85 lines
3.1 KiB
Go
85 lines
3.1 KiB
Go
// Package scanner defines shared types for the ATCR scanner service.
|
|
// These types are self-contained with no imports from the root module.
|
|
package scanner
|
|
|
|
import "encoding/json"
|
|
|
|
// ScanJob represents a vulnerability scanning job received from the hold service
|
|
type ScanJob struct {
|
|
Seq int64 `json:"seq"`
|
|
ManifestDigest string `json:"manifestDigest"`
|
|
Repository string `json:"repository"`
|
|
Tag string `json:"tag"`
|
|
UserDID string `json:"userDid"`
|
|
UserHandle string `json:"userHandle"`
|
|
HoldDID string `json:"holdDid"`
|
|
HoldEndpoint string `json:"holdEndpoint"`
|
|
Tier string `json:"tier"`
|
|
Config BlobDescriptor `json:"config"`
|
|
Layers []BlobDescriptor `json:"layers"`
|
|
}
|
|
|
|
// ScanJobRaw is the raw WebSocket message with JSON config/layers
|
|
type ScanJobRaw struct {
|
|
Type string `json:"type"` // "job"
|
|
Seq int64 `json:"seq"`
|
|
ManifestDigest string `json:"manifestDigest"`
|
|
Repository string `json:"repository"`
|
|
Tag string `json:"tag"`
|
|
UserDID string `json:"userDid"`
|
|
UserHandle string `json:"userHandle"`
|
|
HoldDID string `json:"holdDid"`
|
|
HoldEndpoint string `json:"holdEndpoint"`
|
|
Tier string `json:"tier"`
|
|
Config json.RawMessage `json:"config"`
|
|
Layers json.RawMessage `json:"layers"`
|
|
}
|
|
|
|
// BlobDescriptor describes a blob (layer or config) in a container image
|
|
type BlobDescriptor struct {
|
|
Digest string `json:"digest"`
|
|
Size int64 `json:"size"`
|
|
MediaType string `json:"mediaType"`
|
|
}
|
|
|
|
// ScanResult contains the output of a completed scan
|
|
type ScanResult struct {
|
|
ManifestDigest string `json:"manifestDigest"`
|
|
SBOM []byte `json:"sbom,omitempty"`
|
|
SBOMDigest string `json:"sbomDigest,omitempty"`
|
|
VulnReport []byte `json:"vulnReport,omitempty"`
|
|
VulnDigest string `json:"vulnDigest,omitempty"`
|
|
Summary *VulnerabilitySummary `json:"summary,omitempty"`
|
|
}
|
|
|
|
// VulnerabilitySummary contains counts of vulnerabilities by severity
|
|
type VulnerabilitySummary struct {
|
|
Critical int `json:"critical"`
|
|
High int `json:"high"`
|
|
Medium int `json:"medium"`
|
|
Low int `json:"low"`
|
|
Total int `json:"total"`
|
|
}
|
|
|
|
// AckMessage is sent from scanner to hold to acknowledge job receipt
|
|
type AckMessage struct {
|
|
Type string `json:"type"` // "ack"
|
|
Seq int64 `json:"seq"`
|
|
}
|
|
|
|
// ResultMessage is sent from scanner to hold with scan results
|
|
type ResultMessage struct {
|
|
Type string `json:"type"` // "result"
|
|
Seq int64 `json:"seq"`
|
|
SBOM string `json:"sbom,omitempty"`
|
|
VulnReport string `json:"vulnReport,omitempty"`
|
|
Summary *VulnerabilitySummary `json:"summary,omitempty"`
|
|
}
|
|
|
|
// ErrorMessage is sent from scanner to hold when a scan fails
|
|
type ErrorMessage struct {
|
|
Type string `json:"type"` // "error"
|
|
Seq int64 `json:"seq"`
|
|
Error string `json:"error"`
|
|
}
|