---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vulnerabilityreports.aquasecurity.github.io
labels:
app.kubernetes.io/managed-by: starboard
app.kubernetes.io/version: "0.15.3"
spec:
group: aquasecurity.github.io
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
description: |
VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
built into container images.
type: object
required:
- apiVersion
- kind
- metadata
- report
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
report:
description: |
Report is the actual vulnerability report data.
type: object
required:
- updateTimestamp
- scanner
- artifact
- summary
- vulnerabilities
properties:
updateTimestamp:
description: |
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
type: string
format: date-time
scanner:
description: |
Scanner is the scanner that generated this report.
type: object
required:
- name
- vendor
- version
properties:
name:
description: |
Name the name of the scanner.
type: string
vendor:
description: |
Vendor the name of the vendor providing the scanner.
type: string
version:
description: |
Version the version of the scanner.
type: string
registry:
description: |
Registry is the registry the Artifact was pulled from.
type: object
properties:
server:
description: |
Server the FQDN of registry server.
type: string
artifact:
description: |
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
type: object
properties:
repository:
description: |
Repository is the name of the repository in the Artifact registry.
type: string
digest:
description: |
Digest is a unique and immutable identifier of an Artifact.
type: string
tag:
description: |
Tag is a mutable, human-readable string used to identify an Artifact.
type: string
mimeType:
description: |
MimeType represents a type and format of an Artifact.
type: string
summary:
description: |
Summary is a summary of Vulnerability counts grouped by Severity.
type: object
required:
- criticalCount
- highCount
- mediumCount
- lowCount
- unknownCount
properties:
criticalCount:
description: |
CriticalCount is the number of vulnerabilities with Critical Severity.
type: integer
minimum: 0
highCount:
description: |
HighCount is the number of vulnerabilities with High Severity.
type: integer
minimum: 0
mediumCount:
description: |
MediumCount is the number of vulnerabilities with Medium Severity.
type: integer
minimum: 0
lowCount:
description: |
LowCount is the number of vulnerabilities with Low Severity.
type: integer
minimum: 0
unknownCount:
description: |
UnknownCount is the number of vulnerabilities with unknown severity.
type: integer
minimum: 0
noneCount:
description: |
NoneCount is the number of packages without any vulnerability.
type: integer
minimum: 0
vulnerabilities:
description: |
Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
type: array
items:
type: object
required:
- vulnerabilityID
- resource
- installedVersion
- fixedVersion
- severity
- title
properties:
vulnerabilityID:
description: |
VulnerabilityID the vulnerability identifier.
type: string
resource:
description: |
Resource is a vulnerable package, application, or library.
type: string
installedVersion:
description: |
InstalledVersion indicates the installed version of the Resource.
type: string
fixedVersion:
description: |
FixedVersion indicates the version of the Resource in which this vulnerability has been fixed.
type: string
score:
type: number
severity:
type: string
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
title:
type: string
description:
type: string
primaryLink:
type: string
links:
type: array
items:
type: string
additionalPrinterColumns:
- jsonPath: .report.artifact.repository
type: string
name: Repository
description: The name of image repository
- jsonPath: .report.artifact.tag
type: string
name: Tag
description: The name of image tag
- jsonPath: .report.scanner.name
type: string
name: Scanner
description: The name of the vulnerability scanner
- jsonPath: .metadata.creationTimestamp
type: date
name: Age
description: The age of the report
- jsonPath: .report.summary.criticalCount
type: integer
name: Critical
description: The number of critical vulnerabilities
priority: 1
- jsonPath: .report.summary.highCount
type: integer
name: High
description: The number of high vulnerabilities
priority: 1
- jsonPath: .report.summary.mediumCount
type: integer
name: Medium
description: The number of medium vulnerabilities
priority: 1
- jsonPath: .report.summary.lowCount
type: integer
name: Low
description: The number of low vulnerabilities
priority: 1
- jsonPath: .report.summary.unknownCount
type: integer
name: Unknown
description: The number of unknown vulnerabilities
priority: 1
scope: Namespaced
names:
singular: vulnerabilityreport
plural: vulnerabilityreports
kind: VulnerabilityReport
listKind: VulnerabilityReportList
categories:
- all
shortNames:
- vuln
- vulns