Categorygithub.com/allda/claircore
modulepackage
4.0.0-araszka-test+incompatible
Repository: https://github.com/allda/claircore.git
Documentation: pkg.go.dev

# README

ClairCore

ClairCore provides a set of go modules which handle scanning container layers for installed packages and reporting any discovered vulnerabilities.
ClairCore is designed to be embedded into a service wrapper.

For a full overview see: ClairCore Book

Usage

Two packages exist libindex and libvuln.
These packages export the methods for indexing an image's contents and matching the results of the index to vulnerabilities respectively.

libindex usage

Creating an instance

opts := &libindex.Opts{
    ConnString: "postgres://host:port",
    Migrations: true,
    // see definition for more configuration options
}
lib := libindex.New(opts)

call libindex with a populated Manifest

m := &claircore.Manifest{
    ...
}

ir, err := lib.Index(m)
if err != nil {
    log.Printf("%v", err)
}
if ir.State == "IndexError" {
    log.Printf("scan failed: %s", sr.Err)
}

libvuln usage

creating an instance

opts := &libvuln.Opts{
    ConnString: "postgres://host:port",
    Migrations: true,
    // see definition for more configuration option
}
lib := libvuln.New(opts)

call libvuln with a populated IndexReport

ir := &claircore.IndexReport{
    ...
}
vr, err := libvuln.Scan(ir)
if err != nil {
    log.Printf("%v", err)
}

Libvuln will first initialize all updaters before returning from its constructor.
Controlling how many updaters initialize in parallel is provided via the libvuln.Opts struct

To further understand how these packages work together see:
Highlevel Architecture
Vulnerability Matching

Local development and testing

The following targets start and stop a local development environment

make local-dev-up
make local-dev-down

If you modify libvuln or libindex code the following make targets will restart the services with your changes

make libindexhttp-restart
make libvulnhttp-restart

With the local development environment up the following make target runs all tests including integration

make integration

The following make target runs unit tests which do not require a database or local development environment

make unit

# Packages

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Package docs holds go code for inclusion into the prose documentation.
Package dpkg implements a package indexer for dpkg packages.
Package libindex is a generated GoMock package.
Package libvuln is a generated GoMock package.
No description provided by the author
Package osrelease provides an "os-release" distribution scanner.
No description provided by the author
No description provided by the author
Package python contains components for interrogating python packages in container layers.
Package pyupio provides an updater for importing pyup vulnerability information.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Functions

MustParseDigest works like ParseDigest but panics if the provided string is not well-formed.
NewDigest constructs a Digest.
ParseDigest constructs a Digest from a string, ensuring it's well-formed.
VersionSort returns a function suitable for passing to sort.Slice or sort.SliceStable.

# Constants

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Variables

ErrNotFound is returned by Layer.Files if none of the requested files are found.

# Structs

Digest is a type representing the hash of some data.
DigestError is the concrete type backing errors returned from Digest's methods.
Distribution is the accompanying system context of a package.
Environment describes the surrounding environment a package was discovered in.
IndexRecord is an entry in the IndexReport.
IndexReport provides a database for discovered artifacts in an image.
Layer is a container image filesystem layer.
Manifest represents a docker image.
No description provided by the author
Range is a half-open interval of two Versions.
Repository is a package repository.
Version describes a revision of some sort that is ordered correctly within its "Kind".
No description provided by the author
VulnerabilityReport provides a report of packages and their associated vulnerabilities.

# Type aliases

No description provided by the author