
|
1239
|
+
informer.on("update", (obj) => this.processInformerEvent(webSocket, instance, plural, "update", obj));
|
|
1240
|
+
informer.on("delete", (obj) => this.processInformerEvent(webSocket, instance, plural, "delete", obj));
|
|
1241
|
+
informer.on("error", (err) => {
|
|
1242
|
+
try {
|
|
1243
|
+
console.error("[trivy] Informer error:", err);
|
|
1244
|
+
if (err["HTTP-Code"] === "404" || err.statusCode === 404)
|
|
1245
|
+
console.log("[trivy] CRD not found, informer will not restart");
|
|
1246
|
+
else
|
|
1247
|
+
setTimeout(() => {
|
|
1248
|
+
informer.start();
|
|
1249
|
+
console.log("[trivy] Informer restarted");
|
|
1250
|
+
}, 5e3);
|
|
1251
|
+
} catch (e) {
|
|
1252
|
+
console.error("[trivy] Error managing informer error:", e);
|
|
1253
|
+
}
|
|
1254
|
+
});
|
|
1255
|
+
return informer;
|
|
1256
|
+
};
|
|
1257
|
+
async getReport(plural, instance, asset, withContainer) {
|
|
1258
|
+
try {
|
|
1259
|
+
const crdName = await this.getCrdName(asset.podNamespace, asset.podName, withContainer ? asset.containerName : void 0);
|
|
1260
|
+
if (crdName) {
|
|
1261
|
+
try {
|
|
1262
|
+
const crdObject = await this.clusterInfo.crdApi.getNamespacedCustomObject({ group: TRIVY_API_GROUP, version: TRIVY_API_VERSION, namespace: asset.podNamespace, plural, name: crdName });
|
|
1263
|
+
return { resource: plural, known: { container: asset.containerName, name: asset.podName, namespace: asset.podNamespace, report: crdObject.report } };
|
|
1264
|
+
} catch (err) {
|
|
1265
|
+
return { resource: plural, unknown: { container: asset.containerName, name: asset.podName, namespace: asset.podNamespace, statusCode: 0, statusMessage: err.toString() } };
|
|
1266
|
+
}
|
|
1267
|
+
}
|
|
1268
|
+
return { resource: plural, unknown: { container: asset.containerName, name: asset.podName, namespace: asset.podNamespace, statusCode: 999, statusMessage: "Cannot get CRD name" } };
|
|
1269
|
+
} catch (err) {
|
|
1270
|
+
console.error("[trivy] Caught error:", err);
|
|
1271
|
+
return { resource: plural, unknown: { container: asset.containerName, name: asset.podName, namespace: asset.podNamespace, statusCode: 999, statusMessage: err } };
|
|
1272
|
+
}
|
|
1273
|
+
}
|
|
1274
|
+
getAssetVulnReport = (instance, asset) => this.getReport(TRIVY_API_VULN_PLURAL, instance, asset, true);
|
|
1275
|
+
getAssetAuditReport = (instance, asset) => this.getReport(TRIVY_API_AUDIT_PLURAL, instance, asset, false);
|
|
1276
|
+
getAssetSbomReport = (instance, asset) => this.getReport(TRIVY_API_SBOM_PLURAL, instance, asset, true);
|
|
1277
|
+
getAssetExposedReport = (instance, asset) => this.getReport(TRIVY_API_EXPOSED_PLURAL, instance, asset, true);
|
|
1278
|
+
removeReport = async (plural, trivyMessage) => {
|
|
1279
|
+
const crdName = await this.getCrdName(trivyMessage.namespace, trivyMessage.pod, trivyMessage.container);
|
|
1280
|
+
if (crdName) {
|
|
1281
|
+
try {
|
|
1282
|
+
await this.clusterInfo.crdApi.deleteNamespacedCustomObject({ group: TRIVY_API_GROUP, version: TRIVY_API_VERSION, namespace: trivyMessage.namespace, plural, name: crdName });
|
|
1283
|
+
return void 0;
|
|
1284
|
+
} catch (err) {
|
|
1285
|
+
return `Error removing ${plural}: ` + err;
|
|
1286
|
+
}
|
|
1287
|
+
}
|
|
1288
|
+
return `Couldn't get CRD name`;
|
|
1289
|
+
};
|
|
1290
|
+
executeCommand = async (trivyMessage, instance) => {
|
|
1291
|
+
const resp = {
|
|
1292
|
+
msgtype: "trivymessageresponse",
|
|
1293
|
+
id: "",
|
|
1294
|
+
namespace: trivyMessage.namespace,
|
|
1295
|
+
group: trivyMessage.group,
|
|
1296
|
+
pod: trivyMessage.pod,
|
|
1297
|
+
container: trivyMessage.container,
|
|
1298
|
+
action: trivyMessage.action,
|
|
1299
|
+
flow: import_kwirth_common.EInstanceMessageFlow.RESPONSE,
|
|
1300
|
+
type: import_kwirth_common.EInstanceMessageType.DATA,
|
|
1301
|
+
channel: trivyMessage.channel,
|
|
1302
|
+
instance: trivyMessage.instance
|
|
1303
|
+
};
|
|
1304
|
+
if (trivyMessage.command === "rescan" /* RESCAN */) {
|
|
1305
|
+
const errors = await Promise.all([TRIVY_API_VULN_PLURAL, TRIVY_API_AUDIT_PLURAL, TRIVY_API_EXPOSED_PLURAL, TRIVY_API_SBOM_PLURAL].map((p) => this.removeReport(p, trivyMessage)));
|
|
1306
|
+
const err = errors.find(Boolean);
|
|
1307
|
+
if (err) resp.data = err;
|
|
1308
|
+
}
|
|
1309
|
+
return resp;
|
|
1310
|
+
};
|
|
1311
|
+
processInformerEvent = async (webSocket, instance, plural, event, obj) => {
|
|
1312
|
+
const asset = instance.assets.find(
|
|
1313
|
+
(a) => "Pod" === obj.metadata.labels["trivy-operator.resource.kind"] && a.containerName === obj.metadata.labels["trivy-operator.container.name"] && a.podNamespace === obj.metadata.labels["trivy-operator.resource.namespace"] && a.podName.startsWith(obj.metadata.labels["trivy-operator.resource.name"])
|
|
1314
|
+
);
|
|
1315
|
+
if (!asset) return;
|
|
1316
|
+
const payload = {
|
|
1317
|
+
msgtype: "trivymessageresponse",
|
|
1318
|
+
msgsubtype: event,
|
|
1319
|
+
id: "",
|
|
1320
|
+
namespace: asset.podNamespace,
|
|
1321
|
+
group: "",
|
|
1322
|
+
pod: asset.podName,
|
|
1323
|
+
container: asset.containerName,
|
|
1324
|
+
action: import_kwirth_common.EInstanceMessageAction.NONE,
|
|
1325
|
+
flow: import_kwirth_common.EInstanceMessageFlow.UNSOLICITED,
|
|
1326
|
+
type: import_kwirth_common.EInstanceMessageType.DATA,
|
|
1327
|
+
channel: import_kwirth_common.EInstanceMessageChannel.TRIVY,
|
|
1328
|
+
instance: instance.instanceId
|
|
1329
|
+
};
|
|
1330
|
+
if (event === "add" || event === "update") {
|
|
1331
|
+
switch (plural) {
|
|
1332
|
+
case TRIVY_API_VULN_PLURAL:
|
|
1333
|
+
payload.data = await this.getAssetVulnReport(instance, asset);
|
|
1334
|
+
break;
|
|
1335
|
+
case TRIVY_API_AUDIT_PLURAL:
|
|
1336
|
+
payload.data = await this.getAssetAuditReport(instance, asset);
|
|
1337
|
+
break;
|
|
1338
|
+
case TRIVY_API_SBOM_PLURAL:
|
|
1339
|
+
payload.data = await this.getAssetSbomReport(instance, asset);
|
|
1340
|
+
break;
|
|
1341
|
+
case TRIVY_API_EXPOSED_PLURAL:
|
|
1342
|
+
payload.data = await this.getAssetExposedReport(instance, asset);
|
|
1343
|
+
break;
|
|
1344
|
+
}
|
|
1345
|
+
} else {
|
|
1346
|
+
payload.data = { known: { name: asset.podName, namespace: asset.podNamespace, container: asset.containerName, report: void 0 } };
|
|
1347
|
+
}
|
|
1348
|
+
payload.data.resource = plural;
|
|
1349
|
+
webSocket.send(JSON.stringify(payload));
|
|
1350
|
+
};
|
|
1351
|
+
getCrdName = async (namespace, podName, containerName) => {
|
|
1352
|
+
try {
|
|
1353
|
+
const podData = await this.clusterInfo.coreApi.readNamespacedPod({ name: podName, namespace });
|
|
1354
|
+
const ctrl = podData.metadata?.ownerReferences?.find((or) => or.controller);
|
|
1355
|
+
if (ctrl) return `${ctrl.kind.toLowerCase()}-${ctrl.name}${containerName ? "-" + containerName : ""}`;
|
|
1356
|
+
return `pod-${podName}${containerName ? "-" + containerName : ""}`;
|
|
1357
|
+
} catch (err) {
|
|
1358
|
+
console.error("[trivy] Cannot get CRD name:", err);
|
|
1359
|
+
return void 0;
|
|
1360
|
+
}
|
|
1361
|
+
};
|
|
1362
|
+
};
|
|
1363
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
1364
|
+
0 && (module.exports = {
|
|
1365
|
+
TrivyChannel
|
|
1366
|
+
});
|