--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 name: vulnerabilityreports.aquasecurity.github.io spec: group: aquasecurity.github.io names: kind: VulnerabilityReport listKind: VulnerabilityReportList plural: vulnerabilityreports shortNames: - vuln - vulns singular: vulnerabilityreport scope: Namespaced versions: - additionalPrinterColumns: - description: The name of image repository jsonPath: .report.artifact.repository name: Repository type: string - description: The name of image tag jsonPath: .report.artifact.tag name: Tag type: string - description: The name of the vulnerability scanner jsonPath: .report.scanner.name name: Scanner type: string - description: The age of the report jsonPath: .metadata.creationTimestamp name: Age type: date - description: The number of critical vulnerabilities jsonPath: .report.summary.criticalCount name: Critical priority: 1 type: integer - description: The number of high vulnerabilities jsonPath: .report.summary.highCount name: High priority: 1 type: integer - description: The number of medium vulnerabilities jsonPath: .report.summary.mediumCount name: Medium priority: 1 type: integer - description: The number of low vulnerabilities jsonPath: .report.summary.lowCount name: Low priority: 1 type: integer - description: The number of unknown vulnerabilities jsonPath: .report.summary.unknownCount name: Unknown priority: 1 type: integer name: v1alpha1 schema: openAPIV3Schema: description: |- VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages built into container images. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object report: description: Report is the actual vulnerability report data. properties: artifact: description: |- Artifact represents a standalone, executable package of software that includes everything needed to run an application. properties: digest: description: Digest is a unique and immutable identifier of an Artifact. type: string mimeType: description: MimeType represents a type and format of an Artifact. type: string repository: description: Repository is the name of the repository in the Artifact registry. type: string tag: description: Tag is a mutable, human-readable string used to identify an Artifact. type: string type: object os: description: OS information of the artifact properties: eosl: description: Eosl is true if OS version has reached end of service life type: boolean family: description: Operating System Family type: string name: description: Name or version of the OS type: string type: object registry: description: Registry is the registry the Artifact was pulled from. properties: server: description: Server the FQDN of registry server. type: string type: object scanner: description: Scanner is the scanner that generated this report. properties: name: description: Name the name of the scanner. type: string vendor: description: Vendor the name of the vendor providing the scanner. type: string version: description: Version the version of the scanner. type: string required: - name - vendor - version type: object summary: description: Summary is a summary of Vulnerability counts grouped by Severity. properties: criticalCount: description: CriticalCount is the number of vulnerabilities with Critical Severity. minimum: 0 type: integer highCount: description: HighCount is the number of vulnerabilities with High Severity. minimum: 0 type: integer lowCount: description: LowCount is the number of vulnerabilities with Low Severity. minimum: 0 type: integer mediumCount: description: MediumCount is the number of vulnerabilities with Medium Severity. minimum: 0 type: integer noneCount: description: NoneCount is the number of packages without any vulnerability. minimum: 0 type: integer unknownCount: description: UnknownCount is the number of vulnerabilities with unknown severity. minimum: 0 type: integer required: - criticalCount - highCount - lowCount - mediumCount - unknownCount type: object updateTimestamp: description: UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated. format: date-time type: string vulnerabilities: description: Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact. items: description: Vulnerability is the spec for a vulnerability record. properties: class: type: string cvss: additionalProperties: properties: V2Score: type: number V2Vector: type: string V3Score: type: number V3Vector: type: string V40Score: type: number V40Vector: type: string type: object type: object cvsssource: type: string description: type: string fixedVersion: description: FixedVersion indicates the version of the Resource in which this vulnerability has been fixed. type: string installedVersion: description: InstalledVersion indicates the installed version of the Resource. type: string lastModifiedDate: description: LastModifiedDate indicates the last date CVE has been modified. type: string links: items: type: string type: array packagePURL: type: string packagePath: type: string packageType: type: string primaryLink: type: string publishedDate: description: PublishedDate indicates the date of published CVE. type: string resource: description: Resource is a vulnerable package, application, or library. type: string score: type: number severity: description: Severity level of a vulnerability or a configuration audit check. enum: - CRITICAL - HIGH - MEDIUM - LOW - UNKNOWN type: string target: type: string title: type: string vulnerabilityID: description: VulnerabilityID the vulnerability identifier. type: string required: - fixedVersion - installedVersion - lastModifiedDate - publishedDate - resource - severity - title - vulnerabilityID type: object type: array required: - artifact - os - scanner - summary - updateTimestamp - vulnerabilities type: object required: - report type: object x-kubernetes-preserve-unknown-fields: true served: true storage: true subresources: {}