--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: labels: app.kubernetes.io/managed-by: trivy-operator app.kubernetes.io/version: 0.1.3 name: exposedsecretreports.aquasecurity.github.io spec: group: aquasecurity.github.io names: kind: ExposedSecretReport listKind: ExposedSecretReportList plural: exposedsecretreports shortNames: - exposedsecret - exposedsecrets singular: exposedsecretreport scope: Namespaced versions: - additionalPrinterColumns: - description: The name of image repository jsonPath: .report.artifact.repository name: Repository type: string - description: The name of image tag jsonPath: .report.artifact.tag name: Tag type: string - description: The name of the exposed secret scanner jsonPath: .report.scanner.name name: Scanner type: string - description: The age of the report jsonPath: .metadata.creationTimestamp name: Age type: date - description: The number of critical exposed secrets jsonPath: .report.summary.criticalCount name: Critical priority: 1 type: integer - description: The number of high exposed secrets jsonPath: .report.summary.highCount name: High priority: 1 type: integer - description: The number of medium exposed secrets jsonPath: .report.summary.mediumCount name: Medium priority: 1 type: integer - description: The number of low exposed secrets jsonPath: .report.summary.lowCount name: Low priority: 1 type: integer name: v1alpha1 schema: openAPIV3Schema: description: | ExposedSecretReport summarizes exposed secrets in plaintext files built into container images. properties: apiVersion: type: string kind: type: string metadata: type: object report: description: | Report is the actual exposed secret report data. properties: artifact: description: | Artifact represents a standalone, executable package of software that includes everything needed to run an application. properties: digest: description: | Digest is a unique and immutable identifier of an Artifact. type: string mimeType: description: | MimeType represents a type and format of an Artifact. type: string repository: description: | Repository is the name of the repository in the Artifact registry. type: string tag: description: | Tag is a mutable, human-readable string used to identify an Artifact. type: string type: object registry: description: | Registry is the registry the Artifact was pulled from. properties: server: description: | Server the FQDN of registry server. type: string type: object scanner: description: | Scanner is the scanner that generated this report. properties: name: description: | Name the name of the scanner. type: string vendor: description: | Vendor the name of the vendor providing the scanner. type: string version: description: | Version the version of the scanner. type: string required: - name - vendor - version type: object secrets: description: | Exposed secrets is a list of passwords, api keys, tokens and others items found in the Artifact. items: properties: category: type: string match: description: | Match where the exposed rule matched. type: string ruleID: description: | RuleID is rule the identifier. type: string severity: enum: - CRITICAL - HIGH - MEDIUM - LOW type: string target: description: | Target is where the exposed secret was found. type: string title: type: string required: - target - ruleID - title - category - severity - match type: object type: array summary: description: | Summary is the exposed secrets counts grouped by Severity. properties: criticalCount: description: | CriticalCount is the number of exposed secrets with Critical Severity. minimum: 0 type: integer highCount: description: | HighCount is the number of exposed secrets with High Severity. minimum: 0 type: integer lowCount: description: | LowCount is the number of exposed secrets with Low Severity. minimum: 0 type: integer mediumCount: description: | MediumCount is the number of exposed secrets with Medium Severity. minimum: 0 type: integer required: - criticalCount - highCount - mediumCount - lowCount type: object updateTimestamp: description: | UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated. format: date-time type: string required: - updateTimestamp - scanner - artifact - summary - secrets type: object required: - apiVersion - kind - metadata - report type: object served: true storage: true