# README
Claircore
Claircore provides a set of go modules which handle scanning container layers for installed packages and reporting any discovered vulnerabilities. Claircore is designed to be embedded into a service wrapper.
For a full overview see: Claircore Book
Testing
The following make target runs unit tests which do not require a database or local development environment.
make unit
# or make unit-v for verbose output
With the local development environment up the following make target runs all tests including integration.
make integration
# or integration-v for verbose output
With the local development environment up the following make target runs all tests including integration with full benchmark results.
make bench
# Packages
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Package debian contains an Indexer, Matcher, and Updater for Debian GNU/Linux.
Package docs holds go code for inclusion into the prose documentation.
Package dpkg implements a package indexer for dpkg packages.
No description provided by the author
Package gobin implements a package scanner that pulls go runtime and dependency information out of a compiled executable.
No description provided by the author
Package java contains components for interrogating java packages in container layers.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Package nodejs contains components for interrogating nodejs packages in container layers.
No description provided by the author
Package osrelease provides an "os-release" distribution scanner.
No description provided by the author
No description provided by the author
Package python contains components for interrogating python packages in container layers.
Package rhel implements the machinery for processing layers and security data from the Red Hat ecosystem.
Package rpm provides an [indexer.PackageScanner] for the rpm package manager.
Package ruby contains components for interrogating ruby packages in container layers.
No description provided by the author
No description provided by the author
Package suse contains an Indexer, Matcher, and Updater for SUSE Linux and OpenSUSE.
Package test holds helpers for tests in the claircore module.
Package ubuntu implements machinery for indexing and matching ubuntu containers.
No description provided by the author
No description provided by the author
# Functions
FromSemver is the SemVer to claircore.Version mapping used by this package.
MustParseDigest works like ParseDigest but panics if the provided string is not well-formed.
NewAffectedManifests initializes a new AffectedManifests struct.
NewDigest constructs a Digest.
ParseDigest constructs a Digest from a string, ensuring it's well-formed.
VersionSort returns a function suitable for passing to sort.Slice or sort.SliceStable.
# Constants
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
equals.
not equals.
pattern match.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Variables
ErrNotFound is returned by [Layer.Files] if none of the requested files are found.
# Structs
AffectedManifests describes a set of manifests affected by a set of Vulnerabilities.
Digest is a type representing the hash of some data.
DigestError is the concrete type backing errors returned from Digest's methods.
Distribution is the accompanying system context of a package.
Environment describes the surrounding environment a package was discovered in.
File represents interesting files that are found in the layer.
IndexRecord is an entry in the IndexReport.
IndexReport provides a database for discovered artifacts in an image.
Layer is an internal representation of a container image file system layer.
LayerDescription is a description of a container layer.
Manifest represents a docker image.
No description provided by the author
Range is a half-open interval of two Versions.
Repository is a package repository.
Version describes a revision of some sort that is ordered correctly within its "Kind".
No description provided by the author
VulnerabilityReport provides a report of packages and their associated vulnerabilities.
# Interfaces
ReadAtCloser is an [io.ReadCloser] and also an [io.ReaderAt].
# Type aliases
No description provided by the author
CheckVulnernableFunc takes a vulnerability and an indexRecord and checks if the record is vulnerable to the vulnerability, it is by the Querier.AffectedManifests method and allows a backdoor to introduce application filtering logic into the DB layer.
FileKind is used to determine what kind of file was found.
No description provided by the author